summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFranziskus Kiefer <franziskuskiefer@gmail.com>2016-04-21 21:50:20 +0200
committerFranziskus Kiefer <franziskuskiefer@gmail.com>2016-04-21 21:50:20 +0200
commitefe5b290c741ac43f20cfef1d138360f79bdcdc1 (patch)
treed95945989095c453fcea223a7ec4a496efb7a396
parent8189af23f9ee951b4f5ca31d4e79693bc34d4ae5 (diff)
downloadnss-hg-efe5b290c741ac43f20cfef1d138360f79bdcdc1.tar.gz
Bug 1254918 - clang-format NSS: cmd, r=kaie
Diffstat
-rw-r--r--cmd/addbuiltin/addbuiltin.c540
-rw-r--r--cmd/atob/atob.c170
-rw-r--r--cmd/bltest/blapitest.c3832
-rw-r--r--cmd/bltest/tests/aes_gcm/hex.c100
-rw-r--r--cmd/btoa/btoa.c194
-rw-r--r--cmd/certcgi/certcgi.c3006
-rw-r--r--cmd/certutil/certext.c1394
-rw-r--r--cmd/certutil/certutil.c3356
-rw-r--r--cmd/certutil/certutil.h9
-rw-r--r--cmd/certutil/keystuff.c621
-rw-r--r--cmd/chktest/chktest.c14
-rw-r--r--cmd/crlutil/crlgen.c749
-rw-r--r--cmd/crlutil/crlgen.h82
-rw-r--r--cmd/crlutil/crlgen_lex.c2148
-rw-r--r--cmd/crlutil/crlutil.c905
-rw-r--r--cmd/crmf-cgi/crmfcgi.c1766
-rw-r--r--cmd/crmftest/testcrmf.c1663
-rw-r--r--cmd/dbck/dbck.c1235
-rw-r--r--cmd/dbck/dbrecover.c536
-rw-r--r--cmd/dbtest/dbtest.c223
-rw-r--r--cmd/derdump/derdump.c94
-rw-r--r--cmd/digest/digest.c192
-rw-r--r--cmd/ecperf/ecperf.c611
-rw-r--r--cmd/fipstest/aes.sh2
-rw-r--r--cmd/fipstest/fipstest.c2787
-rw-r--r--cmd/httpserv/httpserv.c1659
-rw-r--r--cmd/lib/basicutil.c690
-rw-r--r--cmd/lib/basicutil.h14
-rw-r--r--cmd/lib/berparse.c419
-rw-r--r--cmd/lib/derprint.c578
-rw-r--r--cmd/lib/ffs.c12
-rw-r--r--cmd/lib/moreoids.c196
-rw-r--r--cmd/lib/pk11table.c2721
-rw-r--r--cmd/lib/pk11table.h34
-rw-r--r--cmd/lib/pppolicy.c270
-rw-r--r--cmd/lib/secpwd.c158
-rw-r--r--cmd/lib/secutil.c3168
-rw-r--r--cmd/lib/secutil.h125
-rw-r--r--cmd/libpkix/perf/libpkix_buildthreads.c410
-rw-r--r--cmd/libpkix/perf/nss_threads.c222
-rw-r--r--cmd/libpkix/pkix/certsel/test_certselector.c2684
-rw-r--r--cmd/libpkix/pkix/certsel/test_comcertselparams.c1566
-rw-r--r--[-rwxr-xr-x]cmd/libpkix/pkix/checker/test_certchainchecker.c335
-rw-r--r--cmd/libpkix/pkix/crlsel/test_comcrlselparams.c565
-rw-r--r--cmd/libpkix/pkix/crlsel/test_crlselector.c187
-rw-r--r--cmd/libpkix/pkix/params/test_procparams.c683
-rw-r--r--cmd/libpkix/pkix/params/test_resourcelimits.c149
-rw-r--r--cmd/libpkix/pkix/params/test_trustanchor.c359
-rw-r--r--cmd/libpkix/pkix/params/test_valparams.c415
-rw-r--r--cmd/libpkix/pkix/results/test_buildresult.c318
-rw-r--r--cmd/libpkix/pkix/results/test_policynode.c971
-rw-r--r--cmd/libpkix/pkix/results/test_valresult.c272
-rw-r--r--cmd/libpkix/pkix/results/test_verifynode.c144
-rw-r--r--[-rwxr-xr-x]cmd/libpkix/pkix/store/test_store.c262
-rw-r--r--cmd/libpkix/pkix/top/test_basicchecker.c315
-rw-r--r--cmd/libpkix/pkix/top/test_basicconstraintschecker.c191
-rw-r--r--cmd/libpkix/pkix/top/test_buildchain.c669
-rw-r--r--cmd/libpkix/pkix/top/test_buildchain_partialchain.c1210
-rw-r--r--cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c703
-rw-r--r--cmd/libpkix/pkix/top/test_buildchain_uchecker.c560
-rw-r--r--cmd/libpkix/pkix/top/test_customcrlchecker.c613
-rw-r--r--cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c319
-rw-r--r--cmd/libpkix/pkix/top/test_ocsp.c412
-rw-r--r--cmd/libpkix/pkix/top/test_policychecker.c789
-rw-r--r--cmd/libpkix/pkix/top/test_subjaltnamechecker.c383
-rw-r--r--cmd/libpkix/pkix/top/test_validatechain.c331
-rw-r--r--cmd/libpkix/pkix/top/test_validatechain_NB.c524
-rw-r--r--cmd/libpkix/pkix/top/test_validatechain_bc.c297
-rw-r--r--cmd/libpkix/pkix/util/test_error.c532
-rw-r--r--cmd/libpkix/pkix/util/test_list.c1222
-rw-r--r--cmd/libpkix/pkix/util/test_list2.c191
-rw-r--r--cmd/libpkix/pkix/util/test_logger.c411
-rw-r--r--cmd/libpkix/pkix_pl/module/test_colcertstore.c337
-rw-r--r--cmd/libpkix/pkix_pl/module/test_ekuchecker.c387
-rw-r--r--cmd/libpkix/pkix_pl/module/test_httpcertstore.c442
-rw-r--r--cmd/libpkix/pkix_pl/module/test_pk11certstore.c905
-rw-r--r--cmd/libpkix/pkix_pl/module/test_socket.c835
-rw-r--r--cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c138
-rw-r--r--cmd/libpkix/pkix_pl/pki/test_cert.c3287
-rw-r--r--cmd/libpkix/pkix_pl/pki/test_crl.c398
-rw-r--r--cmd/libpkix/pkix_pl/pki/test_crlentry.c293
-rw-r--r--cmd/libpkix/pkix_pl/pki/test_date.c100
-rw-r--r--cmd/libpkix/pkix_pl/pki/test_generalname.c129
-rw-r--r--cmd/libpkix/pkix_pl/pki/test_nameconstraints.c129
-rw-r--r--cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c206
-rw-r--r--cmd/libpkix/pkix_pl/pki/test_x500name.c196
-rw-r--r--cmd/libpkix/pkix_pl/system/stress_test.c251
-rw-r--r--cmd/libpkix/pkix_pl/system/test_bigint.c252
-rw-r--r--cmd/libpkix/pkix_pl/system/test_bytearray.c298
-rw-r--r--cmd/libpkix/pkix_pl/system/test_hashtable.c625
-rw-r--r--cmd/libpkix/pkix_pl/system/test_mem.c160
-rw-r--r--cmd/libpkix/pkix_pl/system/test_monitorlock.c117
-rw-r--r--cmd/libpkix/pkix_pl/system/test_mutex.c107
-rw-r--r--cmd/libpkix/pkix_pl/system/test_mutex2.c256
-rw-r--r--cmd/libpkix/pkix_pl/system/test_mutex3.c114
-rw-r--r--cmd/libpkix/pkix_pl/system/test_object.c350
-rw-r--r--cmd/libpkix/pkix_pl/system/test_oid.c301
-rw-r--r--cmd/libpkix/pkix_pl/system/test_rwlock.c270
-rw-r--r--cmd/libpkix/pkix_pl/system/test_string.c712
-rw-r--r--cmd/libpkix/pkix_pl/system/test_string2.c537
-rw-r--r--cmd/libpkix/pkixutil/pkixutil.c202
-rw-r--r--cmd/libpkix/sample_apps/build_chain.c327
-rw-r--r--cmd/libpkix/sample_apps/dumpcert.c228
-rw-r--r--cmd/libpkix/sample_apps/dumpcrl.c237
-rw-r--r--cmd/libpkix/sample_apps/validate_chain.c276
-rw-r--r--[-rwxr-xr-x]cmd/libpkix/testutil/testutil.c386
-rw-r--r--[-rwxr-xr-x]cmd/libpkix/testutil/testutil.h243
-rw-r--r--[-rwxr-xr-x]cmd/libpkix/testutil/testutil_nss.c743
-rw-r--r--[-rwxr-xr-x]cmd/libpkix/testutil/testutil_nss.h105
-rw-r--r--cmd/listsuites/listsuites.c69
-rw-r--r--cmd/lowhashtest/lowhashtest.c424
-rw-r--r--cmd/makepqg/makepqg.c424
-rw-r--r--cmd/modutil/error.h222
-rw-r--r--cmd/modutil/install-ds.c2246
-rw-r--r--cmd/modutil/install-ds.h127
-rw-r--r--cmd/modutil/install.c1392
-rw-r--r--cmd/modutil/install.h59
-rw-r--r--cmd/modutil/installparse.c246
-rw-r--r--cmd/modutil/instsec.c161
-rw-r--r--cmd/modutil/lex.Pk11Install_yy.c2065
-rw-r--r--cmd/modutil/modutil.c1643
-rw-r--r--cmd/modutil/modutil.h2
-rw-r--r--cmd/modutil/pk11.c912
-rw-r--r--cmd/multinit/multinit.c942
-rw-r--r--cmd/ocspclnt/ocspclnt.c1369
-rw-r--r--cmd/ocspresp/ocspresp.c71
-rw-r--r--cmd/oidcalc/oidcalc.c100
-rw-r--r--cmd/p7content/p7content.c222
-rw-r--r--cmd/p7env/p7env.c216
-rw-r--r--cmd/p7sign/p7sign.c217
-rw-r--r--cmd/p7verify/p7verify.c232
-rw-r--r--cmd/pk11gcmtest/pk11gcmtest.c561
-rw-r--r--cmd/pk11mode/pk11mode.c3540
-rw-r--r--cmd/pk11util/pk11util.c2728
-rw-r--r--cmd/pk12util/pk12util.c797
-rw-r--r--cmd/pk12util/pk12util.h9
-rw-r--r--cmd/pk1sign/pk1sign.c169
-rw-r--r--cmd/pkix-errcodes/pkix-errcodes.c19
-rw-r--r--cmd/pp/pp.c169
-rw-r--r--cmd/ppcertdata/ppcertdata.c139
-rw-r--r--cmd/pwdecrypt/pwdecrypt.c365
-rw-r--r--cmd/rsaperf/defkey.c322
-rw-r--r--cmd/rsaperf/rsaperf.c538
-rw-r--r--cmd/rsapoptst/rsapoptst.c585
-rw-r--r--cmd/sdrtest/sdrtest.c630
-rw-r--r--cmd/selfserv/selfserv.c3043
-rw-r--r--cmd/shlibsign/mangle/mangle.c117
-rw-r--r--cmd/shlibsign/shlibsign.c865
-rw-r--r--cmd/signtool/certgen.c576
-rw-r--r--cmd/signtool/javascript.c2239
-rw-r--r--cmd/signtool/list.c254
-rw-r--r--cmd/signtool/sign.c871
-rw-r--r--cmd/signtool/signtool.c1652
-rw-r--r--cmd/signtool/signtool.h51
-rw-r--r--cmd/signtool/util.c1148
-rw-r--r--cmd/signtool/verify.c496
-rw-r--r--cmd/signtool/zip.c826
-rw-r--r--cmd/signtool/zip.h34
-rw-r--r--cmd/signver/pk7print.c350
-rw-r--r--cmd/signver/signver.c349
-rw-r--r--cmd/smimetools/cmsutil.c2055
-rw-r--r--cmd/ssltap/ssltap.c3920
-rw-r--r--cmd/strsclnt/strsclnt.c1315
-rw-r--r--cmd/symkeyutil/symkeyutil.c1048
-rw-r--r--cmd/tests/baddbdir.c6
-rw-r--r--cmd/tests/conflict.c3
-rw-r--r--cmd/tests/dertimetest.c23
-rw-r--r--cmd/tests/encodeinttest.c9
-rw-r--r--cmd/tests/nonspr10.c3
-rw-r--r--cmd/tests/remtest.c107
-rw-r--r--cmd/tests/secmodtest.c20
-rw-r--r--cmd/tstclnt/tstclnt.c1709
-rw-r--r--cmd/vfychain/vfychain.c615
-rw-r--r--cmd/vfyserv/vfyserv.c908
-rw-r--r--cmd/vfyserv/vfyserv.h57
-rw-r--r--cmd/vfyserv/vfyutil.c496
176 files changed, 59416 insertions, 60047 deletions
diff --git a/cmd/addbuiltin/addbuiltin.c b/cmd/addbuiltin/addbuiltin.c
index 2226a159c..3da6652a3 100644
--- a/cmd/addbuiltin/addbuiltin.c
+++ b/cmd/addbuiltin/addbuiltin.c
@@ -18,53 +18,56 @@
#include <io.h>
#endif
-void dumpbytes(unsigned char *buf, int len)
+void
+dumpbytes(unsigned char *buf, int len)
{
int i;
- for (i=0; i < len; i++) {
- if ((i !=0) && ((i & 0xf) == 0)) {
- printf("\n");
- }
- printf("\\%03o",buf[i]);
+ for (i = 0; i < len; i++) {
+ if ((i != 0) && ((i & 0xf) == 0)) {
+ printf("\n");
+ }
+ printf("\\%03o", buf[i]);
}
printf("\n");
}
-char *getTrustString(unsigned int trust)
+char *
+getTrustString(unsigned int trust)
{
if (trust & CERTDB_TRUSTED) {
- if (trust & CERTDB_TRUSTED_CA) {
- return "CKT_NSS_TRUSTED_DELEGATOR";
- } else {
- return "CKT_NSS_TRUSTED";
- }
+ if (trust & CERTDB_TRUSTED_CA) {
+ return "CKT_NSS_TRUSTED_DELEGATOR";
+ } else {
+ return "CKT_NSS_TRUSTED";
+ }
} else {
- if (trust & CERTDB_TRUSTED_CA) {
- return "CKT_NSS_TRUSTED_DELEGATOR";
- } else if (trust & CERTDB_VALID_CA) {
- return "CKT_NSS_VALID_DELEGATOR";
- } else if (trust & CERTDB_TERMINAL_RECORD) {
- return "CKT_NSS_NOT_TRUSTED";
- } else {
- return "CKT_NSS_MUST_VERIFY_TRUST";
- }
+ if (trust & CERTDB_TRUSTED_CA) {
+ return "CKT_NSS_TRUSTED_DELEGATOR";
+ } else if (trust & CERTDB_VALID_CA) {
+ return "CKT_NSS_VALID_DELEGATOR";
+ } else if (trust & CERTDB_TERMINAL_RECORD) {
+ return "CKT_NSS_NOT_TRUSTED";
+ } else {
+ return "CKT_NSS_MUST_VERIFY_TRUST";
+ }
}
return "CKT_NSS_TRUST_UNKNOWN"; /* not reached */
}
static const SEC_ASN1Template serialTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(CERTCertificate,serialNumber) },
+ { SEC_ASN1_INTEGER, offsetof(CERTCertificate, serialNumber) },
{ 0 }
};
-void print_crl_info(CERTName *name, SECItem *serial)
+void
+print_crl_info(CERTName *name, SECItem *serial)
{
PRBool saveWrapeState = SECU_GetWrapEnabled();
SECU_EnableWrap(PR_FALSE);
SECU_PrintNameQuotesOptional(stdout, name, "# Issuer", 0, PR_FALSE);
printf("\n");
-
+
SECU_PrintInteger(stdout, serial, "# Serial Number", 0);
SECU_EnableWrap(saveWrapeState);
@@ -77,79 +80,80 @@ ConvertCRLEntry(SECItem *sdder, PRInt32 crlentry, char *nickname)
PLArenaPool *arena = NULL;
CERTSignedCrl *newCrl = NULL;
CERTCrlEntry *entry;
-
+
CERTName *name = NULL;
SECItem *derName = NULL;
SECItem *serial = NULL;
-
+
rv = SEC_ERROR_NO_MEMORY;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena)
- return rv;
+ return rv;
newCrl = CERT_DecodeDERCrlWithFlags(arena, sdder, SEC_CRL_TYPE,
- CRL_DECODE_DEFAULT_OPTIONS);
+ CRL_DECODE_DEFAULT_OPTIONS);
if (!newCrl)
- return SECFailure;
-
+ return SECFailure;
+
name = &newCrl->crl.name;
derName = &newCrl->crl.derName;
-
+
if (newCrl->crl.entries != NULL) {
- PRInt32 iv = 0;
- while ((entry = newCrl->crl.entries[iv++]) != NULL) {
- if (crlentry == iv) {
- serial = &entry->serialNumber;
- break;
- }
- }
+ PRInt32 iv = 0;
+ while ((entry = newCrl->crl.entries[iv++]) != NULL) {
+ if (crlentry == iv) {
+ serial = &entry->serialNumber;
+ break;
+ }
+ }
}
-
+
if (!name || !derName || !serial)
- return SECFailure;
-
- printf("\n# Distrust \"%s\"\n",nickname);
+ return SECFailure;
+
+ printf("\n# Distrust \"%s\"\n", nickname);
print_crl_info(name, serial);
printf("CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST\n");
printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
- printf("CKA_LABEL UTF8 \"%s\"\n",nickname);
-
+ printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
+
printf("CKA_ISSUER MULTILINE_OCTAL\n");
- dumpbytes(derName->data,derName->len);
+ dumpbytes(derName->data, derName->len);
printf("END\n");
printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
printf("\\002\\%03o", serial->len); /* 002: type integer; len >=3 digits */
- dumpbytes(serial->data,serial->len);
+ dumpbytes(serial->data, serial->len);
printf("END\n");
-
+
printf("CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED\n");
printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED\n");
printf("CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED\n");
printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE\n");
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return rv;
}
-void print_info(SECItem *sdder, CERTCertificate *c)
+void
+print_info(SECItem *sdder, CERTCertificate *c)
{
PRBool saveWrapeState = SECU_GetWrapEnabled();
SECU_EnableWrap(PR_FALSE);
SECU_PrintNameQuotesOptional(stdout, &c->issuer, "# Issuer", 0, PR_FALSE);
printf("\n");
-
+
SECU_PrintInteger(stdout, &c->serialNumber, "# Serial Number", 0);
SECU_PrintNameQuotesOptional(stdout, &c->subject, "# Subject", 0, PR_FALSE);
printf("\n");
SECU_PrintTimeChoice(stdout, &c->validity.notBefore, "# Not Valid Before", 0);
- SECU_PrintTimeChoice(stdout, &c->validity.notAfter, "# Not Valid After ", 0);
-
+ SECU_PrintTimeChoice(stdout, &c->validity.notAfter, "# Not Valid After ", 0);
+
SECU_PrintFingerprints(stdout, sdder, "# Fingerprint", 0);
SECU_EnableWrap(saveWrapeState);
@@ -169,43 +173,43 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
cert = CERT_DecodeDERCertificate(sdder, PR_FALSE, nickname);
if (!cert) {
- return SECFailure;
+ return SECFailure;
}
- serial = SEC_ASN1EncodeItem(NULL,NULL,cert,serialTemplate);
+ serial = SEC_ASN1EncodeItem(NULL, NULL, cert, serialTemplate);
if (!serial) {
- return SECFailure;
+ return SECFailure;
}
-
+
if (!excludeCert) {
- printf("\n#\n# Certificate \"%s\"\n#\n",nickname);
- print_info(sdder, cert);
- printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n");
- printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
- printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
- printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
- printf("CKA_LABEL UTF8 \"%s\"\n",nickname);
- printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n");
- printf("CKA_SUBJECT MULTILINE_OCTAL\n");
- dumpbytes(cert->derSubject.data,cert->derSubject.len);
- printf("END\n");
- printf("CKA_ID UTF8 \"0\"\n");
- printf("CKA_ISSUER MULTILINE_OCTAL\n");
- dumpbytes(cert->derIssuer.data,cert->derIssuer.len);
- printf("END\n");
- printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
- dumpbytes(serial->data,serial->len);
- printf("END\n");
- printf("CKA_VALUE MULTILINE_OCTAL\n");
- dumpbytes(sdder->data,sdder->len);
- printf("END\n");
+ printf("\n#\n# Certificate \"%s\"\n#\n", nickname);
+ print_info(sdder, cert);
+ printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n");
+ printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
+ printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
+ printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
+ printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
+ printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n");
+ printf("CKA_SUBJECT MULTILINE_OCTAL\n");
+ dumpbytes(cert->derSubject.data, cert->derSubject.len);
+ printf("END\n");
+ printf("CKA_ID UTF8 \"0\"\n");
+ printf("CKA_ISSUER MULTILINE_OCTAL\n");
+ dumpbytes(cert->derIssuer.data, cert->derIssuer.len);
+ printf("END\n");
+ printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
+ dumpbytes(serial->data, serial->len);
+ printf("END\n");
+ printf("CKA_VALUE MULTILINE_OCTAL\n");
+ dumpbytes(sdder->data, sdder->len);
+ printf("END\n");
}
-
- if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags)
- == CERTDB_TERMINAL_RECORD)
- trust_info = "Distrust";
+
+ if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags) ==
+ CERTDB_TERMINAL_RECORD)
+ trust_info = "Distrust";
else
- trust_info = "Trust for";
-
+ trust_info = "Trust for";
+
printf("\n# %s \"%s\"\n", trust_info, nickname);
print_info(sdder, cert);
@@ -213,32 +217,32 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
- printf("CKA_LABEL UTF8 \"%s\"\n",nickname);
-
+ printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
+
if (!excludeHash) {
- PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len);
- printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n");
- dumpbytes(sha1_hash,SHA1_LENGTH);
- printf("END\n");
- PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len);
- printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n");
- dumpbytes(md5_hash,MD5_LENGTH);
- printf("END\n");
+ PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len);
+ printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n");
+ dumpbytes(sha1_hash, SHA1_LENGTH);
+ printf("END\n");
+ PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len);
+ printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n");
+ dumpbytes(md5_hash, MD5_LENGTH);
+ printf("END\n");
}
printf("CKA_ISSUER MULTILINE_OCTAL\n");
- dumpbytes(cert->derIssuer.data,cert->derIssuer.len);
+ dumpbytes(cert->derIssuer.data, cert->derIssuer.len);
printf("END\n");
printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
- dumpbytes(serial->data,serial->len);
+ dumpbytes(serial->data, serial->len);
printf("END\n");
-
+
printf("CKA_TRUST_SERVER_AUTH CK_TRUST %s\n",
- getTrustString(trust->sslFlags));
+ getTrustString(trust->sslFlags));
printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST %s\n",
- getTrustString(trust->emailFlags));
+ getTrustString(trust->emailFlags));
printf("CKA_TRUST_CODE_SIGNING CK_TRUST %s\n",
- getTrustString(trust->objectSigningFlags));
+ getTrustString(trust->objectSigningFlags));
#ifdef notdef
printf("CKA_TRUST_CLIENT_AUTH CK_TRUST CKT_NSS_TRUSTED\n");
printf("CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
@@ -248,111 +252,113 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
printf("CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
printf("CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
#endif
-
+
step_up = (trust->sslFlags & CERTDB_GOVT_APPROVED_CA);
printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL %s\n",
- step_up ? "CK_TRUE" : "CK_FALSE");
+ step_up ? "CK_TRUE" : "CK_FALSE");
PORT_Free(sdder->data);
- return(rv);
-
+ return (rv);
}
-void printheader() {
+void
+printheader()
+{
printf("# \n"
-"# This Source Code Form is subject to the terms of the Mozilla Public\n"
-"# License, v. 2.0. If a copy of the MPL was not distributed with this\n"
-"# file, You can obtain one at http://mozilla.org/MPL/2.0/.\n"
- "#\n"
- "CVS_ID \"@(#) $RCSfile$ $Revision$ $Date$\"\n"
- "\n"
- "#\n"
- "# certdata.txt\n"
- "#\n"
- "# This file contains the object definitions for the certs and other\n"
- "# information \"built into\" NSS.\n"
- "#\n"
- "# Object definitions:\n"
- "#\n"
- "# Certificates\n"
- "#\n"
- "# -- Attribute -- -- type -- -- value --\n"
- "# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n"
- "# CKA_TOKEN CK_BBOOL CK_TRUE\n"
- "# CKA_PRIVATE CK_BBOOL CK_FALSE\n"
- "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
- "# CKA_LABEL UTF8 (varies)\n"
- "# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n"
- "# CKA_SUBJECT DER+base64 (varies)\n"
- "# CKA_ID byte array (varies)\n"
- "# CKA_ISSUER DER+base64 (varies)\n"
- "# CKA_SERIAL_NUMBER DER+base64 (varies)\n"
- "# CKA_VALUE DER+base64 (varies)\n"
- "# CKA_NSS_EMAIL ASCII7 (unused here)\n"
- "#\n"
- "# Trust\n"
- "#\n"
- "# -- Attribute -- -- type -- -- value --\n"
- "# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST\n"
- "# CKA_TOKEN CK_BBOOL CK_TRUE\n"
- "# CKA_PRIVATE CK_BBOOL CK_FALSE\n"
- "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
- "# CKA_LABEL UTF8 (varies)\n"
- "# CKA_ISSUER DER+base64 (varies)\n"
- "# CKA_SERIAL_NUMBER DER+base64 (varies)\n"
- "# CKA_CERT_HASH binary+base64 (varies)\n"
- "# CKA_EXPIRES CK_DATE (not used here)\n"
- "# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies)\n"
- "# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies)\n"
- "# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies)\n"
- "# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies)\n"
- "# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies)\n"
- "# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies)\n"
- "# CKA_TRUST_CRL_SIGN CK_TRUST (varies)\n"
- "# CKA_TRUST_SERVER_AUTH CK_TRUST (varies)\n"
- "# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies)\n"
- "# CKA_TRUST_CODE_SIGNING CK_TRUST (varies)\n"
- "# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies)\n"
- "# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies)\n"
- "# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)\n"
- "# CKA_TRUST_IPSEC_USER CK_TRUST (varies)\n"
- "# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)\n"
- "# (other trust attributes can be defined)\n"
- "#\n"
- "\n"
- "#\n"
- "# The object to tell NSS that this is a root list and we don't\n"
- "# have to go looking for others.\n"
- "#\n"
- "BEGINDATA\n"
- "CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST\n"
- "CKA_TOKEN CK_BBOOL CK_TRUE\n"
- "CKA_PRIVATE CK_BBOOL CK_FALSE\n"
- "CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
- "CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n");
+ "# This Source Code Form is subject to the terms of the Mozilla Public\n"
+ "# License, v. 2.0. If a copy of the MPL was not distributed with this\n"
+ "# file, You can obtain one at http://mozilla.org/MPL/2.0/.\n"
+ "#\n"
+ "CVS_ID \"@(#) $RCSfile$ $Revision$ $Date$\"\n"
+ "\n"
+ "#\n"
+ "# certdata.txt\n"
+ "#\n"
+ "# This file contains the object definitions for the certs and other\n"
+ "# information \"built into\" NSS.\n"
+ "#\n"
+ "# Object definitions:\n"
+ "#\n"
+ "# Certificates\n"
+ "#\n"
+ "# -- Attribute -- -- type -- -- value --\n"
+ "# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n"
+ "# CKA_TOKEN CK_BBOOL CK_TRUE\n"
+ "# CKA_PRIVATE CK_BBOOL CK_FALSE\n"
+ "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
+ "# CKA_LABEL UTF8 (varies)\n"
+ "# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n"
+ "# CKA_SUBJECT DER+base64 (varies)\n"
+ "# CKA_ID byte array (varies)\n"
+ "# CKA_ISSUER DER+base64 (varies)\n"
+ "# CKA_SERIAL_NUMBER DER+base64 (varies)\n"
+ "# CKA_VALUE DER+base64 (varies)\n"
+ "# CKA_NSS_EMAIL ASCII7 (unused here)\n"
+ "#\n"
+ "# Trust\n"
+ "#\n"
+ "# -- Attribute -- -- type -- -- value --\n"
+ "# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST\n"
+ "# CKA_TOKEN CK_BBOOL CK_TRUE\n"
+ "# CKA_PRIVATE CK_BBOOL CK_FALSE\n"
+ "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
+ "# CKA_LABEL UTF8 (varies)\n"
+ "# CKA_ISSUER DER+base64 (varies)\n"
+ "# CKA_SERIAL_NUMBER DER+base64 (varies)\n"
+ "# CKA_CERT_HASH binary+base64 (varies)\n"
+ "# CKA_EXPIRES CK_DATE (not used here)\n"
+ "# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies)\n"
+ "# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies)\n"
+ "# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies)\n"
+ "# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies)\n"
+ "# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies)\n"
+ "# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies)\n"
+ "# CKA_TRUST_CRL_SIGN CK_TRUST (varies)\n"
+ "# CKA_TRUST_SERVER_AUTH CK_TRUST (varies)\n"
+ "# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies)\n"
+ "# CKA_TRUST_CODE_SIGNING CK_TRUST (varies)\n"
+ "# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies)\n"
+ "# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies)\n"
+ "# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)\n"
+ "# CKA_TRUST_IPSEC_USER CK_TRUST (varies)\n"
+ "# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)\n"
+ "# (other trust attributes can be defined)\n"
+ "#\n"
+ "\n"
+ "#\n"
+ "# The object to tell NSS that this is a root list and we don't\n"
+ "# have to go looking for others.\n"
+ "#\n"
+ "BEGINDATA\n"
+ "CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST\n"
+ "CKA_TOKEN CK_BBOOL CK_TRUE\n"
+ "CKA_PRIVATE CK_BBOOL CK_FALSE\n"
+ "CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
+ "CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n");
}
-static void Usage(char *progName)
+static void
+Usage(char *progName)
{
fprintf(stderr, "%s -t trust -n nickname [-i certfile] [-c] [-h]\n", progName);
- fprintf(stderr,
+ fprintf(stderr,
"\tRead a der-encoded cert from certfile or stdin, and output\n"
"\tit to stdout in a format suitable for the builtin root module.\n"
"\tExample: %s -n MyCA -t \"C,C,C\" -i myca.der >> certdata.txt\n",
progName);
fprintf(stderr, "%s -D -n label [-i certfile]\n", progName);
- fprintf(stderr,
+ fprintf(stderr,
"\tRead a der-encoded cert from certfile or stdin, and output\n"
"\ta distrust record.\n"
- "\t(-D is equivalent to -t p,p,p -c -h)\n");
+ "\t(-D is equivalent to -t p,p,p -c -h)\n");
fprintf(stderr, "%s -C -e crl-entry-number -n label [-i crlfile]\n", progName);
- fprintf(stderr,
+ fprintf(stderr,
"\tRead a CRL from crlfile or stdin, and output\n"
"\ta distrust record (issuer+serial).\n"
- "\t(-C implies -c -h)\n");
+ "\t(-C implies -c -h)\n");
fprintf(stderr, "%-15s trust flags (cCTpPuw).\n", "-t trust");
- fprintf(stderr, "%-15s nickname to assign to builtin cert, or\n",
- "-n nickname");
+ fprintf(stderr, "%-15s nickname to assign to builtin cert, or\n",
+ "-n nickname");
fprintf(stderr, "%-15s a label for the distrust record.\n", "");
fprintf(stderr, "%-15s exclude the certificate (only add a trust record)\n", "-c");
fprintf(stderr, "%-15s exclude hash from trust record\n", "-h");
@@ -376,18 +382,19 @@ enum {
};
static secuCommandFlag addbuiltin_options[] =
-{
- { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE },
- { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
- { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE },
- { /* opt_Distrust */ 'D', PR_FALSE, 0, PR_FALSE },
- { /* opt_ExcludeCert */ 'c', PR_FALSE, 0, PR_FALSE },
- { /* opt_ExcludeHash */ 'h', PR_FALSE, 0, PR_FALSE },
- { /* opt_DistrustCRL */ 'C', PR_FALSE, 0, PR_FALSE },
- { /* opt_CRLEnry */ 'e', PR_TRUE, 0, PR_FALSE },
-};
-
-int main(int argc, char **argv)
+ {
+ { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Distrust */ 'D', PR_FALSE, 0, PR_FALSE },
+ { /* opt_ExcludeCert */ 'c', PR_FALSE, 0, PR_FALSE },
+ { /* opt_ExcludeHash */ 'h', PR_FALSE, 0, PR_FALSE },
+ { /* opt_DistrustCRL */ 'C', PR_FALSE, 0, PR_FALSE },
+ { /* opt_CRLEnry */ 'e', PR_TRUE, 0, PR_FALSE },
+ };
+
+int
+main(int argc, char **argv)
{
SECStatus rv;
char *nickname = NULL;
@@ -401,44 +408,43 @@ int main(int argc, char **argv)
PRBool decodeTrust = PR_FALSE;
secuCommand addbuiltin = { 0 };
- addbuiltin.numOptions = sizeof(addbuiltin_options)/sizeof(secuCommandFlag);
+ addbuiltin.numOptions = sizeof(addbuiltin_options) / sizeof(secuCommandFlag);
addbuiltin.options = addbuiltin_options;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
rv = SECU_ParseCommandLine(argc, argv, progName, &addbuiltin);
if (rv != SECSuccess)
- Usage(progName);
-
+ Usage(progName);
+
if (addbuiltin.options[opt_Trust].activated)
- ++mutuallyExclusiveOpts;
+ ++mutuallyExclusiveOpts;
if (addbuiltin.options[opt_Distrust].activated)
- ++mutuallyExclusiveOpts;
+ ++mutuallyExclusiveOpts;
if (addbuiltin.options[opt_DistrustCRL].activated)
- ++mutuallyExclusiveOpts;
+ ++mutuallyExclusiveOpts;
if (mutuallyExclusiveOpts != 1) {
fprintf(stderr, "%s: you must specify exactly one of -t or -D or -C\n",
progName);
Usage(progName);
}
-
+
if (addbuiltin.options[opt_DistrustCRL].activated) {
- if (!addbuiltin.options[opt_CRLEnry].activated) {
- fprintf(stderr, "%s: you must specify the CRL entry number.\n",
- progName);
- Usage(progName);
- }
- else {
- crlentry = atoi(addbuiltin.options[opt_CRLEnry].arg);
- if (crlentry < 1) {
- fprintf(stderr, "%s: The CRL entry number must be > 0.\n",
- progName);
- Usage(progName);
- }
- }
+ if (!addbuiltin.options[opt_CRLEnry].activated) {
+ fprintf(stderr, "%s: you must specify the CRL entry number.\n",
+ progName);
+ Usage(progName);
+ } else {
+ crlentry = atoi(addbuiltin.options[opt_CRLEnry].arg);
+ if (crlentry < 1) {
+ fprintf(stderr, "%s: The CRL entry number must be > 0.\n",
+ progName);
+ Usage(progName);
+ }
+ }
}
if (!addbuiltin.options[opt_Nickname].activated) {
@@ -448,27 +454,27 @@ int main(int argc, char **argv)
}
if (addbuiltin.options[opt_Input].activated) {
- infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660);
- if (!infile) {
- fprintf(stderr, "%s: failed to open input file.\n", progName);
- exit(1);
- }
+ infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660);
+ if (!infile) {
+ fprintf(stderr, "%s: failed to open input file.\n", progName);
+ exit(1);
+ }
} else {
#if defined(WIN32)
- /* If we're going to read binary data from stdin, we must put stdin
+ /* If we're going to read binary data from stdin, we must put stdin
** into O_BINARY mode or else incoming \r\n's will become \n's,
** and latin-1 characters will be altered.
*/
- int smrv = _setmode(_fileno(stdin), _O_BINARY);
- if (smrv == -1) {
- fprintf(stderr,
- "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
- progName);
- exit(1);
- }
+ int smrv = _setmode(_fileno(stdin), _O_BINARY);
+ if (smrv == -1) {
+ fprintf(stderr,
+ "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
+ progName);
+ exit(1);
+ }
#endif
- infile = PR_STDIN;
+ infile = PR_STDIN;
}
#if defined(WIN32)
@@ -476,70 +482,68 @@ int main(int argc, char **argv)
** carriage returns.
*/
{
- int smrv = _setmode(_fileno(stdout), _O_BINARY);
- if (smrv == -1) {
- fprintf(stderr, "%s: Cannot change stdout to binary mode.\n", progName);
- exit(1);
- }
+ int smrv = _setmode(_fileno(stdout), _O_BINARY);
+ if (smrv == -1) {
+ fprintf(stderr, "%s: Cannot change stdout to binary mode.\n", progName);
+ exit(1);
+ }
}
#endif
nickname = strdup(addbuiltin.options[opt_Nickname].arg);
-
+
NSS_NoDB_Init(NULL);
if (addbuiltin.options[opt_Distrust].activated ||
addbuiltin.options[opt_DistrustCRL].activated) {
- addbuiltin.options[opt_ExcludeCert].activated = PR_TRUE;
- addbuiltin.options[opt_ExcludeHash].activated = PR_TRUE;
+ addbuiltin.options[opt_ExcludeCert].activated = PR_TRUE;
+ addbuiltin.options[opt_ExcludeHash].activated = PR_TRUE;
}
-
+
if (addbuiltin.options[opt_Distrust].activated) {
trusts = strdup("p,p,p");
- decodeTrust = PR_TRUE;
- }
- else if (addbuiltin.options[opt_Trust].activated) {
+ decodeTrust = PR_TRUE;
+ } else if (addbuiltin.options[opt_Trust].activated) {
trusts = strdup(addbuiltin.options[opt_Trust].arg);
- decodeTrust = PR_TRUE;
+ decodeTrust = PR_TRUE;
}
-
+
if (decodeTrust) {
- rv = CERT_DecodeTrustString(&trust, trusts);
- if (rv) {
- fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName);
- Usage(progName);
- }
+ rv = CERT_DecodeTrustString(&trust, trusts);
+ if (rv) {
+ fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName);
+ Usage(progName);
+ }
}
-
+
if (addbuiltin.options[opt_Trust].activated &&
addbuiltin.options[opt_ExcludeHash].activated) {
- if ((trust.sslFlags | trust.emailFlags | trust.objectSigningFlags)
- != CERTDB_TERMINAL_RECORD) {
- fprintf(stderr, "%s: Excluding the hash only allowed with distrust.\n", progName);
- Usage(progName);
- }
+ if ((trust.sslFlags | trust.emailFlags | trust.objectSigningFlags) !=
+ CERTDB_TERMINAL_RECORD) {
+ fprintf(stderr, "%s: Excluding the hash only allowed with distrust.\n", progName);
+ Usage(progName);
+ }
}
SECU_FileToItem(&derItem, infile);
-
+
/*printheader();*/
-
+
if (addbuiltin.options[opt_DistrustCRL].activated) {
- rv = ConvertCRLEntry(&derItem, crlentry, nickname);
- }
- else {
- rv = ConvertCertificate(&derItem, nickname, &trust,
- addbuiltin.options[opt_ExcludeCert].activated,
- addbuiltin.options[opt_ExcludeHash].activated);
- if (rv) {
- fprintf(stderr, "%s: failed to convert certificate.\n", progName);
- exit(1);
- }
+ rv = ConvertCRLEntry(&derItem, crlentry, nickname);
+ } else {
+ rv = ConvertCertificate(&derItem, nickname, &trust,
+ addbuiltin.options[opt_ExcludeCert].activated,
+ addbuiltin.options[opt_ExcludeHash].activated);
+ if (rv) {
+ fprintf(stderr, "%s: failed to convert certificate.\n", progName);
+ exit(1);
+ }
}
-
+
if (NSS_Shutdown() != SECSuccess) {
exit(1);
}
- return(SECSuccess);
+ return (SECSuccess);
}
diff --git a/cmd/atob/atob.c b/cmd/atob/atob.c
index cdc9dd6ac..115b0e9a0 100644
--- a/cmd/atob/atob.c
+++ b/cmd/atob/atob.c
@@ -9,8 +9,8 @@
#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
#if !defined(WIN32)
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
extern int fprintf(FILE *, char *, ...);
#endif
#endif
@@ -20,16 +20,16 @@ extern int fprintf(FILE *, char *, ...);
#include "io.h"
#endif
-static PRInt32
-output_binary (void *arg, const unsigned char *obuf, PRInt32 size)
+static PRInt32
+output_binary(void *arg, const unsigned char *obuf, PRInt32 size)
{
FILE *outFile = arg;
int nb;
nb = fwrite(obuf, 1, size, outFile);
if (nb != size) {
- PORT_SetError(SEC_ERROR_IO);
- return -1;
+ PORT_SetError(SEC_ERROR_IO);
+ return -1;
}
return nb;
@@ -38,12 +38,11 @@ output_binary (void *arg, const unsigned char *obuf, PRInt32 size)
static PRBool
isBase64Char(char c)
{
- return ((c >= 'A' && c <= 'Z')
- || (c >= 'a' && c <= 'z')
- || (c >= '0' && c <= '9')
- || c == '+'
- || c == '/'
- || c == '=');
+ return ((c >= 'A' && c <= 'Z') ||
+ (c >= 'a' && c <= 'z') ||
+ (c >= '0' && c <= '9') ||
+ c == '+' || c == '/' ||
+ c == '=');
}
static SECStatus
@@ -56,57 +55,61 @@ decode_file(FILE *outFile, FILE *inFile)
cx = NSSBase64Decoder_Create(output_binary, outFile);
if (!cx) {
- return -1;
+ return -1;
}
for (;;) {
- if (feof(inFile)) break;
- if (!fgets(ibuf, sizeof(ibuf), inFile)) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- goto loser;
- }
- /* eof */
- break;
- }
- for (ptr = ibuf; *ptr; ++ptr) {
- char c = *ptr;
- if (c == '\n' || c == '\r') {
- break; /* found end of line */
- }
- if (!isBase64Char(c)) {
- ptr = ibuf; /* ignore line */
- break;
- }
- }
- if (ibuf == ptr) {
- continue; /* skip empty or non-base64 line */
- }
-
- status = NSSBase64Decoder_Update(cx, ibuf, ptr-ibuf);
- if (status != SECSuccess) goto loser;
+ if (feof(inFile))
+ break;
+ if (!fgets(ibuf, sizeof(ibuf), inFile)) {
+ if (ferror(inFile)) {
+ PORT_SetError(SEC_ERROR_IO);
+ goto loser;
+ }
+ /* eof */
+ break;
+ }
+ for (ptr = ibuf; *ptr; ++ptr) {
+ char c = *ptr;
+ if (c == '\n' || c == '\r') {
+ break; /* found end of line */
+ }
+ if (!isBase64Char(c)) {
+ ptr = ibuf; /* ignore line */
+ break;
+ }
+ }
+ if (ibuf == ptr) {
+ continue; /* skip empty or non-base64 line */
+ }
+
+ status = NSSBase64Decoder_Update(cx, ibuf, ptr - ibuf);
+ if (status != SECSuccess)
+ goto loser;
}
return NSSBase64Decoder_Destroy(cx, PR_FALSE);
- loser:
- (void) NSSBase64Decoder_Destroy(cx, PR_TRUE);
+loser:
+ (void)NSSBase64Decoder_Destroy(cx, PR_TRUE);
return status;
}
-static void Usage(char *progName)
+static void
+Usage(char *progName)
{
fprintf(stderr,
- "Usage: %s [-i input] [-o output]\n",
- progName);
+ "Usage: %s [-i input] [-o output]\n",
+ progName);
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
+ "-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
+ "-o output");
exit(-1);
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
char *progName;
SECStatus rv;
@@ -117,54 +120,55 @@ int main(int argc, char **argv)
inFile = 0;
outFile = 0;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
/* Parse command line arguments */
optstate = PL_CreateOptState(argc, argv, "?hi:o:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- case 'h':
- Usage(progName);
- break;
-
- case 'i':
- inFile = fopen(optstate->value, "r");
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "wb");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
- }
+ switch (optstate->option) {
+ case '?':
+ case 'h':
+ Usage(progName);
+ break;
+
+ case 'i':
+ inFile = fopen(optstate->value, "r");
+ if (!inFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'o':
+ outFile = fopen(optstate->value, "wb");
+ if (!outFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+ }
}
- if (!inFile) inFile = stdin;
+ if (!inFile)
+ inFile = stdin;
if (!outFile) {
#if defined(WIN32)
- int smrv = _setmode(_fileno(stdout), _O_BINARY);
- if (smrv == -1) {
- fprintf(stderr,
- "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
- progName);
- return smrv;
- }
+ int smrv = _setmode(_fileno(stdout), _O_BINARY);
+ if (smrv == -1) {
+ fprintf(stderr,
+ "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
+ progName);
+ return smrv;
+ }
#endif
- outFile = stdout;
+ outFile = stdout;
}
rv = decode_file(outFile, inFile);
if (rv != SECSuccess) {
- fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
- progName, PORT_GetError(), errno);
- return -1;
+ fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
+ progName, PORT_GetError(), errno);
+ return -1;
}
return 0;
}
diff --git a/cmd/bltest/blapitest.c b/cmd/bltest/blapitest.c
index 050bebfd9..e02b3476f 100644
--- a/cmd/bltest/blapitest.c
+++ b/cmd/bltest/blapitest.c
@@ -23,10 +23,10 @@
#ifndef NSS_DISABLE_ECC
#include "ecl-curve.h"
-SECStatus EC_DecodeParams(const SECItem *encodedParams,
- ECParams **ecparams);
+SECStatus EC_DecodeParams(const SECItem *encodedParams,
+ ECParams **ecparams);
SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
- const ECParams *srcParams);
+ const ECParams *srcParams);
#endif
char *progName;
@@ -36,48 +36,49 @@ char *testdir = NULL;
#define WORDSIZE sizeof(unsigned long)
-#define CHECKERROR(rv, ln) \
- if (rv) { \
- PRErrorCode prerror = PR_GetError(); \
- PR_fprintf(PR_STDERR, "%s: ERR %d (%s) at line %d.\n", progName, \
- prerror, PORT_ErrorToString(prerror), ln); \
- exit(-1); \
+#define CHECKERROR(rv, ln) \
+ if (rv) { \
+ PRErrorCode prerror = PR_GetError(); \
+ PR_fprintf(PR_STDERR, "%s: ERR %d (%s) at line %d.\n", progName, \
+ prerror, PORT_ErrorToString(prerror), ln); \
+ exit(-1); \
}
/* Macros for performance timing. */
#define TIMESTART() \
time1 = PR_IntervalNow();
-#define TIMEFINISH(time, reps) \
+#define TIMEFINISH(time, reps) \
time2 = (PRIntervalTime)(PR_IntervalNow() - time1); \
- time1 = PR_IntervalToMilliseconds(time2); \
- time = ((double)(time1))/reps;
-
-#define TIMEMARK(seconds) \
- time1 = PR_SecondsToInterval(seconds); \
- { \
- PRInt64 tmp; \
- if (time2 == 0) { \
- time2 = 1; \
- } \
- LL_DIV(tmp, time1, time2); \
- if (tmp < 10) { \
- if (tmp == 0) { \
- opsBetweenChecks = 1; \
- } else { \
+ time1 = PR_IntervalToMilliseconds(time2); \
+ time = ((double)(time1)) / reps;
+
+#define TIMEMARK(seconds) \
+ time1 = PR_SecondsToInterval(seconds); \
+ { \
+ PRInt64 tmp; \
+ if (time2 == 0) { \
+ time2 = 1; \
+ } \
+ LL_DIV(tmp, time1, time2); \
+ if (tmp < 10) { \
+ if (tmp == 0) { \
+ opsBetweenChecks = 1; \
+ } else { \
LL_L2I(opsBetweenChecks, tmp); \
- } \
- } else { \
- opsBetweenChecks = 10; \
- } \
- } \
- time2 = time1; \
+ } \
+ } else { \
+ opsBetweenChecks = 10; \
+ } \
+ } \
+ time2 = time1; \
time1 = PR_IntervalNow();
#define TIMETOFINISH() \
PR_IntervalNow() - time1 >= time2
-static void Usage()
+static void
+Usage()
{
#define PRINTUSAGE(subject, option, predicate) \
fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate);
@@ -85,108 +86,108 @@ static void Usage()
PRINTUSAGE(progName, "[-DEHSVR]", "List available cipher modes"); /* XXX */
fprintf(stderr, "\n");
PRINTUSAGE(progName, "-E -m mode ", "Encrypt a buffer");
- PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
- PRINTUSAGE("", "", "[-b bufsize] [-g keysize] [-e exp] [-r rounds]");
- PRINTUSAGE("", "", "[-w wordsize] [-p repetitions | -5 time_interval]");
- PRINTUSAGE("", "", "[-4 th_num]");
- PRINTUSAGE("", "-m", "cipher mode to use");
- PRINTUSAGE("", "-i", "file which contains input buffer");
- PRINTUSAGE("", "-o", "file for output buffer");
- PRINTUSAGE("", "-k", "file which contains key");
- PRINTUSAGE("", "-v", "file which contains initialization vector");
- PRINTUSAGE("", "-b", "size of input buffer");
- PRINTUSAGE("", "-g", "key size (in bytes)");
- PRINTUSAGE("", "-p", "do performance test");
- PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
- PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
- PRINTUSAGE("", "--aad", "File with contains additional auth data");
+ PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
+ PRINTUSAGE("", "", "[-b bufsize] [-g keysize] [-e exp] [-r rounds]");
+ PRINTUSAGE("", "", "[-w wordsize] [-p repetitions | -5 time_interval]");
+ PRINTUSAGE("", "", "[-4 th_num]");
+ PRINTUSAGE("", "-m", "cipher mode to use");
+ PRINTUSAGE("", "-i", "file which contains input buffer");
+ PRINTUSAGE("", "-o", "file for output buffer");
+ PRINTUSAGE("", "-k", "file which contains key");
+ PRINTUSAGE("", "-v", "file which contains initialization vector");
+ PRINTUSAGE("", "-b", "size of input buffer");
+ PRINTUSAGE("", "-g", "key size (in bytes)");
+ PRINTUSAGE("", "-p", "do performance test");
+ PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+ PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+ PRINTUSAGE("", "--aad", "File with contains additional auth data");
PRINTUSAGE("(rsa)", "-e", "rsa public exponent");
PRINTUSAGE("(rc5)", "-r", "number of rounds");
PRINTUSAGE("(rc5)", "-w", "wordsize (32 or 64)");
fprintf(stderr, "\n");
PRINTUSAGE(progName, "-D -m mode", "Decrypt a buffer");
- PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
- PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
- PRINTUSAGE("", "-m", "cipher mode to use");
- PRINTUSAGE("", "-i", "file which contains input buffer");
- PRINTUSAGE("", "-o", "file for output buffer");
- PRINTUSAGE("", "-k", "file which contains key");
- PRINTUSAGE("", "-v", "file which contains initialization vector");
- PRINTUSAGE("", "-p", "do performance test");
- PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
- PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
- PRINTUSAGE("", "--aad", "File with contains additional auth data");
+ PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
+ PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+ PRINTUSAGE("", "-m", "cipher mode to use");
+ PRINTUSAGE("", "-i", "file which contains input buffer");
+ PRINTUSAGE("", "-o", "file for output buffer");
+ PRINTUSAGE("", "-k", "file which contains key");
+ PRINTUSAGE("", "-v", "file which contains initialization vector");
+ PRINTUSAGE("", "-p", "do performance test");
+ PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+ PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+ PRINTUSAGE("", "--aad", "File with contains additional auth data");
fprintf(stderr, "\n");
PRINTUSAGE(progName, "-H -m mode", "Hash a buffer");
- PRINTUSAGE("", "", "[-i plaintext] [-o hash]");
- PRINTUSAGE("", "", "[-b bufsize]");
- PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
- PRINTUSAGE("", "-m", "cipher mode to use");
- PRINTUSAGE("", "-i", "file which contains input buffer");
- PRINTUSAGE("", "-o", "file for hash");
- PRINTUSAGE("", "-b", "size of input buffer");
- PRINTUSAGE("", "-p", "do performance test");
- PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
- PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+ PRINTUSAGE("", "", "[-i plaintext] [-o hash]");
+ PRINTUSAGE("", "", "[-b bufsize]");
+ PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+ PRINTUSAGE("", "-m", "cipher mode to use");
+ PRINTUSAGE("", "-i", "file which contains input buffer");
+ PRINTUSAGE("", "-o", "file for hash");
+ PRINTUSAGE("", "-b", "size of input buffer");
+ PRINTUSAGE("", "-p", "do performance test");
+ PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+ PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
fprintf(stderr, "\n");
PRINTUSAGE(progName, "-S -m mode", "Sign a buffer");
- PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]");
- PRINTUSAGE("", "", "[-b bufsize]");
+ PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]");
+ PRINTUSAGE("", "", "[-b bufsize]");
#ifndef NSS_DISABLE_ECC
- PRINTUSAGE("", "", "[-n curvename]");
+ PRINTUSAGE("", "", "[-n curvename]");
#endif
- PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
- PRINTUSAGE("", "-m", "cipher mode to use");
- PRINTUSAGE("", "-i", "file which contains input buffer");
- PRINTUSAGE("", "-o", "file for signature");
- PRINTUSAGE("", "-k", "file which contains key");
+ PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+ PRINTUSAGE("", "-m", "cipher mode to use");
+ PRINTUSAGE("", "-i", "file which contains input buffer");
+ PRINTUSAGE("", "-o", "file for signature");
+ PRINTUSAGE("", "-k", "file which contains key");
#ifndef NSS_DISABLE_ECC
- PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
- PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,");
- PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
- PRINTUSAGE("", "", " sect233r1, nistb233, sect239k1, sect283k1, nistk283,");
- PRINTUSAGE("", "", " sect283r1, nistb283, sect409k1, nistk409, sect409r1,");
- PRINTUSAGE("", "", " nistb409, sect571k1, nistk571, sect571r1, nistb571,");
- PRINTUSAGE("", "", " secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,");
- PRINTUSAGE("", "", " nistp192, secp224k1, secp224r1, nistp224, secp256k1,");
- PRINTUSAGE("", "", " secp256r1, nistp256, secp384r1, nistp384, secp521r1,");
- PRINTUSAGE("", "", " nistp521, prime192v1, prime192v2, prime192v3,");
- PRINTUSAGE("", "", " prime239v1, prime239v2, prime239v3, c2pnb163v1,");
- PRINTUSAGE("", "", " c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,");
- PRINTUSAGE("", "", " c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,");
- PRINTUSAGE("", "", " c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,");
- PRINTUSAGE("", "", " c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,");
- PRINTUSAGE("", "", " c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,");
- PRINTUSAGE("", "", " secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,");
- PRINTUSAGE("", "", " sect131r1, sect131r2");
+ PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
+ PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,");
+ PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
+ PRINTUSAGE("", "", " sect233r1, nistb233, sect239k1, sect283k1, nistk283,");
+ PRINTUSAGE("", "", " sect283r1, nistb283, sect409k1, nistk409, sect409r1,");
+ PRINTUSAGE("", "", " nistb409, sect571k1, nistk571, sect571r1, nistb571,");
+ PRINTUSAGE("", "", " secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,");
+ PRINTUSAGE("", "", " nistp192, secp224k1, secp224r1, nistp224, secp256k1,");
+ PRINTUSAGE("", "", " secp256r1, nistp256, secp384r1, nistp384, secp521r1,");
+ PRINTUSAGE("", "", " nistp521, prime192v1, prime192v2, prime192v3,");
+ PRINTUSAGE("", "", " prime239v1, prime239v2, prime239v3, c2pnb163v1,");
+ PRINTUSAGE("", "", " c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,");
+ PRINTUSAGE("", "", " c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,");
+ PRINTUSAGE("", "", " c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,");
+ PRINTUSAGE("", "", " c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,");
+ PRINTUSAGE("", "", " c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,");
+ PRINTUSAGE("", "", " secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,");
+ PRINTUSAGE("", "", " sect131r1, sect131r2");
#endif
- PRINTUSAGE("", "-p", "do performance test");
- PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
- PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+ PRINTUSAGE("", "-p", "do performance test");
+ PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+ PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
fprintf(stderr, "\n");
PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer");
- PRINTUSAGE("", "", "[-i plaintext] [-s signature] [-k key]");
- PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
- PRINTUSAGE("", "-m", "cipher mode to use");
- PRINTUSAGE("", "-i", "file which contains input buffer");
- PRINTUSAGE("", "-s", "file which contains signature of input buffer");
- PRINTUSAGE("", "-k", "file which contains key");
- PRINTUSAGE("", "-p", "do performance test");
- PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
- PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+ PRINTUSAGE("", "", "[-i plaintext] [-s signature] [-k key]");
+ PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+ PRINTUSAGE("", "-m", "cipher mode to use");
+ PRINTUSAGE("", "-i", "file which contains input buffer");
+ PRINTUSAGE("", "-s", "file which contains signature of input buffer");
+ PRINTUSAGE("", "-k", "file which contains key");
+ PRINTUSAGE("", "-p", "do performance test");
+ PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+ PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
fprintf(stderr, "\n");
- PRINTUSAGE(progName, "-N -m mode -b bufsize",
- "Create a nonce plaintext and key");
- PRINTUSAGE("", "", "[-g keysize] [-u cxreps]");
- PRINTUSAGE("", "-g", "key size (in bytes)");
- PRINTUSAGE("", "-u", "number of repetitions of context creation");
+ PRINTUSAGE(progName, "-N -m mode -b bufsize",
+ "Create a nonce plaintext and key");
+ PRINTUSAGE("", "", "[-g keysize] [-u cxreps]");
+ PRINTUSAGE("", "-g", "key size (in bytes)");
+ PRINTUSAGE("", "-u", "number of repetitions of context creation");
fprintf(stderr, "\n");
- PRINTUSAGE(progName, "-R [-g keysize] [-e exp]",
- "Test the RSA populate key function");
- PRINTUSAGE("", "", "[-r repetitions]");
- PRINTUSAGE("", "-g", "key size (in bytes)");
- PRINTUSAGE("", "-e", "rsa public exponent");
- PRINTUSAGE("", "-r", "repetitions of the test");
+ PRINTUSAGE(progName, "-R [-g keysize] [-e exp]",
+ "Test the RSA populate key function");
+ PRINTUSAGE("", "", "[-r repetitions]");
+ PRINTUSAGE("", "-g", "key size (in bytes)");
+ PRINTUSAGE("", "-e", "rsa public exponent");
+ PRINTUSAGE("", "-r", "repetitions of the test");
fprintf(stderr, "\n");
PRINTUSAGE(progName, "-F", "Run the FIPS self-test");
fprintf(stderr, "\n");
@@ -199,7 +200,7 @@ static void Usage()
/* XXX argh */
struct item_with_arena {
- SECItem *item;
+ SECItem *item;
PLArenaPool *arena;
};
@@ -211,13 +212,13 @@ get_binary(void *arg, const unsigned char *ibuf, PRInt32 size)
SECItem *tmp;
int index;
if (binary->data == NULL) {
- tmp = SECITEM_AllocItem(it->arena, NULL, size);
- binary->data = tmp->data;
- binary->len = tmp->len;
- index = 0;
+ tmp = SECITEM_AllocItem(it->arena, NULL, size);
+ binary->data = tmp->data;
+ binary->len = tmp->len;
+ index = 0;
} else {
- SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size);
- index = binary->len;
+ SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size);
+ index = binary->len;
}
PORT_Memcpy(&binary->data[index], ibuf, size);
return binary->len;
@@ -234,8 +235,8 @@ atob(SECItem *ascii, SECItem *binary, PLArenaPool *arena)
binary->len = 0;
it.item = binary;
it.arena = arena;
- len = (strncmp((const char *)&ascii->data[ascii->len-2],"\r\n",2)) ?
- ascii->len : ascii->len-2;
+ len = (strncmp((const char *)&ascii->data[ascii->len - 2], "\r\n", 2)) ? ascii->len
+ : ascii->len - 2;
cx = NSSBase64Decoder_Create(get_binary, &it);
status = NSSBase64Decoder_Update(cx, (const char *)ascii->data, len);
status = NSSBase64Decoder_Destroy(cx, PR_FALSE);
@@ -248,8 +249,8 @@ output_ascii(void *arg, const char *obuf, PRInt32 size)
PRFileDesc *outfile = arg;
PRInt32 nb = PR_Write(outfile, obuf, size);
if (nb != size) {
- PORT_SetError(SEC_ERROR_IO);
- return -1;
+ PORT_SetError(SEC_ERROR_IO);
+ return -1;
}
return nb;
}
@@ -260,7 +261,7 @@ btoa_file(SECItem *binary, PRFileDesc *outfile)
SECStatus status;
NSSBase64Encoder *cx;
if (binary->len == 0)
- return SECSuccess;
+ return SECSuccess;
cx = NSSBase64Encoder_Create(output_ascii, outfile);
status = NSSBase64Encoder_Update(cx, binary->data, binary->len);
status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
@@ -274,19 +275,19 @@ hex_from_2char(unsigned char *c2, unsigned char *byteval)
int i;
unsigned char offset;
*byteval = 0;
- for (i=0; i<2; i++) {
- if (c2[i] >= '0' && c2[i] <= '9') {
- offset = c2[i] - '0';
- *byteval |= offset << 4*(1-i);
- } else if (c2[i] >= 'a' && c2[i] <= 'f') {
- offset = c2[i] - 'a';
- *byteval |= (offset + 10) << 4*(1-i);
- } else if (c2[i] >= 'A' && c2[i] <= 'F') {
- offset = c2[i] - 'A';
- *byteval |= (offset + 10) << 4*(1-i);
- } else {
- return SECFailure;
- }
+ for (i = 0; i < 2; i++) {
+ if (c2[i] >= '0' && c2[i] <= '9') {
+ offset = c2[i] - '0';
+ *byteval |= offset << 4 * (1 - i);
+ } else if (c2[i] >= 'a' && c2[i] <= 'f') {
+ offset = c2[i] - 'a';
+ *byteval |= (offset + 10) << 4 * (1 - i);
+ } else if (c2[i] >= 'A' && c2[i] <= 'F') {
+ offset = c2[i] - 'A';
+ *byteval |= (offset + 10) << 4 * (1 - i);
+ } else {
+ return SECFailure;
+ }
}
return SECSuccess;
}
@@ -296,13 +297,13 @@ char2_from_hex(unsigned char byteval, char *c2)
{
int i;
unsigned char offset;
- for (i=0; i<2; i++) {
- offset = (byteval >> 4*(1-i)) & 0x0f;
- if (offset < 10) {
- c2[i] = '0' + offset;
- } else {
- c2[i] = 'A' + offset - 10;
- }
+ for (i = 0; i < 2; i++) {
+ offset = (byteval >> 4 * (1 - i)) & 0x0f;
+ if (offset < 10) {
+ c2[i] = '0' + offset;
+ } else {
+ c2[i] = 'A' + offset - 10;
+ }
}
return SECSuccess;
}
@@ -314,13 +315,13 @@ serialize_key(SECItem *it, int ni, PRFileDesc *file)
int i;
NSSBase64Encoder *cx;
cx = NSSBase64Encoder_Create(output_ascii, file);
- for (i=0; i<ni; i++, it++) {
- len[0] = (it->len >> 24) & 0xff;
- len[1] = (it->len >> 16) & 0xff;
- len[2] = (it->len >> 8) & 0xff;
- len[3] = (it->len & 0xff);
- NSSBase64Encoder_Update(cx, len, 4);
- NSSBase64Encoder_Update(cx, it->data, it->len);
+ for (i = 0; i < ni; i++, it++) {
+ len[0] = (it->len >> 24) & 0xff;
+ len[1] = (it->len >> 16) & 0xff;
+ len[2] = (it->len >> 8) & 0xff;
+ len[3] = (it->len & 0xff);
+ NSSBase64Encoder_Update(cx, len, 4);
+ NSSBase64Encoder_Update(cx, it->data, it->len);
}
NSSBase64Encoder_Destroy(cx, PR_FALSE);
PR_Write(file, "\r\n", 2);
@@ -332,23 +333,23 @@ key_from_filedata(PLArenaPool *arena, SECItem *it, int ns, int ni, SECItem *file
int fpos = 0;
int i, len;
unsigned char *buf = filedata->data;
- for (i=0; i<ni; i++) {
- len = (buf[fpos++] & 0xff) << 24;
- len |= (buf[fpos++] & 0xff) << 16;
- len |= (buf[fpos++] & 0xff) << 8;
- len |= (buf[fpos++] & 0xff);
- if (ns <= i) {
- if (len > 0) {
- it->len = len;
- it->data = PORT_ArenaAlloc(arena, it->len);
- PORT_Memcpy(it->data, &buf[fpos], it->len);
- } else {
- it->len = 0;
- it->data = NULL;
- }
- it++;
- }
- fpos += len;
+ for (i = 0; i < ni; i++) {
+ len = (buf[fpos++] & 0xff) << 24;
+ len |= (buf[fpos++] & 0xff) << 16;
+ len |= (buf[fpos++] & 0xff) << 8;
+ len |= (buf[fpos++] & 0xff);
+ if (ns <= i) {
+ if (len > 0) {
+ it->len = len;
+ it->data = PORT_ArenaAlloc(arena, it->len);
+ PORT_Memcpy(it->data, &buf[fpos], it->len);
+ } else {
+ it->len = 0;
+ it->data = NULL;
+ }
+ it++;
+ }
+ fpos += len;
}
}
@@ -420,92 +421,92 @@ typedef struct curveNameTagPairStr {
SECOidTag curveOidTag;
} CurveNameTagPair;
-#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
+#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */
static CurveNameTagPair nameTagPair[] =
-{
- { "sect163k1", SEC_OID_SECG_EC_SECT163K1},
- { "nistk163", SEC_OID_SECG_EC_SECT163K1},
- { "sect163r1", SEC_OID_SECG_EC_SECT163R1},
- { "sect163r2", SEC_OID_SECG_EC_SECT163R2},
- { "nistb163", SEC_OID_SECG_EC_SECT163R2},
- { "sect193r1", SEC_OID_SECG_EC_SECT193R1},
- { "sect193r2", SEC_OID_SECG_EC_SECT193R2},
- { "sect233k1", SEC_OID_SECG_EC_SECT233K1},
- { "nistk233", SEC_OID_SECG_EC_SECT233K1},
- { "sect233r1", SEC_OID_SECG_EC_SECT233R1},
- { "nistb233", SEC_OID_SECG_EC_SECT233R1},
- { "sect239k1", SEC_OID_SECG_EC_SECT239K1},
- { "sect283k1", SEC_OID_SECG_EC_SECT283K1},
- { "nistk283", SEC_OID_SECG_EC_SECT283K1},
- { "sect283r1", SEC_OID_SECG_EC_SECT283R1},
- { "nistb283", SEC_OID_SECG_EC_SECT283R1},
- { "sect409k1", SEC_OID_SECG_EC_SECT409K1},
- { "nistk409", SEC_OID_SECG_EC_SECT409K1},
- { "sect409r1", SEC_OID_SECG_EC_SECT409R1},
- { "nistb409", SEC_OID_SECG_EC_SECT409R1},
- { "sect571k1", SEC_OID_SECG_EC_SECT571K1},
- { "nistk571", SEC_OID_SECG_EC_SECT571K1},
- { "sect571r1", SEC_OID_SECG_EC_SECT571R1},
- { "nistb571", SEC_OID_SECG_EC_SECT571R1},
- { "secp160k1", SEC_OID_SECG_EC_SECP160K1},
- { "secp160r1", SEC_OID_SECG_EC_SECP160R1},
- { "secp160r2", SEC_OID_SECG_EC_SECP160R2},
- { "secp192k1", SEC_OID_SECG_EC_SECP192K1},
- { "secp192r1", SEC_OID_SECG_EC_SECP192R1},
- { "nistp192", SEC_OID_SECG_EC_SECP192R1},
- { "secp224k1", SEC_OID_SECG_EC_SECP224K1},
- { "secp224r1", SEC_OID_SECG_EC_SECP224R1},
- { "nistp224", SEC_OID_SECG_EC_SECP224R1},
- { "secp256k1", SEC_OID_SECG_EC_SECP256K1},
- { "secp256r1", SEC_OID_SECG_EC_SECP256R1},
- { "nistp256", SEC_OID_SECG_EC_SECP256R1},
- { "secp384r1", SEC_OID_SECG_EC_SECP384R1},
- { "nistp384", SEC_OID_SECG_EC_SECP384R1},
- { "secp521r1", SEC_OID_SECG_EC_SECP521R1},
- { "nistp521", SEC_OID_SECG_EC_SECP521R1},
-
- { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
- { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
- { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
- { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
- { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
- { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
-
- { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
- { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
- { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
- { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
- { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
- { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
- { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
- { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
- { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
- { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
- { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
- { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
- { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
- { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
- { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
- { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
- { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
- { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
- { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
- { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
-
- { "secp112r1", SEC_OID_SECG_EC_SECP112R1},
- { "secp112r2", SEC_OID_SECG_EC_SECP112R2},
- { "secp128r1", SEC_OID_SECG_EC_SECP128R1},
- { "secp128r2", SEC_OID_SECG_EC_SECP128R2},
-
- { "sect113r1", SEC_OID_SECG_EC_SECT113R1},
- { "sect113r2", SEC_OID_SECG_EC_SECT113R2},
- { "sect131r1", SEC_OID_SECG_EC_SECT131R1},
- { "sect131r2", SEC_OID_SECG_EC_SECT131R2},
-};
-
-static SECItem *
+ {
+ { "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
+ { "nistk163", SEC_OID_SECG_EC_SECT163K1 },
+ { "sect163r1", SEC_OID_SECG_EC_SECT163R1 },
+ { "sect163r2", SEC_OID_SECG_EC_SECT163R2 },
+ { "nistb163", SEC_OID_SECG_EC_SECT163R2 },
+ { "sect193r1", SEC_OID_SECG_EC_SECT193R1 },
+ { "sect193r2", SEC_OID_SECG_EC_SECT193R2 },
+ { "sect233k1", SEC_OID_SECG_EC_SECT233K1 },
+ { "nistk233", SEC_OID_SECG_EC_SECT233K1 },
+ { "sect233r1", SEC_OID_SECG_EC_SECT233R1 },
+ { "nistb233", SEC_OID_SECG_EC_SECT233R1 },
+ { "sect239k1", SEC_OID_SECG_EC_SECT239K1 },
+ { "sect283k1", SEC_OID_SECG_EC_SECT283K1 },
+ { "nistk283", SEC_OID_SECG_EC_SECT283K1 },
+ { "sect283r1", SEC_OID_SECG_EC_SECT283R1 },
+ { "nistb283", SEC_OID_SECG_EC_SECT283R1 },
+ { "sect409k1", SEC_OID_SECG_EC_SECT409K1 },
+ { "nistk409", SEC_OID_SECG_EC_SECT409K1 },
+ { "sect409r1", SEC_OID_SECG_EC_SECT409R1 },
+ { "nistb409", SEC_OID_SECG_EC_SECT409R1 },
+ { "sect571k1", SEC_OID_SECG_EC_SECT571K1 },
+ { "nistk571", SEC_OID_SECG_EC_SECT571K1 },
+ { "sect571r1", SEC_OID_SECG_EC_SECT571R1 },
+ { "nistb571", SEC_OID_SECG_EC_SECT571R1 },
+ { "secp160k1", SEC_OID_SECG_EC_SECP160K1 },
+ { "secp160r1", SEC_OID_SECG_EC_SECP160R1 },
+ { "secp160r2", SEC_OID_SECG_EC_SECP160R2 },
+ { "secp192k1", SEC_OID_SECG_EC_SECP192K1 },
+ { "secp192r1", SEC_OID_SECG_EC_SECP192R1 },
+ { "nistp192", SEC_OID_SECG_EC_SECP192R1 },
+ { "secp224k1", SEC_OID_SECG_EC_SECP224K1 },
+ { "secp224r1", SEC_OID_SECG_EC_SECP224R1 },
+ { "nistp224", SEC_OID_SECG_EC_SECP224R1 },
+ { "secp256k1", SEC_OID_SECG_EC_SECP256K1 },
+ { "secp256r1", SEC_OID_SECG_EC_SECP256R1 },
+ { "nistp256", SEC_OID_SECG_EC_SECP256R1 },
+ { "secp384r1", SEC_OID_SECG_EC_SECP384R1 },
+ { "nistp384", SEC_OID_SECG_EC_SECP384R1 },
+ { "secp521r1", SEC_OID_SECG_EC_SECP521R1 },
+ { "nistp521", SEC_OID_SECG_EC_SECP521R1 },
+
+ { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
+ { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
+ { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
+ { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
+ { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
+ { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
+
+ { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
+ { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
+ { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
+ { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
+ { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
+ { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
+ { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
+ { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
+ { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
+ { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
+ { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
+ { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
+ { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
+ { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
+ { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
+ { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
+ { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
+ { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
+ { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
+ { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
+
+ { "secp112r1", SEC_OID_SECG_EC_SECP112R1 },
+ { "secp112r2", SEC_OID_SECG_EC_SECP112R2 },
+ { "secp128r1", SEC_OID_SECG_EC_SECP128R1 },
+ { "secp128r2", SEC_OID_SECG_EC_SECP128R2 },
+
+ { "sect113r1", SEC_OID_SECG_EC_SECT113R1 },
+ { "sect113r2", SEC_OID_SECG_EC_SECT113R2 },
+ { "sect131r1", SEC_OID_SECG_EC_SECT131R1 },
+ { "sect131r2", SEC_OID_SECG_EC_SECT131R2 },
+ };
+
+static SECItem *
getECParams(const char *curve)
{
SECItem *ecparams;
@@ -514,26 +515,26 @@ getECParams(const char *curve)
int i, numCurves;
if (curve != NULL) {
- numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
- for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
- i++) {
- if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
- curveOidTag = nameTagPair[i].curveOidTag;
- }
+ numCurves = sizeof(nameTagPair) / sizeof(CurveNameTagPair);
+ for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
+ i++) {
+ if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
+ curveOidTag = nameTagPair[i].curveOidTag;
+ }
}
/* Return NULL if curve name is not recognized */
- if ((curveOidTag == SEC_OID_UNKNOWN) ||
- (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
+ if ((curveOidTag == SEC_OID_UNKNOWN) ||
+ (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
- return NULL;
+ return NULL;
}
ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
- /*
+ /*
* ecparams->data needs to contain the ASN encoding of an object ID (OID)
- * representing the named curve. The actual OID is in
+ * representing the named curve. The actual OID is in
* oidData->oid.data so we simply prepend 0x06 and OID length
*/
ecparams->data[0] = SEC_ASN1_OBJECT_ID;
@@ -592,128 +593,128 @@ dump_rsakey(RSAPrivateKey *key)
}
typedef enum {
- bltestBase64Encoded, /* Base64 encoded ASCII */
- bltestBinary, /* straight binary */
- bltestHexSpaceDelim, /* 0x12 0x34 0xab 0xCD ... */
- bltestHexStream /* 1234abCD ... */
+ bltestBase64Encoded, /* Base64 encoded ASCII */
+ bltestBinary, /* straight binary */
+ bltestHexSpaceDelim, /* 0x12 0x34 0xab 0xCD ... */
+ bltestHexStream /* 1234abCD ... */
} bltestIOMode;
typedef struct
{
- SECItem buf;
- SECItem pBuf;
- bltestIOMode mode;
- PRFileDesc* file;
+ SECItem buf;
+ SECItem pBuf;
+ bltestIOMode mode;
+ PRFileDesc *file;
} bltestIO;
-typedef SECStatus (* bltestSymmCipherFn)(void *cx,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
-
-typedef SECStatus (* bltestAEADFn)(void *cx,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- const unsigned char *nonce,
- unsigned int nonceLen,
- const unsigned char *ad,
- unsigned int adLen);
-
-typedef SECStatus (* bltestPubKeyCipherFn)(void *key,
- SECItem *output,
- const SECItem *input);
-
-typedef SECStatus (* bltestHashCipherFn)(unsigned char *dest,
- const unsigned char *src,
- PRUint32 src_length);
+typedef SECStatus (*bltestSymmCipherFn)(void *cx,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
+
+typedef SECStatus (*bltestAEADFn)(void *cx,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ const unsigned char *nonce,
+ unsigned int nonceLen,
+ const unsigned char *ad,
+ unsigned int adLen);
+
+typedef SECStatus (*bltestPubKeyCipherFn)(void *key,
+ SECItem *output,
+ const SECItem *input);
+
+typedef SECStatus (*bltestHashCipherFn)(unsigned char *dest,
+ const unsigned char *src,
+ PRUint32 src_length);
/* Note: Algorithms are grouped in order to support is_symmkeyCipher /
* is_pubkeyCipher / is_hashCipher / is_sigCipher
*/
typedef enum {
bltestINVALID = -1,
- bltestDES_ECB, /* Symmetric Key Ciphers */
- bltestDES_CBC, /* . */
- bltestDES_EDE_ECB, /* . */
- bltestDES_EDE_CBC, /* . */
- bltestRC2_ECB, /* . */
- bltestRC2_CBC, /* . */
- bltestRC4, /* . */
+ bltestDES_ECB, /* Symmetric Key Ciphers */
+ bltestDES_CBC, /* . */
+ bltestDES_EDE_ECB, /* . */
+ bltestDES_EDE_CBC, /* . */
+ bltestRC2_ECB, /* . */
+ bltestRC2_CBC, /* . */
+ bltestRC4, /* . */
#ifdef NSS_SOFTOKEN_DOES_RC5
- bltestRC5_ECB, /* . */
- bltestRC5_CBC, /* . */
+ bltestRC5_ECB, /* . */
+ bltestRC5_CBC, /* . */
#endif
- bltestAES_ECB, /* . */
- bltestAES_CBC, /* . */
- bltestAES_CTS, /* . */
- bltestAES_CTR, /* . */
- bltestAES_GCM, /* . */
- bltestCAMELLIA_ECB, /* . */
- bltestCAMELLIA_CBC, /* . */
- bltestSEED_ECB, /* SEED algorithm */
- bltestSEED_CBC, /* SEED algorithm */
- bltestCHACHA20, /* ChaCha20 + Poly1305 */
- bltestRSA, /* Public Key Ciphers */
- bltestRSA_OAEP, /* . (Public Key Enc.) */
- bltestRSA_PSS, /* . (Public Key Sig.) */
+ bltestAES_ECB, /* . */
+ bltestAES_CBC, /* . */
+ bltestAES_CTS, /* . */
+ bltestAES_CTR, /* . */
+ bltestAES_GCM, /* . */
+ bltestCAMELLIA_ECB, /* . */
+ bltestCAMELLIA_CBC, /* . */
+ bltestSEED_ECB, /* SEED algorithm */
+ bltestSEED_CBC, /* SEED algorithm */
+ bltestCHACHA20, /* ChaCha20 + Poly1305 */
+ bltestRSA, /* Public Key Ciphers */
+ bltestRSA_OAEP, /* . (Public Key Enc.) */
+ bltestRSA_PSS, /* . (Public Key Sig.) */
#ifndef NSS_DISABLE_ECC
- bltestECDSA, /* . (Public Key Sig.) */
+ bltestECDSA, /* . (Public Key Sig.) */
#endif
- bltestDSA, /* . (Public Key Sig.) */
- bltestMD2, /* Hash algorithms */
- bltestMD5, /* . */
- bltestSHA1, /* . */
- bltestSHA224, /* . */
- bltestSHA256, /* . */
- bltestSHA384, /* . */
- bltestSHA512, /* . */
+ bltestDSA, /* . (Public Key Sig.) */
+ bltestMD2, /* Hash algorithms */
+ bltestMD5, /* . */
+ bltestSHA1, /* . */
+ bltestSHA224, /* . */
+ bltestSHA256, /* . */
+ bltestSHA384, /* . */
+ bltestSHA512, /* . */
NUMMODES
} bltestCipherMode;
static char *mode_strings[] =
-{
- "des_ecb",
- "des_cbc",
- "des3_ecb",
- "des3_cbc",
- "rc2_ecb",
- "rc2_cbc",
- "rc4",
+ {
+ "des_ecb",
+ "des_cbc",
+ "des3_ecb",
+ "des3_cbc",
+ "rc2_ecb",
+ "rc2_cbc",
+ "rc4",
#ifdef NSS_SOFTOKEN_DOES_RC5
- "rc5_ecb",
- "rc5_cbc",
+ "rc5_ecb",
+ "rc5_cbc",
#endif
- "aes_ecb",
- "aes_cbc",
- "aes_cts",
- "aes_ctr",
- "aes_gcm",
- "camellia_ecb",
- "camellia_cbc",
- "seed_ecb",
- "seed_cbc",
- "chacha20_poly1305",
- "rsa",
- "rsa_oaep",
- "rsa_pss",
+ "aes_ecb",
+ "aes_cbc",
+ "aes_cts",
+ "aes_ctr",
+ "aes_gcm",
+ "camellia_ecb",
+ "camellia_cbc",
+ "seed_ecb",
+ "seed_cbc",
+ "chacha20_poly1305",
+ "rsa",
+ "rsa_oaep",
+ "rsa_pss",
#ifndef NSS_DISABLE_ECC
- "ecdsa",
+ "ecdsa",
#endif
- /*"pqg",*/
- "dsa",
- "md2",
- "md5",
- "sha1",
- "sha224",
- "sha256",
- "sha384",
- "sha512",
-};
+ /*"pqg",*/
+ "dsa",
+ "md2",
+ "md5",
+ "sha1",
+ "sha224",
+ "sha256",
+ "sha384",
+ "sha512",
+ };
typedef struct
{
@@ -731,8 +732,8 @@ typedef struct
{
bltestIO key;
bltestIO iv;
- int rounds;
- int wordsize;
+ int rounds;
+ int wordsize;
} bltestRC5Params;
typedef struct
@@ -743,31 +744,31 @@ typedef struct
/* OAEP & PSS */
HASH_HashType hashAlg;
HASH_HashType maskHashAlg;
- bltestIO seed; /* salt if PSS */
+ bltestIO seed; /* salt if PSS */
} bltestRSAParams;
typedef struct
{
- bltestIO pqgdata;
+ bltestIO pqgdata;
unsigned int keysize;
- bltestIO keyseed;
- bltestIO sigseed;
+ bltestIO keyseed;
+ bltestIO sigseed;
PQGParams *pqg;
} bltestDSAParams;
#ifndef NSS_DISABLE_ECC
typedef struct
{
- char *curveName;
- bltestIO sigseed;
+ char *curveName;
+ bltestIO sigseed;
} bltestECDSAParams;
#endif
typedef struct
{
bltestIO key;
- void * privKey;
- void * pubKey;
+ void *privKey;
+ void *pubKey;
bltestIO sig; /* if doing verify, the signature (which may come
* from sigfile. */
@@ -782,27 +783,26 @@ typedef struct
typedef struct
{
- bltestIO key; /* unused */
- PRBool restart;
+ bltestIO key; /* unused */
+ PRBool restart;
} bltestHashParams;
-typedef union
-{
- bltestIO key;
+typedef union {
+ bltestIO key;
bltestSymmKeyParams sk;
bltestAuthSymmKeyParams ask;
- bltestRC5Params rc5;
- bltestAsymKeyParams asymk;
- bltestHashParams hash;
+ bltestRC5Params rc5;
+ bltestAsymKeyParams asymk;
+ bltestHashParams hash;
} bltestParams;
typedef struct bltestCipherInfoStr bltestCipherInfo;
-struct bltestCipherInfoStr {
+struct bltestCipherInfoStr {
PLArenaPool *arena;
/* link to next in multithreaded test */
bltestCipherInfo *next;
- PRThread *cipherThread;
+ PRThread *cipherThread;
/* MonteCarlo test flag*/
PRBool mCarlo;
@@ -814,19 +814,19 @@ struct bltestCipherInfoStr {
/* Cipher-specific parameters */
bltestParams params;
/* Cipher mode */
- bltestCipherMode mode;
+ bltestCipherMode mode;
/* Cipher function (encrypt/decrypt/sign/verify/hash) */
union {
- bltestSymmCipherFn symmkeyCipher;
- bltestAEADFn aeadCipher;
- bltestPubKeyCipherFn pubkeyCipher;
- bltestHashCipherFn hashCipher;
+ bltestSymmCipherFn symmkeyCipher;
+ bltestAEADFn aeadCipher;
+ bltestPubKeyCipherFn pubkeyCipher;
+ bltestHashCipherFn hashCipher;
} cipher;
/* performance testing */
- int repetitionsToPerfom;
- int seconds;
- int repetitions;
- int cxreps;
+ int repetitionsToPerfom;
+ int seconds;
+ int repetitions;
+ int cxreps;
double cxtime;
double optime;
};
@@ -836,7 +836,7 @@ is_symmkeyCipher(bltestCipherMode mode)
{
/* change as needed! */
if (mode >= bltestDES_ECB && mode <= bltestSEED_CBC)
- return PR_TRUE;
+ return PR_TRUE;
return PR_FALSE;
}
@@ -845,10 +845,10 @@ is_aeadCipher(bltestCipherMode mode)
{
/* change as needed! */
switch (mode) {
- case bltestCHACHA20:
- return PR_TRUE;
- default:
- return PR_FALSE;
+ case bltestCHACHA20:
+ return PR_TRUE;
+ default:
+ return PR_FALSE;
}
}
@@ -857,26 +857,25 @@ is_authCipher(bltestCipherMode mode)
{
/* change as needed! */
switch (mode) {
- case bltestAES_GCM:
- case bltestCHACHA20:
- return PR_TRUE;
- default:
- return PR_FALSE;
+ case bltestAES_GCM:
+ case bltestCHACHA20:
+ return PR_TRUE;
+ default:
+ return PR_FALSE;
}
}
-
PRBool
is_singleShotCipher(bltestCipherMode mode)
{
/* change as needed! */
switch (mode) {
- case bltestAES_GCM:
- case bltestAES_CTS:
- case bltestCHACHA20:
- return PR_TRUE;
- default:
- return PR_FALSE;
+ case bltestAES_GCM:
+ case bltestAES_CTS:
+ case bltestCHACHA20:
+ return PR_TRUE;
+ default:
+ return PR_FALSE;
}
}
@@ -885,7 +884,7 @@ is_pubkeyCipher(bltestCipherMode mode)
{
/* change as needed! */
if (mode >= bltestRSA && mode <= bltestDSA)
- return PR_TRUE;
+ return PR_TRUE;
return PR_FALSE;
}
@@ -894,7 +893,7 @@ is_hashCipher(bltestCipherMode mode)
{
/* change as needed! */
if (mode >= bltestMD2 && mode <= bltestSHA512)
- return PR_TRUE;
+ return PR_TRUE;
return PR_FALSE;
}
@@ -903,7 +902,7 @@ is_sigCipher(bltestCipherMode mode)
{
/* change as needed! */
if (mode >= bltestRSA_PSS && mode <= bltestDSA)
- return PR_TRUE;
+ return PR_TRUE;
return PR_FALSE;
}
@@ -912,22 +911,22 @@ cipher_requires_IV(bltestCipherMode mode)
{
/* change as needed! */
switch (mode) {
- case bltestDES_CBC:
- case bltestDES_EDE_CBC:
- case bltestRC2_CBC:
+ case bltestDES_CBC:
+ case bltestDES_EDE_CBC:
+ case bltestRC2_CBC:
#ifdef NSS_SOFTOKEN_DOES_RC5
- case bltestRC5_CBC:
+ case bltestRC5_CBC:
#endif
- case bltestAES_CBC:
- case bltestAES_CTS:
- case bltestAES_CTR:
- case bltestAES_GCM:
- case bltestCAMELLIA_CBC:
- case bltestSEED_CBC:
- case bltestCHACHA20:
- return PR_TRUE;
- default:
- return PR_FALSE;
+ case bltestAES_CBC:
+ case bltestAES_CTS:
+ case bltestAES_CTR:
+ case bltestAES_GCM:
+ case bltestCAMELLIA_CBC:
+ case bltestSEED_CBC:
+ case bltestCHACHA20:
+ return PR_TRUE;
+ default:
+ return PR_FALSE;
}
}
@@ -935,7 +934,7 @@ SECStatus finishIO(bltestIO *output, PRFileDesc *file);
SECStatus
setupIO(PLArenaPool *arena, bltestIO *input, PRFileDesc *file,
- char *str, int numBytes)
+ char *str, int numBytes)
{
SECStatus rv = SECSuccess;
SECItem fileData;
@@ -944,70 +943,76 @@ setupIO(PLArenaPool *arena, bltestIO *input, PRFileDesc *file,
unsigned int i, j;
if (file && (numBytes == 0 || file == PR_STDIN)) {
- /* grabbing data from a file */
- rv = SECU_FileToItem(&fileData, file);
- if (rv != SECSuccess)
- return SECFailure;
- in = &fileData;
+ /* grabbing data from a file */
+ rv = SECU_FileToItem(&fileData, file);
+ if (rv != SECSuccess)
+ return SECFailure;
+ in = &fileData;
} else if (str) {
- /* grabbing data from command line */
- fileData.data = (unsigned char *)str;
- fileData.len = PL_strlen(str);
- in = &fileData;
+ /* grabbing data from command line */
+ fileData.data = (unsigned char *)str;
+ fileData.len = PL_strlen(str);
+ in = &fileData;
} else if (file) {
- /* create nonce */
- SECITEM_AllocItem(arena, &input->buf, numBytes);
- RNG_GenerateGlobalRandomBytes(input->buf.data, numBytes);
- return finishIO(input, file);
+ /* create nonce */
+ SECITEM_AllocItem(arena, &input->buf, numBytes);
+ RNG_GenerateGlobalRandomBytes(input->buf.data, numBytes);
+ return finishIO(input, file);
} else {
- return SECFailure;
+ return SECFailure;
}
switch (input->mode) {
- case bltestBase64Encoded:
- if (in->len == 0) {
- input->buf.data = NULL;
- input->buf.len = 0;
- break;
- }
- rv = atob(in, &input->buf, arena);
- break;
- case bltestBinary:
- if (in->len == 0) {
- input->buf.data = NULL;
- input->buf.len = 0;
- break;
- }
- if (in->data[in->len-1] == '\n') --in->len;
- if (in->data[in->len-1] == '\r') --in->len;
- SECITEM_CopyItem(arena, &input->buf, in);
- break;
- case bltestHexSpaceDelim:
- SECITEM_AllocItem(arena, &input->buf, in->len/5);
- for (i=0, j=0; i<in->len; i+=5, j++) {
- tok = &in->data[i];
- if (tok[0] != '0' || tok[1] != 'x' || tok[4] != ' ')
- /* bad hex token */
- break;
-
- rv = hex_from_2char(&tok[2], input->buf.data + j);
- if (rv)
- break;
- }
- break;
- case bltestHexStream:
- SECITEM_AllocItem(arena, &input->buf, in->len/2);
- for (i=0, j=0; i<in->len; i+=2, j++) {
- tok = &in->data[i];
- rv = hex_from_2char(tok, input->buf.data + j);
- if (rv)
- break;
- }
- break;
+ case bltestBase64Encoded:
+ if (in->len == 0) {
+ input->buf.data = NULL;
+ input->buf.len = 0;
+ break;
+ }
+ rv = atob(in, &input->buf, arena);
+ break;
+ case bltestBinary:
+ if (in->len == 0) {
+ input->buf.data = NULL;
+ input->buf.len = 0;
+ break;
+ }
+ if (in->data[in->len - 1] == '\n')
+ --in->len;
+ if (in->data[in->len - 1] == '\r')
+ --in->len;
+ SECITEM_CopyItem(arena, &input->buf, in);
+ break;
+ case bltestHexSpaceDelim:
+ SECITEM_AllocItem(arena, &input->buf, in->len / 5);
+ for (i = 0, j = 0; i <
+ in->len;
+ i += 5, j++) {
+ tok = &in->data[i];
+ if (tok[0] != '0' || tok[1] != 'x' || tok[4] != ' ')
+ /* bad hex token */
+ break;
+
+ rv = hex_from_2char(&tok[2], input->buf.data + j);
+ if (rv)
+ break;
+ }
+ break;
+ case bltestHexStream:
+ SECITEM_AllocItem(arena, &input->buf, in->len / 2);
+ for (i = 0, j = 0; i <
+ in->len;
+ i += 2, j++) {
+ tok = &in->data[i];
+ rv = hex_from_2char(tok, input->buf.data + j);
+ if (rv)
+ break;
+ }
+ break;
}
if (file)
- SECITEM_FreeItem(&fileData, PR_FALSE);
+ SECITEM_FreeItem(&fileData, PR_FALSE);
return rv;
}
@@ -1021,41 +1026,41 @@ finishIO(bltestIO *output, PRFileDesc *file)
char hexstr[5];
unsigned int i;
if (output->pBuf.len > 0) {
- it = &output->pBuf;
+ it = &output->pBuf;
} else {
- it = &output->buf;
+ it = &output->buf;
}
switch (output->mode) {
- case bltestBase64Encoded:
- rv = btoa_file(it, file);
- break;
- case bltestBinary:
- nb = PR_Write(file, it->data, it->len);
- rv = (nb == (PRInt32)it->len) ? SECSuccess : SECFailure;
- break;
- case bltestHexSpaceDelim:
- hexstr[0] = '0';
- hexstr[1] = 'x';
- hexstr[4] = ' ';
- for (i=0; i<it->len; i++) {
- byteval = it->data[i];
- rv = char2_from_hex(byteval, hexstr + 2);
- nb = PR_Write(file, hexstr, 5);
- if (rv)
- break;
- }
- PR_Write(file, "\n", 1);
- break;
- case bltestHexStream:
- for (i=0; i<it->len; i++) {
- byteval = it->data[i];
- rv = char2_from_hex(byteval, hexstr);
- if (rv)
- break;
- nb = PR_Write(file, hexstr, 2);
- }
- PR_Write(file, "\n", 1);
- break;
+ case bltestBase64Encoded:
+ rv = btoa_file(it, file);
+ break;
+ case bltestBinary:
+ nb = PR_Write(file, it->data, it->len);
+ rv = (nb == (PRInt32)it->len) ? SECSuccess : SECFailure;
+ break;
+ case bltestHexSpaceDelim:
+ hexstr[0] = '0';
+ hexstr[1] = 'x';
+ hexstr[4] = ' ';
+ for (i = 0; i < it->len; i++) {
+ byteval = it->data[i];
+ rv = char2_from_hex(byteval, hexstr + 2);
+ nb = PR_Write(file, hexstr, 5);
+ if (rv)
+ break;
+ }
+ PR_Write(file, "\n", 1);
+ break;
+ case bltestHexStream:
+ for (i = 0; i < it->len; i++) {
+ byteval = it->data[i];
+ rv = char2_from_hex(byteval, hexstr);
+ if (rv)
+ break;
+ nb = PR_Write(file, hexstr, 2);
+ }
+ PR_Write(file, "\n", 1);
+ break;
}
return rv;
}
@@ -1065,8 +1070,8 @@ bltestCopyIO(PLArenaPool *arena, bltestIO *dest, bltestIO *src)
{
SECITEM_CopyItem(arena, &dest->buf, &src->buf);
if (src->pBuf.len > 0) {
- dest->pBuf.len = src->pBuf.len;
- dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data);
+ dest->pBuf.len = src->pBuf.len;
+ dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data);
}
dest->mode = src->mode;
dest->file = src->file;
@@ -1078,20 +1083,20 @@ misalignBuffer(PLArenaPool *arena, bltestIO *io, int off)
ptrdiff_t offset = (ptrdiff_t)io->buf.data % WORDSIZE;
int length = io->buf.len;
if (offset != off) {
- SECITEM_ReallocItemV2(arena, &io->buf, length + 2*WORDSIZE);
- /* offset may have changed? */
- offset = (ptrdiff_t)io->buf.data % WORDSIZE;
- if (offset != off) {
- memmove(io->buf.data + off, io->buf.data, length);
- io->pBuf.data = io->buf.data + off;
- io->pBuf.len = length;
- } else {
- io->pBuf.data = io->buf.data;
- io->pBuf.len = length;
- }
+ SECITEM_ReallocItemV2(arena, &io->buf, length + 2 * WORDSIZE);
+ /* offset may have changed? */
+ offset = (ptrdiff_t)io->buf.data % WORDSIZE;
+ if (offset != off) {
+ memmove(io->buf.data + off, io->buf.data, length);
+ io->pBuf.data = io->buf.data + off;
+ io->pBuf.len = length;
+ } else {
+ io->pBuf.data = io->buf.data;
+ io->pBuf.len = length;
+ }
} else {
- io->pBuf.data = io->buf.data;
- io->pBuf.len = length;
+ io->pBuf.data = io->buf.data;
+ io->pBuf.len = length;
}
}
@@ -1169,10 +1174,10 @@ aes_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
SECStatus
chacha20_poly1305_Encrypt(void *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen,
- const unsigned char *nonce, unsigned int nonceLen,
- const unsigned char *ad, unsigned int adLen)
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen,
+ const unsigned char *nonce, unsigned int nonceLen,
+ const unsigned char *ad, unsigned int adLen)
{
return ChaCha20Poly1305_Seal((ChaCha20Poly1305Context *)cx, output,
outputLen, maxOutputLen, input, inputLen,
@@ -1181,10 +1186,10 @@ chacha20_poly1305_Encrypt(void *cx, unsigned char *output,
SECStatus
chacha20_poly1305_Decrypt(void *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen,
- const unsigned char *nonce, unsigned int nonceLen,
- const unsigned char *ad, unsigned int adLen)
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen,
+ const unsigned char *nonce, unsigned int nonceLen,
+ const unsigned char *ad, unsigned int adLen)
{
return ChaCha20Poly1305_Open((ChaCha20Poly1305Context *)cx, output,
outputLen, maxOutputLen, input, inputLen,
@@ -1193,40 +1198,40 @@ chacha20_poly1305_Decrypt(void *cx, unsigned char *output,
SECStatus
camellia_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
return Camellia_Encrypt((CamelliaContext *)cx, output, outputLen,
- maxOutputLen,
- input, inputLen);
+ maxOutputLen,
+ input, inputLen);
}
SECStatus
camellia_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
return Camellia_Decrypt((CamelliaContext *)cx, output, outputLen,
- maxOutputLen,
- input, inputLen);
+ maxOutputLen,
+ input, inputLen);
}
SECStatus
seed_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
return SEED_Encrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
- input, inputLen);
+ input, inputLen);
}
SECStatus
seed_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
return SEED_Decrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
- input, inputLen);
+ input, inputLen);
}
SECStatus
@@ -1237,7 +1242,7 @@ rsa_PublicKeyOp(void *cx, SECItem *output, const SECItem *input)
SECStatus rv = RSA_PublicKeyOp(pubKey, output->data, input->data);
if (rv == SECSuccess) {
output->len = pubKey->modulus.data[0] ? pubKey->modulus.len :
- pubKey->modulus.len - 1;
+ pubKey->modulus.len - 1;
}
return rv;
}
@@ -1250,7 +1255,7 @@ rsa_PrivateKeyOp(void *cx, SECItem *output, const SECItem *input)
SECStatus rv = RSA_PrivateKeyOp(privKey, output->data, input->data);
if (rv == SECSuccess) {
output->len = privKey->modulus.data[0] ? privKey->modulus.len :
- privKey->modulus.len - 1;
+ privKey->modulus.len - 1;
}
return rv;
}
@@ -1336,10 +1341,10 @@ ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input)
bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
if (params->cipherParams.ecdsa.sigseed.buf.len > 0) {
return ECDSA_SignDigestWithSeed(
- (ECPrivateKey *)params->privKey,
- output, input,
- params->cipherParams.ecdsa.sigseed.buf.data,
- params->cipherParams.ecdsa.sigseed.buf.len);
+ (ECPrivateKey *)params->privKey,
+ output, input,
+ params->cipherParams.ecdsa.sigseed.buf.data,
+ params->cipherParams.ecdsa.sigseed.buf.len);
}
return ECDSA_SignDigest((ECPrivateKey *)params->privKey, output, input);
}
@@ -1360,35 +1365,43 @@ bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
int minorMode;
int i;
switch (cipherInfo->mode) {
- case bltestDES_ECB: minorMode = NSS_DES; break;
- case bltestDES_CBC: minorMode = NSS_DES_CBC; break;
- case bltestDES_EDE_ECB: minorMode = NSS_DES_EDE3; break;
- case bltestDES_EDE_CBC: minorMode = NSS_DES_EDE3_CBC; break;
- default:
- return SECFailure;
+ case bltestDES_ECB:
+ minorMode = NSS_DES;
+ break;
+ case bltestDES_CBC:
+ minorMode = NSS_DES_CBC;
+ break;
+ case bltestDES_EDE_ECB:
+ minorMode = NSS_DES_EDE3;
+ break;
+ case bltestDES_EDE_CBC:
+ minorMode = NSS_DES_EDE3_CBC;
+ break;
+ default:
+ return SECFailure;
}
- cipherInfo->cx = (void*)DES_CreateContext(desp->key.buf.data,
- desp->iv.buf.data,
- minorMode, encrypt);
+ cipherInfo->cx = (void *)DES_CreateContext(desp->key.buf.data,
+ desp->iv.buf.data,
+ minorMode, encrypt);
if (cipherInfo->cxreps > 0) {
- DESContext **dummycx;
- dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(DESContext *));
- TIMESTART();
- for (i=0; i<cipherInfo->cxreps; i++) {
- dummycx[i] = (void*)DES_CreateContext(desp->key.buf.data,
- desp->iv.buf.data,
- minorMode, encrypt);
- }
- TIMEFINISH(cipherInfo->cxtime, 1.0);
- for (i=0; i<cipherInfo->cxreps; i++) {
- DES_DestroyContext(dummycx[i], PR_TRUE);
- }
- PORT_Free(dummycx);
+ DESContext **dummycx;
+ dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(DESContext *));
+ TIMESTART();
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ dummycx[i] = (void *)DES_CreateContext(desp->key.buf.data,
+ desp->iv.buf.data,
+ minorMode, encrypt);
+ }
+ TIMEFINISH(cipherInfo->cxtime, 1.0);
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ DES_DestroyContext(dummycx[i], PR_TRUE);
+ }
+ PORT_Free(dummycx);
}
if (encrypt)
- cipherInfo->cipher.symmkeyCipher = des_Encrypt;
+ cipherInfo->cipher.symmkeyCipher = des_Encrypt;
else
- cipherInfo->cipher.symmkeyCipher = des_Decrypt;
+ cipherInfo->cipher.symmkeyCipher = des_Decrypt;
return SECSuccess;
}
@@ -1400,37 +1413,41 @@ bltest_rc2_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
int minorMode;
int i;
switch (cipherInfo->mode) {
- case bltestRC2_ECB: minorMode = NSS_RC2; break;
- case bltestRC2_CBC: minorMode = NSS_RC2_CBC; break;
- default:
- return SECFailure;
+ case bltestRC2_ECB:
+ minorMode = NSS_RC2;
+ break;
+ case bltestRC2_CBC:
+ minorMode = NSS_RC2_CBC;
+ break;
+ default:
+ return SECFailure;
}
- cipherInfo->cx = (void*)RC2_CreateContext(rc2p->key.buf.data,
- rc2p->key.buf.len,
- rc2p->iv.buf.data,
- minorMode,
- rc2p->key.buf.len);
+ cipherInfo->cx = (void *)RC2_CreateContext(rc2p->key.buf.data,
+ rc2p->key.buf.len,
+ rc2p->iv.buf.data,
+ minorMode,
+ rc2p->key.buf.len);
if (cipherInfo->cxreps > 0) {
- RC2Context **dummycx;
- dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC2Context *));
- TIMESTART();
- for (i=0; i<cipherInfo->cxreps; i++) {
- dummycx[i] = (void*)RC2_CreateContext(rc2p->key.buf.data,
- rc2p->key.buf.len,
- rc2p->iv.buf.data,
- minorMode,
- rc2p->key.buf.len);
- }
- TIMEFINISH(cipherInfo->cxtime, 1.0);
- for (i=0; i<cipherInfo->cxreps; i++) {
- RC2_DestroyContext(dummycx[i], PR_TRUE);
- }
- PORT_Free(dummycx);
+ RC2Context **dummycx;
+ dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC2Context *));
+ TIMESTART();
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ dummycx[i] = (void *)RC2_CreateContext(rc2p->key.buf.data,
+ rc2p->key.buf.len,
+ rc2p->iv.buf.data,
+ minorMode,
+ rc2p->key.buf.len);
+ }
+ TIMEFINISH(cipherInfo->cxtime, 1.0);
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ RC2_DestroyContext(dummycx[i], PR_TRUE);
+ }
+ PORT_Free(dummycx);
}
if (encrypt)
- cipherInfo->cipher.symmkeyCipher = rc2_Encrypt;
+ cipherInfo->cipher.symmkeyCipher = rc2_Encrypt;
else
- cipherInfo->cipher.symmkeyCipher = rc2_Decrypt;
+ cipherInfo->cipher.symmkeyCipher = rc2_Decrypt;
return SECSuccess;
}
@@ -1440,26 +1457,26 @@ bltest_rc4_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
PRIntervalTime time1, time2;
int i;
bltestSymmKeyParams *rc4p = &cipherInfo->params.sk;
- cipherInfo->cx = (void*)RC4_CreateContext(rc4p->key.buf.data,
- rc4p->key.buf.len);
+ cipherInfo->cx = (void *)RC4_CreateContext(rc4p->key.buf.data,
+ rc4p->key.buf.len);
if (cipherInfo->cxreps > 0) {
- RC4Context **dummycx;
- dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC4Context *));
- TIMESTART();
- for (i=0; i<cipherInfo->cxreps; i++) {
- dummycx[i] = (void*)RC4_CreateContext(rc4p->key.buf.data,
- rc4p->key.buf.len);
- }
- TIMEFINISH(cipherInfo->cxtime, 1.0);
- for (i=0; i<cipherInfo->cxreps; i++) {
- RC4_DestroyContext(dummycx[i], PR_TRUE);
- }
- PORT_Free(dummycx);
+ RC4Context **dummycx;
+ dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC4Context *));
+ TIMESTART();
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ dummycx[i] = (void *)RC4_CreateContext(rc4p->key.buf.data,
+ rc4p->key.buf.len);
+ }
+ TIMEFINISH(cipherInfo->cxtime, 1.0);
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ RC4_DestroyContext(dummycx[i], PR_TRUE);
+ }
+ PORT_Free(dummycx);
}
if (encrypt)
- cipherInfo->cipher.symmkeyCipher = rc4_Encrypt;
+ cipherInfo->cipher.symmkeyCipher = rc4_Encrypt;
else
- cipherInfo->cipher.symmkeyCipher = rc4_Decrypt;
+ cipherInfo->cipher.symmkeyCipher = rc4_Decrypt;
return SECSuccess;
}
@@ -1471,20 +1488,24 @@ bltest_rc5_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
bltestRC5Params *rc5p = &cipherInfo->params.rc5;
int minorMode;
switch (cipherInfo->mode) {
- case bltestRC5_ECB: minorMode = NSS_RC5; break;
- case bltestRC5_CBC: minorMode = NSS_RC5_CBC; break;
- default:
- return SECFailure;
+ case bltestRC5_ECB:
+ minorMode = NSS_RC5;
+ break;
+ case bltestRC5_CBC:
+ minorMode = NSS_RC5_CBC;
+ break;
+ default:
+ return SECFailure;
}
TIMESTART();
- cipherInfo->cx = (void*)RC5_CreateContext(&rc5p->key.buf,
- rc5p->rounds, rc5p->wordsize,
- rc5p->iv.buf.data, minorMode);
+ cipherInfo->cx = (void *)RC5_CreateContext(&rc5p->key.buf,
+ rc5p->rounds, rc5p->wordsize,
+ rc5p->iv.buf.data, minorMode);
TIMEFINISH(cipherInfo->cxtime, 1.0);
if (encrypt)
- cipherInfo->cipher.symmkeyCipher = RC5_Encrypt;
+ cipherInfo->cipher.symmkeyCipher = RC5_Encrypt;
else
- cipherInfo->cipher.symmkeyCipher = RC5_Decrypt;
+ cipherInfo->cipher.symmkeyCipher = RC5_Decrypt;
return SECSuccess;
#else
return SECFailure;
@@ -1498,7 +1519,7 @@ bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
bltestAuthSymmKeyParams *gcmp = &cipherInfo->params.ask;
int minorMode;
int i;
- int keylen = aesp->key.buf.len;
+ int keylen = aesp->key.buf.len;
unsigned int blocklen = AES_BLOCK_SIZE;
PRIntervalTime time1, time2;
unsigned char *params;
@@ -1508,53 +1529,59 @@ bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
params = aesp->iv.buf.data;
switch (cipherInfo->mode) {
- case bltestAES_ECB: minorMode = NSS_AES; break;
- case bltestAES_CBC: minorMode = NSS_AES_CBC; break;
- case bltestAES_CTS: minorMode = NSS_AES_CTS; break;
- case bltestAES_CTR:
- minorMode = NSS_AES_CTR;
- ctrParams.ulCounterBits = 32;
- len = PR_MIN(aesp->iv.buf.len, blocklen);
- PORT_Memset(ctrParams.cb, 0, blocklen);
- PORT_Memcpy(ctrParams.cb, aesp->iv.buf.data, len);
- params = (unsigned char *)&ctrParams;
- break;
- case bltestAES_GCM:
- minorMode = NSS_AES_GCM;
- gcmParams.pIv = gcmp->sk.iv.buf.data;
- gcmParams.ulIvLen = gcmp->sk.iv.buf.len;
- gcmParams.pAAD = gcmp->aad.buf.data;
- gcmParams.ulAADLen = gcmp->aad.buf.len;
- gcmParams.ulTagBits = blocklen*8;
- params = (unsigned char *)&gcmParams;
- break;
- default:
- return SECFailure;
+ case bltestAES_ECB:
+ minorMode = NSS_AES;
+ break;
+ case bltestAES_CBC:
+ minorMode = NSS_AES_CBC;
+ break;
+ case bltestAES_CTS:
+ minorMode = NSS_AES_CTS;
+ break;
+ case bltestAES_CTR:
+ minorMode = NSS_AES_CTR;
+ ctrParams.ulCounterBits = 32;
+ len = PR_MIN(aesp->iv.buf.len, blocklen);
+ PORT_Memset(ctrParams.cb, 0, blocklen);
+ PORT_Memcpy(ctrParams.cb, aesp->iv.buf.data, len);
+ params = (unsigned char *)&ctrParams;
+ break;
+ case bltestAES_GCM:
+ minorMode = NSS_AES_GCM;
+ gcmParams.pIv = gcmp->sk.iv.buf.data;
+ gcmParams.ulIvLen = gcmp->sk.iv.buf.len;
+ gcmParams.pAAD = gcmp->aad.buf.data;
+ gcmParams.ulAADLen = gcmp->aad.buf.len;
+ gcmParams.ulTagBits = blocklen * 8;
+ params = (unsigned char *)&gcmParams;
+ break;
+ default:
+ return SECFailure;
}
- cipherInfo->cx = (void*)AES_CreateContext(aesp->key.buf.data,
- params,
- minorMode, encrypt,
- keylen, blocklen);
+ cipherInfo->cx = (void *)AES_CreateContext(aesp->key.buf.data,
+ params,
+ minorMode, encrypt,
+ keylen, blocklen);
if (cipherInfo->cxreps > 0) {
- AESContext **dummycx;
- dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(AESContext *));
- TIMESTART();
- for (i=0; i<cipherInfo->cxreps; i++) {
- dummycx[i] = (void*)AES_CreateContext(aesp->key.buf.data,
- params,
- minorMode, encrypt,
- keylen, blocklen);
- }
- TIMEFINISH(cipherInfo->cxtime, 1.0);
- for (i=0; i<cipherInfo->cxreps; i++) {
- AES_DestroyContext(dummycx[i], PR_TRUE);
- }
- PORT_Free(dummycx);
+ AESContext **dummycx;
+ dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(AESContext *));
+ TIMESTART();
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ dummycx[i] = (void *)AES_CreateContext(aesp->key.buf.data,
+ params,
+ minorMode, encrypt,
+ keylen, blocklen);
+ }
+ TIMEFINISH(cipherInfo->cxtime, 1.0);
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ AES_DestroyContext(dummycx[i], PR_TRUE);
+ }
+ PORT_Free(dummycx);
}
if (encrypt)
- cipherInfo->cipher.symmkeyCipher = aes_Encrypt;
+ cipherInfo->cipher.symmkeyCipher = aes_Encrypt;
else
- cipherInfo->cipher.symmkeyCipher = aes_Decrypt;
+ cipherInfo->cipher.symmkeyCipher = aes_Decrypt;
return SECSuccess;
}
@@ -1564,39 +1591,43 @@ bltest_camellia_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
bltestSymmKeyParams *camelliap = &cipherInfo->params.sk;
int minorMode;
int i;
- int keylen = camelliap->key.buf.len;
+ int keylen = camelliap->key.buf.len;
PRIntervalTime time1, time2;
-
+
switch (cipherInfo->mode) {
- case bltestCAMELLIA_ECB: minorMode = NSS_CAMELLIA; break;
- case bltestCAMELLIA_CBC: minorMode = NSS_CAMELLIA_CBC; break;
- default:
- return SECFailure;
+ case bltestCAMELLIA_ECB:
+ minorMode = NSS_CAMELLIA;
+ break;
+ case bltestCAMELLIA_CBC:
+ minorMode = NSS_CAMELLIA_CBC;
+ break;
+ default:
+ return SECFailure;
}
- cipherInfo->cx = (void*)Camellia_CreateContext(camelliap->key.buf.data,
- camelliap->iv.buf.data,
- minorMode, encrypt,
- keylen);
+ cipherInfo->cx = (void *)Camellia_CreateContext(camelliap->key.buf.data,
+ camelliap->iv.buf.data,
+ minorMode, encrypt,
+ keylen);
if (cipherInfo->cxreps > 0) {
- CamelliaContext **dummycx;
- dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(CamelliaContext *));
- TIMESTART();
- for (i=0; i<cipherInfo->cxreps; i++) {
- dummycx[i] = (void*)Camellia_CreateContext(camelliap->key.buf.data,
- camelliap->iv.buf.data,
- minorMode, encrypt,
- keylen);
- }
- TIMEFINISH(cipherInfo->cxtime, 1.0);
- for (i=0; i<cipherInfo->cxreps; i++) {
- Camellia_DestroyContext(dummycx[i], PR_TRUE);
- }
- PORT_Free(dummycx);
+ CamelliaContext **dummycx;
+ dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(CamelliaContext *));
+ TIMESTART();
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ dummycx[i] = (void *)Camellia_CreateContext(camelliap->key.buf.data,
+ camelliap->iv.buf.data,
+ minorMode, encrypt,
+ keylen);
+ }
+ TIMEFINISH(cipherInfo->cxtime, 1.0);
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ Camellia_DestroyContext(dummycx[i], PR_TRUE);
+ }
+ PORT_Free(dummycx);
}
if (encrypt)
- cipherInfo->cipher.symmkeyCipher = camellia_Encrypt;
+ cipherInfo->cipher.symmkeyCipher = camellia_Encrypt;
else
- cipherInfo->cipher.symmkeyCipher = camellia_Decrypt;
+ cipherInfo->cipher.symmkeyCipher = camellia_Decrypt;
return SECSuccess;
}
@@ -1609,35 +1640,39 @@ bltest_seed_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
int i;
switch (cipherInfo->mode) {
- case bltestSEED_ECB: minorMode = NSS_SEED; break;
- case bltestSEED_CBC: minorMode = NSS_SEED_CBC; break;
- default:
- return SECFailure;
+ case bltestSEED_ECB:
+ minorMode = NSS_SEED;
+ break;
+ case bltestSEED_CBC:
+ minorMode = NSS_SEED_CBC;
+ break;
+ default:
+ return SECFailure;
}
- cipherInfo->cx = (void*)SEED_CreateContext(seedp->key.buf.data,
- seedp->iv.buf.data,
- minorMode, encrypt);
+ cipherInfo->cx = (void *)SEED_CreateContext(seedp->key.buf.data,
+ seedp->iv.buf.data,
+ minorMode, encrypt);
if (cipherInfo->cxreps > 0) {
- SEEDContext **dummycx;
- dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(SEEDContext *));
- TIMESTART();
- for (i=0; i<cipherInfo->cxreps; i++) {
- dummycx[i] = (void*)SEED_CreateContext(seedp->key.buf.data,
- seedp->iv.buf.data,
- minorMode, encrypt);
- }
- TIMEFINISH(cipherInfo->cxtime, 1.0);
- for (i=0; i<cipherInfo->cxreps; i++) {
- SEED_DestroyContext(dummycx[i], PR_TRUE);
- }
- PORT_Free(dummycx);
+ SEEDContext **dummycx;
+ dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(SEEDContext *));
+ TIMESTART();
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ dummycx[i] = (void *)SEED_CreateContext(seedp->key.buf.data,
+ seedp->iv.buf.data,
+ minorMode, encrypt);
+ }
+ TIMEFINISH(cipherInfo->cxtime, 1.0);
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ SEED_DestroyContext(dummycx[i], PR_TRUE);
+ }
+ PORT_Free(dummycx);
}
if (encrypt)
- cipherInfo->cipher.symmkeyCipher = seed_Encrypt;
+ cipherInfo->cipher.symmkeyCipher = seed_Encrypt;
else
- cipherInfo->cipher.symmkeyCipher = seed_Decrypt;
-
- return SECSuccess;
+ cipherInfo->cipher.symmkeyCipher = seed_Decrypt;
+
+ return SECSuccess;
}
SECStatus
@@ -1649,9 +1684,9 @@ bltest_chacha20_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
sk->key.buf.len, tagLen);
if (encrypt)
- cipherInfo->cipher.aeadCipher = chacha20_poly1305_Encrypt;
+ cipherInfo->cipher.aeadCipher = chacha20_poly1305_Encrypt;
else
- cipherInfo->cipher.aeadCipher = chacha20_poly1305_Decrypt;
+ cipherInfo->cipher.aeadCipher = chacha20_poly1305_Decrypt;
return SECSuccess;
}
@@ -1673,32 +1708,32 @@ bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
/* For performance testing */
if (cipherInfo->cxreps > 0) {
- /* Create space for n private key objects */
- dummyKey = (RSAPrivateKey **)PORT_Alloc(cipherInfo->cxreps *
- sizeof(RSAPrivateKey *));
- /* Time n keygens, storing in the array */
- TIMESTART();
- for (i=0; i<cipherInfo->cxreps; i++)
- dummyKey[i] = RSA_NewKey(rsap->keysizeInBits,
- &privKey->publicExponent);
- TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
- /* Free the n key objects */
- for (i=0; i<cipherInfo->cxreps; i++)
- PORT_FreeArena(dummyKey[i]->arena, PR_TRUE);
- PORT_Free(dummyKey);
+ /* Create space for n private key objects */
+ dummyKey = (RSAPrivateKey **)PORT_Alloc(cipherInfo->cxreps *
+ sizeof(RSAPrivateKey *));
+ /* Time n keygens, storing in the array */
+ TIMESTART();
+ for (i = 0; i < cipherInfo->cxreps; i++)
+ dummyKey[i] = RSA_NewKey(rsap->keysizeInBits,
+ &privKey->publicExponent);
+ TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
+ /* Free the n key objects */
+ for (i = 0; i < cipherInfo->cxreps; i++)
+ PORT_FreeArena(dummyKey[i]->arena, PR_TRUE);
+ PORT_Free(dummyKey);
}
if ((encrypt && !is_sigCipher(cipherInfo->mode)) ||
(!encrypt && is_sigCipher(cipherInfo->mode))) {
- /* Have to convert private key to public key. Memory
- * is freed with private key's arena */
- pubKey = (RSAPublicKey *)PORT_ArenaAlloc(privKey->arena,
- sizeof(RSAPublicKey));
- pubKey->modulus.len = privKey->modulus.len;
- pubKey->modulus.data = privKey->modulus.data;
- pubKey->publicExponent.len = privKey->publicExponent.len;
- pubKey->publicExponent.data = privKey->publicExponent.data;
- asymk->pubKey = (void *)pubKey;
+ /* Have to convert private key to public key. Memory
+ * is freed with private key's arena */
+ pubKey = (RSAPublicKey *)PORT_ArenaAlloc(privKey->arena,
+ sizeof(RSAPublicKey));
+ pubKey->modulus.len = privKey->modulus.len;
+ pubKey->modulus.data = privKey->modulus.data;
+ pubKey->publicExponent.len = privKey->publicExponent.len;
+ pubKey->publicExponent.data = privKey->publicExponent.data;
+ asymk->pubKey = (void *)pubKey;
}
switch (cipherInfo->mode) {
case bltestRSA:
@@ -1723,8 +1758,8 @@ SECStatus
blapi_pqg_param_gen(unsigned int keysize, PQGParams **pqg, PQGVerify **vfy)
{
if (keysize < 1024) {
- int j = PQG_PBITS_TO_INDEX(keysize);
- return PQG_ParamGen(j, pqg, vfy);
+ int j = PQG_PBITS_TO_INDEX(keysize);
+ return PQG_ParamGen(j, pqg, vfy);
}
return PQG_ParamGenV2(keysize, 0, 0, pqg, vfy);
}
@@ -1755,47 +1790,47 @@ bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
cipherInfo->cx = asymk;
/* For performance testing */
if (cipherInfo->cxreps > 0) {
- /* Create space for n private key objects */
- dummyKey = (DSAPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
- sizeof(DSAPrivateKey *));
- /* Time n keygens, storing in the array */
- TIMESTART();
- for (i=0; i<cipherInfo->cxreps; i++) {
- dummypqg = NULL;
- blapi_pqg_param_gen(dsap->keysize, &dummypqg, &ignore);
- DSA_NewKey(dummypqg, &dummyKey[i]);
- }
- TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
- /* Free the n key objects */
- for (i=0; i<cipherInfo->cxreps; i++)
- PORT_FreeArena(dummyKey[i]->params.arena, PR_TRUE);
- PORT_Free(dummyKey);
+ /* Create space for n private key objects */
+ dummyKey = (DSAPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
+ sizeof(DSAPrivateKey *));
+ /* Time n keygens, storing in the array */
+ TIMESTART();
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ dummypqg = NULL;
+ blapi_pqg_param_gen(dsap->keysize, &dummypqg, &ignore);
+ DSA_NewKey(dummypqg, &dummyKey[i]);
+ }
+ TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
+ /* Free the n key objects */
+ for (i = 0; i < cipherInfo->cxreps; i++)
+ PORT_FreeArena(dummyKey[i]->params.arena, PR_TRUE);
+ PORT_Free(dummyKey);
}
if (!dsap->pqg && dsap->pqgdata.buf.len > 0) {
- dsap->pqg = pqg_from_filedata(&dsap->pqgdata.buf);
+ dsap->pqg = pqg_from_filedata(&dsap->pqgdata.buf);
}
if (!asymk->privKey && asymk->key.buf.len > 0) {
- asymk->privKey = dsakey_from_filedata(&asymk->key.buf);
+ asymk->privKey = dsakey_from_filedata(&asymk->key.buf);
}
if (encrypt) {
- cipherInfo->cipher.pubkeyCipher = dsa_signDigest;
+ cipherInfo->cipher.pubkeyCipher = dsa_signDigest;
} else {
- /* Have to convert private key to public key. Memory
- * is freed with private key's arena */
- DSAPublicKey *pubkey;
- DSAPrivateKey *key = (DSAPrivateKey *)asymk->privKey;
- pubkey = (DSAPublicKey *)PORT_ArenaZAlloc(key->params.arena,
- sizeof(DSAPublicKey));
- pubkey->params.prime.len = key->params.prime.len;
- pubkey->params.prime.data = key->params.prime.data;
- pubkey->params.subPrime.len = key->params.subPrime.len;
- pubkey->params.subPrime.data = key->params.subPrime.data;
- pubkey->params.base.len = key->params.base.len;
- pubkey->params.base.data = key->params.base.data;
- pubkey->publicValue.len = key->publicValue.len;
- pubkey->publicValue.data = key->publicValue.data;
- asymk->pubKey = pubkey;
- cipherInfo->cipher.pubkeyCipher = dsa_verifyDigest;
+ /* Have to convert private key to public key. Memory
+ * is freed with private key's arena */
+ DSAPublicKey *pubkey;
+ DSAPrivateKey *key = (DSAPrivateKey *)asymk->privKey;
+ pubkey = (DSAPublicKey *)PORT_ArenaZAlloc(key->params.arena,
+ sizeof(DSAPublicKey));
+ pubkey->params.prime.len = key->params.prime.len;
+ pubkey->params.prime.data = key->params.prime.data;
+ pubkey->params.subPrime.len = key->params.subPrime.len;
+ pubkey->params.subPrime.data = key->params.subPrime.data;
+ pubkey->params.base.len = key->params.base.len;
+ pubkey->params.base.data = key->params.base.data;
+ pubkey->publicValue.len = key->publicValue.len;
+ pubkey->publicValue.data = key->publicValue.data;
+ asymk->pubKey = pubkey;
+ cipherInfo->cipher.pubkeyCipher = dsa_verifyDigest;
}
return SECSuccess;
}
@@ -1811,58 +1846,58 @@ bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
cipherInfo->cx = asymk;
/* For performance testing */
if (cipherInfo->cxreps > 0) {
- /* Create space for n private key objects */
- dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
- sizeof(ECPrivateKey *));
- /* Time n keygens, storing in the array */
- TIMESTART();
- for (i=0; i<cipherInfo->cxreps; i++) {
- EC_NewKey(&((ECPrivateKey *)asymk->privKey)->ecParams, &dummyKey[i]);
- }
- TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
- /* Free the n key objects */
- for (i=0; i<cipherInfo->cxreps; i++)
- PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE);
- PORT_Free(dummyKey);
+ /* Create space for n private key objects */
+ dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
+ sizeof(ECPrivateKey *));
+ /* Time n keygens, storing in the array */
+ TIMESTART();
+ for (i = 0; i < cipherInfo->cxreps; i++) {
+ EC_NewKey(&((ECPrivateKey *)asymk->privKey)->ecParams, &dummyKey[i]);
+ }
+ TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
+ /* Free the n key objects */
+ for (i = 0; i < cipherInfo->cxreps; i++)
+ PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE);
+ PORT_Free(dummyKey);
}
if (!asymk->privKey && asymk->key.buf.len > 0) {
asymk->privKey = eckey_from_filedata(&asymk->key.buf);
}
if (encrypt) {
- cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
+ cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
} else {
- /* Have to convert private key to public key. Memory
- * is freed with private key's arena */
- ECPublicKey *pubkey;
- ECPrivateKey *key = (ECPrivateKey *)asymk->privKey;
- pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,
- sizeof(ECPublicKey));
- pubkey->ecParams.type = key->ecParams.type;
- pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size;
- pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type;
- pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len;
- pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data;
- pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1;
- pubkey->ecParams.fieldID.k2 = key->ecParams.fieldID.k2;
- pubkey->ecParams.fieldID.k3 = key->ecParams.fieldID.k3;
- pubkey->ecParams.curve.a.len = key->ecParams.curve.a.len;
- pubkey->ecParams.curve.a.data = key->ecParams.curve.a.data;
- pubkey->ecParams.curve.b.len = key->ecParams.curve.b.len;
- pubkey->ecParams.curve.b.data = key->ecParams.curve.b.data;
- pubkey->ecParams.curve.seed.len = key->ecParams.curve.seed.len;
- pubkey->ecParams.curve.seed.data = key->ecParams.curve.seed.data;
- pubkey->ecParams.base.len = key->ecParams.base.len;
- pubkey->ecParams.base.data = key->ecParams.base.data;
- pubkey->ecParams.order.len = key->ecParams.order.len;
- pubkey->ecParams.order.data = key->ecParams.order.data;
- pubkey->ecParams.cofactor = key->ecParams.cofactor;
- pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len;
- pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data;
- pubkey->ecParams.name= key->ecParams.name;
- pubkey->publicValue.len = key->publicValue.len;
- pubkey->publicValue.data = key->publicValue.data;
- asymk->pubKey = pubkey;
- cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
+ /* Have to convert private key to public key. Memory
+ * is freed with private key's arena */
+ ECPublicKey *pubkey;
+ ECPrivateKey *key = (ECPrivateKey *)asymk->privKey;
+ pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,
+ sizeof(ECPublicKey));
+ pubkey->ecParams.type = key->ecParams.type;
+ pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size;
+ pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type;
+ pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len;
+ pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data;
+ pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1;
+ pubkey->ecParams.fieldID.k2 = key->ecParams.fieldID.k2;
+ pubkey->ecParams.fieldID.k3 = key->ecParams.fieldID.k3;
+ pubkey->ecParams.curve.a.len = key->ecParams.curve.a.len;
+ pubkey->ecParams.curve.a.data = key->ecParams.curve.a.data;
+ pubkey->ecParams.curve.b.len = key->ecParams.curve.b.len;
+ pubkey->ecParams.curve.b.data = key->ecParams.curve.b.data;
+ pubkey->ecParams.curve.seed.len = key->ecParams.curve.seed.len;
+ pubkey->ecParams.curve.seed.data = key->ecParams.curve.seed.data;
+ pubkey->ecParams.base.len = key->ecParams.base.len;
+ pubkey->ecParams.base.data = key->ecParams.base.data;
+ pubkey->ecParams.order.len = key->ecParams.order.len;
+ pubkey->ecParams.order.data = key->ecParams.order.data;
+ pubkey->ecParams.cofactor = key->ecParams.cofactor;
+ pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len;
+ pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data;
+ pubkey->ecParams.name = key->ecParams.name;
+ pubkey->publicValue.len = key->publicValue.len;
+ pubkey->publicValue.data = key->publicValue.data;
+ asymk->pubKey = pubkey;
+ cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
}
return SECSuccess;
}
@@ -1874,7 +1909,8 @@ md2_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
{
unsigned int len;
MD2Context *cx = MD2_NewContext();
- if (cx == NULL) return SECFailure;
+ if (cx == NULL)
+ return SECFailure;
MD2_Begin(cx);
MD2_Update(cx, src, src_length);
MD2_End(cx, dest, &len, MD2_LENGTH);
@@ -1893,26 +1929,26 @@ md2_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
cx = MD2_NewContext();
MD2_Begin(cx);
/* divide message by 4, restarting 3 times */
- quarter = (src_length + 3)/ 4;
- for (i=0; i < 4 && src_length > 0; i++) {
- MD2_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
- len = MD2_FlattenSize(cx);
- cxbytes = PORT_Alloc(len);
- MD2_Flatten(cx, cxbytes);
- cx_cpy = MD2_Resurrect(cxbytes, NULL);
- if (!cx_cpy) {
- PR_fprintf(PR_STDERR, "%s: MD2_Resurrect failed!\n", progName);
- goto finish;
- }
- rv = PORT_Memcmp(cx, cx_cpy, len);
- if (rv) {
- MD2_DestroyContext(cx_cpy, PR_TRUE);
- PR_fprintf(PR_STDERR, "%s: MD2_restart failed!\n", progName);
- goto finish;
- }
- MD2_DestroyContext(cx_cpy, PR_TRUE);
- PORT_Free(cxbytes);
- src_length -= quarter;
+ quarter = (src_length + 3) / 4;
+ for (i = 0; i < 4 && src_length > 0; i++) {
+ MD2_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+ len = MD2_FlattenSize(cx);
+ cxbytes = PORT_Alloc(len);
+ MD2_Flatten(cx, cxbytes);
+ cx_cpy = MD2_Resurrect(cxbytes, NULL);
+ if (!cx_cpy) {
+ PR_fprintf(PR_STDERR, "%s: MD2_Resurrect failed!\n", progName);
+ goto finish;
+ }
+ rv = PORT_Memcmp(cx, cx_cpy, len);
+ if (rv) {
+ MD2_DestroyContext(cx_cpy, PR_TRUE);
+ PR_fprintf(PR_STDERR, "%s: MD2_restart failed!\n", progName);
+ goto finish;
+ }
+ MD2_DestroyContext(cx_cpy, PR_TRUE);
+ PORT_Free(cxbytes);
+ src_length -= quarter;
}
MD2_End(cx, dest, &len, MD2_LENGTH);
finish:
@@ -1931,27 +1967,27 @@ md5_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
cx = MD5_NewContext();
MD5_Begin(cx);
/* divide message by 4, restarting 3 times */
- quarter = (src_length + 3)/ 4;
- for (i=0; i < 4 && src_length > 0; i++) {
- MD5_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
- len = MD5_FlattenSize(cx);
- cxbytes = PORT_Alloc(len);
- MD5_Flatten(cx, cxbytes);
- cx_cpy = MD5_Resurrect(cxbytes, NULL);
- if (!cx_cpy) {
- PR_fprintf(PR_STDERR, "%s: MD5_Resurrect failed!\n", progName);
- rv = SECFailure;
- goto finish;
- }
- rv = PORT_Memcmp(cx, cx_cpy, len);
- if (rv) {
- MD5_DestroyContext(cx_cpy, PR_TRUE);
- PR_fprintf(PR_STDERR, "%s: MD5_restart failed!\n", progName);
- goto finish;
- }
- MD5_DestroyContext(cx_cpy, PR_TRUE);
- PORT_Free(cxbytes);
- src_length -= quarter;
+ quarter = (src_length + 3) / 4;
+ for (i = 0; i < 4 && src_length > 0; i++) {
+ MD5_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+ len = MD5_FlattenSize(cx);
+ cxbytes = PORT_Alloc(len);
+ MD5_Flatten(cx, cxbytes);
+ cx_cpy = MD5_Resurrect(cxbytes, NULL);
+ if (!cx_cpy) {
+ PR_fprintf(PR_STDERR, "%s: MD5_Resurrect failed!\n", progName);
+ rv = SECFailure;
+ goto finish;
+ }
+ rv = PORT_Memcmp(cx, cx_cpy, len);
+ if (rv) {
+ MD5_DestroyContext(cx_cpy, PR_TRUE);
+ PR_fprintf(PR_STDERR, "%s: MD5_restart failed!\n", progName);
+ goto finish;
+ }
+ MD5_DestroyContext(cx_cpy, PR_TRUE);
+ PORT_Free(cxbytes);
+ src_length -= quarter;
}
MD5_End(cx, dest, &len, MD5_LENGTH);
finish:
@@ -1970,27 +2006,27 @@ sha1_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
cx = SHA1_NewContext();
SHA1_Begin(cx);
/* divide message by 4, restarting 3 times */
- quarter = (src_length + 3)/ 4;
- for (i=0; i < 4 && src_length > 0; i++) {
- SHA1_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
- len = SHA1_FlattenSize(cx);
- cxbytes = PORT_Alloc(len);
- SHA1_Flatten(cx, cxbytes);
- cx_cpy = SHA1_Resurrect(cxbytes, NULL);
- if (!cx_cpy) {
- PR_fprintf(PR_STDERR, "%s: SHA1_Resurrect failed!\n", progName);
- rv = SECFailure;
- goto finish;
- }
- rv = PORT_Memcmp(cx, cx_cpy, len);
- if (rv) {
- SHA1_DestroyContext(cx_cpy, PR_TRUE);
- PR_fprintf(PR_STDERR, "%s: SHA1_restart failed!\n", progName);
- goto finish;
- }
- SHA1_DestroyContext(cx_cpy, PR_TRUE);
- PORT_Free(cxbytes);
- src_length -= quarter;
+ quarter = (src_length + 3) / 4;
+ for (i = 0; i < 4 && src_length > 0; i++) {
+ SHA1_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+ len = SHA1_FlattenSize(cx);
+ cxbytes = PORT_Alloc(len);
+ SHA1_Flatten(cx, cxbytes);
+ cx_cpy = SHA1_Resurrect(cxbytes, NULL);
+ if (!cx_cpy) {
+ PR_fprintf(PR_STDERR, "%s: SHA1_Resurrect failed!\n", progName);
+ rv = SECFailure;
+ goto finish;
+ }
+ rv = PORT_Memcmp(cx, cx_cpy, len);
+ if (rv) {
+ SHA1_DestroyContext(cx_cpy, PR_TRUE);
+ PR_fprintf(PR_STDERR, "%s: SHA1_restart failed!\n", progName);
+ goto finish;
+ }
+ SHA1_DestroyContext(cx_cpy, PR_TRUE);
+ PORT_Free(cxbytes);
+ src_length -= quarter;
}
SHA1_End(cx, dest, &len, MD5_LENGTH);
finish:
@@ -2010,27 +2046,27 @@ SHA224_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_lengt
SHA224_Begin(cx);
/* divide message by 4, restarting 3 times */
quarter = (src_length + 3) / 4;
- for (i=0; i < 4 && src_length > 0; i++) {
- SHA224_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
- len = SHA224_FlattenSize(cx);
- cxbytes = PORT_Alloc(len);
- SHA224_Flatten(cx, cxbytes);
- cx_cpy = SHA224_Resurrect(cxbytes, NULL);
- if (!cx_cpy) {
- PR_fprintf(PR_STDERR, "%s: SHA224_Resurrect failed!\n", progName);
- rv = SECFailure;
- goto finish;
- }
- rv = PORT_Memcmp(cx, cx_cpy, len);
- if (rv) {
- SHA224_DestroyContext(cx_cpy, PR_TRUE);
- PR_fprintf(PR_STDERR, "%s: SHA224_restart failed!\n", progName);
- goto finish;
- }
-
- SHA224_DestroyContext(cx_cpy, PR_TRUE);
- PORT_Free(cxbytes);
- src_length -= quarter;
+ for (i = 0; i < 4 && src_length > 0; i++) {
+ SHA224_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+ len = SHA224_FlattenSize(cx);
+ cxbytes = PORT_Alloc(len);
+ SHA224_Flatten(cx, cxbytes);
+ cx_cpy = SHA224_Resurrect(cxbytes, NULL);
+ if (!cx_cpy) {
+ PR_fprintf(PR_STDERR, "%s: SHA224_Resurrect failed!\n", progName);
+ rv = SECFailure;
+ goto finish;
+ }
+ rv = PORT_Memcmp(cx, cx_cpy, len);
+ if (rv) {
+ SHA224_DestroyContext(cx_cpy, PR_TRUE);
+ PR_fprintf(PR_STDERR, "%s: SHA224_restart failed!\n", progName);
+ goto finish;
+ }
+
+ SHA224_DestroyContext(cx_cpy, PR_TRUE);
+ PORT_Free(cxbytes);
+ src_length -= quarter;
}
SHA224_End(cx, dest, &len, MD5_LENGTH);
finish:
@@ -2049,27 +2085,27 @@ SHA256_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_lengt
cx = SHA256_NewContext();
SHA256_Begin(cx);
/* divide message by 4, restarting 3 times */
- quarter = (src_length + 3)/ 4;
- for (i=0; i < 4 && src_length > 0; i++) {
- SHA256_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
- len = SHA256_FlattenSize(cx);
- cxbytes = PORT_Alloc(len);
- SHA256_Flatten(cx, cxbytes);
- cx_cpy = SHA256_Resurrect(cxbytes, NULL);
- if (!cx_cpy) {
- PR_fprintf(PR_STDERR, "%s: SHA256_Resurrect failed!\n", progName);
- rv = SECFailure;
- goto finish;
- }
- rv = PORT_Memcmp(cx, cx_cpy, len);
- if (rv) {
- SHA256_DestroyContext(cx_cpy, PR_TRUE);
- PR_fprintf(PR_STDERR, "%s: SHA256_restart failed!\n", progName);
- goto finish;
- }
- SHA256_DestroyContext(cx_cpy, PR_TRUE);
- PORT_Free(cxbytes);
- src_length -= quarter;
+ quarter = (src_length + 3) / 4;
+ for (i = 0; i < 4 && src_length > 0; i++) {
+ SHA256_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+ len = SHA256_FlattenSize(cx);
+ cxbytes = PORT_Alloc(len);
+ SHA256_Flatten(cx, cxbytes);
+ cx_cpy = SHA256_Resurrect(cxbytes, NULL);
+ if (!cx_cpy) {
+ PR_fprintf(PR_STDERR, "%s: SHA256_Resurrect failed!\n", progName);
+ rv = SECFailure;
+ goto finish;
+ }
+ rv = PORT_Memcmp(cx, cx_cpy, len);
+ if (rv) {
+ SHA256_DestroyContext(cx_cpy, PR_TRUE);
+ PR_fprintf(PR_STDERR, "%s: SHA256_restart failed!\n", progName);
+ goto finish;
+ }
+ SHA256_DestroyContext(cx_cpy, PR_TRUE);
+ PORT_Free(cxbytes);
+ src_length -= quarter;
}
SHA256_End(cx, dest, &len, MD5_LENGTH);
finish:
@@ -2088,27 +2124,27 @@ SHA384_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_lengt
cx = SHA384_NewContext();
SHA384_Begin(cx);
/* divide message by 4, restarting 3 times */
- quarter = (src_length + 3)/ 4;
- for (i=0; i < 4 && src_length > 0; i++) {
- SHA384_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
- len = SHA384_FlattenSize(cx);
- cxbytes = PORT_Alloc(len);
- SHA384_Flatten(cx, cxbytes);
- cx_cpy = SHA384_Resurrect(cxbytes, NULL);
- if (!cx_cpy) {
- PR_fprintf(PR_STDERR, "%s: SHA384_Resurrect failed!\n", progName);
- rv = SECFailure;
- goto finish;
- }
- rv = PORT_Memcmp(cx, cx_cpy, len);
- if (rv) {
- SHA384_DestroyContext(cx_cpy, PR_TRUE);
- PR_fprintf(PR_STDERR, "%s: SHA384_restart failed!\n", progName);
- goto finish;
- }
- SHA384_DestroyContext(cx_cpy, PR_TRUE);
- PORT_Free(cxbytes);
- src_length -= quarter;
+ quarter = (src_length + 3) / 4;
+ for (i = 0; i < 4 && src_length > 0; i++) {
+ SHA384_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+ len = SHA384_FlattenSize(cx);
+ cxbytes = PORT_Alloc(len);
+ SHA384_Flatten(cx, cxbytes);
+ cx_cpy = SHA384_Resurrect(cxbytes, NULL);
+ if (!cx_cpy) {
+ PR_fprintf(PR_STDERR, "%s: SHA384_Resurrect failed!\n", progName);
+ rv = SECFailure;
+ goto finish;
+ }
+ rv = PORT_Memcmp(cx, cx_cpy, len);
+ if (rv) {
+ SHA384_DestroyContext(cx_cpy, PR_TRUE);
+ PR_fprintf(PR_STDERR, "%s: SHA384_restart failed!\n", progName);
+ goto finish;
+ }
+ SHA384_DestroyContext(cx_cpy, PR_TRUE);
+ PORT_Free(cxbytes);
+ src_length -= quarter;
}
SHA384_End(cx, dest, &len, MD5_LENGTH);
finish:
@@ -2127,27 +2163,27 @@ SHA512_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_lengt
cx = SHA512_NewContext();
SHA512_Begin(cx);
/* divide message by 4, restarting 3 times */
- quarter = (src_length + 3)/ 4;
- for (i=0; i < 4 && src_length > 0; i++) {
- SHA512_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
- len = SHA512_FlattenSize(cx);
- cxbytes = PORT_Alloc(len);
- SHA512_Flatten(cx, cxbytes);
- cx_cpy = SHA512_Resurrect(cxbytes, NULL);
- if (!cx_cpy) {
- PR_fprintf(PR_STDERR, "%s: SHA512_Resurrect failed!\n", progName);
- rv = SECFailure;
- goto finish;
- }
- rv = PORT_Memcmp(cx, cx_cpy, len);
- if (rv) {
- SHA512_DestroyContext(cx_cpy, PR_TRUE);
- PR_fprintf(PR_STDERR, "%s: SHA512_restart failed!\n", progName);
- goto finish;
- }
- SHA512_DestroyContext(cx_cpy, PR_TRUE);
- PORT_Free(cxbytes);
- src_length -= quarter;
+ quarter = (src_length + 3) / 4;
+ for (i = 0; i < 4 && src_length > 0; i++) {
+ SHA512_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+ len = SHA512_FlattenSize(cx);
+ cxbytes = PORT_Alloc(len);
+ SHA512_Flatten(cx, cxbytes);
+ cx_cpy = SHA512_Resurrect(cxbytes, NULL);
+ if (!cx_cpy) {
+ PR_fprintf(PR_STDERR, "%s: SHA512_Resurrect failed!\n", progName);
+ rv = SECFailure;
+ goto finish;
+ }
+ rv = PORT_Memcmp(cx, cx_cpy, len);
+ if (rv) {
+ SHA512_DestroyContext(cx_cpy, PR_TRUE);
+ PR_fprintf(PR_STDERR, "%s: SHA512_restart failed!\n", progName);
+ goto finish;
+ }
+ SHA512_DestroyContext(cx_cpy, PR_TRUE);
+ PORT_Free(cxbytes);
+ src_length -= quarter;
}
SHA512_End(cx, dest, &len, MD5_LENGTH);
finish:
@@ -2158,9 +2194,9 @@ finish:
SECStatus
pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
#ifndef NSS_DISABLE_ECC
- int keysize, int exponent, char *curveName)
+ int keysize, int exponent, char *curveName)
#else
- int keysize, int exponent)
+ int keysize, int exponent)
#endif
{
int i;
@@ -2177,74 +2213,74 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
ECPrivateKey **ecKey = NULL;
#endif
switch (cipherInfo->mode) {
- case bltestRSA:
- case bltestRSA_PSS:
- case bltestRSA_OAEP:
- rsap = &asymk->cipherParams.rsa;
- rsaKey = (RSAPrivateKey **)&asymk->privKey;
- if (keysize > 0) {
- SECItem expitem = { 0, 0, 0 };
- SECITEM_AllocItem(cipherInfo->arena, &expitem, sizeof(int));
- for (i = 1; i <= sizeof(int); i++)
- expitem.data[i-1] = exponent >> (8*(sizeof(int) - i));
- *rsaKey = RSA_NewKey(keysize * 8, &expitem);
- serialize_key(&(*rsaKey)->version, 9, file);
- rsap->keysizeInBits = keysize * 8;
- } else {
- setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
- *rsaKey = rsakey_from_filedata(&asymk->key.buf);
- rsap->keysizeInBits = (*rsaKey)->modulus.len * 8;
- }
- break;
- case bltestDSA:
- dsap = &asymk->cipherParams.dsa;
- dsaKey = (DSAPrivateKey **)&asymk->privKey;
- if (keysize > 0) {
- dsap->keysize = keysize*8;
- if (!dsap->pqg)
- bltest_pqg_init(dsap);
- rv = DSA_NewKey(dsap->pqg, dsaKey);
- CHECKERROR(rv, __LINE__);
- serialize_key(&(*dsaKey)->params.prime, 5, file);
- } else {
- setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
- *dsaKey = dsakey_from_filedata(&asymk->key.buf);
- dsap->keysize = (*dsaKey)->params.prime.len*8;
- }
- break;
+ case bltestRSA:
+ case bltestRSA_PSS:
+ case bltestRSA_OAEP:
+ rsap = &asymk->cipherParams.rsa;
+ rsaKey = (RSAPrivateKey **)&asymk->privKey;
+ if (keysize > 0) {
+ SECItem expitem = { 0, 0, 0 };
+ SECITEM_AllocItem(cipherInfo->arena, &expitem, sizeof(int));
+ for (i = 1; i <= sizeof(int); i++)
+ expitem.data[i - 1] = exponent >> (8 * (sizeof(int) - i));
+ *rsaKey = RSA_NewKey(keysize * 8, &expitem);
+ serialize_key(&(*rsaKey)->version, 9, file);
+ rsap->keysizeInBits = keysize * 8;
+ } else {
+ setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+ *rsaKey = rsakey_from_filedata(&asymk->key.buf);
+ rsap->keysizeInBits = (*rsaKey)->modulus.len * 8;
+ }
+ break;
+ case bltestDSA:
+ dsap = &asymk->cipherParams.dsa;
+ dsaKey = (DSAPrivateKey **)&asymk->privKey;
+ if (keysize > 0) {
+ dsap->keysize = keysize * 8;
+ if (!dsap->pqg)
+ bltest_pqg_init(dsap);
+ rv = DSA_NewKey(dsap->pqg, dsaKey);
+ CHECKERROR(rv, __LINE__);
+ serialize_key(&(*dsaKey)->params.prime, 5, file);
+ } else {
+ setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+ *dsaKey = dsakey_from_filedata(&asymk->key.buf);
+ dsap->keysize = (*dsaKey)->params.prime.len * 8;
+ }
+ break;
#ifndef NSS_DISABLE_ECC
- case bltestECDSA:
- ecKey = (ECPrivateKey **)&asymk->privKey;
- if (curveName != NULL) {
- tmpECParamsDER = getECParams(curveName);
- rv = SECOID_Init();
- CHECKERROR(rv, __LINE__);
- rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure;
- CHECKERROR(rv, __LINE__);
- rv = EC_NewKey(tmpECParams, ecKey);
- CHECKERROR(rv, __LINE__);
- ecSerialize[0].type = tmpECParamsDER->type;
- ecSerialize[0].data = tmpECParamsDER->data;
- ecSerialize[0].len = tmpECParamsDER->len;
- ecSerialize[1].type = (*ecKey)->publicValue.type;
- ecSerialize[1].data = (*ecKey)->publicValue.data;
- ecSerialize[1].len = (*ecKey)->publicValue.len;
- ecSerialize[2].type = (*ecKey)->privateValue.type;
- ecSerialize[2].data = (*ecKey)->privateValue.data;
- ecSerialize[2].len = (*ecKey)->privateValue.len;
- serialize_key(&(ecSerialize[0]), 3, file);
- SECITEM_FreeItem(tmpECParamsDER, PR_TRUE);
- PORT_FreeArena(tmpECParams->arena, PR_TRUE);
- rv = SECOID_Shutdown();
- CHECKERROR(rv, __LINE__);
- } else {
- setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
- *ecKey = eckey_from_filedata(&asymk->key.buf);
- }
- break;
+ case bltestECDSA:
+ ecKey = (ECPrivateKey **)&asymk->privKey;
+ if (curveName != NULL) {
+ tmpECParamsDER = getECParams(curveName);
+ rv = SECOID_Init();
+ CHECKERROR(rv, __LINE__);
+ rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure;
+ CHECKERROR(rv, __LINE__);
+ rv = EC_NewKey(tmpECParams, ecKey);
+ CHECKERROR(rv, __LINE__);
+ ecSerialize[0].type = tmpECParamsDER->type;
+ ecSerialize[0].data = tmpECParamsDER->data;
+ ecSerialize[0].len = tmpECParamsDER->len;
+ ecSerialize[1].type = (*ecKey)->publicValue.type;
+ ecSerialize[1].data = (*ecKey)->publicValue.data;
+ ecSerialize[1].len = (*ecKey)->publicValue.len;
+ ecSerialize[2].type = (*ecKey)->privateValue.type;
+ ecSerialize[2].data = (*ecKey)->privateValue.data;
+ ecSerialize[2].len = (*ecKey)->privateValue.len;
+ serialize_key(&(ecSerialize[0]), 3, file);
+ SECITEM_FreeItem(tmpECParamsDER, PR_TRUE);
+ PORT_FreeArena(tmpECParams->arena, PR_TRUE);
+ rv = SECOID_Shutdown();
+ CHECKERROR(rv, __LINE__);
+ } else {
+ setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+ *ecKey = eckey_from_filedata(&asymk->key.buf);
+ }
+ break;
#endif
- default:
- return SECFailure;
+ default:
+ return SECFailure;
}
return SECSuccess;
}
@@ -2255,144 +2291,144 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
PRBool restart;
int outlen;
switch (cipherInfo->mode) {
- case bltestDES_ECB:
- case bltestDES_CBC:
- case bltestDES_EDE_ECB:
- case bltestDES_EDE_CBC:
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- cipherInfo->input.pBuf.len);
- return bltest_des_init(cipherInfo, encrypt);
- break;
- case bltestRC2_ECB:
- case bltestRC2_CBC:
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- cipherInfo->input.pBuf.len);
- return bltest_rc2_init(cipherInfo, encrypt);
- break;
- case bltestRC4:
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- cipherInfo->input.pBuf.len);
- return bltest_rc4_init(cipherInfo, encrypt);
- break;
+ case bltestDES_ECB:
+ case bltestDES_CBC:
+ case bltestDES_EDE_ECB:
+ case bltestDES_EDE_CBC:
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ cipherInfo->input.pBuf.len);
+ return bltest_des_init(cipherInfo, encrypt);
+ break;
+ case bltestRC2_ECB:
+ case bltestRC2_CBC:
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ cipherInfo->input.pBuf.len);
+ return bltest_rc2_init(cipherInfo, encrypt);
+ break;
+ case bltestRC4:
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ cipherInfo->input.pBuf.len);
+ return bltest_rc4_init(cipherInfo, encrypt);
+ break;
#ifdef NSS_SOFTOKEN_DOES_RC5
- case bltestRC5_ECB:
- case bltestRC5_CBC:
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- cipherInfo->input.pBuf.len);
+ case bltestRC5_ECB:
+ case bltestRC5_CBC:
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ cipherInfo->input.pBuf.len);
#endif
- return bltest_rc5_init(cipherInfo, encrypt);
- break;
- case bltestAES_ECB:
- case bltestAES_CBC:
- case bltestAES_CTS:
- case bltestAES_CTR:
- case bltestAES_GCM:
- outlen = cipherInfo->input.pBuf.len;
- if (cipherInfo->mode == bltestAES_GCM && encrypt) {
- outlen += 16;
- }
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
- return bltest_aes_init(cipherInfo, encrypt);
- break;
- case bltestCAMELLIA_ECB:
- case bltestCAMELLIA_CBC:
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- cipherInfo->input.pBuf.len);
- return bltest_camellia_init(cipherInfo, encrypt);
- break;
- case bltestSEED_ECB:
- case bltestSEED_CBC:
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- cipherInfo->input.pBuf.len);
- return bltest_seed_init(cipherInfo, encrypt);
- break;
- case bltestCHACHA20:
- outlen = cipherInfo->input.pBuf.len + (encrypt ? 16 : 0);
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
- return bltest_chacha20_init(cipherInfo, encrypt);
- break;
- case bltestRSA:
- case bltestRSA_OAEP:
- case bltestRSA_PSS:
- if (encrypt || cipherInfo->mode != bltestRSA_PSS) {
- /* Don't allocate a buffer for PSS in verify mode, as no actual
- * output is produced. */
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- RSA_MAX_MODULUS_BITS / 8);
- }
- return bltest_rsa_init(cipherInfo, encrypt);
- break;
- case bltestDSA:
- if (encrypt) {
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- DSA_MAX_SIGNATURE_LEN);
- }
- return bltest_dsa_init(cipherInfo, encrypt);
- break;
+ return bltest_rc5_init(cipherInfo, encrypt);
+ break;
+ case bltestAES_ECB:
+ case bltestAES_CBC:
+ case bltestAES_CTS:
+ case bltestAES_CTR:
+ case bltestAES_GCM:
+ outlen = cipherInfo->input.pBuf.len;
+ if (cipherInfo->mode == bltestAES_GCM && encrypt) {
+ outlen += 16;
+ }
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
+ return bltest_aes_init(cipherInfo, encrypt);
+ break;
+ case bltestCAMELLIA_ECB:
+ case bltestCAMELLIA_CBC:
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ cipherInfo->input.pBuf.len);
+ return bltest_camellia_init(cipherInfo, encrypt);
+ break;
+ case bltestSEED_ECB:
+ case bltestSEED_CBC:
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ cipherInfo->input.pBuf.len);
+ return bltest_seed_init(cipherInfo, encrypt);
+ break;
+ case bltestCHACHA20:
+ outlen = cipherInfo->input.pBuf.len + (encrypt ? 16 : 0);
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
+ return bltest_chacha20_init(cipherInfo, encrypt);
+ break;
+ case bltestRSA:
+ case bltestRSA_OAEP:
+ case bltestRSA_PSS:
+ if (encrypt || cipherInfo->mode != bltestRSA_PSS) {
+ /* Don't allocate a buffer for PSS in verify mode, as no actual
+ * output is produced. */
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ RSA_MAX_MODULUS_BITS / 8);
+ }
+ return bltest_rsa_init(cipherInfo, encrypt);
+ break;
+ case bltestDSA:
+ if (encrypt) {
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ DSA_MAX_SIGNATURE_LEN);
+ }
+ return bltest_dsa_init(cipherInfo, encrypt);
+ break;
#ifndef NSS_DISABLE_ECC
- case bltestECDSA:
- if (encrypt) {
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- 2 * MAX_ECKEY_LEN);
- }
- return bltest_ecdsa_init(cipherInfo, encrypt);
- break;
+ case bltestECDSA:
+ if (encrypt) {
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ 2 * MAX_ECKEY_LEN);
+ }
+ return bltest_ecdsa_init(cipherInfo, encrypt);
+ break;
#endif
- case bltestMD2:
- restart = cipherInfo->params.hash.restart;
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- MD2_LENGTH);
- cipherInfo->cipher.hashCipher = (restart) ? md2_restart : md2_HashBuf;
- return SECSuccess;
- break;
- case bltestMD5:
- restart = cipherInfo->params.hash.restart;
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- MD5_LENGTH);
- cipherInfo->cipher.hashCipher = (restart) ? md5_restart : MD5_HashBuf;
- return SECSuccess;
- break;
- case bltestSHA1:
- restart = cipherInfo->params.hash.restart;
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- SHA1_LENGTH);
- cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
- return SECSuccess;
- break;
- case bltestSHA224:
- restart = cipherInfo->params.hash.restart;
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- SHA224_LENGTH);
- cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart
- : SHA224_HashBuf;
- return SECSuccess;
- break;
- case bltestSHA256:
- restart = cipherInfo->params.hash.restart;
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- SHA256_LENGTH);
- cipherInfo->cipher.hashCipher = (restart) ? SHA256_restart
- : SHA256_HashBuf;
- return SECSuccess;
- break;
- case bltestSHA384:
- restart = cipherInfo->params.hash.restart;
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- SHA384_LENGTH);
- cipherInfo->cipher.hashCipher = (restart) ? SHA384_restart
- : SHA384_HashBuf;
- return SECSuccess;
- break;
- case bltestSHA512:
- restart = cipherInfo->params.hash.restart;
- SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
- SHA512_LENGTH);
- cipherInfo->cipher.hashCipher = (restart) ? SHA512_restart
- : SHA512_HashBuf;
- return SECSuccess;
- break;
- default:
- return SECFailure;
+ case bltestMD2:
+ restart = cipherInfo->params.hash.restart;
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ MD2_LENGTH);
+ cipherInfo->cipher.hashCipher = (restart) ? md2_restart : md2_HashBuf;
+ return SECSuccess;
+ break;
+ case bltestMD5:
+ restart = cipherInfo->params.hash.restart;
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ MD5_LENGTH);
+ cipherInfo->cipher.hashCipher = (restart) ? md5_restart : MD5_HashBuf;
+ return SECSuccess;
+ break;
+ case bltestSHA1:
+ restart = cipherInfo->params.hash.restart;
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ SHA1_LENGTH);
+ cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
+ return SECSuccess;
+ break;
+ case bltestSHA224:
+ restart = cipherInfo->params.hash.restart;
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ SHA224_LENGTH);
+ cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart
+ : SHA224_HashBuf;
+ return SECSuccess;
+ break;
+ case bltestSHA256:
+ restart = cipherInfo->params.hash.restart;
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ SHA256_LENGTH);
+ cipherInfo->cipher.hashCipher = (restart) ? SHA256_restart
+ : SHA256_HashBuf;
+ return SECSuccess;
+ break;
+ case bltestSHA384:
+ restart = cipherInfo->params.hash.restart;
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ SHA384_LENGTH);
+ cipherInfo->cipher.hashCipher = (restart) ? SHA384_restart
+ : SHA384_HashBuf;
+ return SECSuccess;
+ break;
+ case bltestSHA512:
+ restart = cipherInfo->params.hash.restart;
+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+ SHA512_LENGTH);
+ cipherInfo->cipher.hashCipher = (restart) ? SHA512_restart
+ : SHA512_HashBuf;
+ return SECSuccess;
+ break;
+ default:
+ return SECFailure;
}
return SECSuccess;
}
@@ -2409,9 +2445,8 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
dummyOut = PORT_Alloc(maxLen);
if (is_symmkeyCipher(cipherInfo->mode)) {
const unsigned char *input = cipherInfo->input.pBuf.data;
- unsigned int inputLen = is_singleShotCipher(cipherInfo->mode) ?
- cipherInfo->input.pBuf.len :
- PR_MIN(cipherInfo->input.pBuf.len, 16);
+ unsigned int inputLen = is_singleShotCipher(cipherInfo->mode) ? cipherInfo->input.pBuf.len
+ : PR_MIN(cipherInfo->input.pBuf.len, 16);
unsigned char *output = cipherInfo->output.pBuf.data;
unsigned int outputLen = maxLen;
unsigned int totalOutputLen = 0;
@@ -2430,28 +2465,28 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
output, &len, outputLen,
input, inputLen);
CHECKERROR(rv, __LINE__);
- totalOutputLen += len;
+ totalOutputLen += len;
}
- cipherInfo->output.pBuf.len = totalOutputLen;
+ cipherInfo->output.pBuf.len = totalOutputLen;
TIMEFINISH(cipherInfo->optime, 1.0);
cipherInfo->repetitions = 0;
if (cipherInfo->repetitionsToPerfom != 0) {
TIMESTART();
- for (i=0; i<cipherInfo->repetitionsToPerfom; i++,
- cipherInfo->repetitions++) {
+ for (i = 0; i < cipherInfo->repetitionsToPerfom; i++,
+ cipherInfo->repetitions++) {
(*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, dummyOut,
&len, maxLen,
cipherInfo->input.pBuf.data,
cipherInfo->input.pBuf.len);
-
+
CHECKERROR(rv, __LINE__);
}
} else {
int opsBetweenChecks = 0;
TIMEMARK(cipherInfo->seconds);
- while (! (TIMETOFINISH())) {
+ while (!(TIMETOFINISH())) {
int j = 0;
- for (;j < opsBetweenChecks;j++) {
+ for (; j < opsBetweenChecks; j++) {
(*cipherInfo->cipher.symmkeyCipher)(
cipherInfo->cx, dummyOut, &len, maxLen,
cipherInfo->input.pBuf.data,
@@ -2471,11 +2506,11 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
TIMESTART();
rv = (*cipherInfo->cipher.aeadCipher)(
- cipherInfo->cx,
- output, &outputLen, maxLen,
- input, inputLen,
- sk->iv.buf.data, sk->iv.buf.len,
- ask->aad.buf.data, ask->aad.buf.len);
+ cipherInfo->cx,
+ output, &outputLen, maxLen,
+ input, inputLen,
+ sk->iv.buf.data, sk->iv.buf.len,
+ ask->aad.buf.data, ask->aad.buf.len);
CHECKERROR(rv, __LINE__);
cipherInfo->output.pBuf.len = outputLen;
TIMEFINISH(cipherInfo->optime, 1.0);
@@ -2483,28 +2518,28 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
cipherInfo->repetitions = 0;
if (cipherInfo->repetitionsToPerfom != 0) {
TIMESTART();
- for (i=0; i<cipherInfo->repetitionsToPerfom; i++,
- cipherInfo->repetitions++) {
+ for (i = 0; i < cipherInfo->repetitionsToPerfom; i++,
+ cipherInfo->repetitions++) {
rv = (*cipherInfo->cipher.aeadCipher)(
- cipherInfo->cx,
- output, &outputLen, maxLen,
- input, inputLen,
- sk->iv.buf.data, sk->iv.buf.len,
- ask->aad.buf.data, ask->aad.buf.len);
+ cipherInfo->cx,
+ output, &outputLen, maxLen,
+ input, inputLen,
+ sk->iv.buf.data, sk->iv.buf.len,
+ ask->aad.buf.data, ask->aad.buf.len);
CHECKERROR(rv, __LINE__);
}
} else {
int opsBetweenChecks = 0;
TIMEMARK(cipherInfo->seconds);
- while (! (TIMETOFINISH())) {
+ while (!(TIMETOFINISH())) {
int j = 0;
- for (;j < opsBetweenChecks;j++) {
+ for (; j < opsBetweenChecks; j++) {
(*cipherInfo->cipher.aeadCipher)(
- cipherInfo->cx,
- output, &outputLen, maxLen,
- input, inputLen,
- sk->iv.buf.data, sk->iv.buf.len,
- ask->aad.buf.data, ask->aad.buf.len);
+ cipherInfo->cx,
+ output, &outputLen, maxLen,
+ input, inputLen,
+ sk->iv.buf.data, sk->iv.buf.len,
+ ask->aad.buf.data, ask->aad.buf.len);
}
cipherInfo->repetitions += j;
}
@@ -2520,21 +2555,21 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
cipherInfo->repetitions = 0;
if (cipherInfo->repetitionsToPerfom != 0) {
TIMESTART();
- for (i=0; i<cipherInfo->repetitionsToPerfom;
+ for (i = 0; i < cipherInfo->repetitionsToPerfom;
i++, cipherInfo->repetitions++) {
SECItem dummy;
dummy.data = dummyOut;
dummy.len = maxLen;
- (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy,
+ (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy,
&cipherInfo->input.pBuf);
CHECKERROR(rv, __LINE__);
}
} else {
int opsBetweenChecks = 0;
TIMEMARK(cipherInfo->seconds);
- while (! (TIMETOFINISH())) {
+ while (!(TIMETOFINISH())) {
int j = 0;
- for (;j < opsBetweenChecks;j++) {
+ for (; j < opsBetweenChecks; j++) {
SECItem dummy;
dummy.data = dummyOut;
dummy.len = maxLen;
@@ -2556,7 +2591,7 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
cipherInfo->repetitions = 0;
if (cipherInfo->repetitionsToPerfom != 0) {
TIMESTART();
- for (i=0; i<cipherInfo->repetitionsToPerfom;
+ for (i = 0; i < cipherInfo->repetitionsToPerfom;
i++, cipherInfo->repetitions++) {
(*cipherInfo->cipher.hashCipher)(dummyOut,
cipherInfo->input.pBuf.data,
@@ -2566,9 +2601,9 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
} else {
int opsBetweenChecks = 0;
TIMEMARK(cipherInfo->seconds);
- while (! (TIMETOFINISH())) {
+ while (!(TIMETOFINISH())) {
int j = 0;
- for (;j < opsBetweenChecks;j++) {
+ for (; j < opsBetweenChecks; j++) {
bltestIO *input = &cipherInfo->input;
(*cipherInfo->cipher.hashCipher)(dummyOut,
input->pBuf.data,
@@ -2590,62 +2625,63 @@ cipherFinish(bltestCipherInfo *cipherInfo)
SECStatus rv = SECSuccess;
switch (cipherInfo->mode) {
- case bltestDES_ECB:
- case bltestDES_CBC:
- case bltestDES_EDE_ECB:
- case bltestDES_EDE_CBC:
- DES_DestroyContext((DESContext *)cipherInfo->cx, PR_TRUE);
- break;
- case bltestAES_GCM:
- case bltestAES_ECB:
- case bltestAES_CBC:
- case bltestAES_CTS:
- case bltestAES_CTR:
- AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE);
- break;
- case bltestCAMELLIA_ECB:
- case bltestCAMELLIA_CBC:
- Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE);
- break;
- case bltestSEED_ECB:
- case bltestSEED_CBC:
- SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE);
- break;
- case bltestCHACHA20:
- ChaCha20Poly1305_DestroyContext((ChaCha20Poly1305Context *)
- cipherInfo->cx, PR_TRUE);
- break;
- case bltestRC2_ECB:
- case bltestRC2_CBC:
- RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
- break;
- case bltestRC4:
- RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE);
- break;
+ case bltestDES_ECB:
+ case bltestDES_CBC:
+ case bltestDES_EDE_ECB:
+ case bltestDES_EDE_CBC:
+ DES_DestroyContext((DESContext *)cipherInfo->cx, PR_TRUE);
+ break;
+ case bltestAES_GCM:
+ case bltestAES_ECB:
+ case bltestAES_CBC:
+ case bltestAES_CTS:
+ case bltestAES_CTR:
+ AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE);
+ break;
+ case bltestCAMELLIA_ECB:
+ case bltestCAMELLIA_CBC:
+ Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE);
+ break;
+ case bltestSEED_ECB:
+ case bltestSEED_CBC:
+ SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE);
+ break;
+ case bltestCHACHA20:
+ ChaCha20Poly1305_DestroyContext((ChaCha20Poly1305Context *)
+ cipherInfo->cx,
+ PR_TRUE);
+ break;
+ case bltestRC2_ECB:
+ case bltestRC2_CBC:
+ RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
+ break;
+ case bltestRC4:
+ RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE);
+ break;
#ifdef NSS_SOFTOKEN_DOES_RC5
- case bltestRC5_ECB:
- case bltestRC5_CBC:
- RC5_DestroyContext((RC5Context *)cipherInfo->cx, PR_TRUE);
- break;
+ case bltestRC5_ECB:
+ case bltestRC5_CBC:
+ RC5_DestroyContext((RC5Context *)cipherInfo->cx, PR_TRUE);
+ break;
#endif
- case bltestRSA: /* keys are alloc'ed within cipherInfo's arena, */
- case bltestRSA_PSS: /* will be freed with it. */
- case bltestRSA_OAEP:
- case bltestDSA:
+ case bltestRSA: /* keys are alloc'ed within cipherInfo's arena, */
+ case bltestRSA_PSS: /* will be freed with it. */
+ case bltestRSA_OAEP:
+ case bltestDSA:
#ifndef NSS_DISABLE_ECC
- case bltestECDSA:
+ case bltestECDSA:
#endif
- case bltestMD2: /* hash contexts are ephemeral */
- case bltestMD5:
- case bltestSHA1:
- case bltestSHA224:
- case bltestSHA256:
- case bltestSHA384:
- case bltestSHA512:
- return SECSuccess;
- break;
- default:
- return SECFailure;
+ case bltestMD2: /* hash contexts are ephemeral */
+ case bltestMD5:
+ case bltestSHA1:
+ case bltestSHA224:
+ case bltestSHA256:
+ case bltestSHA384:
+ case bltestSHA512:
+ return SECSuccess;
+ break;
+ default:
+ return SECFailure;
}
return rv;
}
@@ -2656,11 +2692,12 @@ print_exponent(SECItem *exp)
int i;
int e = 0;
if (exp->len <= 4) {
- for (i=exp->len; i >=0; --i) e |= exp->data[exp->len-i] << 8*(i-1);
- fprintf(stdout, "%12d", e);
+ for (i = exp->len; i >= 0; --i)
+ e |= exp->data[exp->len - i] << 8 * (i - 1);
+ fprintf(stdout, "%12d", e);
} else {
- e = 8*exp->len;
- fprintf(stdout, "~2**%-8d", e);
+ e = 8 * exp->len;
+ fprintf(stdout, "~2**%-8d", e);
}
}
@@ -2679,17 +2716,17 @@ splitToReportUnit(PRInt64 res, int *resArr, int *del, int size)
}
}
-static char*
+static char *
getHighUnitBytes(PRInt64 res)
{
- int spl[] = {0, 0, 0, 0};
- int del[] = {1024, 1024, 1024, 1024};
- char *marks[] = {"b", "Kb", "Mb", "Gb"};
+ int spl[] = { 0, 0, 0, 0 };
+ int del[] = { 1024, 1024, 1024, 1024 };
+ char *marks[] = { "b", "Kb", "Mb", "Gb" };
int i = 3;
splitToReportUnit(res, spl, del, 4);
- for (;i>0;i--) {
+ for (; i > 0; i--) {
if (spl[i] != 0) {
break;
}
@@ -2698,7 +2735,6 @@ getHighUnitBytes(PRInt64 res)
return PR_smprintf("%d%s", spl[i], marks[i]);
}
-
static void
printPR_smpString(const char *sformat, char *reportStr,
const char *nformat, PRInt64 rNum)
@@ -2711,17 +2747,17 @@ printPR_smpString(const char *sformat, char *reportStr,
}
}
-static char*
+static char *
getHighUnitOps(PRInt64 res)
{
- int spl[] = {0, 0, 0, 0};
- int del[] = {1000, 1000, 1000, 1000};
- char *marks[] = {"", "T", "M", "B"};
+ int spl[] = { 0, 0, 0, 0 };
+ int del[] = { 1000, 1000, 1000, 1000 };
+ char *marks[] = { "", "T", "M", "B" };
int i = 3;
splitToReportUnit(res, spl, del, 4);
- for (;i>0;i--) {
+ for (; i > 0; i--) {
if (spl[i] != 0) {
break;
}
@@ -2735,12 +2771,12 @@ dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt,
PRBool encrypt, PRBool cxonly)
{
bltestCipherInfo *info = infoList;
-
+
PRInt64 totalIn = 0;
PRBool td = PR_TRUE;
- int repetitions = 0;
- int cxreps = 0;
+ int repetitions = 0;
+ int cxreps = 0;
double cxtime = 0;
double optime = 0;
while (info != NULL) {
@@ -2748,8 +2784,8 @@ dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt,
cxreps += info->cxreps;
cxtime += info->cxtime;
optime += info->optime;
- totalIn += (PRInt64) info->input.buf.len * (PRInt64) info->repetitions;
-
+ totalIn += (PRInt64)info->input.buf.len * (PRInt64)info->repetitions;
+
info = info->next;
}
info = infoList;
@@ -2758,79 +2794,79 @@ dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt,
fprintf(stdout, "%12s", "in");
print_td:
switch (info->mode) {
- case bltestDES_ECB:
- case bltestDES_CBC:
- case bltestDES_EDE_ECB:
- case bltestDES_EDE_CBC:
- case bltestAES_ECB:
- case bltestAES_CBC:
- case bltestAES_CTS:
- case bltestAES_CTR:
- case bltestAES_GCM:
- case bltestCAMELLIA_ECB:
- case bltestCAMELLIA_CBC:
- case bltestSEED_ECB:
- case bltestSEED_CBC:
- case bltestRC2_ECB:
- case bltestRC2_CBC:
- case bltestRC4:
- if (td)
- fprintf(stdout, "%8s", "symmkey");
- else
- fprintf(stdout, "%8d", 8*info->params.sk.key.buf.len);
- break;
+ case bltestDES_ECB:
+ case bltestDES_CBC:
+ case bltestDES_EDE_ECB:
+ case bltestDES_EDE_CBC:
+ case bltestAES_ECB:
+ case bltestAES_CBC:
+ case bltestAES_CTS:
+ case bltestAES_CTR:
+ case bltestAES_GCM:
+ case bltestCAMELLIA_ECB:
+ case bltestCAMELLIA_CBC:
+ case bltestSEED_ECB:
+ case bltestSEED_CBC:
+ case bltestRC2_ECB:
+ case bltestRC2_CBC:
+ case bltestRC4:
+ if (td)
+ fprintf(stdout, "%8s", "symmkey");
+ else
+ fprintf(stdout, "%8d", 8 * info->params.sk.key.buf.len);
+ break;
#ifdef NSS_SOFTOKEN_DOES_RC5
- case bltestRC5_ECB:
- case bltestRC5_CBC:
- if (info->params.sk.key.buf.len > 0)
- printf("symmetric key(bytes)=%d,", info->params.sk.key.buf.len);
- if (info->rounds > 0)
- printf("rounds=%d,", info->params.rc5.rounds);
- if (info->wordsize > 0)
- printf("wordsize(bytes)=%d,", info->params.rc5.wordsize);
- break;
+ case bltestRC5_ECB:
+ case bltestRC5_CBC:
+ if (info->params.sk.key.buf.len > 0)
+ printf("symmetric key(bytes)=%d,", info->params.sk.key.buf.len);
+ if (info->rounds > 0)
+ printf("rounds=%d,", info->params.rc5.rounds);
+ if (info->wordsize > 0)
+ printf("wordsize(bytes)=%d,", info->params.rc5.wordsize);
+ break;
#endif
- case bltestRSA:
- case bltestRSA_PSS:
- case bltestRSA_OAEP:
- if (td) {
- fprintf(stdout, "%8s", "rsa_mod");
- fprintf(stdout, "%12s", "rsa_pe");
- } else {
- bltestAsymKeyParams *asymk = &info->params.asymk;
- fprintf(stdout, "%8d", asymk->cipherParams.rsa.keysizeInBits);
- print_exponent(
- &((RSAPrivateKey *)asymk->privKey)->publicExponent);
- }
- break;
- case bltestDSA:
- if (td) {
- fprintf(stdout, "%8s", "pqg_mod");
- } else {
- fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
- }
- break;
+ case bltestRSA:
+ case bltestRSA_PSS:
+ case bltestRSA_OAEP:
+ if (td) {
+ fprintf(stdout, "%8s", "rsa_mod");
+ fprintf(stdout, "%12s", "rsa_pe");
+ } else {
+ bltestAsymKeyParams *asymk = &info->params.asymk;
+ fprintf(stdout, "%8d", asymk->cipherParams.rsa.keysizeInBits);
+ print_exponent(
+ &((RSAPrivateKey *)asymk->privKey)->publicExponent);
+ }
+ break;
+ case bltestDSA:
+ if (td) {
+ fprintf(stdout, "%8s", "pqg_mod");
+ } else {
+ fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
+ }
+ break;
#ifndef NSS_DISABLE_ECC
- case bltestECDSA:
- if (td) {
- fprintf(stdout, "%12s", "ec_curve");
- } else {
- ECPrivateKey *key = (ECPrivateKey*)info->params.asymk.privKey;
- ECCurveName curveName = key->ecParams.name;
- fprintf(stdout, "%12s",
- ecCurve_map[curveName]? ecCurve_map[curveName]->text:
- "Unsupported curve");
- }
- break;
+ case bltestECDSA:
+ if (td) {
+ fprintf(stdout, "%12s", "ec_curve");
+ } else {
+ ECPrivateKey *key = (ECPrivateKey *)info->params.asymk.privKey;
+ ECCurveName curveName = key->ecParams.name;
+ fprintf(stdout, "%12s",
+ ecCurve_map[curveName] ? ecCurve_map[curveName]->text :
+ "Unsupported curve");
+ }
+ break;
#endif
- case bltestMD2:
- case bltestMD5:
- case bltestSHA1:
- case bltestSHA256:
- case bltestSHA384:
- case bltestSHA512:
- default:
- break;
+ case bltestMD2:
+ case bltestMD5:
+ case bltestSHA1:
+ case bltestSHA256:
+ case bltestSHA384:
+ case bltestSHA512:
+ default:
+ break;
}
if (!td) {
PRInt64 totalThroughPut;
@@ -2851,7 +2887,7 @@ print_td:
fprintf(stdout, "\n");
return;
}
-
+
fprintf(stdout, "%8s", "opreps");
fprintf(stdout, "%8s", "cxreps");
fprintf(stdout, "%12s", "context");
@@ -2862,7 +2898,7 @@ print_td:
fprintf(stdout, "%8s", mode_strings[info->mode]);
fprintf(stdout, "_%c", (cxonly) ? 'c' : (encrypt) ? 'e' : 'd');
printPR_smpString("%12s", getHighUnitBytes(totalIn), "%12d", totalIn);
-
+
td = !td;
goto print_td;
}
@@ -2873,8 +2909,8 @@ printmodes()
bltestCipherMode mode;
int nummodes = sizeof(mode_strings) / sizeof(char *);
fprintf(stderr, "%s: Available modes (specify with -m):\n", progName);
- for (mode=0; mode<nummodes; mode++)
- fprintf(stderr, "%s\n", mode_strings[mode]);
+ for (mode = 0; mode < nummodes; mode++)
+ fprintf(stderr, "%s\n", mode_strings[mode]);
}
bltestCipherMode
@@ -2882,16 +2918,16 @@ get_mode(const char *modestring)
{
bltestCipherMode mode;
int nummodes = sizeof(mode_strings) / sizeof(char *);
- for (mode=0; mode<nummodes; mode++)
- if (PL_strcmp(modestring, mode_strings[mode]) == 0)
- return mode;
+ for (mode = 0; mode < nummodes; mode++)
+ if (PL_strcmp(modestring, mode_strings[mode]) == 0)
+ return mode;
fprintf(stderr, "%s: invalid mode: %s\n", progName, modestring);
return bltestINVALID;
}
void
load_file_data(PLArenaPool *arena, bltestIO *data,
- char *fn, bltestIOMode ioMode)
+ char *fn, bltestIOMode ioMode)
{
PRFileDesc *file;
data->mode = ioMode;
@@ -2900,8 +2936,8 @@ load_file_data(PLArenaPool *arena, bltestIO *data,
data->pBuf.len = 0;
file = PR_Open(fn, PR_RDONLY, 00660);
if (file) {
- setupIO(arena, data, file, NULL, 0);
- PR_Close(file);
+ setupIO(arena, data, file, NULL, 0);
+ PR_Close(file);
}
}
@@ -2909,7 +2945,7 @@ HASH_HashType
mode_str_to_hash_alg(const SECItem *modeStr)
{
bltestCipherMode mode;
- char* tempModeStr = NULL;
+ char *tempModeStr = NULL;
if (!modeStr || modeStr->len == 0)
return HASH_AlgNULL;
tempModeStr = PORT_Alloc(modeStr->len + 1);
@@ -2920,20 +2956,28 @@ mode_str_to_hash_alg(const SECItem *modeStr)
mode = get_mode(tempModeStr);
PORT_Free(tempModeStr);
switch (mode) {
- case bltestMD2: return HASH_AlgMD2;
- case bltestMD5: return HASH_AlgMD5;
- case bltestSHA1: return HASH_AlgSHA1;
- case bltestSHA224: return HASH_AlgSHA224;
- case bltestSHA256: return HASH_AlgSHA256;
- case bltestSHA384: return HASH_AlgSHA384;
- case bltestSHA512: return HASH_AlgSHA512;
- default: return HASH_AlgNULL;
+ case bltestMD2:
+ return HASH_AlgMD2;
+ case bltestMD5:
+ return HASH_AlgMD5;
+ case bltestSHA1:
+ return HASH_AlgSHA1;
+ case bltestSHA224:
+ return HASH_AlgSHA224;
+ case bltestSHA256:
+ return HASH_AlgSHA256;
+ case bltestSHA384:
+ return HASH_AlgSHA384;
+ case bltestSHA512:
+ return HASH_AlgSHA512;
+ default:
+ return HASH_AlgNULL;
}
}
void
get_params(PLArenaPool *arena, bltestParams *params,
- bltestCipherMode mode, int j)
+ bltestCipherMode mode, int j)
{
char filename[256];
char *modestr = mode_strings[mode];
@@ -2945,175 +2989,176 @@ get_params(PLArenaPool *arena, bltestParams *params,
int index = 0;
#endif
switch (mode) {
- case bltestAES_GCM:
- case bltestCHACHA20:
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j);
- load_file_data(arena, &params->ask.aad, filename, bltestBinary);
- case bltestDES_CBC:
- case bltestDES_EDE_CBC:
- case bltestRC2_CBC:
- case bltestAES_CBC:
- case bltestAES_CTS:
- case bltestAES_CTR:
- case bltestCAMELLIA_CBC:
- case bltestSEED_CBC:
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
- load_file_data(arena, &params->sk.iv, filename, bltestBinary);
- case bltestDES_ECB:
- case bltestDES_EDE_ECB:
- case bltestRC2_ECB:
- case bltestRC4:
- case bltestAES_ECB:
- case bltestCAMELLIA_ECB:
- case bltestSEED_ECB:
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
- load_file_data(arena, &params->sk.key, filename, bltestBinary);
- break;
+ case bltestAES_GCM:
+ case bltestCHACHA20:
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j);
+ load_file_data(arena, &params->ask.aad, filename, bltestBinary);
+ case bltestDES_CBC:
+ case bltestDES_EDE_CBC:
+ case bltestRC2_CBC:
+ case bltestAES_CBC:
+ case bltestAES_CTS:
+ case bltestAES_CTR:
+ case bltestCAMELLIA_CBC:
+ case bltestSEED_CBC:
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
+ load_file_data(arena, &params->sk.iv, filename, bltestBinary);
+ case bltestDES_ECB:
+ case bltestDES_EDE_ECB:
+ case bltestRC2_ECB:
+ case bltestRC4:
+ case bltestAES_ECB:
+ case bltestCAMELLIA_ECB:
+ case bltestSEED_ECB:
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+ load_file_data(arena, &params->sk.key, filename, bltestBinary);
+ break;
#ifdef NSS_SOFTOKEN_DOES_RC5
- case bltestRC5_ECB:
- case bltestRC5_CBC:
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
- load_file_data(arena, &params->sk.iv, filename, bltestBinary);
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
- load_file_data(arena, &params->sk.key, filename, bltestBinary);
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
- "params", j);
- file = fopen(filename, "r");
- if (!file) return;
- param = malloc(100);
- len = fread(param, 1, 100, file);
- while (index < len) {
- mark = PL_strchr(param, '=');
- *mark = '\0';
- val = mark + 1;
- mark = PL_strchr(val, '\n');
- *mark = '\0';
- if (PL_strcmp(param, "rounds") == 0) {
- params->rc5.rounds = atoi(val);
- } else if (PL_strcmp(param, "wordsize") == 0) {
- params->rc5.wordsize = atoi(val);
- }
- index += PL_strlen(param) + PL_strlen(val) + 2;
- param = mark + 1;
- }
- break;
+ case bltestRC5_ECB:
+ case bltestRC5_CBC:
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
+ load_file_data(arena, &params->sk.iv, filename, bltestBinary);
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+ load_file_data(arena, &params->sk.key, filename, bltestBinary);
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
+ "params", j);
+ file = fopen(filename, "r");
+ if (!file)
+ return;
+ param = malloc(100);
+ len = fread(param, 1, 100, file);
+ while (index < len) {
+ mark = PL_strchr(param, '=');
+ *mark = '\0';
+ val = mark + 1;
+ mark = PL_strchr(val, '\n');
+ *mark = '\0';
+ if (PL_strcmp(param, "rounds") == 0) {
+ params->rc5.rounds = atoi(val);
+ } else if (PL_strcmp(param, "wordsize") == 0) {
+ params->rc5.wordsize = atoi(val);
+ }
+ index += PL_strlen(param) + PL_strlen(val) + 2;
+ param = mark + 1;
+ }
+ break;
#endif
- case bltestRSA_PSS:
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
- load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
- /* fall through */
- case bltestRSA_OAEP:
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "seed", j);
- load_file_data(arena, &params->asymk.cipherParams.rsa.seed,
- filename, bltestBase64Encoded);
-
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "hash", j);
- load_file_data(arena, &tempIO, filename, bltestBinary);
- params->asymk.cipherParams.rsa.hashAlg =
- mode_str_to_hash_alg(&tempIO.buf);
-
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "maskhash", j);
- load_file_data(arena, &tempIO, filename, bltestBinary);
- params->asymk.cipherParams.rsa.maskHashAlg =
- mode_str_to_hash_alg(&tempIO.buf);
- /* fall through */
- case bltestRSA:
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
- load_file_data(arena, &params->asymk.key, filename,
- bltestBase64Encoded);
- params->asymk.privKey =
- (void *)rsakey_from_filedata(&params->asymk.key.buf);
- break;
- case bltestDSA:
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
- load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
- params->asymk.privKey =
- (void *)dsakey_from_filedata(&params->asymk.key.buf);
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j);
- load_file_data(arena, &params->asymk.cipherParams.dsa.pqgdata, filename,
- bltestBase64Encoded);
- params->asymk.cipherParams.dsa.pqg =
- pqg_from_filedata(&params->asymk.cipherParams.dsa.pqgdata.buf);
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j);
- load_file_data(arena, &params->asymk.cipherParams.dsa.keyseed, filename,
- bltestBase64Encoded);
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
- load_file_data(arena, &params->asymk.cipherParams.dsa.sigseed, filename,
- bltestBase64Encoded);
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
- load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
- break;
+ case bltestRSA_PSS:
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
+ load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
+ /* fall through */
+ case bltestRSA_OAEP:
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "seed", j);
+ load_file_data(arena, &params->asymk.cipherParams.rsa.seed,
+ filename, bltestBase64Encoded);
+
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "hash", j);
+ load_file_data(arena, &tempIO, filename, bltestBinary);
+ params->asymk.cipherParams.rsa.hashAlg =
+ mode_str_to_hash_alg(&tempIO.buf);
+
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "maskhash", j);
+ load_file_data(arena, &tempIO, filename, bltestBinary);
+ params->asymk.cipherParams.rsa.maskHashAlg =
+ mode_str_to_hash_alg(&tempIO.buf);
+ /* fall through */
+ case bltestRSA:
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+ load_file_data(arena, &params->asymk.key, filename,
+ bltestBase64Encoded);
+ params->asymk.privKey =
+ (void *)rsakey_from_filedata(&params->asymk.key.buf);
+ break;
+ case bltestDSA:
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+ load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
+ params->asymk.privKey =
+ (void *)dsakey_from_filedata(&params->asymk.key.buf);
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j);
+ load_file_data(arena, &params->asymk.cipherParams.dsa.pqgdata, filename,
+ bltestBase64Encoded);
+ params->asymk.cipherParams.dsa.pqg =
+ pqg_from_filedata(&params->asymk.cipherParams.dsa.pqgdata.buf);
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j);
+ load_file_data(arena, &params->asymk.cipherParams.dsa.keyseed, filename,
+ bltestBase64Encoded);
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
+ load_file_data(arena, &params->asymk.cipherParams.dsa.sigseed, filename,
+ bltestBase64Encoded);
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
+ load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
+ break;
#ifndef NSS_DISABLE_ECC
- case bltestECDSA:
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
- load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
- params->asymk.privKey =
- (void *)eckey_from_filedata(&params->asymk.key.buf);
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
- load_file_data(arena, &params->asymk.cipherParams.ecdsa.sigseed,
- filename, bltestBase64Encoded);
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
- load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
- break;
+ case bltestECDSA:
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+ load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
+ params->asymk.privKey =
+ (void *)eckey_from_filedata(&params->asymk.key.buf);
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
+ load_file_data(arena, &params->asymk.cipherParams.ecdsa.sigseed,
+ filename, bltestBase64Encoded);
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
+ load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
+ break;
#endif
- case bltestMD2:
- case bltestMD5:
- case bltestSHA1:
- case bltestSHA224:
- case bltestSHA256:
- case bltestSHA384:
- case bltestSHA512:
- /*params->hash.restart = PR_TRUE;*/
- params->hash.restart = PR_FALSE;
- break;
- default:
- break;
+ case bltestMD2:
+ case bltestMD5:
+ case bltestSHA1:
+ case bltestSHA224:
+ case bltestSHA256:
+ case bltestSHA384:
+ case bltestSHA512:
+ /*params->hash.restart = PR_TRUE;*/
+ params->hash.restart = PR_FALSE;
+ break;
+ default:
+ break;
}
}
SECStatus
verify_self_test(bltestIO *result, bltestIO *cmp, bltestCipherMode mode,
- PRBool forward, SECStatus sigstatus)
+ PRBool forward, SECStatus sigstatus)
{
PRBool equal;
char *modestr = mode_strings[mode];
equal = SECITEM_ItemsAreEqual(&result->pBuf, &cmp->buf);
if (is_sigCipher(mode)) {
- if (forward) {
- if (equal) {
- printf("Signature self-test for %s passed.\n", modestr);
- } else {
- printf("Signature self-test for %s failed!\n", modestr);
- }
- return equal ? SECSuccess : SECFailure;
- } else {
- if (sigstatus == SECSuccess) {
- printf("Verification self-test for %s passed.\n", modestr);
- } else {
- printf("Verification self-test for %s failed!\n", modestr);
- }
- return sigstatus;
- }
+ if (forward) {
+ if (equal) {
+ printf("Signature self-test for %s passed.\n", modestr);
+ } else {
+ printf("Signature self-test for %s failed!\n", modestr);
+ }
+ return equal ? SECSuccess : SECFailure;
+ } else {
+ if (sigstatus == SECSuccess) {
+ printf("Verification self-test for %s passed.\n", modestr);
+ } else {
+ printf("Verification self-test for %s failed!\n", modestr);
+ }
+ return sigstatus;
+ }
} else if (is_hashCipher(mode)) {
- if (equal) {
- printf("Hash self-test for %s passed.\n", modestr);
- } else {
- printf("Hash self-test for %s failed!\n", modestr);
- }
+ if (equal) {
+ printf("Hash self-test for %s passed.\n", modestr);
+ } else {
+ printf("Hash self-test for %s failed!\n", modestr);
+ }
} else {
- if (forward) {
- if (equal) {
- printf("Encryption self-test for %s passed.\n", modestr);
- } else {
- printf("Encryption self-test for %s failed!\n", modestr);
- }
- } else {
- if (equal) {
- printf("Decryption self-test for %s passed.\n", modestr);
- } else {
- printf("Decryption self-test for %s failed!\n", modestr);
- }
- }
+ if (forward) {
+ if (equal) {
+ printf("Encryption self-test for %s passed.\n", modestr);
+ } else {
+ printf("Encryption self-test for %s failed!\n", modestr);
+ }
+ } else {
+ if (equal) {
+ printf("Decryption self-test for %s passed.\n", modestr);
+ } else {
+ printf("Decryption self-test for %s failed!\n", modestr);
+ }
+ }
}
return equal ? SECSuccess : SECFailure;
}
@@ -3126,7 +3171,7 @@ ReadFileToItem(SECItem *dst, const char *filename)
file = PR_Open(filename, PR_RDONLY, 00660);
if (!file) {
- return SECFailure;
+ return SECFailure;
}
rv = SECU_FileToItem(dst, file);
PR_Close(file);
@@ -3153,97 +3198,97 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
cipherInfo.arena = arena;
nummodes = (numModes == 0) ? NUMMODES : numModes;
- for (i=0; i < nummodes; i++) {
- if (numModes > 0)
- mode = modes[i];
- else
- mode = i;
- if (mode == bltestINVALID) {
- fprintf(stderr, "%s: Skipping invalid mode.\n",progName);
- continue;
- }
- modestr = mode_strings[mode];
- cipherInfo.mode = mode;
- params = &cipherInfo.params;
- /* get the number of tests in the directory */
- sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests");
- if (ReadFileToItem(&item, filename) != SECSuccess) {
- fprintf(stderr, "%s: Cannot read file %s.\n", progName, filename);
- rv = SECFailure;
- continue;
- }
- /* loop over the tests in the directory */
- numtests = 0;
- for (j=0; j<item.len; j++) {
- if (!isdigit(item.data[j])) {
- break;
- }
- numtests *= 10;
- numtests += (int) (item.data[j] - '0');
- }
- for (j=0; j<numtests; j++) {
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
- "plaintext", j);
- load_file_data(arena, &pt, filename,
- is_sigCipher(mode) ? bltestBase64Encoded
- : bltestBinary);
- sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
- "ciphertext", j);
- load_file_data(arena, &ct, filename, bltestBase64Encoded);
-
- get_params(arena, params, mode, j);
- /* Forward Operation (Encrypt/Sign/Hash)
- ** Align the input buffer (plaintext) according to request
- ** then perform operation and compare to ciphertext
- */
- if (encrypt) {
- bltestCopyIO(arena, &cipherInfo.input, &pt);
- misalignBuffer(arena, &cipherInfo.input, inoff);
- memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
- rv |= cipherInit(&cipherInfo, PR_TRUE);
- misalignBuffer(arena, &cipherInfo.output, outoff);
- rv |= cipherDoOp(&cipherInfo);
- rv |= cipherFinish(&cipherInfo);
- rv |= verify_self_test(&cipherInfo.output,
- &ct, mode, PR_TRUE, SECSuccess);
- /* If testing hash, only one op to test */
- if (is_hashCipher(mode))
- continue;
- if (is_sigCipher(mode)) {
- /* Verify operations support detached signature files. For
- ** consistency between tests that run Sign/Verify back to
- ** back (eg: self-tests) and tests that are only running
- ** verify operations, copy the output into the sig buf,
- ** and then copy the sig buf back out when verifying. For
- ** self-tests, this is unnecessary copying, but for
- ** verify-only operations, this ensures that the output
- ** buffer is properly configured
- */
- bltestCopyIO(arena, &params->asymk.sig, &cipherInfo.output);
- }
- }
- if (!decrypt)
- continue;
- /* Reverse Operation (Decrypt/Verify)
- ** Align the input buffer (ciphertext) according to request
- ** then perform operation and compare to plaintext
- */
- if (is_sigCipher(mode)) {
- bltestCopyIO(arena, &cipherInfo.input, &pt);
- bltestCopyIO(arena, &cipherInfo.output, &params->asymk.sig);
- } else {
- bltestCopyIO(arena, &cipherInfo.input, &ct);
- memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
- }
- misalignBuffer(arena, &cipherInfo.input, inoff);
- rv |= cipherInit(&cipherInfo, PR_FALSE);
- misalignBuffer(arena, &cipherInfo.output, outoff);
- srv = SECSuccess;
- srv |= cipherDoOp(&cipherInfo);
- rv |= cipherFinish(&cipherInfo);
- rv |= verify_self_test(&cipherInfo.output,
- &pt, mode, PR_FALSE, srv);
- }
+ for (i = 0; i < nummodes; i++) {
+ if (numModes > 0)
+ mode = modes[i];
+ else
+ mode = i;
+ if (mode == bltestINVALID) {
+ fprintf(stderr, "%s: Skipping invalid mode.\n", progName);
+ continue;
+ }
+ modestr = mode_strings[mode];
+ cipherInfo.mode = mode;
+ params = &cipherInfo.params;
+ /* get the number of tests in the directory */
+ sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests");
+ if (ReadFileToItem(&item, filename) != SECSuccess) {
+ fprintf(stderr, "%s: Cannot read file %s.\n", progName, filename);
+ rv = SECFailure;
+ continue;
+ }
+ /* loop over the tests in the directory */
+ numtests = 0;
+ for (j = 0; j < item.len; j++) {
+ if (!isdigit(item.data[j])) {
+ break;
+ }
+ numtests *= 10;
+ numtests += (int)(item.data[j] - '0');
+ }
+ for (j = 0; j < numtests; j++) {
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
+ "plaintext", j);
+ load_file_data(arena, &pt, filename,
+ is_sigCipher(mode) ? bltestBase64Encoded
+ : bltestBinary);
+ sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
+ "ciphertext", j);
+ load_file_data(arena, &ct, filename, bltestBase64Encoded);
+
+ get_params(arena, params, mode, j);
+ /* Forward Operation (Encrypt/Sign/Hash)
+ ** Align the input buffer (plaintext) according to request
+ ** then perform operation and compare to ciphertext
+ */
+ if (encrypt) {
+ bltestCopyIO(arena, &cipherInfo.input, &pt);
+ misalignBuffer(arena, &cipherInfo.input, inoff);
+ memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
+ rv |= cipherInit(&cipherInfo, PR_TRUE);
+ misalignBuffer(arena, &cipherInfo.output, outoff);
+ rv |= cipherDoOp(&cipherInfo);
+ rv |= cipherFinish(&cipherInfo);
+ rv |= verify_self_test(&cipherInfo.output,
+ &ct, mode, PR_TRUE, SECSuccess);
+ /* If testing hash, only one op to test */
+ if (is_hashCipher(mode))
+ continue;
+ if (is_sigCipher(mode)) {
+ /* Verify operations support detached signature files. For
+ ** consistency between tests that run Sign/Verify back to
+ ** back (eg: self-tests) and tests that are only running
+ ** verify operations, copy the output into the sig buf,
+ ** and then copy the sig buf back out when verifying. For
+ ** self-tests, this is unnecessary copying, but for
+ ** verify-only operations, this ensures that the output
+ ** buffer is properly configured
+ */
+ bltestCopyIO(arena, &params->asymk.sig, &cipherInfo.output);
+ }
+ }
+ if (!decrypt)
+ continue;
+ /* Reverse Operation (Decrypt/Verify)
+ ** Align the input buffer (ciphertext) according to request
+ ** then perform operation and compare to plaintext
+ */
+ if (is_sigCipher(mode)) {
+ bltestCopyIO(arena, &cipherInfo.input, &pt);
+ bltestCopyIO(arena, &cipherInfo.output, &params->asymk.sig);
+ } else {
+ bltestCopyIO(arena, &cipherInfo.input, &ct);
+ memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
+ }
+ misalignBuffer(arena, &cipherInfo.input, inoff);
+ rv |= cipherInit(&cipherInfo, PR_FALSE);
+ misalignBuffer(arena, &cipherInfo.output, outoff);
+ srv = SECSuccess;
+ srv |= cipherDoOp(&cipherInfo);
+ rv |= cipherFinish(&cipherInfo);
+ rv |= verify_self_test(&cipherInfo.output,
+ &pt, mode, PR_FALSE, srv);
+ }
}
return rv;
}
@@ -3255,40 +3300,41 @@ dump_file(bltestCipherMode mode, char *filename)
PLArenaPool *arena = NULL;
arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
if (mode == bltestRSA || mode == bltestRSA_PSS || mode == bltestRSA_OAEP) {
- RSAPrivateKey *key;
- load_file_data(arena, &keydata, filename, bltestBase64Encoded);
- key = rsakey_from_filedata(&keydata.buf);
- dump_rsakey(key);
+ RSAPrivateKey *key;
+ load_file_data(arena, &keydata, filename, bltestBase64Encoded);
+ key = rsakey_from_filedata(&keydata.buf);
+ dump_rsakey(key);
} else if (mode == bltestDSA) {
#if 0
- PQGParams *pqg;
- get_file_data(filename, &item, PR_TRUE);
- pqg = pqg_from_filedata(&item);
- dump_pqg(pqg);
+ PQGParams *pqg;
+ get_file_data(filename, &item, PR_TRUE);
+ pqg = pqg_from_filedata(&item);
+ dump_pqg(pqg);
#endif
- DSAPrivateKey *key;
- load_file_data(arena, &keydata, filename, bltestBase64Encoded);
- key = dsakey_from_filedata(&keydata.buf);
- dump_dsakey(key);
+ DSAPrivateKey *key;
+ load_file_data(arena, &keydata, filename, bltestBase64Encoded);
+ key = dsakey_from_filedata(&keydata.buf);
+ dump_dsakey(key);
#ifndef NSS_DISABLE_ECC
} else if (mode == bltestECDSA) {
- ECPrivateKey *key;
- load_file_data(arena, &keydata, filename, bltestBase64Encoded);
- key = eckey_from_filedata(&keydata.buf);
- dump_eckey(key);
+ ECPrivateKey *key;
+ load_file_data(arena, &keydata, filename, bltestBase64Encoded);
+ key = eckey_from_filedata(&keydata.buf);
+ dump_eckey(key);
#endif
}
PORT_FreeArena(arena, PR_FALSE);
return SECFailure;
}
-void ThreadExecTest(void *data)
+void
+ThreadExecTest(void *data)
{
- bltestCipherInfo *cipherInfo = (bltestCipherInfo*)data;
+ bltestCipherInfo *cipherInfo = (bltestCipherInfo *)data;
if (cipherInfo->mCarlo == PR_TRUE) {
int mciter;
- for (mciter=0; mciter<10000; mciter++) {
+ for (mciter = 0; mciter < 10000; mciter++) {
cipherDoOp(cipherInfo);
memcpy(cipherInfo->input.buf.data,
cipherInfo->output.buf.data,
@@ -3300,7 +3346,8 @@ void ThreadExecTest(void *data)
cipherFinish(cipherInfo);
}
-static void rsaPrivKeyReset(RSAPrivateKey *tstKey)
+static void
+rsaPrivKeyReset(RSAPrivateKey *tstKey)
{
PLArenaPool *arena;
@@ -3326,24 +3373,23 @@ static void rsaPrivKeyReset(RSAPrivateKey *tstKey)
arena = tstKey->arena;
tstKey->arena = NULL;
if (arena) {
- PORT_FreeArena(arena, PR_TRUE);
+ PORT_FreeArena(arena, PR_TRUE);
}
}
-
-#define RSA_TEST_EQUAL(comp) \
- if (!SECITEM_ItemsAreEqual(&(src->comp),&(dest->comp))) { \
- fprintf(stderr, "key->" #comp " not equal"); \
- if (src->comp.len != dest->comp.len) { \
- fprintf(stderr, "src_len = %d, dest_len = %d", \
- src->comp.len, dest->comp.len); \
- } \
- fprintf(stderr, "\n"); \
- areEqual = PR_FALSE; \
+#define RSA_TEST_EQUAL(comp) \
+ if (!SECITEM_ItemsAreEqual(&(src->comp), &(dest->comp))) { \
+ fprintf(stderr, "key->" #comp " not equal"); \
+ if (src->comp.len != dest->comp.len) { \
+ fprintf(stderr, "src_len = %d, dest_len = %d", \
+ src->comp.len, dest->comp.len); \
+ } \
+ fprintf(stderr, "\n"); \
+ areEqual = PR_FALSE; \
}
-
-static PRBool rsaPrivKeysAreEqual(RSAPrivateKey *src, RSAPrivateKey *dest)
+static PRBool
+rsaPrivKeysAreEqual(RSAPrivateKey *src, RSAPrivateKey *dest)
{
PRBool areEqual = PR_TRUE;
RSA_TEST_EQUAL(modulus)
@@ -3355,10 +3401,10 @@ static PRBool rsaPrivKeysAreEqual(RSAPrivateKey *src, RSAPrivateKey *dest)
RSA_TEST_EQUAL(exponent2)
RSA_TEST_EQUAL(coefficient)
if (!areEqual) {
- fprintf(stderr, "original key:\n");
- dump_rsakey(src);
- fprintf(stderr, "recreated key:\n");
- dump_rsakey(dest);
+ fprintf(stderr, "original key:\n");
+ dump_rsakey(src);
+ fprintf(stderr, "recreated key:\n");
+ dump_rsakey(dest);
}
return areEqual;
}
@@ -3367,7 +3413,8 @@ static PRBool rsaPrivKeysAreEqual(RSAPrivateKey *src, RSAPrivateKey *dest)
* Test the RSA populate command to see that it can really build
* keys from it's components.
*/
-static int doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
+static int
+doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
{
RSAPrivateKey *srcKey;
RSAPrivateKey tstKey = { 0 };
@@ -3378,11 +3425,11 @@ static int doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
int failed = 0;
int i;
- for (i=0; i < sizeof(unsigned long); i++) {
- int shift = (sizeof(unsigned long) - i -1 ) * 8;
- if (expLen || (exponent && ((unsigned long)0xffL << shift))) {
- pubExp[expLen] = (unsigned char) ((exponent >> shift) & 0xff);
- expLen++;
+ for (i = 0; i < sizeof(unsigned long); i++) {
+ int shift = (sizeof(unsigned long) - i - 1) * 8;
+ if (expLen || (exponent && ((unsigned long)0xffL << shift))) {
+ pubExp[expLen] = (unsigned char)((exponent >> shift) & 0xff);
+ expLen++;
}
}
@@ -3391,8 +3438,8 @@ static int doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
srcKey = RSA_NewKey(keySize, &expitem);
if (srcKey == NULL) {
- fprintf(stderr, "RSA Key Gen failed");
- return -1;
+ fprintf(stderr, "RSA Key Gen failed");
+ return -1;
}
/* test the basic case - most common, public exponent, modulus, prime */
@@ -3405,11 +3452,11 @@ static int doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
rv = RSA_PopulatePrivateKey(&tstKey);
if (rv != SECSuccess) {
- fprintf(stderr, "RSA Populate failed: pubExp mod p\n");
- failed = 1;
+ fprintf(stderr, "RSA Populate failed: pubExp mod p\n");
+ failed = 1;
} else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
- fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n");
- failed = 1;
+ fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n");
+ failed = 1;
}
/* test the basic2 case, public exponent, modulus, prime2 */
@@ -3421,11 +3468,11 @@ static int doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
rv = RSA_PopulatePrivateKey(&tstKey);
if (rv != SECSuccess) {
- fprintf(stderr, "RSA Populate failed: pubExp mod q\n");
- failed = 1;
+ fprintf(stderr, "RSA Populate failed: pubExp mod q\n");
+ failed = 1;
} else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
- fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n");
- failed = 1;
+ fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n");
+ failed = 1;
}
/* test the medium case, private exponent, prime1, prime2 */
@@ -3437,11 +3484,11 @@ static int doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
rv = RSA_PopulatePrivateKey(&tstKey);
if (rv != SECSuccess) {
- fprintf(stderr, "RSA Populate failed: privExp p q\n");
- failed = 1;
+ fprintf(stderr, "RSA Populate failed: privExp p q\n");
+ failed = 1;
} else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
- fprintf(stderr, "RSA Populate key mismatch: privExp p q\n");
- failed = 1;
+ fprintf(stderr, "RSA Populate key mismatch: privExp p q\n");
+ failed = 1;
}
/* test the advanced case, public exponent, private exponent, prime2 */
@@ -3453,16 +3500,16 @@ static int doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
rv = RSA_PopulatePrivateKey(&tstKey);
if (rv != SECSuccess) {
- fprintf(stderr, "RSA Populate failed: pubExp privExp q\n");
- fprintf(stderr, " - not fatal\n");
- /* it's possible that we can't uniquely determine the original key
- * from just the exponents and prime. Populate returns an error rather
- * than return the wrong key. */
+ fprintf(stderr, "RSA Populate failed: pubExp privExp q\n");
+ fprintf(stderr, " - not fatal\n");
+ /* it's possible that we can't uniquely determine the original key
+ * from just the exponents and prime. Populate returns an error rather
+ * than return the wrong key. */
} else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
- /* if we returned a key, it *must* be correct */
- fprintf(stderr, "RSA Populate key mismatch: pubExp privExp q\n");
- rv = RSA_PrivateKeyCheck(&tstKey);
- failed = 1;
+ /* if we returned a key, it *must* be correct */
+ fprintf(stderr, "RSA Populate key mismatch: pubExp privExp q\n");
+ rv = RSA_PrivateKeyCheck(&tstKey);
+ failed = 1;
}
/* test the advanced case2, public exponent, private exponent, modulus */
@@ -3474,18 +3521,16 @@ static int doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
rv = RSA_PopulatePrivateKey(&tstKey);
if (rv != SECSuccess) {
- fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n");
- failed = 1;
+ fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n");
+ failed = 1;
} else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
- fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n");
- failed = 1;
+ fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n");
+ failed = 1;
}
return failed ? -1 : 0;
}
-
-
/* bltest commands */
enum {
cmd_Decrypt = 0,
@@ -3540,74 +3585,75 @@ enum {
};
static secuCommandFlag bltest_commands[] =
-{
- { /* cmd_Decrypt */ 'D', PR_FALSE, 0, PR_FALSE },
- { /* cmd_Encrypt */ 'E', PR_FALSE, 0, PR_FALSE },
- { /* cmd_FIPS */ 'F', PR_FALSE, 0, PR_FALSE },
- { /* cmd_Hash */ 'H', PR_FALSE, 0, PR_FALSE },
- { /* cmd_Nonce */ 'N', PR_FALSE, 0, PR_FALSE },
- { /* cmd_Dump */ 'P', PR_FALSE, 0, PR_FALSE },
- { /* cmd_RSAPopulate*/ 'R', PR_FALSE, 0, PR_FALSE },
- { /* cmd_Sign */ 'S', PR_FALSE, 0, PR_FALSE },
- { /* cmd_SelfTest */ 'T', PR_FALSE, 0, PR_FALSE },
- { /* cmd_Verify */ 'V', PR_FALSE, 0, PR_FALSE }
-};
+ {
+ { /* cmd_Decrypt */ 'D', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_Encrypt */ 'E', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_FIPS */ 'F', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_Hash */ 'H', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_Nonce */ 'N', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_Dump */ 'P', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_RSAPopulate*/ 'R', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_Sign */ 'S', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_SelfTest */ 'T', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_Verify */ 'V', PR_FALSE, 0, PR_FALSE }
+ };
static secuCommandFlag bltest_options[] =
-{
- { /* opt_B64 */ 'a', PR_FALSE, 0, PR_FALSE },
- { /* opt_BufSize */ 'b', PR_TRUE, 0, PR_FALSE },
- { /* opt_Restart */ 'c', PR_FALSE, 0, PR_FALSE },
- { /* opt_SelfTestDir */ 'd', PR_TRUE, 0, PR_FALSE },
- { /* opt_Exponent */ 'e', PR_TRUE, 0, PR_FALSE },
- { /* opt_SigFile */ 'f', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE },
- { /* opt_Hex */ 'h', PR_FALSE, 0, PR_FALSE },
- { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE },
- { /* opt_PQGFile */ 'j', PR_TRUE, 0, PR_FALSE },
- { /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE },
- { /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE },
- { /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE },
+ {
+ { /* opt_B64 */ 'a', PR_FALSE, 0, PR_FALSE },
+ { /* opt_BufSize */ 'b', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Restart */ 'c', PR_FALSE, 0, PR_FALSE },
+ { /* opt_SelfTestDir */ 'd', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Exponent */ 'e', PR_TRUE, 0, PR_FALSE },
+ { /* opt_SigFile */ 'f', PR_TRUE, 0, PR_FALSE },
+ { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Hex */ 'h', PR_FALSE, 0, PR_FALSE },
+ { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE },
+ { /* opt_PQGFile */ 'j', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE },
+ { /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE },
+ { /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE },
#ifndef NSS_DISABLE_ECC
- { /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE },
+ { /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE },
#endif
- { /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE },
- { /* opt_Repetitions */ 'p', PR_TRUE, 0, PR_FALSE },
- { /* opt_ZeroBuf */ 'q', PR_FALSE, 0, PR_FALSE },
- { /* opt_Rounds */ 'r', PR_TRUE, 0, PR_FALSE },
- { /* opt_Seed */ 's', PR_TRUE, 0, PR_FALSE },
- { /* opt_SigSeedFile */ 't', PR_TRUE, 0, PR_FALSE },
- { /* opt_CXReps */ 'u', PR_TRUE, 0, PR_FALSE },
- { /* opt_IV */ 'v', PR_TRUE, 0, PR_FALSE },
- { /* opt_WordSize */ 'w', PR_TRUE, 0, PR_FALSE },
- { /* opt_UseSeed */ 'x', PR_FALSE, 0, PR_FALSE },
- { /* opt_UseSigSeed */ 'y', PR_FALSE, 0, PR_FALSE },
- { /* opt_SeedFile */ 'z', PR_FALSE, 0, PR_FALSE },
- { /* opt_AAD */ 0 , PR_TRUE, 0, PR_FALSE, "aad" },
- { /* opt_InputOffset */ '1', PR_TRUE, 0, PR_FALSE },
- { /* opt_OutputOffset */ '2', PR_TRUE, 0, PR_FALSE },
- { /* opt_MonteCarlo */ '3', PR_FALSE, 0, PR_FALSE },
- { /* opt_ThreadNum */ '4', PR_TRUE, 0, PR_FALSE },
- { /* opt_SecondsToRun */ '5', PR_TRUE, 0, PR_FALSE },
- { /* opt_CmdLine */ '-', PR_FALSE, 0, PR_FALSE }
-};
-
-int main(int argc, char **argv)
+ { /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Repetitions */ 'p', PR_TRUE, 0, PR_FALSE },
+ { /* opt_ZeroBuf */ 'q', PR_FALSE, 0, PR_FALSE },
+ { /* opt_Rounds */ 'r', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Seed */ 's', PR_TRUE, 0, PR_FALSE },
+ { /* opt_SigSeedFile */ 't', PR_TRUE, 0, PR_FALSE },
+ { /* opt_CXReps */ 'u', PR_TRUE, 0, PR_FALSE },
+ { /* opt_IV */ 'v', PR_TRUE, 0, PR_FALSE },
+ { /* opt_WordSize */ 'w', PR_TRUE, 0, PR_FALSE },
+ { /* opt_UseSeed */ 'x', PR_FALSE, 0, PR_FALSE },
+ { /* opt_UseSigSeed */ 'y', PR_FALSE, 0, PR_FALSE },
+ { /* opt_SeedFile */ 'z', PR_FALSE, 0, PR_FALSE },
+ { /* opt_AAD */ 0, PR_TRUE, 0, PR_FALSE, "aad" },
+ { /* opt_InputOffset */ '1', PR_TRUE, 0, PR_FALSE },
+ { /* opt_OutputOffset */ '2', PR_TRUE, 0, PR_FALSE },
+ { /* opt_MonteCarlo */ '3', PR_FALSE, 0, PR_FALSE },
+ { /* opt_ThreadNum */ '4', PR_TRUE, 0, PR_FALSE },
+ { /* opt_SecondsToRun */ '5', PR_TRUE, 0, PR_FALSE },
+ { /* opt_CmdLine */ '-', PR_FALSE, 0, PR_FALSE }
+ };
+
+int
+main(int argc, char **argv)
{
SECStatus rv = SECFailure;
- double totalTime = 0.0;
- PRIntervalTime time1, time2;
- PRFileDesc *outfile = NULL;
- bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL;
- bltestIOMode ioMode;
- int bufsize, exponent, curThrdNum;
+ double totalTime = 0.0;
+ PRIntervalTime time1, time2;
+ PRFileDesc *outfile = NULL;
+ bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL;
+ bltestIOMode ioMode;
+ int bufsize, exponent, curThrdNum;
#ifndef NSS_DISABLE_ECC
- char *curveName = NULL;
+ char *curveName = NULL;
#endif
- int i, commandsEntered;
- int inoff, outoff;
- int threads = 1;
+ int i, commandsEntered;
+ int inoff, outoff;
+ int threads = 1;
secuCommand bltest;
bltest.numCommands = sizeof(bltest_commands) / sizeof(secuCommandFlag);
@@ -3616,32 +3662,31 @@ int main(int argc, char **argv)
bltest.options = bltest_options;
progName = strrchr(argv[0], '/');
- if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
+ if (!progName)
+ progName = strrchr(argv[0], '\\');
+ progName = progName ? progName + 1 : argv[0];
rv = NSS_InitializePRErrorTable();
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- return -1;
+ SECU_PrintPRandOSError(progName);
+ return -1;
}
rv = RNG_RNGInit();
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- return -1;
+ SECU_PrintPRandOSError(progName);
+ return -1;
}
rv = BL_Init();
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- return -1;
+ SECU_PrintPRandOSError(progName);
+ return -1;
}
RNG_SystemInfoForRNG();
-
rv = SECU_ParseCommandLine(argc, argv, progName, &bltest);
if (rv == SECFailure) {
- fprintf(stderr, "%s: command line parsing error!\n", progName);
- goto print_usage;
+ fprintf(stderr, "%s: command line parsing error!\n", progName);
+ goto print_usage;
}
rv = SECFailure;
@@ -3650,37 +3695,36 @@ int main(int argc, char **argv)
/* Check the number of commands entered on the command line. */
commandsEntered = 0;
- for (i=0; i<bltest.numCommands; i++)
- if (bltest.commands[i].activated)
- commandsEntered++;
+ for (i = 0; i < bltest.numCommands; i++)
+ if (bltest.commands[i].activated)
+ commandsEntered++;
if (commandsEntered > 1 &&
- !(commandsEntered == 2 && bltest.commands[cmd_SelfTest].activated)) {
- fprintf(stderr, "%s: one command at a time!\n", progName);
+ !(commandsEntered == 2 && bltest.commands[cmd_SelfTest].activated)) {
+ fprintf(stderr, "%s: one command at a time!\n", progName);
goto print_usage;
}
if (commandsEntered == 0) {
- fprintf(stderr, "%s: you must enter a command!\n", progName);
+ fprintf(stderr, "%s: you must enter a command!\n", progName);
goto print_usage;
}
-
if (bltest.commands[cmd_Sign].activated)
- bltest.commands[cmd_Encrypt].activated = PR_TRUE;
+ bltest.commands[cmd_Encrypt].activated = PR_TRUE;
if (bltest.commands[cmd_Verify].activated)
- bltest.commands[cmd_Decrypt].activated = PR_TRUE;
+ bltest.commands[cmd_Decrypt].activated = PR_TRUE;
if (bltest.commands[cmd_Hash].activated)
- bltest.commands[cmd_Encrypt].activated = PR_TRUE;
+ bltest.commands[cmd_Encrypt].activated = PR_TRUE;
inoff = outoff = 0;
if (bltest.options[opt_InputOffset].activated)
- inoff = PORT_Atoi(bltest.options[opt_InputOffset].arg);
+ inoff = PORT_Atoi(bltest.options[opt_InputOffset].arg);
if (bltest.options[opt_OutputOffset].activated)
- outoff = PORT_Atoi(bltest.options[opt_OutputOffset].arg);
+ outoff = PORT_Atoi(bltest.options[opt_OutputOffset].arg);
- testdir = (bltest.options[opt_SelfTestDir].activated) ?
- strdup(bltest.options[opt_SelfTestDir].arg) : ".";
+ testdir = (bltest.options[opt_SelfTestDir].activated) ? strdup(bltest.options[opt_SelfTestDir].arg)
+ : ".";
/*
* Handle three simple cases first
@@ -3688,69 +3732,70 @@ int main(int argc, char **argv)
/* test the RSA_PopulatePrivateKey function */
if (bltest.commands[cmd_RSAPopulate].activated) {
- unsigned int keySize = 1024;
- unsigned long exponent = 65537;
- int rounds = 1;
- int ret = -1;
-
- if (bltest.options[opt_KeySize].activated) {
- keySize = PORT_Atoi(bltest.options[opt_KeySize].arg);
- }
- if (bltest.options[opt_Rounds].activated) {
- rounds = PORT_Atoi(bltest.options[opt_Rounds].arg);
- }
- if (bltest.options[opt_Exponent].activated) {
- exponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
- }
-
- for (i=0; i < rounds; i++) {
- printf("Running RSA Populate test round %d\n",i);
- ret = doRSAPopulateTest(keySize,exponent);
- if (ret != 0) {
- break;
- }
- }
- if (ret != 0) {
- fprintf(stderr,"RSA Populate test round %d: FAILED\n",i);
- }
- return ret;
+ unsigned int keySize = 1024;
+ unsigned long exponent = 65537;
+ int rounds = 1;
+ int ret = -1;
+
+ if (bltest.options[opt_KeySize].activated) {
+ keySize = PORT_Atoi(bltest.options[opt_KeySize].arg);
+ }
+ if (bltest.options[opt_Rounds].activated) {
+ rounds = PORT_Atoi(bltest.options[opt_Rounds].arg);
+ }
+ if (bltest.options[opt_Exponent].activated) {
+ exponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
+ }
+
+ for (i = 0; i < rounds; i++) {
+ printf("Running RSA Populate test round %d\n", i);
+ ret = doRSAPopulateTest(keySize, exponent);
+ if (ret != 0) {
+ break;
+ }
+ }
+ if (ret != 0) {
+ fprintf(stderr, "RSA Populate test round %d: FAILED\n", i);
+ }
+ return ret;
}
/* Do BLAPI self-test */
if (bltest.commands[cmd_SelfTest].activated) {
- PRBool encrypt = PR_TRUE, decrypt = PR_TRUE;
- /* user may specified a set of ciphers to test. parse them. */
- bltestCipherMode modesToTest[NUMMODES];
- int numModesToTest = 0;
- char *tok, *str;
- str = bltest.options[opt_Mode].arg;
- while (str) {
- tok = strchr(str, ',');
- if (tok) *tok = '\0';
- modesToTest[numModesToTest++] = get_mode(str);
- if (tok) {
- *tok = ',';
- str = tok + 1;
- } else {
- break;
- }
- }
- if (bltest.commands[cmd_Decrypt].activated &&
- !bltest.commands[cmd_Encrypt].activated)
- encrypt = PR_FALSE;
- if (bltest.commands[cmd_Encrypt].activated &&
- !bltest.commands[cmd_Decrypt].activated)
- decrypt = PR_FALSE;
- rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff,
- encrypt, decrypt);
- PORT_Free(cipherInfo);
- return rv == SECSuccess ? 0 : 1;
+ PRBool encrypt = PR_TRUE, decrypt = PR_TRUE;
+ /* user may specified a set of ciphers to test. parse them. */
+ bltestCipherMode modesToTest[NUMMODES];
+ int numModesToTest = 0;
+ char *tok, *str;
+ str = bltest.options[opt_Mode].arg;
+ while (str) {
+ tok = strchr(str, ',');
+ if (tok)
+ *tok = '\0';
+ modesToTest[numModesToTest++] = get_mode(str);
+ if (tok) {
+ *tok = ',';
+ str = tok + 1;
+ } else {
+ break;
+ }
+ }
+ if (bltest.commands[cmd_Decrypt].activated &&
+ !bltest.commands[cmd_Encrypt].activated)
+ encrypt = PR_FALSE;
+ if (bltest.commands[cmd_Encrypt].activated &&
+ !bltest.commands[cmd_Decrypt].activated)
+ decrypt = PR_FALSE;
+ rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff,
+ encrypt, decrypt);
+ PORT_Free(cipherInfo);
+ return rv == SECSuccess ? 0 : 1;
}
/* Do FIPS self-test */
if (bltest.commands[cmd_FIPS].activated) {
- CK_RV ckrv = sftk_FIPSEntryOK();
- fprintf(stdout, "CK_RV: %ld.\n", ckrv);
+ CK_RV ckrv = sftk_FIPSEntryOK();
+ fprintf(stdout, "CK_RV: %ld.\n", ckrv);
PORT_Free(cipherInfo);
if (ckrv == CKR_OK)
return SECSuccess;
@@ -3762,29 +3807,28 @@ int main(int argc, char **argv)
*/
if ((bltest.commands[cmd_Decrypt].activated ||
- bltest.commands[cmd_Verify].activated) &&
- bltest.options[opt_BufSize].activated) {
- fprintf(stderr, "%s: Cannot use a nonce as input to decrypt/verify.\n",
- progName);
+ bltest.commands[cmd_Verify].activated) &&
+ bltest.options[opt_BufSize].activated) {
+ fprintf(stderr, "%s: Cannot use a nonce as input to decrypt/verify.\n",
+ progName);
goto print_usage;
}
if (bltest.options[opt_Mode].activated) {
- cipherInfo->mode = get_mode(bltest.options[opt_Mode].arg);
- if (cipherInfo->mode == bltestINVALID) {
+ cipherInfo->mode = get_mode(bltest.options[opt_Mode].arg);
+ if (cipherInfo->mode == bltestINVALID) {
goto print_usage;
- }
+ }
} else {
- fprintf(stderr, "%s: You must specify a cipher mode with -m.\n",
- progName);
+ fprintf(stderr, "%s: You must specify a cipher mode with -m.\n",
+ progName);
goto print_usage;
}
-
if (bltest.options[opt_Repetitions].activated &&
bltest.options[opt_SecondsToRun].activated) {
fprintf(stderr, "%s: Operation time should be defined in either "
- "repetitions(-p) or seconds(-5) not both",
+ "repetitions(-p) or seconds(-5) not both",
progName);
goto print_usage;
}
@@ -3802,7 +3846,6 @@ int main(int argc, char **argv)
cipherInfo->seconds = 0;
}
-
if (bltest.options[opt_CXReps].activated) {
cipherInfo->cxreps = PORT_Atoi(bltest.options[opt_CXReps].arg);
} else {
@@ -3824,21 +3867,23 @@ int main(int argc, char **argv)
}
/* default input mode is binary */
- ioMode = (bltest.options[opt_B64].activated) ? bltestBase64Encoded :
- (bltest.options[opt_Hex].activated) ? bltestHexStream :
- (bltest.options[opt_HexWSpc].activated) ? bltestHexSpaceDelim :
- bltestBinary;
+ ioMode = (bltest.options[opt_B64].activated)
+ ? bltestBase64Encoded
+ : (bltest.options[opt_Hex].activated)
+ ? bltestHexStream
+ : (bltest.options[opt_HexWSpc].activated) ? bltestHexSpaceDelim
+ : bltestBinary;
if (bltest.options[opt_Exponent].activated)
- exponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
+ exponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
else
- exponent = 65537;
+ exponent = 65537;
#ifndef NSS_DISABLE_ECC
if (bltest.options[opt_CurveName].activated)
- curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
+ curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
else
- curveName = NULL;
+ curveName = NULL;
#endif
if (bltest.commands[cmd_Verify].activated &&
@@ -3846,7 +3891,7 @@ int main(int argc, char **argv)
fprintf(stderr, "%s: You must specify a signature file with -f.\n",
progName);
-print_usage:
+ print_usage:
if (cipherInfo) {
PORT_Free(cipherInfo);
}
@@ -3859,12 +3904,12 @@ print_usage:
cipherInfo->mCarlo = PR_FALSE;
}
- for (curThrdNum = 0;curThrdNum < threads;curThrdNum++) {
- int keysize = 0;
- PRFileDesc *file = NULL, *infile;
- bltestParams *params;
- char *instr = NULL;
- PLArenaPool *arena;
+ for (curThrdNum = 0; curThrdNum < threads; curThrdNum++) {
+ int keysize = 0;
+ PRFileDesc *file = NULL, *infile;
+ bltestParams *params;
+ char *instr = NULL;
+ PLArenaPool *arena;
if (curThrdNum > 0) {
bltestCipherInfo *newCInfo = PORT_ZNew(bltestCipherInfo);
@@ -3888,13 +3933,13 @@ print_usage:
}
cipherInfo->arena = arena;
params = &cipherInfo->params;
-
+
/* Set up an encryption key. */
keysize = 0;
file = NULL;
if (is_symmkeyCipher(cipherInfo->mode) ||
- is_aeadCipher(cipherInfo->mode)) {
- char *keystr = NULL; /* if key is on command line */
+ is_aeadCipher(cipherInfo->mode)) {
+ char *keystr = NULL; /* if key is on command line */
if (bltest.options[opt_Key].activated) {
if (bltest.options[opt_CmdLine].activated) {
keystr = bltest.options[opt_Key].arg;
@@ -3908,7 +3953,7 @@ print_usage:
else
keysize = 8; /* use 64-bit default (DES) */
/* save the random key for reference */
- file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660);
+ file = PR_Open("tmp.key", PR_WRONLY | PR_CREATE_FILE, 00660);
}
params->key.mode = ioMode;
setupIO(cipherInfo->arena, &params->key, file, keystr, keysize);
@@ -3922,7 +3967,7 @@ print_usage:
keysize = PORT_Atoi(bltest.options[opt_KeySize].arg);
else
keysize = 64; /* use 512-bit default */
- file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660);
+ file = PR_Open("tmp.key", PR_WRONLY | PR_CREATE_FILE, 00660);
}
params->key.mode = bltestBase64Encoded;
#ifndef NSS_DISABLE_ECC
@@ -3953,7 +3998,7 @@ print_usage:
}
} else {
/* save the random iv for reference */
- file = PR_Open("tmp.iv", PR_WRONLY|PR_CREATE_FILE, 00660);
+ file = PR_Open("tmp.iv", PR_WRONLY | PR_CREATE_FILE, 00660);
}
memset(&skp->iv, 0, sizeof skp->iv);
skp->iv.mode = ioMode;
@@ -3986,7 +4031,7 @@ print_usage:
PR_Close(file);
}
}
-
+
if (bltest.commands[cmd_Verify].activated) {
file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660);
if (is_sigCipher(cipherInfo->mode)) {
@@ -3998,7 +4043,7 @@ print_usage:
PR_Close(file);
}
}
-
+
if (bltest.options[opt_PQGFile].activated) {
file = PR_Open(bltest.options[opt_PQGFile].arg, PR_RDONLY, 00660);
params->asymk.cipherParams.dsa.pqgdata.mode = bltestBase64Encoded;
@@ -4016,10 +4061,10 @@ print_usage:
infile = NULL;
} else {
/* form file name from testdir and input arg. */
- char * filename = bltest.options[opt_Input].arg;
- if (bltest.options[opt_SelfTestDir].activated &&
+ char *filename = bltest.options[opt_Input].arg;
+ if (bltest.options[opt_SelfTestDir].activated &&
testdir && filename && filename[0] != '/') {
- filename = PR_smprintf("%s/tests/%s/%s", testdir,
+ filename = PR_smprintf("%s/tests/%s/%s", testdir,
mode_strings[cipherInfo->mode],
filename);
if (!filename) {
@@ -4040,7 +4085,7 @@ print_usage:
fprintf(stderr, "%s: Can not allocate memory.\n", progName);
goto exit_point;
}
- infile = PR_Open(tmpFName, PR_WRONLY|PR_CREATE_FILE, 00660);
+ infile = PR_Open(tmpFName, PR_WRONLY | PR_CREATE_FILE, 00660);
PR_smprintf_free(tmpFName);
} else {
infile = PR_STDIN;
@@ -4054,20 +4099,20 @@ print_usage:
/* Set up the output stream */
if (bltest.options[opt_Output].activated) {
/* form file name from testdir and input arg. */
- char * filename = bltest.options[opt_Output].arg;
- if (bltest.options[opt_SelfTestDir].activated &&
+ char *filename = bltest.options[opt_Output].arg;
+ if (bltest.options[opt_SelfTestDir].activated &&
testdir && filename && filename[0] != '/') {
- filename = PR_smprintf("%s/tests/%s/%s", testdir,
+ filename = PR_smprintf("%s/tests/%s/%s", testdir,
mode_strings[cipherInfo->mode],
filename);
if (!filename) {
fprintf(stderr, "%s: Can not allocate memory.\n", progName);
goto exit_point;
}
- outfile = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660);
+ outfile = PR_Open(filename, PR_WRONLY | PR_CREATE_FILE, 00660);
PR_smprintf_free(filename);
} else {
- outfile = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660);
+ outfile = PR_Open(filename, PR_WRONLY | PR_CREATE_FILE, 00660);
}
} else {
outfile = PR_STDOUT;
@@ -4103,16 +4148,16 @@ print_usage:
TIMESTART();
cipherInfo = cipherInfoListHead;
while (cipherInfo != NULL) {
- cipherInfo->cipherThread =
+ cipherInfo->cipherThread =
PR_CreateThread(PR_USER_THREAD,
- ThreadExecTest,
- cipherInfo,
- PR_PRIORITY_NORMAL,
- PR_GLOBAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
+ ThreadExecTest,
+ cipherInfo,
+ PR_PRIORITY_NORMAL,
+ PR_GLOBAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
cipherInfo = cipherInfo->next;
- }
+ }
cipherInfo = cipherInfoListHead;
while (cipherInfo != NULL) {
@@ -4122,19 +4167,19 @@ print_usage:
}
TIMEFINISH(totalTime, 1);
}
-
+
cipherInfo = cipherInfoListHead;
if (cipherInfo->repetitions > 0 || cipherInfo->cxreps > 0 ||
threads > 1)
dump_performance_info(cipherInfoListHead, totalTime,
bltest.commands[cmd_Encrypt].activated,
- (cipherInfo->repetitions == 0));
-
+ (cipherInfo->repetitions == 0));
+
rv = SECSuccess;
- exit_point:
+exit_point:
if (outfile && outfile != PR_STDOUT)
- PR_Close(outfile);
+ PR_Close(outfile);
cipherInfo = cipherInfoListHead;
while (cipherInfo != NULL) {
bltestCipherInfo *tmpInfo = cipherInfo;
@@ -4149,4 +4194,3 @@ print_usage:
return SECSuccess;
}
-
diff --git a/cmd/bltest/tests/aes_gcm/hex.c b/cmd/bltest/tests/aes_gcm/hex.c
index 6ad285179..cdf583da2 100644
--- a/cmd/bltest/tests/aes_gcm/hex.c
+++ b/cmd/bltest/tests/aes_gcm/hex.c
@@ -2,67 +2,77 @@
#include <stdio.h>
#include <stdlib.h>
-int tohex(int c)
+int
+tohex(int c)
{
- if ((c >= '0') && (c <= '9')) {
+ if ((c >= '0') && (c <= '9')) {
return c - '0';
- }
- if ((c >= 'a') && (c <= 'f')) {
+ }
+ if ((c >= 'a') && (c <= 'f')) {
return c - 'a' + 10;
- }
- if ((c >= 'A') && (c <= 'F')) {
+ }
+ if ((c >= 'A') && (c <= 'F')) {
return c - 'A' + 10;
- }
- return 0;
+ }
+ return 0;
}
-int isspace(int c)
+int
+isspace(int c)
{
- if (c <= ' ') return 1;
- if (c == '\n') return 1;
- if (c == '\t') return 1;
- if (c == ':') return 1;
- if (c == ';') return 1;
- if (c == ',') return 1;
- return 0;
+ if (c <= ' ')
+ return 1;
+ if (c == '\n')
+ return 1;
+ if (c == '\t')
+ return 1;
+ if (c == ':')
+ return 1;
+ if (c == ';')
+ return 1;
+ if (c == ',')
+ return 1;
+ return 0;
}
-void verify_nibble(int nibble, int current)
+void
+verify_nibble(int nibble, int current)
{
- if (nibble != 0) {
- fprintf(stderr,"count mismatch %d (nibbles=0x%x)\n",nibble,current);
+ if (nibble != 0) {
+ fprintf(stderr, "count mismatch %d (nibbles=0x%x)\n", nibble, current);
fflush(stderr);
- }
+ }
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
- int c;
- int current = 0;
- int nibble = 0;
- int skip = 0;
+ int c;
+ int current = 0;
+ int nibble = 0;
+ int skip = 0;
- if (argv[1]) {
+ if (argv[1]) {
skip = atoi(argv[1]);
- }
+ }
#define NIBBLE_COUNT 2
- while ((c=getchar()) != EOF) {
- if (isspace(c)) {
- verify_nibble(nibble,current);
- continue;
- }
- if (skip) {
- skip--;
- continue;
- }
- current = current << 4 | tohex(c);
- nibble++;
- if (nibble == NIBBLE_COUNT) {
- putchar(current);
- nibble = 0;
- current = 0;
- }
- }
- return 0;
+ while ((c = getchar()) != EOF) {
+ if (isspace(c)) {
+ verify_nibble(nibble, current);
+ continue;
+ }
+ if (skip) {
+ skip--;
+ continue;
+ }
+ current = current << 4 | tohex(c);
+ nibble++;
+ if (nibble == NIBBLE_COUNT) {
+ putchar(current);
+ nibble = 0;
+ current = 0;
+ }
+ }
+ return 0;
}
diff --git a/cmd/btoa/btoa.c b/cmd/btoa/btoa.c
index 9416feb47..2a5e6d4c6 100644
--- a/cmd/btoa/btoa.c
+++ b/cmd/btoa/btoa.c
@@ -9,8 +9,8 @@
#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
#if !defined(WIN32)
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
extern int fprintf(FILE *, char *, ...);
#endif
#endif
@@ -20,16 +20,16 @@ extern int fprintf(FILE *, char *, ...);
#include "io.h"
#endif
-static PRInt32
-output_ascii (void *arg, const char *obuf, PRInt32 size)
+static PRInt32
+output_ascii(void *arg, const char *obuf, PRInt32 size)
{
FILE *outFile = arg;
int nb;
nb = fwrite(obuf, 1, size, outFile);
if (nb != size) {
- PORT_SetError(SEC_ERROR_IO);
- return -1;
+ PORT_SetError(SEC_ERROR_IO);
+ return -1;
}
return nb;
@@ -45,30 +45,32 @@ encode_file(FILE *outFile, FILE *inFile)
cx = NSSBase64Encoder_Create(output_ascii, outFile);
if (!cx) {
- return -1;
+ return -1;
}
for (;;) {
- if (feof(inFile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb != sizeof(ibuf)) {
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- goto loser;
- }
- /* eof */
- break;
- }
- }
-
- status = NSSBase64Encoder_Update(cx, ibuf, nb);
- if (status != SECSuccess) goto loser;
+ if (feof(inFile))
+ break;
+ nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+ if (nb != sizeof(ibuf)) {
+ if (nb == 0) {
+ if (ferror(inFile)) {
+ PORT_SetError(SEC_ERROR_IO);
+ goto loser;
+ }
+ /* eof */
+ break;
+ }
+ }
+
+ status = NSSBase64Encoder_Update(cx, ibuf, nb);
+ if (status != SECSuccess)
+ goto loser;
}
status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
if (status != SECSuccess)
- return status;
+ return status;
/*
* Add a trailing CRLF. Note this must be done *after* the call
@@ -78,28 +80,30 @@ encode_file(FILE *outFile, FILE *inFile)
fwrite("\r\n", 1, 2, outFile);
return SECSuccess;
- loser:
- (void) NSSBase64Encoder_Destroy(cx, PR_TRUE);
+loser:
+ (void)NSSBase64Encoder_Destroy(cx, PR_TRUE);
return status;
}
-static void Usage(char *progName)
+static void
+Usage(char *progName)
{
fprintf(stderr,
- "Usage: %s [-i input] [-o output]\n",
- progName);
+ "Usage: %s [-i input] [-o output]\n",
+ progName);
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
+ "-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
+ "-o output");
fprintf(stderr, "%-20s Wrap output in BEGIN/END lines and the given suffix\n",
- "-w suffix");
+ "-w suffix");
fprintf(stderr, "%-20s (use \"c\" as a shortcut for suffix CERTIFICATE)\n",
- "");
+ "");
exit(-1);
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
char *progName;
SECStatus rv;
@@ -112,88 +116,88 @@ int main(int argc, char **argv)
outFile = 0;
progName = strrchr(argv[0], '/');
if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
+ progName = strrchr(argv[0], '\\');
+ progName = progName ? progName + 1 : argv[0];
/* Parse command line arguments */
optstate = PL_CreateOptState(argc, argv, "i:o:w:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- default:
- Usage(progName);
- break;
-
- case 'i':
- inFile = fopen(optstate->value, "rb");
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "wb");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'w':
- if (!strcmp(optstate->value, "c"))
- suffix = strdup("CERTIFICATE");
- else
- suffix = strdup(optstate->value);
- break;
- }
+ switch (optstate->option) {
+ default:
+ Usage(progName);
+ break;
+
+ case 'i':
+ inFile = fopen(optstate->value, "rb");
+ if (!inFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'o':
+ outFile = fopen(optstate->value, "wb");
+ if (!outFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'w':
+ if (!strcmp(optstate->value, "c"))
+ suffix = strdup("CERTIFICATE");
+ else
+ suffix = strdup(optstate->value);
+ break;
+ }
}
if (status == PL_OPT_BAD)
- Usage(progName);
+ Usage(progName);
if (!inFile) {
#if defined(WIN32)
- /* If we're going to read binary data from stdin, we must put stdin
- ** into O_BINARY mode or else incoming \r\n's will become \n's.
- */
-
- int smrv = _setmode(_fileno(stdin), _O_BINARY);
- if (smrv == -1) {
- fprintf(stderr,
- "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
- progName);
- return smrv;
- }
+ /* If we're going to read binary data from stdin, we must put stdin
+ ** into O_BINARY mode or else incoming \r\n's will become \n's.
+ */
+
+ int smrv = _setmode(_fileno(stdin), _O_BINARY);
+ if (smrv == -1) {
+ fprintf(stderr,
+ "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
+ progName);
+ return smrv;
+ }
#endif
- inFile = stdin;
+ inFile = stdin;
}
if (!outFile) {
#if defined(WIN32)
- /* We're going to write binary data to stdout. We must put stdout
- ** into O_BINARY mode or else outgoing \r\n's will become \r\r\n's.
- */
-
- int smrv = _setmode(_fileno(stdout), _O_BINARY);
- if (smrv == -1) {
- fprintf(stderr,
- "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
- progName);
- return smrv;
- }
+ /* We're going to write binary data to stdout. We must put stdout
+ ** into O_BINARY mode or else outgoing \r\n's will become \r\r\n's.
+ */
+
+ int smrv = _setmode(_fileno(stdout), _O_BINARY);
+ if (smrv == -1) {
+ fprintf(stderr,
+ "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
+ progName);
+ return smrv;
+ }
#endif
- outFile = stdout;
+ outFile = stdout;
}
if (suffix) {
- fprintf(outFile, "-----BEGIN %s-----\n", suffix);
+ fprintf(outFile, "-----BEGIN %s-----\n", suffix);
}
rv = encode_file(outFile, inFile);
if (rv != SECSuccess) {
- fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
- progName, PORT_GetError(), errno);
- return -1;
+ fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
+ progName, PORT_GetError(), errno);
+ return -1;
}
if (suffix) {
- fprintf(outFile, "-----END %s-----\n", suffix);
+ fprintf(outFile, "-----END %s-----\n", suffix);
}
return 0;
}
diff --git a/cmd/certcgi/certcgi.c b/cmd/certcgi/certcgi.c
index 1095d80ed..3120de809 100644
--- a/cmd/certcgi/certcgi.c
+++ b/cmd/certcgi/certcgi.c
@@ -4,7 +4,6 @@
/* Cert-O-Matic CGI */
-
#include "nspr.h"
#include "prtypes.h"
#include "prtime.h"
@@ -22,14 +21,13 @@
#include "certxutl.h"
#include "nss.h"
-
/* #define TEST 1 */
/* #define FILEOUT 1 */
/* #define OFFLINE 1 */
-#define START_FIELDS 100
-#define PREFIX_LEN 6
-#define SERIAL_FILE "../serial"
-#define DB_DIRECTORY ".."
+#define START_FIELDS 100
+#define PREFIX_LEN 6
+#define SERIAL_FILE "../serial"
+#define DB_DIRECTORY ".."
static char *progName;
@@ -40,19 +38,14 @@ struct PairStr {
char *data;
};
-
char prefix[PREFIX_LEN];
-
const SEC_ASN1Template CERTIA5TypeTemplate[] = {
{ SEC_ASN1_IA5_STRING }
};
-
-
-SECKEYPrivateKey *privkeys[9] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL};
-
+SECKEYPrivateKey *privkeys[9] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+ NULL, NULL };
#ifdef notdef
const SEC_ASN1Template CERT_GeneralNameTemplate[] = {
@@ -60,9 +53,8 @@ const SEC_ASN1Template CERT_GeneralNameTemplate[] = {
};
#endif
-
static void
-error_out(char *error_string)
+error_out(char *error_string)
{
printf("Content-type: text/plain\n\n");
printf("%s", error_string);
@@ -77,860 +69,840 @@ error_allocate(void)
error_out("ERROR: Unable to allocate memory");
}
-
static char *
-make_copy_string(char *read_pos,
- int length,
- char sentinal_value)
- /* copys string from to a new string it creates and
+make_copy_string(char *read_pos,
+ int length,
+ char sentinal_value)
+/* copys string from to a new string it creates and
returns a pointer to the new string */
{
- int remaining = length;
- char *write_pos;
- char *new;
+ int remaining = length;
+ char *write_pos;
+ char *new;
- new = write_pos = (char *) PORT_Alloc (length);
+ new = write_pos = (char *)PORT_Alloc(length);
if (new == NULL) {
- error_allocate();
+ error_allocate();
}
while (*read_pos != sentinal_value) {
- if (remaining == 1) {
- remaining += length;
- length = length * 2;
- new = PORT_Realloc(new,length);
- if (new == NULL) {
- error_allocate();
- }
- write_pos = new + length - remaining;
- }
- *write_pos = *read_pos;
- ++write_pos;
- ++read_pos;
- remaining = remaining - 1;
+ if (remaining == 1) {
+ remaining += length;
+ length = length * 2;
+ new = PORT_Realloc(new, length);
+ if (new == NULL) {
+ error_allocate();
+ }
+ write_pos = new + length - remaining;
+ }
+ *write_pos = *read_pos;
+ ++write_pos;
+ ++read_pos;
+ remaining = remaining - 1;
}
*write_pos = '\0';
return new;
}
-
static SECStatus
clean_input(Pair *data)
- /* converts the non-alphanumeric characters in a form post
+/* converts the non-alphanumeric characters in a form post
from hex codes back to characters */
{
- int length;
- int hi_digit;
- int low_digit;
- char character;
- char *begin_pos;
- char *read_pos;
- char *write_pos;
- PRBool name = PR_TRUE;
+ int length;
+ int hi_digit;
+ int low_digit;
+ char character;
+ char *begin_pos;
+ char *read_pos;
+ char *write_pos;
+ PRBool name = PR_TRUE;
begin_pos = data->name;
while (begin_pos != NULL) {
- length = strlen(begin_pos);
- read_pos = write_pos = begin_pos;
- while ((read_pos - begin_pos) < length) {
- if (*read_pos == '+') {
- *read_pos = ' ';
- }
- if (*read_pos == '%') {
- hi_digit = *(read_pos + 1);
- low_digit = *(read_pos +2);
- read_pos += 3;
- if (isdigit(hi_digit)){
- hi_digit = hi_digit - '0';
- } else {
- hi_digit = toupper(hi_digit);
- if (isxdigit(hi_digit)) {
- hi_digit = (hi_digit - 'A') + 10;
- } else {
- error_out("ERROR: Form data incorrectly formated");
- }
- }
- if (isdigit(low_digit)){
- low_digit = low_digit - '0';
- } else {
- low_digit = toupper(low_digit);
- if ((low_digit >='A') && (low_digit <= 'F')) {
- low_digit = (low_digit - 'A') + 10;
- } else {
- error_out("ERROR: Form data incorrectly formated");
- }
- }
- character = (hi_digit << 4) | low_digit;
- if (character != 10) {
- *write_pos = character;
- ++write_pos;
- }
- } else {
- *write_pos = *read_pos;
- ++write_pos;
- ++read_pos;
- }
- }
- *write_pos = '\0';
- if (name == PR_TRUE) {
- begin_pos = data->data;
- name = PR_FALSE;
- } else {
- data++;
- begin_pos = data->name;
- name = PR_TRUE;
- }
+ length = strlen(begin_pos);
+ read_pos = write_pos = begin_pos;
+ while ((read_pos - begin_pos) < length) {
+ if (*read_pos == '+') {
+ *read_pos = ' ';
+ }
+ if (*read_pos == '%') {
+ hi_digit = *(read_pos + 1);
+ low_digit = *(read_pos + 2);
+ read_pos += 3;
+ if (isdigit(hi_digit)) {
+ hi_digit = hi_digit - '0';
+ } else {
+ hi_digit = toupper(hi_digit);
+ if (isxdigit(hi_digit)) {
+ hi_digit = (hi_digit - 'A') + 10;
+ } else {
+ error_out("ERROR: Form data incorrectly formated");
+ }
+ }
+ if (isdigit(low_digit)) {
+ low_digit = low_digit - '0';
+ } else {
+ low_digit = toupper(low_digit);
+ if ((low_digit >= 'A') && (low_digit <= 'F')) {
+ low_digit = (low_digit - 'A') + 10;
+ } else {
+ error_out("ERROR: Form data incorrectly formated");
+ }
+ }
+ character = (hi_digit << 4) | low_digit;
+ if (character != 10) {
+ *write_pos = character;
+ ++write_pos;
+ }
+ } else {
+ *write_pos = *read_pos;
+ ++write_pos;
+ ++read_pos;
+ }
+ }
+ *write_pos = '\0';
+ if (name == PR_TRUE) {
+ begin_pos = data->data;
+ name = PR_FALSE;
+ } else {
+ data++;
+ begin_pos = data->name;
+ name = PR_TRUE;
+ }
}
return SECSuccess;
}
static char *
-make_name(char *new_data)
- /* gets the next field name in the input string and returns
+make_name(char *new_data)
+/* gets the next field name in the input string and returns
a pointer to a string containing a copy of it */
{
- int length = 20;
- char *name;
+ int length = 20;
+ char *name;
name = make_copy_string(new_data, length, '=');
return name;
}
-
+
static char *
-make_data(char *new_data)
- /* gets the data for the next field in the input string
+make_data(char *new_data)
+/* gets the data for the next field in the input string
and returns a pointer to a string containing it */
{
- int length = 100;
- char *data;
- char *read_pos;
+ int length = 100;
+ char *data;
+ char *read_pos;
read_pos = new_data;
while (*(read_pos - 1) != '=') {
- ++read_pos;
+ ++read_pos;
}
data = make_copy_string(read_pos, length, '&');
return data;
}
-
static Pair
-make_pair(char *new_data)
- /* makes a pair name/data pair from the input string */
+make_pair(char *new_data)
+/* makes a pair name/data pair from the input string */
{
- Pair temp;
+ Pair temp;
temp.name = make_name(new_data);
temp.data = make_data(new_data);
return temp;
}
-
-
static Pair *
-make_datastruct(char *data, int len)
- /* parses the input from the form post into a data
+make_datastruct(char *data, int len)
+/* parses the input from the form post into a data
structure of field name/data pairs */
{
- Pair *datastruct;
- Pair *current;
- char *curr_pos;
- int fields = START_FIELDS;
- int remaining = START_FIELDS;
+ Pair *datastruct;
+ Pair *current;
+ char *curr_pos;
+ int fields = START_FIELDS;
+ int remaining = START_FIELDS;
curr_pos = data;
- datastruct = current = (Pair *) PORT_Alloc(fields * sizeof(Pair));
+ datastruct = current = (Pair *)PORT_Alloc(fields * sizeof(Pair));
if (datastruct == NULL) {
- error_allocate();
+ error_allocate();
}
while (curr_pos - data < len) {
- if (remaining == 1) {
- remaining += fields;
- fields = fields * 2;
- datastruct = (Pair *) PORT_Realloc
- (datastruct, fields * sizeof(Pair));
- if (datastruct == NULL) {
- error_allocate();
- }
- current = datastruct + (fields - remaining);
- }
- *current = make_pair(curr_pos);
- while (*curr_pos != '&') {
- ++curr_pos;
- }
- ++curr_pos;
- ++current;
- remaining = remaining - 1;
+ if (remaining == 1) {
+ remaining += fields;
+ fields = fields * 2;
+ datastruct = (Pair *)PORT_Realloc(datastruct, fields *
+ sizeof(Pair));
+ if (datastruct == NULL) {
+ error_allocate();
+ }
+ current = datastruct + (fields - remaining);
+ }
+ *current = make_pair(curr_pos);
+ while (*curr_pos != '&') {
+ ++curr_pos;
+ }
+ ++curr_pos;
+ ++current;
+ remaining = remaining - 1;
}
current->name = NULL;
return datastruct;
}
static char *
-return_name(Pair *data_struct,
- int n)
- /* returns a pointer to the name of the nth
+return_name(Pair *data_struct,
+ int n)
+/* returns a pointer to the name of the nth
(starting from 0) item in the data structure */
{
- char *name;
+ char *name;
if ((data_struct + n)->name != NULL) {
- name = (data_struct + n)->name;
- return name;
+ name = (data_struct + n)->name;
+ return name;
} else {
- return NULL;
+ return NULL;
}
}
static char *
-return_data(Pair *data_struct,int n)
- /* returns a pointer to the data of the nth (starting from 0)
+return_data(Pair *data_struct, int n)
+/* returns a pointer to the data of the nth (starting from 0)
itme in the data structure */
{
- char *data;
+ char *data;
data = (data_struct + n)->data;
return data;
}
-
static char *
-add_prefix(char *field_name)
+add_prefix(char *field_name)
{
- extern char prefix[PREFIX_LEN];
- int i = 0;
- char *rv;
- char *write;
+ extern char prefix[PREFIX_LEN];
+ int i = 0;
+ char *rv;
+ char *write;
rv = write = PORT_Alloc(PORT_Strlen(prefix) + PORT_Strlen(field_name) + 1);
- for(i = 0; i < PORT_Strlen(prefix); i++) {
- *write = prefix[i];
- write++;
+ for (i = 0; i < PORT_Strlen(prefix); i++) {
+ *write = prefix[i];
+ write++;
}
*write = '\0';
- rv = PORT_Strcat(rv,field_name);
+ rv = PORT_Strcat(rv, field_name);
return rv;
}
-
static char *
-find_field(Pair *data,
- char *field_name,
- PRBool add_pre)
- /* returns a pointer to the data of the first pair
+find_field(Pair *data,
+ char *field_name,
+ PRBool add_pre)
+/* returns a pointer to the data of the first pair
thats name matches the string it is passed */
{
- int i = 0;
- char *retrieved;
- int found = 0;
+ int i = 0;
+ char *retrieved;
+ int found = 0;
if (add_pre) {
- field_name = add_prefix(field_name);
+ field_name = add_prefix(field_name);
}
- while(return_name(data, i) != NULL) {
- if (PORT_Strcmp(return_name(data, i), field_name) == 0) {
- retrieved = return_data(data, i);
- found = 1;
- break;
- }
- i++;
+ while (return_name(data, i) != NULL) {
+ if (PORT_Strcmp(return_name(data, i), field_name) == 0) {
+ retrieved = return_data(data, i);
+ found = 1;
+ break;
+ }
+ i++;
}
if (!found) {
- retrieved = NULL;
+ retrieved = NULL;
}
return retrieved;
}
static PRBool
-find_field_bool(Pair *data,
- char *fieldname,
- PRBool add_pre)
+find_field_bool(Pair *data,
+ char *fieldname,
+ PRBool add_pre)
{
- char *rv;
+ char *rv;
rv = find_field(data, fieldname, add_pre);
-
- if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) {
- return PR_TRUE;
+
+ if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) {
+ return PR_TRUE;
} else {
- return PR_FALSE;
+ return PR_FALSE;
}
}
static CERTCertificateRequest *
-makeCertReq(Pair *form_data,
- int which_priv_key)
- /* makes and encodes a certrequest */
+makeCertReq(Pair *form_data,
+ int which_priv_key)
+/* makes and encodes a certrequest */
{
- PK11SlotInfo *slot;
- CERTCertificateRequest *certReq = NULL;
+ PK11SlotInfo *slot;
+ CERTCertificateRequest *certReq = NULL;
CERTSubjectPublicKeyInfo *spki;
- SECKEYPrivateKey *privkey = NULL;
- SECKEYPublicKey *pubkey = NULL;
- CERTName *name;
- char *key;
- extern SECKEYPrivateKey *privkeys[9];
- int keySizeInBits;
- char *challenge = "foo";
- SECStatus rv = SECSuccess;
- PQGParams *pqgParams = NULL;
- PQGVerify *pqgVfy = NULL;
+ SECKEYPrivateKey *privkey = NULL;
+ SECKEYPublicKey *pubkey = NULL;
+ CERTName *name;
+ char *key;
+ extern SECKEYPrivateKey *privkeys[9];
+ int keySizeInBits;
+ char *challenge = "foo";
+ SECStatus rv = SECSuccess;
+ PQGParams *pqgParams = NULL;
+ PQGVerify *pqgVfy = NULL;
name = CERT_AsciiToName(find_field(form_data, "subject", PR_TRUE));
if (name == NULL) {
- error_out("ERROR: Unable to create Subject Name");
+ error_out("ERROR: Unable to create Subject Name");
}
key = find_field(form_data, "key", PR_TRUE);
if (key == NULL) {
- switch (*find_field(form_data, "keysize", PR_TRUE)) {
- case '0':
- keySizeInBits = 2048;
- break;
- case '1':
- keySizeInBits = 1024;
- break;
- case '2':
- keySizeInBits = 512;
- break;
- default:
- error_out("ERROR: Unsupported Key length selected");
- }
- if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) {
- rv = PK11_PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to generate PQG parameters");
- }
- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
- privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN,
- pqgParams,&pubkey, PR_FALSE,
- PR_TRUE, NULL);
- } else {
- privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL);
- }
- privkeys[which_priv_key] = privkey;
- spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey);
+ switch (*find_field(form_data, "keysize", PR_TRUE)) {
+ case '0':
+ keySizeInBits = 2048;
+ break;
+ case '1':
+ keySizeInBits = 1024;
+ break;
+ case '2':
+ keySizeInBits = 512;
+ break;
+ default:
+ error_out("ERROR: Unsupported Key length selected");
+ }
+ if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) {
+ rv = PK11_PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to generate PQG parameters");
+ }
+ slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
+ privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN,
+ pqgParams, &pubkey, PR_FALSE,
+ PR_TRUE, NULL);
+ } else {
+ privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL);
+ }
+ privkeys[which_priv_key] = privkey;
+ spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey);
} else {
- spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge,
- NULL);
- if (spki == NULL) {
- error_out("ERROR: Unable to decode Public Key and Challenge String");
- }
+ spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge,
+ NULL);
+ if (spki == NULL) {
+ error_out("ERROR: Unable to decode Public Key and Challenge String");
+ }
}
certReq = CERT_CreateCertificateRequest(name, spki, NULL);
if (certReq == NULL) {
- error_out("ERROR: Unable to create Certificate Request");
+ error_out("ERROR: Unable to create Certificate Request");
}
if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
+ SECKEY_DestroyPublicKey(pubkey);
}
if (spki != NULL) {
- SECKEY_DestroySubjectPublicKeyInfo(spki);
+ SECKEY_DestroySubjectPublicKeyInfo(spki);
}
if (pqgParams != NULL) {
- PK11_PQG_DestroyParams(pqgParams);
+ PK11_PQG_DestroyParams(pqgParams);
}
if (pqgVfy != NULL) {
- PK11_PQG_DestroyVerify(pqgVfy);
+ PK11_PQG_DestroyVerify(pqgVfy);
}
return certReq;
}
-
-
static CERTCertificate *
-MakeV1Cert(CERTCertDBHandle *handle,
- CERTCertificateRequest *req,
- char *issuerNameStr,
- PRBool selfsign,
- int serialNumber,
- int warpmonths,
- Pair *data)
+MakeV1Cert(CERTCertDBHandle *handle,
+ CERTCertificateRequest *req,
+ char *issuerNameStr,
+ PRBool selfsign,
+ int serialNumber,
+ int warpmonths,
+ Pair *data)
{
- CERTCertificate *issuerCert = NULL;
- CERTValidity *validity;
- CERTCertificate *cert = NULL;
- PRExplodedTime printableTime;
- PRTime now,
- after;
- if ( !selfsign ) {
- issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
- if (!issuerCert) {
- error_out("ERROR: Could not find issuer's certificate");
- return NULL;
- }
+ CERTCertificate *issuerCert = NULL;
+ CERTValidity *validity;
+ CERTCertificate *cert = NULL;
+ PRExplodedTime printableTime;
+ PRTime now,
+ after;
+ if (!selfsign) {
+ issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
+ if (!issuerCert) {
+ error_out("ERROR: Could not find issuer's certificate");
+ return NULL;
+ }
}
if (find_field_bool(data, "manValidity", PR_TRUE)) {
- (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE));
+ (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE));
} else {
- now = PR_Now();
+ now = PR_Now();
}
- PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
- if ( warpmonths ) {
- printableTime.tm_month += warpmonths;
- now = PR_ImplodeTime (&printableTime);
- PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
+ PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
+ if (warpmonths) {
+ printableTime.tm_month += warpmonths;
+ now = PR_ImplodeTime(&printableTime);
+ PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
}
if (find_field_bool(data, "manValidity", PR_TRUE)) {
- (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE));
- PR_ExplodeTime (after, PR_GMTParameters, &printableTime);
+ (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE));
+ PR_ExplodeTime(after, PR_GMTParameters, &printableTime);
} else {
- printableTime.tm_month += 3;
- after = PR_ImplodeTime (&printableTime);
+ printableTime.tm_month += 3;
+ after = PR_ImplodeTime(&printableTime);
}
/* note that the time is now in micro-second unit */
- validity = CERT_CreateValidity (now, after);
+ validity = CERT_CreateValidity(now, after);
- if ( selfsign ) {
- cert = CERT_CreateCertificate
- (serialNumber,&(req->subject), validity, req);
+ if (selfsign) {
+ cert = CERT_CreateCertificate(serialNumber, &(req->subject), validity, req);
} else {
- cert = CERT_CreateCertificate
- (serialNumber,&(issuerCert->subject), validity, req);
+ cert = CERT_CreateCertificate(serialNumber, &(issuerCert->subject), validity, req);
}
-
+
CERT_DestroyValidity(validity);
- if ( issuerCert ) {
- CERT_DestroyCertificate (issuerCert);
+ if (issuerCert) {
+ CERT_DestroyCertificate(issuerCert);
}
- return(cert);
+ return (cert);
}
static int
-get_serial_number(Pair *data)
+get_serial_number(Pair *data)
{
- int serial = 0;
- int error;
- char *filename = SERIAL_FILE;
- char *SN;
- FILE *serialFile;
-
+ int serial = 0;
+ int error;
+ char *filename = SERIAL_FILE;
+ char *SN;
+ FILE *serialFile;
if (find_field_bool(data, "serial-auto", PR_TRUE)) {
- serialFile = fopen(filename, "r");
- if (serialFile != NULL) {
- size_t nread = fread(&serial, sizeof(int), 1, serialFile);
- if (ferror(serialFile) != 0 || nread != 1) {
- error_out("Error: Unable to read serial number file");
- }
- if (serial == -1) {
- serial = 21;
- }
- fclose(serialFile);
- ++serial;
- serialFile = fopen(filename,"w");
- if (serialFile == NULL) {
- error_out("ERROR: Unable to open serial number file for writing");
- }
- fwrite(&serial, sizeof(int), 1, serialFile);
- if (ferror(serialFile) != 0) {
- error_out("Error: Unable to write to serial number file");
- }
- } else {
- fclose(serialFile);
- serialFile = fopen(filename,"w");
- if (serialFile == NULL) {
- error_out("ERROR: Unable to open serial number file");
- }
- serial = 21;
- fwrite(&serial, sizeof(int), 1, serialFile);
- if (ferror(serialFile) != 0) {
- error_out("Error: Unable to write to serial number file");
- }
- error = ferror(serialFile);
- if (error != 0) {
- error_out("ERROR: Unable to write to serial file");
- }
- }
- fclose(serialFile);
+ serialFile = fopen(filename, "r");
+ if (serialFile != NULL) {
+ size_t nread = fread(&serial, sizeof(int), 1, serialFile);
+ if (ferror(serialFile) != 0 || nread != 1) {
+ error_out("Error: Unable to read serial number file");
+ }
+ if (serial == -1) {
+ serial = 21;
+ }
+ fclose(serialFile);
+ ++serial;
+ serialFile = fopen(filename, "w");
+ if (serialFile == NULL) {
+ error_out("ERROR: Unable to open serial number file for writing");
+ }
+ fwrite(&serial, sizeof(int), 1, serialFile);
+ if (ferror(serialFile) != 0) {
+ error_out("Error: Unable to write to serial number file");
+ }
+ } else {
+ fclose(serialFile);
+ serialFile = fopen(filename, "w");
+ if (serialFile == NULL) {
+ error_out("ERROR: Unable to open serial number file");
+ }
+ serial = 21;
+ fwrite(&serial, sizeof(int), 1, serialFile);
+ if (ferror(serialFile) != 0) {
+ error_out("Error: Unable to write to serial number file");
+ }
+ error = ferror(serialFile);
+ if (error != 0) {
+ error_out("ERROR: Unable to write to serial file");
+ }
+ }
+ fclose(serialFile);
} else {
- SN = find_field(data, "serial_value", PR_TRUE);
- while (*SN != '\0') {
- serial = serial * 16;
- if ((*SN >= 'A') && (*SN <='F')) {
- serial += *SN - 'A' + 10;
- } else {
- if ((*SN >= 'a') && (*SN <='f')) {
- serial += *SN - 'a' + 10;
- } else {
- serial += *SN - '0';
- }
- }
- ++SN;
- }
+ SN = find_field(data, "serial_value", PR_TRUE);
+ while (*SN != '\0') {
+ serial = serial * 16;
+ if ((*SN >= 'A') && (*SN <= 'F')) {
+ serial += *SN - 'A' + 10;
+ } else {
+ if ((*SN >= 'a') && (*SN <= 'f')) {
+ serial += *SN - 'a' + 10;
+ } else {
+ serial += *SN - '0';
+ }
+ }
+ ++SN;
+ }
}
return serial;
}
-
-
-typedef SECStatus (* EXTEN_VALUE_ENCODER)
- (PLArenaPool *extHandle, void *value, SECItem *encodedValue);
+typedef SECStatus (*EXTEN_VALUE_ENCODER)(PLArenaPool *extHandle, void *value, SECItem *encodedValue);
-static SECStatus
+static SECStatus
EncodeAndAddExtensionValue(
- PLArenaPool *arena,
- void *extHandle,
- void *value,
- PRBool criticality,
- int extenType,
- EXTEN_VALUE_ENCODER EncodeValueFn)
+ PLArenaPool *arena,
+ void *extHandle,
+ void *value,
+ PRBool criticality,
+ int extenType,
+ EXTEN_VALUE_ENCODER EncodeValueFn)
{
- SECItem encodedValue;
- SECStatus rv;
-
+ SECItem encodedValue;
+ SECStatus rv;
encodedValue.data = NULL;
encodedValue.len = 0;
rv = (*EncodeValueFn)(arena, value, &encodedValue);
if (rv != SECSuccess) {
- error_out("ERROR: Unable to encode extension value");
+ error_out("ERROR: Unable to encode extension value");
}
- rv = CERT_AddExtension
- (extHandle, extenType, &encodedValue, criticality, PR_TRUE);
+ rv = CERT_AddExtension(extHandle, extenType, &encodedValue, criticality, PR_TRUE);
return (rv);
}
-
-
-static SECStatus
-AddKeyUsage (void *extHandle,
- Pair *data)
+static SECStatus
+AddKeyUsage(void *extHandle,
+ Pair *data)
{
- SECItem bitStringValue;
- unsigned char keyUsage = 0x0;
+ SECItem bitStringValue;
+ unsigned char keyUsage = 0x0;
- if (find_field_bool(data,"keyUsage-digitalSignature", PR_TRUE)){
- keyUsage |= (0x80 >> 0);
+ if (find_field_bool(data, "keyUsage-digitalSignature", PR_TRUE)) {
+ keyUsage |= (0x80 >> 0);
}
- if (find_field_bool(data,"keyUsage-nonRepudiation", PR_TRUE)){
- keyUsage |= (0x80 >> 1);
+ if (find_field_bool(data, "keyUsage-nonRepudiation", PR_TRUE)) {
+ keyUsage |= (0x80 >> 1);
}
- if (find_field_bool(data,"keyUsage-keyEncipherment", PR_TRUE)){
- keyUsage |= (0x80 >> 2);
+ if (find_field_bool(data, "keyUsage-keyEncipherment", PR_TRUE)) {
+ keyUsage |= (0x80 >> 2);
}
- if (find_field_bool(data,"keyUsage-dataEncipherment", PR_TRUE)){
- keyUsage |= (0x80 >> 3);
+ if (find_field_bool(data, "keyUsage-dataEncipherment", PR_TRUE)) {
+ keyUsage |= (0x80 >> 3);
}
- if (find_field_bool(data,"keyUsage-keyAgreement", PR_TRUE)){
- keyUsage |= (0x80 >> 4);
+ if (find_field_bool(data, "keyUsage-keyAgreement", PR_TRUE)) {
+ keyUsage |= (0x80 >> 4);
}
- if (find_field_bool(data,"keyUsage-keyCertSign", PR_TRUE)) {
- keyUsage |= (0x80 >> 5);
+ if (find_field_bool(data, "keyUsage-keyCertSign", PR_TRUE)) {
+ keyUsage |= (0x80 >> 5);
}
- if (find_field_bool(data,"keyUsage-cRLSign", PR_TRUE)) {
- keyUsage |= (0x80 >> 6);
+ if (find_field_bool(data, "keyUsage-cRLSign", PR_TRUE)) {
+ keyUsage |= (0x80 >> 6);
}
bitStringValue.data = &keyUsage;
bitStringValue.len = 1;
- return (CERT_EncodeAndAddBitStrExtension
- (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue,
- (find_field_bool(data, "keyUsage-crit", PR_TRUE))));
-
+ return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue,
+ (find_field_bool(data, "keyUsage-crit", PR_TRUE))));
}
static CERTOidSequence *
CreateOidSequence(void)
{
- CERTOidSequence *rv = (CERTOidSequence *)NULL;
- PLArenaPool *arena = (PLArenaPool *)NULL;
+ CERTOidSequence *rv = (CERTOidSequence *)NULL;
+ PLArenaPool *arena = (PLArenaPool *)NULL;
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if( (PLArenaPool *)NULL == arena ) {
- goto loser;
- }
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if ((PLArenaPool *)NULL == arena) {
+ goto loser;
+ }
- rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
- if( (CERTOidSequence *)NULL == rv ) {
- goto loser;
- }
+ rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
+ if ((CERTOidSequence *)NULL == rv) {
+ goto loser;
+ }
- rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *));
- if( (SECItem **)NULL == rv->oids ) {
- goto loser;
- }
+ rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *));
+ if ((SECItem **)NULL == rv->oids) {
+ goto loser;
+ }
- rv->arena = arena;
- return rv;
+ rv->arena = arena;
+ return rv;
- loser:
- if( (PLArenaPool *)NULL != arena ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
+loser:
+ if ((PLArenaPool *)NULL != arena) {
+ PORT_FreeArena(arena, PR_FALSE);
+ }
- return (CERTOidSequence *)NULL;
+ return (CERTOidSequence *)NULL;
}
static SECStatus
AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
{
- SECItem **oids;
- PRUint32 count = 0;
- SECOidData *od;
+ SECItem **oids;
+ PRUint32 count = 0;
+ SECOidData *od;
- od = SECOID_FindOIDByTag(oidTag);
- if( (SECOidData *)NULL == od ) {
- return SECFailure;
- }
+ od = SECOID_FindOIDByTag(oidTag);
+ if ((SECOidData *)NULL == od) {
+ return SECFailure;
+ }
- for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) {
- count++;
- }
+ for (oids = os->oids; (SECItem *)NULL != *oids; oids++) {
+ count++;
+ }
- /* ArenaZRealloc */
+ /* ArenaZRealloc */
- {
- PRUint32 i;
+ {
+ PRUint32 i;
- oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count+2));
- if( (SECItem **)NULL == oids ) {
- return SECFailure;
- }
-
- for( i = 0; i < count; i++ ) {
- oids[i] = os->oids[i];
- }
+ oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count + 2));
+ if ((SECItem **)NULL == oids) {
+ return SECFailure;
+ }
- /* ArenaZFree(os->oids); */
- }
+ for (i = 0; i < count; i++) {
+ oids[i] = os->oids[i];
+ }
- os->oids = oids;
- os->oids[count] = &od->oid;
+ /* ArenaZFree(os->oids); */
+ }
- return SECSuccess;
+ os->oids = oids;
+ os->oids[count] = &od->oid;
+
+ return SECSuccess;
}
static SECItem *
EncodeOidSequence(CERTOidSequence *os)
{
- SECItem *rv;
- extern const SEC_ASN1Template CERT_OidSeqTemplate[];
+ SECItem *rv;
+ extern const SEC_ASN1Template CERT_OidSeqTemplate[];
- rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem));
- if( (SECItem *)NULL == rv ) {
- goto loser;
- }
+ rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem));
+ if ((SECItem *)NULL == rv) {
+ goto loser;
+ }
- if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) {
- goto loser;
- }
+ if (!SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate)) {
+ goto loser;
+ }
- return rv;
+ return rv;
- loser:
- return (SECItem *)NULL;
+loser:
+ return (SECItem *)NULL;
}
static SECStatus
AddExtKeyUsage(void *extHandle, Pair *data)
{
- SECStatus rv;
- CERTOidSequence *os;
- SECItem *value;
- PRBool crit;
-
- os = CreateOidSequence();
- if( (CERTOidSequence *)NULL == os ) {
- return SECFailure;
- }
-
- if( find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-msTrustListSign", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
- if( SECSuccess != rv ) goto loser;
- }
-
- if( find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE) ) {
- rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
- if( SECSuccess != rv ) goto loser;
- }
-
- value = EncodeOidSequence(os);
-
- crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE);
-
- rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value,
- crit, PR_TRUE);
- /*FALLTHROUGH*/
- loser:
- CERT_DestroyOidSequence(os);
- return rv;
+ SECStatus rv;
+ CERTOidSequence *os;
+ SECItem *value;
+ PRBool crit;
+
+ os = CreateOidSequence();
+ if ((CERTOidSequence *)NULL == os) {
+ return SECFailure;
+ }
+
+ if (find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE)) {
+ rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH);
+ if (SECSuccess != rv)
+ goto loser;
+ }
+
+ if (find_field_bool(data, "extKeyUsage-msTrustListSign", PR_TRUE)) {
+ rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING);
+ if (SECSuccess != rv)
+ goto loser;
+ }
+
+ if (find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE)) {
+ rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
+ if (SECSuccess != rv)
+ goto loser;
+ }
+
+ if (find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE)) {
+ rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN);
+ if (SECSuccess != rv)
+ goto loser;
+ }
+
+ if (find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE)) {
+ rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT);
+ if (SECSuccess != rv)
+ goto loser;
+ }
+
+ if (find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE)) {
+ rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP);
+ if (SECSuccess != rv)
+ goto loser;
+ }
+
+ if (find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE)) {
+ rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
+ if (SECSuccess != rv)
+ goto loser;
+ }
+
+ if (find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE)) {
+ rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
+ if (SECSuccess != rv)
+ goto loser;
+ }
+
+ value = EncodeOidSequence(os);
+
+ crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE);
+
+ rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value,
+ crit, PR_TRUE);
+/*FALLTHROUGH*/
+loser:
+ CERT_DestroyOidSequence(os);
+ return rv;
}
static SECStatus
-AddSubKeyID(void *extHandle,
- Pair *data,
- CERTCertificate *subjectCert)
+AddSubKeyID(void *extHandle,
+ Pair *data,
+ CERTCertificate *subjectCert)
{
- SECItem encodedValue;
- SECStatus rv;
- char *read;
- char *write;
- char *first;
- char character;
- int high_digit = 0,
- low_digit = 0;
- int len;
- PRBool odd = PR_FALSE;
-
+ SECItem encodedValue;
+ SECStatus rv;
+ char *read;
+ char *write;
+ char *first;
+ char character;
+ int high_digit = 0,
+ low_digit = 0;
+ int len;
+ PRBool odd = PR_FALSE;
encodedValue.data = NULL;
encodedValue.len = 0;
- first = read = write = find_field(data,"subjectKeyIdentifier-text",
- PR_TRUE);
+ first = read = write = find_field(data, "subjectKeyIdentifier-text",
+ PR_TRUE);
len = PORT_Strlen(first);
- odd = ((len % 2) != 0 ) ? PR_TRUE : PR_FALSE;
+ odd = ((len % 2) != 0) ? PR_TRUE : PR_FALSE;
if (find_field_bool(data, "subjectKeyIdentifier-radio-hex", PR_TRUE)) {
- if (odd) {
- error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string");
- }
- while (*read != '\0') {
- if (!isxdigit(*read)) {
- error_out("ERROR: Improperly formated subject key identifier");
- }
- *read = toupper(*read);
- if ((*read >= 'A') && (*read <= 'F')) {
- high_digit = *read - 'A' + 10;
- } else {
- high_digit = *read - '0';
- }
- ++read;
- if (!isxdigit(*read)) {
- error_out("ERROR: Improperly formated subject key identifier");
- }
- *read = toupper(*read);
- if ((*read >= 'A') && (*read <= 'F')) {
- low_digit = *(read) - 'A' + 10;
- } else {
- low_digit = *(read) - '0';
- }
- character = (high_digit << 4) | low_digit;
- *write = character;
- ++write;
- ++read;
- }
- *write = '\0';
- len = write - first;
- }
- subjectCert->subjectKeyID.data = (unsigned char *) find_field
- (data,"subjectKeyIdentifier-text", PR_TRUE);
+ if (odd) {
+ error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string");
+ }
+ while (*read != '\0') {
+ if (!isxdigit(*read)) {
+ error_out("ERROR: Improperly formated subject key identifier");
+ }
+ *read = toupper(*read);
+ if ((*read >= 'A') && (*read <= 'F')) {
+ high_digit = *read - 'A' + 10;
+ } else {
+ high_digit = *read - '0';
+ }
+ ++read;
+ if (!isxdigit(*read)) {
+ error_out("ERROR: Improperly formated subject key identifier");
+ }
+ *read = toupper(*read);
+ if ((*read >= 'A') && (*read <= 'F')) {
+ low_digit = *(read) - 'A' + 10;
+ } else {
+ low_digit = *(read) - '0';
+ }
+ character = (high_digit << 4) | low_digit;
+ *write = character;
+ ++write;
+ ++read;
+ }
+ *write = '\0';
+ len = write - first;
+ }
+ subjectCert->subjectKeyID.data = (unsigned char *)find_field(data, "subjectKeyIdentifier-text", PR_TRUE);
subjectCert->subjectKeyID.len = len;
- rv = CERT_EncodeSubjectKeyID
- (NULL, &subjectCert->subjectKeyID, &encodedValue);
+ rv = CERT_EncodeSubjectKeyID(NULL, &subjectCert->subjectKeyID, &encodedValue);
if (rv) {
- return (rv);
+ return (rv);
}
- return (CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID,
- &encodedValue, PR_FALSE, PR_TRUE));
+ return (CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID,
+ &encodedValue, PR_FALSE, PR_TRUE));
}
-
-static SECStatus
-AddAuthKeyID (void *extHandle,
- Pair *data,
- char *issuerNameStr,
- CERTCertDBHandle *handle)
+static SECStatus
+AddAuthKeyID(void *extHandle,
+ Pair *data,
+ char *issuerNameStr,
+ CERTCertDBHandle *handle)
{
- CERTAuthKeyID *authKeyID = NULL;
- PLArenaPool *arena = NULL;
- SECStatus rv = SECSuccess;
- CERTCertificate *issuerCert = NULL;
- CERTGeneralName *genNames;
- CERTName *directoryName = NULL;
-
+ CERTAuthKeyID *authKeyID = NULL;
+ PLArenaPool *arena = NULL;
+ SECStatus rv = SECSuccess;
+ CERTCertificate *issuerCert = NULL;
+ CERTGeneralName *genNames;
+ CERTName *directoryName = NULL;
issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- error_allocate();
+ if (!arena) {
+ error_allocate();
}
- authKeyID = PORT_ArenaZAlloc (arena, sizeof (CERTAuthKeyID));
+ authKeyID = PORT_ArenaZAlloc(arena, sizeof(CERTAuthKeyID));
if (authKeyID == NULL) {
- error_allocate();
- }
- if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier",
- PR_TRUE)) {
- authKeyID->keyID.data = PORT_ArenaAlloc (arena, PORT_Strlen
- ((char *)issuerCert->subjectKeyID.data));
- if (authKeyID->keyID.data == NULL) {
- error_allocate();
- }
- PORT_Memcpy (authKeyID->keyID.data, issuerCert->subjectKeyID.data,
- authKeyID->keyID.len =
- PORT_Strlen((char *)issuerCert->subjectKeyID.data));
+ error_allocate();
+ }
+ if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier",
+ PR_TRUE)) {
+ authKeyID->keyID.data = PORT_ArenaAlloc(arena, PORT_Strlen((char *)issuerCert->subjectKeyID.data));
+ if (authKeyID->keyID.data == NULL) {
+ error_allocate();
+ }
+ PORT_Memcpy(authKeyID->keyID.data, issuerCert->subjectKeyID.data,
+ authKeyID->keyID.len =
+ PORT_Strlen((char *)issuerCert->subjectKeyID.data));
} else {
-
- PORT_Assert (arena);
- genNames = (CERTGeneralName *) PORT_ArenaZAlloc (arena, (sizeof(CERTGeneralName)));
- if (genNames == NULL){
- error_allocate();
- }
- genNames->l.next = genNames->l.prev = &(genNames->l);
- genNames->type = certDirectoryName;
-
- directoryName = CERT_AsciiToName(issuerCert->subjectName);
- if (!directoryName) {
- error_out("ERROR: Unable to create Directory Name");
- }
- rv = CERT_CopyName (arena, &genNames->name.directoryName,
- directoryName);
- CERT_DestroyName (directoryName);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to copy Directory Name");
- }
- authKeyID->authCertIssuer = genNames;
- if (authKeyID->authCertIssuer == NULL && SECFailure ==
- PORT_GetError ()) {
- error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension");
- }
- authKeyID->authCertSerialNumber = issuerCert->serialNumber;
- }
- rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE,
- SEC_OID_X509_AUTH_KEY_ID,
- (EXTEN_VALUE_ENCODER)
- CERT_EncodeAuthKeyID);
+
+ PORT_Assert(arena);
+ genNames = (CERTGeneralName *)PORT_ArenaZAlloc(arena, (sizeof(CERTGeneralName)));
+ if (genNames == NULL) {
+ error_allocate();
+ }
+ genNames->l.next = genNames->l.prev = &(genNames->l);
+ genNames->type = certDirectoryName;
+
+ directoryName = CERT_AsciiToName(issuerCert->subjectName);
+ if (!directoryName) {
+ error_out("ERROR: Unable to create Directory Name");
+ }
+ rv = CERT_CopyName(arena, &genNames->name.directoryName,
+ directoryName);
+ CERT_DestroyName(directoryName);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to copy Directory Name");
+ }
+ authKeyID->authCertIssuer = genNames;
+ if (authKeyID->authCertIssuer == NULL && SECFailure ==
+ PORT_GetError()) {
+ error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension");
+ }
+ authKeyID->authCertSerialNumber = issuerCert->serialNumber;
+ }
+ rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE,
+ SEC_OID_X509_AUTH_KEY_ID,
+ (EXTEN_VALUE_ENCODER)
+ CERT_EncodeAuthKeyID);
if (arena) {
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return (rv);
}
-
-static SECStatus
-AddPrivKeyUsagePeriod(void *extHandle,
- Pair *data,
- CERTCertificate *cert)
+static SECStatus
+AddPrivKeyUsagePeriod(void *extHandle,
+ Pair *data,
+ CERTCertificate *cert)
{
char *notBeforeStr;
char *notAfterStr;
@@ -938,17 +910,16 @@ AddPrivKeyUsagePeriod(void *extHandle,
SECStatus rv = SECSuccess;
CERTPrivKeyUsagePeriod *pkup;
-
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- error_allocate();
+ if (!arena) {
+ error_allocate();
}
- pkup = PORT_ArenaZNew (arena, CERTPrivKeyUsagePeriod);
+ pkup = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod);
if (pkup == NULL) {
- error_allocate();
+ error_allocate();
}
- notBeforeStr = (char *) PORT_Alloc(16 );
- notAfterStr = (char *) PORT_Alloc(16 );
+ notBeforeStr = (char *)PORT_Alloc(16);
+ notAfterStr = (char *)PORT_Alloc(16);
*notBeforeStr = '\0';
*notAfterStr = '\0';
pkup->arena = arena;
@@ -957,264 +928,259 @@ AddPrivKeyUsagePeriod(void *extHandle,
pkup->notAfter.len = 0;
pkup->notAfter.data = NULL;
if (find_field_bool(data, "privKeyUsagePeriod-radio-notBefore", PR_TRUE) ||
- find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
- pkup->notBefore.len = 15;
- pkup->notBefore.data = (unsigned char *)notBeforeStr;
- if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual",
- PR_TRUE)) {
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-year",
- PR_TRUE));
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-month",
- PR_TRUE));
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-day",
- PR_TRUE));
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-hour",
- PR_TRUE));
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-minute",
- PR_TRUE));
- PORT_Strcat(notBeforeStr,find_field(data,
- "privKeyUsagePeriod-notBefore-second",
- PR_TRUE));
- if ((*(notBeforeStr + 14) != '\0') ||
- (!isdigit(*(notBeforeStr + 13))) ||
- (*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') ||
- (!isdigit(*(notBeforeStr + 11))) ||
- (*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') ||
- (!isdigit(*(notBeforeStr + 9))) ||
- (*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') ||
- (!isdigit(*(notBeforeStr + 7))) ||
- (*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') ||
- (!isdigit(*(notBeforeStr + 5))) ||
- (*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') ||
- (!isdigit(*(notBeforeStr + 3))) ||
- (!isdigit(*(notBeforeStr + 2))) ||
- (!isdigit(*(notBeforeStr + 1))) ||
- (!isdigit(*(notBeforeStr + 0))) ||
- (*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') ||
- (*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') ||
- (*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) {
- error_out("ERROR: Improperly formated private key usage period");
- }
- *(notBeforeStr + 14) = 'Z';
- *(notBeforeStr + 15) = '\0';
- } else {
- if ((*(cert->validity.notBefore.data) > '5') ||
- ((*(cert->validity.notBefore.data) == '5') &&
- (*(cert->validity.notBefore.data + 1) != '0'))) {
- PORT_Strcat(notBeforeStr, "19");
- } else {
- PORT_Strcat(notBeforeStr, "20");
- }
- PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data);
- }
+ find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
+ pkup->notBefore.len = 15;
+ pkup->notBefore.data = (unsigned char *)notBeforeStr;
+ if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual",
+ PR_TRUE)) {
+ PORT_Strcat(notBeforeStr, find_field(data,
+ "privKeyUsagePeriod-notBefore-year",
+ PR_TRUE));
+ PORT_Strcat(notBeforeStr, find_field(data,
+ "privKeyUsagePeriod-notBefore-month",
+ PR_TRUE));
+ PORT_Strcat(notBeforeStr, find_field(data,
+ "privKeyUsagePeriod-notBefore-day",
+ PR_TRUE));
+ PORT_Strcat(notBeforeStr, find_field(data,
+ "privKeyUsagePeriod-notBefore-hour",
+ PR_TRUE));
+ PORT_Strcat(notBeforeStr, find_field(data,
+ "privKeyUsagePeriod-notBefore-minute",
+ PR_TRUE));
+ PORT_Strcat(notBeforeStr, find_field(data,
+ "privKeyUsagePeriod-notBefore-second",
+ PR_TRUE));
+ if ((*(notBeforeStr + 14) != '\0') ||
+ (!isdigit(*(notBeforeStr + 13))) ||
+ (*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') ||
+ (!isdigit(*(notBeforeStr + 11))) ||
+ (*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') ||
+ (!isdigit(*(notBeforeStr + 9))) ||
+ (*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') ||
+ (!isdigit(*(notBeforeStr + 7))) ||
+ (*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') ||
+ (!isdigit(*(notBeforeStr + 5))) ||
+ (*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') ||
+ (!isdigit(*(notBeforeStr + 3))) ||
+ (!isdigit(*(notBeforeStr + 2))) ||
+ (!isdigit(*(notBeforeStr + 1))) ||
+ (!isdigit(*(notBeforeStr + 0))) ||
+ (*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') ||
+ (*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') ||
+ (*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) {
+ error_out("ERROR: Improperly formated private key usage period");
+ }
+ *(notBeforeStr + 14) = 'Z';
+ *(notBeforeStr + 15) = '\0';
+ } else {
+ if ((*(cert->validity.notBefore.data) > '5') ||
+ ((*(cert->validity.notBefore.data) == '5') &&
+ (*(cert->validity.notBefore.data + 1) != '0'))) {
+ PORT_Strcat(notBeforeStr, "19");
+ } else {
+ PORT_Strcat(notBeforeStr, "20");
+ }
+ PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data);
+ }
}
if (find_field_bool(data, "privKeyUsagePeriod-radio-notAfter", PR_TRUE) ||
- find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
- pkup->notAfter.len = 15;
- pkup->notAfter.data = (unsigned char *)notAfterStr;
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-year",
- PR_TRUE));
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-month",
- PR_TRUE));
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-day",
- PR_TRUE));
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-hour",
- PR_TRUE));
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-minute",
- PR_TRUE));
- PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-second",
- PR_TRUE));
- if ((*(notAfterStr + 14) != '\0') ||
- (!isdigit(*(notAfterStr + 13))) ||
- (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') ||
- (!isdigit(*(notAfterStr + 11))) ||
- (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') ||
- (!isdigit(*(notAfterStr + 9))) ||
- (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') ||
- (!isdigit(*(notAfterStr + 7))) ||
- (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') ||
- (!isdigit(*(notAfterStr + 5))) ||
- (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') ||
- (!isdigit(*(notAfterStr + 3))) ||
- (!isdigit(*(notAfterStr + 2))) ||
- (!isdigit(*(notAfterStr + 1))) ||
- (!isdigit(*(notAfterStr + 0))) ||
- (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') ||
- (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') ||
- (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) {
- error_out("ERROR: Improperly formated private key usage period");
- }
- *(notAfterStr + 14) = 'Z';
- *(notAfterStr + 15) = '\0';
- }
-
- PORT_Assert (arena);
-
- rv = EncodeAndAddExtensionValue(arena, extHandle, pkup,
- find_field_bool(data,
- "privKeyUsagePeriod-crit",
- PR_TRUE),
- SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
- (EXTEN_VALUE_ENCODER)
- CERT_EncodePrivateKeyUsagePeriod);
+ find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
+ pkup->notAfter.len = 15;
+ pkup->notAfter.data = (unsigned char *)notAfterStr;
+ PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-year",
+ PR_TRUE));
+ PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-month",
+ PR_TRUE));
+ PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-day",
+ PR_TRUE));
+ PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-hour",
+ PR_TRUE));
+ PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-minute",
+ PR_TRUE));
+ PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-second",
+ PR_TRUE));
+ if ((*(notAfterStr + 14) != '\0') ||
+ (!isdigit(*(notAfterStr + 13))) ||
+ (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') ||
+ (!isdigit(*(notAfterStr + 11))) ||
+ (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') ||
+ (!isdigit(*(notAfterStr + 9))) ||
+ (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') ||
+ (!isdigit(*(notAfterStr + 7))) ||
+ (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') ||
+ (!isdigit(*(notAfterStr + 5))) ||
+ (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') ||
+ (!isdigit(*(notAfterStr + 3))) ||
+ (!isdigit(*(notAfterStr + 2))) ||
+ (!isdigit(*(notAfterStr + 1))) ||
+ (!isdigit(*(notAfterStr + 0))) ||
+ (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') ||
+ (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') ||
+ (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) {
+ error_out("ERROR: Improperly formated private key usage period");
+ }
+ *(notAfterStr + 14) = 'Z';
+ *(notAfterStr + 15) = '\0';
+ }
+
+ PORT_Assert(arena);
+
+ rv = EncodeAndAddExtensionValue(arena, extHandle, pkup,
+ find_field_bool(data,
+ "privKeyUsagePeriod-crit",
+ PR_TRUE),
+ SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
+ (EXTEN_VALUE_ENCODER)
+ CERT_EncodePrivateKeyUsagePeriod);
if (arena) {
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
if (notBeforeStr != NULL) {
- PORT_Free(notBeforeStr);
+ PORT_Free(notBeforeStr);
}
if (notAfterStr != NULL) {
- PORT_Free(notAfterStr);
+ PORT_Free(notAfterStr);
}
return (rv);
-}
+}
-static SECStatus
-AddBasicConstraint(void *extHandle,
- Pair *data)
+static SECStatus
+AddBasicConstraint(void *extHandle,
+ Pair *data)
{
- CERTBasicConstraints basicConstraint;
- SECItem encodedValue;
- SECStatus rv;
+ CERTBasicConstraints basicConstraint;
+ SECItem encodedValue;
+ SECStatus rv;
encodedValue.data = NULL;
encodedValue.len = 0;
basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
- basicConstraint.isCA = (find_field_bool(data,"basicConstraints-cA-radio-CA",
- PR_TRUE));
- if (find_field_bool(data,"basicConstraints-pathLengthConstraint", PR_TRUE)){
- basicConstraint.pathLenConstraint = atoi
- (find_field(data,"basicConstraints-pathLengthConstraint-text",
- PR_TRUE));
- }
-
- rv = CERT_EncodeBasicConstraintValue (NULL, &basicConstraint,
- &encodedValue);
- if (rv)
- return (rv);
- rv = CERT_AddExtension(extHandle, SEC_OID_X509_BASIC_CONSTRAINTS,
- &encodedValue,
- (find_field_bool(data,"basicConstraints-crit",
- PR_TRUE)), PR_TRUE);
+ basicConstraint.isCA = (find_field_bool(data, "basicConstraints-cA-radio-CA",
+ PR_TRUE));
+ if (find_field_bool(data, "basicConstraints-pathLengthConstraint", PR_TRUE)) {
+ basicConstraint.pathLenConstraint = atoi(find_field(data, "basicConstraints-pathLengthConstraint-text",
+ PR_TRUE));
+ }
- PORT_Free (encodedValue.data);
+ rv = CERT_EncodeBasicConstraintValue(NULL, &basicConstraint,
+ &encodedValue);
+ if (rv)
+ return (rv);
+ rv = CERT_AddExtension(extHandle, SEC_OID_X509_BASIC_CONSTRAINTS,
+ &encodedValue,
+ (find_field_bool(data, "basicConstraints-crit",
+ PR_TRUE)),
+ PR_TRUE);
+
+ PORT_Free(encodedValue.data);
return (rv);
}
-
-
-static SECStatus
-AddNscpCertType (void *extHandle,
- Pair *data)
+static SECStatus
+AddNscpCertType(void *extHandle,
+ Pair *data)
{
- SECItem bitStringValue;
- unsigned char CertType = 0x0;
+ SECItem bitStringValue;
+ unsigned char CertType = 0x0;
- if (find_field_bool(data,"netscape-cert-type-ssl-client", PR_TRUE)){
- CertType |= (0x80 >> 0);
+ if (find_field_bool(data, "netscape-cert-type-ssl-client", PR_TRUE)) {
+ CertType |= (0x80 >> 0);
}
- if (find_field_bool(data,"netscape-cert-type-ssl-server", PR_TRUE)){
- CertType |= (0x80 >> 1);
+ if (find_field_bool(data, "netscape-cert-type-ssl-server", PR_TRUE)) {
+ CertType |= (0x80 >> 1);
}
- if (find_field_bool(data,"netscape-cert-type-smime", PR_TRUE)){
- CertType |= (0x80 >> 2);
+ if (find_field_bool(data, "netscape-cert-type-smime", PR_TRUE)) {
+ CertType |= (0x80 >> 2);
}
- if (find_field_bool(data,"netscape-cert-type-object-signing", PR_TRUE)){
- CertType |= (0x80 >> 3);
+ if (find_field_bool(data, "netscape-cert-type-object-signing", PR_TRUE)) {
+ CertType |= (0x80 >> 3);
}
- if (find_field_bool(data,"netscape-cert-type-reserved", PR_TRUE)){
- CertType |= (0x80 >> 4);
+ if (find_field_bool(data, "netscape-cert-type-reserved", PR_TRUE)) {
+ CertType |= (0x80 >> 4);
}
- if (find_field_bool(data,"netscape-cert-type-ssl-ca", PR_TRUE)) {
- CertType |= (0x80 >> 5);
+ if (find_field_bool(data, "netscape-cert-type-ssl-ca", PR_TRUE)) {
+ CertType |= (0x80 >> 5);
}
- if (find_field_bool(data,"netscape-cert-type-smime-ca", PR_TRUE)) {
- CertType |= (0x80 >> 6);
+ if (find_field_bool(data, "netscape-cert-type-smime-ca", PR_TRUE)) {
+ CertType |= (0x80 >> 6);
}
- if (find_field_bool(data,"netscape-cert-type-object-signing-ca", PR_TRUE)) {
- CertType |= (0x80 >> 7);
+ if (find_field_bool(data, "netscape-cert-type-object-signing-ca", PR_TRUE)) {
+ CertType |= (0x80 >> 7);
}
bitStringValue.data = &CertType;
bitStringValue.len = 1;
- return (CERT_EncodeAndAddBitStrExtension
- (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue,
- (find_field_bool(data, "netscape-cert-type-crit", PR_TRUE))));
+ return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue,
+ (find_field_bool(data, "netscape-cert-type-crit", PR_TRUE))));
}
-
static SECStatus
-add_IA5StringExtension(void *extHandle,
- char *string,
- PRBool crit,
- int idtag)
+add_IA5StringExtension(void *extHandle,
+ char *string,
+ PRBool crit,
+ int idtag)
{
- SECItem encodedValue;
- SECStatus rv;
+ SECItem encodedValue;
+ SECStatus rv;
encodedValue.data = NULL;
encodedValue.len = 0;
rv = CERT_EncodeIA5TypeExtension(NULL, string, &encodedValue);
if (rv) {
- return (rv);
+ return (rv);
}
return (CERT_AddExtension(extHandle, idtag, &encodedValue, crit, PR_TRUE));
}
static SECItem *
-string_to_oid(char *string)
+string_to_oid(char *string)
{
- int i;
- int length = 20;
- int remaining;
- int first_value;
- int second_value;
- int value;
- int oidLength;
- unsigned char *oidString;
- unsigned char *write;
- unsigned char *read;
- unsigned char *temp;
- SECItem *oid;
-
-
+ int i;
+ int length = 20;
+ int remaining;
+ int first_value;
+ int second_value;
+ int value;
+ int oidLength;
+ unsigned char *oidString;
+ unsigned char *write;
+ unsigned char *read;
+ unsigned char *temp;
+ SECItem *oid;
+
remaining = length;
i = 0;
while (*string == ' ') {
- string++;
+ string++;
}
while (isdigit(*(string + i))) {
- i++;
+ i++;
}
if (*(string + i) == '.') {
- *(string + i) = '\0';
+ *(string + i) = '\0';
} else {
- error_out("ERROR: Improperly formated OID");
+ error_out("ERROR: Improperly formated OID");
}
first_value = atoi(string);
if (first_value < 0 || first_value > 2) {
- error_out("ERROR: Improperly formated OID");
+ error_out("ERROR: Improperly formated OID");
}
string += i + 1;
i = 0;
while (isdigit(*(string + i))) {
- i++;
+ i++;
}
if (*(string + i) == '.') {
- *(string + i) = '\0';
+ *(string + i) = '\0';
} else {
- error_out("ERROR: Improperly formated OID");
+ error_out("ERROR: Improperly formated OID");
}
second_value = atoi(string);
if (second_value < 0 || second_value > 39) {
- error_out("ERROR: Improperly formated OID");
+ error_out("ERROR: Improperly formated OID");
}
oidString = PORT_ZAlloc(2);
*oidString = (first_value * 40) + second_value;
@@ -1224,59 +1190,59 @@ string_to_oid(char *string)
i = 0;
temp = write = PORT_ZAlloc(length);
while (*string != '\0') {
- value = 0;
- while(isdigit(*(string + i))) {
- i++;
- }
- if (*(string + i) == '\0') {
- value = atoi(string);
- string += i;
- } else {
- if (*(string + i) == '.') {
- *(string + i) = '\0';
- value = atoi(string);
- string += i + 1;
- } else {
- *(string + i) = '\0';
- i++;
- value = atoi(string);
- while (*(string + i) == ' ')
- i++;
- if (*(string + i) != '\0') {
- error_out("ERROR: Improperly formated OID");
- }
- }
- }
- i = 0;
- while (value != 0) {
- if (remaining < 1) {
- remaining += length;
- length = length * 2;
- temp = PORT_Realloc(temp, length);
- write = temp + length - remaining;
- }
- *write = (value & 0x7f) | (0x80);
- write++;
- remaining--;
- value = value >> 7;
- }
- *temp = *temp & (0x7f);
- oidLength += write - temp;
- oidString = PORT_Realloc(oidString, (oidLength + 1));
- read = write - 1;
- write = oidLength + oidString - 1;
- for (i = 0; i < (length - remaining); i++) {
- *write = *read;
- write--;
- read++;
- }
- write = temp;
- remaining = length;
+ value = 0;
+ while (isdigit(*(string + i))) {
+ i++;
+ }
+ if (*(string + i) == '\0') {
+ value = atoi(string);
+ string += i;
+ } else {
+ if (*(string + i) == '.') {
+ *(string + i) = '\0';
+ value = atoi(string);
+ string += i + 1;
+ } else {
+ *(string + i) = '\0';
+ i++;
+ value = atoi(string);
+ while (*(string + i) == ' ')
+ i++;
+ if (*(string + i) != '\0') {
+ error_out("ERROR: Improperly formated OID");
+ }
+ }
+ }
+ i = 0;
+ while (value != 0) {
+ if (remaining < 1) {
+ remaining += length;
+ length = length * 2;
+ temp = PORT_Realloc(temp, length);
+ write = temp + length - remaining;
+ }
+ *write = (value & 0x7f) | (0x80);
+ write++;
+ remaining--;
+ value = value >> 7;
+ }
+ *temp = *temp & (0x7f);
+ oidLength += write - temp;
+ oidString = PORT_Realloc(oidString, (oidLength + 1));
+ read = write - 1;
+ write = oidLength + oidString - 1;
+ for (i = 0; i < (length - remaining); i++) {
+ *write = *read;
+ write--;
+ read++;
+ }
+ write = temp;
+ remaining = length;
}
*(oidString + oidLength) = '\0';
- oid = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
+ oid = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
oid->data = oidString;
- oid->len = oidLength;
+ oid->len = oidLength;
PORT_Free(temp);
return oid;
}
@@ -1284,62 +1250,62 @@ string_to_oid(char *string)
static SECItem *
string_to_ipaddress(char *string)
{
- int i = 0;
- int value;
- int j = 0;
- SECItem *ipaddress;
-
+ int i = 0;
+ int value;
+ int j = 0;
+ SECItem *ipaddress;
while (*string == ' ') {
- string++;
+ string++;
}
- ipaddress = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
+ ipaddress = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
ipaddress->data = PORT_ZAlloc(9);
while (*string != '\0' && j < 8) {
- while (isdigit(*(string + i))) {
- i++;
- }
- if (*(string + i) == '.') {
- *(string + i) = '\0';
- value = atoi(string);
- string = string + i + 1;
- i = 0;
- } else {
- if (*(string + i) == '\0') {
- value = atoi(string);
- string = string + i;
- i = 0;
- } else {
- *(string + i) = '\0';
- while (*(string + i) == ' ') {
- i++;
- }
- if (*(string + i) == '\0') {
- value = atoi(string);
- string = string + i;
- i = 0;
- } else {
- error_out("ERROR: Improperly formated IP Address");
- }
- }
- }
- if (value >= 0 && value < 256) {
- *(ipaddress->data + j) = value;
- } else {
- error_out("ERROR: Improperly formated IP Address");
- }
- j++;
+ while (isdigit(*(string + i))) {
+ i++;
+ }
+ if (*(string + i) == '.') {
+ *(string + i) = '\0';
+ value = atoi(string);
+ string = string + i + 1;
+ i = 0;
+ } else {
+ if (*(string + i) == '\0') {
+ value = atoi(string);
+ string = string + i;
+ i = 0;
+ } else {
+ *(string + i) = '\0';
+ while (*(string + i) == ' ') {
+ i++;
+ }
+ if (*(string + i) == '\0') {
+ value = atoi(string);
+ string = string + i;
+ i = 0;
+ } else {
+ error_out("ERROR: Improperly formated IP Address");
+ }
+ }
+ }
+ if (value >= 0 && value < 256) {
+ *(ipaddress->data + j) = value;
+ } else {
+ error_out("ERROR: Improperly formated IP Address");
+ }
+ j++;
}
*(ipaddress->data + j) = '\0';
if (j != 4 && j != 8) {
- error_out("ERROR: Improperly formated IP Address");
+ error_out("ERROR: Improperly formated IP Address");
}
ipaddress->len = j;
return ipaddress;
}
static int
-chr_to_hex(char c) {
+chr_to_hex(char c)
+{
if (isdigit(c)) {
return c - '0';
}
@@ -1352,16 +1318,16 @@ chr_to_hex(char c) {
static SECItem *
string_to_binary(char *string)
{
- SECItem *rv;
+ SECItem *rv;
- rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
+ rv = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
if (rv == NULL) {
- error_allocate();
+ error_allocate();
}
- rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2);
+ rv->data = (unsigned char *)PORT_ZAlloc((PORT_Strlen(string)) / 3 + 2);
rv->len = 0;
while (*string && !isxdigit(*string)) {
- string++;
+ string++;
}
while (*string) {
int high, low;
@@ -1370,14 +1336,14 @@ string_to_binary(char *string)
if (high < 0 || low < 0) {
error_out("ERROR: Improperly formated binary encoding");
}
- rv->data[(rv->len)++] = high << 4 | low;
+ rv->data[(rv->len)++] = high << 4 | low;
if (*string != ':') {
break;
}
++string;
}
while (*string == ' ') {
- ++string;
+ ++string;
}
if (*string) {
error_out("ERROR: Junk after binary encoding");
@@ -1387,595 +1353,575 @@ string_to_binary(char *string)
}
static SECStatus
-MakeGeneralName(char *name,
- CERTGeneralName *genName,
- PLArenaPool *arena)
+MakeGeneralName(char *name,
+ CERTGeneralName *genName,
+ PLArenaPool *arena)
{
- SECItem *oid;
- SECOidData *oidData;
- SECItem *ipaddress;
- SECItem *temp = NULL;
- int i;
- int nameType;
- PRBool binary = PR_FALSE;
- SECStatus rv = SECSuccess;
- PRBool nickname = PR_FALSE;
+ SECItem *oid;
+ SECOidData *oidData;
+ SECItem *ipaddress;
+ SECItem *temp = NULL;
+ int i;
+ int nameType;
+ PRBool binary = PR_FALSE;
+ SECStatus rv = SECSuccess;
+ PRBool nickname = PR_FALSE;
PORT_Assert(genName);
PORT_Assert(arena);
nameType = *(name + PORT_Strlen(name) - 1) - '0';
- if (nameType == 0 && *(name +PORT_Strlen(name) - 2) == '1') {
- nickname = PR_TRUE;
- nameType = certOtherName;
+ if (nameType == 0 && *(name + PORT_Strlen(name) - 2) == '1') {
+ nickname = PR_TRUE;
+ nameType = certOtherName;
}
if (nameType < 1 || nameType > 9) {
- error_out("ERROR: Unknown General Name Type");
+ error_out("ERROR: Unknown General Name Type");
}
*(name + PORT_Strlen(name) - 4) = '\0';
genName->type = nameType;
-
+
switch (genName->type) {
- case certURI:
- case certRFC822Name:
- case certDNSName: {
- genName->name.other.data = (unsigned char *)name;
- genName->name.other.len = PORT_Strlen(name);
- break;
- }
-
- case certIPAddress: {
- ipaddress = string_to_ipaddress(name);
- genName->name.other.data = ipaddress->data;
- genName->name.other.len = ipaddress->len;
- break;
- }
-
- case certRegisterID: {
- oid = string_to_oid(name);
- genName->name.other.data = oid->data;
- genName->name.other.len = oid->len;
- break;
- }
-
- case certEDIPartyName:
- case certX400Address: {
-
- genName->name.other.data = PORT_ArenaAlloc (arena,
- PORT_Strlen (name) + 2);
- if (genName->name.other.data == NULL) {
- error_allocate();
- }
-
- PORT_Memcpy (genName->name.other.data + 2, name, PORT_Strlen (name));
- /* This may not be accurate for all cases.
- For now, use this tag type */
- genName->name.other.data[0] = (char)(((genName->type - 1) &
- 0x1f)| 0x80);
- genName->name.other.data[1] = (char)PORT_Strlen (name);
- genName->name.other.len = PORT_Strlen (name) + 2;
- break;
- }
-
- case certOtherName: {
- i = 0;
- if (!nickname) {
- while (!isdigit(*(name + PORT_Strlen(name) - i))) {
- i++;
- }
- if (*(name + PORT_Strlen(name) - i) == '1') {
- binary = PR_TRUE;
- } else {
- binary = PR_FALSE;
- }
- while (*(name + PORT_Strlen(name) - i) != '-') {
- i++;
- }
- *(name + PORT_Strlen(name) - i - 1) = '\0';
- i = 0;
- while (*(name + i) != '-') {
- i++;
- }
- *(name + i - 1) = '\0';
- oid = string_to_oid(name + i + 2);
- } else {
- oidData = SECOID_FindOIDByTag(SEC_OID_NETSCAPE_NICKNAME);
- oid = &oidData->oid;
- while (*(name + PORT_Strlen(name) - i) != '-') {
- i++;
- }
- *(name + PORT_Strlen(name) - i) = '\0';
- }
- genName->name.OthName.oid.data = oid->data;
- genName->name.OthName.oid.len = oid->len;
- if (binary) {
- temp = string_to_binary(name);
- genName->name.OthName.name.data = temp->data;
- genName->name.OthName.name.len = temp->len;
- } else {
- temp = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
- if (temp == NULL) {
- error_allocate();
- }
- temp->data = (unsigned char *)name;
- temp->len = PORT_Strlen(name);
- SEC_ASN1EncodeItem (arena, &(genName->name.OthName.name), temp,
- CERTIA5TypeTemplate);
- }
- PORT_Free(temp);
- break;
- }
-
- case certDirectoryName: {
- CERTName *directoryName = NULL;
-
- directoryName = CERT_AsciiToName (name);
- if (!directoryName) {
- error_out("ERROR: Improperly formated alternative name");
- break;
- }
- rv = CERT_CopyName (arena, &genName->name.directoryName,
- directoryName);
- CERT_DestroyName (directoryName);
-
- break;
- }
+ case certURI:
+ case certRFC822Name:
+ case certDNSName: {
+ genName->name.other.data = (unsigned char *)name;
+ genName->name.other.len = PORT_Strlen(name);
+ break;
+ }
+
+ case certIPAddress: {
+ ipaddress = string_to_ipaddress(name);
+ genName->name.other.data = ipaddress->data;
+ genName->name.other.len = ipaddress->len;
+ break;
+ }
+
+ case certRegisterID: {
+ oid = string_to_oid(name);
+ genName->name.other.data = oid->data;
+ genName->name.other.len = oid->len;
+ break;
+ }
+
+ case certEDIPartyName:
+ case certX400Address: {
+
+ genName->name.other.data = PORT_ArenaAlloc(arena,
+ PORT_Strlen(name) + 2);
+ if (genName->name.other.data == NULL) {
+ error_allocate();
+ }
+
+ PORT_Memcpy(genName->name.other.data + 2, name, PORT_Strlen(name));
+ /* This may not be accurate for all cases.
+ For now, use this tag type */
+ genName->name.other.data[0] = (char)(((genName->type - 1) &
+ 0x1f) |
+ 0x80);
+ genName->name.other.data[1] = (char)PORT_Strlen(name);
+ genName->name.other.len = PORT_Strlen(name) + 2;
+ break;
+ }
+
+ case certOtherName: {
+ i = 0;
+ if (!nickname) {
+ while (!isdigit(*(name + PORT_Strlen(name) - i))) {
+ i++;
+ }
+ if (*(name + PORT_Strlen(name) - i) == '1') {
+ binary = PR_TRUE;
+ } else {
+ binary = PR_FALSE;
+ }
+ while (*(name + PORT_Strlen(name) - i) != '-') {
+ i++;
+ }
+ *(name + PORT_Strlen(name) - i - 1) = '\0';
+ i = 0;
+ while (*(name + i) != '-') {
+ i++;
+ }
+ *(name + i - 1) = '\0';
+ oid = string_to_oid(name + i + 2);
+ } else {
+ oidData = SECOID_FindOIDByTag(SEC_OID_NETSCAPE_NICKNAME);
+ oid = &oidData->oid;
+ while (*(name + PORT_Strlen(name) - i) != '-') {
+ i++;
+ }
+ *(name + PORT_Strlen(name) - i) = '\0';
+ }
+ genName->name.OthName.oid.data = oid->data;
+ genName->name.OthName.oid.len = oid->len;
+ if (binary) {
+ temp = string_to_binary(name);
+ genName->name.OthName.name.data = temp->data;
+ genName->name.OthName.name.len = temp->len;
+ } else {
+ temp = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+ if (temp == NULL) {
+ error_allocate();
+ }
+ temp->data = (unsigned char *)name;
+ temp->len = PORT_Strlen(name);
+ SEC_ASN1EncodeItem(arena, &(genName->name.OthName.name), temp,
+ CERTIA5TypeTemplate);
+ }
+ PORT_Free(temp);
+ break;
+ }
+
+ case certDirectoryName: {
+ CERTName *directoryName = NULL;
+
+ directoryName = CERT_AsciiToName(name);
+ if (!directoryName) {
+ error_out("ERROR: Improperly formated alternative name");
+ break;
+ }
+ rv = CERT_CopyName(arena, &genName->name.directoryName,
+ directoryName);
+ CERT_DestroyName(directoryName);
+
+ break;
+ }
}
genName->l.next = &(genName->l);
genName->l.prev = &(genName->l);
return rv;
}
-
static CERTGeneralName *
-MakeAltName(Pair *data,
- char *which,
- PLArenaPool *arena)
+MakeAltName(Pair *data,
+ char *which,
+ PLArenaPool *arena)
{
- CERTGeneralName *SubAltName;
- CERTGeneralName *current;
- CERTGeneralName *newname;
- char *name = NULL;
- SECStatus rv = SECSuccess;
- int len;
-
+ CERTGeneralName *SubAltName;
+ CERTGeneralName *current;
+ CERTGeneralName *newname;
+ char *name = NULL;
+ SECStatus rv = SECSuccess;
+ int len;
len = PORT_Strlen(which);
name = find_field(data, which, PR_TRUE);
- SubAltName = current = (CERTGeneralName *) PORT_ZAlloc
- (sizeof(CERTGeneralName));
+ SubAltName = current = (CERTGeneralName *)PORT_ZAlloc(sizeof(CERTGeneralName));
if (current == NULL) {
- error_allocate();
+ error_allocate();
}
while (name != NULL) {
- rv = MakeGeneralName(name, current, arena);
-
- if (rv != SECSuccess) {
- break;
- }
- if (*(which + len -1) < '9') {
- *(which + len - 1) = *(which + len - 1) + 1;
- } else {
- if (isdigit(*(which + len - 2) )) {
- *(which + len - 2) = *(which + len - 2) + 1;
- *(which + len - 1) = '0';
- } else {
- *(which + len - 1) = '1';
- *(which + len) = '0';
- *(which + len + 1) = '\0';
- len++;
- }
- }
- len = PORT_Strlen(which);
- name = find_field(data, which, PR_TRUE);
- if (name != NULL) {
- newname = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName));
- if (newname == NULL) {
- error_allocate();
- }
- current->l.next = &(newname->l);
- newname->l.prev = &(current->l);
- current = newname;
+ rv = MakeGeneralName(name, current, arena);
+
+ if (rv != SECSuccess) {
+ break;
+ }
+ if (*(which + len - 1) < '9') {
+ *(which + len - 1) = *(which + len - 1) + 1;
+ } else {
+ if (isdigit(*(which + len - 2))) {
+ *(which + len - 2) = *(which + len - 2) + 1;
+ *(which + len - 1) = '0';
+ } else {
+ *(which + len - 1) = '1';
+ *(which + len) = '0';
+ *(which + len + 1) = '\0';
+ len++;
+ }
+ }
+ len = PORT_Strlen(which);
+ name = find_field(data, which, PR_TRUE);
+ if (name != NULL) {
+ newname = (CERTGeneralName *)PORT_ZAlloc(sizeof(CERTGeneralName));
+ if (newname == NULL) {
+ error_allocate();
+ }
+ current->l.next = &(newname->l);
+ newname->l.prev = &(current->l);
+ current = newname;
newname = NULL;
- } else {
- current->l.next = &(SubAltName->l);
- SubAltName->l.prev = &(current->l);
- }
+ } else {
+ current->l.next = &(SubAltName->l);
+ SubAltName->l.prev = &(current->l);
+ }
}
if (rv == SECFailure) {
- return NULL;
+ return NULL;
}
return SubAltName;
}
static CERTNameConstraints *
-MakeNameConstraints(Pair *data,
- PLArenaPool *arena)
+MakeNameConstraints(Pair *data,
+ PLArenaPool *arena)
{
- CERTNameConstraints *NameConstraints;
- CERTNameConstraint *current = NULL;
- CERTNameConstraint *last_permited = NULL;
- CERTNameConstraint *last_excluded = NULL;
- char *constraint = NULL;
- char *which;
- SECStatus rv = SECSuccess;
- int len;
- int i;
- long max;
- long min;
- PRBool permited;
-
-
- NameConstraints = (CERTNameConstraints *) PORT_ZAlloc
- (sizeof(CERTNameConstraints));
- which = make_copy_string("NameConstraintSelect0", 25,'\0');
+ CERTNameConstraints *NameConstraints;
+ CERTNameConstraint *current = NULL;
+ CERTNameConstraint *last_permited = NULL;
+ CERTNameConstraint *last_excluded = NULL;
+ char *constraint = NULL;
+ char *which;
+ SECStatus rv = SECSuccess;
+ int len;
+ int i;
+ long max;
+ long min;
+ PRBool permited;
+
+ NameConstraints = (CERTNameConstraints *)PORT_ZAlloc(sizeof(CERTNameConstraints));
+ which = make_copy_string("NameConstraintSelect0", 25, '\0');
len = PORT_Strlen(which);
constraint = find_field(data, which, PR_TRUE);
NameConstraints->permited = NameConstraints->excluded = NULL;
while (constraint != NULL) {
- current = (CERTNameConstraint *) PORT_ZAlloc
- (sizeof(CERTNameConstraint));
- if (current == NULL) {
- error_allocate();
- }
- i = 0;
- while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
- i++;
- }
- *(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
- max = (long) atoi(constraint + PORT_Strlen(constraint) + 3);
- if (max > 0) {
- (void) SEC_ASN1EncodeInteger(arena, &current->max, max);
- }
- i = 0;
- while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
- i++;
- }
+ current = (CERTNameConstraint *)PORT_ZAlloc(sizeof(CERTNameConstraint));
+ if (current == NULL) {
+ error_allocate();
+ }
+ i = 0;
+ while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
+ i++;
+ }
*(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
- min = (long) atoi(constraint + PORT_Strlen(constraint) + 3);
- (void) SEC_ASN1EncodeInteger(arena, &current->min, min);
- while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
- i++;
- }
+ max = (long)atoi(constraint + PORT_Strlen(constraint) + 3);
+ if (max > 0) {
+ (void)SEC_ASN1EncodeInteger(arena, &current->max, max);
+ }
+ i = 0;
+ while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
+ i++;
+ }
+ *(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
+ min = (long)atoi(constraint + PORT_Strlen(constraint) + 3);
+ (void)SEC_ASN1EncodeInteger(arena, &current->min, min);
+ while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
+ i++;
+ }
*(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
- if (*(constraint + PORT_Strlen(constraint) + 3) == 'p') {
- permited = PR_TRUE;
- } else {
- permited = PR_FALSE;
- }
- rv = MakeGeneralName(constraint, &(current->name), arena);
-
- if (rv != SECSuccess) {
- break;
- }
- if (*(which + len - 1) < '9') {
- *(which + len - 1) = *(which + len - 1) + 1;
- } else {
- if (isdigit(*(which + len - 2) )) {
- *(which + len - 2) = *(which + len - 2) + 1;
- *(which + len - 1) = '0';
- } else {
- *(which + len - 1) = '1';
- *(which + len) = '0';
- *(which + len + 1) = '\0';
- len++;
- }
- }
- len = PORT_Strlen(which);
- if (permited) {
- if (NameConstraints->permited == NULL) {
- NameConstraints->permited = last_permited = current;
- }
- last_permited->l.next = &(current->l);
- current->l.prev = &(last_permited->l);
- last_permited = current;
- } else {
- if (NameConstraints->excluded == NULL) {
- NameConstraints->excluded = last_excluded = current;
- }
- last_excluded->l.next = &(current->l);
- current->l.prev = &(last_excluded->l);
- last_excluded = current;
- }
- constraint = find_field(data, which, PR_TRUE);
- if (constraint != NULL) {
- current = (CERTNameConstraint *) PORT_ZAlloc(sizeof(CERTNameConstraint));
- if (current == NULL) {
- error_allocate();
- }
- }
+ if (*(constraint + PORT_Strlen(constraint) + 3) == 'p') {
+ permited = PR_TRUE;
+ } else {
+ permited = PR_FALSE;
+ }
+ rv = MakeGeneralName(constraint, &(current->name), arena);
+
+ if (rv != SECSuccess) {
+ break;
+ }
+ if (*(which + len - 1) < '9') {
+ *(which + len - 1) = *(which + len - 1) + 1;
+ } else {
+ if (isdigit(*(which + len - 2))) {
+ *(which + len - 2) = *(which + len - 2) + 1;
+ *(which + len - 1) = '0';
+ } else {
+ *(which + len - 1) = '1';
+ *(which + len) = '0';
+ *(which + len + 1) = '\0';
+ len++;
+ }
+ }
+ len = PORT_Strlen(which);
+ if (permited) {
+ if (NameConstraints->permited == NULL) {
+ NameConstraints->permited = last_permited = current;
+ }
+ last_permited->l.next = &(current->l);
+ current->l.prev = &(last_permited->l);
+ last_permited = current;
+ } else {
+ if (NameConstraints->excluded == NULL) {
+ NameConstraints->excluded = last_excluded = current;
+ }
+ last_excluded->l.next = &(current->l);
+ current->l.prev = &(last_excluded->l);
+ last_excluded = current;
+ }
+ constraint = find_field(data, which, PR_TRUE);
+ if (constraint != NULL) {
+ current = (CERTNameConstraint *)PORT_ZAlloc(sizeof(CERTNameConstraint));
+ if (current == NULL) {
+ error_allocate();
+ }
+ }
}
if (NameConstraints->permited != NULL) {
- last_permited->l.next = &(NameConstraints->permited->l);
- NameConstraints->permited->l.prev = &(last_permited->l);
+ last_permited->l.next = &(NameConstraints->permited->l);
+ NameConstraints->permited->l.prev = &(last_permited->l);
}
if (NameConstraints->excluded != NULL) {
- last_excluded->l.next = &(NameConstraints->excluded->l);
- NameConstraints->excluded->l.prev = &(last_excluded->l);
+ last_excluded->l.next = &(NameConstraints->excluded->l);
+ NameConstraints->excluded->l.prev = &(last_excluded->l);
}
if (which != NULL) {
- PORT_Free(which);
+ PORT_Free(which);
}
if (rv == SECFailure) {
- return NULL;
+ return NULL;
}
return NameConstraints;
}
-
-
static SECStatus
-AddAltName(void *extHandle,
- Pair *data,
- char *issuerNameStr,
- CERTCertDBHandle *handle,
- int type)
+AddAltName(void *extHandle,
+ Pair *data,
+ char *issuerNameStr,
+ CERTCertDBHandle *handle,
+ int type)
{
- PRBool autoIssuer = PR_FALSE;
- PLArenaPool *arena = NULL;
- CERTGeneralName *genName = NULL;
- char *which = NULL;
- char *name = NULL;
- SECStatus rv = SECSuccess;
- SECItem *issuersAltName = NULL;
- CERTCertificate *issuerCert = NULL;
+ PRBool autoIssuer = PR_FALSE;
+ PLArenaPool *arena = NULL;
+ CERTGeneralName *genName = NULL;
+ char *which = NULL;
+ char *name = NULL;
+ SECStatus rv = SECSuccess;
+ SECItem *issuersAltName = NULL;
+ CERTCertificate *issuerCert = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- error_allocate();
+ error_allocate();
}
if (type == 0) {
- which = make_copy_string("SubAltNameSelect0", 20,'\0');
- genName = MakeAltName(data, which, arena);
+ which = make_copy_string("SubAltNameSelect0", 20, '\0');
+ genName = MakeAltName(data, which, arena);
} else {
- if (autoIssuer) {
- autoIssuer = find_field_bool(data,"IssuerAltNameSourceRadio-auto",
- PR_TRUE);
- issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
- rv = cert_FindExtension((*issuerCert).extensions,
- SEC_OID_X509_SUBJECT_ALT_NAME,
- issuersAltName);
- if (issuersAltName == NULL) {
- name = PORT_Alloc(PORT_Strlen((*issuerCert).subjectName) + 4);
- PORT_Strcpy(name, (*issuerCert).subjectName);
- PORT_Strcat(name, " - 5");
- }
- } else {
- which = make_copy_string("IssuerAltNameSelect0", 20,'\0');
- genName = MakeAltName(data, which, arena);
- }
+ if (autoIssuer) {
+ autoIssuer = find_field_bool(data, "IssuerAltNameSourceRadio-auto",
+ PR_TRUE);
+ issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
+ rv = cert_FindExtension((*issuerCert).extensions,
+ SEC_OID_X509_SUBJECT_ALT_NAME,
+ issuersAltName);
+ if (issuersAltName == NULL) {
+ name = PORT_Alloc(PORT_Strlen((*issuerCert).subjectName) + 4);
+ PORT_Strcpy(name, (*issuerCert).subjectName);
+ PORT_Strcat(name, " - 5");
+ }
+ } else {
+ which = make_copy_string("IssuerAltNameSelect0", 20, '\0');
+ genName = MakeAltName(data, which, arena);
+ }
}
if (type == 0) {
- EncodeAndAddExtensionValue(arena, extHandle, genName,
- find_field_bool(data, "SubAltName-crit",
- PR_TRUE),
- SEC_OID_X509_SUBJECT_ALT_NAME,
- (EXTEN_VALUE_ENCODER)
- CERT_EncodeAltNameExtension);
+ EncodeAndAddExtensionValue(arena, extHandle, genName,
+ find_field_bool(data, "SubAltName-crit",
+ PR_TRUE),
+ SEC_OID_X509_SUBJECT_ALT_NAME,
+ (EXTEN_VALUE_ENCODER)
+ CERT_EncodeAltNameExtension);
} else {
- if (autoIssuer && (name == NULL)) {
- rv = CERT_AddExtension
- (extHandle, SEC_OID_X509_ISSUER_ALT_NAME, issuersAltName,
- find_field_bool(data, "IssuerAltName-crit", PR_TRUE), PR_TRUE);
- } else {
- EncodeAndAddExtensionValue(arena, extHandle, genName,
- find_field_bool(data,
- "IssuerAltName-crit",
- PR_TRUE),
- SEC_OID_X509_ISSUER_ALT_NAME,
- (EXTEN_VALUE_ENCODER)
- CERT_EncodeAltNameExtension);
- }
+ if (autoIssuer && (name == NULL)) {
+ rv = CERT_AddExtension(extHandle, SEC_OID_X509_ISSUER_ALT_NAME, issuersAltName,
+ find_field_bool(data, "IssuerAltName-crit", PR_TRUE), PR_TRUE);
+ } else {
+ EncodeAndAddExtensionValue(arena, extHandle, genName,
+ find_field_bool(data,
+ "IssuerAltName-crit",
+ PR_TRUE),
+ SEC_OID_X509_ISSUER_ALT_NAME,
+ (EXTEN_VALUE_ENCODER)
+ CERT_EncodeAltNameExtension);
+ }
}
if (which != NULL) {
- PORT_Free(which);
+ PORT_Free(which);
}
if (issuerCert != NULL) {
- CERT_DestroyCertificate(issuerCert);
+ CERT_DestroyCertificate(issuerCert);
}
return rv;
}
-
static SECStatus
-AddNameConstraints(void *extHandle,
- Pair *data)
+AddNameConstraints(void *extHandle,
+ Pair *data)
{
- PLArenaPool *arena = NULL;
+ PLArenaPool *arena = NULL;
CERTNameConstraints *constraints = NULL;
- SECStatus rv = SECSuccess;
-
+ SECStatus rv = SECSuccess;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- error_allocate();
+ error_allocate();
}
constraints = MakeNameConstraints(data, arena);
if (constraints != NULL) {
- EncodeAndAddExtensionValue(arena, extHandle, constraints, PR_TRUE,
- SEC_OID_X509_NAME_CONSTRAINTS,
- (EXTEN_VALUE_ENCODER)
- CERT_EncodeNameConstraintsExtension);
+ EncodeAndAddExtensionValue(arena, extHandle, constraints, PR_TRUE,
+ SEC_OID_X509_NAME_CONSTRAINTS,
+ (EXTEN_VALUE_ENCODER)
+ CERT_EncodeNameConstraintsExtension);
}
if (arena != NULL) {
- PORT_ArenaRelease (arena, NULL);
+ PORT_ArenaRelease(arena, NULL);
}
return rv;
}
-
static SECStatus
-add_extensions(CERTCertificate *subjectCert,
- Pair *data,
- char *issuerNameStr,
- CERTCertDBHandle *handle)
+add_extensions(CERTCertificate *subjectCert,
+ Pair *data,
+ char *issuerNameStr,
+ CERTCertDBHandle *handle)
{
- void *extHandle;
- SECStatus rv = SECSuccess;
-
+ void *extHandle;
+ SECStatus rv = SECSuccess;
- extHandle = CERT_StartCertExtensions (subjectCert);
+ extHandle = CERT_StartCertExtensions(subjectCert);
if (extHandle == NULL) {
- error_out("ERROR: Unable to get certificates extension handle");
+ error_out("ERROR: Unable to get certificates extension handle");
}
if (find_field_bool(data, "keyUsage", PR_TRUE)) {
- rv = AddKeyUsage(extHandle, data);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Key Usage extension");
- }
+ rv = AddKeyUsage(extHandle, data);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Key Usage extension");
+ }
}
- if( find_field_bool(data, "extKeyUsage", PR_TRUE) ) {
- rv = AddExtKeyUsage(extHandle, data);
- if( SECSuccess != rv ) {
- error_out("ERROR: Unable to add Extended Key Usage extension");
- }
+ if (find_field_bool(data, "extKeyUsage", PR_TRUE)) {
+ rv = AddExtKeyUsage(extHandle, data);
+ if (SECSuccess != rv) {
+ error_out("ERROR: Unable to add Extended Key Usage extension");
+ }
}
if (find_field_bool(data, "basicConstraints", PR_TRUE)) {
- rv = AddBasicConstraint(extHandle, data);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Basic Constraint extension");
- }
+ rv = AddBasicConstraint(extHandle, data);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Basic Constraint extension");
+ }
}
if (find_field_bool(data, "subjectKeyIdentifier", PR_TRUE)) {
- rv = AddSubKeyID(extHandle, data, subjectCert);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Subject Key Identifier Extension");
- }
+ rv = AddSubKeyID(extHandle, data, subjectCert);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Subject Key Identifier Extension");
+ }
}
if (find_field_bool(data, "authorityKeyIdentifier", PR_TRUE)) {
- rv = AddAuthKeyID (extHandle, data, issuerNameStr, handle);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Authority Key Identifier extension");
- }
+ rv = AddAuthKeyID(extHandle, data, issuerNameStr, handle);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Authority Key Identifier extension");
+ }
}
if (find_field_bool(data, "privKeyUsagePeriod", PR_TRUE)) {
- rv = AddPrivKeyUsagePeriod (extHandle, data, subjectCert);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Private Key Usage Period extension");
- }
+ rv = AddPrivKeyUsagePeriod(extHandle, data, subjectCert);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Private Key Usage Period extension");
+ }
}
if (find_field_bool(data, "SubAltName", PR_TRUE)) {
- rv = AddAltName (extHandle, data, NULL, NULL, 0);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Subject Alternative Name extension");
- }
+ rv = AddAltName(extHandle, data, NULL, NULL, 0);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Subject Alternative Name extension");
+ }
}
if (find_field_bool(data, "IssuerAltName", PR_TRUE)) {
- rv = AddAltName (extHandle, data, issuerNameStr, handle, 1);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Issuer Alternative Name Extension");
- }
+ rv = AddAltName(extHandle, data, issuerNameStr, handle, 1);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Issuer Alternative Name Extension");
+ }
}
if (find_field_bool(data, "NameConstraints", PR_TRUE)) {
- rv = AddNameConstraints(extHandle, data);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Name Constraints Extension");
- }
+ rv = AddNameConstraints(extHandle, data);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Name Constraints Extension");
+ }
}
if (find_field_bool(data, "netscape-cert-type", PR_TRUE)) {
- rv = AddNscpCertType(extHandle, data);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape Certificate Type Extension");
- }
+ rv = AddNscpCertType(extHandle, data);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Netscape Certificate Type Extension");
+ }
}
if (find_field_bool(data, "netscape-base-url", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data, "netscape-base-url-text",
- PR_TRUE),
- find_field_bool(data,
- "netscape-base-url-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_BASE_URL);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape Base URL Extension");
- }
+ rv = add_IA5StringExtension(extHandle,
+ find_field(data, "netscape-base-url-text",
+ PR_TRUE),
+ find_field_bool(data,
+ "netscape-base-url-crit",
+ PR_TRUE),
+ SEC_OID_NS_CERT_EXT_BASE_URL);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Netscape Base URL Extension");
+ }
}
if (find_field_bool(data, "netscape-revocation-url", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data,
- "netscape-revocation-url-text",
- PR_TRUE),
- find_field_bool
- (data, "netscape-revocation-url-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_REVOCATION_URL);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape Revocation URL Extension");
- }
+ rv = add_IA5StringExtension(extHandle,
+ find_field(data,
+ "netscape-revocation-url-text",
+ PR_TRUE),
+ find_field_bool(data, "netscape-revocation-url-crit",
+ PR_TRUE),
+ SEC_OID_NS_CERT_EXT_REVOCATION_URL);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Netscape Revocation URL Extension");
+ }
}
if (find_field_bool(data, "netscape-ca-revocation-url", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data,
- "netscape-ca-revocation-url-text",
- PR_TRUE),
- find_field_bool
- (data, "netscape-ca-revocation-url-crit"
- , PR_TRUE),
- SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape CA Revocation URL Extension");
- }
+ rv = add_IA5StringExtension(extHandle,
+ find_field(data,
+ "netscape-ca-revocation-url-text",
+ PR_TRUE),
+ find_field_bool(data, "netscape-ca-revocation-url-crit", PR_TRUE),
+ SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Netscape CA Revocation URL Extension");
+ }
}
if (find_field_bool(data, "netscape-cert-renewal-url", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data,
- "netscape-cert-renewal-url-text",
- PR_TRUE),
- find_field_bool
- (data, "netscape-cert-renewal-url-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape Certificate Renewal URL Extension");
- }
+ rv = add_IA5StringExtension(extHandle,
+ find_field(data,
+ "netscape-cert-renewal-url-text",
+ PR_TRUE),
+ find_field_bool(data, "netscape-cert-renewal-url-crit",
+ PR_TRUE),
+ SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Netscape Certificate Renewal URL Extension");
+ }
}
if (find_field_bool(data, "netscape-ca-policy-url", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data,
- "netscape-ca-policy-url-text",
- PR_TRUE),
- find_field_bool
- (data, "netscape-ca-policy-url-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_CA_POLICY_URL);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape CA Policy URL Extension");
- }
+ rv = add_IA5StringExtension(extHandle,
+ find_field(data,
+ "netscape-ca-policy-url-text",
+ PR_TRUE),
+ find_field_bool(data, "netscape-ca-policy-url-crit",
+ PR_TRUE),
+ SEC_OID_NS_CERT_EXT_CA_POLICY_URL);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Netscape CA Policy URL Extension");
+ }
}
if (find_field_bool(data, "netscape-ssl-server-name", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data,
- "netscape-ssl-server-name-text",
- PR_TRUE),
- find_field_bool
- (data, "netscape-ssl-server-name-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape SSL Server Name Extension");
- }
+ rv = add_IA5StringExtension(extHandle,
+ find_field(data,
+ "netscape-ssl-server-name-text",
+ PR_TRUE),
+ find_field_bool(data, "netscape-ssl-server-name-crit",
+ PR_TRUE),
+ SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Netscape SSL Server Name Extension");
+ }
}
if (find_field_bool(data, "netscape-comment", PR_TRUE)) {
- rv = add_IA5StringExtension(extHandle,
- find_field(data, "netscape-comment-text",
- PR_TRUE),
- find_field_bool(data,
- "netscape-comment-crit",
- PR_TRUE),
- SEC_OID_NS_CERT_EXT_COMMENT);
- if (rv != SECSuccess) {
- error_out("ERROR: Unable to add Netscape Comment Extension");
- }
+ rv = add_IA5StringExtension(extHandle,
+ find_field(data, "netscape-comment-text",
+ PR_TRUE),
+ find_field_bool(data,
+ "netscape-comment-crit",
+ PR_TRUE),
+ SEC_OID_NS_CERT_EXT_COMMENT);
+ if (rv != SECSuccess) {
+ error_out("ERROR: Unable to add Netscape Comment Extension");
+ }
}
CERT_FinishExtensions(extHandle);
return (rv);
}
-
-
char *
return_dbpasswd(PK11SlotInfo *slot, PRBool retry, void *data)
{
@@ -1983,143 +1929,138 @@ return_dbpasswd(PK11SlotInfo *slot, PRBool retry, void *data)
/* don't clobber our poor smart card */
if (retry == PR_TRUE) {
- return NULL;
+ return NULL;
}
rv = PORT_Alloc(4);
PORT_Strcpy(rv, "foo");
return rv;
}
-
SECKEYPrivateKey *
-FindPrivateKeyFromNameStr(char *name,
- CERTCertDBHandle *certHandle)
+FindPrivateKeyFromNameStr(char *name,
+ CERTCertDBHandle *certHandle)
{
- SECKEYPrivateKey *key;
- CERTCertificate *cert;
- CERTCertificate *p11Cert;
-
+ SECKEYPrivateKey *key;
+ CERTCertificate *cert;
+ CERTCertificate *p11Cert;
- /* We don't presently have a PK11 function to find a cert by
- ** subject name.
+ /* We don't presently have a PK11 function to find a cert by
+ ** subject name.
** We do have a function to find a cert in the internal slot's
** cert db by subject name, but it doesn't setup the slot info.
- ** So, this HACK works, but should be replaced as soon as we
+ ** So, this HACK works, but should be replaced as soon as we
** have a function to search for certs accross slots by subject name.
*/
cert = CERT_FindCertByNameString(certHandle, name);
if (cert == NULL || cert->nickname == NULL) {
- error_out("ERROR: Unable to retrieve issuers certificate");
+ error_out("ERROR: Unable to retrieve issuers certificate");
}
p11Cert = PK11_FindCertFromNickname(cert->nickname, NULL);
if (p11Cert == NULL) {
- error_out("ERROR: Unable to retrieve issuers certificate");
+ error_out("ERROR: Unable to retrieve issuers certificate");
}
key = PK11_FindKeyByAnyCert(p11Cert, NULL);
return key;
}
static SECItem *
-SignCert(CERTCertificate *cert,
- char *issuerNameStr,
- Pair *data,
- CERTCertDBHandle *handle,
- int which_key)
+SignCert(CERTCertificate *cert,
+ char *issuerNameStr,
+ Pair *data,
+ CERTCertDBHandle *handle,
+ int which_key)
{
- SECItem der;
- SECKEYPrivateKey *caPrivateKey = NULL;
- SECStatus rv;
- PLArenaPool *arena;
- SECOidTag algID;
+ SECItem der;
+ SECKEYPrivateKey *caPrivateKey = NULL;
+ SECStatus rv;
+ PLArenaPool *arena;
+ SECOidTag algID;
if (which_key == 0) {
- caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle);
+ caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle);
} else {
- caPrivateKey = privkeys[which_key - 1];
+ caPrivateKey = privkeys[which_key - 1];
}
if (caPrivateKey == NULL) {
- error_out("ERROR: unable to retrieve issuers key");
+ error_out("ERROR: unable to retrieve issuers key");
}
-
+
arena = cert->arena;
algID = SEC_GetSignatureAlgorithmOidTag(caPrivateKey->keyType,
- SEC_OID_UNKNOWN);
+ SEC_OID_UNKNOWN);
if (algID == SEC_OID_UNKNOWN) {
- error_out("ERROR: Unknown key type for issuer.");
- goto done;
+ error_out("ERROR: Unknown key type for issuer.");
+ goto done;
}
rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0);
if (rv != SECSuccess) {
- error_out("ERROR: Could not set signature algorithm id.");
+ error_out("ERROR: Could not set signature algorithm id.");
}
- if (find_field_bool(data,"ver-1", PR_TRUE)) {
- *(cert->version.data) = 0;
- cert->version.len = 1;
+ if (find_field_bool(data, "ver-1", PR_TRUE)) {
+ *(cert->version.data) = 0;
+ cert->version.len = 1;
} else {
- *(cert->version.data) = 2;
- cert->version.len = 1;
+ *(cert->version.data) = 2;
+ cert->version.len = 1;
}
der.data = NULL;
der.len = 0;
- (void) SEC_ASN1EncodeItem (arena, &der, cert, CERT_CertificateTemplate);
+ (void)SEC_ASN1EncodeItem(arena, &der, cert, CERT_CertificateTemplate);
if (der.data == NULL) {
- error_out("ERROR: Could not encode certificate.\n");
+ error_out("ERROR: Could not encode certificate.\n");
}
- rv = SEC_DerSignData (arena, &(cert->derCert), der.data, der.len, caPrivateKey,
- algID);
+ rv = SEC_DerSignData(arena, &(cert->derCert), der.data, der.len, caPrivateKey,
+ algID);
if (rv != SECSuccess) {
- error_out("ERROR: Could not sign encoded certificate data.\n");
+ error_out("ERROR: Could not sign encoded certificate data.\n");
}
done:
SECKEY_DestroyPrivateKey(caPrivateKey);
return &(cert->derCert);
}
-
int
main(int argc, char **argv)
{
- int length = 500;
- int remaining = 500;
- int n;
- int i;
- int serial;
- int chainLen;
- int which_key;
- char *pos;
+ int length = 500;
+ int remaining = 500;
+ int n;
+ int i;
+ int serial;
+ int chainLen;
+ int which_key;
+ char *pos;
#ifdef OFFLINE
- char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iydzPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXcsAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZaOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dtrue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoiceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24";
+ char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iydzPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXcsAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZaOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dtrue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoiceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24";
#else
- char *form_output;
+ char *form_output;
#endif
- char *issuerNameStr;
- char *certName;
- char *DBdir = DB_DIRECTORY;
- char *prefixs[10] = {"CA#1-", "CA#2-", "CA#3-",
- "CA#4-", "CA#5-", "CA#6-",
- "CA#7-", "CA#8-", "CA#9-", ""};
- Pair *form_data;
- CERTCertificate *cert;
- CERTCertDBHandle *handle;
+ char *issuerNameStr;
+ char *certName;
+ char *DBdir = DB_DIRECTORY;
+ char *prefixs[10] = { "CA#1-", "CA#2-", "CA#3-",
+ "CA#4-", "CA#5-", "CA#6-",
+ "CA#7-", "CA#8-", "CA#9-", "" };
+ Pair *form_data;
+ CERTCertificate *cert;
+ CERTCertDBHandle *handle;
CERTCertificateRequest *certReq = NULL;
- int warpmonths = 0;
- SECItem *certDER;
+ int warpmonths = 0;
+ SECItem *certDER;
#ifdef FILEOUT
- FILE *outfile;
+ FILE *outfile;
#endif
- SECStatus status = SECSuccess;
- extern char prefix[PREFIX_LEN];
- SEC_PKCS7ContentInfo *certChain;
- SECItem *encodedCertChain;
- PRBool UChain = PR_FALSE;
-
+ SECStatus status = SECSuccess;
+ extern char prefix[PREFIX_LEN];
+ SEC_PKCS7ContentInfo *certChain;
+ SECItem *encodedCertChain;
+ PRBool UChain = PR_FALSE;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
+ progName = progName ? progName + 1 : argv[0];
#ifdef TEST
sleep(20);
@@ -2129,31 +2070,31 @@ main(int argc, char **argv)
PK11_SetPasswordFunc(return_dbpasswd);
status = NSS_InitReadWrite(DBdir);
if (status != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- return -1;
+ SECU_PrintPRandOSError(progName);
+ return -1;
}
handle = CERT_GetDefaultCertDB();
- prefix[0]= '\0';
+ prefix[0] = '\0';
#if !defined(OFFLINE)
- form_output = (char*) PORT_Alloc(length);
+ form_output = (char *)PORT_Alloc(length);
if (form_output == NULL) {
- error_allocate();
+ error_allocate();
}
pos = form_output;
- while (feof(stdin) == 0 ) {
- if (remaining <= 1) {
- remaining += length;
- length = length * 2;
- form_output = PORT_Realloc(form_output, (length));
- if (form_output == NULL) {
- error_allocate();
- }
- pos = form_output + length - remaining;
- }
- n = fread(pos, 1, (size_t) (remaining - 1), stdin);
- pos += n;
- remaining -= n;
+ while (feof(stdin) == 0) {
+ if (remaining <= 1) {
+ remaining += length;
+ length = length * 2;
+ form_output = PORT_Realloc(form_output, (length));
+ if (form_output == NULL) {
+ error_allocate();
+ }
+ pos = form_output + length - remaining;
+ }
+ n = fread(pos, 1, (size_t)(remaining - 1), stdin);
+ pos += n;
+ remaining -= n;
}
*pos = '&';
pos++;
@@ -2178,112 +2119,110 @@ main(int argc, char **argv)
#endif
#ifdef FILEOUT
i = 0;
- while(return_name(form_data, i) != NULL) {
- printf("%s",return_name(form_data,i));
+ while (return_name(form_data, i) != NULL) {
+ printf("%s", return_name(form_data, i));
printf("=\n");
- printf("%s",return_data(form_data,i));
+ printf("%s", return_data(form_data, i));
printf("\n");
- i++;
+ i++;
}
printf("I got that done, woo hoo\n");
fflush(stdout);
#endif
issuerNameStr = PORT_Alloc(200);
if (find_field_bool(form_data, "caChoiceradio-SignWithSpecifiedChain",
- PR_FALSE)) {
- UChain = PR_TRUE;
- chainLen = atoi(find_field(form_data, "manCAs", PR_FALSE));
- PORT_Strcpy(prefix, prefixs[0]);
- issuerNameStr = PORT_Strcpy(issuerNameStr,
- "CN=Cert-O-Matic II, O=Cert-O-Matic II");
- if (chainLen == 0) {
- UChain = PR_FALSE;
- }
+ PR_FALSE)) {
+ UChain = PR_TRUE;
+ chainLen = atoi(find_field(form_data, "manCAs", PR_FALSE));
+ PORT_Strcpy(prefix, prefixs[0]);
+ issuerNameStr = PORT_Strcpy(issuerNameStr,
+ "CN=Cert-O-Matic II, O=Cert-O-Matic II");
+ if (chainLen == 0) {
+ UChain = PR_FALSE;
+ }
} else {
- if (find_field_bool(form_data, "caChoiceradio-SignWithRandomChain",
- PR_FALSE)) {
- PORT_Strcpy(prefix,prefixs[9]);
- chainLen = atoi(find_field(form_data, "autoCAs", PR_FALSE));
- if (chainLen < 1 || chainLen > 18) {
- issuerNameStr = PORT_Strcpy(issuerNameStr,
- "CN=CA18, O=Cert-O-Matic II");
- }
- issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=CA");
- issuerNameStr = PORT_Strcat(issuerNameStr,
- find_field(form_data,"autoCAs", PR_FALSE));
- issuerNameStr = PORT_Strcat(issuerNameStr,", O=Cert-O-Matic II");
- } else {
- issuerNameStr = PORT_Strcpy(issuerNameStr,
- "CN=Cert-O-Matic II, O=Cert-O-Matic II");
- }
- chainLen = 0;
+ if (find_field_bool(form_data, "caChoiceradio-SignWithRandomChain",
+ PR_FALSE)) {
+ PORT_Strcpy(prefix, prefixs[9]);
+ chainLen = atoi(find_field(form_data, "autoCAs", PR_FALSE));
+ if (chainLen < 1 || chainLen > 18) {
+ issuerNameStr = PORT_Strcpy(issuerNameStr,
+ "CN=CA18, O=Cert-O-Matic II");
+ }
+ issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=CA");
+ issuerNameStr = PORT_Strcat(issuerNameStr,
+ find_field(form_data, "autoCAs", PR_FALSE));
+ issuerNameStr = PORT_Strcat(issuerNameStr, ", O=Cert-O-Matic II");
+ } else {
+ issuerNameStr = PORT_Strcpy(issuerNameStr,
+ "CN=Cert-O-Matic II, O=Cert-O-Matic II");
+ }
+ chainLen = 0;
}
i = -1;
which_key = 0;
do {
- extern SECStatus cert_GetKeyID(CERTCertificate *cert);
- i++;
- if (i != 0 && UChain) {
- PORT_Strcpy(prefix, prefixs[i]);
- }
- /* find_field(form_data,"subject", PR_TRUE); */
- certReq = makeCertReq(form_data, which_key);
+ extern SECStatus cert_GetKeyID(CERTCertificate * cert);
+ i++;
+ if (i != 0 && UChain) {
+ PORT_Strcpy(prefix, prefixs[i]);
+ }
+ /* find_field(form_data,"subject", PR_TRUE); */
+ certReq = makeCertReq(form_data, which_key);
#ifdef OFFLINE
- serial = 900;
+ serial = 900;
#else
- serial = get_serial_number(form_data);
+ serial = get_serial_number(form_data);
#endif
- cert = MakeV1Cert(handle, certReq, issuerNameStr, PR_FALSE,
- serial, warpmonths, form_data);
- if (certReq != NULL) {
- CERT_DestroyCertificateRequest(certReq);
- }
- if (find_field_bool(form_data,"ver-3", PR_TRUE)) {
- status = add_extensions(cert, form_data, issuerNameStr, handle);
- if (status != SECSuccess) {
- error_out("ERROR: Unable to add extensions");
- }
- }
- status = cert_GetKeyID(cert);
- if (status == SECFailure) {
- error_out("ERROR: Unable to get Key ID.");
- }
- certDER = SignCert(cert, issuerNameStr, form_data, handle, which_key);
- CERT_NewTempCertificate(handle, certDER, NULL, PR_FALSE, PR_TRUE);
- issuerNameStr = find_field(form_data, "subject", PR_TRUE);
- /* SECITEM_FreeItem(certDER, PR_TRUE); */
- CERT_DestroyCertificate(cert);
- if (i == (chainLen - 1)) {
- i = 8;
- }
- ++which_key;
+ cert = MakeV1Cert(handle, certReq, issuerNameStr, PR_FALSE,
+ serial, warpmonths, form_data);
+ if (certReq != NULL) {
+ CERT_DestroyCertificateRequest(certReq);
+ }
+ if (find_field_bool(form_data, "ver-3", PR_TRUE)) {
+ status = add_extensions(cert, form_data, issuerNameStr, handle);
+ if (status != SECSuccess) {
+ error_out("ERROR: Unable to add extensions");
+ }
+ }
+ status = cert_GetKeyID(cert);
+ if (status == SECFailure) {
+ error_out("ERROR: Unable to get Key ID.");
+ }
+ certDER = SignCert(cert, issuerNameStr, form_data, handle, which_key);
+ CERT_NewTempCertificate(handle, certDER, NULL, PR_FALSE, PR_TRUE);
+ issuerNameStr = find_field(form_data, "subject", PR_TRUE);
+ /* SECITEM_FreeItem(certDER, PR_TRUE); */
+ CERT_DestroyCertificate(cert);
+ if (i == (chainLen - 1)) {
+ i = 8;
+ }
+ ++which_key;
} while (i < 9 && UChain);
-
-
#ifdef FILEOUT
outfile = fopen("../certout", "wb");
#endif
certName = find_field(form_data, "subject", PR_FALSE);
cert = CERT_FindCertByNameString(handle, certName);
- certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, handle);
+ certChain = SEC_PKCS7CreateCertsOnly(cert, PR_TRUE, handle);
if (certChain == NULL) {
- error_out("ERROR: No certificates in cert chain");
+ error_out("ERROR: No certificates in cert chain");
}
- encodedCertChain = SEC_PKCS7EncodeItem (NULL, NULL, certChain, NULL, NULL,
- NULL);
+ encodedCertChain = SEC_PKCS7EncodeItem(NULL, NULL, certChain, NULL, NULL,
+ NULL);
if (encodedCertChain) {
#if !defined(FILEOUT)
- printf("Content-type: application/x-x509-user-cert\r\n");
- printf("Content-length: %d\r\n\r\n", encodedCertChain->len);
- fwrite (encodedCertChain->data, 1, encodedCertChain->len, stdout);
+ printf("Content-type: application/x-x509-user-cert\r\n");
+ printf("Content-length: %d\r\n\r\n", encodedCertChain->len);
+ fwrite(encodedCertChain->data, 1, encodedCertChain->len, stdout);
#else
- fwrite (encodedCertChain->data, 1, encodedCertChain->len, outfile);
+ fwrite(encodedCertChain->data, 1, encodedCertChain->len, outfile);
#endif
} else {
- error_out("Error: Unable to DER encode certificate");
+ error_out("Error: Unable to DER encode certificate");
}
#ifdef FILEOUT
printf("\nI got here!\n");
@@ -2296,4 +2235,3 @@ main(int argc, char **argv)
}
return 0;
}
-
diff --git a/cmd/certutil/certext.c b/cmd/certutil/certext.c
index 8796747d8..12af61571 100644
--- a/cmd/certutil/certext.c
+++ b/cmd/certutil/certext.c
@@ -30,12 +30,15 @@
#include "genname.h"
#include "prnetdb.h"
-#define GEN_BREAK(e) rv=e; break;
+#define GEN_BREAK(e) \
+ rv = e; \
+ break;
static char *
-Gets_s(char *buff, size_t size) {
+Gets_s(char *buff, size_t size)
+{
char *str;
-
+
if (buff == NULL || size < 1) {
PORT_Assert(0);
return NULL;
@@ -46,7 +49,7 @@ Gets_s(char *buff, size_t size) {
* fgets() automatically converts native text file
* line endings to '\n'. As defensive programming
* (just in case fgets has a bug or we put stdin in
- * binary mode by mistake), we handle three native
+ * binary mode by mistake), we handle three native
* text file line endings here:
* '\n' Unix (including Linux and Mac OS X)
* '\r''\n' DOS/Windows & OS/2
@@ -65,13 +68,12 @@ Gets_s(char *buff, size_t size) {
return str;
}
-
static SECStatus
-PrintChoicesAndGetAnswer(char* str, char* rBuff, int rSize)
+PrintChoicesAndGetAnswer(char *str, char *rBuff, int rSize)
{
fputs(str, stdout);
fputs(" > ", stdout);
- fflush (stdout);
+ fflush(stdout);
if (Gets_s(rBuff, rSize) == NULL) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
return SECFailure;
@@ -90,114 +92,116 @@ GetGeneralName(PLArenaPool *arena, CERTGeneralName *useExistingName, PRBool only
char buffer[512];
void *mark;
- PORT_Assert (arena);
- mark = PORT_ArenaMark (arena);
+ PORT_Assert(arena);
+ mark = PORT_ArenaMark(arena);
do {
if (PrintChoicesAndGetAnswer(
- "\nSelect one of the following general name type: \n"
- "\t2 - rfc822Name\n"
- "\t3 - dnsName\n"
- "\t5 - directoryName\n"
- "\t7 - uniformResourceidentifier\n"
- "\t8 - ipAddress\n"
- "\t9 - registerID\n"
- "\tAny other number to finish\n"
- "\t\tChoice:", buffer, sizeof(buffer)) == SECFailure) {
- GEN_BREAK (SECFailure);
- }
- intValue = PORT_Atoi (buffer);
+ "\nSelect one of the following general name type: \n"
+ "\t2 - rfc822Name\n"
+ "\t3 - dnsName\n"
+ "\t5 - directoryName\n"
+ "\t7 - uniformResourceidentifier\n"
+ "\t8 - ipAddress\n"
+ "\t9 - registerID\n"
+ "\tAny other number to finish\n"
+ "\t\tChoice:",
+ buffer, sizeof(buffer)) == SECFailure) {
+ GEN_BREAK(SECFailure);
+ }
+ intValue = PORT_Atoi(buffer);
/*
* Should use ZAlloc instead of Alloc to avoid problem with garbage
* initialized pointers in CERT_CopyName
*/
switch (intValue) {
- case certRFC822Name:
- case certDNSName:
- case certDirectoryName:
- case certURI:
- case certIPAddress:
- case certRegisterID:
- break;
- default:
- intValue = 0; /* force a break for anything else */
- }
+ case certRFC822Name:
+ case certDNSName:
+ case certDirectoryName:
+ case certURI:
+ case certIPAddress:
+ case certRegisterID:
+ break;
+ default:
+ intValue = 0; /* force a break for anything else */
+ }
if (intValue == 0)
- break;
-
- if (namesList == NULL) {
+ break;
+
+ if (namesList == NULL) {
if (useExistingName) {
namesList = current = tail = useExistingName;
} else {
namesList = current = tail =
PORT_ArenaZNew(arena, CERTGeneralName);
}
- } else {
- current = PORT_ArenaZNew(arena, CERTGeneralName);
- }
- if (current == NULL) {
- GEN_BREAK (SECFailure);
- }
+ } else {
+ current = PORT_ArenaZNew(arena, CERTGeneralName);
+ }
+ if (current == NULL) {
+ GEN_BREAK(SECFailure);
+ }
current->type = intValue;
- puts ("\nEnter data:");
- fflush (stdout);
- if (Gets_s (buffer, sizeof(buffer)) == NULL) {
+ puts("\nEnter data:");
+ fflush(stdout);
+ if (Gets_s(buffer, sizeof(buffer)) == NULL) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
switch (current->type) {
- case certURI:
- case certDNSName:
- case certRFC822Name:
- current->name.other.data =
- PORT_ArenaAlloc (arena, strlen (buffer));
- if (current->name.other.data == NULL) {
- GEN_BREAK (SECFailure);
- }
- PORT_Memcpy(current->name.other.data, buffer,
- current->name.other.len = strlen(buffer));
- break;
+ case certURI:
+ case certDNSName:
+ case certRFC822Name:
+ current->name.other.data =
+ PORT_ArenaAlloc(arena, strlen(buffer));
+ if (current->name.other.data == NULL) {
+ GEN_BREAK(SECFailure);
+ }
+ PORT_Memcpy(current->name.other.data, buffer,
+ current->name.other.len = strlen(buffer));
+ break;
+
+ case certEDIPartyName:
+ case certIPAddress:
+ case certOtherName:
+ case certRegisterID:
+ case certX400Address: {
- case certEDIPartyName:
- case certIPAddress:
- case certOtherName:
- case certRegisterID:
- case certX400Address: {
+ current->name.other.data =
+ PORT_ArenaAlloc(arena, strlen(buffer) + 2);
+ if (current->name.other.data == NULL) {
+ GEN_BREAK(SECFailure);
+ }
- current->name.other.data =
- PORT_ArenaAlloc (arena, strlen (buffer) + 2);
- if (current->name.other.data == NULL) {
- GEN_BREAK (SECFailure);
+ PORT_Memcpy(current->name.other.data + 2, buffer,
+ strlen(buffer));
+ /* This may not be accurate for all cases. For now,
+ * use this tag type */
+ current->name.other.data[0] =
+ (char)(((current->type - 1) & 0x1f) | 0x80);
+ current->name.other.data[1] = (char)strlen(buffer);
+ current->name.other.len = strlen(buffer) + 2;
+ break;
}
-
- PORT_Memcpy (current->name.other.data + 2, buffer,
- strlen (buffer));
- /* This may not be accurate for all cases. For now,
- * use this tag type */
- current->name.other.data[0] =
- (char)(((current->type - 1) & 0x1f)| 0x80);
- current->name.other.data[1] = (char)strlen (buffer);
- current->name.other.len = strlen (buffer) + 2;
- break;
- }
- case certDirectoryName: {
- CERTName *directoryName = NULL;
-
- directoryName = CERT_AsciiToName (buffer);
- if (!directoryName) {
- fprintf(stderr, "certutil: improperly formatted name: "
- "\"%s\"\n", buffer);
+ case certDirectoryName: {
+ CERTName *directoryName = NULL;
+
+ directoryName = CERT_AsciiToName(buffer);
+ if (!directoryName) {
+ fprintf(stderr, "certutil: improperly formatted name: "
+ "\"%s\"\n",
+ buffer);
+ break;
+ }
+
+ rv = CERT_CopyName(arena, &current->name.directoryName,
+ directoryName);
+ CERT_DestroyName(directoryName);
+
break;
}
-
- rv = CERT_CopyName (arena, &current->name.directoryName,
- directoryName);
- CERT_DestroyName (directoryName);
-
- break;
- }
}
if (rv != SECSuccess)
break;
@@ -205,11 +209,11 @@ GetGeneralName(PLArenaPool *arena, CERTGeneralName *useExistingName, PRBool only
current->l.prev = &(tail->l);
tail->l.next = &(current->l);
tail = current;
-
- }while (!onlyOne);
+
+ } while (!onlyOne);
if (rv != SECSuccess) {
- PORT_ArenaRelease (arena, mark);
+ PORT_ArenaRelease(arena, mark);
namesList = NULL;
}
return (namesList);
@@ -218,10 +222,10 @@ GetGeneralName(PLArenaPool *arena, CERTGeneralName *useExistingName, PRBool only
static CERTGeneralName *
CreateGeneralName(PLArenaPool *arena)
{
- return GetGeneralName(arena, NULL, PR_FALSE);
+ return GetGeneralName(arena, NULL, PR_FALSE);
}
-static SECStatus
+static SECStatus
GetString(PLArenaPool *arena, char *prompt, SECItem *value)
{
char buffer[251];
@@ -230,23 +234,23 @@ GetString(PLArenaPool *arena, char *prompt, SECItem *value)
buffer[0] = '\0';
value->data = NULL;
value->len = 0;
-
- puts (prompt);
- buffPrt = Gets_s (buffer, sizeof(buffer));
+
+ puts(prompt);
+ buffPrt = Gets_s(buffer, sizeof(buffer));
/* returned NULL here treated the same way as empty string */
- if (buffPrt && strlen (buffer) > 0) {
- value->data = PORT_ArenaAlloc (arena, strlen (buffer));
+ if (buffPrt && strlen(buffer) > 0) {
+ value->data = PORT_ArenaAlloc(arena, strlen(buffer));
if (value->data == NULL) {
- PORT_SetError (SEC_ERROR_NO_MEMORY);
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
return (SECFailure);
}
- PORT_Memcpy (value->data, buffer, value->len = strlen(buffer));
+ PORT_Memcpy(value->data, buffer, value->len = strlen(buffer));
}
return (SECSuccess);
}
-static PRBool
-GetYesNo(char *prompt)
+static PRBool
+GetYesNo(char *prompt)
{
char buf[3];
char *buffPrt;
@@ -265,7 +269,7 @@ GetYesNo(char *prompt)
* A special value "critical" can be parsed out from the supplied sting.*/
static SECStatus
-parseNextCmdInput(const char * const *valueArray, int *value, char **nextPos,
+parseNextCmdInput(const char *const *valueArray, int *value, char **nextPos,
PRBool *critical)
{
char *thisPos = *nextPos;
@@ -306,24 +310,24 @@ parseNextCmdInput(const char * const *valueArray, int *value, char **nextPos,
return SECFailure;
}
-static const char * const
-keyUsageKeyWordArray[] = { "digitalSignature",
- "nonRepudiation",
- "keyEncipherment",
- "dataEncipherment",
- "keyAgreement",
- "certSigning",
- "crlSigning",
- NULL};
-
-static SECStatus
-AddKeyUsage (void *extHandle, const char *userSuppliedValue)
+static const char *const
+ keyUsageKeyWordArray[] = { "digitalSignature",
+ "nonRepudiation",
+ "keyEncipherment",
+ "dataEncipherment",
+ "keyAgreement",
+ "certSigning",
+ "crlSigning",
+ NULL };
+
+static SECStatus
+AddKeyUsage(void *extHandle, const char *userSuppliedValue)
{
SECItem bitStringValue;
unsigned char keyUsage = 0x0;
char buffer[5];
int value;
- char *nextPos = (char*)userSuppliedValue;
+ char *nextPos = (char *)userSuppliedValue;
PRBool isCriticalExt = PR_FALSE;
if (!userSuppliedValue) {
@@ -332,15 +336,15 @@ AddKeyUsage (void *extHandle, const char *userSuppliedValue)
"\t\t0 - Digital Signature\n"
"\t\t1 - Non-repudiation\n"
"\t\t2 - Key encipherment\n"
- "\t\t3 - Data encipherment\n"
+ "\t\t3 - Data encipherment\n"
"\t\t4 - Key agreement\n"
- "\t\t5 - Cert signing key\n"
+ "\t\t5 - Cert signing key\n"
"\t\t6 - CRL signing key\n"
"\t\tOther to finish\n",
buffer, sizeof(buffer)) == SECFailure) {
return SECFailure;
}
- value = PORT_Atoi (buffer);
+ value = PORT_Atoi(buffer);
if (value < 0 || value > 6)
break;
if (value == 0) {
@@ -369,13 +373,10 @@ AddKeyUsage (void *extHandle, const char *userSuppliedValue)
bitStringValue.data = &keyUsage;
bitStringValue.len = 1;
- return (CERT_EncodeAndAddBitStrExtension
- (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue,
- isCriticalExt));
-
+ return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue,
+ isCriticalExt));
}
-
static CERTOidSequence *
CreateOidSequence(void)
{
@@ -383,17 +384,17 @@ CreateOidSequence(void)
PLArenaPool *arena = (PLArenaPool *)NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if( (PLArenaPool *)NULL == arena ) {
+ if ((PLArenaPool *)NULL == arena) {
goto loser;
}
rv = (CERTOidSequence *)PORT_ArenaZNew(arena, CERTOidSequence);
- if( (CERTOidSequence *)NULL == rv ) {
+ if ((CERTOidSequence *)NULL == rv) {
goto loser;
}
rv->oids = (SECItem **)PORT_ArenaZNew(arena, SECItem *);
- if( (SECItem **)NULL == rv->oids ) {
+ if ((SECItem **)NULL == rv->oids) {
goto loser;
}
@@ -401,7 +402,7 @@ CreateOidSequence(void)
return rv;
loser:
- if( (PLArenaPool *)NULL != arena ) {
+ if ((PLArenaPool *)NULL != arena) {
PORT_FreeArena(arena, PR_FALSE);
}
@@ -424,11 +425,11 @@ AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
SECOidData *od;
od = SECOID_FindOIDByTag(oidTag);
- if( (SECOidData *)NULL == od ) {
+ if ((SECOidData *)NULL == od) {
return SECFailure;
}
- for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) {
+ for (oids = os->oids; (SECItem *)NULL != *oids; oids++) {
if (*oids == &od->oid) {
/* We already have this oid */
return SECSuccess;
@@ -442,11 +443,11 @@ AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
PRUint32 i;
oids = (SECItem **)PORT_ArenaZNewArray(os->arena, SECItem *, count + 2);
- if( (SECItem **)NULL == oids ) {
+ if ((SECItem **)NULL == oids) {
return SECFailure;
}
-
- for( i = 0; i < count; i++ ) {
+
+ for (i = 0; i < count; i++) {
oids[i] = os->oids[i];
}
@@ -466,18 +467,17 @@ const SEC_ASN1Template CERT_OidSeqTemplate[] = {
SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
};
-
static SECItem *
EncodeOidSequence(CERTOidSequence *os)
{
SECItem *rv;
rv = (SECItem *)PORT_ArenaZNew(os->arena, SECItem);
- if( (SECItem *)NULL == rv ) {
+ if ((SECItem *)NULL == rv) {
goto loser;
}
- if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) {
+ if (!SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate)) {
goto loser;
}
@@ -487,19 +487,19 @@ loser:
return (SECItem *)NULL;
}
-static const char * const
-extKeyUsageKeyWordArray[] = { "serverAuth",
- "clientAuth",
- "codeSigning",
- "emailProtection",
- "timeStamp",
- "ocspResponder",
- "stepUp",
- "msTrustListSigning",
- NULL};
-
-static SECStatus
-AddExtKeyUsage (void *extHandle, const char *userSuppliedValue)
+static const char *const
+ extKeyUsageKeyWordArray[] = { "serverAuth",
+ "clientAuth",
+ "codeSigning",
+ "emailProtection",
+ "timeStamp",
+ "ocspResponder",
+ "stepUp",
+ "msTrustListSigning",
+ NULL };
+
+static SECStatus
+AddExtKeyUsage(void *extHandle, const char *userSuppliedValue)
{
char buffer[5];
int value;
@@ -507,10 +507,10 @@ AddExtKeyUsage (void *extHandle, const char *userSuppliedValue)
SECStatus rv;
SECItem *item;
PRBool isCriticalExt = PR_FALSE;
- char *nextPos = (char*)userSuppliedValue;
-
+ char *nextPos = (char *)userSuppliedValue;
+
os = CreateOidSequence();
- if( (CERTOidSequence *)NULL == os ) {
+ if ((CERTOidSequence *)NULL == os) {
return SECFailure;
}
@@ -530,7 +530,7 @@ AddExtKeyUsage (void *extHandle, const char *userSuppliedValue)
GEN_BREAK(SECFailure);
}
value = PORT_Atoi(buffer);
-
+
if (value == 0) {
/* Checking that zero value of variable 'value'
* corresponds to '0' input made by user */
@@ -546,38 +546,38 @@ AddExtKeyUsage (void *extHandle, const char *userSuppliedValue)
}
}
- switch( value ) {
- case 0:
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH);
- break;
- case 1:
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
- break;
- case 2:
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN);
- break;
- case 3:
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT);
- break;
- case 4:
- rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP);
- break;
- case 5:
- rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
- break;
- case 6:
- rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
- break;
- case 7:
- rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING);
- break;
- default:
- goto endloop;
+ switch (value) {
+ case 0:
+ rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH);
+ break;
+ case 1:
+ rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
+ break;
+ case 2:
+ rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN);
+ break;
+ case 3:
+ rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT);
+ break;
+ case 4:
+ rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP);
+ break;
+ case 5:
+ rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
+ break;
+ case 6:
+ rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
+ break;
+ case 7:
+ rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING);
+ break;
+ default:
+ goto endloop;
}
if (userSuppliedValue && !nextPos)
break;
- if( SECSuccess != rv )
+ if (SECSuccess != rv)
goto loser;
}
@@ -590,31 +590,31 @@ endloop:
rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, item,
isCriticalExt, PR_TRUE);
- /*FALLTHROUGH*/
+/*FALLTHROUGH*/
loser:
DestroyOidSequence(os);
return rv;
}
-static const char * const
-nsCertTypeKeyWordArray[] = { "sslClient",
- "sslServer",
- "smime",
- "objectSigning",
- "Not!Used",
- "sslCA",
- "smimeCA",
- "objectSigningCA",
- NULL };
-
-static SECStatus
-AddNscpCertType (void *extHandle, const char *userSuppliedValue)
+static const char *const
+ nsCertTypeKeyWordArray[] = { "sslClient",
+ "sslServer",
+ "smime",
+ "objectSigning",
+ "Not!Used",
+ "sslCA",
+ "smimeCA",
+ "objectSigningCA",
+ NULL };
+
+static SECStatus
+AddNscpCertType(void *extHandle, const char *userSuppliedValue)
{
SECItem bitStringValue;
unsigned char keyUsage = 0x0;
char buffer[5];
int value;
- char *nextPos = (char*)userSuppliedValue;
+ char *nextPos = (char *)userSuppliedValue;
PRBool isCriticalExt = PR_FALSE;
if (!userSuppliedValue) {
@@ -623,16 +623,16 @@ AddNscpCertType (void *extHandle, const char *userSuppliedValue)
"\t\t0 - SSL Client\n"
"\t\t1 - SSL Server\n"
"\t\t2 - S/MIME\n"
- "\t\t3 - Object Signing\n"
+ "\t\t3 - Object Signing\n"
"\t\t4 - Reserved for future use\n"
- "\t\t5 - SSL CA\n"
+ "\t\t5 - SSL CA\n"
"\t\t6 - S/MIME CA\n"
"\t\t7 - Object Signing CA\n"
"\t\tOther to finish\n",
buffer, sizeof(buffer)) == SECFailure) {
return SECFailure;
}
- value = PORT_Atoi (buffer);
+ value = PORT_Atoi(buffer);
if (value < 0 || value > 7)
break;
if (value == 0) {
@@ -661,10 +661,8 @@ AddNscpCertType (void *extHandle, const char *userSuppliedValue)
bitStringValue.data = &keyUsage;
bitStringValue.len = 1;
- return (CERT_EncodeAndAddBitStrExtension
- (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue,
- isCriticalExt));
-
+ return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue,
+ isCriticalExt));
}
SECStatus
@@ -686,7 +684,7 @@ GetOidFromString(PLArenaPool *arena, SECItem *to,
*/
tag = SEC_OID_UNKNOWN;
coid = SECOID_FindOIDByTag(tag);
- for ( ; coid; coid = SECOID_FindOIDByTag(++tag)) {
+ for (; coid; coid = SECOID_FindOIDByTag(++tag)) {
if (PORT_Strncasecmp(from, coid->desc, fromLen) == 0) {
break;
}
@@ -698,7 +696,7 @@ GetOidFromString(PLArenaPool *arena, SECItem *to,
return SECITEM_CopyItem(arena, to, &coid->oid);
}
-static SECStatus
+static SECStatus
AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp,
const char *constNames, CERTGeneralNameType type)
{
@@ -707,9 +705,9 @@ AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp,
PRCList *prev = NULL;
char *cp, *nextName = NULL;
SECStatus rv = SECSuccess;
- PRBool readTypeFromName = (PRBool) (type == 0);
+ PRBool readTypeFromName = (PRBool)(type == 0);
char *names = NULL;
-
+
if (constNames)
names = PORT_Strdup(constNames);
@@ -728,7 +726,7 @@ AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp,
* as a parameter to this function will be used.
* If the type value is zero (undefined), we'll fail.
*/
- for (cp=names; cp; cp=nextName) {
+ for (cp = names; cp; cp = nextName) {
int len;
char *oidString;
char *nextComma;
@@ -744,13 +742,13 @@ AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp,
nextComma = PORT_Strchr(cp, ',');
if (nextComma) {
*nextComma = 0;
- nextName = nextComma+1;
+ nextName = nextComma + 1;
}
if ((*cp) == 0) {
continue;
}
if (readTypeFromName) {
- char *save=cp;
+ char *save = cp;
/* Because we already replaced nextComma with end-of-string,
* a found colon belongs to the current name */
cp = PORT_Strchr(cp, ':');
@@ -779,92 +777,92 @@ AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp,
current->type = type;
switch (type) {
- /* string types */
- case certRFC822Name:
- case certDNSName:
- case certURI:
- current->name.other.data =
- (unsigned char *) PORT_ArenaStrdup(arena,cp);
- current->name.other.len = PORT_Strlen(cp);
- break;
- /* unformated data types */
- case certX400Address:
- case certEDIPartyName:
- /* turn a string into a data and len */
- rv = SECFailure; /* punt on these for now */
- fprintf(stderr,"EDI Party Name and X.400 Address not supported\n");
- break;
- case certDirectoryName:
- /* certDirectoryName */
- name = CERT_AsciiToName(cp);
- if (name == NULL) {
- rv = SECFailure;
- fprintf(stderr, "Invalid Directory Name (\"%s\")\n", cp);
+ /* string types */
+ case certRFC822Name:
+ case certDNSName:
+ case certURI:
+ current->name.other.data =
+ (unsigned char *)PORT_ArenaStrdup(arena, cp);
+ current->name.other.len = PORT_Strlen(cp);
break;
- }
- rv = CERT_CopyName(arena,&current->name.directoryName,name);
- CERT_DestroyName(name);
- break;
- /* types that require more processing */
- case certIPAddress:
- /* convert the string to an ip address */
- status = PR_StringToNetAddr(cp, &addr);
- if (status != PR_SUCCESS) {
- rv = SECFailure;
- fprintf(stderr, "Invalid IP Address (\"%s\")\n", cp);
+ /* unformated data types */
+ case certX400Address:
+ case certEDIPartyName:
+ /* turn a string into a data and len */
+ rv = SECFailure; /* punt on these for now */
+ fprintf(stderr, "EDI Party Name and X.400 Address not supported\n");
break;
- }
+ case certDirectoryName:
+ /* certDirectoryName */
+ name = CERT_AsciiToName(cp);
+ if (name == NULL) {
+ rv = SECFailure;
+ fprintf(stderr, "Invalid Directory Name (\"%s\")\n", cp);
+ break;
+ }
+ rv = CERT_CopyName(arena, &current->name.directoryName, name);
+ CERT_DestroyName(name);
+ break;
+ /* types that require more processing */
+ case certIPAddress:
+ /* convert the string to an ip address */
+ status = PR_StringToNetAddr(cp, &addr);
+ if (status != PR_SUCCESS) {
+ rv = SECFailure;
+ fprintf(stderr, "Invalid IP Address (\"%s\")\n", cp);
+ break;
+ }
- if (PR_NetAddrFamily(&addr) == PR_AF_INET) {
- len = sizeof(addr.inet.ip);
- data = (unsigned char *)&addr.inet.ip;
- } else if (PR_NetAddrFamily(&addr) == PR_AF_INET6) {
- len = sizeof(addr.ipv6.ip);
- data = (unsigned char *)&addr.ipv6.ip;
- } else {
- fprintf(stderr, "Invalid IP Family\n");
- rv = SECFailure;
+ if (PR_NetAddrFamily(&addr) == PR_AF_INET) {
+ len = sizeof(addr.inet.ip);
+ data = (unsigned char *)&addr.inet.ip;
+ } else if (PR_NetAddrFamily(&addr) == PR_AF_INET6) {
+ len = sizeof(addr.ipv6.ip);
+ data = (unsigned char *)&addr.ipv6.ip;
+ } else {
+ fprintf(stderr, "Invalid IP Family\n");
+ rv = SECFailure;
+ break;
+ }
+ current->name.other.data = PORT_ArenaAlloc(arena, len);
+ if (current->name.other.data == NULL) {
+ rv = SECFailure;
+ break;
+ }
+ current->name.other.len = len;
+ PORT_Memcpy(current->name.other.data, data, len);
break;
- }
- current->name.other.data = PORT_ArenaAlloc(arena, len);
- if (current->name.other.data == NULL) {
- rv = SECFailure;
+ case certRegisterID:
+ rv = GetOidFromString(arena, &current->name.other, cp, strlen(cp));
break;
- }
- current->name.other.len = len;
- PORT_Memcpy(current->name.other.data,data, len);
- break;
- case certRegisterID:
- rv = GetOidFromString(arena, &current->name.other, cp, strlen(cp));
- break;
- case certOtherName:
- oidString = cp;
- cp = PORT_Strchr(cp,';');
- if (cp == NULL) {
- rv = SECFailure;
- fprintf(stderr, "missing name in other name\n");
+ case certOtherName:
+ oidString = cp;
+ cp = PORT_Strchr(cp, ';');
+ if (cp == NULL) {
+ rv = SECFailure;
+ fprintf(stderr, "missing name in other name\n");
+ break;
+ }
+ *cp++ = 0;
+ current->name.OthName.name.data =
+ (unsigned char *)PORT_ArenaStrdup(arena, cp);
+ if (current->name.OthName.name.data == NULL) {
+ rv = SECFailure;
+ break;
+ }
+ current->name.OthName.name.len = PORT_Strlen(cp);
+ rv = GetOidFromString(arena, &current->name.OthName.oid,
+ oidString, strlen(oidString));
break;
- }
- *cp++ = 0;
- current->name.OthName.name.data =
- (unsigned char *) PORT_ArenaStrdup(arena,cp);
- if (current->name.OthName.name.data == NULL) {
+ default:
rv = SECFailure;
+ fprintf(stderr, "Missing or invalid Subject Alternate Name type\n");
break;
- }
- current->name.OthName.name.len = PORT_Strlen(cp);
- rv = GetOidFromString(arena, &current->name.OthName.oid,
- oidString, strlen(oidString));
- break;
- default:
- rv = SECFailure;
- fprintf(stderr, "Missing or invalid Subject Alternate Name type\n");
- break;
}
if (rv == SECFailure) {
break;
}
-
+
if (prev) {
current->l.prev = prev;
prev->next = &(current->l);
@@ -885,8 +883,7 @@ AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp,
nameList->l.prev = existingprev;
existingprev->next = &(nameList->l);
current->l.next = &((*existingListp)->l);
- }
- else {
+ } else {
/* make nameList circular and set it as the new existingList */
nameList->l.prev = prev;
current->l.next = &(nameList->l);
@@ -896,39 +893,39 @@ AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp,
return rv;
}
-static SECStatus
+static SECStatus
AddEmailSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
const char *emailAddrs)
{
- return AddSubjectAltNames(arena, existingListp, emailAddrs,
+ return AddSubjectAltNames(arena, existingListp, emailAddrs,
certRFC822Name);
}
-static SECStatus
+static SECStatus
AddDNSSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
const char *dnsNames)
{
return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName);
}
-static SECStatus
+static SECStatus
AddGeneralSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
const char *altNames)
{
return AddSubjectAltNames(arena, existingListp, altNames, 0);
}
-static SECStatus
+static SECStatus
AddBasicConstraint(void *extHandle)
{
- CERTBasicConstraints basicConstraint;
+ CERTBasicConstraints basicConstraint;
SECStatus rv;
char buffer[10];
PRBool yesNoAns;
do {
basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
- basicConstraint.isCA = GetYesNo ("Is this a CA certificate [y/N]?");
+ basicConstraint.isCA = GetYesNo("Is this a CA certificate [y/N]?");
buffer[0] = '\0';
if (PrintChoicesAndGetAnswer("Enter the path length constraint, "
@@ -936,39 +933,39 @@ AddBasicConstraint(void *extHandle)
buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK(SECFailure);
}
- if (PORT_Strlen (buffer) > 0)
- basicConstraint.pathLenConstraint = PORT_Atoi (buffer);
+ if (PORT_Strlen(buffer) > 0)
+ basicConstraint.pathLenConstraint = PORT_Atoi(buffer);
- yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
+ yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(NULL, extHandle,
- &basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS,
- (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue);
+ &basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS,
+ (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue);
} while (0);
return (rv);
}
-static SECStatus
+static SECStatus
AddNameConstraints(void *extHandle)
{
- PLArenaPool *arena = NULL;
- CERTNameConstraints *constraints = NULL;
+ PLArenaPool *arena = NULL;
+ CERTNameConstraints *constraints = NULL;
- CERTNameConstraint *current = NULL;
- CERTNameConstraint *last_permited = NULL;
- CERTNameConstraint *last_excluded = NULL;
- SECStatus rv = SECSuccess;
+ CERTNameConstraint *current = NULL;
+ CERTNameConstraint *last_permited = NULL;
+ CERTNameConstraint *last_excluded = NULL;
+ SECStatus rv = SECSuccess;
char buffer[512];
int intValue = 0;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena) {
- constraints = PORT_ArenaZNew(arena, CERTNameConstraints);
+ constraints = PORT_ArenaZNew(arena, CERTNameConstraints);
}
- if (!arena || ! constraints) {
+ if (!arena || !constraints) {
SECU_PrintError(progName, "out of memory");
PORT_FreeArena(arena, PR_FALSE);
return SECFailure;
@@ -982,43 +979,44 @@ AddNameConstraints(void *extHandle)
GEN_BREAK(SECFailure);
}
- (void) SEC_ASN1EncodeInteger(arena, &current->min, 0);
+ (void)SEC_ASN1EncodeInteger(arena, &current->min, 0);
if (!GetGeneralName(arena, &current->name, PR_TRUE)) {
GEN_BREAK(SECFailure);
}
if (PrintChoicesAndGetAnswer("Type of Name Constraint?\n"
- "\t1 - permitted\n\t2 - excluded\n\tAny"
- "other number to finish\n\tChoice",
- buffer, sizeof(buffer)) != SECSuccess) {
+ "\t1 - permitted\n\t2 - excluded\n\tAny"
+ "other number to finish\n\tChoice",
+ buffer, sizeof(buffer)) !=
+ SECSuccess) {
GEN_BREAK(SECFailure);
}
intValue = PORT_Atoi(buffer);
switch (intValue) {
- case 1:
- if (constraints->permited == NULL) {
- constraints->permited = last_permited = current;
- }
- last_permited->l.next = &(current->l);
- current->l.prev = &(last_permited->l);
- last_permited = current;
- break;
- case 2:
- if (constraints->excluded == NULL) {
- constraints->excluded = last_excluded = current;
- }
- last_excluded->l.next = &(current->l);
- current->l.prev = &(last_excluded->l);
- last_excluded = current;
- break;
+ case 1:
+ if (constraints->permited == NULL) {
+ constraints->permited = last_permited = current;
+ }
+ last_permited->l.next = &(current->l);
+ current->l.prev = &(last_permited->l);
+ last_permited = current;
+ break;
+ case 2:
+ if (constraints->excluded == NULL) {
+ constraints->excluded = last_excluded = current;
+ }
+ last_excluded->l.next = &(current->l);
+ current->l.prev = &(last_excluded->l);
+ last_excluded = current;
+ break;
}
-
+
PR_snprintf(buffer, sizeof(buffer), "Add another entry to the"
- " Name Constraint Extension [y/N]");
+ " Name Constraint Extension [y/N]");
- if (GetYesNo (buffer) == 0) {
+ if (GetYesNo(buffer) == 0) {
break;
}
@@ -1039,69 +1037,70 @@ AddNameConstraints(void *extHandle)
}
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, constraints,
- yesNoAns, oidIdent,
- (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeNameConstraintsExtension);
+ yesNoAns, oidIdent,
+ (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeNameConstraintsExtension);
}
if (arena)
PORT_FreeArena(arena, PR_FALSE);
return (rv);
}
-static SECStatus
-AddAuthKeyID (void *extHandle)
+static SECStatus
+AddAuthKeyID(void *extHandle)
{
- CERTAuthKeyID *authKeyID = NULL;
+ CERTAuthKeyID *authKeyID = NULL;
PLArenaPool *arena = NULL;
SECStatus rv = SECSuccess;
PRBool yesNoAns;
do {
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
+ if (!arena) {
SECU_PrintError(progName, "out of memory");
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
- if (GetYesNo ("Enter value for the authKeyID extension [y/N]?") == 0)
+ if (GetYesNo("Enter value for the authKeyID extension [y/N]?") == 0)
break;
authKeyID = PORT_ArenaZNew(arena, CERTAuthKeyID);
if (authKeyID == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
- rv = GetString (arena, "Enter value for the key identifier fields,"
- "enter to omit:", &authKeyID->keyID);
+ rv = GetString(arena, "Enter value for the key identifier fields,"
+ "enter to omit:",
+ &authKeyID->keyID);
if (rv != SECSuccess)
break;
SECU_SECItemHexStringToBinary(&authKeyID->keyID);
- authKeyID->authCertIssuer = CreateGeneralName (arena);
- if (authKeyID->authCertIssuer == NULL &&
- SECFailure == PORT_GetError ())
+ authKeyID->authCertIssuer = CreateGeneralName(arena);
+ if (authKeyID->authCertIssuer == NULL &&
+ SECFailure == PORT_GetError())
break;
+ rv = GetString(arena, "Enter value for the authCertSerial field, "
+ "enter to omit:",
+ &authKeyID->authCertSerialNumber);
- rv = GetString (arena, "Enter value for the authCertSerial field, "
- "enter to omit:", &authKeyID->authCertSerialNumber);
-
- yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
+ yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
- authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID,
- (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID);
+ authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID,
+ (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAuthKeyID);
if (rv)
break;
} while (0);
if (arena)
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return (rv);
-}
-
-static SECStatus
-AddSubjKeyID (void *extHandle)
+}
+
+static SECStatus
+AddSubjKeyID(void *extHandle)
{
SECItem keyID;
PLArenaPool *arena = NULL;
@@ -1110,34 +1109,35 @@ AddSubjKeyID (void *extHandle)
do {
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
+ if (!arena) {
SECU_PrintError(progName, "out of memory");
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
printf("Adding Subject Key ID extension.\n");
- rv = GetString (arena, "Enter value for the key identifier fields,"
- "enter to omit:", &keyID);
+ rv = GetString(arena, "Enter value for the key identifier fields,"
+ "enter to omit:",
+ &keyID);
if (rv != SECSuccess)
break;
SECU_SECItemHexStringToBinary(&keyID);
- yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
+ yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
- &keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID,
- (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeSubjectKeyID);
+ &keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID,
+ (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeSubjectKeyID);
if (rv)
break;
} while (0);
if (arena)
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return (rv);
-}
+}
-static SECStatus
+static SECStatus
AddCrlDistPoint(void *extHandle)
{
PLArenaPool *arena = NULL;
@@ -1148,7 +1148,7 @@ AddCrlDistPoint(void *extHandle)
char buffer[512];
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena )
+ if (!arena)
return (SECFailure);
do {
@@ -1156,8 +1156,8 @@ AddCrlDistPoint(void *extHandle)
current = PORT_ArenaZNew(arena, CRLDistributionPoint);
if (current == NULL) {
- GEN_BREAK (SECFailure);
- }
+ GEN_BREAK(SECFailure);
+ }
/* Get the distributionPointName fields - this field is optional */
if (PrintChoicesAndGetAnswer(
@@ -1165,36 +1165,36 @@ AddCrlDistPoint(void *extHandle)
"\t1 - Full Name\n\t2 - Relative Name\n\tAny other "
"number to finish\n\t\tChoice: ",
buffer, sizeof(buffer)) == SECFailure) {
- GEN_BREAK (SECFailure);
- }
- intValue = PORT_Atoi (buffer);
+ GEN_BREAK(SECFailure);
+ }
+ intValue = PORT_Atoi(buffer);
switch (intValue) {
- case generalName:
- current->distPointType = intValue;
- current->distPoint.fullName = CreateGeneralName (arena);
- rv = PORT_GetError();
- break;
+ case generalName:
+ current->distPointType = intValue;
+ current->distPoint.fullName = CreateGeneralName(arena);
+ rv = PORT_GetError();
+ break;
- case relativeDistinguishedName: {
- CERTName *name;
+ case relativeDistinguishedName: {
+ CERTName *name;
- current->distPointType = intValue;
- puts ("Enter the relative name: ");
- fflush (stdout);
- if (Gets_s (buffer, sizeof(buffer)) == NULL) {
- GEN_BREAK (SECFailure);
- }
- /* For simplicity, use CERT_AsciiToName to converse from a string
+ current->distPointType = intValue;
+ puts("Enter the relative name: ");
+ fflush(stdout);
+ if (Gets_s(buffer, sizeof(buffer)) == NULL) {
+ GEN_BREAK(SECFailure);
+ }
+ /* For simplicity, use CERT_AsciiToName to converse from a string
to NAME, but we only interest in the first RDN */
- name = CERT_AsciiToName (buffer);
- if (!name) {
- GEN_BREAK (SECFailure);
+ name = CERT_AsciiToName(buffer);
+ if (!name) {
+ GEN_BREAK(SECFailure);
+ }
+ rv = CERT_CopyRDN(arena, &current->distPoint.relativeName,
+ name->rdns[0]);
+ CERT_DestroyName(name);
+ break;
}
- rv = CERT_CopyRDN (arena, &current->distPoint.relativeName,
- name->rdns[0]);
- CERT_DestroyName (name);
- break;
- }
}
if (rv != SECSuccess)
break;
@@ -1210,7 +1210,7 @@ AddCrlDistPoint(void *extHandle)
buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK(SECFailure);
}
- intValue = PORT_Atoi (buffer);
+ intValue = PORT_Atoi(buffer);
if (intValue == 0) {
/* Checking that zero value of variable 'value'
* corresponds to '0' input made by user */
@@ -1219,65 +1219,62 @@ AddCrlDistPoint(void *extHandle)
intValue = -1;
}
}
- if (intValue >= 0 && intValue <8) {
- current->reasons.data = PORT_ArenaAlloc (arena, sizeof(char));
+ if (intValue >= 0 && intValue < 8) {
+ current->reasons.data = PORT_ArenaAlloc(arena, sizeof(char));
if (current->reasons.data == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
*current->reasons.data = (char)(0x80 >> intValue);
current->reasons.len = 1;
}
- puts ("Enter value for the CRL Issuer name:\n");
- current->crlIssuer = CreateGeneralName (arena);
+ puts("Enter value for the CRL Issuer name:\n");
+ current->crlIssuer = CreateGeneralName(arena);
if (current->crlIssuer == NULL && (rv = PORT_GetError()) == SECFailure)
break;
if (crlDistPoints == NULL) {
crlDistPoints = PORT_ArenaZNew(arena, CERTCrlDistributionPoints);
if (crlDistPoints == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
}
crlDistPoints->distPoints =
- PORT_ArenaGrow (arena, crlDistPoints->distPoints,
- sizeof (*crlDistPoints->distPoints) * count,
- sizeof (*crlDistPoints->distPoints) *(count + 1));
+ PORT_ArenaGrow(arena, crlDistPoints->distPoints,
+ sizeof(*crlDistPoints->distPoints) * count,
+ sizeof(*crlDistPoints->distPoints) * (count + 1));
if (crlDistPoints->distPoints == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
crlDistPoints->distPoints[count] = current;
++count;
if (GetYesNo("Enter another value for the CRLDistributionPoint "
- "extension [y/N]?") == 0) {
+ "extension [y/N]?") == 0) {
/* Add null to the end to mark end of data */
crlDistPoints->distPoints =
PORT_ArenaGrow(arena, crlDistPoints->distPoints,
- sizeof (*crlDistPoints->distPoints) * count,
- sizeof (*crlDistPoints->distPoints) *(count + 1));
- crlDistPoints->distPoints[count] = NULL;
+ sizeof(*crlDistPoints->distPoints) * count,
+ sizeof(*crlDistPoints->distPoints) * (count + 1));
+ crlDistPoints->distPoints[count] = NULL;
break;
}
-
} while (1);
-
+
if (rv == SECSuccess) {
- PRBool yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
+ PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
- crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS,
- (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints);
+ crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS,
+ (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints);
}
if (arena)
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return (rv);
}
-
-
-static SECStatus
+static SECStatus
AddPolicyConstraints(void *extHandle)
{
CERTCertificatePolicyConstraints *policyConstr;
@@ -1290,7 +1287,7 @@ AddPolicyConstraints(void *extHandle)
PRBool skipExt = PR_TRUE;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
+ if (!arena) {
SECU_PrintError(progName, "out of memory");
return SECFailure;
}
@@ -1302,14 +1299,15 @@ AddPolicyConstraints(void *extHandle)
}
if (PrintChoicesAndGetAnswer("for requireExplicitPolicy enter the number "
- "of certs in path\nbefore explicit policy is required\n"
- "(press Enter to omit)", buffer, sizeof(buffer)) == SECFailure) {
+ "of certs in path\nbefore explicit policy is required\n"
+ "(press Enter to omit)",
+ buffer, sizeof(buffer)) == SECFailure) {
goto loser;
}
if (PORT_Strlen(buffer)) {
value = PORT_Atoi(buffer);
- if (value < 0) {
+ if (value < 0) {
goto loser;
}
item = &policyConstr->explicitPolicySkipCerts;
@@ -1321,15 +1319,16 @@ AddPolicyConstraints(void *extHandle)
}
if (PrintChoicesAndGetAnswer("for inihibitPolicyMapping enter "
- "the number of certs in path\n"
- "after which policy mapping is not allowed\n"
- "(press Enter to omit)", buffer, sizeof(buffer)) == SECFailure) {
+ "the number of certs in path\n"
+ "after which policy mapping is not allowed\n"
+ "(press Enter to omit)",
+ buffer, sizeof(buffer)) == SECFailure) {
goto loser;
}
if (PORT_Strlen(buffer)) {
value = PORT_Atoi(buffer);
- if (value < 0) {
+ if (value < 0) {
goto loser;
}
item = &policyConstr->inhibitMappingSkipCerts;
@@ -1339,29 +1338,27 @@ AddPolicyConstraints(void *extHandle)
}
skipExt = PR_FALSE;
}
-
-
+
if (!skipExt) {
yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, policyConstr,
- yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS,
- (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension);
+ yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS,
+ (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension);
} else {
- fprintf(stdout, "Policy Constraint extensions must contain "
+ fprintf(stdout, "Policy Constraint extensions must contain "
"at least one policy field\n");
- rv = SECFailure;
+ rv = SECFailure;
}
-
+
loser:
if (arena) {
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return (rv);
}
-
-static SECStatus
+static SECStatus
AddInhibitAnyPolicy(void *extHandle)
{
CERTCertificateInhibitAny certInhibitAny;
@@ -1371,10 +1368,9 @@ AddInhibitAnyPolicy(void *extHandle)
char buffer[10];
int value;
PRBool yesNoAns;
-
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
+ if (!arena) {
SECU_PrintError(progName, "out of memory");
return SECFailure;
}
@@ -1395,21 +1391,20 @@ AddInhibitAnyPolicy(void *extHandle)
if (!dummy) {
goto loser;
}
-
+
yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
-
+
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &certInhibitAny,
- yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY,
- (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension);
+ yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY,
+ (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension);
loser:
if (arena) {
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return (rv);
}
-
-static SECStatus
+static SECStatus
AddPolicyMappings(void *extHandle)
{
CERTPolicyMap **policyMapArr = NULL;
@@ -1418,9 +1413,9 @@ AddPolicyMappings(void *extHandle)
SECStatus rv = SECSuccess;
int count = 0;
char buffer[512];
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
+ if (!arena) {
SECU_PrintError(progName, "out of memory");
return SECFailure;
}
@@ -1429,7 +1424,7 @@ AddPolicyMappings(void *extHandle)
if (PrintChoicesAndGetAnswer("Enter an Object Identifier (dotted "
"decimal format) for Issuer Domain Policy",
buffer, sizeof(buffer)) == SECFailure) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
current = PORT_ArenaZNew(arena, CERTPolicyMap);
@@ -1445,7 +1440,7 @@ AddPolicyMappings(void *extHandle)
if (PrintChoicesAndGetAnswer("Enter an Object Identifier for "
"Subject Domain Policy",
buffer, sizeof(buffer)) == SECFailure) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
rv = SEC_StringToOID(arena, &current->subjectDomainPolicy, buffer, 0);
@@ -1456,29 +1451,29 @@ AddPolicyMappings(void *extHandle)
if (policyMapArr == NULL) {
policyMapArr = PORT_ArenaZNew(arena, CERTPolicyMap *);
if (policyMapArr == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
}
policyMapArr = PORT_ArenaGrow(arena, policyMapArr,
- sizeof (current) * count,
- sizeof (current) *(count + 1));
+ sizeof(current) * count,
+ sizeof(current) * (count + 1));
if (policyMapArr == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
-
+
policyMapArr[count] = current;
++count;
-
+
if (!GetYesNo("Enter another Policy Mapping [y/N]")) {
/* Add null to the end to mark end of data */
- policyMapArr = PORT_ArenaGrow (arena, policyMapArr,
- sizeof (current) * count,
- sizeof (current) *(count + 1));
+ policyMapArr = PORT_ArenaGrow(arena, policyMapArr,
+ sizeof(current) * count,
+ sizeof(current) * (count + 1));
if (policyMapArr == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
- policyMapArr[count] = NULL;
+ policyMapArr[count] = NULL;
break;
}
@@ -1491,11 +1486,11 @@ AddPolicyMappings(void *extHandle)
mappings.arena = arena;
mappings.policyMaps = policyMapArr;
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &mappings,
- yesNoAns, SEC_OID_X509_POLICY_MAPPINGS,
- (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension);
+ yesNoAns, SEC_OID_X509_POLICY_MAPPINGS,
+ (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension);
}
if (arena)
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return (rv);
}
@@ -1504,7 +1499,6 @@ enum PoliciQualifierEnum {
userNotice = 2
};
-
static CERTPolicyQualifier **
RequestPolicyQualifiers(PLArenaPool *arena, SECItem *policyID)
{
@@ -1528,175 +1522,178 @@ RequestPolicyQualifiers(PLArenaPool *arena, SECItem *policyID)
/* Get the accessMethod fields */
SECU_PrintObjectID(stdout, policyID,
- "Choose the type of qualifier for policy" , 0);
+ "Choose the type of qualifier for policy", 0);
if (PrintChoicesAndGetAnswer(
"\t1 - CPS Pointer qualifier\n"
"\t2 - User notice qualifier\n"
"\tAny other number to finish\n"
- "\t\tChoice: ", buffer, sizeof(buffer)) == SECFailure) {
- GEN_BREAK (SECFailure);
+ "\t\tChoice: ",
+ buffer, sizeof(buffer)) == SECFailure) {
+ GEN_BREAK(SECFailure);
}
intValue = PORT_Atoi(buffer);
switch (intValue) {
- case cpsPointer: {
- SECItem input;
+ case cpsPointer: {
+ SECItem input;
- oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CPS_POINTER_QUALIFIER);
- if (PrintChoicesAndGetAnswer("Enter CPS pointer URI: ",
- buffer, sizeof(buffer)) == SECFailure) {
- GEN_BREAK (SECFailure);
- }
- input.len = PORT_Strlen(buffer);
- input.data = (void*)PORT_ArenaStrdup(arena, buffer);
- if (input.data == NULL ||
- SEC_ASN1EncodeItem(arena, &current->qualifierValue, &input,
- SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) {
- GEN_BREAK (SECFailure);
- }
- break;
- }
- case userNotice: {
- SECItem **noticeNumArr;
- CERTUserNotice *notice = PORT_ArenaZNew(arena, CERTUserNotice);
- if (!notice) {
- GEN_BREAK(SECFailure);
+ oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CPS_POINTER_QUALIFIER);
+ if (PrintChoicesAndGetAnswer("Enter CPS pointer URI: ",
+ buffer, sizeof(buffer)) == SECFailure) {
+ GEN_BREAK(SECFailure);
+ }
+ input.len = PORT_Strlen(buffer);
+ input.data = (void *)PORT_ArenaStrdup(arena, buffer);
+ if (input.data == NULL ||
+ SEC_ASN1EncodeItem(arena, &current->qualifierValue, &input,
+ SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) {
+ GEN_BREAK(SECFailure);
+ }
+ break;
}
-
- oid = SECOID_FindOIDByTag(SEC_OID_PKIX_USER_NOTICE_QUALIFIER);
+ case userNotice: {
+ SECItem **noticeNumArr;
+ CERTUserNotice *notice = PORT_ArenaZNew(arena, CERTUserNotice);
+ if (!notice) {
+ GEN_BREAK(SECFailure);
+ }
- if (GetYesNo("\t add a User Notice reference? [y/N]")) {
+ oid = SECOID_FindOIDByTag(SEC_OID_PKIX_USER_NOTICE_QUALIFIER);
- if (PrintChoicesAndGetAnswer("Enter user organization string: ",
- buffer, sizeof(buffer)) == SECFailure) {
- GEN_BREAK (SECFailure);
- }
+ if (GetYesNo("\t add a User Notice reference? [y/N]")) {
- notice->noticeReference.organization.type = siAsciiString;
- notice->noticeReference.organization.len =
- PORT_Strlen(buffer);
- notice->noticeReference.organization.data =
- (void*)PORT_ArenaStrdup(arena, buffer);
-
-
- noticeNumArr = PORT_ArenaZNewArray(arena, SECItem *, 2);
- if (!noticeNumArr) {
- GEN_BREAK (SECFailure);
- }
-
- do {
- SECItem *noticeNum;
-
- noticeNum = PORT_ArenaZNew(arena, SECItem);
-
- if (PrintChoicesAndGetAnswer(
- "Enter User Notice reference number "
- "(or -1 to quit): ",
- buffer, sizeof(buffer)) == SECFailure) {
- GEN_BREAK (SECFailure);
+ if (PrintChoicesAndGetAnswer("Enter user organization string: ",
+ buffer, sizeof(buffer)) ==
+ SECFailure) {
+ GEN_BREAK(SECFailure);
+ }
+
+ notice->noticeReference.organization.type = siAsciiString;
+ notice->noticeReference.organization.len =
+ PORT_Strlen(buffer);
+ notice->noticeReference.organization.data =
+ (void *)PORT_ArenaStrdup(arena, buffer);
+
+ noticeNumArr = PORT_ArenaZNewArray(arena, SECItem *, 2);
+ if (!noticeNumArr) {
+ GEN_BREAK(SECFailure);
}
-
- intValue = PORT_Atoi(buffer);
- if (noticeNum == NULL) {
- if (intValue < 0) {
- fprintf(stdout, "a noticeReference must have at "
- "least one reference number\n");
- GEN_BREAK (SECFailure);
- }
- } else {
- if (intValue >= 0) {
- noticeNumArr = PORT_ArenaGrow(arena, noticeNumArr,
- sizeof (current) * inCount,
- sizeof (current) *(inCount + 1));
- if (noticeNumArr == NULL) {
- GEN_BREAK (SECFailure);
+
+ do {
+ SECItem *noticeNum;
+
+ noticeNum = PORT_ArenaZNew(arena, SECItem);
+
+ if (PrintChoicesAndGetAnswer(
+ "Enter User Notice reference number "
+ "(or -1 to quit): ",
+ buffer, sizeof(buffer)) == SECFailure) {
+ GEN_BREAK(SECFailure);
+ }
+
+ intValue = PORT_Atoi(buffer);
+ if (noticeNum == NULL) {
+ if (intValue < 0) {
+ fprintf(stdout, "a noticeReference must have at "
+ "least one reference number\n");
+ GEN_BREAK(SECFailure);
}
- } else {
- break;
- }
+ } else {
+ if (intValue >= 0) {
+ noticeNumArr = PORT_ArenaGrow(arena, noticeNumArr,
+ sizeof(current) *
+ inCount,
+ sizeof(current) *
+ (inCount + 1));
+ if (noticeNumArr == NULL) {
+ GEN_BREAK(SECFailure);
+ }
+ } else {
+ break;
+ }
+ }
+ if (!SEC_ASN1EncodeInteger(arena, noticeNum, intValue)) {
+ GEN_BREAK(SECFailure);
+ }
+ noticeNumArr[inCount++] = noticeNum;
+ noticeNumArr[inCount] = NULL;
+
+ } while (1);
+ if (rv == SECFailure) {
+ GEN_BREAK(SECFailure);
+ }
+ notice->noticeReference.noticeNumbers = noticeNumArr;
+ rv = CERT_EncodeNoticeReference(arena, &notice->noticeReference,
+ &notice->derNoticeReference);
+ if (rv == SECFailure) {
+ GEN_BREAK(SECFailure);
}
- if (!SEC_ASN1EncodeInteger(arena, noticeNum, intValue)) {
- GEN_BREAK (SECFailure);
- }
- noticeNumArr[inCount++] = noticeNum;
- noticeNumArr[inCount] = NULL;
-
- } while (1);
- if (rv == SECFailure) {
- GEN_BREAK(SECFailure);
}
- notice->noticeReference.noticeNumbers = noticeNumArr;
- rv = CERT_EncodeNoticeReference(arena, &notice->noticeReference,
- &notice->derNoticeReference);
+ if (GetYesNo("\t EnterUser Notice explicit text? [y/N]")) {
+ /* Getting only 200 bytes - RFC limitation */
+ if (PrintChoicesAndGetAnswer(
+ "\t", buffer, 200) == SECFailure) {
+ GEN_BREAK(SECFailure);
+ }
+ notice->displayText.type = siAsciiString;
+ notice->displayText.len = PORT_Strlen(buffer);
+ notice->displayText.data =
+ (void *)PORT_ArenaStrdup(arena, buffer);
+ if (notice->displayText.data == NULL) {
+ GEN_BREAK(SECFailure);
+ }
+ }
+
+ rv = CERT_EncodeUserNotice(arena, notice, &current->qualifierValue);
if (rv == SECFailure) {
GEN_BREAK(SECFailure);
}
- }
- if (GetYesNo("\t EnterUser Notice explicit text? [y/N]")) {
- /* Getting only 200 bytes - RFC limitation */
- if (PrintChoicesAndGetAnswer(
- "\t", buffer, 200) == SECFailure) {
- GEN_BREAK (SECFailure);
- }
- notice->displayText.type = siAsciiString;
- notice->displayText.len = PORT_Strlen(buffer);
- notice->displayText.data =
- (void*)PORT_ArenaStrdup(arena, buffer);
- if (notice->displayText.data == NULL) {
- GEN_BREAK(SECFailure);
- }
- }
- rv = CERT_EncodeUserNotice(arena, notice, &current->qualifierValue);
- if (rv == SECFailure) {
- GEN_BREAK(SECFailure);
+ break;
}
-
- break;
- }
}
if (rv == SECFailure || oid == NULL ||
- SECITEM_CopyItem(arena, &current->qualifierID, &oid->oid)
- == SECFailure) {
- GEN_BREAK (SECFailure);
+ SECITEM_CopyItem(arena, &current->qualifierID, &oid->oid) ==
+ SECFailure) {
+ GEN_BREAK(SECFailure);
}
if (!policyQualifArr) {
policyQualifArr = PORT_ArenaZNew(arena, CERTPolicyQualifier *);
} else {
- policyQualifArr = PORT_ArenaGrow (arena, policyQualifArr,
- sizeof (current) * count,
- sizeof (current) *(count + 1));
- }
+ policyQualifArr = PORT_ArenaGrow(arena, policyQualifArr,
+ sizeof(current) * count,
+ sizeof(current) * (count + 1));
+ }
if (policyQualifArr == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
-
+
policyQualifArr[count] = current;
++count;
- if (!GetYesNo ("Enter another policy qualifier [y/N]")) {
+ if (!GetYesNo("Enter another policy qualifier [y/N]")) {
/* Add null to the end to mark end of data */
policyQualifArr = PORT_ArenaGrow(arena, policyQualifArr,
- sizeof (current) * count,
- sizeof (current) *(count + 1));
+ sizeof(current) * count,
+ sizeof(current) * (count + 1));
if (policyQualifArr == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
- policyQualifArr[count] = NULL;
+ policyQualifArr[count] = NULL;
break;
}
} while (1);
if (rv != SECSuccess) {
- PORT_ArenaRelease (arena, mark);
+ PORT_ArenaRelease(arena, mark);
policyQualifArr = NULL;
}
return (policyQualifArr);
}
-static SECStatus
+static SECStatus
AddCertPolicies(void *extHandle)
{
CERTPolicyInfo **certPoliciesArr = NULL;
@@ -1707,7 +1704,7 @@ AddCertPolicies(void *extHandle)
char buffer[512];
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
+ if (!arena) {
SECU_PrintError(progName, "out of memory");
return SECFailure;
}
@@ -1720,47 +1717,47 @@ AddCertPolicies(void *extHandle)
if (PrintChoicesAndGetAnswer("Enter a CertPolicy Object Identifier "
"(dotted decimal format)\n"
- "or \"any\" for AnyPolicy:",
+ "or \"any\" for AnyPolicy:",
buffer, sizeof(buffer)) == SECFailure) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
+ }
+
+ if (strncmp(buffer, "any", 3) == 0) {
+ /* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */
+ strcpy(buffer, "OID.2.5.29.32.0");
}
-
- if (strncmp(buffer, "any", 3) == 0) {
- /* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */
- strcpy(buffer, "OID.2.5.29.32.0");
- }
rv = SEC_StringToOID(arena, &current->policyID, buffer, 0);
if (rv == SECFailure) {
GEN_BREAK(SECFailure);
}
-
- current->policyQualifiers =
- RequestPolicyQualifiers(arena, &current->policyID);
+
+ current->policyQualifiers =
+ RequestPolicyQualifiers(arena, &current->policyID);
if (!certPoliciesArr) {
certPoliciesArr = PORT_ArenaZNew(arena, CERTPolicyInfo *);
} else {
- certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr,
- sizeof (current) * count,
- sizeof (current) *(count + 1));
- }
+ certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr,
+ sizeof(current) * count,
+ sizeof(current) * (count + 1));
+ }
if (certPoliciesArr == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
-
+
certPoliciesArr[count] = current;
++count;
-
- if (!GetYesNo ("Enter another PolicyInformation field [y/N]?")) {
+
+ if (!GetYesNo("Enter another PolicyInformation field [y/N]?")) {
/* Add null to the end to mark end of data */
certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr,
- sizeof (current) * count,
- sizeof (current) *(count + 1));
+ sizeof(current) * count,
+ sizeof(current) * (count + 1));
if (certPoliciesArr == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
- certPoliciesArr[count] = NULL;
+ certPoliciesArr[count] = NULL;
break;
}
@@ -1772,13 +1769,13 @@ AddCertPolicies(void *extHandle)
policies.arena = arena;
policies.policyInfos = certPoliciesArr;
-
+
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &policies,
- yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES,
- (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension);
+ yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES,
+ (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension);
}
if (arena)
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return (rv);
}
@@ -1791,9 +1788,9 @@ enum SubjInfoAccessTypesEnum {
caRepository = 1,
timeStamping = 2
};
-
+
/* Encode and add an AIA or SIA extension */
-static SECStatus
+static SECStatus
AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
{
CERTAuthInfoAccess **infoAccArr = NULL;
@@ -1806,7 +1803,7 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
int intValue = 0;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
+ if (!arena) {
SECU_PrintError(progName, "out of memory");
return SECFailure;
}
@@ -1822,82 +1819,83 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
if (addSIAExt) {
if (isCACert) {
puts("Adding \"CA Repository\" access method type for "
- "Subject Information Access extension:\n");
+ "Subject Information Access extension:\n");
intValue = caRepository;
} else {
puts("Adding \"Time Stamping Services\" access method type for "
- "Subject Information Access extension:\n");
+ "Subject Information Access extension:\n");
intValue = timeStamping;
}
} else {
if (PrintChoicesAndGetAnswer("Enter access method type "
- "for Authority Information Access extension:\n"
- "\t1 - CA Issuers\n\t2 - OCSP\n\tAny"
- "other number to finish\n\tChoice",
- buffer, sizeof(buffer)) != SECSuccess) {
- GEN_BREAK (SECFailure);
+ "for Authority Information Access extension:\n"
+ "\t1 - CA Issuers\n\t2 - OCSP\n\tAny"
+ "other number to finish\n\tChoice",
+ buffer, sizeof(buffer)) !=
+ SECSuccess) {
+ GEN_BREAK(SECFailure);
}
intValue = PORT_Atoi(buffer);
}
if (addSIAExt) {
switch (intValue) {
- case caRepository:
- oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CA_REPOSITORY);
- break;
-
- case timeStamping:
- oid = SECOID_FindOIDByTag(SEC_OID_PKIX_TIMESTAMPING);
- break;
- }
+ case caRepository:
+ oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CA_REPOSITORY);
+ break;
+
+ case timeStamping:
+ oid = SECOID_FindOIDByTag(SEC_OID_PKIX_TIMESTAMPING);
+ break;
+ }
} else {
switch (intValue) {
- case caIssuers:
- oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CA_ISSUERS);
- break;
-
- case ocsp:
- oid = SECOID_FindOIDByTag(SEC_OID_PKIX_OCSP);
- break;
- }
+ case caIssuers:
+ oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CA_ISSUERS);
+ break;
+
+ case ocsp:
+ oid = SECOID_FindOIDByTag(SEC_OID_PKIX_OCSP);
+ break;
+ }
}
if (oid == NULL ||
- SECITEM_CopyItem(arena, &current->method, &oid->oid)
- == SECFailure) {
- GEN_BREAK (SECFailure);
+ SECITEM_CopyItem(arena, &current->method, &oid->oid) ==
+ SECFailure) {
+ GEN_BREAK(SECFailure);
}
current->location = CreateGeneralName(arena);
if (!current->location) {
GEN_BREAK(SECFailure);
}
-
+
if (infoAccArr == NULL) {
infoAccArr = PORT_ArenaZNew(arena, CERTAuthInfoAccess *);
} else {
- infoAccArr = PORT_ArenaGrow(arena, infoAccArr,
- sizeof (current) * count,
- sizeof (current) *(count + 1));
- }
+ infoAccArr = PORT_ArenaGrow(arena, infoAccArr,
+ sizeof(current) * count,
+ sizeof(current) * (count + 1));
+ }
if (infoAccArr == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
-
+
infoAccArr[count] = current;
++count;
-
+
PR_snprintf(buffer, sizeof(buffer), "Add another location to the %s"
- " Information Access extension [y/N]",
+ " Information Access extension [y/N]",
(addSIAExt) ? "Subject" : "Authority");
- if (GetYesNo (buffer) == 0) {
+ if (GetYesNo(buffer) == 0) {
/* Add null to the end to mark end of data */
infoAccArr = PORT_ArenaGrow(arena, infoAccArr,
- sizeof (current) * count,
- sizeof (current) *(count + 1));
+ sizeof(current) * count,
+ sizeof(current) * (count + 1));
if (infoAccArr == NULL) {
- GEN_BREAK (SECFailure);
+ GEN_BREAK(SECFailure);
}
- infoAccArr[count] = NULL;
+ infoAccArr[count] = NULL;
break;
}
@@ -1907,13 +1905,13 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
int oidIdent = SEC_OID_X509_AUTH_INFO_ACCESS;
PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
-
+
if (addSIAExt) {
oidIdent = SEC_OID_X509_SUBJECT_INFO_ACCESS;
}
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, infoAccArr,
- yesNoAns, oidIdent,
- (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension);
+ yesNoAns, oidIdent,
+ (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension);
}
if (arena)
PORT_FreeArena(arena, PR_FALSE);
@@ -1932,7 +1930,7 @@ parseNextGenericExt(const char *nextExtension, const char **oid, int *oidLen,
const char *nextColon;
const char *nextComma;
const char *iter = nextExtension;
-
+
if (!iter || !*iter)
return SECFailure;
@@ -1987,33 +1985,33 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
SECStatus rv = SECSuccess;
char *errstring = NULL;
const char *nextExtension = NULL;
-
+
do {
/* Add key usage extension */
if (extList[ext_keyUsage].activated) {
rv = AddKeyUsage(extHandle, extList[ext_keyUsage].arg);
if (rv) {
- errstring = "KeyUsage";
+ errstring = "KeyUsage";
break;
- }
+ }
}
/* Add extended key usage extension */
if (extList[ext_extKeyUsage].activated) {
rv = AddExtKeyUsage(extHandle, extList[ext_extKeyUsage].arg);
if (rv) {
- errstring = "ExtendedKeyUsage";
+ errstring = "ExtendedKeyUsage";
break;
- }
+ }
}
/* Add basic constraint extension */
if (extList[ext_basicConstraint].activated) {
rv = AddBasicConstraint(extHandle);
if (rv) {
- errstring = "BasicConstraint";
+ errstring = "BasicConstraint";
break;
- }
+ }
}
/* Add name constraints extension */
@@ -2028,88 +2026,88 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
if (extList[ext_authorityKeyID].activated) {
rv = AddAuthKeyID(extHandle);
if (rv) {
- errstring = "AuthorityKeyID";
+ errstring = "AuthorityKeyID";
break;
- }
+ }
}
if (extList[ext_subjectKeyID].activated) {
rv = AddSubjKeyID(extHandle);
if (rv) {
- errstring = "SubjectKeyID";
+ errstring = "SubjectKeyID";
break;
- }
- }
+ }
+ }
if (extList[ext_CRLDistPts].activated) {
rv = AddCrlDistPoint(extHandle);
if (rv) {
- errstring = "CRLDistPoints";
+ errstring = "CRLDistPoints";
break;
- }
+ }
}
if (extList[ext_NSCertType].activated) {
rv = AddNscpCertType(extHandle, extList[ext_NSCertType].arg);
if (rv) {
- errstring = "NSCertType";
+ errstring = "NSCertType";
break;
- }
+ }
}
if (extList[ext_authInfoAcc].activated ||
extList[ext_subjInfoAcc].activated) {
rv = AddInfoAccess(extHandle, extList[ext_subjInfoAcc].activated,
- extList[ext_basicConstraint].activated);
+ extList[ext_basicConstraint].activated);
if (rv) {
- errstring = "InformationAccess";
+ errstring = "InformationAccess";
break;
- }
+ }
}
if (extList[ext_certPolicies].activated) {
rv = AddCertPolicies(extHandle);
if (rv) {
- errstring = "Policies";
+ errstring = "Policies";
break;
- }
+ }
}
if (extList[ext_policyMappings].activated) {
rv = AddPolicyMappings(extHandle);
if (rv) {
- errstring = "PolicyMappings";
+ errstring = "PolicyMappings";
break;
- }
+ }
}
if (extList[ext_policyConstr].activated) {
rv = AddPolicyConstraints(extHandle);
if (rv) {
- errstring = "PolicyConstraints";
+ errstring = "PolicyConstraints";
break;
- }
+ }
}
if (extList[ext_inhibitAnyPolicy].activated) {
rv = AddInhibitAnyPolicy(extHandle);
if (rv) {
- errstring = "InhibitAnyPolicy";
+ errstring = "InhibitAnyPolicy";
break;
- }
+ }
}
if (emailAddrs || dnsNames || extList[ext_subjectAltName].activated) {
PLArenaPool *arena;
CERTGeneralName *namelist = NULL;
SECItem item = { 0, NULL, 0 };
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
rv = SECFailure;
break;
}
-
+
rv = SECSuccess;
if (emailAddrs) {
@@ -2121,26 +2119,26 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
}
if (extList[ext_subjectAltName].activated) {
- rv |= AddGeneralSubjectAlt(arena, &namelist,
+ rv |= AddGeneralSubjectAlt(arena, &namelist,
extList[ext_subjectAltName].arg);
}
if (rv == SECSuccess) {
- rv = CERT_EncodeAltNameExtension(arena, namelist, &item);
- if (rv == SECSuccess) {
+ rv = CERT_EncodeAltNameExtension(arena, namelist, &item);
+ if (rv == SECSuccess) {
rv = CERT_AddExtension(extHandle,
- SEC_OID_X509_SUBJECT_ALT_NAME,
- &item, PR_FALSE, PR_TRUE);
- }
+ SEC_OID_X509_SUBJECT_ALT_NAME,
+ &item, PR_FALSE, PR_TRUE);
+ }
}
- PORT_FreeArena(arena, PR_FALSE);
- if (rv) {
+ PORT_FreeArena(arena, PR_FALSE);
+ if (rv) {
errstring = "SubjectAltName";
break;
- }
+ }
}
} while (0);
-
+
if (rv != SECSuccess) {
SECU_PrintError(progName, "Problem creating %s extension", errstring);
}
@@ -2156,7 +2154,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
rv = parseNextGenericExt(nextExtension, &oid, &oidLen, &crit, &critLen,
&filename, &filenameLen, &next);
- if (rv!= SECSuccess) {
+ if (rv != SECSuccess) {
SECU_PrintError(progName,
"error parsing generic extension parameter %s",
nextExtension);
diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c
index da8ae17a9..c15897e71 100644
--- a/cmd/certutil/certutil.c
+++ b/cmd/certutil/certutil.c
@@ -37,12 +37,14 @@
#include "nss.h"
#include "certutil.h"
-#define MIN_KEY_BITS 512
+#define MIN_KEY_BITS 512
/* MAX_KEY_BITS should agree with MAX_RSA_MODULUS in freebl */
-#define MAX_KEY_BITS 8192
-#define DEFAULT_KEY_BITS 2048
+#define MAX_KEY_BITS 8192
+#define DEFAULT_KEY_BITS 2048
-#define GEN_BREAK(e) rv=e; break;
+#define GEN_BREAK(e) \
+ rv = e; \
+ break;
char *progName;
@@ -55,49 +57,48 @@ GetCertRequest(const SECItem *reqDER)
SECStatus rv;
do {
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- GEN_BREAK (SECFailure);
- }
-
- certReq = (CERTCertificateRequest*) PORT_ArenaZAlloc
- (arena, sizeof(CERTCertificateRequest));
- if (!certReq) {
- GEN_BREAK(SECFailure);
- }
- certReq->arena = arena;
-
- /* Since cert request is a signed data, must decode to get the inner
- data
- */
- PORT_Memset(&signedData, 0, sizeof(signedData));
- rv = SEC_ASN1DecodeItem(arena, &signedData,
- SEC_ASN1_GET(CERT_SignedDataTemplate), reqDER);
- if (rv) {
- break;
- }
- rv = SEC_ASN1DecodeItem(arena, certReq,
- SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data);
- if (rv) {
- break;
- }
- rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData,
- &certReq->subjectPublicKeyInfo, NULL /* wincx */);
- } while (0);
-
- if (rv) {
- SECU_PrintError(progName, "bad certificate request\n");
- if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- certReq = NULL;
- }
-
- return certReq;
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ GEN_BREAK(SECFailure);
+ }
+
+ certReq = (CERTCertificateRequest *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificateRequest));
+ if (!certReq) {
+ GEN_BREAK(SECFailure);
+ }
+ certReq->arena = arena;
+
+ /* Since cert request is a signed data, must decode to get the inner
+ data
+ */
+ PORT_Memset(&signedData, 0, sizeof(signedData));
+ rv = SEC_ASN1DecodeItem(arena, &signedData,
+ SEC_ASN1_GET(CERT_SignedDataTemplate), reqDER);
+ if (rv) {
+ break;
+ }
+ rv = SEC_ASN1DecodeItem(arena, certReq,
+ SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data);
+ if (rv) {
+ break;
+ }
+ rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData,
+ &certReq->subjectPublicKeyInfo, NULL /* wincx */);
+ } while (0);
+
+ if (rv) {
+ SECU_PrintError(progName, "bad certificate request\n");
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
+ }
+ certReq = NULL;
+ }
+
+ return certReq;
}
static SECStatus
-AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
+AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
const SECItem *certDER, PRBool emailcert, void *pwdata)
{
CERTCertTrust *trust = NULL;
@@ -105,74 +106,74 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
SECStatus rv;
do {
- /* Read in an ASCII cert and return a CERTCertificate */
- cert = CERT_DecodeCertFromPackage((char *)certDER->data, certDER->len);
- if (!cert) {
- SECU_PrintError(progName, "could not decode certificate");
- GEN_BREAK(SECFailure);
- }
-
- /* Create a cert trust */
- trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
- if (!trust) {
- SECU_PrintError(progName, "unable to allocate cert trust");
- GEN_BREAK(SECFailure);
- }
-
- rv = CERT_DecodeTrustString(trust, trusts);
- if (rv) {
- SECU_PrintError(progName, "unable to decode trust string");
- GEN_BREAK(SECFailure);
- }
-
- rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, name, PR_FALSE);
- if (rv != SECSuccess) {
- /* sigh, PK11_Import Cert and CERT_ChangeCertTrust should have
- * been coded to take a password arg. */
- if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
- rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
- if (rv != SECSuccess) {
- SECU_PrintError(progName,
- "could not authenticate to token %s.",
- PK11_GetTokenName(slot));
- GEN_BREAK(SECFailure);
- }
- rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE,
- name, PR_FALSE);
- }
- if (rv != SECSuccess) {
- SECU_PrintError(progName,
- "could not add certificate to token or database");
- GEN_BREAK(SECFailure);
- }
- }
-
- rv = CERT_ChangeCertTrust(handle, cert, trust);
- if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
- rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
- if (rv != SECSuccess) {
- SECU_PrintError(progName,
- "could not authenticate to token %s.",
- PK11_GetTokenName(slot));
- GEN_BREAK(SECFailure);
- }
- rv = CERT_ChangeCertTrust(handle, cert, trust);
- }
- if (rv != SECSuccess) {
- SECU_PrintError(progName,
- "could not change trust on certificate");
- GEN_BREAK(SECFailure);
- }
- }
-
- if ( emailcert ) {
- CERT_SaveSMimeProfile(cert, NULL, pwdata);
- }
+ /* Read in an ASCII cert and return a CERTCertificate */
+ cert = CERT_DecodeCertFromPackage((char *)certDER->data, certDER->len);
+ if (!cert) {
+ SECU_PrintError(progName, "could not decode certificate");
+ GEN_BREAK(SECFailure);
+ }
+
+ /* Create a cert trust */
+ trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
+ if (!trust) {
+ SECU_PrintError(progName, "unable to allocate cert trust");
+ GEN_BREAK(SECFailure);
+ }
+
+ rv = CERT_DecodeTrustString(trust, trusts);
+ if (rv) {
+ SECU_PrintError(progName, "unable to decode trust string");
+ GEN_BREAK(SECFailure);
+ }
+
+ rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, name, PR_FALSE);
+ if (rv != SECSuccess) {
+ /* sigh, PK11_Import Cert and CERT_ChangeCertTrust should have
+ * been coded to take a password arg. */
+ if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+ rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName,
+ "could not authenticate to token %s.",
+ PK11_GetTokenName(slot));
+ GEN_BREAK(SECFailure);
+ }
+ rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE,
+ name, PR_FALSE);
+ }
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName,
+ "could not add certificate to token or database");
+ GEN_BREAK(SECFailure);
+ }
+ }
+
+ rv = CERT_ChangeCertTrust(handle, cert, trust);
+ if (rv != SECSuccess) {
+ if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+ rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName,
+ "could not authenticate to token %s.",
+ PK11_GetTokenName(slot));
+ GEN_BREAK(SECFailure);
+ }
+ rv = CERT_ChangeCertTrust(handle, cert, trust);
+ }
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName,
+ "could not change trust on certificate");
+ GEN_BREAK(SECFailure);
+ }
+ }
+
+ if (emailcert) {
+ CERT_SaveSMimeProfile(cert, NULL, pwdata);
+ }
} while (0);
- CERT_DestroyCertificate (cert);
+ CERT_DestroyCertificate(cert);
PORT_Free(trust);
return rv;
@@ -181,7 +182,7 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
static SECStatus
CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
SECOidTag hashAlgTag, CERTName *subject, const char *phone, int ascii,
- const char *emailAddrs, const char *dnsNames,
+ const char *emailAddrs, const char *dnsNames,
certutilExtnList extnList, const char *extGeneric,
/*out*/ SECItem *result)
{
@@ -197,32 +198,32 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
/* Create info about public key */
spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
if (!spki) {
- SECU_PrintError(progName, "unable to create subject public key");
- return SECFailure;
+ SECU_PrintError(progName, "unable to create subject public key");
+ return SECFailure;
}
-
+
/* Generate certificate request */
cr = CERT_CreateCertificateRequest(subject, spki, NULL);
SECKEY_DestroySubjectPublicKeyInfo(spki);
if (!cr) {
- SECU_PrintError(progName, "unable to make certificate request");
- return SECFailure;
+ SECU_PrintError(progName, "unable to make certificate request");
+ return SECFailure;
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- SECU_PrintError(progName, "out of memory");
- return SECFailure;
+ if (!arena) {
+ SECU_PrintError(progName, "out of memory");
+ return SECFailure;
}
-
+
extHandle = CERT_StartCertificateRequestAttributes(cr);
if (extHandle == NULL) {
- PORT_FreeArena (arena, PR_FALSE);
- return SECFailure;
+ PORT_FreeArena(arena, PR_FALSE);
+ return SECFailure;
}
- if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric)
- != SECSuccess) {
- PORT_FreeArena (arena, PR_FALSE);
+ if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric) !=
+ SECSuccess) {
+ PORT_FreeArena(arena, PR_FALSE);
return SECFailure;
}
CERT_FinishExtensions(extHandle);
@@ -233,158 +234,159 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
SEC_ASN1_GET(CERT_CertificateRequestTemplate));
CERT_DestroyCertificateRequest(cr);
if (encoding == NULL) {
- PORT_FreeArena (arena, PR_FALSE);
- SECU_PrintError(progName, "der encoding of request failed");
- return SECFailure;
+ PORT_FreeArena(arena, PR_FALSE);
+ SECU_PrintError(progName, "der encoding of request failed");
+ return SECFailure;
}
/* Sign the request */
signAlgTag = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag);
if (signAlgTag == SEC_OID_UNKNOWN) {
- PORT_FreeArena (arena, PR_FALSE);
- SECU_PrintError(progName, "unknown Key or Hash type");
- return SECFailure;
+ PORT_FreeArena(arena, PR_FALSE);
+ SECU_PrintError(progName, "unknown Key or Hash type");
+ return SECFailure;
}
rv = SEC_DerSignData(arena, &signedReq, encoding->data, encoding->len,
- privk, signAlgTag);
+ privk, signAlgTag);
if (rv) {
- PORT_FreeArena (arena, PR_FALSE);
- SECU_PrintError(progName, "signing of data failed");
- return SECFailure;
+ PORT_FreeArena(arena, PR_FALSE);
+ SECU_PrintError(progName, "signing of data failed");
+ return SECFailure;
}
/* Encode request in specified format */
if (ascii) {
- char *obuf;
- char *header, *name, *email, *org, *state, *country;
-
- obuf = BTOA_ConvertItemToAscii(&signedReq);
- if (!obuf) {
- goto oom;
- }
-
- name = CERT_GetCommonName(subject);
- if (!name) {
- name = PORT_Strdup("(not specified)");
- }
-
- if (!phone)
- phone = "(not specified)";
-
- email = CERT_GetCertEmailAddress(subject);
- if (!email)
- email = PORT_Strdup("(not specified)");
-
- org = CERT_GetOrgName(subject);
- if (!org)
- org = PORT_Strdup("(not specified)");
-
- state = CERT_GetStateName(subject);
- if (!state)
- state = PORT_Strdup("(not specified)");
-
- country = CERT_GetCountryName(subject);
- if (!country)
- country = PORT_Strdup("(not specified)");
-
- header = PR_smprintf(
- "\nCertificate request generated by Netscape certutil\n"
- "Phone: %s\n\n"
- "Common Name: %s\n"
- "Email: %s\n"
- "Organization: %s\n"
- "State: %s\n"
- "Country: %s\n\n"
- "%s\n",
- phone, name, email, org, state, country, NS_CERTREQ_HEADER);
-
- PORT_Free(name);
- PORT_Free(email);
- PORT_Free(org);
- PORT_Free(state);
- PORT_Free(country);
-
- if (header) {
- char * trailer = PR_smprintf("\n%s\n", NS_CERTREQ_TRAILER);
- if (trailer) {
- PRUint32 headerLen = PL_strlen(header);
- PRUint32 obufLen = PL_strlen(obuf);
- PRUint32 trailerLen = PL_strlen(trailer);
- SECITEM_AllocItem(NULL, result,
- headerLen + obufLen + trailerLen);
- if (result->data) {
- PORT_Memcpy(result->data, header, headerLen);
- PORT_Memcpy(result->data + headerLen, obuf, obufLen);
- PORT_Memcpy(result->data + headerLen + obufLen,
- trailer, trailerLen);
- }
- PR_smprintf_free(trailer);
- }
- PR_smprintf_free(header);
- }
- PORT_Free(obuf);
+ char *obuf;
+ char *header, *name, *email, *org, *state, *country;
+
+ obuf = BTOA_ConvertItemToAscii(&signedReq);
+ if (!obuf) {
+ goto oom;
+ }
+
+ name = CERT_GetCommonName(subject);
+ if (!name) {
+ name = PORT_Strdup("(not specified)");
+ }
+
+ if (!phone)
+ phone = "(not specified)";
+
+ email = CERT_GetCertEmailAddress(subject);
+ if (!email)
+ email = PORT_Strdup("(not specified)");
+
+ org = CERT_GetOrgName(subject);
+ if (!org)
+ org = PORT_Strdup("(not specified)");
+
+ state = CERT_GetStateName(subject);
+ if (!state)
+ state = PORT_Strdup("(not specified)");
+
+ country = CERT_GetCountryName(subject);
+ if (!country)
+ country = PORT_Strdup("(not specified)");
+
+ header = PR_smprintf(
+ "\nCertificate request generated by Netscape certutil\n"
+ "Phone: %s\n\n"
+ "Common Name: %s\n"
+ "Email: %s\n"
+ "Organization: %s\n"
+ "State: %s\n"
+ "Country: %s\n\n"
+ "%s\n",
+ phone, name, email, org, state, country, NS_CERTREQ_HEADER);
+
+ PORT_Free(name);
+ PORT_Free(email);
+ PORT_Free(org);
+ PORT_Free(state);
+ PORT_Free(country);
+
+ if (header) {
+ char *trailer = PR_smprintf("\n%s\n", NS_CERTREQ_TRAILER);
+ if (trailer) {
+ PRUint32 headerLen = PL_strlen(header);
+ PRUint32 obufLen = PL_strlen(obuf);
+ PRUint32 trailerLen = PL_strlen(trailer);
+ SECITEM_AllocItem(NULL, result,
+ headerLen + obufLen + trailerLen);
+ if (result->data) {
+ PORT_Memcpy(result->data, header, headerLen);
+ PORT_Memcpy(result->data + headerLen, obuf, obufLen);
+ PORT_Memcpy(result->data + headerLen + obufLen,
+ trailer, trailerLen);
+ }
+ PR_smprintf_free(trailer);
+ }
+ PR_smprintf_free(header);
+ }
+ PORT_Free(obuf);
} else {
- (void) SECITEM_CopyItem(NULL, result, &signedReq);
+ (void)SECITEM_CopyItem(NULL, result, &signedReq);
}
if (!result->data) {
-oom: SECU_PrintError(progName, "out of memory");
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
+ oom:
+ SECU_PrintError(progName, "out of memory");
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ rv = SECFailure;
}
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return rv;
}
-static SECStatus
+static SECStatus
ChangeTrustAttributes(CERTCertDBHandle *handle, PK11SlotInfo *slot,
- char *name, char *trusts, void *pwdata)
+ char *name, char *trusts, void *pwdata)
{
SECStatus rv;
CERTCertificate *cert;
CERTCertTrust *trust;
-
+
cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
if (!cert) {
- SECU_PrintError(progName, "could not find certificate named \"%s\"",
- name);
- return SECFailure;
+ SECU_PrintError(progName, "could not find certificate named \"%s\"",
+ name);
+ return SECFailure;
}
trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
if (!trust) {
- SECU_PrintError(progName, "unable to allocate cert trust");
- return SECFailure;
+ SECU_PrintError(progName, "unable to allocate cert trust");
+ return SECFailure;
}
/* This function only decodes these characters: pPwcTCu, */
rv = CERT_DecodeTrustString(trust, trusts);
if (rv) {
- SECU_PrintError(progName, "unable to decode trust string");
- return SECFailure;
+ SECU_PrintError(progName, "unable to decode trust string");
+ return SECFailure;
}
/* CERT_ChangeCertTrust API does not have a way to pass in
* a context, so NSS can't prompt for the password if it needs to.
- * check to see if the failure was token not logged in and
+ * check to see if the failure was token not logged in and
* log in if need be. */
rv = CERT_ChangeCertTrust(handle, cert, trust);
if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
- rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "could not authenticate to token %s.",
+ if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+ rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "could not authenticate to token %s.",
PK11_GetTokenName(slot));
- return SECFailure;
- }
- rv = CERT_ChangeCertTrust(handle, cert, trust);
- }
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "unable to modify trust attributes");
- return SECFailure;
- }
+ return SECFailure;
+ }
+ rv = CERT_ChangeCertTrust(handle, cert, trust);
+ }
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "unable to modify trust attributes");
+ return SECFailure;
+ }
}
CERT_DestroyCertificate(cert);
@@ -400,21 +402,22 @@ DumpChain(CERTCertDBHandle *handle, char *name, PRBool ascii)
the_cert = SECU_FindCertByNicknameOrFilename(handle, name,
ascii, NULL);
if (!the_cert) {
- SECU_PrintError(progName, "Could not find: %s\n", name);
- return SECFailure;
+ SECU_PrintError(progName, "Could not find: %s\n", name);
+ return SECFailure;
}
chain = CERT_CertChainFromCert(the_cert, 0, PR_TRUE);
CERT_DestroyCertificate(the_cert);
if (!chain) {
- SECU_PrintError(progName, "Could not obtain chain for: %s\n", name);
- return SECFailure;
+ SECU_PrintError(progName, "Could not obtain chain for: %s\n", name);
+ return SECFailure;
}
- for (i=chain->len-1; i>=0; i--) {
- CERTCertificate *c;
- c = CERT_FindCertByDERCert(handle, &chain->certs[i]);
- for (j=i; j<chain->len-1; j++) printf(" ");
- printf("\"%s\" [%s]\n\n", c->nickname, c->subjectName);
- CERT_DestroyCertificate(c);
+ for (i = chain->len - 1; i >= 0; i--) {
+ CERTCertificate *c;
+ c = CERT_FindCertByDERCert(handle, &chain->certs[i]);
+ for (j = i; j < chain->len - 1; j++)
+ printf(" ");
+ printf("\"%s\" [%s]\n\n", c->nickname, c->subjectName);
+ CERT_DestroyCertificate(c);
}
CERT_DestroyCertificateList(chain);
return SECSuccess;
@@ -428,55 +431,55 @@ outputCertOrExtension(CERTCertificate *the_cert, PRBool raw, PRBool ascii,
PRInt32 numBytes;
SECStatus rv = SECFailure;
if (extensionOID) {
- int i;
- PRBool found = PR_FALSE;
- for (i=0; the_cert->extensions[i] != NULL; i++) {
- CERTCertExtension *extension = the_cert->extensions[i];
- if (SECITEM_CompareItem(&extension->id, extensionOID) == SECEqual) {
- found = PR_TRUE;
- numBytes = PR_Write(outfile, extension->value.data,
- extension->value.len);
- rv = SECSuccess;
- if (numBytes != (PRInt32) extension->value.len) {
- SECU_PrintSystemError(progName, "error writing extension");
- rv = SECFailure;
- }
- break;
- }
- }
- if (!found) {
- SECU_PrintSystemError(progName, "extension not found");
- rv = SECFailure;
- }
+ int i;
+ PRBool found = PR_FALSE;
+ for (i = 0; the_cert->extensions[i] != NULL; i++) {
+ CERTCertExtension *extension = the_cert->extensions[i];
+ if (SECITEM_CompareItem(&extension->id, extensionOID) == SECEqual) {
+ found = PR_TRUE;
+ numBytes = PR_Write(outfile, extension->value.data,
+ extension->value.len);
+ rv = SECSuccess;
+ if (numBytes != (PRInt32)extension->value.len) {
+ SECU_PrintSystemError(progName, "error writing extension");
+ rv = SECFailure;
+ }
+ break;
+ }
+ }
+ if (!found) {
+ SECU_PrintSystemError(progName, "extension not found");
+ rv = SECFailure;
+ }
} else {
- data.data = the_cert->derCert.data;
- data.len = the_cert->derCert.len;
- if (ascii) {
- PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER,
- BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
- rv = SECSuccess;
- } else if (raw) {
- numBytes = PR_Write(outfile, data.data, data.len);
- rv = SECSuccess;
- if (numBytes != (PRInt32) data.len) {
- SECU_PrintSystemError(progName, "error writing raw cert");
- rv = SECFailure;
- }
- } else {
- rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "problem printing certificate");
- }
- }
+ data.data = the_cert->derCert.data;
+ data.len = the_cert->derCert.len;
+ if (ascii) {
+ PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER,
+ BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
+ rv = SECSuccess;
+ } else if (raw) {
+ numBytes = PR_Write(outfile, data.data, data.len);
+ rv = SECSuccess;
+ if (numBytes != (PRInt32)data.len) {
+ SECU_PrintSystemError(progName, "error writing raw cert");
+ rv = SECFailure;
+ }
+ } else {
+ rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "problem printing certificate");
+ }
+ }
}
return rv;
}
static SECStatus
listCerts(CERTCertDBHandle *handle, char *name, char *email,
- PK11SlotInfo *slot, PRBool raw, PRBool ascii,
- SECItem *extensionOID,
- PRFileDesc *outfile, void *pwarg)
+ PK11SlotInfo *slot, PRBool raw, PRBool ascii,
+ SECItem *extensionOID,
+ PRFileDesc *outfile, void *pwarg)
{
SECStatus rv = SECFailure;
CERTCertList *certs;
@@ -492,76 +495,76 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email,
}
}
if (name) {
- CERTCertificate *the_cert =
+ CERTCertificate *the_cert =
SECU_FindCertByNicknameOrFilename(handle, name, ascii, NULL);
if (!the_cert) {
SECU_PrintError(progName, "Could not find cert: %s\n", name);
return SECFailure;
}
- /* Here, we have one cert with the desired nickname or email
- * address. Now, we will attempt to get a list of ALL certs
- * with the same subject name as the cert we have. That list
- * should contain, at a minimum, the one cert we have already found.
- * If the list of certs is empty (NULL), the libraries have failed.
- */
- certs = CERT_CreateSubjectCertList(NULL, handle, &the_cert->derSubject,
- PR_Now(), PR_FALSE);
- CERT_DestroyCertificate(the_cert);
- if (!certs) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- SECU_PrintError(progName, "problem printing certificates");
- return SECFailure;
- }
- for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs);
- node = CERT_LIST_NEXT(node)) {
- rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID,
+ /* Here, we have one cert with the desired nickname or email
+ * address. Now, we will attempt to get a list of ALL certs
+ * with the same subject name as the cert we have. That list
+ * should contain, at a minimum, the one cert we have already found.
+ * If the list of certs is empty (NULL), the libraries have failed.
+ */
+ certs = CERT_CreateSubjectCertList(NULL, handle, &the_cert->derSubject,
+ PR_Now(), PR_FALSE);
+ CERT_DestroyCertificate(the_cert);
+ if (!certs) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ SECU_PrintError(progName, "problem printing certificates");
+ return SECFailure;
+ }
+ for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node, certs);
+ node = CERT_LIST_NEXT(node)) {
+ rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID,
outfile);
- if (rv != SECSuccess) {
- break;
- }
- }
+ if (rv != SECSuccess) {
+ break;
+ }
+ }
} else if (email) {
- certs = PK11_FindCertsFromEmailAddress(email, NULL);
- if (!certs) {
- SECU_PrintError(progName,
- "Could not find certificates for email address: %s\n",
- email);
- return SECFailure;
- }
- for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs);
- node = CERT_LIST_NEXT(node)) {
- rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID,
+ certs = PK11_FindCertsFromEmailAddress(email, NULL);
+ if (!certs) {
+ SECU_PrintError(progName,
+ "Could not find certificates for email address: %s\n",
+ email);
+ return SECFailure;
+ }
+ for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node, certs);
+ node = CERT_LIST_NEXT(node)) {
+ rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID,
outfile);
- if (rv != SECSuccess) {
- break;
- }
- }
+ if (rv != SECSuccess) {
+ break;
+ }
+ }
} else {
- certs = PK11_ListCertsInSlot(slot);
- if (certs) {
- for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs);
- node = CERT_LIST_NEXT(node)) {
- SECU_PrintCertNickname(node,stdout);
- }
- rv = SECSuccess;
- }
+ certs = PK11_ListCertsInSlot(slot);
+ if (certs) {
+ for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node, certs);
+ node = CERT_LIST_NEXT(node)) {
+ SECU_PrintCertNickname(node, stdout);
+ }
+ rv = SECSuccess;
+ }
}
if (certs) {
CERT_DestroyCertList(certs);
}
if (rv) {
- SECU_PrintError(progName, "problem printing certificate nicknames");
- return SECFailure;
+ SECU_PrintError(progName, "problem printing certificate nicknames");
+ return SECFailure;
}
- return SECSuccess; /* not rv ?? */
+ return SECSuccess; /* not rv ?? */
}
static SECStatus
-ListCerts(CERTCertDBHandle *handle, char *nickname, char *email,
+ListCerts(CERTCertDBHandle *handle, char *nickname, char *email,
PK11SlotInfo *slot, PRBool raw, PRBool ascii,
- SECItem *extensionOID,
- PRFileDesc *outfile, secuPWData *pwdata)
+ SECItem *extensionOID,
+ PRFileDesc *outfile, secuPWData *pwdata)
{
SECStatus rv;
@@ -571,23 +574,23 @@ ListCerts(CERTCertDBHandle *handle, char *nickname, char *email,
"SSL,S/MIME,JAR/XPI");
}
if (slot == NULL) {
- CERTCertList *list;
- CERTCertListNode *node;
-
- list = PK11_ListCerts(PK11CertListAll, pwdata);
- for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list);
- node = CERT_LIST_NEXT(node)) {
- SECU_PrintCertNickname(node, stdout);
- }
- CERT_DestroyCertList(list);
- return SECSuccess;
- }
+ CERTCertList *list;
+ CERTCertListNode *node;
+
+ list = PK11_ListCerts(PK11CertListAll, pwdata);
+ for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list);
+ node = CERT_LIST_NEXT(node)) {
+ SECU_PrintCertNickname(node, stdout);
+ }
+ CERT_DestroyCertList(list);
+ return SECSuccess;
+ }
rv = listCerts(handle, nickname, email, slot, raw, ascii,
extensionOID, outfile, pwdata);
return rv;
}
-static SECStatus
+static SECStatus
DeleteCert(CERTCertDBHandle *handle, char *name)
{
SECStatus rv;
@@ -595,20 +598,20 @@ DeleteCert(CERTCertDBHandle *handle, char *name)
cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
if (!cert) {
- SECU_PrintError(progName, "could not find certificate named \"%s\"",
- name);
- return SECFailure;
+ SECU_PrintError(progName, "could not find certificate named \"%s\"",
+ name);
+ return SECFailure;
}
rv = SEC_DeletePermCertificate(cert);
CERT_DestroyCertificate(cert);
if (rv) {
- SECU_PrintError(progName, "unable to delete certificate");
+ SECU_PrintError(progName, "unable to delete certificate");
}
return rv;
}
-static SECStatus
+static SECStatus
RenameCert(CERTCertDBHandle *handle, char *name, char *newName)
{
SECStatus rv;
@@ -616,15 +619,15 @@ RenameCert(CERTCertDBHandle *handle, char *name, char *newName)
cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
if (!cert) {
- SECU_PrintError(progName, "could not find certificate named \"%s\"",
- name);
- return SECFailure;
+ SECU_PrintError(progName, "could not find certificate named \"%s\"",
+ name);
+ return SECFailure;
}
rv = __PK11_SetCertificateNickname(cert, newName);
CERT_DestroyCertificate(cert);
if (rv) {
- SECU_PrintError(progName, "unable to rename certificate");
+ SECU_PrintError(progName, "unable to rename certificate");
}
return rv;
}
@@ -642,107 +645,107 @@ ValidateCert(CERTCertDBHandle *handle, char *name, char *date,
CERTVerifyLog *log = NULL;
if (!certUsage) {
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return (SECFailure);
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return (SECFailure);
}
-
+
switch (*certUsage) {
- case 'O':
- usage = certificateUsageStatusResponder;
- break;
- case 'L':
- usage = certificateUsageSSLCA;
- break;
- case 'A':
- usage = certificateUsageAnyCA;
- break;
- case 'Y':
- usage = certificateUsageVerifyCA;
- break;
- case 'C':
- usage = certificateUsageSSLClient;
- break;
- case 'V':
- usage = certificateUsageSSLServer;
- break;
- case 'S':
- usage = certificateUsageEmailSigner;
- break;
- case 'R':
- usage = certificateUsageEmailRecipient;
- break;
- case 'J':
- usage = certificateUsageObjectSigner;
- break;
- default:
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return (SECFailure);
+ case 'O':
+ usage = certificateUsageStatusResponder;
+ break;
+ case 'L':
+ usage = certificateUsageSSLCA;
+ break;
+ case 'A':
+ usage = certificateUsageAnyCA;
+ break;
+ case 'Y':
+ usage = certificateUsageVerifyCA;
+ break;
+ case 'C':
+ usage = certificateUsageSSLClient;
+ break;
+ case 'V':
+ usage = certificateUsageSSLServer;
+ break;
+ case 'S':
+ usage = certificateUsageEmailSigner;
+ break;
+ case 'R':
+ usage = certificateUsageEmailRecipient;
+ break;
+ case 'J':
+ usage = certificateUsageObjectSigner;
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return (SECFailure);
}
do {
- cert = SECU_FindCertByNicknameOrFilename(handle, name, ascii,
+ cert = SECU_FindCertByNicknameOrFilename(handle, name, ascii,
NULL);
- if (!cert) {
- SECU_PrintError(progName, "could not find certificate named \"%s\"",
- name);
- GEN_BREAK (SECFailure)
- }
-
- if (date != NULL) {
- rv = DER_AsciiToTime(&timeBoundary, date);
- if (rv) {
- SECU_PrintError(progName, "invalid input date");
- GEN_BREAK (SECFailure)
- }
- } else {
- timeBoundary = PR_Now();
- }
-
- if ( logit ) {
- log = &reallog;
-
- log->count = 0;
- log->head = NULL;
- log->tail = NULL;
- log->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( log->arena == NULL ) {
- SECU_PrintError(progName, "out of memory");
- GEN_BREAK (SECFailure)
- }
- }
-
- rv = CERT_VerifyCertificate(handle, cert, checkSig, usage,
- timeBoundary, pwdata, log, &usage);
- if ( log ) {
- if ( log->head == NULL ) {
- fprintf(stdout, "%s: certificate is valid\n", progName);
- GEN_BREAK (SECSuccess)
- } else {
- char *name;
- CERTVerifyLogNode *node;
-
- node = log->head;
- while ( node ) {
- if ( node->cert->nickname != NULL ) {
- name = node->cert->nickname;
- } else {
- name = node->cert->subjectName;
- }
- fprintf(stderr, "%s : %s\n", name,
- SECU_Strerror(node->error));
- CERT_DestroyCertificate(node->cert);
- node = node->next;
- }
- }
- } else {
- if (rv != SECSuccess) {
- PRErrorCode perr = PORT_GetError();
- fprintf(stdout, "%s: certificate is invalid: %s\n",
- progName, SECU_Strerror(perr));
- GEN_BREAK (SECFailure)
- }
- fprintf(stdout, "%s: certificate is valid\n", progName);
- GEN_BREAK (SECSuccess)
- }
+ if (!cert) {
+ SECU_PrintError(progName, "could not find certificate named \"%s\"",
+ name);
+ GEN_BREAK(SECFailure)
+ }
+
+ if (date != NULL) {
+ rv = DER_AsciiToTime(&timeBoundary, date);
+ if (rv) {
+ SECU_PrintError(progName, "invalid input date");
+ GEN_BREAK(SECFailure)
+ }
+ } else {
+ timeBoundary = PR_Now();
+ }
+
+ if (logit) {
+ log = &reallog;
+
+ log->count = 0;
+ log->head = NULL;
+ log->tail = NULL;
+ log->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (log->arena == NULL) {
+ SECU_PrintError(progName, "out of memory");
+ GEN_BREAK(SECFailure)
+ }
+ }
+
+ rv = CERT_VerifyCertificate(handle, cert, checkSig, usage,
+ timeBoundary, pwdata, log, &usage);
+ if (log) {
+ if (log->head == NULL) {
+ fprintf(stdout, "%s: certificate is valid\n", progName);
+ GEN_BREAK(SECSuccess)
+ } else {
+ char *name;
+ CERTVerifyLogNode *node;
+
+ node = log->head;
+ while (node) {
+ if (node->cert->nickname != NULL) {
+ name = node->cert->nickname;
+ } else {
+ name = node->cert->subjectName;
+ }
+ fprintf(stderr, "%s : %s\n", name,
+ SECU_Strerror(node->error));
+ CERT_DestroyCertificate(node->cert);
+ node = node->next;
+ }
+ }
+ } else {
+ if (rv != SECSuccess) {
+ PRErrorCode perr = PORT_GetError();
+ fprintf(stdout, "%s: certificate is invalid: %s\n",
+ progName, SECU_Strerror(perr));
+ GEN_BREAK(SECFailure)
+ }
+ fprintf(stdout, "%s: certificate is valid\n", progName);
+ GEN_BREAK(SECSuccess)
+ }
} while (0);
if (cert) {
@@ -753,65 +756,66 @@ ValidateCert(CERTCertDBHandle *handle, char *name, char *date,
}
static PRBool
-ItemIsPrintableASCII(const SECItem * item)
+ItemIsPrintableASCII(const SECItem *item)
{
unsigned char *src = item->data;
- unsigned int len = item->len;
+ unsigned int len = item->len;
while (len-- > 0) {
unsigned char uc = *src++;
- if (uc < 0x20 || uc > 0x7e)
- return PR_FALSE;
+ if (uc < 0x20 || uc > 0x7e)
+ return PR_FALSE;
}
return PR_TRUE;
}
/* Caller ensures that dst is at least item->len*2+1 bytes long */
static void
-SECItemToHex(const SECItem * item, char * dst)
+SECItemToHex(const SECItem *item, char *dst)
{
if (dst && item && item->data) {
- unsigned char * src = item->data;
- unsigned int len = item->len;
- for (; len > 0; --len, dst += 2) {
- sprintf(dst, "%02x", *src++);
- }
- *dst = '\0';
+ unsigned char *src = item->data;
+ unsigned int len = item->len;
+ for (; len > 0; --len, dst += 2) {
+ sprintf(dst, "%02x", *src++);
+ }
+ *dst = '\0';
}
}
-static const char * const keyTypeName[] = {
- "null", "rsa", "dsa", "fortezza", "dh", "kea", "ec" };
+static const char *const keyTypeName[] = {
+ "null", "rsa", "dsa", "fortezza", "dh", "kea", "ec"
+};
#define MAX_CKA_ID_BIN_LEN 20
#define MAX_CKA_ID_STR_LEN 40
/* print key number, key ID (in hex or ASCII), key label (nickname) */
static SECStatus
-PrintKey(PRFileDesc *out, const char *nickName, int count,
+PrintKey(PRFileDesc *out, const char *nickName, int count,
SECKEYPrivateKey *key, void *pwarg)
{
- SECItem * ckaID;
+ SECItem *ckaID;
char ckaIDbuf[MAX_CKA_ID_STR_LEN + 4];
pwarg = NULL;
ckaID = PK11_GetLowLevelKeyIDForPrivateKey(key);
if (!ckaID) {
- strcpy(ckaIDbuf, "(no CKA_ID)");
+ strcpy(ckaIDbuf, "(no CKA_ID)");
} else if (ItemIsPrintableASCII(ckaID)) {
- int len = PR_MIN(MAX_CKA_ID_STR_LEN, ckaID->len);
- ckaIDbuf[0] = '"';
- memcpy(ckaIDbuf + 1, ckaID->data, len);
- ckaIDbuf[1 + len] = '"';
- ckaIDbuf[2 + len] = '\0';
+ int len = PR_MIN(MAX_CKA_ID_STR_LEN, ckaID->len);
+ ckaIDbuf[0] = '"';
+ memcpy(ckaIDbuf + 1, ckaID->data, len);
+ ckaIDbuf[1 + len] = '"';
+ ckaIDbuf[2 + len] = '\0';
} else {
- /* print ckaid in hex */
- SECItem idItem = *ckaID;
- if (idItem.len > MAX_CKA_ID_BIN_LEN)
- idItem.len = MAX_CKA_ID_BIN_LEN;
+ /* print ckaid in hex */
+ SECItem idItem = *ckaID;
+ if (idItem.len > MAX_CKA_ID_BIN_LEN)
+ idItem.len = MAX_CKA_ID_BIN_LEN;
SECItemToHex(&idItem, ckaIDbuf);
}
- PR_fprintf(out, "<%2d> %-8.8s %-42.42s %s\n", count,
+ PR_fprintf(out, "<%2d> %-8.8s %-42.42s %s\n", count,
keyTypeName[key->keyType], ckaIDbuf, nickName);
SECITEM_ZfreeItem(ckaID, PR_TRUE);
@@ -820,7 +824,7 @@ PrintKey(PRFileDesc *out, const char *nickName, int count,
/* returns SECSuccess if ANY keys are found, SECFailure otherwise. */
static SECStatus
-ListKeysInSlot(PK11SlotInfo *slot, const char *nickName, KeyType keyType,
+ListKeysInSlot(PK11SlotInfo *slot, const char *nickName, KeyType keyType,
void *pwarg)
{
SECKEYPrivateKeyList *list;
@@ -836,90 +840,90 @@ ListKeysInSlot(PK11SlotInfo *slot, const char *nickName, KeyType keyType,
}
}
- if (nickName && nickName[0])
- list = PK11_ListPrivKeysInSlot(slot, (char *)nickName, pwarg);
+ if (nickName && nickName[0])
+ list = PK11_ListPrivKeysInSlot(slot, (char *)nickName, pwarg);
else
- list = PK11_ListPrivateKeysInSlot(slot);
+ list = PK11_ListPrivateKeysInSlot(slot);
if (list == NULL) {
- SECU_PrintError(progName, "problem listing keys");
- return SECFailure;
+ SECU_PrintError(progName, "problem listing keys");
+ return SECFailure;
}
- for (node=PRIVKEY_LIST_HEAD(list);
- !PRIVKEY_LIST_END(node,list);
- node=PRIVKEY_LIST_NEXT(node)) {
- char * keyName;
- static const char orphan[] = { "(orphan)" };
+ for (node = PRIVKEY_LIST_HEAD(list);
+ !PRIVKEY_LIST_END(node, list);
+ node = PRIVKEY_LIST_NEXT(node)) {
+ char *keyName;
+ static const char orphan[] = { "(orphan)" };
- if (keyType != nullKey && keyType != node->key->keyType)
- continue;
+ if (keyType != nullKey && keyType != node->key->keyType)
+ continue;
keyName = PK11_GetPrivateKeyNickname(node->key);
- if (!keyName || !keyName[0]) {
- /* Try extra hard to find nicknames for keys that lack them. */
- CERTCertificate * cert;
- PORT_Free((void *)keyName);
- keyName = NULL;
- cert = PK11_GetCertFromPrivateKey(node->key);
- if (cert) {
- if (cert->nickname && cert->nickname[0]) {
- keyName = PORT_Strdup(cert->nickname);
- } else if (cert->emailAddr && cert->emailAddr[0]) {
- keyName = PORT_Strdup(cert->emailAddr);
- }
- CERT_DestroyCertificate(cert);
- }
- }
- if (nickName) {
- if (!keyName || PL_strcmp(keyName,nickName)) {
- /* PKCS#11 module returned unwanted keys */
- PORT_Free((void *)keyName);
- continue;
- }
- }
- if (!keyName)
- keyName = (char *)orphan;
-
- PrintKey(PR_STDOUT, keyName, count, node->key, pwarg);
-
- if (keyName != (char *)orphan)
- PORT_Free((void *)keyName);
- count++;
+ if (!keyName || !keyName[0]) {
+ /* Try extra hard to find nicknames for keys that lack them. */
+ CERTCertificate *cert;
+ PORT_Free((void *)keyName);
+ keyName = NULL;
+ cert = PK11_GetCertFromPrivateKey(node->key);
+ if (cert) {
+ if (cert->nickname && cert->nickname[0]) {
+ keyName = PORT_Strdup(cert->nickname);
+ } else if (cert->emailAddr && cert->emailAddr[0]) {
+ keyName = PORT_Strdup(cert->emailAddr);
+ }
+ CERT_DestroyCertificate(cert);
+ }
+ }
+ if (nickName) {
+ if (!keyName || PL_strcmp(keyName, nickName)) {
+ /* PKCS#11 module returned unwanted keys */
+ PORT_Free((void *)keyName);
+ continue;
+ }
+ }
+ if (!keyName)
+ keyName = (char *)orphan;
+
+ PrintKey(PR_STDOUT, keyName, count, node->key, pwarg);
+
+ if (keyName != (char *)orphan)
+ PORT_Free((void *)keyName);
+ count++;
}
SECKEY_DestroyPrivateKeyList(list);
if (count == 0) {
- PR_fprintf(PR_STDOUT, "%s: no keys found\n", progName);
- return SECFailure;
+ PR_fprintf(PR_STDOUT, "%s: no keys found\n", progName);
+ return SECFailure;
}
return SECSuccess;
}
/* returns SECSuccess if ANY keys are found, SECFailure otherwise. */
static SECStatus
-ListKeys(PK11SlotInfo *slot, const char *nickName, int index,
+ListKeys(PK11SlotInfo *slot, const char *nickName, int index,
KeyType keyType, PRBool dopriv, secuPWData *pwdata)
{
SECStatus rv = SECFailure;
- static const char fmt[] = \
- "%s: Checking token \"%.33s\" in slot \"%.65s\"\n";
+ static const char fmt[] =
+ "%s: Checking token \"%.33s\" in slot \"%.65s\"\n";
if (slot == NULL) {
- PK11SlotList *list;
- PK11SlotListElement *le;
-
- list= PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,pwdata);
- if (list) {
- for (le = list->head; le; le = le->next) {
- PR_fprintf(PR_STDOUT, fmt, progName,
- PK11_GetTokenName(le->slot),
- PK11_GetSlotName(le->slot));
- rv &= ListKeysInSlot(le->slot,nickName,keyType,pwdata);
- }
- PK11_FreeSlotList(list);
- }
+ PK11SlotList *list;
+ PK11SlotListElement *le;
+
+ list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, pwdata);
+ if (list) {
+ for (le = list->head; le; le = le->next) {
+ PR_fprintf(PR_STDOUT, fmt, progName,
+ PK11_GetTokenName(le->slot),
+ PK11_GetSlotName(le->slot));
+ rv &= ListKeysInSlot(le->slot, nickName, keyType, pwdata);
+ }
+ PK11_FreeSlotList(list);
+ }
} else {
- PR_fprintf(PR_STDOUT, fmt, progName, PK11_GetTokenName(slot),
- PK11_GetSlotName(slot));
- rv = ListKeysInSlot(slot,nickName,keyType,pwdata);
+ PR_fprintf(PR_STDOUT, fmt, progName, PK11_GetTokenName(slot),
+ PK11_GetSlotName(slot));
+ rv = ListKeysInSlot(slot, nickName, keyType, pwdata);
}
return rv;
}
@@ -942,19 +946,18 @@ DeleteKey(char *nickname, secuPWData *pwdata)
}
cert = PK11_FindCertFromNickname(nickname, pwdata);
if (!cert) {
- PK11_FreeSlot(slot);
- return SECFailure;
+ PK11_FreeSlot(slot);
+ return SECFailure;
}
rv = PK11_DeleteTokenCertAndKey(cert, pwdata);
if (rv != SECSuccess) {
- SECU_PrintError("problem deleting private key \"%s\"\n", nickname);
+ SECU_PrintError("problem deleting private key \"%s\"\n", nickname);
}
CERT_DestroyCertificate(cert);
PK11_FreeSlot(slot);
return rv;
}
-
/*
* L i s t M o d u l e s
*
@@ -970,104 +973,107 @@ ListModules(void)
PK11SlotListElement *le;
/* get them all! */
- list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,NULL);
- if (list == NULL) return SECFailure;
+ list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
+ if (list == NULL)
+ return SECFailure;
/* look at each slot*/
- for (le = list->head ; le; le = le->next) {
- printf ("\n");
- printf (" slot: %s\n", PK11_GetSlotName(le->slot));
- printf (" token: %s\n", PK11_GetTokenName(le->slot));
+ for (le = list->head; le; le = le->next) {
+ printf("\n");
+ printf(" slot: %s\n", PK11_GetSlotName(le->slot));
+ printf(" token: %s\n", PK11_GetTokenName(le->slot));
}
PK11_FreeSlotList(list);
return SECSuccess;
}
-static void
+static void
PrintSyntax(char *progName)
{
-#define FPS fprintf(stderr,
+#define FPS fprintf(stderr,
FPS "Type %s -H for more detailed descriptions\n", progName);
FPS "Usage: %s -N [-d certdir] [-P dbprefix] [-f pwfile] [--empty-password]\n", progName);
FPS "Usage: %s -T [-d certdir] [-P dbprefix] [-h token-name]\n"
- "\t\t [-f pwfile] [-0 SSO-password]\n", progName);
+ "\t\t [-f pwfile] [-0 SSO-password]\n", progName);
FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n",
- progName);
+ progName);
FPS "\t%s -B -i batch-file\n", progName);
FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n"
- "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n"
+ "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n"
"\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-Z hashAlg]\n"
"\t\t [-1 | --keyUsage [keyUsageKeyword,..]] [-2] [-3] [-4]\n"
"\t\t [-5 | --nsCertType [nsCertTypeKeyword,...]]\n"
"\t\t [-6 | --extKeyUsage [extKeyUsageKeyword,...]] [-7 emailAddrs]\n"
"\t\t [-8 dns-names] [-a]\n",
- progName);
+ progName);
FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName);
FPS "\t%s --rename -n cert-name --new-n new-cert-name\n"
"\t\t [-d certdir] [-P dbprefix]\n", progName);
FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n",
- progName);
- FPS "\t%s -F -n nickname [-d certdir] [-P dbprefix]\n",
- progName);
- FPS "\t%s -G -n key-name [-h token-name] [-k rsa] [-g key-size] [-y exp]\n"
- "\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
+ progName);
+ FPS "\t%s -F -n nickname [-d certdir] [-P dbprefix]\n",
+ progName);
+ FPS "\t%s -G -n key-name [-h token-name] [-k rsa] [-g key-size] [-y exp]\n"
+ "\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n"
- "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
+ "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
#ifndef NSS_DISABLE_ECC
FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n"
- "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
- FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n",
- progName);
+ "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
+ FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n",
+ progName);
#else
- FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n",
- progName);
+ FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n",
+ progName);
#endif /* NSS_DISABLE_ECC */
FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n");
FPS "\t%s --upgrade-merge --source-dir upgradeDir --upgrade-id uniqueID\n",
- progName);
+ progName);
FPS "\t\t [--upgrade-token-name tokenName] [-d targetDBDir]\n");
FPS "\t\t [-P targetDBPrefix] [--source-prefix upgradeDBPrefix]\n");
FPS "\t\t [-f targetPWfile] [-@ upgradePWFile]\n");
FPS "\t%s --merge --source-dir sourceDBDir [-d targetDBdir]\n",
- progName);
+ progName);
FPS "\t\t [-P targetDBPrefix] [--source-prefix sourceDBPrefix]\n");
FPS "\t\t [-f targetPWfile] [-@ sourcePWFile]\n");
FPS "\t%s -L [-n cert-name] [-h token-name] [--email email-address]\n",
- progName);
+ progName);
FPS "\t\t [-X] [-r] [-a] [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n");
FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n",
- progName);
+ progName);
FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName);
FPS "\t%s -R -s subj -o cert-request-file [-d certdir] [-P dbprefix] [-p phone] [-a]\n"
"\t\t [-7 emailAddrs] [-k key-type-or-id] [-h token-name] [-f pwfile]\n"
"\t\t [-g key-size] [-Z hashAlg]\n",
- progName);
+ progName);
FPS "\t%s -V -n cert-name -u usage [-b time] [-e] [-a]\n"
- "\t\t[-X] [-d certdir] [-P dbprefix]\n",
- progName);
+ "\t\t[-X] [-d certdir] [-P dbprefix]\n",
+ progName);
FPS "Usage: %s -W [-d certdir] [-f pwfile] [-@newpwfile]\n",
- progName);
+ progName);
FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x] -t trustargs\n"
- "\t\t [-k key-type-or-id] [-q key-params] [-h token-name] [-g key-size]\n"
+ "\t\t [-k key-type-or-id] [-q key-params] [-h token-name] [-g key-size]\n"
"\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n"
"\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-Z hashAlg]\n"
"\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n"
"\t\t [-8 DNS-names]\n"
"\t\t [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA]\n"
"\t\t [--extSKID] [--extNC] [--extSAN type:name[,type:name]...]\n"
- "\t\t [--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...]\n", progName);
+ "\t\t [--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...]\n", progName);
FPS "\t%s -U [-X] [-d certdir] [-P dbprefix]\n", progName);
exit(1);
}
enum usage_level {
- usage_all = 0, usage_selected = 1
+ usage_all = 0,
+ usage_selected = 1
};
static void luCommonDetailsAE();
-static void luA(enum usage_level ul, const char *command)
+static void
+luA(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "A"));
if (ul == usage_all || !command || is_my_command)
@@ -1077,13 +1083,13 @@ static void luA(enum usage_level ul, const char *command)
return;
if (ul == usage_all) {
FPS "%-20s\n", " All options under -E apply");
- }
- else {
+ } else {
luCommonDetailsAE();
}
}
-static void luB(enum usage_level ul, const char *command)
+static void
+luB(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "B"));
if (ul == usage_all || !command || is_my_command)
@@ -1093,7 +1099,8 @@ static void luB(enum usage_level ul, const char *command)
FPS "%-20s Specify the batch file\n", " -i batch-file");
}
-static void luE(enum usage_level ul, const char *command)
+static void
+luE(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "E"));
if (ul == usage_all || !command || is_my_command)
@@ -1104,7 +1111,8 @@ static void luE(enum usage_level ul, const char *command)
luCommonDetailsAE();
}
-static void luCommonDetailsAE()
+static void
+luCommonDetailsAE()
{
FPS "%-20s Specify the nickname of the certificate to add\n",
" -n cert-name");
@@ -1133,7 +1141,8 @@ static void luCommonDetailsAE()
FPS "\n");
}
-static void luC(enum usage_level ul, const char *command)
+static void
+luC(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "C"));
if (ul == usage_all || !command || is_my_command)
@@ -1198,7 +1207,8 @@ static void luC(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luG(enum usage_level ul, const char *command)
+static void
+luG(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "G"));
if (ul == usage_all || !command || is_my_command)
@@ -1273,7 +1283,8 @@ static void luG(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luD(enum usage_level ul, const char *command)
+static void
+luD(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "D"));
if (ul == usage_all || !command || is_my_command)
@@ -1288,10 +1299,10 @@ static void luD(enum usage_level ul, const char *command)
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
FPS "\n");
-
}
-static void luF(enum usage_level ul, const char *command)
+static void
+luF(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "F"));
if (ul == usage_all || !command || is_my_command)
@@ -1306,10 +1317,10 @@ static void luF(enum usage_level ul, const char *command)
FPS "%-20s Cert & Key database prefix\n",
" -P dbprefix");
FPS "\n");
-
}
-static void luU(enum usage_level ul, const char *command)
+static void
+luU(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "U"));
if (ul == usage_all || !command || is_my_command)
@@ -1324,10 +1335,10 @@ static void luU(enum usage_level ul, const char *command)
FPS "%-20s force the database to open R/W\n",
" -X");
FPS "\n");
-
}
-static void luK(enum usage_level ul, const char *command)
+static void
+luK(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "K"));
if (ul == usage_all || !command || is_my_command)
@@ -1357,7 +1368,8 @@ static void luK(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luL(enum usage_level ul, const char *command)
+static void
+luL(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "L"));
if (ul == usage_all || !command || is_my_command)
@@ -1388,7 +1400,8 @@ static void luL(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luM(enum usage_level ul, const char *command)
+static void
+luM(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "M"));
if (ul == usage_all || !command || is_my_command)
@@ -1407,7 +1420,8 @@ static void luM(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luN(enum usage_level ul, const char *command)
+static void
+luN(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "N"));
if (ul == usage_all || !command || is_my_command)
@@ -1426,7 +1440,8 @@ static void luN(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luT(enum usage_level ul, const char *command)
+static void
+luT(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "T"));
if (ul == usage_all || !command || is_my_command)
@@ -1445,7 +1460,8 @@ static void luT(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luO(enum usage_level ul, const char *command)
+static void
+luO(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "O"));
if (ul == usage_all || !command || is_my_command)
@@ -1466,7 +1482,8 @@ static void luO(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luR(enum usage_level ul, const char *command)
+static void
+luR(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "R"));
if (ul == usage_all || !command || is_my_command)
@@ -1520,7 +1537,8 @@ static void luR(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luV(enum usage_level ul, const char *command)
+static void
+luV(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "V"));
if (ul == usage_all || !command || is_my_command)
@@ -1533,7 +1551,7 @@ static void luV(enum usage_level ul, const char *command)
FPS "%-20s validity time (\"YYMMDDHHMMSS[+HHMM|-HHMM|Z]\")\n",
" -b time");
FPS "%-20s Check certificate signature \n",
- " -e ");
+ " -e ");
FPS "%-20s Specify certificate usage:\n", " -u certusage");
FPS "%-25s C \t SSL Client\n", "");
FPS "%-25s V \t SSL Server\n", "");
@@ -1541,9 +1559,9 @@ static void luV(enum usage_level ul, const char *command)
FPS "%-25s A \t Any CA\n", "");
FPS "%-25s Y \t Verify CA\n", "");
FPS "%-25s S \t Email signer\n", "");
- FPS "%-25s R \t Email Recipient\n", "");
- FPS "%-25s O \t OCSP status responder\n", "");
- FPS "%-25s J \t Object signer\n", "");
+ FPS "%-25s R \t Email Recipient\n", "");
+ FPS "%-25s O \t OCSP status responder\n", "");
+ FPS "%-25s J \t Object signer\n", "");
FPS "%-20s Cert database directory (default is ~/.netscape)\n",
" -d certdir");
FPS "%-20s Input the certificate in ASCII (RFC1113); default is binary\n",
@@ -1555,7 +1573,8 @@ static void luV(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luW(enum usage_level ul, const char *command)
+static void
+luW(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "W"));
if (ul == usage_all || !command || is_my_command)
@@ -1572,7 +1591,8 @@ static void luW(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luRename(enum usage_level ul, const char *command)
+static void
+luRename(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "rename"));
if (ul == usage_all || !command || is_my_command)
@@ -1591,7 +1611,8 @@ static void luRename(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luUpgradeMerge(enum usage_level ul, const char *command)
+static void
+luUpgradeMerge(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "upgrade-merge"));
if (ul == usage_all || !command || is_my_command)
@@ -1618,7 +1639,8 @@ static void luUpgradeMerge(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luMerge(enum usage_level ul, const char *command)
+static void
+luMerge(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "merge"));
if (ul == usage_all || !command || is_my_command)
@@ -1641,7 +1663,8 @@ static void luMerge(enum usage_level ul, const char *command)
FPS "\n");
}
-static void luS(enum usage_level ul, const char *command)
+static void
+luS(enum usage_level ul, const char *command)
{
int is_my_command = (command && 0 == strcmp(command, "S"));
if (ul == usage_all || !command || is_my_command)
@@ -1732,12 +1755,12 @@ static void luS(enum usage_level ul, const char *command)
" --extNC ");
FPS "%-20s \n"
"%-20s Create a Subject Alt Name extension with one or multiple names\n",
- " --extSAN type:name[,type:name]...", "");
+ " --extSAN type:name[,type:name]...", "");
FPS "%-20s - type: directory, dn, dns, edi, ediparty, email, ip, ipaddr,\n", "");
FPS "%-20s other, registerid, rfc822, uri, x400, x400addr\n", "");
FPS "%-20s \n"
"%-20s Add one or multiple extensions that certutil cannot encode yet,\n"
- "%-20s by loading their encodings from external files.\n",
+ "%-20s by loading their encodings from external files.\n",
" --extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...", "", "");
FPS "%-20s - OID (example): 1.2.3.4\n", "");
FPS "%-20s - critical-flag: critical or not-critical\n", "");
@@ -1745,7 +1768,8 @@ static void luS(enum usage_level ul, const char *command)
FPS "\n");
}
-static void LongUsage(char *progName, enum usage_level ul, const char *command)
+static void
+LongUsage(char *progName, enum usage_level ul, const char *command)
{
luA(ul, command);
luB(ul, command);
@@ -1775,26 +1799,27 @@ static void
Usage(char *progName)
{
PR_fprintf(PR_STDERR,
- "%s - Utility to manipulate NSS certificate databases\n\n"
- "Usage: %s <command> -d <database-directory> <options>\n\n"
- "Valid commands:\n", progName, progName);
+ "%s - Utility to manipulate NSS certificate databases\n\n"
+ "Usage: %s <command> -d <database-directory> <options>\n\n"
+ "Valid commands:\n",
+ progName, progName);
LongUsage(progName, usage_selected, NULL);
PR_fprintf(PR_STDERR, "\n"
- "%s -H <command> : Print available options for the given command\n"
- "%s -H : Print complete help output of all commands and options\n"
- "%s --syntax : Print a short summary of all commands and options\n",
- progName, progName, progName);
+ "%s -H <command> : Print available options for the given command\n"
+ "%s -H : Print complete help output of all commands and options\n"
+ "%s --syntax : Print a short summary of all commands and options\n",
+ progName, progName, progName);
exit(1);
}
static CERTCertificate *
-MakeV1Cert( CERTCertDBHandle * handle,
- CERTCertificateRequest *req,
- char * issuerNickName,
- PRBool selfsign,
- unsigned int serialNumber,
- int warpmonths,
- int validityMonths)
+MakeV1Cert(CERTCertDBHandle *handle,
+ CERTCertificateRequest *req,
+ char *issuerNickName,
+ PRBool selfsign,
+ unsigned int serialNumber,
+ int warpmonths,
+ int validityMonths)
{
CERTCertificate *issuerCert = NULL;
CERTValidity *validity;
@@ -1802,185 +1827,184 @@ MakeV1Cert( CERTCertDBHandle * handle,
PRExplodedTime printableTime;
PRTime now, after;
- if ( !selfsign ) {
- issuerCert = CERT_FindCertByNicknameOrEmailAddr(handle, issuerNickName);
- if (!issuerCert) {
- SECU_PrintError(progName, "could not find certificate named \"%s\"",
- issuerNickName);
- return NULL;
- }
+ if (!selfsign) {
+ issuerCert = CERT_FindCertByNicknameOrEmailAddr(handle, issuerNickName);
+ if (!issuerCert) {
+ SECU_PrintError(progName, "could not find certificate named \"%s\"",
+ issuerNickName);
+ return NULL;
+ }
}
now = PR_Now();
- PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
- if ( warpmonths ) {
- printableTime.tm_month += warpmonths;
- now = PR_ImplodeTime (&printableTime);
- PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
+ PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
+ if (warpmonths) {
+ printableTime.tm_month += warpmonths;
+ now = PR_ImplodeTime(&printableTime);
+ PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
}
printableTime.tm_month += validityMonths;
- after = PR_ImplodeTime (&printableTime);
+ after = PR_ImplodeTime(&printableTime);
/* note that the time is now in micro-second unit */
- validity = CERT_CreateValidity (now, after);
+ validity = CERT_CreateValidity(now, after);
if (validity) {
- cert = CERT_CreateCertificate(serialNumber,
- (selfsign ? &req->subject
- : &issuerCert->subject),
- validity, req);
-
+ cert = CERT_CreateCertificate(serialNumber,
+ (selfsign ? &req->subject
+ : &issuerCert->subject),
+ validity, req);
+
CERT_DestroyValidity(validity);
}
- if ( issuerCert ) {
- CERT_DestroyCertificate (issuerCert);
+ if (issuerCert) {
+ CERT_DestroyCertificate(issuerCert);
}
-
- return(cert);
+
+ return (cert);
}
static SECStatus
-SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
+SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
SECOidTag hashAlgTag,
SECKEYPrivateKey *privKey, char *issuerNickName,
int certVersion, void *pwarg)
{
SECItem der;
- SECKEYPrivateKey *caPrivateKey = NULL;
+ SECKEYPrivateKey *caPrivateKey = NULL;
SECStatus rv;
PLArenaPool *arena;
SECOidTag algID;
void *dummy;
- if( !selfsign ) {
- CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, pwarg);
- if( (CERTCertificate *)NULL == issuer ) {
- SECU_PrintError(progName, "unable to find issuer with nickname %s",
- issuerNickName);
- return SECFailure;
- }
+ if (!selfsign) {
+ CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, pwarg);
+ if ((CERTCertificate *)NULL == issuer) {
+ SECU_PrintError(progName, "unable to find issuer with nickname %s",
+ issuerNickName);
+ return SECFailure;
+ }
- privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg);
- CERT_DestroyCertificate(issuer);
- if (caPrivateKey == NULL) {
- SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName);
- return SECFailure;
- }
+ privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg);
+ CERT_DestroyCertificate(issuer);
+ if (caPrivateKey == NULL) {
+ SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName);
+ return SECFailure;
+ }
}
-
+
arena = cert->arena;
algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, hashAlgTag);
if (algID == SEC_OID_UNKNOWN) {
- fprintf(stderr, "Unknown key or hash type for issuer.");
- rv = SECFailure;
- goto done;
+ fprintf(stderr, "Unknown key or hash type for issuer.");
+ rv = SECFailure;
+ goto done;
}
rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0);
if (rv != SECSuccess) {
- fprintf(stderr, "Could not set signature algorithm id.");
- goto done;
+ fprintf(stderr, "Could not set signature algorithm id.");
+ goto done;
}
- switch(certVersion) {
- case (SEC_CERTIFICATE_VERSION_1):
- /* The initial version for x509 certificates is version one
+ switch (certVersion) {
+ case (SEC_CERTIFICATE_VERSION_1):
+ /* The initial version for x509 certificates is version one
* and this default value must be an implicit DER encoding. */
- cert->version.data = NULL;
- cert->version.len = 0;
- break;
- case (SEC_CERTIFICATE_VERSION_2):
- case (SEC_CERTIFICATE_VERSION_3):
- case 3: /* unspecified format (would be version 4 certificate). */
- *(cert->version.data) = certVersion;
- cert->version.len = 1;
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ cert->version.data = NULL;
+ cert->version.len = 0;
+ break;
+ case (SEC_CERTIFICATE_VERSION_2):
+ case (SEC_CERTIFICATE_VERSION_3):
+ case 3: /* unspecified format (would be version 4 certificate). */
+ *(cert->version.data) = certVersion;
+ cert->version.len = 1;
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
der.len = 0;
der.data = NULL;
- dummy = SEC_ASN1EncodeItem (arena, &der, cert,
- SEC_ASN1_GET(CERT_CertificateTemplate));
+ dummy = SEC_ASN1EncodeItem(arena, &der, cert,
+ SEC_ASN1_GET(CERT_CertificateTemplate));
if (!dummy) {
- fprintf (stderr, "Could not encode certificate.\n");
- rv = SECFailure;
- goto done;
+ fprintf(stderr, "Could not encode certificate.\n");
+ rv = SECFailure;
+ goto done;
}
rv = SEC_DerSignData(arena, &cert->derCert, der.data, der.len, privKey, algID);
if (rv != SECSuccess) {
- fprintf (stderr, "Could not sign encoded certificate data.\n");
- /* result allocated out of the arena, it will be freed
- * when the arena is freed */
- goto done;
+ fprintf(stderr, "Could not sign encoded certificate data.\n");
+ /* result allocated out of the arena, it will be freed
+ * when the arena is freed */
+ goto done;
}
done:
if (caPrivateKey) {
- SECKEY_DestroyPrivateKey(caPrivateKey);
+ SECKEY_DestroyPrivateKey(caPrivateKey);
}
return rv;
}
static SECStatus
CreateCert(
- CERTCertDBHandle *handle,
- PK11SlotInfo *slot,
- char * issuerNickName,
- const SECItem * certReqDER,
- SECKEYPrivateKey **selfsignprivkey,
- void *pwarg,
- SECOidTag hashAlgTag,
- unsigned int serialNumber,
- int warpmonths,
- int validityMonths,
- const char *emailAddrs,
- const char *dnsNames,
- PRBool ascii,
- PRBool selfsign,
- certutilExtnList extnList,
- const char *extGeneric,
- int certVersion,
- SECItem * certDER)
+ CERTCertDBHandle *handle,
+ PK11SlotInfo *slot,
+ char *issuerNickName,
+ const SECItem *certReqDER,
+ SECKEYPrivateKey **selfsignprivkey,
+ void *pwarg,
+ SECOidTag hashAlgTag,
+ unsigned int serialNumber,
+ int warpmonths,
+ int validityMonths,
+ const char *emailAddrs,
+ const char *dnsNames,
+ PRBool ascii,
+ PRBool selfsign,
+ certutilExtnList extnList,
+ const char *extGeneric,
+ int certVersion,
+ SECItem *certDER)
{
- void * extHandle;
- CERTCertificate *subjectCert = NULL;
- CERTCertificateRequest *certReq = NULL;
- SECStatus rv = SECSuccess;
+ void *extHandle;
+ CERTCertificate *subjectCert = NULL;
+ CERTCertificateRequest *certReq = NULL;
+ SECStatus rv = SECSuccess;
CERTCertExtension **CRexts;
do {
- /* Create a certrequest object from the input cert request der */
- certReq = GetCertRequest(certReqDER);
- if (certReq == NULL) {
- GEN_BREAK (SECFailure)
- }
-
- subjectCert = MakeV1Cert (handle, certReq, issuerNickName, selfsign,
- serialNumber, warpmonths, validityMonths);
- if (subjectCert == NULL) {
- GEN_BREAK (SECFailure)
- }
-
-
- extHandle = CERT_StartCertExtensions (subjectCert);
- if (extHandle == NULL) {
- GEN_BREAK (SECFailure)
- }
-
+ /* Create a certrequest object from the input cert request der */
+ certReq = GetCertRequest(certReqDER);
+ if (certReq == NULL) {
+ GEN_BREAK(SECFailure)
+ }
+
+ subjectCert = MakeV1Cert(handle, certReq, issuerNickName, selfsign,
+ serialNumber, warpmonths, validityMonths);
+ if (subjectCert == NULL) {
+ GEN_BREAK(SECFailure)
+ }
+
+ extHandle = CERT_StartCertExtensions(subjectCert);
+ if (extHandle == NULL) {
+ GEN_BREAK(SECFailure)
+ }
+
rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric);
if (rv != SECSuccess) {
- GEN_BREAK (SECFailure)
- }
-
+ GEN_BREAK(SECFailure)
+ }
+
if (certReq->attributes != NULL &&
- certReq->attributes[0] != NULL &&
- certReq->attributes[0]->attrType.data != NULL &&
- certReq->attributes[0]->attrType.len > 0 &&
- SECOID_FindOIDTag(&certReq->attributes[0]->attrType)
- == SEC_OID_PKCS9_EXTENSION_REQUEST) {
+ certReq->attributes[0] != NULL &&
+ certReq->attributes[0]->attrType.data != NULL &&
+ certReq->attributes[0]->attrType.len > 0 &&
+ SECOID_FindOIDTag(&certReq->attributes[0]->attrType) ==
+ SEC_OID_PKCS9_EXTENSION_REQUEST) {
rv = CERT_GetCertificateRequestExtensions(certReq, &CRexts);
if (rv != SECSuccess)
break;
@@ -1989,91 +2013,89 @@ CreateCert(
break;
}
- CERT_FinishExtensions(extHandle);
+ CERT_FinishExtensions(extHandle);
- /* self-signing a cert request, find the private key */
- if (selfsign && *selfsignprivkey == NULL) {
- *selfsignprivkey = PK11_FindKeyByDERCert(slot, subjectCert, pwarg);
- if (!*selfsignprivkey) {
- fprintf(stderr, "Failed to locate private key.\n");
- rv = SECFailure;
- break;
- }
- }
+ /* self-signing a cert request, find the private key */
+ if (selfsign && *selfsignprivkey == NULL) {
+ *selfsignprivkey = PK11_FindKeyByDERCert(slot, subjectCert, pwarg);
+ if (!*selfsignprivkey) {
+ fprintf(stderr, "Failed to locate private key.\n");
+ rv = SECFailure;
+ break;
+ }
+ }
- rv = SignCert(handle, subjectCert, selfsign, hashAlgTag,
- *selfsignprivkey, issuerNickName,
+ rv = SignCert(handle, subjectCert, selfsign, hashAlgTag,
+ *selfsignprivkey, issuerNickName,
certVersion, pwarg);
- if (rv != SECSuccess)
- break;
-
- rv = SECFailure;
- if (ascii) {
- char * asciiDER = BTOA_DataToAscii(subjectCert->derCert.data,
- subjectCert->derCert.len);
- if (asciiDER) {
- char * wrapped = PR_smprintf("%s\n%s\n%s\n",
- NS_CERT_HEADER,
- asciiDER,
- NS_CERT_TRAILER);
- if (wrapped) {
- PRUint32 wrappedLen = PL_strlen(wrapped);
- if (SECITEM_AllocItem(NULL, certDER, wrappedLen)) {
- PORT_Memcpy(certDER->data, wrapped, wrappedLen);
- rv = SECSuccess;
- }
- PR_smprintf_free(wrapped);
- }
- PORT_Free(asciiDER);
- }
- } else {
- rv = SECITEM_CopyItem(NULL, certDER, &subjectCert->derCert);
- }
+ if (rv != SECSuccess)
+ break;
+
+ rv = SECFailure;
+ if (ascii) {
+ char *asciiDER = BTOA_DataToAscii(subjectCert->derCert.data,
+ subjectCert->derCert.len);
+ if (asciiDER) {
+ char *wrapped = PR_smprintf("%s\n%s\n%s\n",
+ NS_CERT_HEADER,
+ asciiDER,
+ NS_CERT_TRAILER);
+ if (wrapped) {
+ PRUint32 wrappedLen = PL_strlen(wrapped);
+ if (SECITEM_AllocItem(NULL, certDER, wrappedLen)) {
+ PORT_Memcpy(certDER->data, wrapped, wrappedLen);
+ rv = SECSuccess;
+ }
+ PR_smprintf_free(wrapped);
+ }
+ PORT_Free(asciiDER);
+ }
+ } else {
+ rv = SECITEM_CopyItem(NULL, certDER, &subjectCert->derCert);
+ }
} while (0);
- CERT_DestroyCertificateRequest (certReq);
- CERT_DestroyCertificate (subjectCert);
+ CERT_DestroyCertificateRequest(certReq);
+ CERT_DestroyCertificate(subjectCert);
if (rv != SECSuccess) {
- PRErrorCode perr = PR_GetError();
+ PRErrorCode perr = PR_GetError();
fprintf(stderr, "%s: unable to create cert (%s)\n", progName,
- SECU_Strerror(perr));
+ SECU_Strerror(perr));
}
return (rv);
}
-
/*
* map a class to a user presentable string
*/
static const char *objClassArray[] = {
- "Data",
- "Certificate",
- "Public Key",
- "Private Key",
- "Secret Key",
- "Hardware Feature",
- "Domain Parameters",
- "Mechanism"
+ "Data",
+ "Certificate",
+ "Public Key",
+ "Private Key",
+ "Secret Key",
+ "Hardware Feature",
+ "Domain Parameters",
+ "Mechanism"
};
static const char *objNSSClassArray[] = {
- "CKO_NSS",
- "Crl",
- "SMIME Record",
- "Trust",
- "Builtin Root List"
+ "CKO_NSS",
+ "Crl",
+ "SMIME Record",
+ "Trust",
+ "Builtin Root List"
};
-
const char *
getObjectClass(CK_ULONG classType)
{
- static char buf[sizeof(CK_ULONG)*2+3];
+ static char buf[sizeof(CK_ULONG) * 2 + 3];
if (classType <= CKO_MECHANISM) {
- return objClassArray[classType];
+ return objClassArray[classType];
}
if (classType >= CKO_NSS && classType <= CKO_NSS_BUILTIN_ROOT_LIST) {
- return objNSSClassArray[classType - CKO_NSS];
+ return objNSSClassArray[classType - CKO_NSS];
}
sprintf(buf, "0x%lx", classType);
return buf;
@@ -2081,83 +2103,83 @@ getObjectClass(CK_ULONG classType)
typedef struct {
char *name;
- int nameSize;
+ int nameSize;
CK_ULONG value;
} flagArray;
-#define NAME_SIZE(x) #x,sizeof(#x)-1
+#define NAME_SIZE(x) #x, sizeof(#x) - 1
flagArray opFlagsArray[] =
-{
- {NAME_SIZE(encrypt), CKF_ENCRYPT},
- {NAME_SIZE(decrypt), CKF_DECRYPT},
- {NAME_SIZE(sign), CKF_SIGN},
- {NAME_SIZE(sign_recover), CKF_SIGN_RECOVER},
- {NAME_SIZE(verify), CKF_VERIFY},
- {NAME_SIZE(verify_recover), CKF_VERIFY_RECOVER},
- {NAME_SIZE(wrap), CKF_WRAP},
- {NAME_SIZE(unwrap), CKF_UNWRAP},
- {NAME_SIZE(derive), CKF_DERIVE},
-};
-
-int opFlagsCount = sizeof(opFlagsArray)/sizeof(flagArray);
+ {
+ { NAME_SIZE(encrypt), CKF_ENCRYPT },
+ { NAME_SIZE(decrypt), CKF_DECRYPT },
+ { NAME_SIZE(sign), CKF_SIGN },
+ { NAME_SIZE(sign_recover), CKF_SIGN_RECOVER },
+ { NAME_SIZE(verify), CKF_VERIFY },
+ { NAME_SIZE(verify_recover), CKF_VERIFY_RECOVER },
+ { NAME_SIZE(wrap), CKF_WRAP },
+ { NAME_SIZE(unwrap), CKF_UNWRAP },
+ { NAME_SIZE(derive), CKF_DERIVE },
+ };
+
+int opFlagsCount = sizeof(opFlagsArray) / sizeof(flagArray);
flagArray attrFlagsArray[] =
-{
- {NAME_SIZE(token), PK11_ATTR_TOKEN},
- {NAME_SIZE(session), PK11_ATTR_SESSION},
- {NAME_SIZE(private), PK11_ATTR_PRIVATE},
- {NAME_SIZE(public), PK11_ATTR_PUBLIC},
- {NAME_SIZE(modifiable), PK11_ATTR_MODIFIABLE},
- {NAME_SIZE(unmodifiable), PK11_ATTR_UNMODIFIABLE},
- {NAME_SIZE(sensitive), PK11_ATTR_SENSITIVE},
- {NAME_SIZE(insensitive), PK11_ATTR_INSENSITIVE},
- {NAME_SIZE(extractable), PK11_ATTR_EXTRACTABLE},
- {NAME_SIZE(unextractable), PK11_ATTR_UNEXTRACTABLE}
-
-};
-
-int attrFlagsCount = sizeof(attrFlagsArray)/sizeof(flagArray);
+ {
+ { NAME_SIZE(token), PK11_ATTR_TOKEN },
+ { NAME_SIZE(session), PK11_ATTR_SESSION },
+ { NAME_SIZE(private), PK11_ATTR_PRIVATE },
+ { NAME_SIZE(public), PK11_ATTR_PUBLIC },
+ { NAME_SIZE(modifiable), PK11_ATTR_MODIFIABLE },
+ { NAME_SIZE(unmodifiable), PK11_ATTR_UNMODIFIABLE },
+ { NAME_SIZE(sensitive), PK11_ATTR_SENSITIVE },
+ { NAME_SIZE(insensitive), PK11_ATTR_INSENSITIVE },
+ { NAME_SIZE(extractable), PK11_ATTR_EXTRACTABLE },
+ { NAME_SIZE(unextractable), PK11_ATTR_UNEXTRACTABLE }
+
+ };
+
+int attrFlagsCount = sizeof(attrFlagsArray) / sizeof(flagArray);
#define MAX_STRING 30
CK_ULONG
GetFlags(char *flagsString, flagArray *flagArray, int count)
{
- CK_ULONG flagsValue = strtol(flagsString, NULL, 0);
- int i;
-
- if ((flagsValue != 0) || (*flagsString == 0)) {
- return flagsValue;
- }
- while (*flagsString) {
- for (i=0; i < count; i++) {
- if (strncmp(flagsString, flagArray[i].name, flagArray[i].nameSize)
- == 0) {
- flagsValue |= flagArray[i].value;
- flagsString += flagArray[i].nameSize;
- if (*flagsString != 0) {
- flagsString++;
- }
- break;
- }
- }
- if (i == count) {
- char name[MAX_STRING];
- char *tok;
-
- strncpy(name,flagsString, MAX_STRING);
- name[MAX_STRING-1] = 0;
- tok = strchr(name, ',');
- if (tok) {
- *tok = 0;
- }
- fprintf(stderr,"Unknown flag (%s)\n",name);
- tok = strchr(flagsString, ',');
- if (tok == NULL) {
- break;
- }
- flagsString = tok+1;
- }
+ CK_ULONG flagsValue = strtol(flagsString, NULL, 0);
+ int i;
+
+ if ((flagsValue != 0) || (*flagsString == 0)) {
+ return flagsValue;
+ }
+ while (*flagsString) {
+ for (i = 0; i < count; i++) {
+ if (strncmp(flagsString, flagArray[i].name, flagArray[i].nameSize) ==
+ 0) {
+ flagsValue |= flagArray[i].value;
+ flagsString += flagArray[i].nameSize;
+ if (*flagsString != 0) {
+ flagsString++;
+ }
+ break;
+ }
+ }
+ if (i == count) {
+ char name[MAX_STRING];
+ char *tok;
+
+ strncpy(name, flagsString, MAX_STRING);
+ name[MAX_STRING - 1] = 0;
+ tok = strchr(name, ',');
+ if (tok) {
+ *tok = 0;
+ }
+ fprintf(stderr, "Unknown flag (%s)\n", name);
+ tok = strchr(flagsString, ',');
+ if (tok == NULL) {
+ break;
+ }
+ flagsString = tok + 1;
+ }
}
return flagsValue;
}
@@ -2174,15 +2196,16 @@ GetAttrFlags(char *flags)
return GetFlags(flags, attrFlagsArray, attrFlagsCount);
}
-char *mkNickname(unsigned char *data, int len)
+char *
+mkNickname(unsigned char *data, int len)
{
- char *nick = PORT_Alloc(len+1);
- if (!nick) {
- return nick;
- }
- PORT_Memcpy(nick, data, len);
- nick[len] = 0;
- return nick;
+ char *nick = PORT_Alloc(len + 1);
+ if (!nick) {
+ return nick;
+ }
+ PORT_Memcpy(nick, data, len);
+ nick[len] = 0;
+ return nick;
}
/*
@@ -2194,37 +2217,37 @@ DumpMergeLog(const char *progname, PK11MergeLog *log)
PK11MergeLogNode *node;
for (node = log->head; node; node = node->next) {
- SECItem attrItem;
- char *nickname = NULL;
- const char *objectClass = NULL;
- SECStatus rv;
-
- attrItem.data = NULL;
- rv = PK11_ReadRawAttribute(PK11_TypeGeneric, node->object,
- CKA_LABEL, &attrItem);
- if (rv == SECSuccess) {
- nickname = mkNickname(attrItem.data, attrItem.len);
- PORT_Free(attrItem.data);
- }
- attrItem.data = NULL;
- rv = PK11_ReadRawAttribute(PK11_TypeGeneric, node->object,
- CKA_CLASS, &attrItem);
- if (rv == SECSuccess) {
- if (attrItem.len == sizeof(CK_ULONG)) {
- objectClass = getObjectClass(*(CK_ULONG *)attrItem.data);
- }
- PORT_Free(attrItem.data);
- }
-
- fprintf(stderr, "%s: Could not merge object %s (type %s): %s\n",
- progName,
- nickname ? nickname : "unnamed",
- objectClass ? objectClass : "unknown",
- SECU_Strerror(node->error));
-
- if (nickname) {
- PORT_Free(nickname);
- }
+ SECItem attrItem;
+ char *nickname = NULL;
+ const char *objectClass = NULL;
+ SECStatus rv;
+
+ attrItem.data = NULL;
+ rv = PK11_ReadRawAttribute(PK11_TypeGeneric, node->object,
+ CKA_LABEL, &attrItem);
+ if (rv == SECSuccess) {
+ nickname = mkNickname(attrItem.data, attrItem.len);
+ PORT_Free(attrItem.data);
+ }
+ attrItem.data = NULL;
+ rv = PK11_ReadRawAttribute(PK11_TypeGeneric, node->object,
+ CKA_CLASS, &attrItem);
+ if (rv == SECSuccess) {
+ if (attrItem.len == sizeof(CK_ULONG)) {
+ objectClass = getObjectClass(*(CK_ULONG *)attrItem.data);
+ }
+ PORT_Free(attrItem.data);
+ }
+
+ fprintf(stderr, "%s: Could not merge object %s (type %s): %s\n",
+ progName,
+ nickname ? nickname : "unnamed",
+ objectClass ? objectClass : "unknown",
+ SECU_Strerror(node->error));
+
+ if (nickname) {
+ PORT_Free(nickname);
+ }
}
}
@@ -2326,176 +2349,174 @@ enum certutilOpts {
opt_Help
};
-static const
-secuCommandFlag commands_init[] =
-{
- { /* cmd_AddCert */ 'A', PR_FALSE, 0, PR_FALSE },
- { /* cmd_CreateNewCert */ 'C', PR_FALSE, 0, PR_FALSE },
- { /* cmd_DeleteCert */ 'D', PR_FALSE, 0, PR_FALSE },
- { /* cmd_AddEmailCert */ 'E', PR_FALSE, 0, PR_FALSE },
- { /* cmd_DeleteKey */ 'F', PR_FALSE, 0, PR_FALSE },
- { /* cmd_GenKeyPair */ 'G', PR_FALSE, 0, PR_FALSE },
- { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE, "help" },
- { /* cmd_PrintSyntax */ 0, PR_FALSE, 0, PR_FALSE,
- "syntax" },
- { /* cmd_ListKeys */ 'K', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ListCerts */ 'L', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ModifyCertTrust */ 'M', PR_FALSE, 0, PR_FALSE },
- { /* cmd_NewDBs */ 'N', PR_FALSE, 0, PR_FALSE },
- { /* cmd_DumpChain */ 'O', PR_FALSE, 0, PR_FALSE },
- { /* cmd_CertReq */ 'R', PR_FALSE, 0, PR_FALSE },
- { /* cmd_CreateAndAddCert */ 'S', PR_FALSE, 0, PR_FALSE },
- { /* cmd_TokenReset */ 'T', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ListModules */ 'U', PR_FALSE, 0, PR_FALSE },
- { /* cmd_CheckCertValidity */ 'V', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ChangePassword */ 'W', PR_FALSE, 0, PR_FALSE },
- { /* cmd_Version */ 'Y', PR_FALSE, 0, PR_FALSE },
- { /* cmd_Batch */ 'B', PR_FALSE, 0, PR_FALSE },
- { /* cmd_Merge */ 0, PR_FALSE, 0, PR_FALSE, "merge" },
- { /* cmd_UpgradeMerge */ 0, PR_FALSE, 0, PR_FALSE,
- "upgrade-merge" },
- { /* cmd_Rename */ 0, PR_FALSE, 0, PR_FALSE,
- "rename" }
-};
+static const secuCommandFlag commands_init[] =
+ {
+ { /* cmd_AddCert */ 'A', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_CreateNewCert */ 'C', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_DeleteCert */ 'D', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_AddEmailCert */ 'E', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_DeleteKey */ 'F', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_GenKeyPair */ 'G', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE, "help" },
+ { /* cmd_PrintSyntax */ 0, PR_FALSE, 0, PR_FALSE,
+ "syntax" },
+ { /* cmd_ListKeys */ 'K', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_ListCerts */ 'L', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_ModifyCertTrust */ 'M', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_NewDBs */ 'N', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_DumpChain */ 'O', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_CertReq */ 'R', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_CreateAndAddCert */ 'S', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_TokenReset */ 'T', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_ListModules */ 'U', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_CheckCertValidity */ 'V', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_ChangePassword */ 'W', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_Version */ 'Y', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_Batch */ 'B', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_Merge */ 0, PR_FALSE, 0, PR_FALSE, "merge" },
+ { /* cmd_UpgradeMerge */ 0, PR_FALSE, 0, PR_FALSE,
+ "upgrade-merge" },
+ { /* cmd_Rename */ 0, PR_FALSE, 0, PR_FALSE,
+ "rename" }
+ };
#define NUM_COMMANDS ((sizeof commands_init) / (sizeof commands_init[0]))
-
-static const
-secuCommandFlag options_init[] =
-{
- { /* opt_SSOPass */ '0', PR_TRUE, 0, PR_FALSE },
- { /* opt_AddKeyUsageExt */ '1', PR_FALSE, 0, PR_FALSE },
- { /* opt_AddBasicConstraintExt*/ '2', PR_FALSE, 0, PR_FALSE },
- { /* opt_AddAuthorityKeyIDExt*/ '3', PR_FALSE, 0, PR_FALSE },
- { /* opt_AddCRLDistPtsExt */ '4', PR_FALSE, 0, PR_FALSE },
- { /* opt_AddNSCertTypeExt */ '5', PR_FALSE, 0, PR_FALSE },
- { /* opt_AddExtKeyUsageExt */ '6', PR_FALSE, 0, PR_FALSE },
- { /* opt_ExtendedEmailAddrs */ '7', PR_TRUE, 0, PR_FALSE },
- { /* opt_ExtendedDNSNames */ '8', PR_TRUE, 0, PR_FALSE },
- { /* opt_ASCIIForIO */ 'a', PR_FALSE, 0, PR_FALSE },
- { /* opt_ValidityTime */ 'b', PR_TRUE, 0, PR_FALSE },
- { /* opt_IssuerName */ 'c', PR_TRUE, 0, PR_FALSE },
- { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
- { /* opt_VerifySig */ 'e', PR_FALSE, 0, PR_FALSE },
- { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE },
- { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE },
- { /* opt_InputFile */ 'i', PR_TRUE, 0, PR_FALSE },
- { /* opt_Emailaddress */ 0, PR_TRUE, 0, PR_FALSE, "email" },
- { /* opt_KeyIndex */ 'j', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeyType */ 'k', PR_TRUE, 0, PR_FALSE },
- { /* opt_DetailedInfo */ 'l', PR_FALSE, 0, PR_FALSE },
- { /* opt_SerialNumber */ 'm', PR_TRUE, 0, PR_FALSE },
- { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
- { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE },
- { /* opt_PhoneNumber */ 'p', PR_TRUE, 0, PR_FALSE },
- { /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE },
- { /* opt_PQGFile */ 'q', PR_TRUE, 0, PR_FALSE },
- { /* opt_BinaryDER */ 'r', PR_FALSE, 0, PR_FALSE },
- { /* opt_Subject */ 's', PR_TRUE, 0, PR_FALSE },
- { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE },
- { /* opt_Usage */ 'u', PR_TRUE, 0, PR_FALSE },
- { /* opt_Validity */ 'v', PR_TRUE, 0, PR_FALSE },
- { /* opt_OffsetMonths */ 'w', PR_TRUE, 0, PR_FALSE },
- { /* opt_SelfSign */ 'x', PR_FALSE, 0, PR_FALSE },
- { /* opt_RW */ 'X', PR_FALSE, 0, PR_FALSE },
- { /* opt_Exponent */ 'y', PR_TRUE, 0, PR_FALSE },
- { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE },
- { /* opt_Hash */ 'Z', PR_TRUE, 0, PR_FALSE },
- { /* opt_NewPasswordFile */ '@', PR_TRUE, 0, PR_FALSE },
- { /* opt_AddAuthInfoAccExt */ 0, PR_FALSE, 0, PR_FALSE, "extAIA" },
- { /* opt_AddSubjInfoAccExt */ 0, PR_FALSE, 0, PR_FALSE, "extSIA" },
- { /* opt_AddCertPoliciesExt */ 0, PR_FALSE, 0, PR_FALSE, "extCP" },
- { /* opt_AddPolicyMapExt */ 0, PR_FALSE, 0, PR_FALSE, "extPM" },
- { /* opt_AddPolicyConstrExt */ 0, PR_FALSE, 0, PR_FALSE, "extPC" },
- { /* opt_AddInhibAnyExt */ 0, PR_FALSE, 0, PR_FALSE, "extIA" },
- { /* opt_AddNameConstraintsExt*/ 0, PR_FALSE, 0, PR_FALSE, "extNC" },
- { /* opt_AddSubjectKeyIDExt */ 0, PR_FALSE, 0, PR_FALSE,
- "extSKID" },
- { /* opt_AddCmdKeyUsageExt */ 0, PR_TRUE, 0, PR_FALSE,
- "keyUsage" },
- { /* opt_AddCmdNSCertTypeExt */ 0, PR_TRUE, 0, PR_FALSE,
- "nsCertType" },
- { /* opt_AddCmdExtKeyUsageExt*/ 0, PR_TRUE, 0, PR_FALSE,
- "extKeyUsage" },
-
- { /* opt_SourceDir */ 0, PR_TRUE, 0, PR_FALSE,
- "source-dir"},
- { /* opt_SourcePrefix */ 0, PR_TRUE, 0, PR_FALSE,
- "source-prefix"},
- { /* opt_UpgradeID */ 0, PR_TRUE, 0, PR_FALSE,
- "upgrade-id"},
- { /* opt_UpgradeTokenName */ 0, PR_TRUE, 0, PR_FALSE,
- "upgrade-token-name"},
- { /* opt_KeyOpFlagsOn */ 0, PR_TRUE, 0, PR_FALSE,
- "keyOpFlagsOn"},
- { /* opt_KeyOpFlagsOff */ 0, PR_TRUE, 0, PR_FALSE,
- "keyOpFlagsOff"},
- { /* opt_KeyAttrFlags */ 0, PR_TRUE, 0, PR_FALSE,
- "keyAttrFlags"},
- { /* opt_EmptyPassword */ 0, PR_FALSE, 0, PR_FALSE,
- "empty-password"},
- { /* opt_CertVersion */ 0, PR_TRUE, 0, PR_FALSE,
- "certVersion"},
- { /* opt_AddSubjectAltExt */ 0, PR_TRUE, 0, PR_FALSE, "extSAN"},
- { /* opt_DumpExtensionValue */ 0, PR_TRUE, 0, PR_FALSE,
- "dump-ext-val"},
- { /* opt_GenericExtensions */ 0, PR_TRUE, 0, PR_FALSE,
- "extGeneric"},
- { /* opt_NewNickname */ 0, PR_TRUE, 0, PR_FALSE,
- "new-n"},
-};
-#define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0]))
+
+static const secuCommandFlag options_init[] =
+ {
+ { /* opt_SSOPass */ '0', PR_TRUE, 0, PR_FALSE },
+ { /* opt_AddKeyUsageExt */ '1', PR_FALSE, 0, PR_FALSE },
+ { /* opt_AddBasicConstraintExt*/ '2', PR_FALSE, 0, PR_FALSE },
+ { /* opt_AddAuthorityKeyIDExt*/ '3', PR_FALSE, 0, PR_FALSE },
+ { /* opt_AddCRLDistPtsExt */ '4', PR_FALSE, 0, PR_FALSE },
+ { /* opt_AddNSCertTypeExt */ '5', PR_FALSE, 0, PR_FALSE },
+ { /* opt_AddExtKeyUsageExt */ '6', PR_FALSE, 0, PR_FALSE },
+ { /* opt_ExtendedEmailAddrs */ '7', PR_TRUE, 0, PR_FALSE },
+ { /* opt_ExtendedDNSNames */ '8', PR_TRUE, 0, PR_FALSE },
+ { /* opt_ASCIIForIO */ 'a', PR_FALSE, 0, PR_FALSE },
+ { /* opt_ValidityTime */ 'b', PR_TRUE, 0, PR_FALSE },
+ { /* opt_IssuerName */ 'c', PR_TRUE, 0, PR_FALSE },
+ { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
+ { /* opt_VerifySig */ 'e', PR_FALSE, 0, PR_FALSE },
+ { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE },
+ { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE },
+ { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE },
+ { /* opt_InputFile */ 'i', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Emailaddress */ 0, PR_TRUE, 0, PR_FALSE, "email" },
+ { /* opt_KeyIndex */ 'j', PR_TRUE, 0, PR_FALSE },
+ { /* opt_KeyType */ 'k', PR_TRUE, 0, PR_FALSE },
+ { /* opt_DetailedInfo */ 'l', PR_FALSE, 0, PR_FALSE },
+ { /* opt_SerialNumber */ 'm', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
+ { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE },
+ { /* opt_PhoneNumber */ 'p', PR_TRUE, 0, PR_FALSE },
+ { /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE },
+ { /* opt_PQGFile */ 'q', PR_TRUE, 0, PR_FALSE },
+ { /* opt_BinaryDER */ 'r', PR_FALSE, 0, PR_FALSE },
+ { /* opt_Subject */ 's', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Usage */ 'u', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Validity */ 'v', PR_TRUE, 0, PR_FALSE },
+ { /* opt_OffsetMonths */ 'w', PR_TRUE, 0, PR_FALSE },
+ { /* opt_SelfSign */ 'x', PR_FALSE, 0, PR_FALSE },
+ { /* opt_RW */ 'X', PR_FALSE, 0, PR_FALSE },
+ { /* opt_Exponent */ 'y', PR_TRUE, 0, PR_FALSE },
+ { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Hash */ 'Z', PR_TRUE, 0, PR_FALSE },
+ { /* opt_NewPasswordFile */ '@', PR_TRUE, 0, PR_FALSE },
+ { /* opt_AddAuthInfoAccExt */ 0, PR_FALSE, 0, PR_FALSE, "extAIA" },
+ { /* opt_AddSubjInfoAccExt */ 0, PR_FALSE, 0, PR_FALSE, "extSIA" },
+ { /* opt_AddCertPoliciesExt */ 0, PR_FALSE, 0, PR_FALSE, "extCP" },
+ { /* opt_AddPolicyMapExt */ 0, PR_FALSE, 0, PR_FALSE, "extPM" },
+ { /* opt_AddPolicyConstrExt */ 0, PR_FALSE, 0, PR_FALSE, "extPC" },
+ { /* opt_AddInhibAnyExt */ 0, PR_FALSE, 0, PR_FALSE, "extIA" },
+ { /* opt_AddNameConstraintsExt*/ 0, PR_FALSE, 0, PR_FALSE, "extNC" },
+ { /* opt_AddSubjectKeyIDExt */ 0, PR_FALSE, 0, PR_FALSE,
+ "extSKID" },
+ { /* opt_AddCmdKeyUsageExt */ 0, PR_TRUE, 0, PR_FALSE,
+ "keyUsage" },
+ { /* opt_AddCmdNSCertTypeExt */ 0, PR_TRUE, 0, PR_FALSE,
+ "nsCertType" },
+ { /* opt_AddCmdExtKeyUsageExt*/ 0, PR_TRUE, 0, PR_FALSE,
+ "extKeyUsage" },
+
+ { /* opt_SourceDir */ 0, PR_TRUE, 0, PR_FALSE,
+ "source-dir" },
+ { /* opt_SourcePrefix */ 0, PR_TRUE, 0, PR_FALSE,
+ "source-prefix" },
+ { /* opt_UpgradeID */ 0, PR_TRUE, 0, PR_FALSE,
+ "upgrade-id" },
+ { /* opt_UpgradeTokenName */ 0, PR_TRUE, 0, PR_FALSE,
+ "upgrade-token-name" },
+ { /* opt_KeyOpFlagsOn */ 0, PR_TRUE, 0, PR_FALSE,
+ "keyOpFlagsOn" },
+ { /* opt_KeyOpFlagsOff */ 0, PR_TRUE, 0, PR_FALSE,
+ "keyOpFlagsOff" },
+ { /* opt_KeyAttrFlags */ 0, PR_TRUE, 0, PR_FALSE,
+ "keyAttrFlags" },
+ { /* opt_EmptyPassword */ 0, PR_FALSE, 0, PR_FALSE,
+ "empty-password" },
+ { /* opt_CertVersion */ 0, PR_TRUE, 0, PR_FALSE,
+ "certVersion" },
+ { /* opt_AddSubjectAltExt */ 0, PR_TRUE, 0, PR_FALSE, "extSAN" },
+ { /* opt_DumpExtensionValue */ 0, PR_TRUE, 0, PR_FALSE,
+ "dump-ext-val" },
+ { /* opt_GenericExtensions */ 0, PR_TRUE, 0, PR_FALSE,
+ "extGeneric" },
+ { /* opt_NewNickname */ 0, PR_TRUE, 0, PR_FALSE,
+ "new-n" },
+ };
+#define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0]))
static secuCommandFlag certutil_commands[NUM_COMMANDS];
-static secuCommandFlag certutil_options [NUM_OPTIONS ];
+static secuCommandFlag certutil_options[NUM_OPTIONS];
static const secuCommand certutil = {
- NUM_COMMANDS,
- NUM_OPTIONS,
- certutil_commands,
+ NUM_COMMANDS,
+ NUM_OPTIONS,
+ certutil_commands,
certutil_options
};
static certutilExtnList certutil_extns;
-static int
+static int
certutil_main(int argc, char **argv, PRBool initialize)
{
CERTCertDBHandle *certHandle;
PK11SlotInfo *slot = NULL;
- CERTName * subject = 0;
- PRFileDesc *inFile = PR_STDIN;
- PRFileDesc *outFile = PR_STDOUT;
- SECItem certReqDER = { siBuffer, NULL, 0 };
- SECItem certDER = { siBuffer, NULL, 0 };
- const char *slotname = "internal";
- const char *certPrefix = "";
- char * sourceDir = "";
- const char *srcCertPrefix = "";
- char * upgradeID = "";
- char * upgradeTokenName = "";
- KeyType keytype = rsaKey;
- char * name = NULL;
- char * newName = NULL;
- char * email = NULL;
- char * keysource = NULL;
- SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
- int keysize = DEFAULT_KEY_BITS;
- int publicExponent = 0x010001;
- int certVersion = SEC_CERTIFICATE_VERSION_3;
- unsigned int serialNumber = 0;
- int warpmonths = 0;
- int validityMonths = 3;
- int commandsEntered = 0;
- char commandToRun = '\0';
- secuPWData pwdata = { PW_NONE, 0 };
- secuPWData pwdata2 = { PW_NONE, 0 };
- PRBool readOnly = PR_FALSE;
- PRBool initialized = PR_FALSE;
- CK_FLAGS keyOpFlagsOn = 0;
- CK_FLAGS keyOpFlagsOff = 0;
- PK11AttrFlags keyAttrFlags =
- PK11_ATTR_TOKEN | PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE;
+ CERTName *subject = 0;
+ PRFileDesc *inFile = PR_STDIN;
+ PRFileDesc *outFile = PR_STDOUT;
+ SECItem certReqDER = { siBuffer, NULL, 0 };
+ SECItem certDER = { siBuffer, NULL, 0 };
+ const char *slotname = "internal";
+ const char *certPrefix = "";
+ char *sourceDir = "";
+ const char *srcCertPrefix = "";
+ char *upgradeID = "";
+ char *upgradeTokenName = "";
+ KeyType keytype = rsaKey;
+ char *name = NULL;
+ char *newName = NULL;
+ char *email = NULL;
+ char *keysource = NULL;
+ SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
+ int keysize = DEFAULT_KEY_BITS;
+ int publicExponent = 0x010001;
+ int certVersion = SEC_CERTIFICATE_VERSION_3;
+ unsigned int serialNumber = 0;
+ int warpmonths = 0;
+ int validityMonths = 3;
+ int commandsEntered = 0;
+ char commandToRun = '\0';
+ secuPWData pwdata = { PW_NONE, 0 };
+ secuPWData pwdata2 = { PW_NONE, 0 };
+ PRBool readOnly = PR_FALSE;
+ PRBool initialized = PR_FALSE;
+ CK_FLAGS keyOpFlagsOn = 0;
+ CK_FLAGS keyOpFlagsOff = 0;
+ PK11AttrFlags keyAttrFlags =
+ PK11_ATTR_TOKEN | PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE;
SECKEYPrivateKey *privkey = NULL;
SECKEYPublicKey *pubkey = NULL;
@@ -2504,14 +2525,14 @@ certutil_main(int argc, char **argv, PRBool initialize)
SECStatus rv;
progName = PORT_Strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
memcpy(certutil_commands, commands_init, sizeof commands_init);
- memcpy(certutil_options, options_init, sizeof options_init);
+ memcpy(certutil_options, options_init, sizeof options_init);
rv = SECU_ParseCommandLine(argc, argv, progName, &certutil);
if (rv != SECSuccess)
- Usage(progName);
+ Usage(progName);
if (certutil.commands[cmd_PrintSyntax].activated) {
PrintSyntax(progName);
@@ -2529,115 +2550,113 @@ certutil_main(int argc, char **argv, PRBool initialize)
buf[0] = certutil.commands[i].flag;
buf[1] = 0;
command = buf;
- }
- else {
+ } else {
command = certutil.commands[i].longform;
}
break;
}
}
- LongUsage(progName, (command ? usage_selected : usage_all), command);
+ LongUsage(progName, (command ? usage_selected : usage_all), command);
exit(1);
}
if (certutil.options[opt_PasswordFile].arg) {
- pwdata.source = PW_FROMFILE;
- pwdata.data = certutil.options[opt_PasswordFile].arg;
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = certutil.options[opt_PasswordFile].arg;
}
if (certutil.options[opt_NewPasswordFile].arg) {
- pwdata2.source = PW_FROMFILE;
- pwdata2.data = certutil.options[opt_NewPasswordFile].arg;
+ pwdata2.source = PW_FROMFILE;
+ pwdata2.data = certutil.options[opt_NewPasswordFile].arg;
}
if (certutil.options[opt_CertDir].activated)
- SECU_ConfigDirectory(certutil.options[opt_CertDir].arg);
+ SECU_ConfigDirectory(certutil.options[opt_CertDir].arg);
if (certutil.options[opt_SourceDir].activated)
- sourceDir = certutil.options[opt_SourceDir].arg;
+ sourceDir = certutil.options[opt_SourceDir].arg;
if (certutil.options[opt_UpgradeID].activated)
- upgradeID = certutil.options[opt_UpgradeID].arg;
+ upgradeID = certutil.options[opt_UpgradeID].arg;
if (certutil.options[opt_UpgradeTokenName].activated)
- upgradeTokenName = certutil.options[opt_UpgradeTokenName].arg;
+ upgradeTokenName = certutil.options[opt_UpgradeTokenName].arg;
if (certutil.options[opt_KeySize].activated) {
- keysize = PORT_Atoi(certutil.options[opt_KeySize].arg);
- if ((keysize < MIN_KEY_BITS) || (keysize > MAX_KEY_BITS)) {
- PR_fprintf(PR_STDERR,
+ keysize = PORT_Atoi(certutil.options[opt_KeySize].arg);
+ if ((keysize < MIN_KEY_BITS) || (keysize > MAX_KEY_BITS)) {
+ PR_fprintf(PR_STDERR,
"%s -g: Keysize must be between %d and %d.\n",
- progName, MIN_KEY_BITS, MAX_KEY_BITS);
- return 255;
- }
+ progName, MIN_KEY_BITS, MAX_KEY_BITS);
+ return 255;
+ }
#ifndef NSS_DISABLE_ECC
- if (keytype == ecKey) {
- PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName);
- return 255;
- }
+ if (keytype == ecKey) {
+ PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName);
+ return 255;
+ }
#endif /* NSS_DISABLE_ECC */
-
}
/* -h specify token name */
if (certutil.options[opt_TokenName].activated) {
- if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0)
- slotname = NULL;
- else
- slotname = certutil.options[opt_TokenName].arg;
+ if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0)
+ slotname = NULL;
+ else
+ slotname = certutil.options[opt_TokenName].arg;
}
/* -Z hash type */
if (certutil.options[opt_Hash].activated) {
- char * arg = certutil.options[opt_Hash].arg;
+ char *arg = certutil.options[opt_Hash].arg;
hashAlgTag = SECU_StringToSignatureAlgTag(arg);
if (hashAlgTag == SEC_OID_UNKNOWN) {
- PR_fprintf(PR_STDERR, "%s -Z: %s is not a recognized type.\n",
- progName, arg);
- return 255;
- }
+ PR_fprintf(PR_STDERR, "%s -Z: %s is not a recognized type.\n",
+ progName, arg);
+ return 255;
+ }
}
/* -k key type */
if (certutil.options[opt_KeyType].activated) {
- char * arg = certutil.options[opt_KeyType].arg;
- if (PL_strcmp(arg, "rsa") == 0) {
- keytype = rsaKey;
- } else if (PL_strcmp(arg, "dsa") == 0) {
- keytype = dsaKey;
+ char *arg = certutil.options[opt_KeyType].arg;
+ if (PL_strcmp(arg, "rsa") == 0) {
+ keytype = rsaKey;
+ } else if (PL_strcmp(arg, "dsa") == 0) {
+ keytype = dsaKey;
#ifndef NSS_DISABLE_ECC
- } else if (PL_strcmp(arg, "ec") == 0) {
- keytype = ecKey;
+ } else if (PL_strcmp(arg, "ec") == 0) {
+ keytype = ecKey;
#endif /* NSS_DISABLE_ECC */
- } else if (PL_strcmp(arg, "all") == 0) {
- keytype = nullKey;
- } else {
- /* use an existing private/public key pair */
- keysource = arg;
- }
+ } else if (PL_strcmp(arg, "all") == 0) {
+ keytype = nullKey;
+ } else {
+ /* use an existing private/public key pair */
+ keysource = arg;
+ }
} else if (certutil.commands[cmd_ListKeys].activated) {
- keytype = nullKey;
+ keytype = nullKey;
}
if (certutil.options[opt_KeyOpFlagsOn].activated) {
- keyOpFlagsOn = GetOpFlags(certutil.options[opt_KeyOpFlagsOn].arg);
+ keyOpFlagsOn = GetOpFlags(certutil.options[opt_KeyOpFlagsOn].arg);
}
if (certutil.options[opt_KeyOpFlagsOff].activated) {
- keyOpFlagsOff = GetOpFlags(certutil.options[opt_KeyOpFlagsOff].arg);
- keyOpFlagsOn &=~keyOpFlagsOff; /* make off override on */
+ keyOpFlagsOff = GetOpFlags(certutil.options[opt_KeyOpFlagsOff].arg);
+ keyOpFlagsOn &= ~keyOpFlagsOff; /* make off override on */
}
if (certutil.options[opt_KeyAttrFlags].activated) {
- keyAttrFlags = GetAttrFlags(certutil.options[opt_KeyAttrFlags].arg);
+ keyAttrFlags = GetAttrFlags(certutil.options[opt_KeyAttrFlags].arg);
}
/* -m serial number */
if (certutil.options[opt_SerialNumber].activated) {
- int sn = PORT_Atoi(certutil.options[opt_SerialNumber].arg);
- if (sn < 0) {
- PR_fprintf(PR_STDERR, "%s -m: %s is not a valid serial number.\n",
- progName, certutil.options[opt_SerialNumber].arg);
- return 255;
- }
- serialNumber = sn;
+ int sn = PORT_Atoi(certutil.options[opt_SerialNumber].arg);
+ if (sn < 0) {
+ PR_fprintf(PR_STDERR, "%s -m: %s is not a valid serial number.\n",
+ progName, certutil.options[opt_SerialNumber].arg);
+ return 255;
+ }
+ serialNumber = sn;
}
/* -P certdb name prefix */
@@ -2661,54 +2680,54 @@ certutil_main(int argc, char **argv, PRBool initialize)
/* -q PQG file or curve name */
if (certutil.options[opt_PQGFile].activated) {
#ifndef NSS_DISABLE_ECC
- if ((keytype != dsaKey) && (keytype != ecKey)) {
- PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \
- " (-k dsa) or a named curve for EC keys (-k ec)\n)",
- progName);
-#else /* } */
- if (keytype != dsaKey) {
- PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
- progName);
+ if ((keytype != dsaKey) && (keytype != ecKey)) {
+ PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys"
+ " (-k dsa) or a named curve for EC keys (-k ec)\n)",
+ progName);
+#else /* } */
+ if (keytype != dsaKey) {
+ PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
+ progName);
#endif /* NSS_DISABLE_ECC */
- return 255;
- }
+ return 255;
+ }
}
/* -s subject name */
if (certutil.options[opt_Subject].activated) {
- subject = CERT_AsciiToName(certutil.options[opt_Subject].arg);
- if (!subject) {
- PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n",
- progName, certutil.options[opt_Subject].arg);
- return 255;
- }
+ subject = CERT_AsciiToName(certutil.options[opt_Subject].arg);
+ if (!subject) {
+ PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n",
+ progName, certutil.options[opt_Subject].arg);
+ return 255;
+ }
}
/* -v validity period */
if (certutil.options[opt_Validity].activated) {
- validityMonths = PORT_Atoi(certutil.options[opt_Validity].arg);
- if (validityMonths < 0) {
- PR_fprintf(PR_STDERR, "%s -v: incorrect validity period: \"%s\"\n",
- progName, certutil.options[opt_Validity].arg);
- return 255;
- }
+ validityMonths = PORT_Atoi(certutil.options[opt_Validity].arg);
+ if (validityMonths < 0) {
+ PR_fprintf(PR_STDERR, "%s -v: incorrect validity period: \"%s\"\n",
+ progName, certutil.options[opt_Validity].arg);
+ return 255;
+ }
}
/* -w warp months */
if (certutil.options[opt_OffsetMonths].activated)
- warpmonths = PORT_Atoi(certutil.options[opt_OffsetMonths].arg);
+ warpmonths = PORT_Atoi(certutil.options[opt_OffsetMonths].arg);
/* -y public exponent (for RSA) */
if (certutil.options[opt_Exponent].activated) {
- publicExponent = PORT_Atoi(certutil.options[opt_Exponent].arg);
- if ((publicExponent != 3) &&
- (publicExponent != 17) &&
- (publicExponent != 65537)) {
- PR_fprintf(PR_STDERR, "%s -y: incorrect public exponent %d.",
- progName, publicExponent);
- PR_fprintf(PR_STDERR, "Must be 3, 17, or 65537.\n");
- return 255;
- }
+ publicExponent = PORT_Atoi(certutil.options[opt_Exponent].arg);
+ if ((publicExponent != 3) &&
+ (publicExponent != 17) &&
+ (publicExponent != 65537)) {
+ PR_fprintf(PR_STDERR, "%s -y: incorrect public exponent %d.",
+ progName, publicExponent);
+ PR_fprintf(PR_STDERR, "Must be 3, 17, or 65537.\n");
+ return 255;
+ }
}
/* --certVersion */
@@ -2716,60 +2735,59 @@ certutil_main(int argc, char **argv, PRBool initialize)
certVersion = PORT_Atoi(certutil.options[opt_CertVersion].arg);
if (certVersion < 1 || certVersion > 4) {
PR_fprintf(PR_STDERR, "%s -certVersion: incorrect certificate version %d.",
- progName, certVersion);
+ progName, certVersion);
PR_fprintf(PR_STDERR, "Must be 1, 2, 3 or 4.\n");
return 255;
}
certVersion = certVersion - 1;
}
-
/* Check number of commands entered. */
commandsEntered = 0;
- for (i=0; i< certutil.numCommands; i++) {
- if (certutil.commands[i].activated) {
- commandToRun = certutil.commands[i].flag;
- commandsEntered++;
- }
- if (commandsEntered > 1)
- break;
+ for (i = 0; i < certutil.numCommands; i++) {
+ if (certutil.commands[i].activated) {
+ commandToRun = certutil.commands[i].flag;
+ commandsEntered++;
+ }
+ if (commandsEntered > 1)
+ break;
}
if (commandsEntered > 1) {
- PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName);
- PR_fprintf(PR_STDERR, "You entered: ");
- for (i=0; i< certutil.numCommands; i++) {
- if (certutil.commands[i].activated)
- PR_fprintf(PR_STDERR, " -%c", certutil.commands[i].flag);
- }
- PR_fprintf(PR_STDERR, "\n");
- return 255;
+ PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName);
+ PR_fprintf(PR_STDERR, "You entered: ");
+ for (i = 0; i < certutil.numCommands; i++) {
+ if (certutil.commands[i].activated)
+ PR_fprintf(PR_STDERR, " -%c", certutil.commands[i].flag);
+ }
+ PR_fprintf(PR_STDERR, "\n");
+ return 255;
}
if (commandsEntered == 0) {
- Usage(progName);
+ Usage(progName);
}
if (certutil.commands[cmd_ListCerts].activated ||
- certutil.commands[cmd_PrintHelp].activated ||
- certutil.commands[cmd_ListKeys].activated ||
- certutil.commands[cmd_ListModules].activated ||
- certutil.commands[cmd_CheckCertValidity].activated ||
- certutil.commands[cmd_Version].activated ) {
- readOnly = !certutil.options[opt_RW].activated;
+ certutil.commands[cmd_PrintHelp].activated ||
+ certutil.commands[cmd_ListKeys].activated ||
+ certutil.commands[cmd_ListModules].activated ||
+ certutil.commands[cmd_CheckCertValidity].activated ||
+ certutil.commands[cmd_Version].activated) {
+ readOnly = !certutil.options[opt_RW].activated;
}
/* -A, -D, -F, -M, -S, -V, and all require -n */
if ((certutil.commands[cmd_AddCert].activated ||
certutil.commands[cmd_DeleteCert].activated ||
certutil.commands[cmd_DeleteKey].activated ||
- certutil.commands[cmd_DumpChain].activated ||
+ certutil.commands[cmd_DumpChain].activated ||
certutil.commands[cmd_ModifyCertTrust].activated ||
certutil.commands[cmd_CreateAndAddCert].activated ||
certutil.commands[cmd_CheckCertValidity].activated) &&
!certutil.options[opt_Nickname].activated) {
- PR_fprintf(PR_STDERR,
- "%s -%c: nickname is required for this command (-n).\n",
- progName, commandToRun);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s -%c: nickname is required for this command (-n).\n",
+ progName, commandToRun);
+ return 255;
}
/* -A, -E, -M, -S require trust */
@@ -2778,10 +2796,10 @@ certutil_main(int argc, char **argv, PRBool initialize)
certutil.commands[cmd_ModifyCertTrust].activated ||
certutil.commands[cmd_CreateAndAddCert].activated) &&
!certutil.options[opt_Trust].activated) {
- PR_fprintf(PR_STDERR,
- "%s -%c: trust is required for this command (-t).\n",
- progName, commandToRun);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s -%c: trust is required for this command (-t).\n",
+ progName, commandToRun);
+ return 255;
}
/* if -L is given raw, ascii or dump mode, it must be for only one cert. */
@@ -2790,49 +2808,49 @@ certutil_main(int argc, char **argv, PRBool initialize)
certutil.options[opt_DumpExtensionValue].activated ||
certutil.options[opt_BinaryDER].activated) &&
!certutil.options[opt_Nickname].activated) {
- PR_fprintf(PR_STDERR,
- "%s: nickname is required to dump cert in raw or ascii mode.\n",
- progName);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s: nickname is required to dump cert in raw or ascii mode.\n",
+ progName);
+ return 255;
}
-
+
/* -L can only be in (raw || ascii). */
if (certutil.commands[cmd_ListCerts].activated &&
certutil.options[opt_ASCIIForIO].activated &&
certutil.options[opt_BinaryDER].activated) {
- PR_fprintf(PR_STDERR,
- "%s: cannot specify both -r and -a when dumping cert.\n",
- progName);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s: cannot specify both -r and -a when dumping cert.\n",
+ progName);
+ return 255;
}
/* If making a cert request, need a subject. */
if ((certutil.commands[cmd_CertReq].activated ||
certutil.commands[cmd_CreateAndAddCert].activated) &&
!(certutil.options[opt_Subject].activated || keysource)) {
- PR_fprintf(PR_STDERR,
- "%s -%c: subject is required to create a cert request.\n",
- progName, commandToRun);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s -%c: subject is required to create a cert request.\n",
+ progName, commandToRun);
+ return 255;
}
/* If making a cert, need a serial number. */
if ((certutil.commands[cmd_CreateNewCert].activated ||
certutil.commands[cmd_CreateAndAddCert].activated) &&
- !certutil.options[opt_SerialNumber].activated) {
- /* Make a default serial number from the current time. */
- PRTime now = PR_Now();
- LL_USHR(now, now, 19);
- LL_L2UI(serialNumber, now);
+ !certutil.options[opt_SerialNumber].activated) {
+ /* Make a default serial number from the current time. */
+ PRTime now = PR_Now();
+ LL_USHR(now, now, 19);
+ LL_L2UI(serialNumber, now);
}
/* Validation needs the usage to validate for. */
if (certutil.commands[cmd_CheckCertValidity].activated &&
!certutil.options[opt_Usage].activated) {
- PR_fprintf(PR_STDERR,
- "%s -V: specify a usage to validate the cert for (-u).\n",
- progName);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s -V: specify a usage to validate the cert for (-u).\n",
+ progName);
+ return 255;
}
/* Rename needs an old and a new nickname */
@@ -2840,92 +2858,90 @@ certutil_main(int argc, char **argv, PRBool initialize)
!(certutil.options[opt_Nickname].activated &&
certutil.options[opt_NewNickname].activated)) {
- PR_fprintf(PR_STDERR,
- "%s --rename: specify an old nickname (-n) and\n"
+ PR_fprintf(PR_STDERR,
+ "%s --rename: specify an old nickname (-n) and\n"
" a new nickname (--new-n).\n",
- progName);
- return 255;
+ progName);
+ return 255;
}
-
/* Upgrade/Merge needs a source database and a upgrade id. */
if (certutil.commands[cmd_UpgradeMerge].activated &&
!(certutil.options[opt_SourceDir].activated &&
certutil.options[opt_UpgradeID].activated)) {
- PR_fprintf(PR_STDERR,
- "%s --upgrade-merge: specify an upgrade database directory "
- "(--source-dir) and\n"
+ PR_fprintf(PR_STDERR,
+ "%s --upgrade-merge: specify an upgrade database directory "
+ "(--source-dir) and\n"
" an upgrade ID (--upgrade-id).\n",
- progName);
- return 255;
+ progName);
+ return 255;
}
/* Merge needs a source database */
if (certutil.commands[cmd_Merge].activated &&
!certutil.options[opt_SourceDir].activated) {
-
- PR_fprintf(PR_STDERR,
- "%s --merge: specify an source database directory "
- "(--source-dir)\n",
- progName);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s --merge: specify an source database directory "
+ "(--source-dir)\n",
+ progName);
+ return 255;
}
-
/* To make a cert, need either a issuer or to self-sign it. */
if (certutil.commands[cmd_CreateAndAddCert].activated &&
- !(certutil.options[opt_IssuerName].activated ||
+ !(certutil.options[opt_IssuerName].activated ||
certutil.options[opt_SelfSign].activated)) {
- PR_fprintf(PR_STDERR,
- "%s -S: must specify issuer (-c) or self-sign (-x).\n",
- progName);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s -S: must specify issuer (-c) or self-sign (-x).\n",
+ progName);
+ return 255;
}
- /* Using slotname == NULL for listing keys and certs on all slots,
+ /* Using slotname == NULL for listing keys and certs on all slots,
* but only that. */
if (!(certutil.commands[cmd_ListKeys].activated ||
- certutil.commands[cmd_DumpChain].activated ||
- certutil.commands[cmd_ListCerts].activated) && slotname == NULL) {
- PR_fprintf(PR_STDERR,
- "%s -%c: cannot use \"-h all\" for this command.\n",
- progName, commandToRun);
- return 255;
+ certutil.commands[cmd_DumpChain].activated ||
+ certutil.commands[cmd_ListCerts].activated) &&
+ slotname == NULL) {
+ PR_fprintf(PR_STDERR,
+ "%s -%c: cannot use \"-h all\" for this command.\n",
+ progName, commandToRun);
+ return 255;
}
/* Using keytype == nullKey for list all key types, but only that. */
if (!certutil.commands[cmd_ListKeys].activated && keytype == nullKey) {
- PR_fprintf(PR_STDERR,
- "%s -%c: cannot use \"-k all\" for this command.\n",
- progName, commandToRun);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s -%c: cannot use \"-k all\" for this command.\n",
+ progName, commandToRun);
+ return 255;
}
/* Open the input file. */
if (certutil.options[opt_InputFile].activated) {
- inFile = PR_Open(certutil.options[opt_InputFile].arg, PR_RDONLY, 0);
- if (!inFile) {
- PR_fprintf(PR_STDERR,
- "%s: unable to open \"%s\" for reading (%ld, %ld).\n",
- progName, certutil.options[opt_InputFile].arg,
- PR_GetError(), PR_GetOSError());
- return 255;
- }
+ inFile = PR_Open(certutil.options[opt_InputFile].arg, PR_RDONLY, 0);
+ if (!inFile) {
+ PR_fprintf(PR_STDERR,
+ "%s: unable to open \"%s\" for reading (%ld, %ld).\n",
+ progName, certutil.options[opt_InputFile].arg,
+ PR_GetError(), PR_GetOSError());
+ return 255;
+ }
}
/* Open the output file. */
if (certutil.options[opt_OutputFile].activated) {
- outFile = PR_Open(certutil.options[opt_OutputFile].arg,
+ outFile = PR_Open(certutil.options[opt_OutputFile].arg,
PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE, 00660);
- if (!outFile) {
- PR_fprintf(PR_STDERR,
- "%s: unable to open \"%s\" for writing (%ld, %ld).\n",
- progName, certutil.options[opt_OutputFile].arg,
- PR_GetError(), PR_GetOSError());
- return 255;
- }
+ if (!outFile) {
+ PR_fprintf(PR_STDERR,
+ "%s: unable to open \"%s\" for writing (%ld, %ld).\n",
+ progName, certutil.options[opt_OutputFile].arg,
+ PR_GetError(), PR_GetOSError());
+ return 255;
+ }
}
name = SECU_GetOptionArg(&certutil, opt_Nickname);
@@ -2937,58 +2953,58 @@ certutil_main(int argc, char **argv, PRBool initialize)
if (PR_TRUE == initialize) {
/* Initialize NSPR and NSS. */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- if (!certutil.commands[cmd_UpgradeMerge].activated) {
- rv = NSS_Initialize(SECU_ConfigDirectory(NULL),
- certPrefix, certPrefix,
- "secmod.db", readOnly ? NSS_INIT_READONLY: 0);
- } else {
- rv = NSS_InitWithMerge(SECU_ConfigDirectory(NULL),
- certPrefix, certPrefix, "secmod.db",
- sourceDir, srcCertPrefix, srcCertPrefix,
- upgradeID, upgradeTokenName,
- readOnly ? NSS_INIT_READONLY: 0);
- }
+ if (!certutil.commands[cmd_UpgradeMerge].activated) {
+ rv = NSS_Initialize(SECU_ConfigDirectory(NULL),
+ certPrefix, certPrefix,
+ "secmod.db", readOnly ? NSS_INIT_READONLY : 0);
+ } else {
+ rv = NSS_InitWithMerge(SECU_ConfigDirectory(NULL),
+ certPrefix, certPrefix, "secmod.db",
+ sourceDir, srcCertPrefix, srcCertPrefix,
+ upgradeID, upgradeTokenName,
+ readOnly ? NSS_INIT_READONLY : 0);
+ }
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- rv = SECFailure;
- goto shutdown;
+ SECU_PrintPRandOSError(progName);
+ rv = SECFailure;
+ goto shutdown;
}
initialized = PR_TRUE;
- SECU_RegisterDynamicOids();
+ SECU_RegisterDynamicOids();
}
certHandle = CERT_GetDefaultCertDB();
if (certutil.commands[cmd_Version].activated) {
- printf("Certificate database content version: command not implemented.\n");
+ printf("Certificate database content version: command not implemented.\n");
}
if (PL_strcmp(slotname, "internal") == 0)
- slot = PK11_GetInternalKeySlot();
+ slot = PK11_GetInternalKeySlot();
else if (slotname != NULL)
- slot = PK11_FindSlotByName(slotname);
+ slot = PK11_FindSlotByName(slotname);
- if ( !slot && (certutil.commands[cmd_NewDBs].activated ||
- certutil.commands[cmd_ModifyCertTrust].activated ||
- certutil.commands[cmd_ChangePassword].activated ||
- certutil.commands[cmd_TokenReset].activated ||
- certutil.commands[cmd_CreateAndAddCert].activated ||
- certutil.commands[cmd_AddCert].activated ||
- certutil.commands[cmd_Merge].activated ||
- certutil.commands[cmd_UpgradeMerge].activated ||
- certutil.commands[cmd_AddEmailCert].activated)) {
-
- SECU_PrintError(progName, "could not find the slot %s",slotname);
- rv = SECFailure;
- goto shutdown;
+ if (!slot && (certutil.commands[cmd_NewDBs].activated ||
+ certutil.commands[cmd_ModifyCertTrust].activated ||
+ certutil.commands[cmd_ChangePassword].activated ||
+ certutil.commands[cmd_TokenReset].activated ||
+ certutil.commands[cmd_CreateAndAddCert].activated ||
+ certutil.commands[cmd_AddCert].activated ||
+ certutil.commands[cmd_Merge].activated ||
+ certutil.commands[cmd_UpgradeMerge].activated ||
+ certutil.commands[cmd_AddEmailCert].activated)) {
+
+ SECU_PrintError(progName, "could not find the slot %s", slotname);
+ rv = SECFailure;
+ goto shutdown;
}
/* If creating new database, initialize the password. */
if (certutil.commands[cmd_NewDBs].activated) {
- if(certutil.options[opt_EmptyPassword].activated && (PK11_NeedUserInit(slot)))
- PK11_InitPin(slot, (char*)NULL, "");
- else
- SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
- certutil.options[opt_NewPasswordFile].arg);
+ if (certutil.options[opt_EmptyPassword].activated && (PK11_NeedUserInit(slot)))
+ PK11_InitPin(slot, (char *)NULL, "");
+ else
+ SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
+ certutil.options[opt_NewPasswordFile].arg);
}
/* walk through the upgrade merge if necessary.
@@ -2997,215 +3013,215 @@ certutil_main(int argc, char **argv, PRBool initialize)
* the general case where 2 database need to be merged together.
*/
if (certutil.commands[cmd_UpgradeMerge].activated) {
- if (*upgradeTokenName == 0) {
- upgradeTokenName = upgradeID;
- }
- if (!PK11_IsInternal(slot)) {
- fprintf(stderr, "Only internal DB's can be upgraded\n");
- rv = SECSuccess;
- goto shutdown;
- }
- if (!PK11_IsRemovable(slot)) {
- printf("database already upgraded.\n");
- rv = SECSuccess;
- goto shutdown;
- }
- if (!PK11_NeedLogin(slot)) {
- printf("upgrade complete!\n");
- rv = SECSuccess;
- goto shutdown;
- }
- /* authenticate to the old DB if necessary */
- if (PORT_Strcmp(PK11_GetTokenName(slot), upgradeTokenName) == 0) {
- /* if we need a password, supply it. This will be the password
- * for the old database */
- rv = PK11_Authenticate(slot, PR_FALSE, &pwdata2);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "Could not get password for %s",
- upgradeTokenName);
- goto shutdown;
- }
- /*
- * if we succeeded above, but still aren't logged in, that means
- * we just supplied the password for the old database. We may
- * need the password for the new database. NSS will automatically
- * change the token names at this point
- */
- if (PK11_IsLoggedIn(slot, &pwdata)) {
- printf("upgrade complete!\n");
- rv = SECSuccess;
- goto shutdown;
- }
- }
-
- /* call PK11_IsPresent to update our cached token information */
- if (!PK11_IsPresent(slot)) {
- /* this shouldn't happen. We call isPresent to force a token
- * info update */
- fprintf(stderr, "upgrade/merge internal error\n");
- rv = SECFailure;
- goto shutdown;
- }
-
- /* the token is now set to the state of the source database,
- * if we need a password for it, PK11_Authenticate will
- * automatically prompt us */
- rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
- if (rv == SECSuccess) {
- printf("upgrade complete!\n");
- } else {
+ if (*upgradeTokenName == 0) {
+ upgradeTokenName = upgradeID;
+ }
+ if (!PK11_IsInternal(slot)) {
+ fprintf(stderr, "Only internal DB's can be upgraded\n");
+ rv = SECSuccess;
+ goto shutdown;
+ }
+ if (!PK11_IsRemovable(slot)) {
+ printf("database already upgraded.\n");
+ rv = SECSuccess;
+ goto shutdown;
+ }
+ if (!PK11_NeedLogin(slot)) {
+ printf("upgrade complete!\n");
+ rv = SECSuccess;
+ goto shutdown;
+ }
+ /* authenticate to the old DB if necessary */
+ if (PORT_Strcmp(PK11_GetTokenName(slot), upgradeTokenName) == 0) {
+ /* if we need a password, supply it. This will be the password
+ * for the old database */
+ rv = PK11_Authenticate(slot, PR_FALSE, &pwdata2);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "Could not get password for %s",
+ upgradeTokenName);
+ goto shutdown;
+ }
+ /*
+ * if we succeeded above, but still aren't logged in, that means
+ * we just supplied the password for the old database. We may
+ * need the password for the new database. NSS will automatically
+ * change the token names at this point
+ */
+ if (PK11_IsLoggedIn(slot, &pwdata)) {
+ printf("upgrade complete!\n");
+ rv = SECSuccess;
+ goto shutdown;
+ }
+ }
+
+ /* call PK11_IsPresent to update our cached token information */
+ if (!PK11_IsPresent(slot)) {
+ /* this shouldn't happen. We call isPresent to force a token
+ * info update */
+ fprintf(stderr, "upgrade/merge internal error\n");
+ rv = SECFailure;
+ goto shutdown;
+ }
+
+ /* the token is now set to the state of the source database,
+ * if we need a password for it, PK11_Authenticate will
+ * automatically prompt us */
+ rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
+ if (rv == SECSuccess) {
+ printf("upgrade complete!\n");
+ } else {
SECU_PrintError(progName, "Could not get password for %s",
- PK11_GetTokenName(slot));
- }
- goto shutdown;
+ PK11_GetTokenName(slot));
+ }
+ goto shutdown;
}
/*
* merge 2 databases.
*/
if (certutil.commands[cmd_Merge].activated) {
- PK11SlotInfo *sourceSlot = NULL;
- PK11MergeLog *log;
- char *modspec = PR_smprintf(
- "configDir='%s' certPrefix='%s' tokenDescription='%s'",
- sourceDir, srcCertPrefix,
- *upgradeTokenName ? upgradeTokenName : "Source Database");
-
- if (!modspec) {
- rv = SECFailure;
- goto shutdown;
- }
-
- sourceSlot = SECMOD_OpenUserDB(modspec);
- PR_smprintf_free(modspec);
- if (!sourceSlot) {
- SECU_PrintError(progName, "couldn't open source database");
- rv = SECFailure;
- goto shutdown;
- }
-
- rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "Couldn't get password for %s",
- PK11_GetTokenName(slot));
- goto merge_fail;
- }
-
- rv = PK11_Authenticate(sourceSlot, PR_FALSE, &pwdata2);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "Couldn't get password for %s",
- PK11_GetTokenName(sourceSlot));
- goto merge_fail;
- }
-
- log = PK11_CreateMergeLog();
- if (!log) {
- rv = SECFailure;
- SECU_PrintError(progName, "couldn't create error log");
- goto merge_fail;
- }
-
- rv = PK11_MergeTokens(slot, sourceSlot, log, &pwdata, &pwdata2);
- if (rv != SECSuccess) {
- DumpMergeLog(progName, log);
- }
- PK11_DestroyMergeLog(log);
-
-merge_fail:
- SECMOD_CloseUserDB(sourceSlot);
- PK11_FreeSlot(sourceSlot);
- goto shutdown;
+ PK11SlotInfo *sourceSlot = NULL;
+ PK11MergeLog *log;
+ char *modspec = PR_smprintf(
+ "configDir='%s' certPrefix='%s' tokenDescription='%s'",
+ sourceDir, srcCertPrefix,
+ *upgradeTokenName ? upgradeTokenName : "Source Database");
+
+ if (!modspec) {
+ rv = SECFailure;
+ goto shutdown;
+ }
+
+ sourceSlot = SECMOD_OpenUserDB(modspec);
+ PR_smprintf_free(modspec);
+ if (!sourceSlot) {
+ SECU_PrintError(progName, "couldn't open source database");
+ rv = SECFailure;
+ goto shutdown;
+ }
+
+ rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "Couldn't get password for %s",
+ PK11_GetTokenName(slot));
+ goto merge_fail;
+ }
+
+ rv = PK11_Authenticate(sourceSlot, PR_FALSE, &pwdata2);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "Couldn't get password for %s",
+ PK11_GetTokenName(sourceSlot));
+ goto merge_fail;
+ }
+
+ log = PK11_CreateMergeLog();
+ if (!log) {
+ rv = SECFailure;
+ SECU_PrintError(progName, "couldn't create error log");
+ goto merge_fail;
+ }
+
+ rv = PK11_MergeTokens(slot, sourceSlot, log, &pwdata, &pwdata2);
+ if (rv != SECSuccess) {
+ DumpMergeLog(progName, log);
+ }
+ PK11_DestroyMergeLog(log);
+
+ merge_fail:
+ SECMOD_CloseUserDB(sourceSlot);
+ PK11_FreeSlot(sourceSlot);
+ goto shutdown;
}
/* The following 8 options are mutually exclusive with all others. */
/* List certs (-L) */
if (certutil.commands[cmd_ListCerts].activated) {
- if (certutil.options[opt_DumpExtensionValue].activated) {
- const char *oid_str;
- SECItem oid_item;
+ if (certutil.options[opt_DumpExtensionValue].activated) {
+ const char *oid_str;
+ SECItem oid_item;
SECStatus srv;
- oid_item.data = NULL;
- oid_item.len = 0;
- oid_str = certutil.options[opt_DumpExtensionValue].arg;
- srv = GetOidFromString(NULL, &oid_item, oid_str, strlen(oid_str));
- if (srv != SECSuccess) {
- SECU_PrintError(progName, "malformed extension OID %s",
- oid_str);
- goto shutdown;
- }
- rv = ListCerts(certHandle, name, email, slot,
- PR_TRUE /*binary*/, PR_FALSE /*ascii*/,
- &oid_item,
- outFile, &pwdata);
- } else {
- rv = ListCerts(certHandle, name, email, slot,
- certutil.options[opt_BinaryDER].activated,
- certutil.options[opt_ASCIIForIO].activated,
- NULL, outFile, &pwdata);
- }
- goto shutdown;
+ oid_item.data = NULL;
+ oid_item.len = 0;
+ oid_str = certutil.options[opt_DumpExtensionValue].arg;
+ srv = GetOidFromString(NULL, &oid_item, oid_str, strlen(oid_str));
+ if (srv != SECSuccess) {
+ SECU_PrintError(progName, "malformed extension OID %s",
+ oid_str);
+ goto shutdown;
+ }
+ rv = ListCerts(certHandle, name, email, slot,
+ PR_TRUE /*binary*/, PR_FALSE /*ascii*/,
+ &oid_item,
+ outFile, &pwdata);
+ } else {
+ rv = ListCerts(certHandle, name, email, slot,
+ certutil.options[opt_BinaryDER].activated,
+ certutil.options[opt_ASCIIForIO].activated,
+ NULL, outFile, &pwdata);
+ }
+ goto shutdown;
}
if (certutil.commands[cmd_DumpChain].activated) {
- rv = DumpChain(certHandle, name,
+ rv = DumpChain(certHandle, name,
certutil.options[opt_ASCIIForIO].activated);
- goto shutdown;
+ goto shutdown;
}
/* XXX needs work */
/* List keys (-K) */
if (certutil.commands[cmd_ListKeys].activated) {
- rv = ListKeys(slot, name, 0 /*keyindex*/, keytype, PR_FALSE /*dopriv*/,
- &pwdata);
- goto shutdown;
+ rv = ListKeys(slot, name, 0 /*keyindex*/, keytype, PR_FALSE /*dopriv*/,
+ &pwdata);
+ goto shutdown;
}
/* List modules (-U) */
if (certutil.commands[cmd_ListModules].activated) {
- rv = ListModules();
- goto shutdown;
+ rv = ListModules();
+ goto shutdown;
}
/* Delete cert (-D) */
if (certutil.commands[cmd_DeleteCert].activated) {
- rv = DeleteCert(certHandle, name);
- goto shutdown;
+ rv = DeleteCert(certHandle, name);
+ goto shutdown;
}
/* Rename cert (--rename) */
if (certutil.commands[cmd_Rename].activated) {
- rv = RenameCert(certHandle, name, newName);
- goto shutdown;
+ rv = RenameCert(certHandle, name, newName);
+ goto shutdown;
}
/* Delete key (-F) */
if (certutil.commands[cmd_DeleteKey].activated) {
- rv = DeleteKey(name, &pwdata);
- goto shutdown;
+ rv = DeleteKey(name, &pwdata);
+ goto shutdown;
}
/* Modify trust attribute for cert (-M) */
if (certutil.commands[cmd_ModifyCertTrust].activated) {
- rv = ChangeTrustAttributes(certHandle, slot, name,
- certutil.options[opt_Trust].arg, &pwdata);
- goto shutdown;
+ rv = ChangeTrustAttributes(certHandle, slot, name,
+ certutil.options[opt_Trust].arg, &pwdata);
+ goto shutdown;
}
/* Change key db password (-W) (future - change pw to slot?) */
if (certutil.commands[cmd_ChangePassword].activated) {
- rv = SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
- certutil.options[opt_NewPasswordFile].arg);
- goto shutdown;
+ rv = SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
+ certutil.options[opt_NewPasswordFile].arg);
+ goto shutdown;
}
/* Reset the a token */
if (certutil.commands[cmd_TokenReset].activated) {
- char *sso_pass = "";
+ char *sso_pass = "";
- if (certutil.options[opt_SSOPass].activated) {
- sso_pass = certutil.options[opt_SSOPass].arg;
- }
- rv = PK11_ResetToken(slot,sso_pass);
+ if (certutil.options[opt_SSOPass].activated) {
+ sso_pass = certutil.options[opt_SSOPass].arg;
+ }
+ rv = PK11_ResetToken(slot, sso_pass);
- goto shutdown;
+ goto shutdown;
}
/* Check cert validity against current time (-V) */
if (certutil.commands[cmd_CheckCertValidity].activated) {
- /* XXX temporary hack for fips - must log in to get priv key */
- if (certutil.options[opt_VerifySig].activated) {
- if (slot && PK11_NeedLogin(slot)) {
+ /* XXX temporary hack for fips - must log in to get priv key */
+ if (certutil.options[opt_VerifySig].activated) {
+ if (slot && PK11_NeedLogin(slot)) {
SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, &pwdata);
if (newrv != SECSuccess) {
SECU_PrintError(progName, "could not authenticate to token %s.",
@@ -3213,17 +3229,17 @@ merge_fail:
goto shutdown;
}
}
- }
- rv = ValidateCert(certHandle, name,
- certutil.options[opt_ValidityTime].arg,
- certutil.options[opt_Usage].arg,
- certutil.options[opt_VerifySig].activated,
- certutil.options[opt_DetailedInfo].activated,
- certutil.options[opt_ASCIIForIO].activated,
- &pwdata);
- if (rv != SECSuccess && PR_GetError() == SEC_ERROR_INVALID_ARGS)
+ }
+ rv = ValidateCert(certHandle, name,
+ certutil.options[opt_ValidityTime].arg,
+ certutil.options[opt_Usage].arg,
+ certutil.options[opt_VerifySig].activated,
+ certutil.options[opt_DetailedInfo].activated,
+ certutil.options[opt_ASCIIForIO].activated,
+ &pwdata);
+ if (rv != SECSuccess && PR_GetError() == SEC_ERROR_INVALID_ARGS)
SECU_PrintError(progName, "validation failed");
- goto shutdown;
+ goto shutdown;
}
/*
@@ -3233,68 +3249,68 @@ merge_fail:
/* These commands may require keygen. */
if (certutil.commands[cmd_CertReq].activated ||
certutil.commands[cmd_CreateAndAddCert].activated ||
- certutil.commands[cmd_GenKeyPair].activated) {
- if (keysource) {
- CERTCertificate *keycert;
- keycert = CERT_FindCertByNicknameOrEmailAddr(certHandle, keysource);
- if (!keycert) {
- keycert = PK11_FindCertFromNickname(keysource, NULL);
- if (!keycert) {
- SECU_PrintError(progName,
- "%s is neither a key-type nor a nickname", keysource);
- return SECFailure;
- }
- }
- privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata);
- if (privkey)
- pubkey = CERT_ExtractPublicKey(keycert);
- if (!pubkey) {
- SECU_PrintError(progName,
- "Could not get keys from cert %s", keysource);
- rv = SECFailure;
- CERT_DestroyCertificate(keycert);
- goto shutdown;
- }
- keytype = privkey->keyType;
- /* On CertReq for renewal if no subject has been
- * specified obtain it from the certificate.
- */
- if (certutil.commands[cmd_CertReq].activated && !subject) {
- subject = CERT_AsciiToName(keycert->subjectName);
- if (!subject) {
- SECU_PrintError(progName,
- "Could not get subject from certificate %s", keysource);
- CERT_DestroyCertificate(keycert);
- rv = SECFailure;
- goto shutdown;
- }
- }
- CERT_DestroyCertificate(keycert);
- } else {
- privkey =
- CERTUTIL_GeneratePrivateKey(keytype, slot, keysize,
- publicExponent,
- certutil.options[opt_NoiseFile].arg,
- &pubkey,
- certutil.options[opt_PQGFile].arg,
- keyAttrFlags,
- keyOpFlagsOn,
- keyOpFlagsOff,
- &pwdata);
- if (privkey == NULL) {
- SECU_PrintError(progName, "unable to generate key(s)\n");
- rv = SECFailure;
- goto shutdown;
- }
- }
- privkey->wincx = &pwdata;
- PORT_Assert(pubkey != NULL);
-
- /* If all that was needed was keygen, exit. */
- if (certutil.commands[cmd_GenKeyPair].activated) {
- rv = SECSuccess;
- goto shutdown;
- }
+ certutil.commands[cmd_GenKeyPair].activated) {
+ if (keysource) {
+ CERTCertificate *keycert;
+ keycert = CERT_FindCertByNicknameOrEmailAddr(certHandle, keysource);
+ if (!keycert) {
+ keycert = PK11_FindCertFromNickname(keysource, NULL);
+ if (!keycert) {
+ SECU_PrintError(progName,
+ "%s is neither a key-type nor a nickname", keysource);
+ return SECFailure;
+ }
+ }
+ privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata);
+ if (privkey)
+ pubkey = CERT_ExtractPublicKey(keycert);
+ if (!pubkey) {
+ SECU_PrintError(progName,
+ "Could not get keys from cert %s", keysource);
+ rv = SECFailure;
+ CERT_DestroyCertificate(keycert);
+ goto shutdown;
+ }
+ keytype = privkey->keyType;
+ /* On CertReq for renewal if no subject has been
+ * specified obtain it from the certificate.
+ */
+ if (certutil.commands[cmd_CertReq].activated && !subject) {
+ subject = CERT_AsciiToName(keycert->subjectName);
+ if (!subject) {
+ SECU_PrintError(progName,
+ "Could not get subject from certificate %s", keysource);
+ CERT_DestroyCertificate(keycert);
+ rv = SECFailure;
+ goto shutdown;
+ }
+ }
+ CERT_DestroyCertificate(keycert);
+ } else {
+ privkey =
+ CERTUTIL_GeneratePrivateKey(keytype, slot, keysize,
+ publicExponent,
+ certutil.options[opt_NoiseFile].arg,
+ &pubkey,
+ certutil.options[opt_PQGFile].arg,
+ keyAttrFlags,
+ keyOpFlagsOn,
+ keyOpFlagsOff,
+ &pwdata);
+ if (privkey == NULL) {
+ SECU_PrintError(progName, "unable to generate key(s)\n");
+ rv = SECFailure;
+ goto shutdown;
+ }
+ }
+ privkey->wincx = &pwdata;
+ PORT_Assert(pubkey != NULL);
+
+ /* If all that was needed was keygen, exit. */
+ if (certutil.commands[cmd_GenKeyPair].activated) {
+ rv = SECSuccess;
+ goto shutdown;
+ }
}
/* If we need a list of extensions convert the flags into list format */
@@ -3311,15 +3327,15 @@ merge_fail:
certutil.options[opt_AddCmdKeyUsageExt].arg;
}
certutil_extns[ext_basicConstraint].activated =
- certutil.options[opt_AddBasicConstraintExt].activated;
+ certutil.options[opt_AddBasicConstraintExt].activated;
certutil_extns[ext_nameConstraints].activated =
- certutil.options[opt_AddNameConstraintsExt].activated;
+ certutil.options[opt_AddNameConstraintsExt].activated;
certutil_extns[ext_authorityKeyID].activated =
- certutil.options[opt_AddAuthorityKeyIDExt].activated;
+ certutil.options[opt_AddAuthorityKeyIDExt].activated;
certutil_extns[ext_subjectKeyID].activated =
- certutil.options[opt_AddSubjectKeyIDExt].activated;
+ certutil.options[opt_AddSubjectKeyIDExt].activated;
certutil_extns[ext_CRLDistPts].activated =
- certutil.options[opt_AddCRLDistPtsExt].activated;
+ certutil.options[opt_AddCRLDistPtsExt].activated;
certutil_extns[ext_NSCertType].activated =
certutil.options[opt_AddCmdNSCertTypeExt].activated;
if (!certutil_extns[ext_NSCertType].activated) {
@@ -3340,36 +3356,36 @@ merge_fail:
certutil.options[opt_AddCmdExtKeyUsageExt].arg;
}
certutil_extns[ext_subjectAltName].activated =
- certutil.options[opt_AddSubjectAltNameExt].activated;
+ certutil.options[opt_AddSubjectAltNameExt].activated;
if (certutil_extns[ext_subjectAltName].activated) {
certutil_extns[ext_subjectAltName].arg =
certutil.options[opt_AddSubjectAltNameExt].arg;
}
certutil_extns[ext_authInfoAcc].activated =
- certutil.options[opt_AddAuthInfoAccExt].activated;
+ certutil.options[opt_AddAuthInfoAccExt].activated;
certutil_extns[ext_subjInfoAcc].activated =
- certutil.options[opt_AddSubjInfoAccExt].activated;
+ certutil.options[opt_AddSubjInfoAccExt].activated;
certutil_extns[ext_certPolicies].activated =
- certutil.options[opt_AddCertPoliciesExt].activated;
+ certutil.options[opt_AddCertPoliciesExt].activated;
certutil_extns[ext_policyMappings].activated =
- certutil.options[opt_AddPolicyMapExt].activated;
+ certutil.options[opt_AddPolicyMapExt].activated;
certutil_extns[ext_policyConstr].activated =
- certutil.options[opt_AddPolicyConstrExt].activated;
+ certutil.options[opt_AddPolicyConstrExt].activated;
certutil_extns[ext_inhibitAnyPolicy].activated =
- certutil.options[opt_AddInhibAnyExt].activated;
+ certutil.options[opt_AddInhibAnyExt].activated;
}
/* -A -C or -E Read inFile */
if (certutil.commands[cmd_CreateNewCert].activated ||
- certutil.commands[cmd_AddCert].activated ||
- certutil.commands[cmd_AddEmailCert].activated) {
- PRBool isCreate = certutil.commands[cmd_CreateNewCert].activated;
- rv = SECU_ReadDERFromFile(isCreate ? &certReqDER : &certDER, inFile,
- certutil.options[opt_ASCIIForIO].activated,
- PR_TRUE);
- if (rv)
- goto shutdown;
+ certutil.commands[cmd_AddCert].activated ||
+ certutil.commands[cmd_AddEmailCert].activated) {
+ PRBool isCreate = certutil.commands[cmd_CreateNewCert].activated;
+ rv = SECU_ReadDERFromFile(isCreate ? &certReqDER : &certDER, inFile,
+ certutil.options[opt_ASCIIForIO].activated,
+ PR_TRUE);
+ if (rv)
+ goto shutdown;
}
/*
@@ -3378,18 +3394,19 @@ merge_fail:
/* Make a cert request (-R). */
if (certutil.commands[cmd_CertReq].activated) {
- rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject,
- certutil.options[opt_PhoneNumber].arg,
- certutil.options[opt_ASCIIForIO].activated,
- certutil.options[opt_ExtendedEmailAddrs].arg,
- certutil.options[opt_ExtendedDNSNames].arg,
+ rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject,
+ certutil.options[opt_PhoneNumber].arg,
+ certutil.options[opt_ASCIIForIO].activated,
+ certutil.options[opt_ExtendedEmailAddrs].arg,
+ certutil.options[opt_ExtendedDNSNames].arg,
certutil_extns,
- (certutil.options[opt_GenericExtensions].activated ?
- certutil.options[opt_GenericExtensions].arg : NULL),
+ (certutil.options[opt_GenericExtensions].activated ?
+ certutil.options[opt_GenericExtensions].arg
+ : NULL),
&certReqDER);
- if (rv)
- goto shutdown;
- privkey->wincx = &pwdata;
+ if (rv)
+ goto shutdown;
+ privkey->wincx = &pwdata;
}
/*
@@ -3401,105 +3418,107 @@ merge_fail:
* and output the cert to another file.
*/
if (certutil.commands[cmd_CreateAndAddCert].activated) {
- static certutilExtnList nullextnlist = {{PR_FALSE, NULL}};
- rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject,
- certutil.options[opt_PhoneNumber].arg,
- PR_FALSE, /* do not BASE64-encode regardless of -a option */
- NULL,
- NULL,
+ static certutilExtnList nullextnlist = { { PR_FALSE, NULL } };
+ rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject,
+ certutil.options[opt_PhoneNumber].arg,
+ PR_FALSE, /* do not BASE64-encode regardless of -a option */
+ NULL,
+ NULL,
nullextnlist,
- (certutil.options[opt_GenericExtensions].activated ?
- certutil.options[opt_GenericExtensions].arg : NULL),
- &certReqDER);
- if (rv)
- goto shutdown;
- privkey->wincx = &pwdata;
+ (certutil.options[opt_GenericExtensions].activated ?
+ certutil.options[opt_GenericExtensions].arg
+ : NULL),
+ &certReqDER);
+ if (rv)
+ goto shutdown;
+ privkey->wincx = &pwdata;
}
/* Create a certificate (-C or -S). */
if (certutil.commands[cmd_CreateAndAddCert].activated ||
- certutil.commands[cmd_CreateNewCert].activated) {
- rv = CreateCert(certHandle, slot,
- certutil.options[opt_IssuerName].arg,
- &certReqDER, &privkey, &pwdata, hashAlgTag,
- serialNumber, warpmonths, validityMonths,
- certutil.options[opt_ExtendedEmailAddrs].arg,
- certutil.options[opt_ExtendedDNSNames].arg,
- certutil.options[opt_ASCIIForIO].activated &&
- certutil.commands[cmd_CreateNewCert].activated,
- certutil.options[opt_SelfSign].activated,
- certutil_extns,
- (certutil.options[opt_GenericExtensions].activated ?
- certutil.options[opt_GenericExtensions].arg : NULL),
+ certutil.commands[cmd_CreateNewCert].activated) {
+ rv = CreateCert(certHandle, slot,
+ certutil.options[opt_IssuerName].arg,
+ &certReqDER, &privkey, &pwdata, hashAlgTag,
+ serialNumber, warpmonths, validityMonths,
+ certutil.options[opt_ExtendedEmailAddrs].arg,
+ certutil.options[opt_ExtendedDNSNames].arg,
+ certutil.options[opt_ASCIIForIO].activated &&
+ certutil.commands[cmd_CreateNewCert].activated,
+ certutil.options[opt_SelfSign].activated,
+ certutil_extns,
+ (certutil.options[opt_GenericExtensions].activated ?
+ certutil.options[opt_GenericExtensions].arg
+ : NULL),
certVersion,
- &certDER);
- if (rv)
- goto shutdown;
+ &certDER);
+ if (rv)
+ goto shutdown;
}
- /*
+ /*
* Adding a cert to the database (or slot)
*/
/* -A -E or -S Add the cert to the DB */
if (certutil.commands[cmd_CreateAndAddCert].activated ||
- certutil.commands[cmd_AddCert].activated ||
- certutil.commands[cmd_AddEmailCert].activated) {
- if (strstr(certutil.options[opt_Trust].arg, "u")) {
- fprintf(stderr, "Notice: Trust flag u is set automatically if the "
- "private key is present.\n");
- }
- rv = AddCert(slot, certHandle, name,
- certutil.options[opt_Trust].arg,
- &certDER,
- certutil.commands[cmd_AddEmailCert].activated,&pwdata);
- if (rv)
- goto shutdown;
+ certutil.commands[cmd_AddCert].activated ||
+ certutil.commands[cmd_AddEmailCert].activated) {
+ if (strstr(certutil.options[opt_Trust].arg, "u")) {
+ fprintf(stderr, "Notice: Trust flag u is set automatically if the "
+ "private key is present.\n");
+ }
+ rv = AddCert(slot, certHandle, name,
+ certutil.options[opt_Trust].arg,
+ &certDER,
+ certutil.commands[cmd_AddEmailCert].activated, &pwdata);
+ if (rv)
+ goto shutdown;
}
if (certutil.commands[cmd_CertReq].activated ||
- certutil.commands[cmd_CreateNewCert].activated) {
- SECItem * item = certutil.commands[cmd_CertReq].activated ? &certReqDER
- : &certDER;
- PRInt32 written = PR_Write(outFile, item->data, item->len);
- if (written < 0 || (PRUint32) written != item->len) {
- rv = SECFailure;
- }
+ certutil.commands[cmd_CreateNewCert].activated) {
+ SECItem *item = certutil.commands[cmd_CertReq].activated ? &certReqDER
+ : &certDER;
+ PRInt32 written = PR_Write(outFile, item->data, item->len);
+ if (written < 0 || (PRUint32)written != item->len) {
+ rv = SECFailure;
+ }
}
shutdown:
if (slot) {
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
}
if (privkey) {
- SECKEY_DestroyPrivateKey(privkey);
+ SECKEY_DestroyPrivateKey(privkey);
}
if (pubkey) {
- SECKEY_DestroyPublicKey(pubkey);
+ SECKEY_DestroyPublicKey(pubkey);
}
if (subject) {
- CERT_DestroyName(subject);
+ CERT_DestroyName(subject);
}
if (name) {
- PL_strfree(name);
+ PL_strfree(name);
}
if (newName) {
- PL_strfree(newName);
+ PL_strfree(newName);
}
if (inFile && inFile != PR_STDIN) {
- PR_Close(inFile);
+ PR_Close(inFile);
}
if (outFile && outFile != PR_STDOUT) {
- PR_Close(outFile);
+ PR_Close(outFile);
}
SECITEM_FreeItem(&certReqDER, PR_FALSE);
SECITEM_FreeItem(&certDER, PR_FALSE);
if (pwdata.data && pwdata.source == PW_PLAINTEXT) {
- /* Allocated by a PL_strdup call in SECU_GetModulePassword. */
- PL_strfree(pwdata.data);
+ /* Allocated by a PL_strdup call in SECU_GetModulePassword. */
+ PL_strfree(pwdata.data);
}
if (email) {
- PL_strfree(email);
+ PL_strfree(email);
}
/* Open the batch command file.
@@ -3520,106 +3539,106 @@ shutdown:
*/
if ((SECSuccess == rv) && certutil.commands[cmd_Batch].activated) {
- FILE* batchFile = NULL;
+ FILE *batchFile = NULL;
char *nextcommand = NULL;
- PRInt32 cmd_len = 0, buf_size = 0;
- static const int increment = 512;
+ PRInt32 cmd_len = 0, buf_size = 0;
+ static const int increment = 512;
if (!certutil.options[opt_InputFile].activated ||
!certutil.options[opt_InputFile].arg) {
- PR_fprintf(PR_STDERR,
- "%s: no batch input file specified.\n",
- progName);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s: no batch input file specified.\n",
+ progName);
+ return 255;
}
batchFile = fopen(certutil.options[opt_InputFile].arg, "r");
if (!batchFile) {
- PR_fprintf(PR_STDERR,
- "%s: unable to open \"%s\" for reading (%ld, %ld).\n",
- progName, certutil.options[opt_InputFile].arg,
- PR_GetError(), PR_GetOSError());
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s: unable to open \"%s\" for reading (%ld, %ld).\n",
+ progName, certutil.options[opt_InputFile].arg,
+ PR_GetError(), PR_GetOSError());
+ return 255;
}
/* read and execute command-lines in a loop */
- while ( SECSuccess == rv ) {
+ while (SECSuccess == rv) {
PRBool invalid = PR_FALSE;
int newargc = 2;
- char* space = NULL;
- char* nextarg = NULL;
- char** newargv = NULL;
- char* crlf;
-
- if (cmd_len + increment > buf_size) {
- char * new_buf;
- buf_size += increment;
- new_buf = PORT_Realloc(nextcommand, buf_size);
- if (!new_buf) {
- PR_fprintf(PR_STDERR, "%s: PORT_Realloc(%ld) failed\n",
- progName, buf_size);
- break;
- }
- nextcommand = new_buf;
- nextcommand[cmd_len] = '\0';
- }
- if (!fgets(nextcommand + cmd_len, buf_size - cmd_len, batchFile)) {
- break;
- }
+ char *space = NULL;
+ char *nextarg = NULL;
+ char **newargv = NULL;
+ char *crlf;
+
+ if (cmd_len + increment > buf_size) {
+ char *new_buf;
+ buf_size += increment;
+ new_buf = PORT_Realloc(nextcommand, buf_size);
+ if (!new_buf) {
+ PR_fprintf(PR_STDERR, "%s: PORT_Realloc(%ld) failed\n",
+ progName, buf_size);
+ break;
+ }
+ nextcommand = new_buf;
+ nextcommand[cmd_len] = '\0';
+ }
+ if (!fgets(nextcommand + cmd_len, buf_size - cmd_len, batchFile)) {
+ break;
+ }
crlf = PORT_Strrchr(nextcommand, '\n');
if (crlf) {
*crlf = '\0';
}
- cmd_len = strlen(nextcommand);
- if (cmd_len && nextcommand[cmd_len - 1] == '\\') {
- nextcommand[--cmd_len] = '\0';
- continue;
- }
+ cmd_len = strlen(nextcommand);
+ if (cmd_len && nextcommand[cmd_len - 1] == '\\') {
+ nextcommand[--cmd_len] = '\0';
+ continue;
+ }
/* we now need to split the command into argc / argv format */
- newargv = PORT_Alloc(sizeof(char*)*(newargc+1));
+ newargv = PORT_Alloc(sizeof(char *) * (newargc + 1));
newargv[0] = progName;
newargv[1] = nextcommand;
nextarg = nextcommand;
- while ((space = PORT_Strpbrk(nextarg, " \f\n\r\t\v")) ) {
- while (isspace(*space) ) {
+ while ((space = PORT_Strpbrk(nextarg, " \f\n\r\t\v"))) {
+ while (isspace(*space)) {
*space = '\0';
- space ++;
+ space++;
}
if (*space == '\0') {
break;
} else if (*space != '\"') {
nextarg = space;
} else {
- char* closingquote = strchr(space+1, '\"');
+ char *closingquote = strchr(space + 1, '\"');
if (closingquote) {
*closingquote = '\0';
space++;
- nextarg = closingquote+1;
+ nextarg = closingquote + 1;
} else {
invalid = PR_TRUE;
nextarg = space;
}
}
newargc++;
- newargv = PORT_Realloc(newargv, sizeof(char*)*(newargc+1));
- newargv[newargc-1] = space;
+ newargv = PORT_Realloc(newargv, sizeof(char *) * (newargc + 1));
+ newargv[newargc - 1] = space;
}
newargv[newargc] = NULL;
-
+
/* invoke next command */
if (PR_TRUE == invalid) {
PR_fprintf(PR_STDERR, "Missing closing quote in batch command :\n%s\nNot executed.\n",
nextcommand);
rv = SECFailure;
} else {
- if (0 != certutil_main(newargc, newargv, PR_FALSE) )
+ if (0 != certutil_main(newargc, newargv, PR_FALSE))
rv = SECFailure;
}
PORT_Free(newargv);
- cmd_len = 0;
- nextcommand[0] = '\0';
+ cmd_len = 0;
+ nextcommand[0] = '\0';
}
- PORT_Free(nextcommand);
+ PORT_Free(nextcommand);
fclose(batchFile);
}
@@ -3627,9 +3646,9 @@ shutdown:
exit(1);
}
if (rv == SECSuccess) {
- return 0;
+ return 0;
} else {
- return 255;
+ return 255;
}
}
@@ -3641,4 +3660,3 @@ main(int argc, char **argv)
PR_Cleanup();
return rv;
}
-
diff --git a/cmd/certutil/certutil.h b/cmd/certutil/certutil.h
index 928664907..565587264 100644
--- a/cmd/certutil/certutil.h
+++ b/cmd/certutil/certutil.h
@@ -3,11 +3,11 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef _CERTUTIL_H
-#define _CERTUTIL_H
+#define _CERTUTIL_H
extern SECKEYPrivateKey *
CERTUTIL_GeneratePrivateKey(KeyType keytype,
- PK11SlotInfo *slot,
+ PK11SlotInfo *slot,
int rsasize,
int publicExponent,
char *noise,
@@ -41,7 +41,7 @@ enum certutilExtns {
typedef struct ExtensionEntryStr {
PRBool activated;
- const char *arg;
+ const char *arg;
} ExtensionEntry;
typedef ExtensionEntry certutilExtnList[ext_End];
@@ -54,5 +54,4 @@ extern SECStatus
GetOidFromString(PLArenaPool *arena, SECItem *to,
const char *from, size_t fromLen);
-#endif /* _CERTUTIL_H */
-
+#endif /* _CERTUTIL_H */
diff --git a/cmd/certutil/keystuff.c b/cmd/certutil/keystuff.c
index 1bc6cab4a..27a38450b 100644
--- a/cmd/certutil/keystuff.c
+++ b/cmd/certutil/keystuff.c
@@ -12,13 +12,13 @@
#include <termios.h>
#endif
-#if defined(XP_WIN) || defined (XP_PC)
+#if defined(XP_WIN) || defined(XP_PC)
#include <time.h>
#include <conio.h>
#endif
#if defined(__sun) && !defined(SVR4)
-extern int fclose(FILE*);
+extern int fclose(FILE *);
extern int fprintf(FILE *, char *, ...);
extern int isatty(int);
extern char *sys_errlist[];
@@ -35,13 +35,15 @@ extern char *sys_errlist[];
#define NUM_KEYSTROKES 120
#define RAND_BUF_SIZE 60
-#define ERROR_BREAK rv = SECFailure;break;
+#define ERROR_BREAK \
+ rv = SECFailure; \
+ break;
const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, prime) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, subPrime) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, base) },
{ 0 }
};
@@ -49,20 +51,21 @@ const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
static int
UpdateRNG(void)
{
- char randbuf[RAND_BUF_SIZE];
- int fd, count;
- int c;
- int rv = 0;
+ char randbuf[RAND_BUF_SIZE];
+ int fd, count;
+ int c;
+ int rv = 0;
#ifdef XP_UNIX
- cc_t orig_cc_min;
- cc_t orig_cc_time;
- tcflag_t orig_lflag;
+ cc_t orig_cc_min;
+ cc_t orig_cc_time;
+ tcflag_t orig_lflag;
struct termios tio;
#endif
- char meter[] = {
- "\r| |" };
+ char meter[] = {
+ "\r| |"
+ };
-#define FPS fprintf(stderr,
+#define FPS fprintf(stderr,
FPS "\n");
FPS "A random seed must be generated that will be used in the\n");
FPS "creation of your key. One of the easiest ways to create a\n");
@@ -95,19 +98,19 @@ UpdateRNG(void)
count = 0;
while (count < sizeof randbuf) {
#if defined(XP_UNIX)
- c = getc(stdin);
+ c = getc(stdin);
#else
- c = getch();
+ c = getch();
#endif
- if (c == EOF) {
- rv = -1;
- break;
- }
- randbuf[count] = c;
- if (count == 0 || c != randbuf[count-1]) {
- count++;
- FPS "*");
- }
+ if (c == EOF) {
+ rv = -1;
+ break;
+ }
+ randbuf[count] = c;
+ if (count == 0 || c != randbuf[count - 1]) {
+ count++;
+ FPS "*");
+ }
}
PK11_RandomUpdate(randbuf, sizeof randbuf);
memset(randbuf, 0, sizeof randbuf);
@@ -115,9 +118,9 @@ UpdateRNG(void)
FPS "\n\n");
FPS "Finished. Press enter to continue: ");
while ((c = getc(stdin)) != '\n' && c != EOF)
- ;
- if (c == EOF)
- rv = -1;
+ ;
+ if (c == EOF)
+ rv = -1;
FPS "\n");
#undef FPS
@@ -132,78 +135,78 @@ UpdateRNG(void)
return rv;
}
-static const unsigned char P[] = { 0,
- 0xc6, 0x2a, 0x47, 0x73, 0xea, 0x78, 0xfa, 0x65,
- 0x47, 0x69, 0x39, 0x10, 0x08, 0x55, 0x6a, 0xdd,
- 0xbf, 0x77, 0xe1, 0x9a, 0x69, 0x73, 0xba, 0x66,
- 0x37, 0x08, 0x93, 0x9e, 0xdb, 0x5d, 0x01, 0x08,
- 0xb8, 0x3a, 0x73, 0xe9, 0x85, 0x5f, 0xa7, 0x2b,
- 0x63, 0x7f, 0xd0, 0xc6, 0x4c, 0xdc, 0xfc, 0x8b,
- 0xa6, 0x03, 0xc9, 0x9c, 0x80, 0x5e, 0xec, 0xc6,
- 0x21, 0x23, 0xf7, 0x8e, 0xa4, 0x7b, 0x77, 0x83,
- 0x02, 0x44, 0xf8, 0x05, 0xd7, 0x36, 0x52, 0x13,
- 0x57, 0x78, 0x97, 0xf3, 0x7b, 0xcf, 0x1f, 0xc9,
- 0x2a, 0xa4, 0x71, 0x9d, 0xa8, 0xd8, 0x5d, 0xc5,
- 0x3b, 0x64, 0x3a, 0x72, 0x60, 0x62, 0xb0, 0xb8,
- 0xf3, 0xb1, 0xe7, 0xb9, 0x76, 0xdf, 0x74, 0xbe,
- 0x87, 0x6a, 0xd2, 0xf1, 0xa9, 0x44, 0x8b, 0x63,
- 0x76, 0x4f, 0x5d, 0x21, 0x63, 0xb5, 0x4f, 0x3c,
- 0x7b, 0x61, 0xb2, 0xf3, 0xea, 0xc5, 0xd8, 0xef,
- 0x30, 0x50, 0x59, 0x33, 0x61, 0xc0, 0xf3, 0x6e,
- 0x21, 0xcf, 0x15, 0x35, 0x4a, 0x87, 0x2b, 0xc3,
- 0xf6, 0x5a, 0x1f, 0x24, 0x22, 0xc5, 0xeb, 0x47,
- 0x34, 0x4a, 0x1b, 0xb5, 0x2e, 0x71, 0x52, 0x8f,
- 0x2d, 0x7d, 0xa9, 0x96, 0x8a, 0x7c, 0x61, 0xdb,
- 0xc0, 0xdc, 0xf1, 0xca, 0x28, 0x69, 0x1c, 0x97,
- 0xad, 0xea, 0x0d, 0x9e, 0x02, 0xe6, 0xe5, 0x7d,
- 0xad, 0xe0, 0x42, 0x91, 0x4d, 0xfa, 0xe2, 0x81,
- 0x16, 0x2b, 0xc2, 0x96, 0x3b, 0x32, 0x8c, 0x20,
- 0x69, 0x8b, 0x5b, 0x17, 0x3c, 0xf9, 0x13, 0x6c,
- 0x98, 0x27, 0x1c, 0xca, 0xcf, 0x33, 0xaa, 0x93,
- 0x21, 0xaf, 0x17, 0x6e, 0x5e, 0x00, 0x37, 0xd9,
- 0x34, 0x8a, 0x47, 0xd2, 0x1c, 0x67, 0x32, 0x60,
- 0xb6, 0xc7, 0xb0, 0xfd, 0x32, 0x90, 0x93, 0x32,
- 0xaa, 0x11, 0xba, 0x23, 0x19, 0x39, 0x6a, 0x42,
- 0x7c, 0x1f, 0xb7, 0x28, 0xdb, 0x64, 0xad, 0xd9 };
+static const unsigned char P[] = { 0,
+ 0xc6, 0x2a, 0x47, 0x73, 0xea, 0x78, 0xfa, 0x65,
+ 0x47, 0x69, 0x39, 0x10, 0x08, 0x55, 0x6a, 0xdd,
+ 0xbf, 0x77, 0xe1, 0x9a, 0x69, 0x73, 0xba, 0x66,
+ 0x37, 0x08, 0x93, 0x9e, 0xdb, 0x5d, 0x01, 0x08,
+ 0xb8, 0x3a, 0x73, 0xe9, 0x85, 0x5f, 0xa7, 0x2b,
+ 0x63, 0x7f, 0xd0, 0xc6, 0x4c, 0xdc, 0xfc, 0x8b,
+ 0xa6, 0x03, 0xc9, 0x9c, 0x80, 0x5e, 0xec, 0xc6,
+ 0x21, 0x23, 0xf7, 0x8e, 0xa4, 0x7b, 0x77, 0x83,
+ 0x02, 0x44, 0xf8, 0x05, 0xd7, 0x36, 0x52, 0x13,
+ 0x57, 0x78, 0x97, 0xf3, 0x7b, 0xcf, 0x1f, 0xc9,
+ 0x2a, 0xa4, 0x71, 0x9d, 0xa8, 0xd8, 0x5d, 0xc5,
+ 0x3b, 0x64, 0x3a, 0x72, 0x60, 0x62, 0xb0, 0xb8,
+ 0xf3, 0xb1, 0xe7, 0xb9, 0x76, 0xdf, 0x74, 0xbe,
+ 0x87, 0x6a, 0xd2, 0xf1, 0xa9, 0x44, 0x8b, 0x63,
+ 0x76, 0x4f, 0x5d, 0x21, 0x63, 0xb5, 0x4f, 0x3c,
+ 0x7b, 0x61, 0xb2, 0xf3, 0xea, 0xc5, 0xd8, 0xef,
+ 0x30, 0x50, 0x59, 0x33, 0x61, 0xc0, 0xf3, 0x6e,
+ 0x21, 0xcf, 0x15, 0x35, 0x4a, 0x87, 0x2b, 0xc3,
+ 0xf6, 0x5a, 0x1f, 0x24, 0x22, 0xc5, 0xeb, 0x47,
+ 0x34, 0x4a, 0x1b, 0xb5, 0x2e, 0x71, 0x52, 0x8f,
+ 0x2d, 0x7d, 0xa9, 0x96, 0x8a, 0x7c, 0x61, 0xdb,
+ 0xc0, 0xdc, 0xf1, 0xca, 0x28, 0x69, 0x1c, 0x97,
+ 0xad, 0xea, 0x0d, 0x9e, 0x02, 0xe6, 0xe5, 0x7d,
+ 0xad, 0xe0, 0x42, 0x91, 0x4d, 0xfa, 0xe2, 0x81,
+ 0x16, 0x2b, 0xc2, 0x96, 0x3b, 0x32, 0x8c, 0x20,
+ 0x69, 0x8b, 0x5b, 0x17, 0x3c, 0xf9, 0x13, 0x6c,
+ 0x98, 0x27, 0x1c, 0xca, 0xcf, 0x33, 0xaa, 0x93,
+ 0x21, 0xaf, 0x17, 0x6e, 0x5e, 0x00, 0x37, 0xd9,
+ 0x34, 0x8a, 0x47, 0xd2, 0x1c, 0x67, 0x32, 0x60,
+ 0xb6, 0xc7, 0xb0, 0xfd, 0x32, 0x90, 0x93, 0x32,
+ 0xaa, 0x11, 0xba, 0x23, 0x19, 0x39, 0x6a, 0x42,
+ 0x7c, 0x1f, 0xb7, 0x28, 0xdb, 0x64, 0xad, 0xd9 };
static const unsigned char Q[] = { 0,
- 0xe6, 0xa3, 0xc9, 0xc6, 0x51, 0x92, 0x8b, 0xb3,
- 0x98, 0x8f, 0x97, 0xb8, 0x31, 0x0d, 0x4a, 0x03,
- 0x1e, 0xba, 0x4e, 0xe6, 0xc8, 0x90, 0x98, 0x1d,
- 0x3a, 0x95, 0xf4, 0xf1 };
-static const unsigned char G[] = {
- 0x70, 0x32, 0x58, 0x5d, 0xb3, 0xbf, 0xc3, 0x62,
- 0x63, 0x0b, 0xf8, 0xa5, 0xe1, 0xed, 0xeb, 0x79,
- 0xac, 0x18, 0x41, 0x64, 0xb3, 0xda, 0x4c, 0xa7,
- 0x92, 0x63, 0xb1, 0x33, 0x7c, 0xcb, 0x43, 0xdc,
- 0x1f, 0x38, 0x63, 0x5e, 0x0e, 0x6d, 0x45, 0xd1,
- 0xc9, 0x67, 0xf3, 0xcf, 0x3d, 0x2d, 0x16, 0x4e,
- 0x92, 0x16, 0x06, 0x59, 0x29, 0x89, 0x6f, 0x54,
- 0xff, 0xc5, 0x71, 0xc8, 0x3a, 0x95, 0x84, 0xb6,
- 0x7e, 0x7b, 0x1e, 0x8b, 0x47, 0x9d, 0x7a, 0x3a,
- 0x36, 0x9b, 0x70, 0x2f, 0xd1, 0xbd, 0xef, 0xe8,
- 0x3a, 0x41, 0xd4, 0xf3, 0x1f, 0x81, 0xc7, 0x1f,
- 0x96, 0x7c, 0x30, 0xab, 0xf4, 0x7a, 0xac, 0x93,
- 0xed, 0x6f, 0x67, 0xb0, 0xc9, 0x5b, 0xf3, 0x83,
- 0x9d, 0xa0, 0xd7, 0xb9, 0x01, 0xed, 0x28, 0xae,
- 0x1c, 0x6e, 0x2e, 0x48, 0xac, 0x9f, 0x7d, 0xf3,
- 0x00, 0x48, 0xee, 0x0e, 0xfb, 0x7e, 0x5e, 0xcb,
- 0xf5, 0x39, 0xd8, 0x92, 0x90, 0x61, 0x2d, 0x1e,
- 0x3c, 0xd3, 0x55, 0x0d, 0x34, 0xd1, 0x81, 0xc4,
- 0x89, 0xea, 0x94, 0x2b, 0x56, 0x33, 0x73, 0x58,
- 0x48, 0xbf, 0x23, 0x72, 0x19, 0x5f, 0x19, 0xac,
- 0xff, 0x09, 0xc8, 0xcd, 0xab, 0x71, 0xef, 0x9e,
- 0x20, 0xfd, 0xe3, 0xb8, 0x27, 0x9e, 0x65, 0xb1,
- 0x85, 0xcd, 0x88, 0xfe, 0xd4, 0xd7, 0x64, 0x4d,
- 0xe1, 0xe8, 0xa6, 0xe5, 0x96, 0xc8, 0x5d, 0x9c,
- 0xc6, 0x70, 0x6b, 0xba, 0x77, 0x4e, 0x90, 0x4a,
- 0xb0, 0x96, 0xc5, 0xa0, 0x9e, 0x2c, 0x01, 0x03,
- 0xbe, 0xbd, 0x71, 0xba, 0x0a, 0x6f, 0x9f, 0xe5,
- 0xdb, 0x04, 0x08, 0xf2, 0x9e, 0x0f, 0x1b, 0xac,
- 0xcd, 0xbb, 0x65, 0x12, 0xcf, 0x77, 0xc9, 0x7d,
- 0xbe, 0x94, 0x4b, 0x9c, 0x5b, 0xde, 0x0d, 0xfa,
- 0x57, 0xdd, 0x77, 0x32, 0xf0, 0x5b, 0x34, 0xfd,
- 0x19, 0x95, 0x33, 0x60, 0x87, 0xe2, 0xa2, 0xf4 };
-
+ 0xe6, 0xa3, 0xc9, 0xc6, 0x51, 0x92, 0x8b, 0xb3,
+ 0x98, 0x8f, 0x97, 0xb8, 0x31, 0x0d, 0x4a, 0x03,
+ 0x1e, 0xba, 0x4e, 0xe6, 0xc8, 0x90, 0x98, 0x1d,
+ 0x3a, 0x95, 0xf4, 0xf1 };
+static const unsigned char G[] = {
+ 0x70, 0x32, 0x58, 0x5d, 0xb3, 0xbf, 0xc3, 0x62,
+ 0x63, 0x0b, 0xf8, 0xa5, 0xe1, 0xed, 0xeb, 0x79,
+ 0xac, 0x18, 0x41, 0x64, 0xb3, 0xda, 0x4c, 0xa7,
+ 0x92, 0x63, 0xb1, 0x33, 0x7c, 0xcb, 0x43, 0xdc,
+ 0x1f, 0x38, 0x63, 0x5e, 0x0e, 0x6d, 0x45, 0xd1,
+ 0xc9, 0x67, 0xf3, 0xcf, 0x3d, 0x2d, 0x16, 0x4e,
+ 0x92, 0x16, 0x06, 0x59, 0x29, 0x89, 0x6f, 0x54,
+ 0xff, 0xc5, 0x71, 0xc8, 0x3a, 0x95, 0x84, 0xb6,
+ 0x7e, 0x7b, 0x1e, 0x8b, 0x47, 0x9d, 0x7a, 0x3a,
+ 0x36, 0x9b, 0x70, 0x2f, 0xd1, 0xbd, 0xef, 0xe8,
+ 0x3a, 0x41, 0xd4, 0xf3, 0x1f, 0x81, 0xc7, 0x1f,
+ 0x96, 0x7c, 0x30, 0xab, 0xf4, 0x7a, 0xac, 0x93,
+ 0xed, 0x6f, 0x67, 0xb0, 0xc9, 0x5b, 0xf3, 0x83,
+ 0x9d, 0xa0, 0xd7, 0xb9, 0x01, 0xed, 0x28, 0xae,
+ 0x1c, 0x6e, 0x2e, 0x48, 0xac, 0x9f, 0x7d, 0xf3,
+ 0x00, 0x48, 0xee, 0x0e, 0xfb, 0x7e, 0x5e, 0xcb,
+ 0xf5, 0x39, 0xd8, 0x92, 0x90, 0x61, 0x2d, 0x1e,
+ 0x3c, 0xd3, 0x55, 0x0d, 0x34, 0xd1, 0x81, 0xc4,
+ 0x89, 0xea, 0x94, 0x2b, 0x56, 0x33, 0x73, 0x58,
+ 0x48, 0xbf, 0x23, 0x72, 0x19, 0x5f, 0x19, 0xac,
+ 0xff, 0x09, 0xc8, 0xcd, 0xab, 0x71, 0xef, 0x9e,
+ 0x20, 0xfd, 0xe3, 0xb8, 0x27, 0x9e, 0x65, 0xb1,
+ 0x85, 0xcd, 0x88, 0xfe, 0xd4, 0xd7, 0x64, 0x4d,
+ 0xe1, 0xe8, 0xa6, 0xe5, 0x96, 0xc8, 0x5d, 0x9c,
+ 0xc6, 0x70, 0x6b, 0xba, 0x77, 0x4e, 0x90, 0x4a,
+ 0xb0, 0x96, 0xc5, 0xa0, 0x9e, 0x2c, 0x01, 0x03,
+ 0xbe, 0xbd, 0x71, 0xba, 0x0a, 0x6f, 0x9f, 0xe5,
+ 0xdb, 0x04, 0x08, 0xf2, 0x9e, 0x0f, 0x1b, 0xac,
+ 0xcd, 0xbb, 0x65, 0x12, 0xcf, 0x77, 0xc9, 0x7d,
+ 0xbe, 0x94, 0x4b, 0x9c, 0x5b, 0xde, 0x0d, 0xfa,
+ 0x57, 0xdd, 0x77, 0x32, 0xf0, 0x5b, 0x34, 0xfd,
+ 0x19, 0x95, 0x33, 0x60, 0x87, 0xe2, 0xa2, 0xf4
+};
/* P, Q, G have been generated using the NSS makepqg utility:
* makepqg -l 2048 -g 224 -r
@@ -236,33 +239,33 @@ decode_pqg_params(const char *str)
PLArenaPool *arena;
SECKEYPQGParams *params;
SECStatus status;
-
+
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL)
return NULL;
-
+
params = PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams));
if (params == NULL)
goto loser;
params->arena = arena;
-
+
buf = (char *)ATOB_AsciiToData(str, &len);
if ((buf == NULL) || (len == 0))
goto loser;
-
+
status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, buf, len);
if (status != SECSuccess)
goto loser;
-
+
return params;
-
+
loser:
if (arena != NULL)
PORT_FreeArena(arena, PR_FALSE);
return NULL;
}
-void
+void
CERTUTIL_DestroyParamsPQG(SECKEYPQGParams *params)
{
if (params->arena) {
@@ -274,110 +277,110 @@ static int
pqg_prime_bits(const SECKEYPQGParams *params)
{
int primeBits = 0;
-
+
if (params != NULL) {
- int i;
- for (i = 0; params->prime.data[i] == 0; i++) {
- /* empty */;
- }
- primeBits = (params->prime.len - i) * 8;
+ int i;
+ for (i = 0; params->prime.data[i] == 0; i++) {
+ /* empty */;
+ }
+ primeBits = (params->prime.len - i) * 8;
}
-
+
return primeBits;
}
static char *
getPQGString(const char *filename)
{
- unsigned char *buf = NULL;
- PRFileDesc *src;
- PRInt32 numBytes;
- PRStatus prStatus;
- PRFileInfo info;
+ unsigned char *buf = NULL;
+ PRFileDesc *src;
+ PRInt32 numBytes;
+ PRStatus prStatus;
+ PRFileInfo info;
- src = PR_Open(filename, PR_RDONLY, 0);
+ src = PR_Open(filename, PR_RDONLY, 0);
if (!src) {
- fprintf(stderr, "Failed to open PQG file %s\n", filename);
- return NULL;
+ fprintf(stderr, "Failed to open PQG file %s\n", filename);
+ return NULL;
}
prStatus = PR_GetOpenFileInfo(src, &info);
if (prStatus == PR_SUCCESS) {
- buf = (unsigned char*)PORT_Alloc(info.size + 1);
+ buf = (unsigned char *)PORT_Alloc(info.size + 1);
}
if (!buf) {
- PR_Close(src);
- fprintf(stderr, "Failed to read PQG file %s\n", filename);
- return NULL;
+ PR_Close(src);
+ fprintf(stderr, "Failed to read PQG file %s\n", filename);
+ return NULL;
}
numBytes = PR_Read(src, buf, info.size);
PR_Close(src);
if (numBytes != info.size) {
- PORT_Free(buf);
- fprintf(stderr, "Failed to read PQG file %s\n", filename);
- PORT_SetError(SEC_ERROR_IO);
- return NULL;
+ PORT_Free(buf);
+ fprintf(stderr, "Failed to read PQG file %s\n", filename);
+ PORT_SetError(SEC_ERROR_IO);
+ return NULL;
}
- if (buf[numBytes-1] == '\n')
- numBytes--;
- if (buf[numBytes-1] == '\r')
- numBytes--;
+ if (buf[numBytes - 1] == '\n')
+ numBytes--;
+ if (buf[numBytes - 1] == '\r')
+ numBytes--;
buf[numBytes] = 0;
-
+
return (char *)buf;
}
-static SECKEYPQGParams*
+static SECKEYPQGParams *
getpqgfromfile(int keyBits, const char *pqgFile)
{
char *end, *str, *pqgString;
- SECKEYPQGParams* params = NULL;
+ SECKEYPQGParams *params = NULL;
str = pqgString = getPQGString(pqgFile);
- if (!str)
- return NULL;
+ if (!str)
+ return NULL;
do {
- end = PORT_Strchr(str, ',');
- if (end)
- *end = '\0';
- params = decode_pqg_params(str);
- if (params) {
- int primeBits = pqg_prime_bits(params);
- if (keyBits == primeBits)
- break;
- CERTUTIL_DestroyParamsPQG(params);
- params = NULL;
- }
- if (end)
- str = end + 1;
+ end = PORT_Strchr(str, ',');
+ if (end)
+ *end = '\0';
+ params = decode_pqg_params(str);
+ if (params) {
+ int primeBits = pqg_prime_bits(params);
+ if (keyBits == primeBits)
+ break;
+ CERTUTIL_DestroyParamsPQG(params);
+ params = NULL;
+ }
+ if (end)
+ str = end + 1;
} while (end);
PORT_Free(pqgString);
return params;
}
-static SECStatus
+static SECStatus
CERTUTIL_FileForRNG(const char *noise)
{
char buf[2048];
PRFileDesc *fd;
PRInt32 count;
- fd = PR_Open(noise,PR_RDONLY,0);
+ fd = PR_Open(noise, PR_RDONLY, 0);
if (!fd) {
- fprintf(stderr, "failed to open noise file.");
- return SECFailure;
+ fprintf(stderr, "failed to open noise file.");
+ return SECFailure;
}
do {
- count = PR_Read(fd,buf,sizeof(buf));
- if (count > 0) {
- PK11_RandomUpdate(buf,count);
- }
+ count = PR_Read(fd, buf, sizeof(buf));
+ if (count > 0) {
+ PK11_RandomUpdate(buf, count);
+ }
} while (count > 0);
PR_Close(fd);
@@ -390,92 +393,92 @@ typedef struct curveNameTagPairStr {
SECOidTag curveOidTag;
} CurveNameTagPair;
-#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
+#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */
static CurveNameTagPair nameTagPair[] =
-{
- { "sect163k1", SEC_OID_SECG_EC_SECT163K1},
- { "nistk163", SEC_OID_SECG_EC_SECT163K1},
- { "sect163r1", SEC_OID_SECG_EC_SECT163R1},
- { "sect163r2", SEC_OID_SECG_EC_SECT163R2},
- { "nistb163", SEC_OID_SECG_EC_SECT163R2},
- { "sect193r1", SEC_OID_SECG_EC_SECT193R1},
- { "sect193r2", SEC_OID_SECG_EC_SECT193R2},
- { "sect233k1", SEC_OID_SECG_EC_SECT233K1},
- { "nistk233", SEC_OID_SECG_EC_SECT233K1},
- { "sect233r1", SEC_OID_SECG_EC_SECT233R1},
- { "nistb233", SEC_OID_SECG_EC_SECT233R1},
- { "sect239k1", SEC_OID_SECG_EC_SECT239K1},
- { "sect283k1", SEC_OID_SECG_EC_SECT283K1},
- { "nistk283", SEC_OID_SECG_EC_SECT283K1},
- { "sect283r1", SEC_OID_SECG_EC_SECT283R1},
- { "nistb283", SEC_OID_SECG_EC_SECT283R1},
- { "sect409k1", SEC_OID_SECG_EC_SECT409K1},
- { "nistk409", SEC_OID_SECG_EC_SECT409K1},
- { "sect409r1", SEC_OID_SECG_EC_SECT409R1},
- { "nistb409", SEC_OID_SECG_EC_SECT409R1},
- { "sect571k1", SEC_OID_SECG_EC_SECT571K1},
- { "nistk571", SEC_OID_SECG_EC_SECT571K1},
- { "sect571r1", SEC_OID_SECG_EC_SECT571R1},
- { "nistb571", SEC_OID_SECG_EC_SECT571R1},
- { "secp160k1", SEC_OID_SECG_EC_SECP160K1},
- { "secp160r1", SEC_OID_SECG_EC_SECP160R1},
- { "secp160r2", SEC_OID_SECG_EC_SECP160R2},
- { "secp192k1", SEC_OID_SECG_EC_SECP192K1},
- { "secp192r1", SEC_OID_SECG_EC_SECP192R1},
- { "nistp192", SEC_OID_SECG_EC_SECP192R1},
- { "secp224k1", SEC_OID_SECG_EC_SECP224K1},
- { "secp224r1", SEC_OID_SECG_EC_SECP224R1},
- { "nistp224", SEC_OID_SECG_EC_SECP224R1},
- { "secp256k1", SEC_OID_SECG_EC_SECP256K1},
- { "secp256r1", SEC_OID_SECG_EC_SECP256R1},
- { "nistp256", SEC_OID_SECG_EC_SECP256R1},
- { "secp384r1", SEC_OID_SECG_EC_SECP384R1},
- { "nistp384", SEC_OID_SECG_EC_SECP384R1},
- { "secp521r1", SEC_OID_SECG_EC_SECP521R1},
- { "nistp521", SEC_OID_SECG_EC_SECP521R1},
-
- { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
- { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
- { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
- { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
- { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
- { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
-
- { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
- { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
- { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
- { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
- { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
- { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
- { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
- { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
- { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
- { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
- { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
- { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
- { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
- { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
- { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
- { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
- { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
- { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
- { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
- { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
-
- { "secp112r1", SEC_OID_SECG_EC_SECP112R1},
- { "secp112r2", SEC_OID_SECG_EC_SECP112R2},
- { "secp128r1", SEC_OID_SECG_EC_SECP128R1},
- { "secp128r2", SEC_OID_SECG_EC_SECP128R2},
-
- { "sect113r1", SEC_OID_SECG_EC_SECT113R1},
- { "sect113r2", SEC_OID_SECG_EC_SECT113R2},
- { "sect131r1", SEC_OID_SECG_EC_SECT131R1},
- { "sect131r2", SEC_OID_SECG_EC_SECT131R2},
-};
-
-static SECKEYECParams *
+ {
+ { "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
+ { "nistk163", SEC_OID_SECG_EC_SECT163K1 },
+ { "sect163r1", SEC_OID_SECG_EC_SECT163R1 },
+ { "sect163r2", SEC_OID_SECG_EC_SECT163R2 },
+ { "nistb163", SEC_OID_SECG_EC_SECT163R2 },
+ { "sect193r1", SEC_OID_SECG_EC_SECT193R1 },
+ { "sect193r2", SEC_OID_SECG_EC_SECT193R2 },
+ { "sect233k1", SEC_OID_SECG_EC_SECT233K1 },
+ { "nistk233", SEC_OID_SECG_EC_SECT233K1 },
+ { "sect233r1", SEC_OID_SECG_EC_SECT233R1 },
+ { "nistb233", SEC_OID_SECG_EC_SECT233R1 },
+ { "sect239k1", SEC_OID_SECG_EC_SECT239K1 },
+ { "sect283k1", SEC_OID_SECG_EC_SECT283K1 },
+ { "nistk283", SEC_OID_SECG_EC_SECT283K1 },
+ { "sect283r1", SEC_OID_SECG_EC_SECT283R1 },
+ { "nistb283", SEC_OID_SECG_EC_SECT283R1 },
+ { "sect409k1", SEC_OID_SECG_EC_SECT409K1 },
+ { "nistk409", SEC_OID_SECG_EC_SECT409K1 },
+ { "sect409r1", SEC_OID_SECG_EC_SECT409R1 },
+ { "nistb409", SEC_OID_SECG_EC_SECT409R1 },
+ { "sect571k1", SEC_OID_SECG_EC_SECT571K1 },
+ { "nistk571", SEC_OID_SECG_EC_SECT571K1 },
+ { "sect571r1", SEC_OID_SECG_EC_SECT571R1 },
+ { "nistb571", SEC_OID_SECG_EC_SECT571R1 },
+ { "secp160k1", SEC_OID_SECG_EC_SECP160K1 },
+ { "secp160r1", SEC_OID_SECG_EC_SECP160R1 },
+ { "secp160r2", SEC_OID_SECG_EC_SECP160R2 },
+ { "secp192k1", SEC_OID_SECG_EC_SECP192K1 },
+ { "secp192r1", SEC_OID_SECG_EC_SECP192R1 },
+ { "nistp192", SEC_OID_SECG_EC_SECP192R1 },
+ { "secp224k1", SEC_OID_SECG_EC_SECP224K1 },
+ { "secp224r1", SEC_OID_SECG_EC_SECP224R1 },
+ { "nistp224", SEC_OID_SECG_EC_SECP224R1 },
+ { "secp256k1", SEC_OID_SECG_EC_SECP256K1 },
+ { "secp256r1", SEC_OID_SECG_EC_SECP256R1 },
+ { "nistp256", SEC_OID_SECG_EC_SECP256R1 },
+ { "secp384r1", SEC_OID_SECG_EC_SECP384R1 },
+ { "nistp384", SEC_OID_SECG_EC_SECP384R1 },
+ { "secp521r1", SEC_OID_SECG_EC_SECP521R1 },
+ { "nistp521", SEC_OID_SECG_EC_SECP521R1 },
+
+ { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
+ { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
+ { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
+ { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
+ { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
+ { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
+
+ { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
+ { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
+ { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
+ { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
+ { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
+ { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
+ { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
+ { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
+ { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
+ { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
+ { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
+ { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
+ { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
+ { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
+ { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
+ { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
+ { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
+ { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
+ { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
+ { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
+
+ { "secp112r1", SEC_OID_SECG_EC_SECP112R1 },
+ { "secp112r2", SEC_OID_SECG_EC_SECP112R2 },
+ { "secp128r1", SEC_OID_SECG_EC_SECP128R1 },
+ { "secp128r2", SEC_OID_SECG_EC_SECP128R2 },
+
+ { "sect113r1", SEC_OID_SECG_EC_SECT113R1 },
+ { "sect113r2", SEC_OID_SECG_EC_SECT113R2 },
+ { "sect131r1", SEC_OID_SECG_EC_SECT131R1 },
+ { "sect131r2", SEC_OID_SECG_EC_SECT131R2 },
+ };
+
+static SECKEYECParams *
getECParams(const char *curve)
{
SECKEYECParams *ecparams;
@@ -484,19 +487,19 @@ getECParams(const char *curve)
int i, numCurves;
if (curve != NULL) {
- numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
- for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
- i++) {
- if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
- curveOidTag = nameTagPair[i].curveOidTag;
- }
+ numCurves = sizeof(nameTagPair) / sizeof(CurveNameTagPair);
+ for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
+ i++) {
+ if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
+ curveOidTag = nameTagPair[i].curveOidTag;
+ }
}
/* Return NULL if curve name is not recognized */
- if ((curveOidTag == SEC_OID_UNKNOWN) ||
- (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
+ if ((curveOidTag == SEC_OID_UNKNOWN) ||
+ (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
- return NULL;
+ return NULL;
}
ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
@@ -516,86 +519,92 @@ getECParams(const char *curve)
SECKEYPrivateKey *
CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
- int publicExponent, const char *noise,
- SECKEYPublicKey **pubkeyp, const char *pqgFile,
- PK11AttrFlags attrFlags, CK_FLAGS opFlagsOn,
- CK_FLAGS opFlagsOff, secuPWData *pwdata)
+ int publicExponent, const char *noise,
+ SECKEYPublicKey **pubkeyp, const char *pqgFile,
+ PK11AttrFlags attrFlags, CK_FLAGS opFlagsOn,
+ CK_FLAGS opFlagsOff, secuPWData *pwdata)
{
- CK_MECHANISM_TYPE mechanism;
- PK11RSAGenParams rsaparams;
- SECKEYPQGParams * dsaparams = NULL;
- void * params;
- SECKEYPrivateKey * privKey = NULL;
+ CK_MECHANISM_TYPE mechanism;
+ PK11RSAGenParams rsaparams;
+ SECKEYPQGParams *dsaparams = NULL;
+ void *params;
+ SECKEYPrivateKey *privKey = NULL;
if (slot == NULL)
- return NULL;
+ return NULL;
if (PK11_Authenticate(slot, PR_TRUE, pwdata) != SECSuccess)
- return NULL;
+ return NULL;
/*
* Do some random-number initialization.
*/
if (noise) {
- SECStatus rv = CERTUTIL_FileForRNG(noise);
- if (rv != SECSuccess) {
- PORT_SetError(PR_END_OF_FILE_ERROR); /* XXX */
- return NULL;
- }
+ SECStatus rv = CERTUTIL_FileForRNG(noise);
+ if (rv != SECSuccess) {
+ PORT_SetError(PR_END_OF_FILE_ERROR); /* XXX */
+ return NULL;
+ }
} else {
- int rv = UpdateRNG();
- if (rv) {
- PORT_SetError(PR_END_OF_FILE_ERROR);
- return NULL;
- }
+ int rv = UpdateRNG();
+ if (rv) {
+ PORT_SetError(PR_END_OF_FILE_ERROR);
+ return NULL;
+ }
}
switch (keytype) {
- case rsaKey:
- rsaparams.keySizeInBits = size;
- rsaparams.pe = publicExponent;
- mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
- params = &rsaparams;
- break;
- case dsaKey:
- mechanism = CKM_DSA_KEY_PAIR_GEN;
- if (pqgFile) {
- dsaparams = getpqgfromfile(size, pqgFile);
- if (dsaparams == NULL)
- return NULL;
- params = dsaparams;
- } else {
- /* cast away const, and don't set dsaparams */
- params = (void *)&default_pqg_params;
- }
- break;
+ case rsaKey:
+ rsaparams.keySizeInBits = size;
+ rsaparams.pe = publicExponent;
+ mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
+ params = &rsaparams;
+ break;
+ case dsaKey:
+ mechanism = CKM_DSA_KEY_PAIR_GEN;
+ if (pqgFile) {
+ dsaparams = getpqgfromfile(size, pqgFile);
+ if (dsaparams == NULL)
+ return NULL;
+ params = dsaparams;
+ } else {
+ /* cast away const, and don't set dsaparams */
+ params = (void *)&default_pqg_params;
+ }
+ break;
#ifndef NSS_DISABLE_ECC
- case ecKey:
- mechanism = CKM_EC_KEY_PAIR_GEN;
- /* For EC keys, PQGFile determines EC parameters */
- if ((params = (void *) getECParams(pqgFile)) == NULL)
- return NULL;
- break;
+ case ecKey:
+ mechanism = CKM_EC_KEY_PAIR_GEN;
+ /* For EC keys, PQGFile determines EC parameters */
+ if ((params = (void *)getECParams(pqgFile)) == NULL)
+ return NULL;
+ break;
#endif /* NSS_DISABLE_ECC */
- default:
- return NULL;
+ default:
+ return NULL;
}
fprintf(stderr, "\n\n");
fprintf(stderr, "Generating key. This may take a few moments...\n\n");
privKey = PK11_GenerateKeyPairWithOpFlags(slot, mechanism, params, pubkeyp,
- attrFlags, opFlagsOn, opFlagsOn|opFlagsOff,
- pwdata /*wincx*/);
+ attrFlags, opFlagsOn, opFlagsOn |
+ opFlagsOff,
+ pwdata /*wincx*/);
/* free up the params */
switch (keytype) {
- case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams);
- break;
+ case dsaKey:
+ if (dsaparams)
+ CERTUTIL_DestroyParamsPQG(dsaparams);
+ break;
#ifndef NSS_DISABLE_ECC
- case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break;
+ case ecKey:
+ SECITEM_FreeItem((SECItem *)params, PR_TRUE);
+ break;
#endif
- default: /* nothing to free */ break;
+ default: /* nothing to free */
+ break;
}
return privKey;
}
diff --git a/cmd/chktest/chktest.c b/cmd/chktest/chktest.c
index 49c2a16ef..a33d18457 100644
--- a/cmd/chktest/chktest.c
+++ b/cmd/chktest/chktest.c
@@ -8,7 +8,8 @@
#include "blapi.h"
#include "secutil.h"
-static int Usage()
+static int
+Usage()
{
fprintf(stderr, "Usage: chktest <full-path-to-shared-library>\n");
fprintf(stderr, " Will test for valid chk file.\n");
@@ -16,14 +17,15 @@ static int Usage()
exit(1);
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
SECStatus rv = SECFailure;
PRBool good_result = PR_FALSE;
if (argc != 2)
- return Usage();
-
+ return Usage();
+
rv = RNG_RNGInit();
if (rv != SECSuccess) {
SECU_PrintPRandOSError("");
@@ -37,7 +39,7 @@ int main(int argc, char **argv)
RNG_SystemInfoForRNG();
good_result = BLAPI_SHVerifyFile(argv[1]);
- printf("%s\n",
- (good_result ? "SUCCESS" : "FAILURE"));
+ printf("%s\n",
+ (good_result ? "SUCCESS" : "FAILURE"));
return (good_result) ? SECSuccess : SECFailure;
}
diff --git a/cmd/crlutil/crlgen.c b/cmd/crlutil/crlgen.c
index 1fad32490..5ff84c190 100644
--- a/cmd/crlutil/crlgen.c
+++ b/cmd/crlutil/crlgen.c
@@ -9,7 +9,6 @@
**
*/
-
#include <stdio.h>
#include <math.h>
@@ -23,7 +22,6 @@
#include "pk11func.h"
#include "crlgen.h"
-
/* Destroys extHandle and data. data was create on heap.
* extHandle creaded by CERT_StartCRLEntryExtensions. entry
* was allocated on arena.*/
@@ -38,9 +36,8 @@ destroyEntryData(CRLGENEntryData *data)
PORT_Free(data);
}
-
/* Prints error messages along with line number */
-void
+void
crlgen_PrintError(int line, char *msg, ...)
{
va_list args;
@@ -54,21 +51,20 @@ crlgen_PrintError(int line, char *msg, ...)
}
/* Finds CRLGENEntryData in hashtable according PRUint64 value
* - certId : cert serial number*/
-static CRLGENEntryData*
-crlgen_FindEntry(CRLGENGeneratorData *crlGenData, SECItem *certId)
+static CRLGENEntryData *
+crlgen_FindEntry(CRLGENGeneratorData *crlGenData, SECItem *certId)
{
if (!crlGenData->entryDataHashTable || !certId)
return NULL;
- return (CRLGENEntryData*)
+ return (CRLGENEntryData *)
PL_HashTableLookup(crlGenData->entryDataHashTable,
certId);
}
-
/* Removes CRLGENEntryData from hashtable according to certId
* - certId : cert serial number*/
static SECStatus
-crlgen_RmEntry(CRLGENGeneratorData *crlGenData, SECItem *certId)
+crlgen_RmEntry(CRLGENGeneratorData *crlGenData, SECItem *certId)
{
CRLGENEntryData *data = NULL;
@@ -83,10 +79,9 @@ crlgen_RmEntry(CRLGENGeneratorData *crlGenData, SECItem *certId)
return SECFailure;
}
-
/* Stores CRLGENEntryData in hashtable according to certId
* - certId : cert serial number*/
-static CRLGENEntryData*
+static CRLGENEntryData *
crlgen_PlaceAnEntry(CRLGENGeneratorData *crlGenData,
CERTCrlEntry *entry, SECItem *certId)
{
@@ -106,7 +101,7 @@ crlgen_PlaceAnEntry(CRLGENGeneratorData *crlGenData,
newData->entry = entry;
newData->certId = certId;
if (!PL_HashTableAdd(crlGenData->entryDataHashTable,
- newData->certId, newData)) {
+ newData->certId, newData)) {
crlgen_PrintError(crlGenData->parsedLineNum,
"Can not add entryData structure\n");
return NULL;
@@ -122,7 +117,7 @@ struct commitData {
/* HT PL_HashTableEnumerateEntries callback. Sorts hashtable entries of the
* table he. Returns value through arg parameter*/
-static PRIntn PR_CALLBACK
+static PRIntn PR_CALLBACK
crlgen_CommitEntryData(PLHashEntry *he, PRIntn i, void *arg)
{
CRLGENEntryData *data = NULL;
@@ -131,23 +126,21 @@ crlgen_CommitEntryData(PLHashEntry *he, PRIntn i, void *arg)
if (!he) {
return HT_ENUMERATE_NEXT;
}
- data = (CRLGENEntryData*)he->value;
+ data = (CRLGENEntryData *)he->value;
PORT_Assert(data);
PORT_Assert(arg);
if (data) {
- struct commitData *dt = (struct commitData*)arg;
+ struct commitData *dt = (struct commitData *)arg;
dt->entries[dt->pos++] = data->entry;
destroyEntryData(data);
}
return HT_ENUMERATE_NEXT;
}
-
-
/* Copy char * datainto allocated in arena SECItem */
-static SECStatus
+static SECStatus
crlgen_SetString(PLArenaPool *arena, const char *dataIn, SECItem *value)
{
SECItem item;
@@ -158,7 +151,7 @@ crlgen_SetString(PLArenaPool *arena, const char *dataIn, SECItem *value)
return SECFailure;
}
- item.data = (void*)dataIn;
+ item.data = (void *)dataIn;
item.len = PORT_Strlen(dataIn);
return SECITEM_CopyItem(arena, value, &item);
@@ -166,8 +159,8 @@ crlgen_SetString(PLArenaPool *arena, const char *dataIn, SECItem *value)
/* Creates CERTGeneralName from parsed data for the Authority Key Extension */
static CERTGeneralName *
-crlgen_GetGeneralName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
- const char *data)
+crlgen_GetGeneralName(PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
+ const char *data)
{
CERTGeneralName *namesList = NULL;
CERTGeneralName *current;
@@ -181,13 +174,13 @@ crlgen_GetGeneralName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
if (!data)
return NULL;
- PORT_Assert (arena);
+ PORT_Assert(arena);
if (!arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
- mark = PORT_ArenaMark (arena);
+ mark = PORT_ArenaMark(arena);
nextChunk = data;
currData = data;
@@ -207,7 +200,7 @@ crlgen_GetGeneralName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
(nextChunk - sepPrt - 1));
buffer[nextChunk - sepPrt - 1] = '\0';
}
- nameLen = PR_MIN(sepPrt - currData, sizeof(name) - 1 );
+ nameLen = PR_MIN(sepPrt - currData, sizeof(name) - 1);
PORT_Memcpy(name, currData, nameLen);
name[nameLen] = '\0';
currData = nextChunk + 1;
@@ -230,7 +223,8 @@ crlgen_GetGeneralName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
intValue = certIPAddress;
else if (!PORT_Strcmp(name, "registerID"))
intValue = certRegisterID;
- else intValue = -1;
+ else
+ intValue = -1;
if (intValue >= certOtherName && intValue <= certRegisterID) {
if (namesList == NULL) {
@@ -249,52 +243,52 @@ crlgen_GetGeneralName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
}
current->type = intValue;
switch (current->type) {
- case certURI:
- case certDNSName:
- case certRFC822Name:
- current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer));
- if (current->name.other.data == NULL) {
- rv = SECFailure;
- break;
- }
- PORT_Memcpy(current->name.other.data, buffer,
- current->name.other.len = strlen(buffer));
- break;
-
- case certEDIPartyName:
- case certIPAddress:
- case certOtherName:
- case certRegisterID:
- case certX400Address: {
-
- current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer) + 2);
- if (current->name.other.data == NULL) {
- rv = SECFailure;
- break;
- }
-
- PORT_Memcpy (current->name.other.data + 2, buffer, strlen (buffer));
-/* This may not be accurate for all cases.For now, use this tag type */
- current->name.other.data[0] = (char)(((current->type - 1) & 0x1f)| 0x80);
- current->name.other.data[1] = (char)strlen (buffer);
- current->name.other.len = strlen (buffer) + 2;
- break;
- }
-
- case certDirectoryName: {
- CERTName *directoryName = NULL;
-
- directoryName = CERT_AsciiToName (buffer);
- if (!directoryName) {
- rv = SECFailure;
- break;
- }
-
- rv = CERT_CopyName (arena, &current->name.directoryName, directoryName);
- CERT_DestroyName (directoryName);
-
- break;
- }
+ case certURI:
+ case certDNSName:
+ case certRFC822Name:
+ current->name.other.data = PORT_ArenaAlloc(arena, strlen(buffer));
+ if (current->name.other.data == NULL) {
+ rv = SECFailure;
+ break;
+ }
+ PORT_Memcpy(current->name.other.data, buffer,
+ current->name.other.len = strlen(buffer));
+ break;
+
+ case certEDIPartyName:
+ case certIPAddress:
+ case certOtherName:
+ case certRegisterID:
+ case certX400Address: {
+
+ current->name.other.data = PORT_ArenaAlloc(arena, strlen(buffer) + 2);
+ if (current->name.other.data == NULL) {
+ rv = SECFailure;
+ break;
+ }
+
+ PORT_Memcpy(current->name.other.data + 2, buffer, strlen(buffer));
+ /* This may not be accurate for all cases.For now, use this tag type */
+ current->name.other.data[0] = (char)(((current->type - 1) & 0x1f) | 0x80);
+ current->name.other.data[1] = (char)strlen(buffer);
+ current->name.other.len = strlen(buffer) + 2;
+ break;
+ }
+
+ case certDirectoryName: {
+ CERTName *directoryName = NULL;
+
+ directoryName = CERT_AsciiToName(buffer);
+ if (!directoryName) {
+ rv = SECFailure;
+ break;
+ }
+
+ rv = CERT_CopyName(arena, &current->name.directoryName, directoryName);
+ CERT_DestroyName(directoryName);
+
+ break;
+ }
}
if (rv != SECSuccess)
break;
@@ -303,10 +297,10 @@ crlgen_GetGeneralName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
tail->l.next = &(current->l);
tail = current;
- } while(nextChunk != data + strlen(data));
+ } while (nextChunk != data + strlen(data));
if (rv != SECSuccess) {
- PORT_ArenaRelease (arena, mark);
+ PORT_ArenaRelease(arena, mark);
namesList = NULL;
}
return (namesList);
@@ -314,8 +308,8 @@ crlgen_GetGeneralName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
/* Creates CERTGeneralName from parsed data for the Authority Key Extension */
static CERTGeneralName *
-crlgen_DistinguishedName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
- const char *data)
+crlgen_DistinguishedName(PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
+ const char *data)
{
CERTName *directoryName = NULL;
CERTGeneralName *current;
@@ -324,13 +318,13 @@ crlgen_DistinguishedName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
if (!data)
return NULL;
- PORT_Assert (arena);
+ PORT_Assert(arena);
if (!arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
- mark = PORT_ArenaMark (arena);
+ mark = PORT_ArenaMark(arena);
current = PORT_ArenaZNew(arena, CERTGeneralName);
if (current == NULL) {
@@ -339,29 +333,28 @@ crlgen_DistinguishedName (PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
current->type = certDirectoryName;
current->l.next = &current->l;
current->l.prev = &current->l;
-
- directoryName = CERT_AsciiToName ((char*)data);
+
+ directoryName = CERT_AsciiToName((char *)data);
if (!directoryName) {
goto loser;
}
-
- rv = CERT_CopyName (arena, &current->name.directoryName, directoryName);
- CERT_DestroyName (directoryName);
- loser:
+ rv = CERT_CopyName(arena, &current->name.directoryName, directoryName);
+ CERT_DestroyName(directoryName);
+
+loser:
if (rv != SECSuccess) {
- PORT_SetError (rv);
- PORT_ArenaRelease (arena, mark);
+ PORT_SetError(rv);
+ PORT_ArenaRelease(arena, mark);
current = NULL;
}
return (current);
}
-
/* Adding Authority Key ID extension to extension handle. */
-static SECStatus
-crlgen_AddAuthKeyID (CRLGENGeneratorData *crlGenData,
- const char **dataArr)
+static SECStatus
+crlgen_AddAuthKeyID(CRLGENGeneratorData *crlGenData,
+ const char **dataArr)
{
void *extHandle = NULL;
CERTAuthKeyID *authKeyID = NULL;
@@ -394,18 +387,18 @@ crlgen_AddAuthKeyID (CRLGENGeneratorData *crlGenData,
}
if (dataArr[3] == NULL) {
- rv = crlgen_SetString (arena, dataArr[2], &authKeyID->keyID);
+ rv = crlgen_SetString(arena, dataArr[2], &authKeyID->keyID);
if (rv != SECSuccess)
goto loser;
} else {
- rv = crlgen_SetString (arena, dataArr[3],
- &authKeyID->authCertSerialNumber);
+ rv = crlgen_SetString(arena, dataArr[3],
+ &authKeyID->authCertSerialNumber);
if (rv != SECSuccess)
goto loser;
- authKeyID->authCertIssuer =
- crlgen_DistinguishedName (arena, crlGenData, dataArr[2]);
- if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError ()){
+ authKeyID->authCertIssuer =
+ crlgen_DistinguishedName(arena, crlGenData, dataArr[2]);
+ if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError()) {
crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n");
rv = SECFailure;
goto loser;
@@ -415,25 +408,24 @@ crlgen_AddAuthKeyID (CRLGENGeneratorData *crlGenData,
rv =
SECU_EncodeAndAddExtensionValue(arena, extHandle, authKeyID,
(*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
- SEC_OID_X509_AUTH_KEY_ID,
- (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID);
- loser:
+ SEC_OID_X509_AUTH_KEY_ID,
+ (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAuthKeyID);
+loser:
if (arena)
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return rv;
-}
+}
/* Creates and add Subject Alternative Names extension */
-static SECStatus
+static SECStatus
crlgen_AddIssuerAltNames(CRLGENGeneratorData *crlGenData,
- const char **dataArr)
+ const char **dataArr)
{
CERTGeneralName *nameList = NULL;
PLArenaPool *arena = NULL;
void *extHandle = NULL;
SECStatus rv = SECSuccess;
-
PORT_Assert(dataArr && crlGenData);
if (!crlGenData || !dataArr) {
return SECFailure;
@@ -475,16 +467,16 @@ crlgen_AddIssuerAltNames(CRLGENGeneratorData *crlGenData,
rv =
SECU_EncodeAndAddExtensionValue(arena, extHandle, nameList,
(*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
- SEC_OID_X509_ISSUER_ALT_NAME,
+ SEC_OID_X509_ISSUER_ALT_NAME,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAltNameExtension);
- loser:
+loser:
if (arena)
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return rv;
}
/* Creates and adds CRLNumber extension to extension handle.
- * Since, this is CRL extension, extension handle is the one
+ * Since, this is CRL extension, extension handle is the one
* related to CRL extensions */
static SECStatus
crlgen_AddCrlNumber(CRLGENGeneratorData *crlGenData, const char **dataArr)
@@ -525,21 +517,19 @@ crlgen_AddCrlNumber(CRLGENGeneratorData *crlGenData, const char **dataArr)
goto loser;
}
- rv = CERT_AddExtension (extHandle, SEC_OID_X509_CRL_NUMBER, &encodedItem,
- (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
- PR_TRUE);
+ rv = CERT_AddExtension(extHandle, SEC_OID_X509_CRL_NUMBER, &encodedItem,
+ (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
+ PR_TRUE);
- loser:
+loser:
if (arena)
PORT_FreeArena(arena, PR_FALSE);
return rv;
-
}
-
/* Creates Cert Revocation Reason code extension. Encodes it and
* returns as SECItem structure */
-static SECItem*
+static SECItem *
crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr,
int *extCode)
{
@@ -551,11 +541,11 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr,
PORT_Assert(arena && dataArr);
if (!arena || !dataArr) {
goto loser;
- }
+ }
mark = PORT_ArenaMark(arena);
- encodedItem = PORT_ArenaZNew (arena, SECItem);
+ encodedItem = PORT_ArenaZNew(arena, SECItem);
if (encodedItem == NULL) {
goto loser;
}
@@ -566,10 +556,10 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr,
}
code = atoi(dataArr[2]);
- /* aACompromise(10) is the last possible of the values
+ /* aACompromise(10) is the last possible of the values
* for the Reason Core Extension */
if ((code == 0 && *dataArr[2] != '0') || code > 10) {
-
+
PORT_SetError(SEC_ERROR_INVALID_ARGS);
goto loser;
}
@@ -582,18 +572,18 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr,
*extCode = SEC_OID_X509_REASON_CODE;
return encodedItem;
- loser:
+loser:
if (mark) {
- PORT_ArenaRelease (arena, mark);
+ PORT_ArenaRelease(arena, mark);
}
return NULL;
}
/* Creates Cert Invalidity Date extension. Encodes it and
* returns as SECItem structure */
-static SECItem*
+static SECItem *
crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr,
- int *extCode)
+ int *extCode)
{
SECItem *encodedItem;
int length = 0;
@@ -602,7 +592,7 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr,
PORT_Assert(arena && dataArr);
if (!arena || !dataArr) {
goto loser;
- }
+ }
mark = PORT_ArenaMark(arena);
@@ -620,12 +610,12 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr,
}
PORT_Memcpy(encodedItem->data, dataArr[2], (encodedItem->len = length) *
- sizeof(char));
+ sizeof(char));
*extCode = SEC_OID_X509_INVALID_DATE;
return encodedItem;
-
- loser:
+
+loser:
if (mark) {
PORT_ArenaRelease(arena, mark);
}
@@ -638,26 +628,25 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr,
static SECStatus
crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData,
const char **dataArr, char *extName,
- SECItem* (*extCreator)(PLArenaPool *arena,
+ SECItem *(*extCreator)(PLArenaPool *arena,
const char **dataArr,
int *extCode))
{
PRUint64 i = 0;
SECStatus rv = SECFailure;
int extCode = 0;
- PRUint64 lastRange ;
+ PRUint64 lastRange;
SECItem *ext = NULL;
PLArenaPool *arena = NULL;
-
- PORT_Assert(crlGenData && dataArr);
+ PORT_Assert(crlGenData && dataArr);
if (!crlGenData || !dataArr) {
goto loser;
- }
-
+ }
+
if (!dataArr[0] || !dataArr[1]) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
- crlgen_PrintError(crlGenData->parsedLineNum,
+ crlgen_PrintError(crlGenData->parsedLineNum,
"insufficient number of arguments.\n");
}
@@ -670,16 +659,16 @@ crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData,
ext = extCreator(arena, dataArr, &extCode);
if (ext == NULL) {
- crlgen_PrintError(crlGenData->parsedLineNum,
+ crlgen_PrintError(crlGenData->parsedLineNum,
"got error while creating extension: %s\n",
extName);
goto loser;
}
- for (i = 0;i < lastRange;i++) {
- CRLGENEntryData * extData = NULL;
+ for (i = 0; i < lastRange; i++) {
+ CRLGENEntryData *extData = NULL;
void *extHandle = NULL;
- SECItem * certIdItem =
+ SECItem *certIdItem =
SEC_ASN1EncodeInteger(arena, NULL,
crlGenData->rangeFrom + i);
if (!certIdItem) {
@@ -700,9 +689,9 @@ crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData,
if (extHandle == NULL) {
extHandle = extData->extHandle =
CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl,
- (CERTCrlEntry*)extData->entry);
+ (CERTCrlEntry *)extData->entry);
}
- rv = CERT_AddExtension (extHandle, extCode, ext,
+ rv = CERT_AddExtension(extHandle, extCode, ext,
(*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
PR_TRUE);
if (rv == SECFailure) {
@@ -710,13 +699,12 @@ crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData,
}
}
- loser:
+loser:
if (arena)
PORT_FreeArena(arena, PR_FALSE);
return rv;
}
-
/* Commits all added entries and their's extensions into CRL. */
SECStatus
CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData)
@@ -744,7 +732,7 @@ CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData)
size = crlGenData->entryDataHashTable->nentries;
crl->entries = NULL;
if (size) {
- crl->entries = PORT_ArenaZNewArray(arena, CERTCrlEntry*, size + 1);
+ crl->entries = PORT_ArenaZNewArray(arena, CERTCrlEntry *, size + 1);
if (!crl->entries) {
rv = SECFailure;
} else {
@@ -780,11 +768,11 @@ crlgen_InitExtensionHandle(void *extHandle,
extension = *extensions;
while (extension) {
- SECOidTag oidTag = SECOID_FindOIDTag (&extension->id);
-/* shell we skip unknown extensions? */
- CERT_AddExtension (extHandle, oidTag, &extension->value,
- (extension->critical.len != 0) ? PR_TRUE : PR_FALSE,
- PR_FALSE);
+ SECOidTag oidTag = SECOID_FindOIDTag(&extension->id);
+ /* shell we skip unknown extensions? */
+ CERT_AddExtension(extHandle, oidTag, &extension->value,
+ (extension->critical.len != 0) ? PR_TRUE : PR_FALSE,
+ PR_FALSE);
extension = *(++extensions);
}
return SECSuccess;
@@ -819,9 +807,9 @@ CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData)
CRLGENEntryData *extData =
crlgen_PlaceAnEntry(crlGenData, *entry, &(*entry)->serialNumber);
if ((*entry)->extensions) {
- extData->extHandle =
+ extData->extHandle =
CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl,
- (CERTCrlEntry*)extData->entry);
+ (CERTCrlEntry *)extData->entry);
if (crlgen_InitExtensionHandle(extData->extHandle,
(*entry)->extensions) == SECFailure)
return SECFailure;
@@ -866,14 +854,14 @@ crlgen_SetNewRangeField(CRLGENGeneratorData *crlGenData, char *value)
rangeFrom = atoi(rangeFromS);
*dashPos = '-';
- rangeToS = (char*)(dashPos + 1);
+ rangeToS = (char *)(dashPos + 1);
rangeTo = atol(rangeToS);
} else {
rangeFrom = atol(value);
rangeTo = rangeFrom;
}
- if (rangeFrom < 1 || rangeTo<rangeFrom) {
+ if (rangeFrom < 1 || rangeTo < rangeFrom) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
crlgen_PrintError(crlGenData->parsedLineNum,
"bad cert id range: %s.\n", value);
@@ -891,7 +879,7 @@ crlgen_SetNewRangeField(CRLGENGeneratorData *crlGenData, char *value)
static SECStatus
crlgen_SetIssuerField(CRLGENGeneratorData *crlGenData, char *value)
{
- crlgen_PrintError(crlGenData->parsedLineNum,
+ crlgen_PrintError(crlGenData->parsedLineNum,
"Can not change CRL issuer field.\n");
return SECFailure;
}
@@ -925,7 +913,7 @@ crlgen_SetTimeField(CRLGENGeneratorData *crlGenData, char *value,
return SECFailure;
}
length = PORT_Strlen(value);
-
+
if (setThisUpdate == PR_TRUE) {
timeDest = &crl->lastUpdate;
} else {
@@ -943,7 +931,6 @@ crlgen_SetTimeField(CRLGENGeneratorData *crlGenData, char *value,
return SECSuccess;
}
-
/* Adds new extension into CRL or added cert handles */
static SECStatus
crlgen_AddExtension(CRLGENGeneratorData *crlGenData, const char **extData)
@@ -956,7 +943,7 @@ crlgen_AddExtension(CRLGENGeneratorData *crlGenData, const char **extData)
if (extData == NULL || *extData == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
- crlgen_PrintError(crlGenData->parsedLineNum,
+ crlgen_PrintError(crlGenData->parsedLineNum,
"insufficient number of arguments.\n");
return SECFailure;
}
@@ -980,14 +967,12 @@ crlgen_AddExtension(CRLGENGeneratorData *crlGenData, const char **extData)
}
}
-
-
/* Created CRLGENEntryData for cert with serial number certId and
* adds it to entryDataHashTable. certId can be a single cert serial
* number or an inclusive rage of certs */
static SECStatus
crlgen_AddCert(CRLGENGeneratorData *crlGenData,
- char *certId, char *revocationDate)
+ char *certId, char *revocationDate)
{
CERTSignedCrl *signCrl;
SECItem *certIdItem;
@@ -997,7 +982,6 @@ crlgen_AddCert(CRLGENGeneratorData *crlGenData,
SECStatus rv = SECFailure;
void *mark;
-
PORT_Assert(crlGenData && crlGenData->signCrl &&
crlGenData->signCrl->arena);
if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) {
@@ -1024,7 +1008,7 @@ crlgen_AddCert(CRLGENGeneratorData *crlGenData,
rangeFrom = crlGenData->rangeFrom;
rangeTo = crlGenData->rangeTo;
- for (i = 0;i < rangeTo - rangeFrom + 1;i++) {
+ for (i = 0; i < rangeTo - rangeFrom + 1; i++) {
CERTCrlEntry *entry;
mark = PORT_ArenaMark(arena);
entry = PORT_ArenaZNew(arena, CERTCrlEntry);
@@ -1042,7 +1026,8 @@ crlgen_AddCert(CRLGENGeneratorData *crlGenData,
crlgen_PrintError(crlGenData->parsedLineNum,
"entry already exists. Use \"range\" "
"and \"rmcert\" before adding a new one with the "
- "same serial number %ld\n", rangeFrom + i);
+ "same serial number %ld\n",
+ rangeFrom + i);
goto loser;
}
@@ -1060,7 +1045,6 @@ crlgen_AddCert(CRLGENGeneratorData *crlGenData,
timeValLength * sizeof(char));
entry->revocationDate.len = timeValLength;
-
entry->extensions = NULL;
if (!crlgen_PlaceAnEntry(crlGenData, entry, certIdItem)) {
goto loser;
@@ -1069,14 +1053,13 @@ crlgen_AddCert(CRLGENGeneratorData *crlGenData,
}
rv = SECSuccess;
- loser:
+loser:
if (mark) {
PORT_ArenaRelease(arena, mark);
}
return rv;
}
-
/* Removes certs from entryDataHashTable which have certId serial number.
* certId can have value of a range of certs */
static SECStatus
@@ -1095,8 +1078,8 @@ crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId)
return SECFailure;
}
- for (i = 0;i < crlGenData->rangeTo - crlGenData->rangeFrom + 1;i++) {
- SECItem* certIdItem = SEC_ASN1EncodeInteger(NULL, NULL,
+ for (i = 0; i < crlGenData->rangeTo - crlGenData->rangeFrom + 1; i++) {
+ SECItem *certIdItem = SEC_ASN1EncodeInteger(NULL, NULL,
crlGenData->rangeFrom + i);
if (certIdItem) {
CRLGENEntryData *extData =
@@ -1115,16 +1098,16 @@ crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId)
/*************************************************************************
* Lex Parser Helper functions are used to store parsed information
- * in context related structures. Context(or state) is identified base on
+ * in context related structures. Context(or state) is identified base on
* a type of a instruction parser currently is going through. New context
* is identified by first token in a line. It can be addcert context,
* addext context, etc. */
-/* Updates CRL field depending on current context */
+/* Updates CRL field depending on current context */
static SECStatus
crlgen_updateCrlFn_field(CRLGENGeneratorData *crlGenData, void *str)
{
- CRLGENCrlField *fieldStr = (CRLGENCrlField*)str;
+ CRLGENCrlField *fieldStr = (CRLGENCrlField *)str;
PORT_Assert(crlGenData);
if (!crlGenData) {
@@ -1132,35 +1115,35 @@ crlgen_updateCrlFn_field(CRLGENGeneratorData *crlGenData, void *str)
return SECFailure;
}
- switch(crlGenData->contextId) {
- case CRLGEN_ISSUER_CONTEXT:
- crlgen_SetIssuerField(crlGenData, fieldStr->value);
- break;
- case CRLGEN_UPDATE_CONTEXT:
- return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_TRUE);
- break;
- case CRLGEN_NEXT_UPDATE_CONTEXT:
- return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_FALSE);
- break;
- case CRLGEN_CHANGE_RANGE_CONTEXT:
- return crlgen_SetNewRangeField(crlGenData, fieldStr->value);
- break;
- default:
- crlgen_PrintError(crlGenData->parsedLineNum,
- "syntax error (unknow token type: %d)\n",
- crlGenData->contextId);
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ switch (crlGenData->contextId) {
+ case CRLGEN_ISSUER_CONTEXT:
+ crlgen_SetIssuerField(crlGenData, fieldStr->value);
+ break;
+ case CRLGEN_UPDATE_CONTEXT:
+ return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_TRUE);
+ break;
+ case CRLGEN_NEXT_UPDATE_CONTEXT:
+ return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_FALSE);
+ break;
+ case CRLGEN_CHANGE_RANGE_CONTEXT:
+ return crlgen_SetNewRangeField(crlGenData, fieldStr->value);
+ break;
+ default:
+ crlgen_PrintError(crlGenData->parsedLineNum,
+ "syntax error (unknow token type: %d)\n",
+ crlGenData->contextId);
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
return SECSuccess;
}
-/* Sets parsed data for CRL field update into temporary structure */
+/* Sets parsed data for CRL field update into temporary structure */
static SECStatus
crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str,
- void *data, unsigned short dtype)
+ void *data, unsigned short dtype)
{
- CRLGENCrlField *fieldStr = (CRLGENCrlField*)str;
+ CRLGENCrlField *fieldStr = (CRLGENCrlField *)str;
PORT_Assert(crlGenData);
if (!crlGenData) {
@@ -1169,29 +1152,29 @@ crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str,
}
switch (crlGenData->contextId) {
- case CRLGEN_CHANGE_RANGE_CONTEXT:
- if (dtype != CRLGEN_TYPE_DIGIT && dtype != CRLGEN_TYPE_DIGIT_RANGE) {
- crlgen_PrintError(crlGenData->parsedLineNum,
- "range value should have "
- "numeric or numeric range values.\n");
- return SECFailure;
- }
- break;
- case CRLGEN_NEXT_UPDATE_CONTEXT:
- case CRLGEN_UPDATE_CONTEXT:
- if (dtype != CRLGEN_TYPE_ZDATE){
- crlgen_PrintError(crlGenData->parsedLineNum,
- "bad formated date. Should be "
- "YYYYMMDDHHMMSSZ.\n");
- return SECFailure;
- }
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- crlgen_PrintError(crlGenData->parsedLineNum,
- "syntax error (unknow token type: %d).\n",
- crlGenData->contextId, data);
- return SECFailure;
+ case CRLGEN_CHANGE_RANGE_CONTEXT:
+ if (dtype != CRLGEN_TYPE_DIGIT && dtype != CRLGEN_TYPE_DIGIT_RANGE) {
+ crlgen_PrintError(crlGenData->parsedLineNum,
+ "range value should have "
+ "numeric or numeric range values.\n");
+ return SECFailure;
+ }
+ break;
+ case CRLGEN_NEXT_UPDATE_CONTEXT:
+ case CRLGEN_UPDATE_CONTEXT:
+ if (dtype != CRLGEN_TYPE_ZDATE) {
+ crlgen_PrintError(crlGenData->parsedLineNum,
+ "bad formated date. Should be "
+ "YYYYMMDDHHMMSSZ.\n");
+ return SECFailure;
+ }
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+ "syntax error (unknow token type: %d).\n",
+ crlGenData->contextId, data);
+ return SECFailure;
}
fieldStr->value = PORT_Strdup(data);
if (!fieldStr->value) {
@@ -1200,11 +1183,11 @@ crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str,
return SECSuccess;
}
-/* Triggers cert entries update depending on current context */
+/* Triggers cert entries update depending on current context */
static SECStatus
crlgen_updateCrlFn_cert(CRLGENGeneratorData *crlGenData, void *str)
{
- CRLGENCertEntry *certStr = (CRLGENCertEntry*)str;
+ CRLGENCertEntry *certStr = (CRLGENCertEntry *)str;
PORT_Assert(crlGenData);
if (!crlGenData) {
@@ -1212,28 +1195,27 @@ crlgen_updateCrlFn_cert(CRLGENGeneratorData *crlGenData, void *str)
return SECFailure;
}
- switch(crlGenData->contextId) {
- case CRLGEN_ADD_CERT_CONTEXT:
- return crlgen_AddCert(crlGenData, certStr->certId,
- certStr->revocationTime);
- case CRLGEN_RM_CERT_CONTEXT:
- return crlgen_RmCert(crlGenData, certStr->certId);
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- crlgen_PrintError(crlGenData->parsedLineNum,
- "syntax error (unknow token type: %d).\n",
- crlGenData->contextId);
- return SECFailure;
+ switch (crlGenData->contextId) {
+ case CRLGEN_ADD_CERT_CONTEXT:
+ return crlgen_AddCert(crlGenData, certStr->certId,
+ certStr->revocationTime);
+ case CRLGEN_RM_CERT_CONTEXT:
+ return crlgen_RmCert(crlGenData, certStr->certId);
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+ "syntax error (unknow token type: %d).\n",
+ crlGenData->contextId);
+ return SECFailure;
}
}
-
-/* Sets parsed data for CRL entries update into temporary structure */
+/* Sets parsed data for CRL entries update into temporary structure */
static SECStatus
crlgen_setNextDataFn_cert(CRLGENGeneratorData *crlGenData, void *str,
- void *data, unsigned short dtype)
+ void *data, unsigned short dtype)
{
- CRLGENCertEntry *certStr = (CRLGENCertEntry*)str;
+ CRLGENCertEntry *certStr = (CRLGENCertEntry *)str;
PORT_Assert(crlGenData);
if (!crlGenData) {
@@ -1241,50 +1223,50 @@ crlgen_setNextDataFn_cert(CRLGENGeneratorData *crlGenData, void *str,
return SECFailure;
}
- switch(dtype) {
- case CRLGEN_TYPE_DIGIT:
- case CRLGEN_TYPE_DIGIT_RANGE:
- certStr->certId = PORT_Strdup(data);
- if (!certStr->certId) {
- return SECFailure;
- }
- break;
- case CRLGEN_TYPE_DATE:
- case CRLGEN_TYPE_ZDATE:
- certStr->revocationTime = PORT_Strdup(data);
- if (!certStr->revocationTime) {
- return SECFailure;
- }
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- crlgen_PrintError(crlGenData->parsedLineNum,
- "syntax error (unknow token type: %d).\n",
- crlGenData->contextId);
- return SECFailure;
+ switch (dtype) {
+ case CRLGEN_TYPE_DIGIT:
+ case CRLGEN_TYPE_DIGIT_RANGE:
+ certStr->certId = PORT_Strdup(data);
+ if (!certStr->certId) {
+ return SECFailure;
+ }
+ break;
+ case CRLGEN_TYPE_DATE:
+ case CRLGEN_TYPE_ZDATE:
+ certStr->revocationTime = PORT_Strdup(data);
+ if (!certStr->revocationTime) {
+ return SECFailure;
+ }
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ crlgen_PrintError(crlGenData->parsedLineNum,
+ "syntax error (unknow token type: %d).\n",
+ crlGenData->contextId);
+ return SECFailure;
}
return SECSuccess;
}
-/* Triggers cert entries/crl extension update */
+/* Triggers cert entries/crl extension update */
static SECStatus
crlgen_updateCrlFn_extension(CRLGENGeneratorData *crlGenData, void *str)
{
- CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry*)str;
+ CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry *)str;
- return crlgen_AddExtension(crlGenData, (const char**)extStr->extData);
+ return crlgen_AddExtension(crlGenData, (const char **)extStr->extData);
}
/* Defines maximum number of fields extension may have */
#define MAX_EXT_DATA_LENGTH 10
/* Sets parsed extension data for CRL entries/CRL extensions update
- * into temporary structure */
+ * into temporary structure */
static SECStatus
crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str,
- void *data, unsigned short dtype)
+ void *data, unsigned short dtype)
{
- CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry*)str;
+ CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry *)str;
PORT_Assert(crlGenData);
if (!crlGenData) {
@@ -1300,7 +1282,7 @@ crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str,
}
if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
- crlgen_PrintError(crlGenData->parsedLineNum,
+ crlgen_PrintError(crlGenData->parsedLineNum,
"number of fields in extension "
"exceeded maximum allowed data length: %d.\n",
MAX_EXT_DATA_LENGTH);
@@ -1315,7 +1297,6 @@ crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str,
return SECSuccess;
}
-
/****************************************************************************************
* Top level functions are triggered directly by parser.
*/
@@ -1328,32 +1309,32 @@ void
crlgen_destroyTempData(CRLGENGeneratorData *crlGenData)
{
if (crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT) {
- switch(crlGenData->contextId) {
- case CRLGEN_ISSUER_CONTEXT:
- case CRLGEN_UPDATE_CONTEXT:
- case CRLGEN_NEXT_UPDATE_CONTEXT:
- case CRLGEN_CHANGE_RANGE_CONTEXT:
- if (crlGenData->crlField->value)
- PORT_Free(crlGenData->crlField->value);
- PORT_Free(crlGenData->crlField);
- break;
- case CRLGEN_ADD_CERT_CONTEXT:
- case CRLGEN_RM_CERT_CONTEXT:
- if (crlGenData->certEntry->certId)
- PORT_Free(crlGenData->certEntry->certId);
- if (crlGenData->certEntry->revocationTime)
- PORT_Free(crlGenData->certEntry->revocationTime);
- PORT_Free(crlGenData->certEntry);
- break;
- case CRLGEN_ADD_EXTENSION_CONTEXT:
- if (crlGenData->extensionEntry->extData) {
- int i = 0;
- for (;i < crlGenData->extensionEntry->nextUpdatedData;i++)
- PORT_Free(*(crlGenData->extensionEntry->extData + i));
- PORT_Free(crlGenData->extensionEntry->extData);
- }
- PORT_Free(crlGenData->extensionEntry);
- break;
+ switch (crlGenData->contextId) {
+ case CRLGEN_ISSUER_CONTEXT:
+ case CRLGEN_UPDATE_CONTEXT:
+ case CRLGEN_NEXT_UPDATE_CONTEXT:
+ case CRLGEN_CHANGE_RANGE_CONTEXT:
+ if (crlGenData->crlField->value)
+ PORT_Free(crlGenData->crlField->value);
+ PORT_Free(crlGenData->crlField);
+ break;
+ case CRLGEN_ADD_CERT_CONTEXT:
+ case CRLGEN_RM_CERT_CONTEXT:
+ if (crlGenData->certEntry->certId)
+ PORT_Free(crlGenData->certEntry->certId);
+ if (crlGenData->certEntry->revocationTime)
+ PORT_Free(crlGenData->certEntry->revocationTime);
+ PORT_Free(crlGenData->certEntry);
+ break;
+ case CRLGEN_ADD_EXTENSION_CONTEXT:
+ if (crlGenData->extensionEntry->extData) {
+ int i = 0;
+ for (; i < crlGenData->extensionEntry->nextUpdatedData; i++)
+ PORT_Free(*(crlGenData->extensionEntry->extData + i));
+ PORT_Free(crlGenData->extensionEntry->extData);
+ }
+ PORT_Free(crlGenData->extensionEntry);
+ break;
}
crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT;
}
@@ -1370,29 +1351,28 @@ crlgen_updateCrl(CRLGENGeneratorData *crlGenData)
return SECFailure;
}
- switch(crlGenData->contextId) {
- case CRLGEN_ISSUER_CONTEXT:
- case CRLGEN_UPDATE_CONTEXT:
- case CRLGEN_NEXT_UPDATE_CONTEXT:
- case CRLGEN_CHANGE_RANGE_CONTEXT:
- rv = crlGenData->crlField->updateCrlFn(crlGenData, crlGenData->crlField);
- break;
- case CRLGEN_RM_CERT_CONTEXT:
- case CRLGEN_ADD_CERT_CONTEXT:
- rv = crlGenData->certEntry->updateCrlFn(crlGenData, crlGenData->certEntry);
- break;
- case CRLGEN_ADD_EXTENSION_CONTEXT:
- rv = crlGenData->extensionEntry->
- updateCrlFn(crlGenData, crlGenData->extensionEntry);
- break;
- case CRLGEN_UNKNOWN_CONTEXT:
- break;
- default:
- crlgen_PrintError(crlGenData->parsedLineNum,
- "unknown lang context type code: %d.\n",
- crlGenData->contextId);
- PORT_Assert(0);
- return SECFailure;
+ switch (crlGenData->contextId) {
+ case CRLGEN_ISSUER_CONTEXT:
+ case CRLGEN_UPDATE_CONTEXT:
+ case CRLGEN_NEXT_UPDATE_CONTEXT:
+ case CRLGEN_CHANGE_RANGE_CONTEXT:
+ rv = crlGenData->crlField->updateCrlFn(crlGenData, crlGenData->crlField);
+ break;
+ case CRLGEN_RM_CERT_CONTEXT:
+ case CRLGEN_ADD_CERT_CONTEXT:
+ rv = crlGenData->certEntry->updateCrlFn(crlGenData, crlGenData->certEntry);
+ break;
+ case CRLGEN_ADD_EXTENSION_CONTEXT:
+ rv = crlGenData->extensionEntry->updateCrlFn(crlGenData, crlGenData->extensionEntry);
+ break;
+ case CRLGEN_UNKNOWN_CONTEXT:
+ break;
+ default:
+ crlgen_PrintError(crlGenData->parsedLineNum,
+ "unknown lang context type code: %d.\n",
+ crlGenData->contextId);
+ PORT_Assert(0);
+ return SECFailure;
}
/* Clrean structures after crl update */
crlgen_destroyTempData(crlGenData);
@@ -1414,32 +1394,31 @@ crlgen_setNextData(CRLGENGeneratorData *crlGenData, void *data,
return SECFailure;
}
- switch(crlGenData->contextId) {
- case CRLGEN_ISSUER_CONTEXT:
- case CRLGEN_UPDATE_CONTEXT:
- case CRLGEN_NEXT_UPDATE_CONTEXT:
- case CRLGEN_CHANGE_RANGE_CONTEXT:
- rv = crlGenData->crlField->setNextDataFn(crlGenData, crlGenData->crlField,
- data, dtype);
- break;
- case CRLGEN_ADD_CERT_CONTEXT:
- case CRLGEN_RM_CERT_CONTEXT:
- rv = crlGenData->certEntry->setNextDataFn(crlGenData, crlGenData->certEntry,
- data, dtype);
- break;
- case CRLGEN_ADD_EXTENSION_CONTEXT:
- rv =
- crlGenData->extensionEntry->
- setNextDataFn(crlGenData, crlGenData->extensionEntry, data, dtype);
- break;
- case CRLGEN_UNKNOWN_CONTEXT:
- break;
- default:
- crlgen_PrintError(crlGenData->parsedLineNum,
- "unknown context type: %d.\n",
- crlGenData->contextId);
- PORT_Assert(0);
- return SECFailure;
+ switch (crlGenData->contextId) {
+ case CRLGEN_ISSUER_CONTEXT:
+ case CRLGEN_UPDATE_CONTEXT:
+ case CRLGEN_NEXT_UPDATE_CONTEXT:
+ case CRLGEN_CHANGE_RANGE_CONTEXT:
+ rv = crlGenData->crlField->setNextDataFn(crlGenData, crlGenData->crlField,
+ data, dtype);
+ break;
+ case CRLGEN_ADD_CERT_CONTEXT:
+ case CRLGEN_RM_CERT_CONTEXT:
+ rv = crlGenData->certEntry->setNextDataFn(crlGenData, crlGenData->certEntry,
+ data, dtype);
+ break;
+ case CRLGEN_ADD_EXTENSION_CONTEXT:
+ rv =
+ crlGenData->extensionEntry->setNextDataFn(crlGenData, crlGenData->extensionEntry, data, dtype);
+ break;
+ case CRLGEN_UNKNOWN_CONTEXT:
+ break;
+ default:
+ crlgen_PrintError(crlGenData->parsedLineNum,
+ "unknown context type: %d.\n",
+ crlGenData->contextId);
+ PORT_Assert(0);
+ return SECFailure;
}
return rv;
}
@@ -1456,59 +1435,58 @@ crlgen_createNewLangStruct(CRLGENGeneratorData *crlGenData,
return SECFailure;
}
- switch(structType) {
- case CRLGEN_ISSUER_CONTEXT:
- case CRLGEN_UPDATE_CONTEXT:
- case CRLGEN_NEXT_UPDATE_CONTEXT:
- case CRLGEN_CHANGE_RANGE_CONTEXT:
- crlGenData->crlField = PORT_New(CRLGENCrlField);
- if (!crlGenData->crlField) {
- return SECFailure;
- }
- crlGenData->contextId = structType;
- crlGenData->crlField->value = NULL;
- crlGenData->crlField->updateCrlFn = &crlgen_updateCrlFn_field;
- crlGenData->crlField->setNextDataFn = &crlgen_setNextDataFn_field;
- break;
- case CRLGEN_RM_CERT_CONTEXT:
- case CRLGEN_ADD_CERT_CONTEXT:
- crlGenData->certEntry = PORT_New(CRLGENCertEntry);
- if (!crlGenData->certEntry) {
- return SECFailure;
- }
- crlGenData->contextId = structType;
- crlGenData->certEntry->certId = 0;
- crlGenData->certEntry->revocationTime = NULL;
- crlGenData->certEntry->updateCrlFn = &crlgen_updateCrlFn_cert;
- crlGenData->certEntry->setNextDataFn = &crlgen_setNextDataFn_cert;
- break;
- case CRLGEN_ADD_EXTENSION_CONTEXT:
- crlGenData->extensionEntry = PORT_New(CRLGENExtensionEntry);
- if (!crlGenData->extensionEntry) {
- return SECFailure;
- }
- crlGenData->contextId = structType;
- crlGenData->extensionEntry->extData = NULL;
- crlGenData->extensionEntry->nextUpdatedData = 0;
- crlGenData->extensionEntry->updateCrlFn =
- &crlgen_updateCrlFn_extension;
- crlGenData->extensionEntry->setNextDataFn =
- &crlgen_setNextDataFn_extension;
- break;
- case CRLGEN_UNKNOWN_CONTEXT:
- break;
- default:
- crlgen_PrintError(crlGenData->parsedLineNum,
- "unknown context type: %d.\n", structType);
- PORT_Assert(0);
- return SECFailure;
+ switch (structType) {
+ case CRLGEN_ISSUER_CONTEXT:
+ case CRLGEN_UPDATE_CONTEXT:
+ case CRLGEN_NEXT_UPDATE_CONTEXT:
+ case CRLGEN_CHANGE_RANGE_CONTEXT:
+ crlGenData->crlField = PORT_New(CRLGENCrlField);
+ if (!crlGenData->crlField) {
+ return SECFailure;
+ }
+ crlGenData->contextId = structType;
+ crlGenData->crlField->value = NULL;
+ crlGenData->crlField->updateCrlFn = &crlgen_updateCrlFn_field;
+ crlGenData->crlField->setNextDataFn = &crlgen_setNextDataFn_field;
+ break;
+ case CRLGEN_RM_CERT_CONTEXT:
+ case CRLGEN_ADD_CERT_CONTEXT:
+ crlGenData->certEntry = PORT_New(CRLGENCertEntry);
+ if (!crlGenData->certEntry) {
+ return SECFailure;
+ }
+ crlGenData->contextId = structType;
+ crlGenData->certEntry->certId = 0;
+ crlGenData->certEntry->revocationTime = NULL;
+ crlGenData->certEntry->updateCrlFn = &crlgen_updateCrlFn_cert;
+ crlGenData->certEntry->setNextDataFn = &crlgen_setNextDataFn_cert;
+ break;
+ case CRLGEN_ADD_EXTENSION_CONTEXT:
+ crlGenData->extensionEntry = PORT_New(CRLGENExtensionEntry);
+ if (!crlGenData->extensionEntry) {
+ return SECFailure;
+ }
+ crlGenData->contextId = structType;
+ crlGenData->extensionEntry->extData = NULL;
+ crlGenData->extensionEntry->nextUpdatedData = 0;
+ crlGenData->extensionEntry->updateCrlFn =
+ &crlgen_updateCrlFn_extension;
+ crlGenData->extensionEntry->setNextDataFn =
+ &crlgen_setNextDataFn_extension;
+ break;
+ case CRLGEN_UNKNOWN_CONTEXT:
+ break;
+ default:
+ crlgen_PrintError(crlGenData->parsedLineNum,
+ "unknown context type: %d.\n", structType);
+ PORT_Assert(0);
+ return SECFailure;
}
return SECSuccess;
}
-
/* Parser initialization function */
-CRLGENGeneratorData*
+CRLGENGeneratorData *
CRLGEN_InitCrlGeneration(CERTSignedCrl *signCrl, PRFileDesc *src)
{
CRLGENGeneratorData *crlGenData = NULL;
@@ -1524,7 +1502,7 @@ CRLGEN_InitCrlGeneration(CERTSignedCrl *signCrl, PRFileDesc *src)
return NULL;
}
- crlGenData->entryDataHashTable =
+ crlGenData->entryDataHashTable =
PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
PL_CompareValues, NULL, NULL);
if (!crlGenData->entryDataHashTable) {
@@ -1555,4 +1533,3 @@ CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData)
PL_HashTableDestroy(crlGenData->entryDataHashTable);
PORT_Free(crlGenData);
}
-
diff --git a/cmd/crlutil/crlgen.h b/cmd/crlutil/crlgen.h
index dffd1e829..3ec792108 100644
--- a/cmd/crlutil/crlgen.h
+++ b/cmd/crlutil/crlgen.h
@@ -2,7 +2,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#ifndef _CRLGEN_H_
#define _CRLGEN_H_
@@ -13,31 +12,29 @@
#include "certt.h"
#include "secoidt.h"
-
-#define CRLGEN_UNKNOWN_CONTEXT 0
-#define CRLGEN_ISSUER_CONTEXT 1
-#define CRLGEN_UPDATE_CONTEXT 2
-#define CRLGEN_NEXT_UPDATE_CONTEXT 3
-#define CRLGEN_ADD_EXTENSION_CONTEXT 4
-#define CRLGEN_ADD_CERT_CONTEXT 6
-#define CRLGEN_CHANGE_RANGE_CONTEXT 7
-#define CRLGEN_RM_CERT_CONTEXT 8
-
-#define CRLGEN_TYPE_DATE 0
-#define CRLGEN_TYPE_ZDATE 1
-#define CRLGEN_TYPE_DIGIT 2
-#define CRLGEN_TYPE_DIGIT_RANGE 3
-#define CRLGEN_TYPE_OID 4
-#define CRLGEN_TYPE_STRING 5
-#define CRLGEN_TYPE_ID 6
-
-
-typedef struct CRLGENGeneratorDataStr CRLGENGeneratorData;
-typedef struct CRLGENEntryDataStr CRLGENEntryData;
-typedef struct CRLGENExtensionEntryStr CRLGENExtensionEntry;
-typedef struct CRLGENCertEntrySrt CRLGENCertEntry;
-typedef struct CRLGENCrlFieldStr CRLGENCrlField;
-typedef struct CRLGENEntriesSortedDataStr CRLGENEntriesSortedData;
+#define CRLGEN_UNKNOWN_CONTEXT 0
+#define CRLGEN_ISSUER_CONTEXT 1
+#define CRLGEN_UPDATE_CONTEXT 2
+#define CRLGEN_NEXT_UPDATE_CONTEXT 3
+#define CRLGEN_ADD_EXTENSION_CONTEXT 4
+#define CRLGEN_ADD_CERT_CONTEXT 6
+#define CRLGEN_CHANGE_RANGE_CONTEXT 7
+#define CRLGEN_RM_CERT_CONTEXT 8
+
+#define CRLGEN_TYPE_DATE 0
+#define CRLGEN_TYPE_ZDATE 1
+#define CRLGEN_TYPE_DIGIT 2
+#define CRLGEN_TYPE_DIGIT_RANGE 3
+#define CRLGEN_TYPE_OID 4
+#define CRLGEN_TYPE_STRING 5
+#define CRLGEN_TYPE_ID 6
+
+typedef struct CRLGENGeneratorDataStr CRLGENGeneratorData;
+typedef struct CRLGENEntryDataStr CRLGENEntryData;
+typedef struct CRLGENExtensionEntryStr CRLGENExtensionEntry;
+typedef struct CRLGENCertEntrySrt CRLGENCertEntry;
+typedef struct CRLGENCrlFieldStr CRLGENCrlField;
+typedef struct CRLGENEntriesSortedDataStr CRLGENEntriesSortedData;
/* Exported functions */
@@ -56,17 +53,15 @@ extern void CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData);
/* Parser initialization function. Creates CRLGENGeneratorData structure
* for the current thread */
-extern CRLGENGeneratorData* CRLGEN_InitCrlGeneration(CERTSignedCrl *newCrl,
+extern CRLGENGeneratorData *CRLGEN_InitCrlGeneration(CERTSignedCrl *newCrl,
PRFileDesc *src);
-
/* This lock is defined in crlgen_lex.c(derived from crlgen_lex.l).
* It controls access to invocation of yylex, allows to parse one
* script at a time */
extern void CRLGEN_InitCrlGenParserLock();
extern void CRLGEN_DestroyCrlGenParserLock();
-
/* The following function types are used to define functions for each of
* CRLGENExtensionEntryStr, CRLGENCertEntrySrt, CRLGENCrlFieldStr to
* provide functionality needed for these structures*/
@@ -77,13 +72,13 @@ typedef SECStatus createNewLangStructFn_t(CRLGENGeneratorData *crlGenData,
void *str, unsigned i);
/* Sets reports failure to parser if anything goes wrong */
-extern void crlgen_setFailure(CRLGENGeneratorData *str, char *);
+extern void crlgen_setFailure(CRLGENGeneratorData *str, char *);
/* Collects data in to one of the current data structure that corresponds
* to the correct context type. This function gets called after each token
* is found for a particular line */
extern SECStatus crlgen_setNextData(CRLGENGeneratorData *str, void *data,
- unsigned short dtype);
+ unsigned short dtype);
/* initiates crl update with collected data. This function is called at the
* end of each line */
@@ -94,8 +89,7 @@ extern SECStatus crlgen_updateCrl(CRLGENGeneratorData *str);
extern SECStatus crlgen_createNewLangStruct(CRLGENGeneratorData *str,
unsigned structType);
-
-/* CRLGENExtensionEntry is used to store addext request data for either
+/* CRLGENExtensionEntry is used to store addext request data for either
* CRL extensions or CRL entry extensions. The differentiation between
* is based on order and type of extension been added.
* - extData : all data in request staring from name of the extension are
@@ -104,9 +98,9 @@ extern SECStatus crlgen_createNewLangStruct(CRLGENGeneratorData *str,
*/
struct CRLGENExtensionEntryStr {
char **extData;
- int nextUpdatedData;
- updateCrlFn_t *updateCrlFn;
- setNextDataFn_t *setNextDataFn;
+ int nextUpdatedData;
+ updateCrlFn_t *updateCrlFn;
+ setNextDataFn_t *setNextDataFn;
};
/* CRLGENCeryestEntry is used to store addcert request data
@@ -117,17 +111,16 @@ struct CRLGENExtensionEntryStr {
struct CRLGENCertEntrySrt {
char *certId;
char *revocationTime;
- updateCrlFn_t *updateCrlFn;
+ updateCrlFn_t *updateCrlFn;
setNextDataFn_t *setNextDataFn;
};
-
/* CRLGENCrlField is used to store crl fields record like update time, next
* update time, etc.
* - value: value of the parsed field data*/
struct CRLGENCrlFieldStr {
char *value;
- updateCrlFn_t *updateCrlFn;
+ updateCrlFn_t *updateCrlFn;
setNextDataFn_t *setNextDataFn;
};
@@ -166,21 +159,20 @@ struct CRLGENEntryDataStr {
* - parserStatus : current status of parser. Triggers parser to abort when
* set to SECFailure
* - src : PRFileDesc structure pointer of crl generator config file
- * - parsedLineNum : currently parsing line. Keeping it to report errors */
+ * - parsedLineNum : currently parsing line. Keeping it to report errors */
struct CRLGENGeneratorDataStr {
unsigned short contextId;
- CRLGENCrlField *crlField;
- CRLGENCertEntry *certEntry;
- CRLGENExtensionEntry *extensionEntry;
+ CRLGENCrlField *crlField;
+ CRLGENCertEntry *certEntry;
+ CRLGENExtensionEntry *extensionEntry;
PRUint64 rangeFrom;
PRUint64 rangeTo;
CERTSignedCrl *signCrl;
void *crlExtHandle;
PLHashTable *entryDataHashTable;
-
+
PRFileDesc *src;
int parsedLineNum;
};
-
#endif /* _CRLGEN_H_ */
diff --git a/cmd/crlutil/crlgen_lex.c b/cmd/crlutil/crlgen_lex.c
index b9cb8b3f8..fb53ec844 100644
--- a/cmd/crlutil/crlgen_lex.c
+++ b/cmd/crlutil/crlgen_lex.c
@@ -32,19 +32,19 @@
/* The "const" storage-class-modifier is valid. */
#define YY_USE_CONST
-#else /* ! __cplusplus */
+#else /* ! __cplusplus */
#if __STDC__
#define YY_USE_PROTOS
#define YY_USE_CONST
-#endif /* __STDC__ */
-#endif /* ! __cplusplus */
+#endif /* __STDC__ */
+#endif /* ! __cplusplus */
#ifdef __TURBOC__
- #pragma warn -rch
- #pragma warn -use
+#pragma warn - rch
+#pragma warn - use
#include <io.h>
#include <stdlib.h>
#define YY_USE_CONST
@@ -57,7 +57,6 @@
#define yyconst
#endif
-
#ifdef YY_USE_PROTOS
#define YY_PROTO(proto) proto
#else
@@ -72,7 +71,7 @@
* we want to instead treat it as an 8-bit unsigned char, hence the
* double cast.
*/
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
+#define YY_SC_TO_UI(c) ((unsigned int)(unsigned char)c)
/* Enter a start condition. This macro really ought to take a parameter,
* but we do it the disgusting crufty way forced on us by the ()-less
@@ -91,7 +90,7 @@
#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart( yyin )
+#define YY_NEW_FILE yyrestart(yyin)
#define YY_END_OF_BUFFER_CHAR 0
@@ -111,10 +110,10 @@ extern FILE *yyin, *yyout;
* int a single C statement (which needs a semi-colon terminator). This
* avoids problems with code like:
*
- * if ( condition_holds )
- * yyless( 5 );
- * else
- * do_something_else();
+ * if ( condition_holds )
+ * yyless( 5 );
+ * else
+ * do_something_else();
*
* Prior to using the do-while the compiler would get upset at the
* "else" because it interpreted the "if" statement as being all
@@ -123,18 +122,16 @@ extern FILE *yyin, *yyout;
/* Return all but the first 'n' matched characters back to the input stream. */
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- *yy_cp = yy_hold_char; \
- YY_RESTORE_YY_MORE_OFFSET \
- yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \
- YY_DO_BEFORE_ACTION; /* set up yytext again */ \
- } \
- while ( 0 )
+#define yyless(n) \
+ do { \
+ /* Undo effects of setting up yytext. */ \
+ *yy_cp = yy_hold_char; \
+ YY_RESTORE_YY_MORE_OFFSET \
+ yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \
+ YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+ } while (0)
-#define unput(c) yyunput( c, yytext_ptr )
+#define unput(c) yyunput(c, yytext_ptr)
/* The following is because we cannot portably get our hands on size_t
* (without autoconf's help, which isn't available because we want
@@ -142,63 +139,61 @@ extern FILE *yyin, *yyout;
*/
typedef unsigned int yy_size_t;
-
-struct yy_buffer_state
- {
- FILE *yy_input_file;
-
- char *yy_ch_buf; /* input buffer */
- char *yy_buf_pos; /* current position in input buffer */
-
- /* Size of input buffer in bytes, not including room for EOB
- * characters.
- */
- yy_size_t yy_buf_size;
-
- /* Number of characters read into yy_ch_buf, not including EOB
- * characters.
- */
- int yy_n_chars;
-
- /* Whether we "own" the buffer - i.e., we know we created it,
- * and can realloc() it to grow it, and should free() it to
- * delete it.
- */
- int yy_is_our_buffer;
-
- /* Whether this is an "interactive" input source; if so, and
- * if we're using stdio for input, then we want to use getc()
- * instead of fread(), to make sure we stop fetching input after
- * each newline.
- */
- int yy_is_interactive;
-
- /* Whether we're considered to be at the beginning of a line.
- * If so, '^' rules will be active on the next match, otherwise
- * not.
- */
- int yy_at_bol;
-
- /* Whether to try to fill the input buffer when we reach the
- * end of it.
- */
- int yy_fill_buffer;
-
- int yy_buffer_status;
+struct yy_buffer_state {
+ FILE *yy_input_file;
+
+ char *yy_ch_buf; /* input buffer */
+ char *yy_buf_pos; /* current position in input buffer */
+
+ /* Size of input buffer in bytes, not including room for EOB
+ * characters.
+ */
+ yy_size_t yy_buf_size;
+
+ /* Number of characters read into yy_ch_buf, not including EOB
+ * characters.
+ */
+ int yy_n_chars;
+
+ /* Whether we "own" the buffer - i.e., we know we created it,
+ * and can realloc() it to grow it, and should free() it to
+ * delete it.
+ */
+ int yy_is_our_buffer;
+
+ /* Whether this is an "interactive" input source; if so, and
+ * if we're using stdio for input, then we want to use getc()
+ * instead of fread(), to make sure we stop fetching input after
+ * each newline.
+ */
+ int yy_is_interactive;
+
+ /* Whether we're considered to be at the beginning of a line.
+ * If so, '^' rules will be active on the next match, otherwise
+ * not.
+ */
+ int yy_at_bol;
+
+ /* Whether to try to fill the input buffer when we reach the
+ * end of it.
+ */
+ int yy_fill_buffer;
+
+ int yy_buffer_status;
#define YY_BUFFER_NEW 0
#define YY_BUFFER_NORMAL 1
- /* When an EOF's been seen but there's still some text to process
- * then we mark the buffer as YY_EOF_PENDING, to indicate that we
- * shouldn't try reading from the input source any more. We might
- * still have a bunch of tokens to match, though, because of
- * possible backing-up.
- *
- * When we actually see the EOF, we change the status to "new"
- * (via yyrestart()), so that the user can continue scanning by
- * just pointing yyin at a new input file.
- */
+/* When an EOF's been seen but there's still some text to process
+ * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+ * shouldn't try reading from the input source any more. We might
+ * still have a bunch of tokens to match, though, because of
+ * possible backing-up.
+ *
+ * When we actually see the EOF, we change the status to "new"
+ * (via yyrestart()), so that the user can continue scanning by
+ * just pointing yyin at a new input file.
+ */
#define YY_BUFFER_EOF_PENDING 2
- };
+};
static YY_BUFFER_STATE yy_current_buffer = 0;
@@ -208,85 +203,84 @@ static YY_BUFFER_STATE yy_current_buffer = 0;
*/
#define YY_CURRENT_BUFFER yy_current_buffer
-
/* yy_hold_char holds the character lost when yytext is formed. */
static char yy_hold_char;
-static int yy_n_chars; /* number of characters read into yy_ch_buf */
-
+static int yy_n_chars; /* number of characters read into yy_ch_buf */
int yyleng;
/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 1; /* whether we need to initialize */
-static int yy_start = 0; /* start state number */
+static char *yy_c_buf_p = (char *)0;
+static int yy_init = 1; /* whether we need to initialize */
+static int yy_start = 0; /* start state number */
/* Flag which is used to allow yywrap()'s to do buffer switches
* instead of setting up a fresh yyin. A bit of a hack ...
*/
static int yy_did_buffer_switch_on_eof;
-void yyrestart YY_PROTO(( FILE *input_file ));
+void yyrestart YY_PROTO((FILE * input_file));
-void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer ));
-void yy_load_buffer_state YY_PROTO(( void ));
-YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size ));
-void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b ));
-void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file ));
-void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b ));
-#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer )
+void yy_switch_to_buffer YY_PROTO((YY_BUFFER_STATE new_buffer));
+void yy_load_buffer_state YY_PROTO((void));
+YY_BUFFER_STATE yy_create_buffer YY_PROTO((FILE * file, int size));
+void yy_delete_buffer YY_PROTO((YY_BUFFER_STATE b));
+void yy_init_buffer YY_PROTO((YY_BUFFER_STATE b, FILE *file));
+void yy_flush_buffer YY_PROTO((YY_BUFFER_STATE b));
+#define YY_FLUSH_BUFFER yy_flush_buffer(yy_current_buffer)
-YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size ));
-YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str ));
-YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len ));
+YY_BUFFER_STATE yy_scan_buffer YY_PROTO((char *base, yy_size_t size));
+YY_BUFFER_STATE yy_scan_string YY_PROTO((yyconst char *yy_str));
+YY_BUFFER_STATE yy_scan_bytes YY_PROTO((yyconst char *bytes, int len));
-static void *yy_flex_alloc YY_PROTO(( yy_size_t ));
-static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t ));
-static void yy_flex_free YY_PROTO(( void * ));
+static void *yy_flex_alloc YY_PROTO((yy_size_t));
+static void *yy_flex_realloc YY_PROTO((void *, yy_size_t));
+static void yy_flex_free YY_PROTO((void *));
#define yy_new_buffer yy_create_buffer
-#define yy_set_interactive(is_interactive) \
- { \
- if ( ! yy_current_buffer ) \
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
- yy_current_buffer->yy_is_interactive = is_interactive; \
- }
+#define yy_set_interactive(is_interactive) \
+ { \
+ if (!yy_current_buffer) \
+ yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); \
+ yy_current_buffer->yy_is_interactive = is_interactive; \
+ }
-#define yy_set_bol(at_bol) \
- { \
- if ( ! yy_current_buffer ) \
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
- yy_current_buffer->yy_at_bol = at_bol; \
- }
+#define yy_set_bol(at_bol) \
+ { \
+ if (!yy_current_buffer) \
+ yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); \
+ yy_current_buffer->yy_at_bol = at_bol; \
+ }
#define YY_AT_BOL() (yy_current_buffer->yy_at_bol)
typedef unsigned char YY_CHAR;
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
+FILE *yyin = (FILE *)0, *yyout = (FILE *)0;
typedef int yy_state_type;
extern char *yytext;
#define yytext_ptr yytext
-static yy_state_type yy_get_previous_state YY_PROTO(( void ));
-static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state ));
-static int yy_get_next_buffer YY_PROTO(( void ));
-static void yy_fatal_error YY_PROTO(( yyconst char msg[] ));
+static yy_state_type yy_get_previous_state YY_PROTO((void));
+static yy_state_type yy_try_NUL_trans YY_PROTO((yy_state_type current_state));
+static int yy_get_next_buffer YY_PROTO((void));
+static void yy_fatal_error YY_PROTO((yyconst char msg[]));
/* Done after the current pattern has been matched and before the
* corresponding action - sets up yytext.
*/
-#define YY_DO_BEFORE_ACTION \
- yytext_ptr = yy_bp; \
- yytext_ptr -= yy_more_len; \
- yyleng = (int) (yy_cp - yytext_ptr); \
- yy_hold_char = *yy_cp; \
- *yy_cp = '\0'; \
- yy_c_buf_p = yy_cp;
+#define YY_DO_BEFORE_ACTION \
+ yytext_ptr = yy_bp; \
+ yytext_ptr -= yy_more_len; \
+ yyleng = (int)(yy_cp - yytext_ptr); \
+ yy_hold_char = *yy_cp; \
+ *yy_cp = '\0'; \
+ yy_c_buf_p = yy_cp;
#define YY_NUM_RULES 17
#define YY_END_OF_BUFFER 18
+/* clang-format off */
static yyconst short int yy_accept[67] =
{ 0,
0, 0, 18, 16, 14, 15, 16, 11, 12, 2,
@@ -420,6 +414,7 @@ static yyconst short int yy_chk[235] =
66, 66, 66, 66, 66, 66, 66, 66, 66, 66,
66, 66, 66, 66
} ;
+/* clang-format on */
static yy_state_type yy_last_accepting_state;
static char *yy_last_accepting_cpos;
@@ -444,14 +439,14 @@ static SECStatus parserStatus = SECSuccess;
static CRLGENGeneratorData *parserData;
static PRFileDesc *src;
-#define YY_INPUT(buf,result,max_size) \
- if ( parserStatus != SECFailure) { \
- if (((result = PR_Read(src, buf, max_size)) == 0) && \
- ferror( yyin )) \
- return SECFailure; \
- } else { return SECFailure; }
-
-
+#define YY_INPUT(buf, result, max_size) \
+ if (parserStatus != SECFailure) { \
+ if (((result = PR_Read(src, buf, max_size)) == 0) && \
+ ferror(yyin)) \
+ return SECFailure; \
+ } else { \
+ return SECFailure; \
+ }
/* Macros after this point can all be overridden by user definitions in
* section 1.
@@ -459,29 +454,29 @@ static PRFileDesc *src;
#ifndef YY_SKIP_YYWRAP
#ifdef __cplusplus
-extern "C" int yywrap YY_PROTO(( void ));
+extern "C" int yywrap YY_PROTO((void));
#else
-extern int yywrap YY_PROTO(( void ));
+extern int yywrap YY_PROTO((void));
#endif
#endif
#ifndef YY_NO_UNPUT
-static void yyunput YY_PROTO(( int c, char *buf_ptr ));
+static void yyunput YY_PROTO((int c, char *buf_ptr));
#endif
#ifndef yytext_ptr
-static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int ));
+static void yy_flex_strncpy YY_PROTO((char *, yyconst char *, int));
#endif
#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen YY_PROTO(( yyconst char * ));
+static int yy_flex_strlen YY_PROTO((yyconst char *));
#endif
#ifndef YY_NO_INPUT
#ifdef __cplusplus
-static int yyinput YY_PROTO(( void ));
+static int yyinput YY_PROTO((void));
#else
-static int input YY_PROTO(( void ));
+static int input YY_PROTO((void));
#endif
#endif
@@ -490,13 +485,13 @@ static int yy_start_stack_ptr = 0;
static int yy_start_stack_depth = 0;
static int *yy_start_stack = 0;
#ifndef YY_NO_PUSH_STATE
-static void yy_push_state YY_PROTO(( int new_state ));
+static void yy_push_state YY_PROTO((int new_state));
#endif
#ifndef YY_NO_POP_STATE
-static void yy_pop_state YY_PROTO(( void ));
+static void yy_pop_state YY_PROTO((void));
#endif
#ifndef YY_NO_TOP_STATE
-static int yy_top_state YY_PROTO(( void ));
+static int yy_top_state YY_PROTO((void));
#endif
#else
@@ -531,29 +526,28 @@ YY_MALLOC_DECL
/* This used to be an fputs(), but since the string might contain NUL's,
* we now use fwrite().
*/
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
+#define ECHO (void)fwrite(yytext, yyleng, 1, yyout)
#endif
/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
* is returned in "result".
*/
#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
- if ( yy_current_buffer->yy_is_interactive ) \
- { \
- int c = '*', n; \
- for ( n = 0; n < max_size && \
- (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
- buf[n] = (char) c; \
- if ( c == '\n' ) \
- buf[n++] = (char) c; \
- if ( c == EOF && ferror( yyin ) ) \
- YY_FATAL_ERROR( "input in flex scanner failed" ); \
- result = n; \
- } \
- else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \
- && ferror( yyin ) ) \
- YY_FATAL_ERROR( "input in flex scanner failed" );
+#define YY_INPUT(buf, result, max_size) \
+ if (yy_current_buffer->yy_is_interactive) { \
+ int c = '*', n; \
+ for (n = 0; n < max_size && \
+ (c = getc(yyin)) != EOF && c != '\n'; \
+ ++n) \
+ buf[n] = (char)c; \
+ if (c == '\n') \
+ buf[n++] = (char)c; \
+ if (c == EOF && ferror(yyin)) \
+ YY_FATAL_ERROR("input in flex scanner failed"); \
+ result = n; \
+ } else if (((result = fread(buf, 1, max_size, yyin)) == 0) && \
+ ferror(yyin)) \
+ YY_FATAL_ERROR("input in flex scanner failed");
#endif
/* No semi-colon after return; correct usage is to write "yyterminate();" -
@@ -571,14 +565,14 @@ YY_MALLOC_DECL
/* Report a fatal error. */
#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+#define YY_FATAL_ERROR(msg) yy_fatal_error(msg)
#endif
/* Default declaration of generated scanner - a define so the user can
* easily add parameters.
*/
#ifndef YY_DECL
-#define YY_DECL int yylex YY_PROTO(( void ))
+#define YY_DECL int yylex YY_PROTO((void))
#endif
/* Code executed at the beginning of each rule, after yytext and yyleng
@@ -593,1044 +587,1037 @@ YY_MALLOC_DECL
#define YY_BREAK break;
#endif
-#define YY_RULE_SETUP \
- if ( yyleng > 0 ) \
- yy_current_buffer->yy_at_bol = \
- (yytext[yyleng - 1] == '\n'); \
- YY_USER_ACTION
+#define YY_RULE_SETUP \
+ if (yyleng > 0) \
+ yy_current_buffer->yy_at_bol = \
+ (yytext[yyleng - 1] == '\n'); \
+ YY_USER_ACTION
YY_DECL
- {
- register yy_state_type yy_current_state;
- register char *yy_cp = NULL, *yy_bp = NULL;
- register int yy_act;
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp = NULL, *yy_bp = NULL;
+ register int yy_act;
#line 28 "crlgen_lex_orig.l"
+ if (yy_init) {
+ yy_init = 0;
+#ifdef YY_USER_INIT
+ YY_USER_INIT;
+#endif
- if ( yy_init )
- {
- yy_init = 0;
+ if (!yy_start)
+ yy_start = 1; /* first start state */
-#ifdef YY_USER_INIT
- YY_USER_INIT;
-#endif
-
- if ( ! yy_start )
- yy_start = 1; /* first start state */
-
- if ( ! yyin )
- yyin = stdin;
-
- if ( ! yyout )
- yyout = stdout;
-
- if ( ! yy_current_buffer )
- yy_current_buffer =
- yy_create_buffer( yyin, YY_BUF_SIZE );
-
- yy_load_buffer_state();
- }
-
- while ( 1 ) /* loops until end-of-file is reached */
- {
- yy_more_len = 0;
- if ( yy_more_flag )
- {
- yy_more_len = yy_c_buf_p - yytext_ptr;
- yy_more_flag = 0;
- }
- yy_cp = yy_c_buf_p;
-
- /* Support of yytext. */
- *yy_cp = yy_hold_char;
-
- /* yy_bp points to the position in yy_ch_buf of the start of
- * the current run.
- */
- yy_bp = yy_cp;
-
- yy_current_state = yy_start;
- yy_current_state += YY_AT_BOL();
-yy_match:
- do
- {
- register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 67 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- ++yy_cp;
- }
- while ( yy_base[yy_current_state] != 205 );
-
-yy_find_action:
- yy_act = yy_accept[yy_current_state];
- if ( yy_act == 0 )
- { /* have to back up */
- yy_cp = yy_last_accepting_cpos;
- yy_current_state = yy_last_accepting_state;
- yy_act = yy_accept[yy_current_state];
- }
-
- YY_DO_BEFORE_ACTION;
-
-
-do_action: /* This label is used only to access EOF actions. */
-
-
- switch ( yy_act )
- { /* beginning of action switch */
- case 0: /* must back up */
- /* undo the effects of YY_DO_BEFORE_ACTION */
- *yy_cp = yy_hold_char;
- yy_cp = yy_last_accepting_cpos;
- yy_current_state = yy_last_accepting_state;
- goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
+ if (!yyin)
+ yyin = stdin;
+
+ if (!yyout)
+ yyout = stdout;
+
+ if (!yy_current_buffer)
+ yy_current_buffer =
+ yy_create_buffer(yyin, YY_BUF_SIZE);
+
+ yy_load_buffer_state();
+ }
+
+ while (1) /* loops until end-of-file is reached */
+ {
+ yy_more_len = 0;
+ if (yy_more_flag) {
+ yy_more_len = yy_c_buf_p - yytext_ptr;
+ yy_more_flag = 0;
+ }
+ yy_cp = yy_c_buf_p;
+
+ /* Support of yytext. */
+ *yy_cp = yy_hold_char;
+
+ /* yy_bp points to the position in yy_ch_buf of the start of
+ * the current run.
+ */
+ yy_bp = yy_cp;
+
+ yy_current_state = yy_start;
+ yy_current_state += YY_AT_BOL();
+ yy_match:
+ do {
+ register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+ if (yy_accept[yy_current_state]) {
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
+ }
+ while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+ yy_current_state = (int)yy_def[yy_current_state];
+ if (yy_current_state >= 67)
+ yy_c = yy_meta[(unsigned int)yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+ ++yy_cp;
+ } while (yy_base[yy_current_state] != 205);
+
+ yy_find_action:
+ yy_act = yy_accept[yy_current_state];
+ if (yy_act == 0) { /* have to back up */
+ yy_cp = yy_last_accepting_cpos;
+ yy_current_state = yy_last_accepting_state;
+ yy_act = yy_accept[yy_current_state];
+ }
+
+ YY_DO_BEFORE_ACTION;
+
+ do_action: /* This label is used only to access EOF actions. */
+
+ switch (yy_act) { /* beginning of action switch */
+ case 0: /* must back up */
+ /* undo the effects of YY_DO_BEFORE_ACTION */
+ *yy_cp = yy_hold_char;
+ yy_cp = yy_last_accepting_cpos;
+ yy_current_state = yy_last_accepting_state;
+ goto yy_find_action;
+
+ case 1:
+ YY_RULE_SETUP
#line 30 "crlgen_lex_orig.l"
-{
-parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ZDATE);
-if (parserStatus != SECSuccess)
- return parserStatus;
-}
- YY_BREAK
-case 2:
-YY_RULE_SETUP
+ {
+ parserStatus =
+ crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ZDATE);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ YY_BREAK
+ case 2:
+ YY_RULE_SETUP
#line 36 "crlgen_lex_orig.l"
-{
-parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT);
-if (parserStatus != SECSuccess)
- return parserStatus;
-}
- YY_BREAK
-case 3:
-YY_RULE_SETUP
+ {
+ parserStatus =
+ crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ YY_BREAK
+ case 3:
+ YY_RULE_SETUP
#line 42 "crlgen_lex_orig.l"
-{
-parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT_RANGE);
-if (parserStatus != SECSuccess)
- return parserStatus;
-}
- YY_BREAK
-case 4:
-YY_RULE_SETUP
+ {
+ parserStatus =
+ crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT_RANGE);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ YY_BREAK
+ case 4:
+ YY_RULE_SETUP
#line 48 "crlgen_lex_orig.l"
-{
-parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_OID);
-if (parserStatus != SECSuccess)
- return parserStatus;
-}
- YY_BREAK
-case 5:
-YY_RULE_SETUP
+ {
+ parserStatus =
+ crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_OID);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ YY_BREAK
+ case 5:
+ YY_RULE_SETUP
#line 54 "crlgen_lex_orig.l"
-{
-parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ISSUER_CONTEXT);
-if (parserStatus != SECSuccess)
- return parserStatus;
-}
- YY_BREAK
-case 6:
-YY_RULE_SETUP
+ {
+ parserStatus =
+ crlgen_createNewLangStruct(parserData, CRLGEN_ISSUER_CONTEXT);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ YY_BREAK
+ case 6:
+ YY_RULE_SETUP
#line 60 "crlgen_lex_orig.l"
-{
-parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_UPDATE_CONTEXT);
-if (parserStatus != SECSuccess)
- return parserStatus;
-}
- YY_BREAK
-case 7:
-YY_RULE_SETUP
+ {
+ parserStatus =
+ crlgen_createNewLangStruct(parserData, CRLGEN_UPDATE_CONTEXT);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ YY_BREAK
+ case 7:
+ YY_RULE_SETUP
#line 65 "crlgen_lex_orig.l"
-{
-parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_NEXT_UPDATE_CONTEXT);
-if (parserStatus != SECSuccess)
- return parserStatus;
-}
- YY_BREAK
-case 8:
-YY_RULE_SETUP
+ {
+ parserStatus =
+ crlgen_createNewLangStruct(parserData, CRLGEN_NEXT_UPDATE_CONTEXT);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ YY_BREAK
+ case 8:
+ YY_RULE_SETUP
#line 71 "crlgen_lex_orig.l"
-{
-parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_CHANGE_RANGE_CONTEXT);
-if (parserStatus != SECSuccess)
- return parserStatus;
-}
- YY_BREAK
-case 9:
-YY_RULE_SETUP
+ {
+ parserStatus =
+ crlgen_createNewLangStruct(parserData, CRLGEN_CHANGE_RANGE_CONTEXT);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ YY_BREAK
+ case 9:
+ YY_RULE_SETUP
#line 77 "crlgen_lex_orig.l"
-{
-if (strcmp(yytext, "addcert") == 0) {
- parserStatus = crlgen_createNewLangStruct(parserData,
- CRLGEN_ADD_CERT_CONTEXT);
- if (parserStatus != SECSuccess)
- return parserStatus;
-} else if (strcmp(yytext, "rmcert") == 0) {
- parserStatus = crlgen_createNewLangStruct(parserData,
- CRLGEN_RM_CERT_CONTEXT);
- if (parserStatus != SECSuccess)
- return parserStatus;
-} else if (strcmp(yytext, "addext") == 0) {
- parserStatus = crlgen_createNewLangStruct(parserData,
- CRLGEN_ADD_EXTENSION_CONTEXT);
- if (parserStatus != SECSuccess)
- return parserStatus;
-} else {
- parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ID);
- if (parserStatus != SECSuccess)
- return parserStatus;
-}
-}
- YY_BREAK
-case 10:
-YY_RULE_SETUP
+ {
+ if (strcmp(yytext, "addcert") ==
+ 0) {
+ parserStatus =
+ crlgen_createNewLangStruct(parserData,
+ CRLGEN_ADD_CERT_CONTEXT);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ } else if (strcmp(yytext, "rmcert") ==
+ 0) {
+ parserStatus =
+ crlgen_createNewLangStruct(parserData,
+ CRLGEN_RM_CERT_CONTEXT);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ } else if (strcmp(yytext, "addext") ==
+ 0) {
+ parserStatus =
+ crlgen_createNewLangStruct(parserData,
+ CRLGEN_ADD_EXTENSION_CONTEXT);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ } else {
+ parserStatus =
+ crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ID);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ }
+ YY_BREAK
+ case 10:
+ YY_RULE_SETUP
#line 100 "crlgen_lex_orig.l"
- YY_BREAK
-case 11:
-YY_RULE_SETUP
+ YY_BREAK
+ case 11:
+ YY_RULE_SETUP
#line 102 "crlgen_lex_orig.l"
-{
-if (yytext[yyleng-1] == '\\') {
- yymore();
-} else {
- register int c;
- c = input();
- if (c != '\"') {
- printf( "Error: Line ending \" is missing: %c\n", c);
- unput(c);
- } else {
- parserStatus = crlgen_setNextData(parserData, yytext + 1,
- CRLGEN_TYPE_STRING);
- if (parserStatus != SECSuccess)
- return parserStatus;
- }
-}
-}
- YY_BREAK
-case 12:
-YY_RULE_SETUP
+ {
+ if (yytext[yyleng -
+ 1] ==
+ '\\') {
+ yymore();
+ } else {
+ register int c;
+ c =
+ input();
+ if (c !=
+ '\"') {
+ printf("Error: Line ending \" is missing: %c\n", c);
+ unput(c);
+ } else {
+ parserStatus =
+ crlgen_setNextData(parserData, yytext + 1,
+ CRLGEN_TYPE_STRING);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ }
+ }
+ YY_BREAK
+ case 12:
+ YY_RULE_SETUP
#line 120 "crlgen_lex_orig.l"
-{
-parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_STRING);
-if (parserStatus != SECSuccess)
- return parserStatus;
-}
- YY_BREAK
-case 13:
-YY_RULE_SETUP
+ {
+ parserStatus =
+ crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_STRING);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ YY_BREAK
+ case 13:
+ YY_RULE_SETUP
#line 128 "crlgen_lex_orig.l"
-/* eat up one-line comments */ {}
- YY_BREAK
-case 14:
-YY_RULE_SETUP
+ /* eat up one-line comments */ {}
+ YY_BREAK
+ case 14:
+ YY_RULE_SETUP
#line 130 "crlgen_lex_orig.l"
-{}
- YY_BREAK
-case 15:
-YY_RULE_SETUP
+ {
+ }
+ YY_BREAK
+ case 15:
+ YY_RULE_SETUP
#line 132 "crlgen_lex_orig.l"
-{
-parserStatus = crlgen_updateCrl(parserData);
-if (parserStatus != SECSuccess)
- return parserStatus;
-}
- YY_BREAK
-case 16:
-YY_RULE_SETUP
+ {
+ parserStatus =
+ crlgen_updateCrl(parserData);
+ if (parserStatus !=
+ SECSuccess)
+ return parserStatus;
+ }
+ YY_BREAK
+ case 16:
+ YY_RULE_SETUP
#line 138 "crlgen_lex_orig.l"
-{
- fprintf(stderr, "Syntax error at line %d: unknown token %s\n",
- parserData->parsedLineNum, yytext);
- return SECFailure;
-}
- YY_BREAK
-case 17:
-YY_RULE_SETUP
+ {
+ fprintf(stderr, "Syntax error at line %d: unknown token %s\n",
+ parserData->parsedLineNum, yytext);
+ return SECFailure;
+ }
+ YY_BREAK
+ case 17:
+ YY_RULE_SETUP
#line 144 "crlgen_lex_orig.l"
-ECHO;
- YY_BREAK
-case YY_STATE_EOF(INITIAL):
- yyterminate();
-
- case YY_END_OF_BUFFER:
- {
- /* Amount of text matched not including the EOB char. */
- int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1;
-
- /* Undo the effects of YY_DO_BEFORE_ACTION. */
- *yy_cp = yy_hold_char;
- YY_RESTORE_YY_MORE_OFFSET
-
- if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW )
- {
- /* We're scanning a new file or input source. It's
- * possible that this happened because the user
- * just pointed yyin at a new source and called
- * yylex(). If so, then we have to assure
- * consistency between yy_current_buffer and our
- * globals. Here is the right place to do so, because
- * this is the first action (other than possibly a
- * back-up) that will match for the new input source.
- */
- yy_n_chars = yy_current_buffer->yy_n_chars;
- yy_current_buffer->yy_input_file = yyin;
- yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
- }
-
- /* Note that here we test for yy_c_buf_p "<=" to the position
- * of the first EOB in the buffer, since yy_c_buf_p will
- * already have been incremented past the NUL character
- * (since all states make transitions on EOB to the
- * end-of-buffer state). Contrast this with the test
- * in input().
- */
- if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] )
- { /* This was really a NUL. */
- yy_state_type yy_next_state;
-
- yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state();
-
- /* Okay, we're now positioned to make the NUL
- * transition. We couldn't have
- * yy_get_previous_state() go ahead and do it
- * for us because it doesn't know how to deal
- * with the possibility of jamming (and we don't
- * want to build jamming into it because then it
- * will run more slowly).
- */
-
- yy_next_state = yy_try_NUL_trans( yy_current_state );
-
- yy_bp = yytext_ptr + YY_MORE_ADJ;
-
- if ( yy_next_state )
- {
- /* Consume the NUL. */
- yy_cp = ++yy_c_buf_p;
- yy_current_state = yy_next_state;
- goto yy_match;
- }
-
- else
- {
- yy_cp = yy_c_buf_p;
- goto yy_find_action;
- }
- }
-
- else switch ( yy_get_next_buffer() )
- {
- case EOB_ACT_END_OF_FILE:
- {
- yy_did_buffer_switch_on_eof = 0;
-
- if ( yywrap() )
- {
- /* Note: because we've taken care in
- * yy_get_next_buffer() to have set up
- * yytext, we can now set up
- * yy_c_buf_p so that if some total
- * hoser (like flex itself) wants to
- * call the scanner after we return the
- * YY_NULL, it'll still work - another
- * YY_NULL will get returned.
- */
- yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
-
- yy_act = YY_STATE_EOF(YY_START);
- goto do_action;
- }
-
- else
- {
- if ( ! yy_did_buffer_switch_on_eof )
- YY_NEW_FILE;
- }
- break;
- }
-
- case EOB_ACT_CONTINUE_SCAN:
- yy_c_buf_p =
- yytext_ptr + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state();
-
- yy_cp = yy_c_buf_p;
- yy_bp = yytext_ptr + YY_MORE_ADJ;
- goto yy_match;
-
- case EOB_ACT_LAST_MATCH:
- yy_c_buf_p =
- &yy_current_buffer->yy_ch_buf[yy_n_chars];
-
- yy_current_state = yy_get_previous_state();
-
- yy_cp = yy_c_buf_p;
- yy_bp = yytext_ptr + YY_MORE_ADJ;
- goto yy_find_action;
- }
- break;
- }
-
- default:
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--no action found" );
- } /* end of action switch */
- } /* end of scanning one token */
- } /* end of yylex */
-
+ ECHO;
+ YY_BREAK
+ case YY_STATE_EOF(INITIAL):
+ yyterminate();
+
+ case YY_END_OF_BUFFER: {
+ /* Amount of text matched not including the EOB char. */
+ int yy_amount_of_matched_text = (int)(yy_cp - yytext_ptr) - 1;
+
+ /* Undo the effects of YY_DO_BEFORE_ACTION. */
+ *yy_cp = yy_hold_char;
+ YY_RESTORE_YY_MORE_OFFSET
+
+ if (yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW) {
+ /* We're scanning a new file or input source. It's
+ * possible that this happened because the user
+ * just pointed yyin at a new source and called
+ * yylex(). If so, then we have to assure
+ * consistency between yy_current_buffer and our
+ * globals. Here is the right place to do so, because
+ * this is the first action (other than possibly a
+ * back-up) that will match for the new input source.
+ */
+ yy_n_chars = yy_current_buffer->yy_n_chars;
+ yy_current_buffer->yy_input_file = yyin;
+ yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
+ }
+
+ /* Note that here we test for yy_c_buf_p "<=" to the position
+ * of the first EOB in the buffer, since yy_c_buf_p will
+ * already have been incremented past the NUL character
+ * (since all states make transitions on EOB to the
+ * end-of-buffer state). Contrast this with the test
+ * in input().
+ */
+ if (yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars]) { /* This was really a NUL. */
+ yy_state_type yy_next_state;
+
+ yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state();
+
+ /* Okay, we're now positioned to make the NUL
+ * transition. We couldn't have
+ * yy_get_previous_state() go ahead and do it
+ * for us because it doesn't know how to deal
+ * with the possibility of jamming (and we don't
+ * want to build jamming into it because then it
+ * will run more slowly).
+ */
+
+ yy_next_state = yy_try_NUL_trans(yy_current_state);
+
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
+
+ if (yy_next_state) {
+ /* Consume the NUL. */
+ yy_cp = ++yy_c_buf_p;
+ yy_current_state = yy_next_state;
+ goto yy_match;
+ }
+
+ else {
+ yy_cp = yy_c_buf_p;
+ goto yy_find_action;
+ }
+ }
+
+ else
+ switch (yy_get_next_buffer()) {
+ case EOB_ACT_END_OF_FILE: {
+ yy_did_buffer_switch_on_eof = 0;
+
+ if (yywrap()) {
+ /* Note: because we've taken care in
+ * yy_get_next_buffer() to have set up
+ * yytext, we can now set up
+ * yy_c_buf_p so that if some total
+ * hoser (like flex itself) wants to
+ * call the scanner after we return the
+ * YY_NULL, it'll still work - another
+ * YY_NULL will get returned.
+ */
+ yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
+
+ yy_act = YY_STATE_EOF(YY_START);
+ goto do_action;
+ }
+
+ else {
+ if (!yy_did_buffer_switch_on_eof)
+ YY_NEW_FILE;
+ }
+ break;
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ yy_c_buf_p =
+ yytext_ptr + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state();
+
+ yy_cp = yy_c_buf_p;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
+ goto yy_match;
+
+ case EOB_ACT_LAST_MATCH:
+ yy_c_buf_p =
+ &yy_current_buffer->yy_ch_buf[yy_n_chars];
+
+ yy_current_state = yy_get_previous_state();
+
+ yy_cp = yy_c_buf_p;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
+ goto yy_find_action;
+ }
+ break;
+ }
+
+ default:
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--no action found");
+ } /* end of action switch */
+ } /* end of scanning one token */
+} /* end of yylex */
/* yy_get_next_buffer - try to read in a new buffer
*
* Returns a code representing an action:
- * EOB_ACT_LAST_MATCH -
- * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- * EOB_ACT_END_OF_FILE - end of file
+ * EOB_ACT_LAST_MATCH -
+ * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ * EOB_ACT_END_OF_FILE - end of file
*/
-static int yy_get_next_buffer()
- {
- register char *dest = yy_current_buffer->yy_ch_buf;
- register char *source = yytext_ptr;
- register int number_to_move, i;
- int ret_val;
-
- if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] )
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--end of buffer missed" );
-
- if ( yy_current_buffer->yy_fill_buffer == 0 )
- { /* Don't try to fill the buffer, so this is an EOF. */
- if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 )
- {
- /* We matched a single character, the EOB, so
- * treat this as a final EOF.
- */
- return EOB_ACT_END_OF_FILE;
- }
-
- else
- {
- /* We matched some text prior to the EOB, first
- * process it.
- */
- return EOB_ACT_LAST_MATCH;
- }
- }
-
- /* Try to read more data. */
-
- /* First move last chars to start of buffer. */
- number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1;
-
- for ( i = 0; i < number_to_move; ++i )
- *(dest++) = *(source++);
-
- if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING )
- /* don't do the read, it's not guaranteed to return an EOF,
- * just force an EOF
- */
- yy_current_buffer->yy_n_chars = yy_n_chars = 0;
-
- else
- {
- int num_to_read =
- yy_current_buffer->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )
- { /* Not enough room in the buffer - grow it. */
+static int
+yy_get_next_buffer()
+{
+ register char *dest = yy_current_buffer->yy_ch_buf;
+ register char *source = yytext_ptr;
+ register int number_to_move, i;
+ int ret_val;
+
+ if (yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1])
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--end of buffer missed");
+
+ if (yy_current_buffer->yy_fill_buffer == 0) { /* Don't try to fill the buffer, so this is an EOF. */
+ if (yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1) {
+ /* We matched a single character, the EOB, so
+ * treat this as a final EOF.
+ */
+ return EOB_ACT_END_OF_FILE;
+ }
+
+ else {
+ /* We matched some text prior to the EOB, first
+ * process it.
+ */
+ return EOB_ACT_LAST_MATCH;
+ }
+ }
+
+ /* Try to read more data. */
+
+ /* First move last chars to start of buffer. */
+ number_to_move = (int)(yy_c_buf_p - yytext_ptr) - 1;
+
+ for (i = 0; i < number_to_move; ++i)
+ *(dest++) = *(source++);
+
+ if (yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING)
+ /* don't do the read, it's not guaranteed to return an EOF,
+ * just force an EOF
+ */
+ yy_current_buffer->yy_n_chars = yy_n_chars = 0;
+
+ else {
+ int num_to_read =
+ yy_current_buffer->yy_buf_size - number_to_move - 1;
+
+ while (num_to_read <= 0) { /* Not enough room in the buffer - grow it. */
#ifdef YY_USES_REJECT
- YY_FATAL_ERROR(
-"input buffer overflow, can't enlarge buffer because scanner uses REJECT" );
+ YY_FATAL_ERROR(
+ "input buffer overflow, can't enlarge buffer because scanner uses REJECT");
#else
- /* just a shorter name for the current buffer */
- YY_BUFFER_STATE b = yy_current_buffer;
+ /* just a shorter name for the current buffer */
+ YY_BUFFER_STATE b = yy_current_buffer;
- int yy_c_buf_p_offset =
- (int) (yy_c_buf_p - b->yy_ch_buf);
+ int yy_c_buf_p_offset =
+ (int)(yy_c_buf_p - b->yy_ch_buf);
- if ( b->yy_is_our_buffer )
- {
- int new_size = b->yy_buf_size * 2;
+ if (b->yy_is_our_buffer) {
+ int new_size = b->yy_buf_size * 2;
- if ( new_size <= 0 )
- b->yy_buf_size += b->yy_buf_size / 8;
- else
- b->yy_buf_size *= 2;
+ if (new_size <= 0)
+ b->yy_buf_size += b->yy_buf_size / 8;
+ else
+ b->yy_buf_size *= 2;
- b->yy_ch_buf = (char *)
- /* Include room in for 2 EOB chars. */
- yy_flex_realloc( (void *) b->yy_ch_buf,
- b->yy_buf_size + 2 );
- }
- else
- /* Can't grow it, we don't own it. */
- b->yy_ch_buf = 0;
+ b->yy_ch_buf = (char *)
+ /* Include room in for 2 EOB chars. */
+ yy_flex_realloc((void *)b->yy_ch_buf,
+ b->yy_buf_size + 2);
+ } else
+ /* Can't grow it, we don't own it. */
+ b->yy_ch_buf = 0;
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR(
- "fatal error - scanner input buffer overflow" );
+ if (!b->yy_ch_buf)
+ YY_FATAL_ERROR(
+ "fatal error - scanner input buffer overflow");
- yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
+ yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
- num_to_read = yy_current_buffer->yy_buf_size -
- number_to_move - 1;
+ num_to_read = yy_current_buffer->yy_buf_size -
+ number_to_move - 1;
#endif
- }
-
- if ( num_to_read > YY_READ_BUF_SIZE )
- num_to_read = YY_READ_BUF_SIZE;
-
- /* Read in more data. */
- YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]),
- yy_n_chars, num_to_read );
+ }
- yy_current_buffer->yy_n_chars = yy_n_chars;
- }
+ if (num_to_read > YY_READ_BUF_SIZE)
+ num_to_read = YY_READ_BUF_SIZE;
- if ( yy_n_chars == 0 )
- {
- if ( number_to_move == YY_MORE_ADJ )
- {
- ret_val = EOB_ACT_END_OF_FILE;
- yyrestart( yyin );
- }
+ /* Read in more data. */
+ YY_INPUT((&yy_current_buffer->yy_ch_buf[number_to_move]),
+ yy_n_chars, num_to_read);
- else
- {
- ret_val = EOB_ACT_LAST_MATCH;
- yy_current_buffer->yy_buffer_status =
- YY_BUFFER_EOF_PENDING;
- }
- }
+ yy_current_buffer->yy_n_chars = yy_n_chars;
+ }
- else
- ret_val = EOB_ACT_CONTINUE_SCAN;
+ if (yy_n_chars == 0) {
+ if (number_to_move == YY_MORE_ADJ) {
+ ret_val = EOB_ACT_END_OF_FILE;
+ yyrestart(yyin);
+ }
+
+ else {
+ ret_val = EOB_ACT_LAST_MATCH;
+ yy_current_buffer->yy_buffer_status =
+ YY_BUFFER_EOF_PENDING;
+ }
+ }
- yy_n_chars += number_to_move;
- yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
- yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
+ else
+ ret_val = EOB_ACT_CONTINUE_SCAN;
- yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
+ yy_n_chars += number_to_move;
+ yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
+ yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
- return ret_val;
- }
+ yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
+ return ret_val;
+}
/* yy_get_previous_state - get the state just before the EOB char was reached */
-static yy_state_type yy_get_previous_state()
- {
- register yy_state_type yy_current_state;
- register char *yy_cp;
-
- yy_current_state = yy_start;
- yy_current_state += YY_AT_BOL();
-
- for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp )
- {
- register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 67 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- }
-
- return yy_current_state;
- }
+static yy_state_type
+yy_get_previous_state()
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp;
+
+ yy_current_state = yy_start;
+ yy_current_state += YY_AT_BOL();
+
+ for (yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp) {
+ register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ if (yy_accept[yy_current_state]) {
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
+ }
+ while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+ yy_current_state = (int)yy_def[yy_current_state];
+ if (yy_current_state >= 67)
+ yy_c = yy_meta[(unsigned int)yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+ }
+ return yy_current_state;
+}
/* yy_try_NUL_trans - try to make a transition on the NUL character
*
* synopsis
- * next_state = yy_try_NUL_trans( current_state );
+ * next_state = yy_try_NUL_trans( current_state );
*/
#ifdef YY_USE_PROTOS
-static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state )
+static yy_state_type
+yy_try_NUL_trans(yy_state_type yy_current_state)
#else
-static yy_state_type yy_try_NUL_trans( yy_current_state )
-yy_state_type yy_current_state;
-#endif
- {
- register int yy_is_jam;
- register char *yy_cp = yy_c_buf_p;
-
- register YY_CHAR yy_c = 1;
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 67 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- yy_is_jam = (yy_current_state == 66);
-
- return yy_is_jam ? 0 : yy_current_state;
- }
+static yy_state_type yy_try_NUL_trans(yy_current_state)
+ yy_state_type yy_current_state;
+#endif
+{
+ register int yy_is_jam;
+ register char *yy_cp = yy_c_buf_p;
+
+ register YY_CHAR yy_c = 1;
+ if (yy_accept[yy_current_state]) {
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
+ }
+ while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+ yy_current_state = (int)yy_def[yy_current_state];
+ if (yy_current_state >= 67)
+ yy_c = yy_meta[(unsigned int)yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+ yy_is_jam = (yy_current_state == 66);
+ return yy_is_jam ? 0 : yy_current_state;
+}
#ifndef YY_NO_UNPUT
#ifdef YY_USE_PROTOS
-static void yyunput( int c, register char *yy_bp )
+static void
+yyunput(int c, register char *yy_bp)
#else
-static void yyunput( c, yy_bp )
-int c;
+static void yyunput(c, yy_bp) int c;
register char *yy_bp;
#endif
- {
- register char *yy_cp = yy_c_buf_p;
-
- /* undo effects of setting up yytext */
- *yy_cp = yy_hold_char;
-
- if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
- { /* need to shift things up to make room */
- /* +2 for EOB chars. */
- register int number_to_move = yy_n_chars + 2;
- register char *dest = &yy_current_buffer->yy_ch_buf[
- yy_current_buffer->yy_buf_size + 2];
- register char *source =
- &yy_current_buffer->yy_ch_buf[number_to_move];
+{
+ register char *yy_cp = yy_c_buf_p;
- while ( source > yy_current_buffer->yy_ch_buf )
- *--dest = *--source;
+ /* undo effects of setting up yytext */
+ *yy_cp = yy_hold_char;
- yy_cp += (int) (dest - source);
- yy_bp += (int) (dest - source);
- yy_current_buffer->yy_n_chars =
- yy_n_chars = yy_current_buffer->yy_buf_size;
+ if (yy_cp < yy_current_buffer->yy_ch_buf + 2) { /* need to shift things up to make room */
+ /* +2 for EOB chars. */
+ register int number_to_move = yy_n_chars + 2;
+ register char *dest = &yy_current_buffer->yy_ch_buf[yy_current_buffer->yy_buf_size +
+ 2];
+ register char *source =
+ &yy_current_buffer->yy_ch_buf[number_to_move];
- if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
- YY_FATAL_ERROR( "flex scanner push-back overflow" );
- }
+ while (source > yy_current_buffer->yy_ch_buf)
+ *--dest = *--source;
- *--yy_cp = (char) c;
+ yy_cp += (int)(dest - source);
+ yy_bp += (int)(dest - source);
+ yy_current_buffer->yy_n_chars =
+ yy_n_chars = yy_current_buffer->yy_buf_size;
+ if (yy_cp < yy_current_buffer->yy_ch_buf + 2)
+ YY_FATAL_ERROR("flex scanner push-back overflow");
+ }
- yytext_ptr = yy_bp;
- yy_hold_char = *yy_cp;
- yy_c_buf_p = yy_cp;
- }
-#endif /* ifndef YY_NO_UNPUT */
+ *--yy_cp = (char)c;
+ yytext_ptr = yy_bp;
+ yy_hold_char = *yy_cp;
+ yy_c_buf_p = yy_cp;
+}
+#endif /* ifndef YY_NO_UNPUT */
#ifndef YY_NO_INPUT
#ifdef __cplusplus
-static int yyinput()
+static int
+yyinput()
#else
-static int input()
-#endif
- {
- int c;
-
- *yy_c_buf_p = yy_hold_char;
-
- if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR )
- {
- /* yy_c_buf_p now points to the character we want to return.
- * If this occurs *before* the EOB characters, then it's a
- * valid NUL; if not, then we've hit the end of the buffer.
- */
- if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] )
- /* This was really a NUL. */
- *yy_c_buf_p = '\0';
-
- else
- { /* need more input */
- int offset = yy_c_buf_p - yytext_ptr;
- ++yy_c_buf_p;
-
- switch ( yy_get_next_buffer() )
- {
- case EOB_ACT_LAST_MATCH:
- /* This happens because yy_g_n_b()
- * sees that we've accumulated a
- * token and flags that we need to
- * try matching the token before
- * proceeding. But for input(),
- * there's no matching to consider.
- * So convert the EOB_ACT_LAST_MATCH
- * to EOB_ACT_END_OF_FILE.
- */
-
- /* Reset buffer status. */
- yyrestart( yyin );
-
- /* fall through */
-
- case EOB_ACT_END_OF_FILE:
- {
- if ( yywrap() )
- return EOF;
-
- if ( ! yy_did_buffer_switch_on_eof )
- YY_NEW_FILE;
+static int
+input()
+#endif
+{
+ int c;
+
+ *yy_c_buf_p = yy_hold_char;
+
+ if (*yy_c_buf_p == YY_END_OF_BUFFER_CHAR) {
+ /* yy_c_buf_p now points to the character we want to return.
+ * If this occurs *before* the EOB characters, then it's a
+ * valid NUL; if not, then we've hit the end of the buffer.
+ */
+ if (yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars])
+ /* This was really a NUL. */
+ *yy_c_buf_p = '\0';
+
+ else { /* need more input */
+ int offset = yy_c_buf_p - yytext_ptr;
+ ++yy_c_buf_p;
+
+ switch (yy_get_next_buffer()) {
+ case EOB_ACT_LAST_MATCH:
+ /* This happens because yy_g_n_b()
+ * sees that we've accumulated a
+ * token and flags that we need to
+ * try matching the token before
+ * proceeding. But for input(),
+ * there's no matching to consider.
+ * So convert the EOB_ACT_LAST_MATCH
+ * to EOB_ACT_END_OF_FILE.
+ */
+
+ /* Reset buffer status. */
+ yyrestart(yyin);
+
+ /* fall through */
+
+ case EOB_ACT_END_OF_FILE: {
+ if (yywrap())
+ return EOF;
+
+ if (!yy_did_buffer_switch_on_eof)
+ YY_NEW_FILE;
#ifdef __cplusplus
- return yyinput();
+ return yyinput();
#else
- return input();
+ return input();
#endif
- }
+ }
- case EOB_ACT_CONTINUE_SCAN:
- yy_c_buf_p = yytext_ptr + offset;
- break;
- }
- }
- }
+ case EOB_ACT_CONTINUE_SCAN:
+ yy_c_buf_p = yytext_ptr + offset;
+ break;
+ }
+ }
+ }
- c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */
- *yy_c_buf_p = '\0'; /* preserve yytext */
- yy_hold_char = *++yy_c_buf_p;
+ c = *(unsigned char *)yy_c_buf_p; /* cast for 8-bit char's */
+ *yy_c_buf_p = '\0'; /* preserve yytext */
+ yy_hold_char = *++yy_c_buf_p;
- yy_current_buffer->yy_at_bol = (c == '\n');
+ yy_current_buffer->yy_at_bol = (c == '\n');
- return c;
- }
+ return c;
+}
#endif /* YY_NO_INPUT */
#ifdef YY_USE_PROTOS
-void yyrestart( FILE *input_file )
+void
+yyrestart(FILE *input_file)
#else
-void yyrestart( input_file )
-FILE *input_file;
+void yyrestart(input_file)
+ FILE *input_file;
#endif
- {
- if ( ! yy_current_buffer )
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE );
-
- yy_init_buffer( yy_current_buffer, input_file );
- yy_load_buffer_state();
- }
+{
+ if (!yy_current_buffer)
+ yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE);
+ yy_init_buffer(yy_current_buffer, input_file);
+ yy_load_buffer_state();
+}
#ifdef YY_USE_PROTOS
-void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer )
+void
+yy_switch_to_buffer(YY_BUFFER_STATE new_buffer)
#else
-void yy_switch_to_buffer( new_buffer )
-YY_BUFFER_STATE new_buffer;
+void yy_switch_to_buffer(new_buffer)
+ YY_BUFFER_STATE new_buffer;
#endif
- {
- if ( yy_current_buffer == new_buffer )
- return;
-
- if ( yy_current_buffer )
- {
- /* Flush out information for old buffer. */
- *yy_c_buf_p = yy_hold_char;
- yy_current_buffer->yy_buf_pos = yy_c_buf_p;
- yy_current_buffer->yy_n_chars = yy_n_chars;
- }
-
- yy_current_buffer = new_buffer;
- yy_load_buffer_state();
+{
+ if (yy_current_buffer == new_buffer)
+ return;
+
+ if (yy_current_buffer) {
+ /* Flush out information for old buffer. */
+ *yy_c_buf_p = yy_hold_char;
+ yy_current_buffer->yy_buf_pos = yy_c_buf_p;
+ yy_current_buffer->yy_n_chars = yy_n_chars;
+ }
- /* We don't actually know whether we did this switch during
- * EOF (yywrap()) processing, but the only time this flag
- * is looked at is after yywrap() is called, so it's safe
- * to go ahead and always set it.
- */
- yy_did_buffer_switch_on_eof = 1;
- }
+ yy_current_buffer = new_buffer;
+ yy_load_buffer_state();
+ /* We don't actually know whether we did this switch during
+ * EOF (yywrap()) processing, but the only time this flag
+ * is looked at is after yywrap() is called, so it's safe
+ * to go ahead and always set it.
+ */
+ yy_did_buffer_switch_on_eof = 1;
+}
#ifdef YY_USE_PROTOS
-void yy_load_buffer_state( void )
+void
+yy_load_buffer_state(void)
#else
-void yy_load_buffer_state()
+void
+yy_load_buffer_state()
#endif
- {
- yy_n_chars = yy_current_buffer->yy_n_chars;
- yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
- yyin = yy_current_buffer->yy_input_file;
- yy_hold_char = *yy_c_buf_p;
- }
-
+{
+ yy_n_chars = yy_current_buffer->yy_n_chars;
+ yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
+ yyin = yy_current_buffer->yy_input_file;
+ yy_hold_char = *yy_c_buf_p;
+}
#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_create_buffer( FILE *file, int size )
+YY_BUFFER_STATE
+yy_create_buffer(FILE *file, int size)
#else
-YY_BUFFER_STATE yy_create_buffer( file, size )
-FILE *file;
+YY_BUFFER_STATE yy_create_buffer(file, size)
+ FILE *file;
int size;
#endif
- {
- YY_BUFFER_STATE b;
-
- b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+{
+ YY_BUFFER_STATE b;
- b->yy_buf_size = size;
+ b = (YY_BUFFER_STATE)yy_flex_alloc(sizeof(struct yy_buffer_state));
+ if (!b)
+ YY_FATAL_ERROR("out of dynamic memory in yy_create_buffer()");
- /* yy_ch_buf has to be 2 characters longer than the size given because
- * we need to put in 2 end-of-buffer characters.
- */
- b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 );
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+ b->yy_buf_size = size;
- b->yy_is_our_buffer = 1;
+ /* yy_ch_buf has to be 2 characters longer than the size given because
+ * we need to put in 2 end-of-buffer characters.
+ */
+ b->yy_ch_buf = (char *)yy_flex_alloc(b->yy_buf_size + 2);
+ if (!b->yy_ch_buf)
+ YY_FATAL_ERROR("out of dynamic memory in yy_create_buffer()");
- yy_init_buffer( b, file );
+ b->yy_is_our_buffer = 1;
- return b;
- }
+ yy_init_buffer(b, file);
+ return b;
+}
#ifdef YY_USE_PROTOS
-void yy_delete_buffer( YY_BUFFER_STATE b )
+void
+yy_delete_buffer(YY_BUFFER_STATE b)
#else
-void yy_delete_buffer( b )
-YY_BUFFER_STATE b;
+void yy_delete_buffer(b)
+ YY_BUFFER_STATE b;
#endif
- {
- if ( ! b )
- return;
-
- if ( b == yy_current_buffer )
- yy_current_buffer = (YY_BUFFER_STATE) 0;
-
- if ( b->yy_is_our_buffer )
- yy_flex_free( (void *) b->yy_ch_buf );
+{
+ if (!b)
+ return;
- yy_flex_free( (void *) b );
- }
+ if (b == yy_current_buffer)
+ yy_current_buffer = (YY_BUFFER_STATE)0;
+ if (b->yy_is_our_buffer)
+ yy_flex_free((void *)b->yy_ch_buf);
+ yy_flex_free((void *)b);
+}
#ifdef YY_USE_PROTOS
-void yy_init_buffer( YY_BUFFER_STATE b, FILE *file )
+void
+yy_init_buffer(YY_BUFFER_STATE b, FILE *file)
#else
-void yy_init_buffer( b, file )
-YY_BUFFER_STATE b;
+void yy_init_buffer(b, file)
+ YY_BUFFER_STATE b;
FILE *file;
#endif
+{
+ yy_flush_buffer(b);
- {
- yy_flush_buffer( b );
-
- b->yy_input_file = file;
- b->yy_fill_buffer = 1;
+ b->yy_input_file = file;
+ b->yy_fill_buffer = 1;
#if YY_ALWAYS_INTERACTIVE
- b->yy_is_interactive = 1;
+ b->yy_is_interactive = 1;
#else
#if YY_NEVER_INTERACTIVE
- b->yy_is_interactive = 0;
+ b->yy_is_interactive = 0;
#else
- b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
+ b->yy_is_interactive = file ? (isatty(fileno(file)) > 0) : 0;
#endif
#endif
- }
-
+}
#ifdef YY_USE_PROTOS
-void yy_flush_buffer( YY_BUFFER_STATE b )
+void
+yy_flush_buffer(YY_BUFFER_STATE b)
#else
-void yy_flush_buffer( b )
-YY_BUFFER_STATE b;
+void yy_flush_buffer(b)
+ YY_BUFFER_STATE b;
#endif
- {
- if ( ! b )
- return;
-
- b->yy_n_chars = 0;
+{
+ if (!b)
+ return;
- /* We always need two end-of-buffer characters. The first causes
- * a transition to the end-of-buffer state. The second causes
- * a jam in that state.
- */
- b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
- b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+ b->yy_n_chars = 0;
- b->yy_buf_pos = &b->yy_ch_buf[0];
+ /* We always need two end-of-buffer characters. The first causes
+ * a transition to the end-of-buffer state. The second causes
+ * a jam in that state.
+ */
+ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+ b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
- b->yy_at_bol = 1;
- b->yy_buffer_status = YY_BUFFER_NEW;
+ b->yy_buf_pos = &b->yy_ch_buf[0];
- if ( b == yy_current_buffer )
- yy_load_buffer_state();
- }
+ b->yy_at_bol = 1;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+ if (b == yy_current_buffer)
+ yy_load_buffer_state();
+}
#ifndef YY_NO_SCAN_BUFFER
#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size )
+YY_BUFFER_STATE
+yy_scan_buffer(char *base, yy_size_t size)
#else
-YY_BUFFER_STATE yy_scan_buffer( base, size )
-char *base;
+YY_BUFFER_STATE yy_scan_buffer(base, size) char *base;
yy_size_t size;
#endif
- {
- YY_BUFFER_STATE b;
-
- if ( size < 2 ||
- base[size-2] != YY_END_OF_BUFFER_CHAR ||
- base[size-1] != YY_END_OF_BUFFER_CHAR )
- /* They forgot to leave room for the EOB's. */
- return 0;
-
- b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
- b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
- b->yy_buf_pos = b->yy_ch_buf = base;
- b->yy_is_our_buffer = 0;
- b->yy_input_file = 0;
- b->yy_n_chars = b->yy_buf_size;
- b->yy_is_interactive = 0;
- b->yy_at_bol = 1;
- b->yy_fill_buffer = 0;
- b->yy_buffer_status = YY_BUFFER_NEW;
-
- yy_switch_to_buffer( b );
-
- return b;
- }
+{
+ YY_BUFFER_STATE b;
+
+ if (size < 2 ||
+ base[size - 2] != YY_END_OF_BUFFER_CHAR ||
+ base[size - 1] != YY_END_OF_BUFFER_CHAR)
+ /* They forgot to leave room for the EOB's. */
+ return 0;
+
+ b = (YY_BUFFER_STATE)yy_flex_alloc(sizeof(struct yy_buffer_state));
+ if (!b)
+ YY_FATAL_ERROR("out of dynamic memory in yy_scan_buffer()");
+
+ b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
+ b->yy_buf_pos = b->yy_ch_buf = base;
+ b->yy_is_our_buffer = 0;
+ b->yy_input_file = 0;
+ b->yy_n_chars = b->yy_buf_size;
+ b->yy_is_interactive = 0;
+ b->yy_at_bol = 1;
+ b->yy_fill_buffer = 0;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ yy_switch_to_buffer(b);
+
+ return b;
+}
#endif
-
#ifndef YY_NO_SCAN_STRING
#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str )
+YY_BUFFER_STATE
+yy_scan_string(yyconst char *yy_str)
#else
-YY_BUFFER_STATE yy_scan_string( yy_str )
-yyconst char *yy_str;
+YY_BUFFER_STATE yy_scan_string(yy_str)
+ yyconst char *yy_str;
#endif
- {
- int len;
- for ( len = 0; yy_str[len]; ++len )
- ;
+{
+ int len;
+ for (len = 0; yy_str[len]; ++len)
+ ;
- return yy_scan_bytes( yy_str, len );
- }
+ return yy_scan_bytes(yy_str, len);
+}
#endif
-
#ifndef YY_NO_SCAN_BYTES
#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len )
+YY_BUFFER_STATE
+yy_scan_bytes(yyconst char *bytes, int len)
#else
-YY_BUFFER_STATE yy_scan_bytes( bytes, len )
-yyconst char *bytes;
+YY_BUFFER_STATE yy_scan_bytes(bytes, len)
+ yyconst char *bytes;
int len;
#endif
- {
- YY_BUFFER_STATE b;
- char *buf;
- yy_size_t n;
- int i;
+{
+ YY_BUFFER_STATE b;
+ char *buf;
+ yy_size_t n;
+ int i;
- /* Get memory for full buffer, including space for trailing EOB's. */
- n = len + 2;
- buf = (char *) yy_flex_alloc( n );
- if ( ! buf )
- YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+ /* Get memory for full buffer, including space for trailing EOB's. */
+ n = len + 2;
+ buf = (char *)yy_flex_alloc(n);
+ if (!buf)
+ YY_FATAL_ERROR("out of dynamic memory in yy_scan_bytes()");
- for ( i = 0; i < len; ++i )
- buf[i] = bytes[i];
+ for (i = 0; i < len; ++i)
+ buf[i] = bytes[i];
- buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
+ buf[len] = buf[len + 1] = YY_END_OF_BUFFER_CHAR;
- b = yy_scan_buffer( buf, n );
- if ( ! b )
- YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+ b = yy_scan_buffer(buf, n);
+ if (!b)
+ YY_FATAL_ERROR("bad buffer in yy_scan_bytes()");
- /* It's okay to grow etc. this buffer, and we should throw it
- * away when we're done.
- */
- b->yy_is_our_buffer = 1;
+ /* It's okay to grow etc. this buffer, and we should throw it
+ * away when we're done.
+ */
+ b->yy_is_our_buffer = 1;
- return b;
- }
+ return b;
+}
#endif
-
#ifndef YY_NO_PUSH_STATE
#ifdef YY_USE_PROTOS
-static void yy_push_state( int new_state )
+static void
+yy_push_state(int new_state)
#else
-static void yy_push_state( new_state )
-int new_state;
+static void yy_push_state(new_state) int new_state;
#endif
- {
- if ( yy_start_stack_ptr >= yy_start_stack_depth )
- {
- yy_size_t new_size;
+{
+ if (yy_start_stack_ptr >= yy_start_stack_depth) {
+ yy_size_t new_size;
- yy_start_stack_depth += YY_START_STACK_INCR;
- new_size = yy_start_stack_depth * sizeof( int );
+ yy_start_stack_depth += YY_START_STACK_INCR;
+ new_size = yy_start_stack_depth * sizeof(int);
- if ( ! yy_start_stack )
- yy_start_stack = (int *) yy_flex_alloc( new_size );
+ if (!yy_start_stack)
+ yy_start_stack = (int *)yy_flex_alloc(new_size);
- else
- yy_start_stack = (int *) yy_flex_realloc(
- (void *) yy_start_stack, new_size );
+ else
+ yy_start_stack = (int *)yy_flex_realloc(
+ (void *)yy_start_stack, new_size);
- if ( ! yy_start_stack )
- YY_FATAL_ERROR(
- "out of memory expanding start-condition stack" );
- }
+ if (!yy_start_stack)
+ YY_FATAL_ERROR(
+ "out of memory expanding start-condition stack");
+ }
- yy_start_stack[yy_start_stack_ptr++] = YY_START;
+ yy_start_stack[yy_start_stack_ptr++] = YY_START;
- BEGIN(new_state);
- }
+ BEGIN(new_state);
+}
#endif
-
#ifndef YY_NO_POP_STATE
-static void yy_pop_state()
- {
- if ( --yy_start_stack_ptr < 0 )
- YY_FATAL_ERROR( "start-condition stack underflow" );
+static void
+yy_pop_state()
+{
+ if (--yy_start_stack_ptr < 0)
+ YY_FATAL_ERROR("start-condition stack underflow");
- BEGIN(yy_start_stack[yy_start_stack_ptr]);
- }
+ BEGIN(yy_start_stack[yy_start_stack_ptr]);
+}
#endif
-
#ifndef YY_NO_TOP_STATE
-static int yy_top_state()
- {
- return yy_start_stack[yy_start_stack_ptr - 1];
- }
+static int
+yy_top_state()
+{
+ return yy_start_stack[yy_start_stack_ptr - 1];
+}
#endif
#ifndef YY_EXIT_FAILURE
@@ -1638,113 +1625,110 @@ static int yy_top_state()
#endif
#ifdef YY_USE_PROTOS
-static void yy_fatal_error( yyconst char msg[] )
+static void
+yy_fatal_error(yyconst char msg[])
#else
-static void yy_fatal_error( msg )
-char msg[];
+static void yy_fatal_error(msg) char msg[];
#endif
- {
- (void) fprintf( stderr, "%s\n", msg );
- exit( YY_EXIT_FAILURE );
- }
-
-
+{
+ (void)fprintf(stderr, "%s\n", msg);
+ exit(YY_EXIT_FAILURE);
+}
/* Redefine yyless() so it works in section 3 code. */
#undef yyless
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- yytext[yyleng] = yy_hold_char; \
- yy_c_buf_p = yytext + n; \
- yy_hold_char = *yy_c_buf_p; \
- *yy_c_buf_p = '\0'; \
- yyleng = n; \
- } \
- while ( 0 )
-
+#define yyless(n) \
+ do { \
+ /* Undo effects of setting up yytext. */ \
+ yytext[yyleng] = yy_hold_char; \
+ yy_c_buf_p = yytext + n; \
+ yy_hold_char = *yy_c_buf_p; \
+ *yy_c_buf_p = '\0'; \
+ yyleng = n; \
+ } while (0)
/* Internal utility routines. */
#ifndef yytext_ptr
#ifdef YY_USE_PROTOS
-static void yy_flex_strncpy( char *s1, yyconst char *s2, int n )
+static void
+yy_flex_strncpy(char *s1, yyconst char *s2, int n)
#else
-static void yy_flex_strncpy( s1, s2, n )
-char *s1;
+static void yy_flex_strncpy(s1, s2, n) char *s1;
yyconst char *s2;
int n;
#endif
- {
- register int i;
- for ( i = 0; i < n; ++i )
- s1[i] = s2[i];
- }
+{
+ register int i;
+ for (i = 0; i < n; ++i)
+ s1[i] = s2[i];
+}
#endif
#ifdef YY_NEED_STRLEN
#ifdef YY_USE_PROTOS
-static int yy_flex_strlen( yyconst char *s )
+static int
+yy_flex_strlen(yyconst char *s)
#else
-static int yy_flex_strlen( s )
-yyconst char *s;
+static int yy_flex_strlen(s)
+ yyconst char *s;
#endif
- {
- register int n;
- for ( n = 0; s[n]; ++n )
- ;
+{
+ register int n;
+ for (n = 0; s[n]; ++n)
+ ;
- return n;
- }
+ return n;
+}
#endif
-
#ifdef YY_USE_PROTOS
-static void *yy_flex_alloc( yy_size_t size )
+static void *
+yy_flex_alloc(yy_size_t size)
#else
-static void *yy_flex_alloc( size )
-yy_size_t size;
+static void *yy_flex_alloc(size)
+ yy_size_t size;
#endif
- {
- return (void *) malloc( size );
- }
+{
+ return (void *)malloc(size);
+}
#ifdef YY_USE_PROTOS
-static void *yy_flex_realloc( void *ptr, yy_size_t size )
+static void *
+yy_flex_realloc(void *ptr, yy_size_t size)
#else
-static void *yy_flex_realloc( ptr, size )
-void *ptr;
+static void *yy_flex_realloc(ptr, size) void *ptr;
yy_size_t size;
#endif
- {
- /* The cast to (char *) in the following accommodates both
- * implementations that use char* generic pointers, and those
- * that use void* generic pointers. It works with the latter
- * because both ANSI C and C++ allow castless assignment from
- * any pointer type to void*, and deal with argument conversions
- * as though doing an assignment.
- */
- return (void *) realloc( (char *) ptr, size );
- }
+{
+ /* The cast to (char *) in the following accommodates both
+ * implementations that use char* generic pointers, and those
+ * that use void* generic pointers. It works with the latter
+ * because both ANSI C and C++ allow castless assignment from
+ * any pointer type to void*, and deal with argument conversions
+ * as though doing an assignment.
+ */
+ return (void *)realloc((char *)ptr, size);
+}
#ifdef YY_USE_PROTOS
-static void yy_flex_free( void *ptr )
+static void
+yy_flex_free(void *ptr)
#else
-static void yy_flex_free( ptr )
-void *ptr;
+static void yy_flex_free(ptr) void *ptr;
#endif
- {
- free( ptr );
- }
+{
+ free(ptr);
+}
#if YY_MAIN
-int main()
- {
- yylex();
- return 0;
- }
+int
+main()
+{
+ yylex();
+ return 0;
+}
#endif
#line 144 "crlgen_lex_orig.l"
@@ -1752,18 +1736,20 @@ int main()
static PRLock *parserInvocationLock;
-void CRLGEN_InitCrlGenParserLock()
+void
+CRLGEN_InitCrlGenParserLock()
{
parserInvocationLock = PR_NewLock();
}
-void CRLGEN_DestroyCrlGenParserLock()
+void
+CRLGEN_DestroyCrlGenParserLock()
{
PR_DestroyLock(parserInvocationLock);
}
-
-SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *parserCtlData)
+SECStatus
+CRLGEN_StartCrlGen(CRLGENGeneratorData *parserCtlData)
{
SECStatus rv;
@@ -1780,4 +1766,8 @@ SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *parserCtlData)
return rv;
}
-int yywrap() {return 1;}
+int
+yywrap()
+{
+ return 1;
+}
diff --git a/cmd/crlutil/crlutil.c b/cmd/crlutil/crlutil.c
index d50137140..9fca6b40b 100644
--- a/cmd/crlutil/crlutil.c
+++ b/cmd/crlutil/crlutil.c
@@ -25,10 +25,10 @@
static char *progName;
-static CERTSignedCrl *FindCRL
- (CERTCertDBHandle *certHandle, char *name, int type)
+static CERTSignedCrl *
+FindCRL(CERTCertDBHandle *certHandle, char *name, int type)
{
- CERTSignedCrl *crl = NULL;
+ CERTSignedCrl *crl = NULL;
CERTCertificate *cert = NULL;
SECItem derName;
@@ -39,14 +39,14 @@ static CERTSignedCrl *FindCRL
if (!cert) {
CERTName *certName = NULL;
PLArenaPool *arena = NULL;
-
+
certName = CERT_AsciiToName(name);
if (certName) {
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena) {
- SECItem *nameItem =
- SEC_ASN1EncodeItem (arena, NULL, (void *)certName,
- SEC_ASN1_GET(CERT_NameTemplate));
+ SECItem *nameItem =
+ SEC_ASN1EncodeItem(arena, NULL, (void *)certName,
+ SEC_ASN1_GET(CERT_NameTemplate));
if (nameItem) {
SECITEM_CopyItem(NULL, &derName, nameItem);
}
@@ -61,34 +61,35 @@ static CERTSignedCrl *FindCRL
}
} else {
SECITEM_CopyItem(NULL, &derName, &cert->derSubject);
- CERT_DestroyCertificate (cert);
+ CERT_DestroyCertificate(cert);
}
-
+
crl = SEC_FindCrlByName(certHandle, &derName, type);
- if (crl ==NULL)
- SECU_PrintError
- (progName, "could not find %s's CRL", name);
+ if (crl == NULL)
+ SECU_PrintError(progName, "could not find %s's CRL", name);
if (derName.data) {
SECITEM_FreeItem(&derName, PR_FALSE);
}
return (crl);
}
-static SECStatus DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
+static SECStatus
+DisplayCRL(CERTCertDBHandle *certHandle, char *nickName, int crlType)
{
CERTSignedCrl *crl = NULL;
- crl = FindCRL (certHandle, nickName, crlType);
-
+ crl = FindCRL(certHandle, nickName, crlType);
+
if (crl) {
- SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0);
- SEC_DestroyCrl (crl);
- return SECSuccess;
+ SECU_PrintCRLInfo(stdout, &crl->crl, "CRL Info:\n", 0);
+ SEC_DestroyCrl(crl);
+ return SECSuccess;
}
return SECFailure;
}
-static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls)
+static void
+ListCRLNames(CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls)
{
CERTCrlHeadNode *crlList = NULL;
CERTCrlNode *crlNode = NULL;
@@ -97,131 +98,130 @@ static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool dele
SECStatus rv;
do {
- arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
- if (arena == NULL) {
- fprintf(stderr, "%s: fail to allocate memory\n", progName);
- break;
- }
-
- name = PORT_ArenaZAlloc (arena, sizeof(*name));
- if (name == NULL) {
- fprintf(stderr, "%s: fail to allocate memory\n", progName);
- break;
- }
- name->arena = arena;
-
- rv = SEC_LookupCrls (certHandle, &crlList, crlType);
- if (rv != SECSuccess) {
- fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName,
- SECU_Strerror(PORT_GetError()));
- break;
- }
-
- /* just in case */
- if (!crlList)
- break;
-
- crlNode = crlList->first;
-
- fprintf (stdout, "\n");
- fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
- while (crlNode) {
- char* asciiname = NULL;
- CERTCertificate *cert = NULL;
- if (crlNode->crl && crlNode->crl->crl.derName.data != NULL) {
- cert = CERT_FindCertByName(certHandle,
- &crlNode->crl->crl.derName);
- if (!cert) {
- SECU_PrintError(progName, "could not find signing "
- "certificate in database");
- }
- }
- if (cert) {
- char* certName = NULL;
- if (cert->nickname && PORT_Strlen(cert->nickname) > 0) {
- certName = cert->nickname;
- } else if (cert->emailAddr && PORT_Strlen(cert->emailAddr) > 0) {
- certName = cert->emailAddr;
- }
- if (certName) {
- asciiname = PORT_Strdup(certName);
- }
- CERT_DestroyCertificate(cert);
- }
-
- if (!asciiname) {
- name = &crlNode->crl->crl.name;
- if (!name){
- SECU_PrintError(progName, "fail to get the CRL "
- "issuer name");
- continue;
- }
- asciiname = CERT_NameToAscii(name);
- }
- fprintf (stdout, "%-40s %-5s\n", asciiname, "CRL");
- if (asciiname) {
- PORT_Free(asciiname);
- }
- if ( PR_TRUE == deletecrls) {
- CERTSignedCrl* acrl = NULL;
- SECItem* issuer = &crlNode->crl->crl.derName;
+ arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+ if (arena == NULL) {
+ fprintf(stderr, "%s: fail to allocate memory\n", progName);
+ break;
+ }
+
+ name = PORT_ArenaZAlloc(arena, sizeof(*name));
+ if (name == NULL) {
+ fprintf(stderr, "%s: fail to allocate memory\n", progName);
+ break;
+ }
+ name->arena = arena;
+
+ rv = SEC_LookupCrls(certHandle, &crlList, crlType);
+ if (rv != SECSuccess) {
+ fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName,
+ SECU_Strerror(PORT_GetError()));
+ break;
+ }
+
+ /* just in case */
+ if (!crlList)
+ break;
+
+ crlNode = crlList->first;
+
+ fprintf(stdout, "\n");
+ fprintf(stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
+ while (crlNode) {
+ char *asciiname = NULL;
+ CERTCertificate *cert = NULL;
+ if (crlNode->crl && crlNode->crl->crl.derName.data != NULL) {
+ cert = CERT_FindCertByName(certHandle,
+ &crlNode->crl->crl.derName);
+ if (!cert) {
+ SECU_PrintError(progName, "could not find signing "
+ "certificate in database");
+ }
+ }
+ if (cert) {
+ char *certName = NULL;
+ if (cert->nickname && PORT_Strlen(cert->nickname) > 0) {
+ certName = cert->nickname;
+ } else if (cert->emailAddr && PORT_Strlen(cert->emailAddr) > 0) {
+ certName = cert->emailAddr;
+ }
+ if (certName) {
+ asciiname = PORT_Strdup(certName);
+ }
+ CERT_DestroyCertificate(cert);
+ }
+
+ if (!asciiname) {
+ name = &crlNode->crl->crl.name;
+ if (!name) {
+ SECU_PrintError(progName, "fail to get the CRL "
+ "issuer name");
+ continue;
+ }
+ asciiname = CERT_NameToAscii(name);
+ }
+ fprintf(stdout, "%-40s %-5s\n", asciiname, "CRL");
+ if (asciiname) {
+ PORT_Free(asciiname);
+ }
+ if (PR_TRUE == deletecrls) {
+ CERTSignedCrl *acrl = NULL;
+ SECItem *issuer = &crlNode->crl->crl.derName;
acrl = SEC_FindCrlByName(certHandle, issuer, crlType);
- if (acrl)
- {
+ if (acrl) {
SEC_DeletePermCRL(acrl);
SEC_DestroyCrl(acrl);
}
}
crlNode = crlNode->next;
- }
-
+ }
+
} while (0);
if (crlList)
- PORT_FreeArena (crlList->arena, PR_FALSE);
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(crlList->arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
-static SECStatus ListCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
+static SECStatus
+ListCRL(CERTCertDBHandle *certHandle, char *nickName, int crlType)
{
if (nickName == NULL) {
- ListCRLNames (certHandle, crlType, PR_FALSE);
- return SECSuccess;
- }
+ ListCRLNames(certHandle, crlType, PR_FALSE);
+ return SECSuccess;
+ }
- return DisplayCRL (certHandle, nickName, crlType);
+ return DisplayCRL(certHandle, nickName, crlType);
}
-
-
-static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type)
+static SECStatus
+DeleteCRL(CERTCertDBHandle *certHandle, char *name, int type)
{
- CERTSignedCrl *crl = NULL;
+ CERTSignedCrl *crl = NULL;
SECStatus rv = SECFailure;
- crl = FindCRL (certHandle, name, type);
+ crl = FindCRL(certHandle, name, type);
if (!crl) {
- SECU_PrintError
- (progName, "could not find the issuer %s's CRL", name);
- return SECFailure;
+ SECU_PrintError(progName, "could not find the issuer %s's CRL", name);
+ return SECFailure;
}
- rv = SEC_DeletePermCRL (crl);
+ rv = SEC_DeletePermCRL(crl);
SEC_DestroyCrl(crl);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "fail to delete the issuer %s's CRL "
- "from the perm database (reason: %s)",
- name, SECU_Strerror(PORT_GetError()));
- return SECFailure;
+ SECU_PrintError(progName, "fail to delete the issuer %s's CRL "
+ "from the perm database (reason: %s)",
+ name, SECU_Strerror(PORT_GetError()));
+ return SECFailure;
}
return (rv);
}
-SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
- PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions,
- secuPWData *pwdata)
+SECStatus
+ImportCRL(CERTCertDBHandle *certHandle, char *url, int type,
+ PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions,
+ secuPWData *pwdata)
{
CERTSignedCrl *crl = NULL;
SECItem crlDER;
- PK11SlotInfo* slot = NULL;
+ PK11SlotInfo *slot = NULL;
int rv;
#if defined(DEBUG_jp96085)
PRIntervalTime starttime, endtime, elapsed;
@@ -230,12 +230,11 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
crlDER.data = NULL;
-
/* Read in the entire file specified with the -f argument */
rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "unable to read input file");
- return (SECFailure);
+ SECU_PrintError(progName, "unable to read input file");
+ return (SECFailure);
}
decodeOptions |= CRL_DECODE_DONT_COPY_DER;
@@ -243,16 +242,16 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
slot = PK11_GetInternalKeySlot();
if (PK11_NeedLogin(slot)) {
- rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
- if (rv != SECSuccess)
- goto loser;
+ rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
+ if (rv != SECSuccess)
+ goto loser;
}
-
+
#if defined(DEBUG_jp96085)
starttime = PR_IntervalNow();
#endif
crl = PK11_ImportCRL(slot, &crlDER, url, type,
- NULL, importOptions, NULL, decodeOptions);
+ NULL, importOptions, NULL, decodeOptions);
#if defined(DEBUG_jp96085)
endtime = PR_IntervalNow();
elapsed = endtime - starttime;
@@ -262,70 +261,71 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs);
#endif
if (!crl) {
- const char *errString;
-
- rv = SECFailure;
- errString = SECU_Strerror(PORT_GetError());
- if ( errString && PORT_Strlen (errString) == 0)
- SECU_PrintError (progName,
- "CRL is not imported (error: input CRL is not up to date.)");
- else
- SECU_PrintError (progName, "unable to import CRL");
+ const char *errString;
+
+ rv = SECFailure;
+ errString = SECU_Strerror(PORT_GetError());
+ if (errString && PORT_Strlen(errString) == 0)
+ SECU_PrintError(progName,
+ "CRL is not imported (error: input CRL is not up to date.)");
+ else
+ SECU_PrintError(progName, "unable to import CRL");
} else {
- SEC_DestroyCrl (crl);
+ SEC_DestroyCrl(crl);
}
- loser:
+loser:
if (slot) {
PK11_FreeSlot(slot);
}
return (rv);
}
-SECStatus DumpCRL(PRFileDesc *inFile)
+SECStatus
+DumpCRL(PRFileDesc *inFile)
{
int rv;
PLArenaPool *arena = NULL;
CERTSignedCrl *newCrl = NULL;
-
+
SECItem crlDER;
crlDER.data = NULL;
/* Read in the entire file specified with the -f argument */
rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "unable to read input file");
- return (SECFailure);
+ SECU_PrintError(progName, "unable to read input file");
+ return (SECFailure);
}
-
+
rv = SEC_ERROR_NO_MEMORY;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena)
- return rv;
+ return rv;
newCrl = CERT_DecodeDERCrlWithFlags(arena, &crlDER, SEC_CRL_TYPE,
- CRL_DECODE_DEFAULT_OPTIONS);
+ CRL_DECODE_DEFAULT_OPTIONS);
if (!newCrl)
- return SECFailure;
-
- SECU_PrintCRLInfo (stdout, &newCrl->crl, "CRL file contents", 0);
-
- PORT_FreeArena (arena, PR_FALSE);
+ return SECFailure;
+
+ SECU_PrintCRLInfo(stdout, &newCrl->crl, "CRL file contents", 0);
+
+ PORT_FreeArena(arena, PR_FALSE);
return rv;
}
-static CERTCertificate*
+static CERTCertificate *
FindSigningCert(CERTCertDBHandle *certHandle, CERTSignedCrl *signCrl,
char *certNickName)
-{
+{
CERTCertificate *cert = NULL, *certTemp = NULL;
SECStatus rv = SECFailure;
- CERTAuthKeyID* authorityKeyID = NULL;
- SECItem* subject = NULL;
+ CERTAuthKeyID *authorityKeyID = NULL;
+ SECItem *subject = NULL;
PORT_Assert(certHandle != NULL);
if (!certHandle || (!signCrl && !certNickName)) {
SECU_PrintError(progName, "invalid args for function "
- "FindSigningCert \n");
+ "FindSigningCert \n");
return NULL;
}
@@ -338,7 +338,8 @@ FindSigningCert(CERTCertDBHandle *certHandle, CERTSignedCrl *signCrl,
certTemp = CERT_FindCertByNickname(certHandle, certNickName);
if (!certTemp) {
SECU_PrintError(progName, "could not find certificate \"%s\" "
- "in database", certNickName);
+ "in database",
+ certNickName);
goto loser;
}
subject = &certTemp->derSubject;
@@ -347,13 +348,13 @@ FindSigningCert(CERTCertDBHandle *certHandle, CERTSignedCrl *signCrl,
cert = SECU_FindCrlIssuer(certHandle, subject, authorityKeyID, PR_Now());
if (!cert) {
SECU_PrintError(progName, "could not find signing certificate "
- "in database");
+ "in database");
goto loser;
} else {
rv = SECSuccess;
}
- loser:
+loser:
if (certTemp)
CERT_DestroyCertificate(certTemp);
if (cert && rv != SECSuccess)
@@ -361,13 +362,13 @@ FindSigningCert(CERTCertDBHandle *certHandle, CERTSignedCrl *signCrl,
return cert;
}
-static CERTSignedCrl*
+static CERTSignedCrl *
CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle,
- CERTCertificate **cert, char *certNickName,
- PRFileDesc *inFile, PRInt32 decodeOptions,
- PRInt32 importOptions)
+ CERTCertificate **cert, char *certNickName,
+ PRFileDesc *inFile, PRInt32 decodeOptions,
+ PRInt32 importOptions)
{
- SECItem crlDER = {0, NULL, 0};
+ SECItem crlDER = { 0, NULL, 0 };
CERTSignedCrl *signCrl = NULL;
CERTSignedCrl *modCrl = NULL;
PLArenaPool *modArena = NULL;
@@ -384,7 +385,7 @@ CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle,
SECU_PrintError(progName, "fail to allocate memory\n");
return NULL;
}
-
+
if (inFile != NULL) {
rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
if (rv != SECSuccess) {
@@ -392,17 +393,17 @@ CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle,
PORT_FreeArena(modArena, PR_FALSE);
goto loser;
}
-
+
decodeOptions |= CRL_DECODE_DONT_COPY_DER;
-
+
modCrl = CERT_DecodeDERCrlWithFlags(modArena, &crlDER, SEC_CRL_TYPE,
decodeOptions);
if (!modCrl) {
SECU_PrintError(progName, "fail to decode CRL");
goto loser;
}
-
- if (0 == (importOptions & CRL_IMPORT_BYPASS_CHECKS)){
+
+ if (0 == (importOptions & CRL_IMPORT_BYPASS_CHECKS)) {
/* If caCert is a v2 certificate, make sure that it
* can be used for crl signing purpose */
*cert = FindSigningCert(certHandle, modCrl, NULL);
@@ -435,9 +436,9 @@ CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle,
rv = SECU_CopyCRL(arena, &signCrl->crl, &modCrl->crl);
if (rv != SECSuccess) {
SECU_PrintError(progName, "unable to dublicate crl for "
- "modification.");
+ "modification.");
goto loser;
- }
+ }
/* Make sure the update time is current. It can be modified later
* by "update <time>" command from crl generation script */
@@ -449,7 +450,7 @@ CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle,
signCrl->arena = arena;
- loser:
+loser:
if (crlDER.data) {
SECITEM_FreeItem(&crlDER, PR_FALSE);
}
@@ -462,27 +463,26 @@ CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle,
return signCrl;
}
-
-static CERTSignedCrl*
+static CERTSignedCrl *
CreateNewCrl(PLArenaPool *arena, CERTCertDBHandle *certHandle,
CERTCertificate *cert)
-{
+{
CERTSignedCrl *signCrl = NULL;
void *dummy = NULL;
SECStatus rv;
- void* mark = NULL;
+ void *mark = NULL;
/* if the CERTSignedCrl structure changes, this function will need to be
updated as well */
if (!cert || !arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
SECU_PrintError(progName, "invalid args for function "
- "CreateNewCrl\n");
+ "CreateNewCrl\n");
return NULL;
}
mark = PORT_ArenaMark(arena);
-
+
signCrl = PORT_ArenaZNew(arena, CERTSignedCrl);
if (signCrl == NULL) {
SECU_PrintError(progName, "fail to allocate memory\n");
@@ -494,23 +494,23 @@ CreateNewCrl(PLArenaPool *arena, CERTCertDBHandle *certHandle,
/* set crl->version */
if (!dummy) {
SECU_PrintError(progName, "fail to create crl version data "
- "container\n");
+ "container\n");
goto loser;
}
-
+
/* copy SECItem name from cert */
rv = SECITEM_CopyItem(arena, &signCrl->crl.derName, &cert->derSubject);
if (rv != SECSuccess) {
SECU_PrintError(progName, "fail to duplicate der name from "
- "certificate.\n");
+ "certificate.\n");
goto loser;
}
-
+
/* copy CERTName name structure from cert issuer */
- rv = CERT_CopyName (arena, &signCrl->crl.name, &cert->subject);
+ rv = CERT_CopyName(arena, &signCrl->crl.name, &cert->subject);
if (rv != SECSuccess) {
SECU_PrintError(progName, "fail to duplicate RD name from "
- "certificate.\n");
+ "certificate.\n");
goto loser;
}
@@ -527,44 +527,43 @@ CreateNewCrl(PLArenaPool *arena, CERTCertDBHandle *certHandle,
return signCrl;
- loser:
+loser:
PORT_ArenaRelease(arena, mark);
return NULL;
}
-
static SECStatus
UpdateCrl(CERTSignedCrl *signCrl, PRFileDesc *inCrlInitFile)
{
CRLGENGeneratorData *crlGenData = NULL;
SECStatus rv;
-
+
if (!signCrl || !inCrlInitFile) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
SECU_PrintError(progName, "invalid args for function "
- "CreateNewCrl\n");
+ "CreateNewCrl\n");
return SECFailure;
}
crlGenData = CRLGEN_InitCrlGeneration(signCrl, inCrlInitFile);
if (!crlGenData) {
- SECU_PrintError(progName, "can not initialize parser structure.\n");
- return SECFailure;
+ SECU_PrintError(progName, "can not initialize parser structure.\n");
+ return SECFailure;
}
rv = CRLGEN_ExtHandleInit(crlGenData);
if (rv == SECFailure) {
- SECU_PrintError(progName, "can not initialize entries handle.\n");
- goto loser;
+ SECU_PrintError(progName, "can not initialize entries handle.\n");
+ goto loser;
}
-
+
rv = CRLGEN_StartCrlGen(crlGenData);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "crl generation failed");
- goto loser;
+ SECU_PrintError(progName, "crl generation failed");
+ goto loser;
}
- loser:
+loser:
/* CommitExtensionsAndEntries is partially responsible for freeing
* up memory that was used for CRL generation. Should be called regardless
* of previouse call status, but only after initialization of
@@ -575,7 +574,7 @@ UpdateCrl(CERTSignedCrl *signCrl, PRFileDesc *inCrlInitFile)
SECU_PrintError(progName, "crl generation failed");
rv = SECFailure;
}
- CRLGEN_FinalizeCrlGeneration(crlGenData);
+ CRLGEN_FinalizeCrlGeneration(crlGenData);
return rv;
}
@@ -585,37 +584,36 @@ SignAndStoreCrl(CERTSignedCrl *signCrl, CERTCertificate *cert,
char *slotName, char *url, secuPWData *pwdata)
{
PK11SlotInfo *slot = NULL;
- PRFileDesc *outFile = NULL;
+ PRFileDesc *outFile = NULL;
SECStatus rv;
SignAndEncodeFuncExitStat errCode;
PORT_Assert(signCrl && (!ascii || outFileName));
if (!signCrl || (ascii && !outFileName)) {
SECU_PrintError(progName, "invalid args for function "
- "SignAndStoreCrl\n");
+ "SignAndStoreCrl\n");
return SECFailure;
}
if (!slotName || !PL_strcmp(slotName, "internal"))
- slot = PK11_GetInternalKeySlot();
+ slot = PK11_GetInternalKeySlot();
else
- slot = PK11_FindSlotByName(slotName);
+ slot = PK11_FindSlotByName(slotName);
if (!slot) {
- SECU_PrintError(progName, "can not find requested slot");
- return SECFailure;
+ SECU_PrintError(progName, "can not find requested slot");
+ return SECFailure;
}
if (PK11_NeedLogin(slot)) {
rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
- if (rv != SECSuccess)
- goto loser;
+ if (rv != SECSuccess)
+ goto loser;
}
rv = SECU_SignAndEncodeCRL(cert, signCrl, hashAlgTag, &errCode);
if (rv != SECSuccess) {
- char* errMsg = NULL;
- switch (errCode)
- {
+ char *errMsg = NULL;
+ switch (errCode) {
case noKeyFound:
errMsg = "No private key found of signing cert";
break;
@@ -637,17 +635,17 @@ SignAndStoreCrl(CERTSignedCrl *signCrl, CERTCertificate *cert,
errMsg = "Can not allocate memory";
break;
}
- SECU_PrintError(progName, "%s\n", errMsg);
- goto loser;
+ SECU_PrintError(progName, "%s\n", errMsg);
+ goto loser;
}
if (outFileName) {
- outFile = PR_Open(outFileName, PR_WRONLY|PR_CREATE_FILE, PR_IRUSR | PR_IWUSR);
- if (!outFile) {
- SECU_PrintError(progName, "unable to open \"%s\" for writing\n",
- outFileName);
- goto loser;
- }
+ outFile = PR_Open(outFileName, PR_WRONLY | PR_CREATE_FILE, PR_IRUSR | PR_IWUSR);
+ if (!outFile) {
+ SECU_PrintError(progName, "unable to open \"%s\" for writing\n",
+ outFileName);
+ goto loser;
+ }
}
rv = SECU_StoreCRL(slot, signCrl->derCrl, outFile, ascii, url);
@@ -655,21 +653,21 @@ SignAndStoreCrl(CERTSignedCrl *signCrl, CERTCertificate *cert,
SECU_PrintError(progName, "fail to save CRL\n");
}
- loser:
+loser:
if (outFile)
- PR_Close(outFile);
+ PR_Close(outFile);
if (slot)
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
return rv;
}
static SECStatus
-GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName,
- PRFileDesc *inCrlInitFile, PRFileDesc *inFile,
- char *outFileName, int ascii, char *slotName,
- PRInt32 importOptions, char *alg, PRBool quiet,
- PRInt32 decodeOptions, char *url, secuPWData *pwdata,
- int modifyFlag)
+GenerateCRL(CERTCertDBHandle *certHandle, char *certNickName,
+ PRFileDesc *inCrlInitFile, PRFileDesc *inFile,
+ char *outFileName, int ascii, char *slotName,
+ PRInt32 importOptions, char *alg, PRBool quiet,
+ PRInt32 decodeOptions, char *url, secuPWData *pwdata,
+ int modifyFlag)
{
CERTCertificate *cert = NULL;
CERTSignedCrl *signCrl = NULL;
@@ -688,7 +686,7 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName,
hashAlgTag = SEC_OID_UNKNOWN;
}
- arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
+ arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
if (!arena) {
SECU_PrintError(progName, "fail to allocate memory\n");
return SECFailure;
@@ -696,7 +694,7 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName,
if (modifyFlag == PR_TRUE) {
signCrl = CreateModifiedCRLCopy(arena, certHandle, &cert, certNickName,
- inFile, decodeOptions, importOptions);
+ inFile, decodeOptions, importOptions);
if (signCrl == NULL) {
rv = SECFailure;
goto loser;
@@ -719,7 +717,7 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName,
PR_snprintf(outFileName, len, "%s.crl", certNickName);
}
SECU_PrintError(progName, "Will try to generate crl. "
- "It will be saved in file: %s",
+ "It will be saved in file: %s",
outFileName);
}
signCrl = CreateNewCrl(arena, certHandle, cert);
@@ -741,107 +739,109 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName,
}
if (signCrl && !quiet) {
- SECU_PrintCRLInfo (stdout, &signCrl->crl, "CRL Info:\n", 0);
+ SECU_PrintCRLInfo(stdout, &signCrl->crl, "CRL Info:\n", 0);
}
- loser:
+loser:
if (arena && (!signCrl || !signCrl->arena))
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
if (signCrl)
- SEC_DestroyCrl (signCrl);
+ SEC_DestroyCrl(signCrl);
if (cert)
- CERT_DestroyCertificate (cert);
+ CERT_DestroyCertificate(cert);
return (rv);
}
-static void Usage(char *progName)
+static void
+Usage(char *progName)
{
fprintf(stderr,
- "Usage: %s -L [-n nickname] [-d keydir] [-P dbprefix] [-t crlType]\n"
- " %s -D -n nickname [-d keydir] [-P dbprefix]\n"
- " %s -S -i crl\n"
- " %s -I -i crl -t crlType [-u url] [-d keydir] [-P dbprefix] [-B] "
+ "Usage: %s -L [-n nickname] [-d keydir] [-P dbprefix] [-t crlType]\n"
+ " %s -D -n nickname [-d keydir] [-P dbprefix]\n"
+ " %s -S -i crl\n"
+ " %s -I -i crl -t crlType [-u url] [-d keydir] [-P dbprefix] [-B] "
"[-p pwd-file] -w [pwd-string]\n"
- " %s -E -t crlType [-d keydir] [-P dbprefix]\n"
- " %s -T\n"
- " %s -G|-M -c crl-init-file -n nickname [-i crl] [-u url] "
+ " %s -E -t crlType [-d keydir] [-P dbprefix]\n"
+ " %s -T\n"
+ " %s -G|-M -c crl-init-file -n nickname [-i crl] [-u url] "
"[-d keydir] [-P dbprefix] [-Z alg] ] [-p pwd-file] -w [pwd-string] "
"[-a] [-B]\n",
- progName, progName, progName, progName, progName, progName, progName);
+ progName, progName, progName, progName, progName, progName, progName);
- fprintf (stderr, "%-15s List CRL\n", "-L");
+ fprintf(stderr, "%-15s List CRL\n", "-L");
fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n",
- "-n nickname");
+ "-n nickname");
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
- "-d keydir");
+ "-d keydir");
fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
- "-P dbprefix");
-
- fprintf (stderr, "%-15s Delete a CRL from the cert database\n", "-D");
+ "-P dbprefix");
+
+ fprintf(stderr, "%-15s Delete a CRL from the cert database\n", "-D");
fprintf(stderr, "%-20s Specify the nickname for the CA certificate\n",
- "-n nickname");
+ "-n nickname");
fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
- "-d keydir");
+ "-d keydir");
fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
- "-P dbprefix");
+ "-P dbprefix");
- fprintf (stderr, "%-15s Erase all CRLs of specified type from hte cert database\n", "-E");
+ fprintf(stderr, "%-15s Erase all CRLs of specified type from hte cert database\n", "-E");
fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
- "-d keydir");
+ "-d keydir");
fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
- "-P dbprefix");
-
- fprintf (stderr, "%-15s Show contents of a CRL file (without database)\n", "-S");
+ "-P dbprefix");
+
+ fprintf(stderr, "%-15s Show contents of a CRL file (without database)\n", "-S");
fprintf(stderr, "%-20s Specify the file which contains the CRL to show\n",
- "-i crl");
+ "-i crl");
- fprintf (stderr, "%-15s Import a CRL to the cert database\n", "-I");
+ fprintf(stderr, "%-15s Import a CRL to the cert database\n", "-I");
fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n",
- "-i crl");
+ "-i crl");
fprintf(stderr, "%-20s Specify the url.\n", "-u url");
fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
- "-d keydir");
+ "-d keydir");
fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
- "-P dbprefix");
+ "-P dbprefix");
#ifdef DEBUG
- fprintf (stderr, "%-15s Test . Only for debugging purposes. See source code\n", "-T");
+ fprintf(stderr, "%-15s Test . Only for debugging purposes. See source code\n", "-T");
#endif
fprintf(stderr, "%-20s CRL Types (default is SEC_CRL_TYPE):\n", " ");
fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " ");
- fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " ");
+ fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " ");
fprintf(stderr, "\n%-20s Bypass CA certificate checks.\n", "-B");
fprintf(stderr, "\n%-20s Partial decode for faster operation.\n", "-p");
fprintf(stderr, "%-20s Repeat the operation.\n", "-r <iterations>");
fprintf(stderr, "\n%-15s Create CRL\n", "-G");
fprintf(stderr, "%-15s Modify CRL\n", "-M");
fprintf(stderr, "%-20s Specify crl initialization file\n",
- "-c crl-conf-file");
+ "-c crl-conf-file");
fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n",
- "-n nickname");
+ "-n nickname");
fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n",
- "-i crl");
+ "-i crl");
fprintf(stderr, "%-20s Specify a CRL output file\n",
- "-o crl-output-file");
+ "-o crl-output-file");
fprintf(stderr, "%-20s Specify to use base64 encoded CRL output format\n",
- "-a");
+ "-a");
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
- "-d keydir");
+ "-d keydir");
fprintf(stderr, "%-20s Provide path to a default pwd file\n",
- "-f pwd-file");
+ "-f pwd-file");
fprintf(stderr, "%-20s Provide db password in command line\n",
- "-w pwd-string");
+ "-w pwd-string");
fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
- "-P dbprefix");
+ "-P dbprefix");
fprintf(stderr, "%-20s Specify the url.\n", "-u url");
fprintf(stderr, "\n%-20s Bypass CA certificate checks.\n", "-B");
exit(-1);
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
CERTCertDBHandle *certHandle;
PRFileDesc *inFile;
@@ -873,10 +873,10 @@ int main(int argc, char **argv)
PRInt32 iterations = 1;
PRBool readonly = PR_FALSE;
- secuPWData pwdata = { PW_NONE, 0 };
+ secuPWData pwdata = { PW_NONE, 0 };
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
rv = 0;
deleteCRL = importCRL = listCRL = generateCRL = modifyCRL = showFileCRL = 0;
@@ -889,218 +889,217 @@ int main(int argc, char **argv)
*/
optstate = PL_CreateOptState(argc, argv, "sqBCDGILMSTEP:f:d:i:h:n:p:t:u:r:aZ:o:c:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
+ switch (optstate->option) {
+ case '?':
+ Usage(progName);
+ break;
- case 'T':
- test = PR_TRUE;
- break;
+ case 'T':
+ test = PR_TRUE;
+ break;
- case 'E':
- erase = PR_TRUE;
- break;
+ case 'E':
+ erase = PR_TRUE;
+ break;
- case 'B':
- importOptions |= CRL_IMPORT_BYPASS_CHECKS;
- break;
+ case 'B':
+ importOptions |= CRL_IMPORT_BYPASS_CHECKS;
+ break;
- case 'G':
- generateCRL = 1;
- break;
+ case 'G':
+ generateCRL = 1;
+ break;
- case 'M':
- modifyCRL = 1;
- break;
+ case 'M':
+ modifyCRL = 1;
+ break;
+
+ case 'D':
+ deleteCRL = 1;
+ break;
+
+ case 'I':
+ importCRL = 1;
+ break;
+
+ case 'S':
+ showFileCRL = 1;
+ break;
+
+ case 'C':
+ case 'L':
+ listCRL = 1;
+ break;
+
+ case 'P':
+ dbPrefix = strdup(optstate->value);
+ break;
+
+ case 'Z':
+ alg = strdup(optstate->value);
+ break;
+
+ case 'a':
+ ascii = 1;
+ break;
+
+ case 'c':
+ inCrlInitFile = PR_Open(optstate->value, PR_RDONLY, 0);
+ if (!inCrlInitFile) {
+ PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ PL_DestroyOptState(optstate);
+ return -1;
+ }
+ break;
+
+ case 'd':
+ SECU_ConfigDirectory(optstate->value);
+ break;
+
+ case 'f':
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = strdup(optstate->value);
+ break;
+
+ case 'h':
+ slotName = strdup(optstate->value);
+ break;
+
+ case 'i':
+ inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+ if (!inFile) {
+ PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ PL_DestroyOptState(optstate);
+ return -1;
+ }
+ break;
+
+ case 'n':
+ nickName = strdup(optstate->value);
+ break;
+
+ case 'o':
+ outFile = strdup(optstate->value);
+ break;
- case 'D':
- deleteCRL = 1;
- break;
-
- case 'I':
- importCRL = 1;
- break;
-
- case 'S':
- showFileCRL = 1;
- break;
-
- case 'C':
- case 'L':
- listCRL = 1;
- break;
-
- case 'P':
- dbPrefix = strdup(optstate->value);
- break;
-
- case 'Z':
- alg = strdup(optstate->value);
- break;
-
- case 'a':
- ascii = 1;
- break;
-
- case 'c':
- inCrlInitFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inCrlInitFile) {
- PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- PL_DestroyOptState(optstate);
- return -1;
- }
- break;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'f':
- pwdata.source = PW_FROMFILE;
- pwdata.data = strdup(optstate->value);
- break;
-
- case 'h':
- slotName = strdup(optstate->value);
- break;
-
- case 'i':
- inFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inFile) {
- PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- PL_DestroyOptState(optstate);
- return -1;
- }
- break;
-
- case 'n':
- nickName = strdup(optstate->value);
- break;
-
- case 'o':
- outFile = strdup(optstate->value);
- break;
-
- case 'p':
- decodeOptions |= CRL_DECODE_SKIP_ENTRIES;
- break;
-
- case 'r': {
- const char* str = optstate->value;
- if (str && atoi(str)>0)
- iterations = atoi(str);
- }
- break;
-
- case 't': {
- crlType = atoi(optstate->value);
- if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) {
- PR_fprintf(PR_STDERR, "%s: invalid crl type\n", progName);
- PL_DestroyOptState(optstate);
- return -1;
- }
- break;
-
- case 'q':
- quiet = PR_TRUE;
- break;
-
- case 'w':
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = strdup(optstate->value);
- break;
-
- case 'u':
- url = strdup(optstate->value);
- break;
-
- }
- }
+ case 'p':
+ decodeOptions |= CRL_DECODE_SKIP_ENTRIES;
+ break;
+
+ case 'r': {
+ const char *str = optstate->value;
+ if (str && atoi(str) > 0)
+ iterations = atoi(str);
+ } break;
+
+ case 't': {
+ crlType = atoi(optstate->value);
+ if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) {
+ PR_fprintf(PR_STDERR, "%s: invalid crl type\n", progName);
+ PL_DestroyOptState(optstate);
+ return -1;
+ }
+ break;
+
+ case 'q':
+ quiet = PR_TRUE;
+ break;
+
+ case 'w':
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = strdup(optstate->value);
+ break;
+
+ case 'u':
+ url = strdup(optstate->value);
+ break;
+ }
+ }
}
PL_DestroyOptState(optstate);
- if (deleteCRL && !nickName) Usage (progName);
- if (importCRL && !inFile) Usage (progName);
- if (showFileCRL && !inFile) Usage (progName);
+ if (deleteCRL && !nickName)
+ Usage(progName);
+ if (importCRL && !inFile)
+ Usage(progName);
+ if (showFileCRL && !inFile)
+ Usage(progName);
if ((generateCRL && !nickName) ||
- (modifyCRL && !inFile && !nickName)) Usage (progName);
+ (modifyCRL && !inFile && !nickName))
+ Usage(progName);
if (!(listCRL || deleteCRL || importCRL || showFileCRL || generateCRL ||
- modifyCRL || test || erase)) Usage (progName);
+ modifyCRL || test || erase))
+ Usage(progName);
if (listCRL || showFileCRL) {
readonly = PR_TRUE;
}
-
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
PK11_SetPasswordFunc(SECU_GetModulePassword);
if (showFileCRL) {
- NSS_NoDB_Init(NULL);
- }
- else {
- secstatus = NSS_Initialize(SECU_ConfigDirectory(NULL), dbPrefix, dbPrefix,
- "secmod.db", readonly ? NSS_INIT_READONLY : 0);
- if (secstatus != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- return -1;
- }
+ NSS_NoDB_Init(NULL);
+ } else {
+ secstatus = NSS_Initialize(SECU_ConfigDirectory(NULL), dbPrefix, dbPrefix,
+ "secmod.db", readonly ? NSS_INIT_READONLY : 0);
+ if (secstatus != SECSuccess) {
+ SECU_PrintPRandOSError(progName);
+ return -1;
+ }
}
-
+
SECU_RegisterDynamicOids();
certHandle = CERT_GetDefaultCertDB();
if (certHandle == NULL) {
- SECU_PrintError(progName, "unable to open the cert db");
- /*ignoring return value of NSS_Shutdown() as code returns -1*/
- (void) NSS_Shutdown();
- return (-1);
+ SECU_PrintError(progName, "unable to open the cert db");
+ /*ignoring return value of NSS_Shutdown() as code returns -1*/
+ (void)NSS_Shutdown();
+ return (-1);
}
CRLGEN_InitCrlGenParserLock();
- for (i=0; i<iterations; i++) {
- /* Read in the private key info */
- if (deleteCRL)
- DeleteCRL (certHandle, nickName, crlType);
- else if (listCRL) {
- rv = ListCRL (certHandle, nickName, crlType);
- }
- else if (importCRL) {
- rv = ImportCRL (certHandle, url, crlType, inFile, importOptions,
- decodeOptions, &pwdata);
- }
- else if (showFileCRL) {
- rv = DumpCRL (inFile);
- } else if (generateCRL || modifyCRL) {
- if (!inCrlInitFile)
- inCrlInitFile = PR_STDIN;
- rv = GenerateCRL (certHandle, nickName, inCrlInitFile,
- inFile, outFile, ascii, slotName,
- importOptions, alg, quiet,
- decodeOptions, url, &pwdata,
- modifyCRL);
- }
- else if (erase) {
- /* list and delete all CRLs */
- ListCRLNames (certHandle, crlType, PR_TRUE);
- }
+ for (i = 0; i < iterations; i++) {
+ /* Read in the private key info */
+ if (deleteCRL)
+ DeleteCRL(certHandle, nickName, crlType);
+ else if (listCRL) {
+ rv = ListCRL(certHandle, nickName, crlType);
+ } else if (importCRL) {
+ rv = ImportCRL(certHandle, url, crlType, inFile, importOptions,
+ decodeOptions, &pwdata);
+ } else if (showFileCRL) {
+ rv = DumpCRL(inFile);
+ } else if (generateCRL || modifyCRL) {
+ if (!inCrlInitFile)
+ inCrlInitFile = PR_STDIN;
+ rv = GenerateCRL(certHandle, nickName, inCrlInitFile,
+ inFile, outFile, ascii, slotName,
+ importOptions, alg, quiet,
+ decodeOptions, url, &pwdata,
+ modifyCRL);
+ } else if (erase) {
+ /* list and delete all CRLs */
+ ListCRLNames(certHandle, crlType, PR_TRUE);
+ }
#ifdef DEBUG
- else if (test) {
- /* list and delete all CRLs */
- ListCRLNames (certHandle, crlType, PR_TRUE);
- /* list CRLs */
- ListCRLNames (certHandle, crlType, PR_FALSE);
- /* import CRL as a blob */
- rv = ImportCRL (certHandle, url, crlType, inFile, importOptions,
- decodeOptions, &pwdata);
- /* list CRLs */
- ListCRLNames (certHandle, crlType, PR_FALSE);
- }
-#endif
+ else if (test) {
+ /* list and delete all CRLs */
+ ListCRLNames(certHandle, crlType, PR_TRUE);
+ /* list CRLs */
+ ListCRLNames(certHandle, crlType, PR_FALSE);
+ /* import CRL as a blob */
+ rv = ImportCRL(certHandle, url, crlType, inFile, importOptions,
+ decodeOptions, &pwdata);
+ /* list CRLs */
+ ListCRLNames(certHandle, crlType, PR_FALSE);
+ }
+#endif
}
CRLGEN_DestroyCrlGenParserLock();
diff --git a/cmd/crmf-cgi/crmfcgi.c b/cmd/crmf-cgi/crmfcgi.c
index fb7e9339e..07b81f233 100644
--- a/cmd/crmf-cgi/crmfcgi.c
+++ b/cmd/crmf-cgi/crmfcgi.c
@@ -18,27 +18,27 @@
#include <stdio.h>
#define DEFAULT_ALLOC_SIZE 200
-#define DEFAULT_CGI_VARS 20
+#define DEFAULT_CGI_VARS 20
typedef struct CGIVariableStr {
- char *name;
- char *value;
+ char *name;
+ char *value;
} CGIVariable;
typedef struct CGIVarTableStr {
- CGIVariable **variables;
- int numVars;
- int numAlloc;
+ CGIVariable **variables;
+ int numVars;
+ int numAlloc;
} CGIVarTable;
typedef struct CertResponseInfoStr {
- CERTCertificate *cert;
- long certReqID;
+ CERTCertificate *cert;
+ long certReqID;
} CertResponseInfo;
typedef struct ChallengeCreationInfoStr {
- long random;
- SECKEYPublicKey *pubKey;
+ long random;
+ SECKEYPublicKey *pubKey;
} ChallengeCreationInfo;
char *missingVar = NULL;
@@ -47,58 +47,58 @@ char *missingVar = NULL;
* Error values.
*/
typedef enum {
- NO_ERROR = 0,
- NSS_INIT_FAILED,
- AUTH_FAILED,
- REQ_CGI_VAR_NOT_PRESENT,
- CRMF_REQ_NOT_PRESENT,
- BAD_ASCII_FOR_REQ,
- CGI_VAR_MISSING,
- COULD_NOT_FIND_CA,
- COULD_NOT_DECODE_REQS,
- OUT_OF_MEMORY,
- ERROR_RETRIEVING_REQUEST_MSG,
- ERROR_RETRIEVING_CERT_REQUEST,
- ERROR_RETRIEVING_SUBJECT_FROM_REQ,
- ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ,
- ERROR_CREATING_NEW_CERTIFICATE,
- COULD_NOT_START_EXTENSIONS,
- ERROR_RETRIEVING_EXT_FROM_REQ,
- ERROR_ADDING_EXT_TO_CERT,
- ERROR_ENDING_EXTENSIONS,
- COULD_NOT_FIND_ISSUER_PRIVATE_KEY,
- UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER,
- ERROR_SETTING_SIGN_ALG,
- ERROR_ENCODING_NEW_CERT,
- ERROR_SIGNING_NEW_CERT,
- ERROR_CREATING_CERT_REP_CONTENT,
- ERROR_CREATING_SINGLE_CERT_RESPONSE,
- ERROR_SETTING_CERT_RESPONSES,
- ERROR_CREATING_CA_LIST,
- ERROR_ADDING_ISSUER_TO_CA_LIST,
- ERROR_ENCODING_CERT_REP_CONTENT,
- NO_POP_FOR_REQUEST,
- UNSUPPORTED_POP,
- ERROR_RETRIEVING_POP_SIGN_KEY,
- ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY,
- ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY,
- DO_CHALLENGE_RESPONSE,
- ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT,
- ERROR_ENCODING_CERT_REQ_FOR_POP,
- ERROR_VERIFYING_SIGNATURE_POP,
- ERROR_RETRIEVING_PUB_KEY_FOR_CHALL,
- ERROR_CREATING_EMPTY_CHAL_CONTENT,
- ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER,
- ERROR_SETTING_CHALLENGE,
- ERROR_ENCODING_CHALL,
- ERROR_CONVERTING_CHALL_TO_BASE64,
- ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN,
- ERROR_CREATING_KEY_RESP_FROM_DER,
- ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE,
- ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED,
- ERROR_GETTING_KEY_ENCIPHERMENT,
- ERROR_NO_POP_FOR_PRIVKEY,
- ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE
+ NO_ERROR = 0,
+ NSS_INIT_FAILED,
+ AUTH_FAILED,
+ REQ_CGI_VAR_NOT_PRESENT,
+ CRMF_REQ_NOT_PRESENT,
+ BAD_ASCII_FOR_REQ,
+ CGI_VAR_MISSING,
+ COULD_NOT_FIND_CA,
+ COULD_NOT_DECODE_REQS,
+ OUT_OF_MEMORY,
+ ERROR_RETRIEVING_REQUEST_MSG,
+ ERROR_RETRIEVING_CERT_REQUEST,
+ ERROR_RETRIEVING_SUBJECT_FROM_REQ,
+ ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ,
+ ERROR_CREATING_NEW_CERTIFICATE,
+ COULD_NOT_START_EXTENSIONS,
+ ERROR_RETRIEVING_EXT_FROM_REQ,
+ ERROR_ADDING_EXT_TO_CERT,
+ ERROR_ENDING_EXTENSIONS,
+ COULD_NOT_FIND_ISSUER_PRIVATE_KEY,
+ UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER,
+ ERROR_SETTING_SIGN_ALG,
+ ERROR_ENCODING_NEW_CERT,
+ ERROR_SIGNING_NEW_CERT,
+ ERROR_CREATING_CERT_REP_CONTENT,
+ ERROR_CREATING_SINGLE_CERT_RESPONSE,
+ ERROR_SETTING_CERT_RESPONSES,
+ ERROR_CREATING_CA_LIST,
+ ERROR_ADDING_ISSUER_TO_CA_LIST,
+ ERROR_ENCODING_CERT_REP_CONTENT,
+ NO_POP_FOR_REQUEST,
+ UNSUPPORTED_POP,
+ ERROR_RETRIEVING_POP_SIGN_KEY,
+ ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY,
+ ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY,
+ DO_CHALLENGE_RESPONSE,
+ ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT,
+ ERROR_ENCODING_CERT_REQ_FOR_POP,
+ ERROR_VERIFYING_SIGNATURE_POP,
+ ERROR_RETRIEVING_PUB_KEY_FOR_CHALL,
+ ERROR_CREATING_EMPTY_CHAL_CONTENT,
+ ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER,
+ ERROR_SETTING_CHALLENGE,
+ ERROR_ENCODING_CHALL,
+ ERROR_CONVERTING_CHALL_TO_BASE64,
+ ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN,
+ ERROR_CREATING_KEY_RESP_FROM_DER,
+ ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE,
+ ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED,
+ ERROR_GETTING_KEY_ENCIPHERMENT,
+ ERROR_NO_POP_FOR_PRIVKEY,
+ ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE
} ErrorCode;
const char *
@@ -107,984 +107,984 @@ CGITableFindValue(CGIVarTable *varTable, const char *key);
void
spitOutHeaders(void)
{
- printf("Content-type: text/html\n\n");
+ printf("Content-type: text/html\n\n");
}
void
dumpRequest(CGIVarTable *varTable)
{
- int i;
- CGIVariable *var;
-
- printf ("<table border=1 cellpadding=1 cellspacing=1 width=\"100%%\">\n");
- printf ("<tr><td><b><center>Variable Name<center></b></td>"
- "<td><b><center>Value</center></b></td></tr>\n");
- for (i=0; i<varTable->numVars; i++) {
- var = varTable->variables[i];
- printf ("<tr><td><pre>%s</pre></td><td><pre>%s</pre></td></tr>\n",
- var->name, var->value);
- }
- printf("</table>\n");
+ int i;
+ CGIVariable *var;
+
+ printf("<table border=1 cellpadding=1 cellspacing=1 width=\"100%%\">\n");
+ printf("<tr><td><b><center>Variable Name<center></b></td>"
+ "<td><b><center>Value</center></b></td></tr>\n");
+ for (i = 0; i < varTable->numVars; i++) {
+ var = varTable->variables[i];
+ printf("<tr><td><pre>%s</pre></td><td><pre>%s</pre></td></tr>\n",
+ var->name, var->value);
+ }
+ printf("</table>\n");
}
void
echo_request(CGIVarTable *varTable)
{
- spitOutHeaders();
- printf("<html><head><title>CGI Echo Page</title></head>\n"
- "<body><h1>Got the following request</h1>\n");
- dumpRequest(varTable);
- printf("</body></html>");
+ spitOutHeaders();
+ printf("<html><head><title>CGI Echo Page</title></head>\n"
+ "<body><h1>Got the following request</h1>\n");
+ dumpRequest(varTable);
+ printf("</body></html>");
}
void
processVariable(CGIVariable *var)
{
- char *plusSign, *percentSign;
-
- /*First look for all of the '+' and convert them to spaces */
- plusSign = var->value;
- while ((plusSign=strchr(plusSign, '+')) != NULL) {
- *plusSign = ' ';
- }
- percentSign = var->value;
- while ((percentSign=strchr(percentSign, '%')) != NULL) {
- char string[3];
- int value;
+ char *plusSign, *percentSign;
- string[0] = percentSign[1];
- string[1] = percentSign[2];
- string[2] = '\0';
-
- sscanf(string,"%x", &value);
- *percentSign = (char)value;
- memmove(&percentSign[1], &percentSign[3], 1+strlen(&percentSign[3]));
- }
+ /*First look for all of the '+' and convert them to spaces */
+ plusSign = var->value;
+ while ((plusSign = strchr(plusSign, '+')) != NULL) {
+ *plusSign = ' ';
+ }
+ percentSign = var->value;
+ while ((percentSign = strchr(percentSign, '%')) != NULL) {
+ char string[3];
+ int value;
+
+ string[0] = percentSign[1];
+ string[1] = percentSign[2];
+ string[2] = '\0';
+
+ sscanf(string, "%x", &value);
+ *percentSign = (char)value;
+ memmove(&percentSign[1], &percentSign[3], 1 + strlen(&percentSign[3]));
+ }
}
char *
parseNextVariable(CGIVarTable *varTable, char *form_output)
{
- char *ampersand, *equal;
- CGIVariable *var;
-
- if (varTable->numVars == varTable->numAlloc) {
- CGIVariable **newArr = realloc(varTable->variables,
- (varTable->numAlloc + DEFAULT_CGI_VARS)*sizeof(CGIVariable*));
- if (newArr == NULL) {
- return NULL;
- }
- varTable->variables = newArr;
- varTable->numAlloc += DEFAULT_CGI_VARS;
- }
- equal = strchr(form_output, '=');
- if (equal == NULL) {
- return NULL;
- }
- ampersand = strchr(equal, '&');
- if (ampersand == NULL) {
- return NULL;
- }
- equal[0] = '\0';
- if (ampersand != NULL) {
- ampersand[0] = '\0';
- }
- var = malloc(sizeof(CGIVariable));
- var->name = form_output;
- var->value = &equal[1];
- varTable->variables[varTable->numVars] = var;
- varTable->numVars++;
- processVariable(var);
- return (ampersand != NULL) ? &ampersand[1] : NULL;
+ char *ampersand, *equal;
+ CGIVariable *var;
+
+ if (varTable->numVars == varTable->numAlloc) {
+ CGIVariable **newArr = realloc(varTable->variables,
+ (varTable->numAlloc + DEFAULT_CGI_VARS) * sizeof(CGIVariable *));
+ if (newArr == NULL) {
+ return NULL;
+ }
+ varTable->variables = newArr;
+ varTable->numAlloc += DEFAULT_CGI_VARS;
+ }
+ equal = strchr(form_output, '=');
+ if (equal == NULL) {
+ return NULL;
+ }
+ ampersand = strchr(equal, '&');
+ if (ampersand == NULL) {
+ return NULL;
+ }
+ equal[0] = '\0';
+ if (ampersand != NULL) {
+ ampersand[0] = '\0';
+ }
+ var = malloc(sizeof(CGIVariable));
+ var->name = form_output;
+ var->value = &equal[1];
+ varTable->variables[varTable->numVars] = var;
+ varTable->numVars++;
+ processVariable(var);
+ return (ampersand != NULL) ? &ampersand[1] : NULL;
}
void
ParseInputVariables(CGIVarTable *varTable, char *form_output)
{
- varTable->variables = malloc(sizeof(CGIVariable*)*DEFAULT_CGI_VARS);
- varTable->numVars = 0;
- varTable->numAlloc = DEFAULT_CGI_VARS;
- while (form_output && form_output[0] != '\0') {
- form_output = parseNextVariable(varTable, form_output);
- }
+ varTable->variables = malloc(sizeof(CGIVariable *) * DEFAULT_CGI_VARS);
+ varTable->numVars = 0;
+ varTable->numAlloc = DEFAULT_CGI_VARS;
+ while (form_output && form_output[0] != '\0') {
+ form_output = parseNextVariable(varTable, form_output);
+ }
}
const char *
CGITableFindValue(CGIVarTable *varTable, const char *key)
{
- const char *retVal = NULL;
- int i;
-
- for (i=0; i<varTable->numVars; i++) {
- if (strcmp(varTable->variables[i]->name, key) == 0) {
- retVal = varTable->variables[i]->value;
- break;
- }
- }
- return retVal;
+ const char *retVal = NULL;
+ int i;
+
+ for (i = 0; i < varTable->numVars; i++) {
+ if (strcmp(varTable->variables[i]->name, key) == 0) {
+ retVal = varTable->variables[i]->value;
+ break;
+ }
+ }
+ return retVal;
}
-char*
+char *
passwordCallback(PK11SlotInfo *slot, PRBool retry, void *arg)
{
- const char *passwd;
- if (retry) {
- return NULL;
- }
- passwd = CGITableFindValue((CGIVarTable*)arg, "dbPassword");
- if (passwd == NULL) {
- return NULL;
- }
- return PORT_Strdup(passwd);
+ const char *passwd;
+ if (retry) {
+ return NULL;
+ }
+ passwd = CGITableFindValue((CGIVarTable *)arg, "dbPassword");
+ if (passwd == NULL) {
+ return NULL;
+ }
+ return PORT_Strdup(passwd);
}
ErrorCode
initNSS(CGIVarTable *varTable)
{
- const char *nssDir;
- PK11SlotInfo *keySlot;
- SECStatus rv;
-
- nssDir = CGITableFindValue(varTable,"NSSDirectory");
- if (nssDir == NULL) {
- missingVar = "NSSDirectory";
- return REQ_CGI_VAR_NOT_PRESENT;
- }
- rv = NSS_Init(nssDir);
- if (rv != SECSuccess) {
- return NSS_INIT_FAILED;
- }
- PK11_SetPasswordFunc(passwordCallback);
- keySlot = PK11_GetInternalKeySlot();
- rv = PK11_Authenticate(keySlot, PR_FALSE, varTable);
- PK11_FreeSlot(keySlot);
- if (rv != SECSuccess) {
- return AUTH_FAILED;
- }
- return NO_ERROR;
+ const char *nssDir;
+ PK11SlotInfo *keySlot;
+ SECStatus rv;
+
+ nssDir = CGITableFindValue(varTable, "NSSDirectory");
+ if (nssDir == NULL) {
+ missingVar = "NSSDirectory";
+ return REQ_CGI_VAR_NOT_PRESENT;
+ }
+ rv = NSS_Init(nssDir);
+ if (rv != SECSuccess) {
+ return NSS_INIT_FAILED;
+ }
+ PK11_SetPasswordFunc(passwordCallback);
+ keySlot = PK11_GetInternalKeySlot();
+ rv = PK11_Authenticate(keySlot, PR_FALSE, varTable);
+ PK11_FreeSlot(keySlot);
+ if (rv != SECSuccess) {
+ return AUTH_FAILED;
+ }
+ return NO_ERROR;
}
void
dumpErrorMessage(ErrorCode errNum)
{
- spitOutHeaders();
- printf("<html><head><title>Error</title></head><body><h1>Error processing "
- "data</h1> Received the error %d<p>", errNum);
- if (errNum == REQ_CGI_VAR_NOT_PRESENT) {
- printf ("The missing variable is %s.", missingVar);
- }
- printf ("<i>More useful information here in the future.</i></body></html>");
+ spitOutHeaders();
+ printf("<html><head><title>Error</title></head><body><h1>Error processing "
+ "data</h1> Received the error %d<p>",
+ errNum);
+ if (errNum == REQ_CGI_VAR_NOT_PRESENT) {
+ printf("The missing variable is %s.", missingVar);
+ }
+ printf("<i>More useful information here in the future.</i></body></html>");
}
ErrorCode
initOldCertReq(CERTCertificateRequest *oldCertReq,
- CERTName *subject, CERTSubjectPublicKeyInfo *spki)
+ CERTName *subject, CERTSubjectPublicKeyInfo *spki)
{
- PLArenaPool *poolp;
-
- poolp = oldCertReq->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- SEC_ASN1EncodeInteger(poolp, &oldCertReq->version,
- SEC_CERTIFICATE_VERSION_3);
- CERT_CopyName(poolp, &oldCertReq->subject, subject);
- SECKEY_CopySubjectPublicKeyInfo(poolp, &oldCertReq->subjectPublicKeyInfo,
- spki);
- oldCertReq->attributes = NULL;
- return NO_ERROR;
+ PLArenaPool *poolp;
+
+ poolp = oldCertReq->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ SEC_ASN1EncodeInteger(poolp, &oldCertReq->version,
+ SEC_CERTIFICATE_VERSION_3);
+ CERT_CopyName(poolp, &oldCertReq->subject, subject);
+ SECKEY_CopySubjectPublicKeyInfo(poolp, &oldCertReq->subjectPublicKeyInfo,
+ spki);
+ oldCertReq->attributes = NULL;
+ return NO_ERROR;
}
ErrorCode
addExtensions(CERTCertificate *newCert, CRMFCertRequest *certReq)
{
- int numExtensions, i;
- void *extHandle;
- ErrorCode rv = NO_ERROR;
- CRMFCertExtension *ext;
- SECStatus srv;
-
- numExtensions = CRMF_CertRequestGetNumberOfExtensions(certReq);
- if (numExtensions == 0) {
- /* No extensions to add */
- return NO_ERROR;
- }
- extHandle = CERT_StartCertExtensions(newCert);
- if (extHandle == NULL) {
- rv = COULD_NOT_START_EXTENSIONS;
- goto loser;
- }
- for (i=0; i<numExtensions; i++) {
- ext = CRMF_CertRequestGetExtensionAtIndex(certReq, i);
- if (ext == NULL) {
- rv = ERROR_RETRIEVING_EXT_FROM_REQ;
- }
- srv = CERT_AddExtension(extHandle, CRMF_CertExtensionGetOidTag(ext),
- CRMF_CertExtensionGetValue(ext),
- CRMF_CertExtensionGetIsCritical(ext), PR_FALSE);
+ int numExtensions, i;
+ void *extHandle;
+ ErrorCode rv = NO_ERROR;
+ CRMFCertExtension *ext;
+ SECStatus srv;
+
+ numExtensions = CRMF_CertRequestGetNumberOfExtensions(certReq);
+ if (numExtensions == 0) {
+ /* No extensions to add */
+ return NO_ERROR;
+ }
+ extHandle = CERT_StartCertExtensions(newCert);
+ if (extHandle == NULL) {
+ rv = COULD_NOT_START_EXTENSIONS;
+ goto loser;
+ }
+ for (i = 0; i < numExtensions; i++) {
+ ext = CRMF_CertRequestGetExtensionAtIndex(certReq, i);
+ if (ext == NULL) {
+ rv = ERROR_RETRIEVING_EXT_FROM_REQ;
+ }
+ srv = CERT_AddExtension(extHandle, CRMF_CertExtensionGetOidTag(ext),
+ CRMF_CertExtensionGetValue(ext),
+ CRMF_CertExtensionGetIsCritical(ext), PR_FALSE);
+ if (srv != SECSuccess) {
+ rv = ERROR_ADDING_EXT_TO_CERT;
+ }
+ }
+ srv = CERT_FinishExtensions(extHandle);
if (srv != SECSuccess) {
- rv = ERROR_ADDING_EXT_TO_CERT;
- }
- }
- srv = CERT_FinishExtensions(extHandle);
- if (srv != SECSuccess) {
- rv = ERROR_ENDING_EXTENSIONS;
- goto loser;
- }
- return NO_ERROR;
- loser:
- return rv;
+ rv = ERROR_ENDING_EXTENSIONS;
+ goto loser;
+ }
+ return NO_ERROR;
+loser:
+ return rv;
}
void
writeOutItem(const char *filePath, SECItem *der)
{
- PRFileDesc *outfile;
-
- outfile = PR_Open (filePath,
- PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
- PR_Write(outfile, der->data, der->len);
- PR_Close(outfile);
+ PRFileDesc *outfile;
+ outfile = PR_Open(filePath,
+ PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+ 0666);
+ PR_Write(outfile, der->data, der->len);
+ PR_Close(outfile);
}
ErrorCode
-createNewCert(CERTCertificate**issuedCert,CERTCertificateRequest *oldCertReq,
- CRMFCertReqMsg *currReq, CRMFCertRequest *certReq,
- CERTCertificate *issuerCert, CGIVarTable *varTable)
+createNewCert(CERTCertificate **issuedCert, CERTCertificateRequest *oldCertReq,
+ CRMFCertReqMsg *currReq, CRMFCertRequest *certReq,
+ CERTCertificate *issuerCert, CGIVarTable *varTable)
{
- CERTCertificate *newCert = NULL;
- CERTValidity *validity;
- PRExplodedTime printableTime;
- PRTime now, after;
- ErrorCode rv=NO_ERROR;
- SECKEYPrivateKey *issuerPrivKey;
- SECItem derCert = { 0 };
- SECOidTag signTag;
- SECStatus srv;
- long version;
-
- now = PR_Now();
- PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
- printableTime.tm_month += 9;
- after = PR_ImplodeTime(&printableTime);
- validity = CERT_CreateValidity(now, after);
- newCert = *issuedCert =
- CERT_CreateCertificate(rand(), &(issuerCert->subject), validity,
- oldCertReq);
- if (newCert == NULL) {
- rv = ERROR_CREATING_NEW_CERTIFICATE;
- goto loser;
- }
- rv = addExtensions(newCert, certReq);
- if (rv != NO_ERROR) {
- goto loser;
- }
- issuerPrivKey = PK11_FindKeyByAnyCert(issuerCert, varTable);
- if (issuerPrivKey == NULL) {
- rv = COULD_NOT_FIND_ISSUER_PRIVATE_KEY;
- }
- signTag = SEC_GetSignatureAlgorithmOidTag(issuerPrivatekey->keytype,
- SEC_OID_UNKNOWN);
- if (signTag == SEC_OID_UNKNOWN) {
- rv = UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER;
- goto loser;
- }
- srv = SECOID_SetAlgorithmID(newCert->arena, &newCert->signature,
- signTag, 0);
- if (srv != SECSuccess) {
- rv = ERROR_SETTING_SIGN_ALG;
- goto loser;
- }
- srv = CRMF_CertRequestGetCertTemplateVersion(certReq, &version);
- if (srv != SECSuccess) {
- /* No version included in the request */
- *(newCert->version.data) = SEC_CERTIFICATE_VERSION_3;
- } else {
- SECITEM_FreeItem(&newCert->version, PR_FALSE);
- SEC_ASN1EncodeInteger(newCert->arena, &newCert->version, version);
- }
- SEC_ASN1EncodeItem(newCert->arena, &derCert, newCert,
- CERT_CertificateTemplate);
- if (derCert.data == NULL) {
- rv = ERROR_ENCODING_NEW_CERT;
- goto loser;
- }
- srv = SEC_DerSignData(newCert->arena, &(newCert->derCert), derCert.data,
- derCert.len, issuerPrivKey, signTag);
- if (srv != SECSuccess) {
- rv = ERROR_SIGNING_NEW_CERT;
- goto loser;
- }
+ CERTCertificate *newCert = NULL;
+ CERTValidity *validity;
+ PRExplodedTime printableTime;
+ PRTime now, after;
+ ErrorCode rv = NO_ERROR;
+ SECKEYPrivateKey *issuerPrivKey;
+ SECItem derCert = { 0 };
+ SECOidTag signTag;
+ SECStatus srv;
+ long version;
+
+ now = PR_Now();
+ PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
+ printableTime.tm_month += 9;
+ after = PR_ImplodeTime(&printableTime);
+ validity = CERT_CreateValidity(now, after);
+ newCert = *issuedCert =
+ CERT_CreateCertificate(rand(), &(issuerCert->subject), validity,
+ oldCertReq);
+ if (newCert == NULL) {
+ rv = ERROR_CREATING_NEW_CERTIFICATE;
+ goto loser;
+ }
+ rv = addExtensions(newCert, certReq);
+ if (rv != NO_ERROR) {
+ goto loser;
+ }
+ issuerPrivKey = PK11_FindKeyByAnyCert(issuerCert, varTable);
+ if (issuerPrivKey == NULL) {
+ rv = COULD_NOT_FIND_ISSUER_PRIVATE_KEY;
+ }
+ signTag = SEC_GetSignatureAlgorithmOidTag(issuerPrivatekey->keytype,
+ SEC_OID_UNKNOWN);
+ if (signTag == SEC_OID_UNKNOWN) {
+ rv = UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER;
+ goto loser;
+ }
+ srv = SECOID_SetAlgorithmID(newCert->arena, &newCert->signature,
+ signTag, 0);
+ if (srv != SECSuccess) {
+ rv = ERROR_SETTING_SIGN_ALG;
+ goto loser;
+ }
+ srv = CRMF_CertRequestGetCertTemplateVersion(certReq, &version);
+ if (srv != SECSuccess) {
+ /* No version included in the request */
+ *(newCert->version.data) = SEC_CERTIFICATE_VERSION_3;
+ } else {
+ SECITEM_FreeItem(&newCert->version, PR_FALSE);
+ SEC_ASN1EncodeInteger(newCert->arena, &newCert->version, version);
+ }
+ SEC_ASN1EncodeItem(newCert->arena, &derCert, newCert,
+ CERT_CertificateTemplate);
+ if (derCert.data == NULL) {
+ rv = ERROR_ENCODING_NEW_CERT;
+ goto loser;
+ }
+ srv = SEC_DerSignData(newCert->arena, &(newCert->derCert), derCert.data,
+ derCert.len, issuerPrivKey, signTag);
+ if (srv != SECSuccess) {
+ rv = ERROR_SIGNING_NEW_CERT;
+ goto loser;
+ }
#ifdef WRITE_OUT_RESPONSE
- writeOutItem("newcert.der", &newCert->derCert);
+ writeOutItem("newcert.der", &newCert->derCert);
#endif
- return NO_ERROR;
- loser:
- *issuedCert = NULL;
- if (newCert) {
- CERT_DestroyCertificate(newCert);
- }
- return rv;
-
+ return NO_ERROR;
+loser:
+ *issuedCert = NULL;
+ if (newCert) {
+ CERT_DestroyCertificate(newCert);
+ }
+ return rv;
}
void
formatCMMFResponse(char *nickname, char *base64Response)
{
- char *currLine, *nextLine;
-
- printf("var retVal = crypto.importUserCertificates(\"%s\",\n", nickname);
- currLine = base64Response;
- while (1) {
- nextLine = strchr(currLine, '\n');
- if (nextLine == NULL) {
- /* print out the last line here. */
- printf ("\"%s\",\n", currLine);
- break;
- }
- nextLine[0] = '\0';
- printf("\"%s\\n\"+\n", currLine);
- currLine = nextLine+1;
- }
- printf("true);\n"
- "if(retVal == '') {\n"
- "\tdocument.write(\"<h1>New Certificate Successfully Imported.</h1>\");\n"
- "} else {\n"
- "\tdocument.write(\"<h2>Unable to import New Certificate</h2>\");\n"
- "\tdocument.write(\"crypto.importUserCertificates returned <b>\");\n"
- "\tdocument.write(retVal);\n"
- "\tdocument.write(\"</b>\");\n"
- "}\n");
+ char *currLine, *nextLine;
+
+ printf("var retVal = crypto.importUserCertificates(\"%s\",\n", nickname);
+ currLine = base64Response;
+ while (1) {
+ nextLine = strchr(currLine, '\n');
+ if (nextLine == NULL) {
+ /* print out the last line here. */
+ printf("\"%s\",\n", currLine);
+ break;
+ }
+ nextLine[0] = '\0';
+ printf("\"%s\\n\"+\n", currLine);
+ currLine = nextLine + 1;
+ }
+ printf("true);\n"
+ "if(retVal == '') {\n"
+ "\tdocument.write(\"<h1>New Certificate Successfully Imported.</h1>\");\n"
+ "} else {\n"
+ "\tdocument.write(\"<h2>Unable to import New Certificate</h2>\");\n"
+ "\tdocument.write(\"crypto.importUserCertificates returned <b>\");\n"
+ "\tdocument.write(retVal);\n"
+ "\tdocument.write(\"</b>\");\n"
+ "}\n");
}
void
spitOutCMMFResponse(char *nickname, char *base64Response)
{
- spitOutHeaders();
- printf("<html>\n<head>\n<title>CMMF Resonse Page</title>\n</head>\n\n"
- "<body><h1>CMMF Response Page</h1>\n"
- "<script language=\"JavaScript\">\n"
- "<!--\n");
- formatCMMFResponse(nickname, base64Response);
- printf("// -->\n"
- "</script>\n</body>\n</html>");
+ spitOutHeaders();
+ printf("<html>\n<head>\n<title>CMMF Resonse Page</title>\n</head>\n\n"
+ "<body><h1>CMMF Response Page</h1>\n"
+ "<script language=\"JavaScript\">\n"
+ "<!--\n");
+ formatCMMFResponse(nickname, base64Response);
+ printf("// -->\n"
+ "</script>\n</body>\n</html>");
}
-char*
+char *
getNickname(CERTCertificate *cert)
{
- char *nickname;
+ char *nickname;
- if (cert->nickname != NULL) {
- return cert->nickname;
- }
- nickname = CERT_GetCommonName(&cert->subject);
- if (nickname != NULL) {
- return nickname;
- }
- return CERT_NameToAscii(&cert->subject);
+ if (cert->nickname != NULL) {
+ return cert->nickname;
+ }
+ nickname = CERT_GetCommonName(&cert->subject);
+ if (nickname != NULL) {
+ return nickname;
+ }
+ return CERT_NameToAscii(&cert->subject);
}
ErrorCode
-createCMMFResponse(CertResponseInfo *issuedCerts, int numCerts,
- CERTCertificate *issuerCert, char **base64der)
+createCMMFResponse(CertResponseInfo *issuedCerts, int numCerts,
+ CERTCertificate *issuerCert, char **base64der)
{
- CMMFCertRepContent *certRepContent=NULL;
- ErrorCode rv = NO_ERROR;
- CMMFCertResponse **responses, *currResponse;
- CERTCertList *caList;
- int i;
- SECStatus srv;
- PLArenaPool *poolp;
- SECItem *der;
-
- certRepContent = CMMF_CreateCertRepContent();
- if (certRepContent == NULL) {
- rv = ERROR_CREATING_CERT_REP_CONTENT;
- goto loser;
- }
- responses = PORT_NewArray(CMMFCertResponse*, numCerts);
- if (responses == NULL) {
- rv = OUT_OF_MEMORY;
- goto loser;
- }
- for (i=0; i<numCerts;i++) {
- responses[i] = currResponse =
- CMMF_CreateCertResponse(issuedCerts[i].certReqID);
- if (currResponse == NULL) {
- rv = ERROR_CREATING_SINGLE_CERT_RESPONSE;
- goto loser;
- }
- CMMF_CertResponseSetPKIStatusInfoStatus(currResponse, cmmfGranted);
- CMMF_CertResponseSetCertificate(currResponse, issuedCerts[i].cert);
- }
- srv = CMMF_CertRepContentSetCertResponses(certRepContent, responses,
- numCerts);
- if (srv != SECSuccess) {
- rv = ERROR_SETTING_CERT_RESPONSES;
- goto loser;
- }
- caList = CERT_NewCertList();
- if (caList == NULL) {
- rv = ERROR_CREATING_CA_LIST;
- goto loser;
- }
- srv = CERT_AddCertToListTail(caList, issuerCert);
- if (srv != SECSuccess) {
- rv = ERROR_ADDING_ISSUER_TO_CA_LIST;
- goto loser;
- }
- srv = CMMF_CertRepContentSetCAPubs(certRepContent, caList);
- CERT_DestroyCertList(caList);
- poolp = PORT_NewArena(1024);
- der = SEC_ASN1EncodeItem(poolp, NULL, certRepContent,
- CMMFCertRepContentTemplate);
- if (der == NULL) {
- rv = ERROR_ENCODING_CERT_REP_CONTENT;
- goto loser;
- }
+ CMMFCertRepContent *certRepContent = NULL;
+ ErrorCode rv = NO_ERROR;
+ CMMFCertResponse **responses, *currResponse;
+ CERTCertList *caList;
+ int i;
+ SECStatus srv;
+ PLArenaPool *poolp;
+ SECItem *der;
+
+ certRepContent = CMMF_CreateCertRepContent();
+ if (certRepContent == NULL) {
+ rv = ERROR_CREATING_CERT_REP_CONTENT;
+ goto loser;
+ }
+ responses = PORT_NewArray(CMMFCertResponse *, numCerts);
+ if (responses == NULL) {
+ rv = OUT_OF_MEMORY;
+ goto loser;
+ }
+ for (i = 0; i < numCerts; i++) {
+ responses[i] = currResponse =
+ CMMF_CreateCertResponse(issuedCerts[i].certReqID);
+ if (currResponse == NULL) {
+ rv = ERROR_CREATING_SINGLE_CERT_RESPONSE;
+ goto loser;
+ }
+ CMMF_CertResponseSetPKIStatusInfoStatus(currResponse, cmmfGranted);
+ CMMF_CertResponseSetCertificate(currResponse, issuedCerts[i].cert);
+ }
+ srv = CMMF_CertRepContentSetCertResponses(certRepContent, responses,
+ numCerts);
+ if (srv != SECSuccess) {
+ rv = ERROR_SETTING_CERT_RESPONSES;
+ goto loser;
+ }
+ caList = CERT_NewCertList();
+ if (caList == NULL) {
+ rv = ERROR_CREATING_CA_LIST;
+ goto loser;
+ }
+ srv = CERT_AddCertToListTail(caList, issuerCert);
+ if (srv != SECSuccess) {
+ rv = ERROR_ADDING_ISSUER_TO_CA_LIST;
+ goto loser;
+ }
+ srv = CMMF_CertRepContentSetCAPubs(certRepContent, caList);
+ CERT_DestroyCertList(caList);
+ poolp = PORT_NewArena(1024);
+ der = SEC_ASN1EncodeItem(poolp, NULL, certRepContent,
+ CMMFCertRepContentTemplate);
+ if (der == NULL) {
+ rv = ERROR_ENCODING_CERT_REP_CONTENT;
+ goto loser;
+ }
#ifdef WRITE_OUT_RESPONSE
- writeOutItem("CertRepContent.der", der);
+ writeOutItem("CertRepContent.der", der);
#endif
- *base64der = BTOA_DataToAscii(der->data, der->len);
- return NO_ERROR;
- loser:
- return rv;
+ *base64der = BTOA_DataToAscii(der->data, der->len);
+ return NO_ERROR;
+loser:
+ return rv;
}
ErrorCode
-issueCerts(CertResponseInfo *issuedCerts, int numCerts,
- CERTCertificate *issuerCert)
+issueCerts(CertResponseInfo *issuedCerts, int numCerts,
+ CERTCertificate *issuerCert)
{
- ErrorCode rv;
- char *base64Response;
+ ErrorCode rv;
+ char *base64Response;
- rv = createCMMFResponse(issuedCerts, numCerts, issuerCert, &base64Response);
- if (rv != NO_ERROR) {
- goto loser;
- }
- spitOutCMMFResponse(getNickname(issuedCerts[0].cert),base64Response);
- return NO_ERROR;
- loser:
- return rv;
+ rv = createCMMFResponse(issuedCerts, numCerts, issuerCert, &base64Response);
+ if (rv != NO_ERROR) {
+ goto loser;
+ }
+ spitOutCMMFResponse(getNickname(issuedCerts[0].cert), base64Response);
+ return NO_ERROR;
+loser:
+ return rv;
}
ErrorCode
-verifySignature(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
- CRMFCertRequest *certReq, CERTCertificate *newCert)
+verifySignature(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
+ CRMFCertRequest *certReq, CERTCertificate *newCert)
{
- SECStatus srv;
- ErrorCode rv = NO_ERROR;
- CRMFPOPOSigningKey *signKey = NULL;
- SECAlgorithmID *algID = NULL;
- SECItem *signature = NULL;
- SECKEYPublicKey *pubKey = NULL;
- SECItem *reqDER = NULL;
-
- srv = CRMF_CertReqMsgGetPOPOSigningKey(currReq, &signKey);
- if (srv != SECSuccess || signKey == NULL) {
- rv = ERROR_RETRIEVING_POP_SIGN_KEY;
- goto loser;
- }
- algID = CRMF_POPOSigningKeyGetAlgID(signKey);
- if (algID == NULL) {
- rv = ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY;
- goto loser;
- }
- signature = CRMF_POPOSigningKeyGetSignature(signKey);
- if (signature == NULL) {
- rv = ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY;
- goto loser;
- }
- /* Make the length the number of bytes instead of bits */
- signature->len = (signature->len+7)/8;
- pubKey = CERT_ExtractPublicKey(newCert);
- if (pubKey == NULL) {
- rv = ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT;
- goto loser;
- }
- reqDER = SEC_ASN1EncodeItem(NULL, NULL, certReq, CRMFCertRequestTemplate);
- if (reqDER == NULL) {
- rv = ERROR_ENCODING_CERT_REQ_FOR_POP;
- goto loser;
- }
- srv = VFY_VerifyDataWithAlgorithmID(reqDER->data, reqDER->len, pubKey,
- signature, &algID->algorithm, NULL, varTable);
- if (srv != SECSuccess) {
- rv = ERROR_VERIFYING_SIGNATURE_POP;
- goto loser;
- }
- /* Fall thru in successfull case. */
- loser:
- if (pubKey != NULL) {
- SECKEY_DestroyPublicKey(pubKey);
- }
- if (reqDER != NULL) {
- SECITEM_FreeItem(reqDER, PR_TRUE);
- }
- if (signature != NULL) {
- SECITEM_FreeItem(signature, PR_TRUE);
- }
- if (algID != NULL) {
- SECOID_DestroyAlgorithmID(algID, PR_TRUE);
- }
- if (signKey != NULL) {
- CRMF_DestroyPOPOSigningKey(signKey);
- }
- return rv;
+ SECStatus srv;
+ ErrorCode rv = NO_ERROR;
+ CRMFPOPOSigningKey *signKey = NULL;
+ SECAlgorithmID *algID = NULL;
+ SECItem *signature = NULL;
+ SECKEYPublicKey *pubKey = NULL;
+ SECItem *reqDER = NULL;
+
+ srv = CRMF_CertReqMsgGetPOPOSigningKey(currReq, &signKey);
+ if (srv != SECSuccess || signKey == NULL) {
+ rv = ERROR_RETRIEVING_POP_SIGN_KEY;
+ goto loser;
+ }
+ algID = CRMF_POPOSigningKeyGetAlgID(signKey);
+ if (algID == NULL) {
+ rv = ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY;
+ goto loser;
+ }
+ signature = CRMF_POPOSigningKeyGetSignature(signKey);
+ if (signature == NULL) {
+ rv = ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY;
+ goto loser;
+ }
+ /* Make the length the number of bytes instead of bits */
+ signature->len = (signature->len + 7) / 8;
+ pubKey = CERT_ExtractPublicKey(newCert);
+ if (pubKey == NULL) {
+ rv = ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT;
+ goto loser;
+ }
+ reqDER = SEC_ASN1EncodeItem(NULL, NULL, certReq, CRMFCertRequestTemplate);
+ if (reqDER == NULL) {
+ rv = ERROR_ENCODING_CERT_REQ_FOR_POP;
+ goto loser;
+ }
+ srv = VFY_VerifyDataWithAlgorithmID(reqDER->data, reqDER->len, pubKey,
+ signature, &algID->algorithm, NULL, varTable);
+ if (srv != SECSuccess) {
+ rv = ERROR_VERIFYING_SIGNATURE_POP;
+ goto loser;
+ }
+/* Fall thru in successfull case. */
+loser:
+ if (pubKey != NULL) {
+ SECKEY_DestroyPublicKey(pubKey);
+ }
+ if (reqDER != NULL) {
+ SECITEM_FreeItem(reqDER, PR_TRUE);
+ }
+ if (signature != NULL) {
+ SECITEM_FreeItem(signature, PR_TRUE);
+ }
+ if (algID != NULL) {
+ SECOID_DestroyAlgorithmID(algID, PR_TRUE);
+ }
+ if (signKey != NULL) {
+ CRMF_DestroyPOPOSigningKey(signKey);
+ }
+ return rv;
}
ErrorCode
-doChallengeResponse(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
- CRMFCertRequest *certReq, CERTCertificate *newCert,
- ChallengeCreationInfo *challs, int *numChall)
+doChallengeResponse(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
+ CRMFCertRequest *certReq, CERTCertificate *newCert,
+ ChallengeCreationInfo *challs, int *numChall)
{
- CRMFPOPOPrivKey *privKey = NULL;
- CRMFPOPOPrivKeyChoice privKeyChoice;
- SECStatus srv;
- ErrorCode rv = NO_ERROR;
-
- srv = CRMF_CertReqMsgGetPOPKeyEncipherment(currReq, &privKey);
- if (srv != SECSuccess || privKey == NULL) {
- rv = ERROR_GETTING_KEY_ENCIPHERMENT;
- goto loser;
- }
- privKeyChoice = CRMF_POPOPrivKeyGetChoice(privKey);
- CRMF_DestroyPOPOPrivKey(privKey);
- switch (privKeyChoice) {
- case crmfSubsequentMessage:
- challs = &challs[*numChall];
- challs->random = rand();
- challs->pubKey = CERT_ExtractPublicKey(newCert);
- if (challs->pubKey == NULL) {
- rv = ERROR_RETRIEVING_PUB_KEY_FOR_CHALL;
- goto loser;
- }
- (*numChall)++;
- rv = DO_CHALLENGE_RESPONSE;
- break;
- case crmfThisMessage:
- /* There'd better be a PKIArchiveControl in this message */
- if (!CRMF_CertRequestIsControlPresent(certReq,
- crmfPKIArchiveOptionsControl)) {
- rv = ERROR_NO_POP_FOR_PRIVKEY;
- goto loser;
- }
- break;
- default:
- rv = ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE;
- goto loser;
- }
+ CRMFPOPOPrivKey *privKey = NULL;
+ CRMFPOPOPrivKeyChoice privKeyChoice;
+ SECStatus srv;
+ ErrorCode rv = NO_ERROR;
+
+ srv = CRMF_CertReqMsgGetPOPKeyEncipherment(currReq, &privKey);
+ if (srv != SECSuccess || privKey == NULL) {
+ rv = ERROR_GETTING_KEY_ENCIPHERMENT;
+ goto loser;
+ }
+ privKeyChoice = CRMF_POPOPrivKeyGetChoice(privKey);
+ CRMF_DestroyPOPOPrivKey(privKey);
+ switch (privKeyChoice) {
+ case crmfSubsequentMessage:
+ challs = &challs[*numChall];
+ challs->random = rand();
+ challs->pubKey = CERT_ExtractPublicKey(newCert);
+ if (challs->pubKey == NULL) {
+ rv =
+ ERROR_RETRIEVING_PUB_KEY_FOR_CHALL;
+ goto loser;
+ }
+ (*numChall)++;
+ rv = DO_CHALLENGE_RESPONSE;
+ break;
+ case crmfThisMessage:
+ /* There'd better be a PKIArchiveControl in this message */
+ if (!CRMF_CertRequestIsControlPresent(certReq,
+ crmfPKIArchiveOptionsControl)) {
+ rv =
+ ERROR_NO_POP_FOR_PRIVKEY;
+ goto loser;
+ }
+ break;
+ default:
+ rv = ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE;
+ goto loser;
+ }
loser:
- return rv;
+ return rv;
}
ErrorCode
-doProofOfPossession(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
- CRMFCertRequest *certReq, CERTCertificate *newCert,
- ChallengeCreationInfo *challs, int *numChall)
+doProofOfPossession(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
+ CRMFCertRequest *certReq, CERTCertificate *newCert,
+ ChallengeCreationInfo *challs, int *numChall)
{
- CRMFPOPChoice popChoice;
- ErrorCode rv = NO_ERROR;
+ CRMFPOPChoice popChoice;
+ ErrorCode rv = NO_ERROR;
- popChoice = CRMF_CertReqMsgGetPOPType(currReq);
- if (popChoice == crmfNoPOPChoice) {
- rv = NO_POP_FOR_REQUEST;
- goto loser;
- }
- switch (popChoice) {
- case crmfSignature:
- rv = verifySignature(varTable, currReq, certReq, newCert);
- break;
- case crmfKeyEncipherment:
- rv = doChallengeResponse(varTable, currReq, certReq, newCert,
- challs, numChall);
- break;
- case crmfRAVerified:
- case crmfKeyAgreement:
- default:
- rv = UNSUPPORTED_POP;
- goto loser;
- }
- loser:
- return rv;
+ popChoice = CRMF_CertReqMsgGetPOPType(currReq);
+ if (popChoice == crmfNoPOPChoice) {
+ rv = NO_POP_FOR_REQUEST;
+ goto loser;
+ }
+ switch (popChoice) {
+ case crmfSignature:
+ rv = verifySignature(varTable, currReq, certReq, newCert);
+ break;
+ case crmfKeyEncipherment:
+ rv = doChallengeResponse(varTable, currReq, certReq, newCert,
+ challs, numChall);
+ break;
+ case crmfRAVerified:
+ case crmfKeyAgreement:
+ default:
+ rv = UNSUPPORTED_POP;
+ goto loser;
+ }
+loser:
+ return rv;
}
void
convertB64ToJS(char *base64)
{
- int i;
-
- for (i=0; base64[i] != '\0'; i++) {
- if (base64[i] == '\n') {
- printf ("\\n");
- }else {
- printf ("%c", base64[i]);
+ int i;
+
+ for (i = 0; base64[i] != '\0'; i++) {
+ if (base64[i] == '\n') {
+ printf("\\n");
+ } else {
+ printf("%c", base64[i]);
+ }
}
- }
}
void
formatChallenge(char *chall64, char *certRepContentDER,
- ChallengeCreationInfo *challInfo, int numChalls)
+ ChallengeCreationInfo *challInfo, int numChalls)
{
- printf ("function respondToChallenge() {\n"
- " var chalForm = document.chalForm;\n\n"
- " chalForm.CertRepContent.value = '");
- convertB64ToJS(certRepContentDER);
- printf ("';\n"
- " chalForm.ChallResponse.value = crypto.popChallengeResponse('");
- convertB64ToJS(chall64);
- printf("');\n"
- " chalForm.submit();\n"
- "}\n");
-
+ printf("function respondToChallenge() {\n"
+ " var chalForm = document.chalForm;\n\n"
+ " chalForm.CertRepContent.value = '");
+ convertB64ToJS(certRepContentDER);
+ printf("';\n"
+ " chalForm.ChallResponse.value = crypto.popChallengeResponse('");
+ convertB64ToJS(chall64);
+ printf("');\n"
+ " chalForm.submit();\n"
+ "}\n");
}
void
spitOutChallenge(char *chall64, char *certRepContentDER,
- ChallengeCreationInfo *challInfo, int numChalls,
- char *nickname)
+ ChallengeCreationInfo *challInfo, int numChalls,
+ char *nickname)
{
- int i;
-
- spitOutHeaders();
- printf("<html>\n"
- "<head>\n"
- "<title>Challenge Page</title>\n"
- "<script language=\"JavaScript\">\n"
- "<!--\n");
- /* The JavaScript function actually gets defined within
+ int i;
+
+ spitOutHeaders();
+ printf("<html>\n"
+ "<head>\n"
+ "<title>Challenge Page</title>\n"
+ "<script language=\"JavaScript\">\n"
+ "<!--\n");
+ /* The JavaScript function actually gets defined within
* this function call
*/
- formatChallenge(chall64, certRepContentDER, challInfo, numChalls);
- printf("// -->\n"
- "</script>\n"
- "</head>\n"
- "<body onLoad='respondToChallenge()'>\n"
- "<h1>Cartman is now responding to the Challenge "
- "presented by the CGI</h1>\n"
- "<form action='crmfcgi' method='post' name='chalForm'>\n"
- "<input type='hidden' name=CertRepContent value=''>\n"
- "<input type='hidden' name=ChallResponse value=''>\n");
- for (i=0;i<numChalls; i++) {
- printf("<input type='hidden' name='chal%d' value='%d'>\n",
- i+1, challInfo[i].random);
- }
- printf("<input type='hidden' name='nickname' value='%s'>\n", nickname);
- printf("</form>\n</body>\n</html>");
+ formatChallenge(chall64, certRepContentDER, challInfo, numChalls);
+ printf("// -->\n"
+ "</script>\n"
+ "</head>\n"
+ "<body onLoad='respondToChallenge()'>\n"
+ "<h1>Cartman is now responding to the Challenge "
+ "presented by the CGI</h1>\n"
+ "<form action='crmfcgi' method='post' name='chalForm'>\n"
+ "<input type='hidden' name=CertRepContent value=''>\n"
+ "<input type='hidden' name=ChallResponse value=''>\n");
+ for (i = 0; i < numChalls; i++) {
+ printf("<input type='hidden' name='chal%d' value='%d'>\n",
+ i + 1, challInfo[i].random);
+ }
+ printf("<input type='hidden' name='nickname' value='%s'>\n", nickname);
+ printf("</form>\n</body>\n</html>");
}
ErrorCode
-issueChallenge(CertResponseInfo *issuedCerts, int numCerts,
- ChallengeCreationInfo *challInfo, int numChalls,
- CERTCertificate *issuer, CGIVarTable *varTable)
+issueChallenge(CertResponseInfo *issuedCerts, int numCerts,
+ ChallengeCreationInfo *challInfo, int numChalls,
+ CERTCertificate *issuer, CGIVarTable *varTable)
{
- ErrorCode rv = NO_ERROR;
- CMMFPOPODecKeyChallContent *chalContent = NULL;
- int i;
- SECStatus srv;
- PLArenaPool *poolp;
- CERTGeneralName *genName;
- SECItem *challDER = NULL;
- char *chall64, *certRepContentDER;
-
- rv = createCMMFResponse(issuedCerts, numCerts, issuer,
- &certRepContentDER);
- if (rv != NO_ERROR) {
- goto loser;
- }
- chalContent = CMMF_CreatePOPODecKeyChallContent();
- if (chalContent == NULL) {
- rv = ERROR_CREATING_EMPTY_CHAL_CONTENT;
- goto loser;
- }
- poolp = PORT_NewArena(1024);
- if (poolp == NULL) {
- rv = OUT_OF_MEMORY;
- goto loser;
- }
- genName = CERT_GetCertificateNames(issuer, poolp);
- if (genName == NULL) {
- rv = ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER;
- goto loser;
- }
- for (i=0;i<numChalls;i++) {
- srv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent,
- challInfo[i].random,
- genName,
- challInfo[i].pubKey,
- varTable);
- SECKEY_DestroyPublicKey(challInfo[i].pubKey);
- if (srv != SECSuccess) {
- rv = ERROR_SETTING_CHALLENGE;
- goto loser;
- }
- }
- challDER = SEC_ASN1EncodeItem(NULL, NULL, chalContent,
- CMMFPOPODecKeyChallContentTemplate);
- if (challDER == NULL) {
- rv = ERROR_ENCODING_CHALL;
- goto loser;
- }
- chall64 = BTOA_DataToAscii(challDER->data, challDER->len);
- SECITEM_FreeItem(challDER, PR_TRUE);
- if (chall64 == NULL) {
- rv = ERROR_CONVERTING_CHALL_TO_BASE64;
- goto loser;
- }
- spitOutChallenge(chall64, certRepContentDER, challInfo, numChalls,
- getNickname(issuedCerts[0].cert));
- loser:
- return rv;
+ ErrorCode rv = NO_ERROR;
+ CMMFPOPODecKeyChallContent *chalContent = NULL;
+ int i;
+ SECStatus srv;
+ PLArenaPool *poolp;
+ CERTGeneralName *genName;
+ SECItem *challDER = NULL;
+ char *chall64, *certRepContentDER;
+
+ rv = createCMMFResponse(issuedCerts, numCerts, issuer,
+ &certRepContentDER);
+ if (rv != NO_ERROR) {
+ goto loser;
+ }
+ chalContent = CMMF_CreatePOPODecKeyChallContent();
+ if (chalContent == NULL) {
+ rv = ERROR_CREATING_EMPTY_CHAL_CONTENT;
+ goto loser;
+ }
+ poolp = PORT_NewArena(1024);
+ if (poolp == NULL) {
+ rv = OUT_OF_MEMORY;
+ goto loser;
+ }
+ genName = CERT_GetCertificateNames(issuer, poolp);
+ if (genName == NULL) {
+ rv = ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER;
+ goto loser;
+ }
+ for (i = 0; i < numChalls; i++) {
+ srv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent,
+ challInfo[i].random,
+ genName,
+ challInfo[i].pubKey,
+ varTable);
+ SECKEY_DestroyPublicKey(challInfo[i].pubKey);
+ if (srv != SECSuccess) {
+ rv = ERROR_SETTING_CHALLENGE;
+ goto loser;
+ }
+ }
+ challDER = SEC_ASN1EncodeItem(NULL, NULL, chalContent,
+ CMMFPOPODecKeyChallContentTemplate);
+ if (challDER == NULL) {
+ rv = ERROR_ENCODING_CHALL;
+ goto loser;
+ }
+ chall64 = BTOA_DataToAscii(challDER->data, challDER->len);
+ SECITEM_FreeItem(challDER, PR_TRUE);
+ if (chall64 == NULL) {
+ rv = ERROR_CONVERTING_CHALL_TO_BASE64;
+ goto loser;
+ }
+ spitOutChallenge(chall64, certRepContentDER, challInfo, numChalls,
+ getNickname(issuedCerts[0].cert));
+loser:
+ return rv;
}
-
ErrorCode
processRequest(CGIVarTable *varTable)
{
- CERTCertDBHandle *certdb;
- SECKEYKeyDBHandle *keydb;
- CRMFCertReqMessages *certReqs = NULL;
- const char *crmfReq;
- const char *caNickname;
- CERTCertificate *caCert = NULL;
- CertResponseInfo *issuedCerts = NULL;
- CERTSubjectPublicKeyInfo spki = { 0 };
- ErrorCode rv=NO_ERROR;
- PRBool doChallengeResponse = PR_FALSE;
- SECItem der = { 0 };
- SECStatus srv;
- CERTCertificateRequest oldCertReq = { 0 };
- CRMFCertReqMsg **reqMsgs = NULL,*currReq = NULL;
- CRMFCertRequest **reqs = NULL, *certReq = NULL;
- CERTName subject = { 0 };
- int numReqs,i;
- ChallengeCreationInfo *challInfo=NULL;
- int numChalls = 0;
-
- certdb = CERT_GetDefaultCertDB();
- keydb = SECKEY_GetDefaultKeyDB();
- crmfReq = CGITableFindValue(varTable, "CRMFRequest");
- if (crmfReq == NULL) {
- rv = CGI_VAR_MISSING;
- missingVar = "CRMFRequest";
- goto loser;
- }
- caNickname = CGITableFindValue(varTable, "CANickname");
- if (caNickname == NULL) {
- rv = CGI_VAR_MISSING;
- missingVar = "CANickname";
- goto loser;
- }
- caCert = CERT_FindCertByNickname(certdb, caNickname);
- if (caCert == NULL) {
- rv = COULD_NOT_FIND_CA;
- goto loser;
- }
- srv = ATOB_ConvertAsciiToItem(&der, crmfReq);
- if (srv != SECSuccess) {
- rv = BAD_ASCII_FOR_REQ;
- goto loser;
- }
- certReqs = CRMF_CreateCertReqMessagesFromDER(der.data, der.len);
- SECITEM_FreeItem(&der, PR_FALSE);
- if (certReqs == NULL) {
- rv = COULD_NOT_DECODE_REQS;
- goto loser;
- }
- numReqs = CRMF_CertReqMessagesGetNumMessages(certReqs);
- issuedCerts = PORT_ZNewArray(CertResponseInfo, numReqs);
- challInfo = PORT_ZNewArray(ChallengeCreationInfo, numReqs);
- if (issuedCerts == NULL || challInfo == NULL) {
- rv = OUT_OF_MEMORY;
- goto loser;
- }
- reqMsgs = PORT_ZNewArray(CRMFCertReqMsg*, numReqs);
- reqs = PORT_ZNewArray(CRMFCertRequest*, numReqs);
- if (reqMsgs == NULL || reqs == NULL) {
- rv = OUT_OF_MEMORY;
- goto loser;
- }
- for (i=0; i<numReqs; i++) {
- currReq = reqMsgs[i] =
- CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqs, i);
- if (currReq == NULL) {
- rv = ERROR_RETRIEVING_REQUEST_MSG;
- goto loser;
- }
- certReq = reqs[i] = CRMF_CertReqMsgGetCertRequest(currReq);
- if (certReq == NULL) {
- rv = ERROR_RETRIEVING_CERT_REQUEST;
- goto loser;
- }
- srv = CRMF_CertRequestGetCertTemplateSubject(certReq, &subject);
- if (srv != SECSuccess) {
- rv = ERROR_RETRIEVING_SUBJECT_FROM_REQ;
- goto loser;
+ CERTCertDBHandle *certdb;
+ SECKEYKeyDBHandle *keydb;
+ CRMFCertReqMessages *certReqs = NULL;
+ const char *crmfReq;
+ const char *caNickname;
+ CERTCertificate *caCert = NULL;
+ CertResponseInfo *issuedCerts = NULL;
+ CERTSubjectPublicKeyInfo spki = { 0 };
+ ErrorCode rv = NO_ERROR;
+ PRBool doChallengeResponse = PR_FALSE;
+ SECItem der = { 0 };
+ SECStatus srv;
+ CERTCertificateRequest oldCertReq = { 0 };
+ CRMFCertReqMsg **reqMsgs = NULL, *currReq = NULL;
+ CRMFCertRequest **reqs = NULL, *certReq = NULL;
+ CERTName subject = { 0 };
+ int numReqs, i;
+ ChallengeCreationInfo *challInfo = NULL;
+ int numChalls = 0;
+
+ certdb = CERT_GetDefaultCertDB();
+ keydb = SECKEY_GetDefaultKeyDB();
+ crmfReq = CGITableFindValue(varTable, "CRMFRequest");
+ if (crmfReq == NULL) {
+ rv = CGI_VAR_MISSING;
+ missingVar = "CRMFRequest";
+ goto loser;
}
- srv = CRMF_CertRequestGetCertTemplatePublicKey(certReq, &spki);
+ caNickname = CGITableFindValue(varTable, "CANickname");
+ if (caNickname == NULL) {
+ rv = CGI_VAR_MISSING;
+ missingVar = "CANickname";
+ goto loser;
+ }
+ caCert = CERT_FindCertByNickname(certdb, caNickname);
+ if (caCert == NULL) {
+ rv = COULD_NOT_FIND_CA;
+ goto loser;
+ }
+ srv = ATOB_ConvertAsciiToItem(&der, crmfReq);
if (srv != SECSuccess) {
- rv = ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ;
- goto loser;
+ rv = BAD_ASCII_FOR_REQ;
+ goto loser;
}
- rv = initOldCertReq(&oldCertReq, &subject, &spki);
- if (rv != NO_ERROR) {
- goto loser;
+ certReqs = CRMF_CreateCertReqMessagesFromDER(der.data, der.len);
+ SECITEM_FreeItem(&der, PR_FALSE);
+ if (certReqs == NULL) {
+ rv = COULD_NOT_DECODE_REQS;
+ goto loser;
}
- rv = createNewCert(&issuedCerts[i].cert, &oldCertReq, currReq, certReq,
- caCert, varTable);
- if (rv != NO_ERROR) {
- goto loser;
+ numReqs = CRMF_CertReqMessagesGetNumMessages(certReqs);
+ issuedCerts = PORT_ZNewArray(CertResponseInfo, numReqs);
+ challInfo = PORT_ZNewArray(ChallengeCreationInfo, numReqs);
+ if (issuedCerts == NULL || challInfo == NULL) {
+ rv = OUT_OF_MEMORY;
+ goto loser;
}
- rv = doProofOfPossession(varTable, currReq, certReq, issuedCerts[i].cert,
- challInfo, &numChalls);
- if (rv != NO_ERROR) {
- if (rv == DO_CHALLENGE_RESPONSE) {
- doChallengeResponse = PR_TRUE;
- } else {
- goto loser;
- }
- }
- CRMF_CertReqMsgGetID(currReq, &issuedCerts[i].certReqID);
- CRMF_DestroyCertReqMsg(currReq);
- CRMF_DestroyCertRequest(certReq);
- }
- if (doChallengeResponse) {
- rv = issueChallenge(issuedCerts, numReqs, challInfo, numChalls, caCert,
- varTable);
- } else {
- rv = issueCerts(issuedCerts, numReqs, caCert);
- }
- loser:
- if (certReqs != NULL) {
- CRMF_DestroyCertReqMessages(certReqs);
- }
- return rv;
+ reqMsgs = PORT_ZNewArray(CRMFCertReqMsg *, numReqs);
+ reqs = PORT_ZNewArray(CRMFCertRequest *, numReqs);
+ if (reqMsgs == NULL || reqs == NULL) {
+ rv = OUT_OF_MEMORY;
+ goto loser;
+ }
+ for (i = 0; i < numReqs; i++) {
+ currReq = reqMsgs[i] =
+ CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqs, i);
+ if (currReq == NULL) {
+ rv = ERROR_RETRIEVING_REQUEST_MSG;
+ goto loser;
+ }
+ certReq = reqs[i] = CRMF_CertReqMsgGetCertRequest(currReq);
+ if (certReq == NULL) {
+ rv = ERROR_RETRIEVING_CERT_REQUEST;
+ goto loser;
+ }
+ srv = CRMF_CertRequestGetCertTemplateSubject(certReq, &subject);
+ if (srv != SECSuccess) {
+ rv = ERROR_RETRIEVING_SUBJECT_FROM_REQ;
+ goto loser;
+ }
+ srv = CRMF_CertRequestGetCertTemplatePublicKey(certReq, &spki);
+ if (srv != SECSuccess) {
+ rv = ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ;
+ goto loser;
+ }
+ rv = initOldCertReq(&oldCertReq, &subject, &spki);
+ if (rv != NO_ERROR) {
+ goto loser;
+ }
+ rv = createNewCert(&issuedCerts[i].cert, &oldCertReq, currReq, certReq,
+ caCert, varTable);
+ if (rv != NO_ERROR) {
+ goto loser;
+ }
+ rv = doProofOfPossession(varTable, currReq, certReq, issuedCerts[i].cert,
+ challInfo, &numChalls);
+ if (rv != NO_ERROR) {
+ if (rv == DO_CHALLENGE_RESPONSE) {
+ doChallengeResponse = PR_TRUE;
+ } else {
+ goto loser;
+ }
+ }
+ CRMF_CertReqMsgGetID(currReq, &issuedCerts[i].certReqID);
+ CRMF_DestroyCertReqMsg(currReq);
+ CRMF_DestroyCertRequest(certReq);
+ }
+ if (doChallengeResponse) {
+ rv = issueChallenge(issuedCerts, numReqs, challInfo, numChalls, caCert,
+ varTable);
+ } else {
+ rv = issueCerts(issuedCerts, numReqs, caCert);
+ }
+loser:
+ if (certReqs != NULL) {
+ CRMF_DestroyCertReqMessages(certReqs);
+ }
+ return rv;
}
ErrorCode
processChallengeResponse(CGIVarTable *varTable, const char *certRepContent)
{
- SECItem binDER = { 0 };
- SECStatus srv;
- ErrorCode rv = NO_ERROR;
- const char *clientResponse;
- const char *formChalValue;
- const char *nickname;
- CMMFPOPODecKeyRespContent *respContent = NULL;
- int numResponses,i;
- long curResponse, expectedResponse;
- char cgiChalVar[10];
+ SECItem binDER = { 0 };
+ SECStatus srv;
+ ErrorCode rv = NO_ERROR;
+ const char *clientResponse;
+ const char *formChalValue;
+ const char *nickname;
+ CMMFPOPODecKeyRespContent *respContent = NULL;
+ int numResponses, i;
+ long curResponse, expectedResponse;
+ char cgiChalVar[10];
#ifdef WRITE_OUT_RESPONSE
- SECItem certRepBinDER = { 0 };
+ SECItem certRepBinDER = { 0 };
- ATOB_ConvertAsciiToItem(&certRepBinDER, certRepContent);
- writeOutItem("challCertRepContent.der", &certRepBinDER);
- PORT_Free(certRepBinDER.data);
-#endif
- clientResponse = CGITableFindValue(varTable, "ChallResponse");
- if (clientResponse == NULL) {
- rv = REQ_CGI_VAR_NOT_PRESENT;
- missingVar = "ChallResponse";
- goto loser;
- }
- srv = ATOB_ConvertAsciiToItem(&binDER, clientResponse);
- if (srv != SECSuccess) {
- rv = ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN;
- goto loser;
- }
- respContent = CMMF_CreatePOPODecKeyRespContentFromDER(binDER.data,
- binDER.len);
- SECITEM_FreeItem(&binDER, PR_FALSE);
- binDER.data = NULL;
- if (respContent == NULL) {
- rv = ERROR_CREATING_KEY_RESP_FROM_DER;
- goto loser;
- }
- numResponses = CMMF_POPODecKeyRespContentGetNumResponses(respContent);
- for (i=0;i<numResponses;i++){
- srv = CMMF_POPODecKeyRespContentGetResponse(respContent,i,&curResponse);
+ ATOB_ConvertAsciiToItem(&certRepBinDER, certRepContent);
+ writeOutItem("challCertRepContent.der", &certRepBinDER);
+ PORT_Free(certRepBinDER.data);
+#endif
+ clientResponse = CGITableFindValue(varTable, "ChallResponse");
+ if (clientResponse == NULL) {
+ rv = REQ_CGI_VAR_NOT_PRESENT;
+ missingVar = "ChallResponse";
+ goto loser;
+ }
+ srv = ATOB_ConvertAsciiToItem(&binDER, clientResponse);
if (srv != SECSuccess) {
- rv = ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE;
- goto loser;
- }
- sprintf(cgiChalVar, "chal%d", i+1);
- formChalValue = CGITableFindValue(varTable, cgiChalVar);
- if (formChalValue == NULL) {
- rv = REQ_CGI_VAR_NOT_PRESENT;
- missingVar = strdup(cgiChalVar);
- goto loser;
- }
- sscanf(formChalValue, "%ld", &expectedResponse);
- if (expectedResponse != curResponse) {
- rv = ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED;
- goto loser;
- }
- }
- nickname = CGITableFindValue(varTable, "nickname");
- if (nickname == NULL) {
- rv = REQ_CGI_VAR_NOT_PRESENT;
- missingVar = "nickname";
- goto loser;
- }
- spitOutCMMFResponse(nickname, certRepContent);
- loser:
- if (respContent != NULL) {
- CMMF_DestroyPOPODecKeyRespContent(respContent);
- }
- return rv;
+ rv = ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN;
+ goto loser;
+ }
+ respContent = CMMF_CreatePOPODecKeyRespContentFromDER(binDER.data,
+ binDER.len);
+ SECITEM_FreeItem(&binDER, PR_FALSE);
+ binDER.data = NULL;
+ if (respContent == NULL) {
+ rv = ERROR_CREATING_KEY_RESP_FROM_DER;
+ goto loser;
+ }
+ numResponses = CMMF_POPODecKeyRespContentGetNumResponses(respContent);
+ for (i = 0; i < numResponses; i++) {
+ srv = CMMF_POPODecKeyRespContentGetResponse(respContent, i, &curResponse);
+ if (srv != SECSuccess) {
+ rv = ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE;
+ goto loser;
+ }
+ sprintf(cgiChalVar, "chal%d", i + 1);
+ formChalValue = CGITableFindValue(varTable, cgiChalVar);
+ if (formChalValue == NULL) {
+ rv = REQ_CGI_VAR_NOT_PRESENT;
+ missingVar = strdup(cgiChalVar);
+ goto loser;
+ }
+ sscanf(formChalValue, "%ld", &expectedResponse);
+ if (expectedResponse != curResponse) {
+ rv = ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED;
+ goto loser;
+ }
+ }
+ nickname = CGITableFindValue(varTable, "nickname");
+ if (nickname == NULL) {
+ rv = REQ_CGI_VAR_NOT_PRESENT;
+ missingVar = "nickname";
+ goto loser;
+ }
+ spitOutCMMFResponse(nickname, certRepContent);
+loser:
+ if (respContent != NULL) {
+ CMMF_DestroyPOPODecKeyRespContent(respContent);
+ }
+ return rv;
}
int
main()
{
- char *form_output = NULL;
- int form_output_len, form_output_used;
- CGIVarTable varTable = { 0 };
- ErrorCode errNum = 0;
- char *certRepContent;
+ char *form_output = NULL;
+ int form_output_len, form_output_used;
+ CGIVarTable varTable = { 0 };
+ ErrorCode errNum = 0;
+ char *certRepContent;
#ifdef ATTACH_CGI
- /* Put an ifinite loop in here so I can attach to
- * the process after the process is spun off
- */
- { int stupid = 1;
- while (stupid);
- }
+ /* Put an ifinite loop in here so I can attach to
+ * the process after the process is spun off
+ */
+ {
+ int stupid = 1;
+ while (stupid)
+ ;
+ }
#endif
- form_output_used = 0;
- srand(time(NULL));
- while (feof(stdin) == 0) {
- if (form_output == NULL) {
- form_output = PORT_NewArray(char, DEFAULT_ALLOC_SIZE+1);
- form_output_len = DEFAULT_ALLOC_SIZE;
- } else if ((form_output_used + DEFAULT_ALLOC_SIZE) >= form_output_len) {
- form_output_len += DEFAULT_ALLOC_SIZE;
- form_output = PORT_Realloc(form_output, form_output_len+1);
- }
- form_output_used += fread(&form_output[form_output_used], sizeof(char),
- DEFAULT_ALLOC_SIZE, stdin);
- }
- ParseInputVariables(&varTable, form_output);
- certRepContent = CGITableFindValue(&varTable, "CertRepContent");
- if (certRepContent == NULL) {
- errNum = initNSS(&varTable);
- if (errNum != 0) {
- goto loser;
- }
- errNum = processRequest(&varTable);
- } else {
- errNum = processChallengeResponse(&varTable, certRepContent);
- }
- if (errNum != NO_ERROR) {
- goto loser;
- }
- goto done;
+ form_output_used = 0;
+ srand(time(NULL));
+ while (feof(stdin) == 0) {
+ if (form_output == NULL) {
+ form_output = PORT_NewArray(char, DEFAULT_ALLOC_SIZE + 1);
+ form_output_len = DEFAULT_ALLOC_SIZE;
+ } else if ((form_output_used + DEFAULT_ALLOC_SIZE) >= form_output_len) {
+ form_output_len += DEFAULT_ALLOC_SIZE;
+ form_output = PORT_Realloc(form_output, form_output_len + 1);
+ }
+ form_output_used += fread(&form_output[form_output_used], sizeof(char),
+ DEFAULT_ALLOC_SIZE, stdin);
+ }
+ ParseInputVariables(&varTable, form_output);
+ certRepContent = CGITableFindValue(&varTable, "CertRepContent");
+ if (certRepContent == NULL) {
+ errNum = initNSS(&varTable);
+ if (errNum != 0) {
+ goto loser;
+ }
+ errNum = processRequest(&varTable);
+ } else {
+ errNum = processChallengeResponse(&varTable, certRepContent);
+ }
+ if (errNum != NO_ERROR) {
+ goto loser;
+ }
+ goto done;
loser:
- dumpErrorMessage(errNum);
+ dumpErrorMessage(errNum);
done:
- free (form_output);
- return 0;
+ free(form_output);
+ return 0;
}
-
diff --git a/cmd/crmftest/testcrmf.c b/cmd/crmftest/testcrmf.c
index a1343436e..fefa6894d 100644
--- a/cmd/crmftest/testcrmf.c
+++ b/cmd/crmftest/testcrmf.c
@@ -16,25 +16,25 @@
* configdir/CertReqMessages.der
*
* 2. Decode CRMF Request(s) Message.
- * Reads in the file configdir/CertReqMessages.der
- * (either generated by step 1 above, or user supplied).
- * Decodes it. NOTHING MORE. Drops these decoded results on the floor.
- * The CMMF response (below) contains a completely unrelated cert. :-(
+ * Reads in the file configdir/CertReqMessages.der
+ * (either generated by step 1 above, or user supplied).
+ * Decodes it. NOTHING MORE. Drops these decoded results on the floor.
+ * The CMMF response (below) contains a completely unrelated cert. :-(
*
* 3. CMMF "Stuff".
- * a) Generates a CMMF response, containing a single cert chain, as if
- * it was a response to a received CRMF request. But the cert is
- * simply a user cert from the user's local soft token, whose
- * nickname is given in the -p option. The CMMF response has no
- * relationship to the request generated above. The CMMF message
- * is placed in configdir/CertRepContent.der.
+ * a) Generates a CMMF response, containing a single cert chain, as if
+ * it was a response to a received CRMF request. But the cert is
+ * simply a user cert from the user's local soft token, whose
+ * nickname is given in the -p option. The CMMF response has no
+ * relationship to the request generated above. The CMMF message
+ * is placed in configdir/CertRepContent.der.
* b) Decodes the newly generated CMMF response found in file
- * configdir/CertRepContent.der and discards the result. 8-/
+ * configdir/CertRepContent.der and discards the result. 8-/
* c) Generate a CMMF Key Escrow message
- * needs 2 nicknames:
+ * needs 2 nicknames:
* It takes the public and private keys for the cert identified
* by -p nickname, and wraps them with a sym key that is in turn
- * wrapped with the pubkey in the CA cert, whose nickname is
+ * wrapped with the pubkey in the CA cert, whose nickname is
* given with the -s option.
* Store the message in configdir/KeyRecRepContent.der
* d) Decode the CMMF Key Escrow message generated just above.
@@ -42,11 +42,11 @@
* This is just a decoder test. Results are discarded.
*
* 4. Key Recovery
- * This code does not yet compile, and what it was intended to do
- * has not been fully determined.
+ * This code does not yet compile, and what it was intended to do
+ * has not been fully determined.
*
* 5. Challenge/Response.
- * Haven't analyzed this code yet.
+ * Haven't analyzed this code yet.
*
*
*/
@@ -55,9 +55,9 @@
** 1. generates BOTH signing and encryption cert requests, even for DSA keys.
**
** 2. Does not verify the siganture in the "Proof of Posession" in the
-** decoded cert requests. It only checks syntax of the POP.
-** 3. CMMF "Stuff" should be broken up into separate steps, each of
-** which may be optionally selected.
+** decoded cert requests. It only checks syntax of the POP.
+** 3. CMMF "Stuff" should be broken up into separate steps, each of
+** which may be optionally selected.
*/
#include <stdio.h>
@@ -86,42 +86,41 @@
#endif
#define MAX_KEY_LEN 512
-#define PATH_LEN 150
-#define BUFF_SIZE 150
-#define UID_BITS 800
-#define BPB 8
-#define CRMF_FILE "CertReqMessages.der"
+#define PATH_LEN 150
+#define BUFF_SIZE 150
+#define UID_BITS 800
+#define BPB 8
+#define CRMF_FILE "CertReqMessages.der"
PRTime notBefore;
-char *personalCert = NULL;
+char *personalCert = NULL;
char *recoveryEncrypter = NULL;
-char *caCertName = NULL;
+char *caCertName = NULL;
static secuPWData pwdata = { PW_NONE, 0 };
char *configdir;
-PRBool doingDSA = PR_FALSE;
+PRBool doingDSA = PR_FALSE;
CERTCertDBHandle *db;
typedef struct {
SECKEYPrivateKey *privKey;
- SECKEYPublicKey *pubKey;
- CRMFCertRequest *certReq;
- CRMFCertReqMsg *certReqMsg;
+ SECKEYPublicKey *pubKey;
+ CRMFCertRequest *certReq;
+ CRMFCertReqMsg *certReqMsg;
} TESTKeyPair;
-void
+void
debug_test(SECItem *src, char *filePath)
{
PRFileDesc *fileDesc;
- fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
+ fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+ 0666);
if (fileDesc == NULL) {
- printf ("Could not cretae file %s.\n", filePath);
- return;
+ printf("Could not cretae file %s.\n", filePath);
+ return;
}
PR_Write(fileDesc, src->data, src->len);
-
}
SECStatus
@@ -130,44 +129,43 @@ get_serial_number(long *dest)
SECStatus rv;
if (dest == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
rv = PK11_GenerateRandom((unsigned char *)dest, sizeof(long));
if (rv != SECSuccess) {
- /* PK11_GenerateRandom calls PORT_SetError */
- return SECFailure;
+ /* PK11_GenerateRandom calls PORT_SetError */
+ return SECFailure;
}
/* make serial number positive */
if (*dest < 0L)
- *dest = - *dest;
+ *dest = -*dest;
return SECSuccess;
}
PK11RSAGenParams *
-GetRSAParams(void)
+GetRSAParams(void)
{
PK11RSAGenParams *rsaParams;
rsaParams = PORT_ZNew(PK11RSAGenParams);
if (rsaParams == NULL)
- return NULL;
+ return NULL;
rsaParams->keySizeInBits = MAX_KEY_LEN;
rsaParams->pe = 0x10001;
-
+
return rsaParams;
-
}
-PQGParams*
+PQGParams *
GetDSAParams(void)
{
PQGParams *params = NULL;
PQGVerify *vfy = NULL;
- SECStatus rv;
+ SECStatus rv;
rv = PK11_PQG_ParamGen(0, &params, &vfy);
if (rv != SECSuccess) {
@@ -183,52 +181,50 @@ GetDSAParams(void)
CERTSubjectPublicKeyInfo *
GetSubjectPubKeyInfo(TESTKeyPair *pair)
{
- CERTSubjectPublicKeyInfo *spki = NULL;
- SECKEYPrivateKey *privKey = NULL;
- SECKEYPublicKey *pubKey = NULL;
- PK11SlotInfo *keySlot = NULL;
-
+ CERTSubjectPublicKeyInfo *spki = NULL;
+ SECKEYPrivateKey *privKey = NULL;
+ SECKEYPublicKey *pubKey = NULL;
+ PK11SlotInfo *keySlot = NULL;
+
keySlot = PK11_GetInternalKeySlot();
PK11_Authenticate(keySlot, PR_FALSE, &pwdata);
-
if (!doingDSA) {
- PK11RSAGenParams *rsaParams = GetRSAParams();
- if (rsaParams == NULL) {
- PK11_FreeSlot(keySlot);
- return NULL;
- }
- privKey = PK11_GenerateKeyPair(keySlot, CKM_RSA_PKCS_KEY_PAIR_GEN,
- (void*)rsaParams, &pubKey, PR_FALSE,
- PR_FALSE, &pwdata);
+ PK11RSAGenParams *rsaParams = GetRSAParams();
+ if (rsaParams == NULL) {
+ PK11_FreeSlot(keySlot);
+ return NULL;
+ }
+ privKey = PK11_GenerateKeyPair(keySlot, CKM_RSA_PKCS_KEY_PAIR_GEN,
+ (void *)rsaParams, &pubKey, PR_FALSE,
+ PR_FALSE, &pwdata);
} else {
- PQGParams *dsaParams = GetDSAParams();
- if (dsaParams == NULL) {
- PK11_FreeSlot(keySlot);
- return NULL;
- }
- privKey = PK11_GenerateKeyPair(keySlot, CKM_DSA_KEY_PAIR_GEN,
- (void*)dsaParams, &pubKey, PR_FALSE,
- PR_FALSE, &pwdata);
+ PQGParams *dsaParams = GetDSAParams();
+ if (dsaParams == NULL) {
+ PK11_FreeSlot(keySlot);
+ return NULL;
+ }
+ privKey = PK11_GenerateKeyPair(keySlot, CKM_DSA_KEY_PAIR_GEN,
+ (void *)dsaParams, &pubKey, PR_FALSE,
+ PR_FALSE, &pwdata);
}
PK11_FreeSlot(keySlot);
if (privKey == NULL || pubKey == NULL) {
if (pubKey) {
- SECKEY_DestroyPublicKey(pubKey);
- }
- if (privKey) {
- SECKEY_DestroyPrivateKey(privKey);
- }
- return NULL;
+ SECKEY_DestroyPublicKey(pubKey);
+ }
+ if (privKey) {
+ SECKEY_DestroyPrivateKey(privKey);
+ }
+ return NULL;
}
spki = SECKEY_CreateSubjectPublicKeyInfo(pubKey);
pair->privKey = privKey;
- pair->pubKey = pubKey;
+ pair->pubKey = pubKey;
return spki;
}
-
SECStatus
InitPKCS11(void)
{
@@ -236,50 +232,46 @@ InitPKCS11(void)
PK11_SetPasswordFunc(SECU_GetModulePassword);
- keySlot = PK11_GetInternalKeySlot();
-
+ keySlot = PK11_GetInternalKeySlot();
+
if (PK11_NeedUserInit(keySlot) && PK11_NeedLogin(keySlot)) {
if (SECU_ChangePW(keySlot, NULL, NULL) != SECSuccess) {
- printf ("Initializing the PINs failed.\n");
- return SECFailure;
- }
+ printf("Initializing the PINs failed.\n");
+ return SECFailure;
+ }
}
PK11_FreeSlot(keySlot);
return SECSuccess;
}
-
-void
-WriteItOut (void *arg, const char *buf, unsigned long len)
+void
+WriteItOut(void *arg, const char *buf, unsigned long len)
{
- PRFileDesc *fileDesc = (PRFileDesc*)arg;
+ PRFileDesc *fileDesc = (PRFileDesc *)arg;
- PR_Write(fileDesc, (void*)buf, len);
+ PR_Write(fileDesc, (void *)buf, len);
}
-
-
-CRMFCertExtCreationInfo*
+CRMFCertExtCreationInfo *
GetExtensions(void)
{
unsigned char keyUsage[4] = { 0x03, 0x02, 0x07, KU_DIGITAL_SIGNATURE };
- /* What are these magic numbers? */
+ /* What are these magic numbers? */
SECItem data = { 0, NULL, 0 };
- CRMFCertExtension *extension;
+ CRMFCertExtension *extension;
CRMFCertExtCreationInfo *extInfo =
- PORT_ZNew(CRMFCertExtCreationInfo);
+ PORT_ZNew(CRMFCertExtCreationInfo);
data.data = keyUsage;
data.len = sizeof keyUsage;
-
- extension =
- CRMF_CreateCertExtension(SEC_OID_X509_KEY_USAGE, PR_FALSE, &data);
+ extension =
+ CRMF_CreateCertExtension(SEC_OID_X509_KEY_USAGE, PR_FALSE, &data);
if (extension && extInfo) {
- extInfo->numExtensions = 1;
- extInfo->extensions = PORT_ZNewArray(CRMFCertExtension*, 1);
- extInfo->extensions[0] = extension;
+ extInfo->numExtensions = 1;
+ extInfo->extensions = PORT_ZNewArray(CRMFCertExtension *, 1);
+ extInfo->extensions[0] = extension;
}
return extInfo;
}
@@ -288,8 +280,8 @@ void
FreeExtInfo(CRMFCertExtCreationInfo *extInfo)
{
int i;
-
- for (i=0; i<extInfo->numExtensions; i++) {
+
+ for (i = 0; i < extInfo->numExtensions; i++) {
CRMF_DestroyCertExtension(extInfo->extensions[i]);
}
PORT_Free(extInfo->extensions);
@@ -297,54 +289,54 @@ FreeExtInfo(CRMFCertExtCreationInfo *extInfo)
}
int
-InjectCertName( CRMFCertRequest * certReq,
- CRMFCertTemplateField inTemplateField,
- const char * inNameString)
+InjectCertName(CRMFCertRequest *certReq,
+ CRMFCertTemplateField inTemplateField,
+ const char *inNameString)
{
- char * nameStr;
- CERTName * name;
- int irv = 0;
+ char *nameStr;
+ CERTName *name;
+ int irv = 0;
nameStr = PORT_Strdup(inNameString);
- if (!nameStr)
- return 5;
+ if (!nameStr)
+ return 5;
name = CERT_AsciiToName(nameStr);
if (name == NULL) {
- printf ("Could not create CERTName structure from %s.\n", nameStr);
- irv = 5;
- goto finish;
+ printf("Could not create CERTName structure from %s.\n", nameStr);
+ irv = 5;
+ goto finish;
}
- irv = CRMF_CertRequestSetTemplateField(certReq, inTemplateField, (void*)name);
+ irv = CRMF_CertRequestSetTemplateField(certReq, inTemplateField, (void *)name);
if (irv != SECSuccess) {
- printf ("Could not add name to cert template\n");
- irv = 6;
+ printf("Could not add name to cert template\n");
+ irv = 6;
}
finish:
PORT_Free(nameStr);
if (name)
- CERT_DestroyName(name);
+ CERT_DestroyName(name);
return irv;
}
int
CreateCertRequest(TESTKeyPair *pair, long inRequestID)
{
- CERTCertificate * caCert;
+ CERTCertificate *caCert;
CERTSubjectPublicKeyInfo *spki;
- CRMFCertExtCreationInfo * extInfo;
- CRMFCertRequest * certReq;
- CRMFEncryptedKey * encKey;
- CRMFPKIArchiveOptions * pkiArchOpt;
- SECAlgorithmID * algID;
- long serialNumber;
- long version = 3;
- SECStatus rv;
- CRMFValidityCreationInfo validity;
- unsigned char UIDbuf[UID_BITS / BPB];
- SECItem issuerUID = { siBuffer, NULL, 0 };
- SECItem subjectUID = { siBuffer, NULL, 0 };
+ CRMFCertExtCreationInfo *extInfo;
+ CRMFCertRequest *certReq;
+ CRMFEncryptedKey *encKey;
+ CRMFPKIArchiveOptions *pkiArchOpt;
+ SECAlgorithmID *algID;
+ long serialNumber;
+ long version = 3;
+ SECStatus rv;
+ CRMFValidityCreationInfo validity;
+ unsigned char UIDbuf[UID_BITS / BPB];
+ SECItem issuerUID = { siBuffer, NULL, 0 };
+ SECItem subjectUID = { siBuffer, NULL, 0 };
/* len in bits */
issuerUID.data = UIDbuf;
@@ -355,160 +347,160 @@ CreateCertRequest(TESTKeyPair *pair, long inRequestID)
pair->certReq = NULL;
certReq = CRMF_CreateCertRequest(inRequestID);
if (certReq == NULL) {
- printf ("Could not initialize a certificate request.\n");
- return 1;
+ printf("Could not initialize a certificate request.\n");
+ return 1;
}
/* set to version 3 */
- rv = CRMF_CertRequestSetTemplateField(certReq, crmfVersion,
- (void*)(&version));
+ rv = CRMF_CertRequestSetTemplateField(certReq, crmfVersion,
+ (void *)(&version));
if (rv != SECSuccess) {
printf("Could not add the version number to the "
- "Certificate Request.\n");
- CRMF_DestroyCertRequest(certReq);
- return 2;
+ "Certificate Request.\n");
+ CRMF_DestroyCertRequest(certReq);
+ return 2;
}
/* set serial number */
if (get_serial_number(&serialNumber) != SECSuccess) {
- printf ("Could not generate a serial number for cert request.\n");
- CRMF_DestroyCertRequest(certReq);
- return 3;
+ printf("Could not generate a serial number for cert request.\n");
+ CRMF_DestroyCertRequest(certReq);
+ return 3;
}
- rv = CRMF_CertRequestSetTemplateField (certReq, crmfSerialNumber,
- (void*)(&serialNumber));
+ rv = CRMF_CertRequestSetTemplateField(certReq, crmfSerialNumber,
+ (void *)(&serialNumber));
if (rv != SECSuccess) {
- printf ("Could not add serial number to certificate template\n.");
- CRMF_DestroyCertRequest(certReq);
- return 4;
+ printf("Could not add serial number to certificate template\n.");
+ CRMF_DestroyCertRequest(certReq);
+ return 4;
}
/* Set issuer name */
- rv = InjectCertName(certReq, crmfIssuer,
- "CN=mozilla CA Shack,O=Information Systems");
+ rv = InjectCertName(certReq, crmfIssuer,
+ "CN=mozilla CA Shack,O=Information Systems");
if (rv) {
- printf ("Could not add issuer to cert template\n");
- CRMF_DestroyCertRequest(certReq);
- return 5;
+ printf("Could not add issuer to cert template\n");
+ CRMF_DestroyCertRequest(certReq);
+ return 5;
}
/* Set Subject Name */
- rv = InjectCertName(certReq, crmfSubject,
- "CN=mozilla CA Shack ID,O=Engineering,C=US");
+ rv = InjectCertName(certReq, crmfSubject,
+ "CN=mozilla CA Shack ID,O=Engineering,C=US");
if (rv) {
- printf ("Could not add Subject to cert template\n");
- CRMF_DestroyCertRequest(certReq);
- return 5;
+ printf("Could not add Subject to cert template\n");
+ CRMF_DestroyCertRequest(certReq);
+ return 5;
}
/* Set Algorithm ID */
algID = PK11_CreatePBEAlgorithmID(SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
- 1, NULL);
+ 1, NULL);
if (algID == NULL) {
- printf ("Couldn't create algorithm ID\n");
- CRMF_DestroyCertRequest(certReq);
- return 9;
+ printf("Couldn't create algorithm ID\n");
+ CRMF_DestroyCertRequest(certReq);
+ return 9;
}
- rv = CRMF_CertRequestSetTemplateField(certReq, crmfSigningAlg, (void*)algID);
+ rv = CRMF_CertRequestSetTemplateField(certReq, crmfSigningAlg, (void *)algID);
SECOID_DestroyAlgorithmID(algID, PR_TRUE);
if (rv != SECSuccess) {
- printf ("Could not add the signing algorithm to the cert template.\n");
- CRMF_DestroyCertRequest(certReq);
- return 10;
+ printf("Could not add the signing algorithm to the cert template.\n");
+ CRMF_DestroyCertRequest(certReq);
+ return 10;
}
/* Set Validity Dates */
validity.notBefore = &notBefore;
- validity.notAfter = NULL;
+ validity.notAfter = NULL;
notBefore = PR_Now();
- rv = CRMF_CertRequestSetTemplateField(certReq, crmfValidity,(void*)(&validity));
+ rv = CRMF_CertRequestSetTemplateField(certReq, crmfValidity, (void *)(&validity));
if (rv != SECSuccess) {
- printf ("Could not add validity to cert template\n");
- CRMF_DestroyCertRequest(certReq);
- return 11;
+ printf("Could not add validity to cert template\n");
+ CRMF_DestroyCertRequest(certReq);
+ return 11;
}
/* Generate a key pair and Add the spki to the request */
spki = GetSubjectPubKeyInfo(pair);
if (spki == NULL) {
- printf ("Could not create a Subject Public Key Info to add\n");
- CRMF_DestroyCertRequest(certReq);
- return 12;
+ printf("Could not create a Subject Public Key Info to add\n");
+ CRMF_DestroyCertRequest(certReq);
+ return 12;
}
- rv = CRMF_CertRequestSetTemplateField(certReq, crmfPublicKey, (void*)spki);
+ rv = CRMF_CertRequestSetTemplateField(certReq, crmfPublicKey, (void *)spki);
SECKEY_DestroySubjectPublicKeyInfo(spki);
if (rv != SECSuccess) {
- printf ("Could not add the public key to the template\n");
- CRMF_DestroyCertRequest(certReq);
- return 13;
+ printf("Could not add the public key to the template\n");
+ CRMF_DestroyCertRequest(certReq);
+ return 13;
}
-
+
/* Set the requested isser Unique ID */
PK11_GenerateRandom(UIDbuf, sizeof UIDbuf);
- CRMF_CertRequestSetTemplateField(certReq,crmfIssuerUID, (void*)&issuerUID);
+ CRMF_CertRequestSetTemplateField(certReq, crmfIssuerUID, (void *)&issuerUID);
/* Set the requested Subject Unique ID */
PK11_GenerateRandom(UIDbuf, sizeof UIDbuf);
- CRMF_CertRequestSetTemplateField(certReq,crmfSubjectUID, (void*)&subjectUID);
+ CRMF_CertRequestSetTemplateField(certReq, crmfSubjectUID, (void *)&subjectUID);
/* Add extensions - XXX need to understand these magic numbers */
extInfo = GetExtensions();
- CRMF_CertRequestSetTemplateField(certReq, crmfExtension, (void*)extInfo);
+ CRMF_CertRequestSetTemplateField(certReq, crmfExtension, (void *)extInfo);
FreeExtInfo(extInfo);
/* get the recipient CA's cert */
caCert = CERT_FindCertByNickname(db, caCertName);
if (caCert == NULL) {
- printf ("Could not find the certificate for %s\n", caCertName);
+ printf("Could not find the certificate for %s\n", caCertName);
CRMF_DestroyCertRequest(certReq);
- return 50;
+ return 50;
}
encKey = CRMF_CreateEncryptedKeyWithEncryptedValue(pair->privKey, caCert);
CERT_DestroyCertificate(caCert);
if (encKey == NULL) {
- printf ("Could not create Encrypted Key with Encrypted Value.\n");
- return 14;
+ printf("Could not create Encrypted Key with Encrypted Value.\n");
+ return 14;
}
pkiArchOpt = CRMF_CreatePKIArchiveOptions(crmfEncryptedPrivateKey, encKey);
CRMF_DestroyEncryptedKey(encKey);
if (pkiArchOpt == NULL) {
- printf ("Could not create PKIArchiveOptions.\n");
- return 15;
+ printf("Could not create PKIArchiveOptions.\n");
+ return 15;
}
- rv = CRMF_CertRequestSetPKIArchiveOptions(certReq, pkiArchOpt);
+ rv = CRMF_CertRequestSetPKIArchiveOptions(certReq, pkiArchOpt);
CRMF_DestroyPKIArchiveOptions(pkiArchOpt);
if (rv != SECSuccess) {
- printf ("Could not add the PKIArchiveControl to Cert Request.\n");
- return 16;
+ printf("Could not add the PKIArchiveControl to Cert Request.\n");
+ return 16;
}
pair->certReq = certReq;
return 0;
}
-int
+int
Encode(CRMFCertReqMsg *inCertReq1, CRMFCertReqMsg *inCertReq2)
-{
- PRFileDesc *fileDesc;
- SECStatus rv;
- int irv = 0;
+{
+ PRFileDesc *fileDesc;
+ SECStatus rv;
+ int irv = 0;
CRMFCertReqMsg *msgArr[3];
- char filePath[PATH_LEN];
+ char filePath[PATH_LEN];
PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE);
- fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
+ fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+ 0666);
if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- irv = 14;
- goto finish;
+ printf("Could not open file %s\n", filePath);
+ irv = 14;
+ goto finish;
}
msgArr[0] = inCertReq1;
msgArr[1] = inCertReq2;
msgArr[2] = NULL;
- rv = CRMF_EncodeCertReqMessages(msgArr, WriteItOut, (void*)fileDesc);
+ rv = CRMF_EncodeCertReqMessages(msgArr, WriteItOut, (void *)fileDesc);
if (rv != SECSuccess) {
- printf ("An error occurred while encoding.\n");
- irv = 15;
+ printf("An error occurred while encoding.\n");
+ irv = 15;
}
finish:
PR_Close(fileDesc);
@@ -517,107 +509,104 @@ finish:
int
AddProofOfPossession(TESTKeyPair *pair,
- CRMFPOPChoice inPOPChoice)
+ CRMFPOPChoice inPOPChoice)
{
- switch(inPOPChoice){
- case crmfSignature:
- CRMF_CertReqMsgSetSignaturePOP(pair->certReqMsg, pair->privKey,
- pair->pubKey, NULL, NULL, &pwdata);
- break;
- case crmfRAVerified:
- CRMF_CertReqMsgSetRAVerifiedPOP(pair->certReqMsg);
- break;
- case crmfKeyEncipherment:
- CRMF_CertReqMsgSetKeyEnciphermentPOP(pair->certReqMsg,
- crmfSubsequentMessage,
- crmfChallengeResp, NULL);
- break;
- case crmfKeyAgreement:
- {
- SECItem pendejo;
- unsigned char lame[] = { 0xf0, 0x0f, 0xf0, 0x0f, 0xf0 };
-
- pendejo.data = lame;
- pendejo.len = 5;
-
- CRMF_CertReqMsgSetKeyAgreementPOP(pair->certReqMsg, crmfThisMessage,
- crmfNoSubseqMess, &pendejo);
- }
- break;
- default:
- return 1;
+ switch (inPOPChoice) {
+ case crmfSignature:
+ CRMF_CertReqMsgSetSignaturePOP(pair->certReqMsg, pair->privKey,
+ pair->pubKey, NULL, NULL, &pwdata);
+ break;
+ case crmfRAVerified:
+ CRMF_CertReqMsgSetRAVerifiedPOP(pair->certReqMsg);
+ break;
+ case crmfKeyEncipherment:
+ CRMF_CertReqMsgSetKeyEnciphermentPOP(pair->certReqMsg,
+ crmfSubsequentMessage,
+ crmfChallengeResp, NULL);
+ break;
+ case crmfKeyAgreement: {
+ SECItem pendejo;
+ unsigned char lame[] = { 0xf0, 0x0f, 0xf0, 0x0f, 0xf0 };
+
+ pendejo.data = lame;
+ pendejo.len = 5;
+
+ CRMF_CertReqMsgSetKeyAgreementPOP(pair->certReqMsg, crmfThisMessage,
+ crmfNoSubseqMess, &pendejo);
+ } break;
+ default:
+ return 1;
}
return 0;
}
-
int
Decode(void)
{
- PRFileDesc *fileDesc;
- CRMFCertReqMsg *certReqMsg;
- CRMFCertRequest *certReq;
+ PRFileDesc *fileDesc;
+ CRMFCertReqMsg *certReqMsg;
+ CRMFCertRequest *certReq;
CRMFCertReqMessages *certReqMsgs;
- SECStatus rv;
- int numMsgs, i;
- long lame;
- CRMFGetValidity validity = {NULL, NULL};
- SECItem item = { siBuffer, NULL, 0 };
- char filePath[PATH_LEN];
+ SECStatus rv;
+ int numMsgs, i;
+ long lame;
+ CRMFGetValidity validity = { NULL, NULL };
+ SECItem item = { siBuffer, NULL, 0 };
+ char filePath[PATH_LEN];
PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE);
fileDesc = PR_Open(filePath, PR_RDONLY, 0644);
if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- return 214;
+ printf("Could not open file %s\n", filePath);
+ return 214;
}
rv = SECU_FileToItem(&item, fileDesc);
PR_Close(fileDesc);
if (rv != SECSuccess) {
- return 215;
+ return 215;
}
certReqMsgs = CRMF_CreateCertReqMessagesFromDER((char *)item.data, item.len);
if (certReqMsgs == NULL) {
- printf ("Error decoding CertReqMessages.\n");
- return 202;
+ printf("Error decoding CertReqMessages.\n");
+ return 202;
}
numMsgs = CRMF_CertReqMessagesGetNumMessages(certReqMsgs);
if (numMsgs <= 0) {
- printf ("WARNING: The DER contained %d messages.\n", numMsgs);
+ printf("WARNING: The DER contained %d messages.\n", numMsgs);
}
- for (i=0; i < numMsgs; i++) {
- SECStatus rv;
- printf("crmftest: Processing cert request %d\n", i);
+ for (i = 0; i < numMsgs; i++) {
+ SECStatus rv;
+ printf("crmftest: Processing cert request %d\n", i);
certReqMsg = CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqMsgs, i);
- if (certReqMsg == NULL) {
- printf ("ERROR: Could not access the message at index %d of %s\n",
- i, filePath);
- }
- rv = CRMF_CertReqMsgGetID(certReqMsg, &lame);
- if (rv) {
- SECU_PrintError("crmftest", "CRMF_CertReqMsgGetID");
- }
- certReq = CRMF_CertReqMsgGetCertRequest(certReqMsg);
- if (!certReq) {
- SECU_PrintError("crmftest", "CRMF_CertReqMsgGetCertRequest");
- }
- rv = CRMF_CertRequestGetCertTemplateValidity(certReq, &validity);
- if (rv) {
- SECU_PrintError("crmftest", "CRMF_CertRequestGetCertTemplateValidity");
- }
- if (!validity.notBefore) {
- /* We encoded a notBefore, so somthing's wrong if it's not here. */
- printf("ERROR: Validity period notBefore date missing.\n");
- }
- /* XXX It's all parsed now. We probably should DO SOMETHING with it.
- ** But nope. We just throw it all away.
- ** Maybe this was intended to be no more than a decoder test.
- */
- CRMF_DestroyGetValidity(&validity);
- CRMF_DestroyCertRequest(certReq);
- CRMF_DestroyCertReqMsg(certReqMsg);
+ if (certReqMsg == NULL) {
+ printf("ERROR: Could not access the message at index %d of %s\n",
+ i, filePath);
+ }
+ rv = CRMF_CertReqMsgGetID(certReqMsg, &lame);
+ if (rv) {
+ SECU_PrintError("crmftest", "CRMF_CertReqMsgGetID");
+ }
+ certReq = CRMF_CertReqMsgGetCertRequest(certReqMsg);
+ if (!certReq) {
+ SECU_PrintError("crmftest", "CRMF_CertReqMsgGetCertRequest");
+ }
+ rv = CRMF_CertRequestGetCertTemplateValidity(certReq, &validity);
+ if (rv) {
+ SECU_PrintError("crmftest", "CRMF_CertRequestGetCertTemplateValidity");
+ }
+ if (!validity.notBefore) {
+ /* We encoded a notBefore, so somthing's wrong if it's not here. */
+ printf("ERROR: Validity period notBefore date missing.\n");
+ }
+ /* XXX It's all parsed now. We probably should DO SOMETHING with it.
+ ** But nope. We just throw it all away.
+ ** Maybe this was intended to be no more than a decoder test.
+ */
+ CRMF_DestroyGetValidity(&validity);
+ CRMF_DestroyCertRequest(certReq);
+ CRMF_DestroyCertReqMsg(certReqMsg);
}
CRMF_DestroyCertReqMessages(certReqMsgs);
SECITEM_FreeItem(&item, PR_FALSE);
@@ -628,61 +617,61 @@ int
GetBitsFromFile(const char *filePath, SECItem *item)
{
PRFileDesc *fileDesc;
- SECStatus rv;
+ SECStatus rv;
fileDesc = PR_Open(filePath, PR_RDONLY, 0644);
if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- return 14;
+ printf("Could not open file %s\n", filePath);
+ return 14;
}
rv = SECU_FileToItem(item, fileDesc);
PR_Close(fileDesc);
if (rv != SECSuccess) {
- item->data = NULL;
- item->len = 0;
- return 15;
+ item->data = NULL;
+ item->len = 0;
+ return 15;
}
return 0;
-}
+}
int
DecodeCMMFCertRepContent(char *derFile)
{
CMMFCertRepContent *certRepContent;
- int irv = 0;
- SECItem fileBits = { siBuffer, NULL, 0 };
+ int irv = 0;
+ SECItem fileBits = { siBuffer, NULL, 0 };
GetBitsFromFile(derFile, &fileBits);
if (fileBits.data == NULL) {
printf("Could not get bits from file %s\n", derFile);
return 304;
}
- certRepContent = CMMF_CreateCertRepContentFromDER(db,
- (char*)fileBits.data, fileBits.len);
+ certRepContent = CMMF_CreateCertRepContentFromDER(db,
+ (char *)fileBits.data, fileBits.len);
if (certRepContent == NULL) {
- printf ("Error while decoding %s\n", derFile);
- irv = 303;
+ printf("Error while decoding %s\n", derFile);
+ irv = 303;
} else {
- /* That was fun. Now, let's throw it away! */
- CMMF_DestroyCertRepContent(certRepContent);
+ /* That was fun. Now, let's throw it away! */
+ CMMF_DestroyCertRepContent(certRepContent);
}
SECITEM_FreeItem(&fileBits, PR_FALSE);
return irv;
}
int
-EncodeCMMFCertReply(const char *filePath,
- CERTCertificate *cert,
- CERTCertList *list)
+EncodeCMMFCertReply(const char *filePath,
+ CERTCertificate *cert,
+ CERTCertList *list)
{
- int rv = 0;
- SECStatus srv;
- PRFileDesc *fileDesc = NULL;
- CMMFCertRepContent *certRepContent = NULL;
- CMMFCertResponse *certResp = NULL;
- CMMFCertResponse *certResponses[3];
+ int rv = 0;
+ SECStatus srv;
+ PRFileDesc *fileDesc = NULL;
+ CMMFCertRepContent *certRepContent = NULL;
+ CMMFCertResponse *certResp = NULL;
+ CMMFCertResponse *certResponses[3];
certResp = CMMF_CreateCertResponse(0xff123);
CMMF_CertResponseSetPKIStatusInfoStatus(certResp, cmmfGranted);
@@ -698,20 +687,20 @@ EncodeCMMFCertReply(const char *filePath,
CMMF_CertRepContentSetCAPubs(certRepContent, list);
- fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
+ fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+ 0666);
if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- rv = 400;
- goto finish;
+ printf("Could not open file %s\n", filePath);
+ rv = 400;
+ goto finish;
}
-
- srv = CMMF_EncodeCertRepContent(certRepContent, WriteItOut,
- (void*)fileDesc);
+
+ srv = CMMF_EncodeCertRepContent(certRepContent, WriteItOut,
+ (void *)fileDesc);
PR_Close(fileDesc);
if (srv != SECSuccess) {
- printf ("CMMF_EncodeCertRepContent failed,\n");
- rv = 401;
+ printf("CMMF_EncodeCertRepContent failed,\n");
+ rv = 401;
}
finish:
if (certRepContent) {
@@ -723,26 +712,26 @@ finish:
return rv;
}
-
/* Extract the public key from the cert whose nickname is given. */
int
-extractPubKeyFromNamedCert(const char * nickname, SECKEYPublicKey **pPubKey)
+extractPubKeyFromNamedCert(const char *nickname, SECKEYPublicKey **pPubKey)
{
- CERTCertificate *caCert = NULL;
- SECKEYPublicKey *caPubKey = NULL;
- int rv = 0;
+ CERTCertificate *caCert = NULL;
+ SECKEYPublicKey *caPubKey = NULL;
+ int rv = 0;
caCert = CERT_FindCertByNickname(db, (char *)nickname);
if (caCert == NULL) {
- printf ("Could not get the certifcate for %s\n", caCertName);
- rv = 411;
- goto finish;
+ printf("Could not get the certifcate for %s\n", caCertName);
+ rv = 411;
+ goto finish;
}
caPubKey = CERT_ExtractPublicKey(caCert);
if (caPubKey == NULL) {
- printf ("Could not extract the public from the "
- "certificate for \n%s\n", caCertName);
- rv = 412;
+ printf("Could not extract the public from the "
+ "certificate for \n%s\n",
+ caCertName);
+ rv = 412;
}
finish:
*pPubKey = caPubKey;
@@ -752,111 +741,113 @@ finish:
}
int
-EncodeCMMFRecoveryMessage(const char * filePath,
- CERTCertificate *cert,
- CERTCertList *list)
+EncodeCMMFRecoveryMessage(const char *filePath,
+ CERTCertificate *cert,
+ CERTCertList *list)
{
- SECKEYPublicKey *caPubKey = NULL;
- SECKEYPrivateKey *privKey = NULL;
- CMMFKeyRecRepContent *repContent = NULL;
- PRFileDesc *fileDesc;
- int rv = 0;
- SECStatus srv;
+ SECKEYPublicKey *caPubKey = NULL;
+ SECKEYPrivateKey *privKey = NULL;
+ CMMFKeyRecRepContent *repContent = NULL;
+ PRFileDesc *fileDesc;
+ int rv = 0;
+ SECStatus srv;
/* Extract the public key from the cert whose nickname is given in
** the -s option.
*/
- rv = extractPubKeyFromNamedCert( caCertName, &caPubKey);
- if (rv)
- goto finish;
+ rv = extractPubKeyFromNamedCert(caCertName, &caPubKey);
+ if (rv)
+ goto finish;
repContent = CMMF_CreateKeyRecRepContent();
if (repContent == NULL) {
- printf ("Could not allocate a CMMFKeyRecRepContent structure\n");
- rv = 407;
- goto finish;
+ printf("Could not allocate a CMMFKeyRecRepContent structure\n");
+ rv = 407;
+ goto finish;
}
- srv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(repContent,
- cmmfGrantedWithMods);
+ srv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(repContent,
+ cmmfGrantedWithMods);
if (srv != SECSuccess) {
- printf ("Error trying to set PKIStatusInfo for "
- "CMMFKeyRecRepContent.\n");
- rv = 406;
- goto finish;
+ printf("Error trying to set PKIStatusInfo for "
+ "CMMFKeyRecRepContent.\n");
+ rv = 406;
+ goto finish;
}
srv = CMMF_KeyRecRepContentSetNewSignCert(repContent, cert);
if (srv != SECSuccess) {
- printf ("Error trying to set the new signing certificate for "
- "key recovery\n");
- rv = 408;
- goto finish;
+ printf("Error trying to set the new signing certificate for "
+ "key recovery\n");
+ rv = 408;
+ goto finish;
}
srv = CMMF_KeyRecRepContentSetCACerts(repContent, list);
if (srv != SECSuccess) {
- printf ("Errory trying to add the list of CA certs to the "
- "CMMFKeyRecRepContent structure.\n");
- rv = 409;
- goto finish;
+ printf("Errory trying to add the list of CA certs to the "
+ "CMMFKeyRecRepContent structure.\n");
+ rv = 409;
+ goto finish;
}
privKey = PK11_FindKeyByAnyCert(cert, &pwdata);
if (privKey == NULL) {
- printf ("Could not get the private key associated with the\n"
- "certificate %s\n", personalCert);
- rv = 410;
- goto finish;
+ printf("Could not get the private key associated with the\n"
+ "certificate %s\n",
+ personalCert);
+ rv = 410;
+ goto finish;
}
srv = CMMF_KeyRecRepContentSetCertifiedKeyPair(repContent, cert, privKey,
- caPubKey);
+ caPubKey);
if (srv != SECSuccess) {
- printf ("Could not set the Certified Key Pair\n");
- rv = 413;
- goto finish;
+ printf("Could not set the Certified Key Pair\n");
+ rv = 413;
+ goto finish;
}
- fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
+ fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+ 0666);
if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- rv = 414;
- goto finish;
+ printf("Could not open file %s\n", filePath);
+ rv = 414;
+ goto finish;
}
-
- srv = CMMF_EncodeKeyRecRepContent(repContent, WriteItOut,
- (void*)fileDesc);
+
+ srv = CMMF_EncodeKeyRecRepContent(repContent, WriteItOut,
+ (void *)fileDesc);
PR_Close(fileDesc);
if (srv != SECSuccess) {
- printf ("CMMF_EncodeKeyRecRepContent failed\n");
- rv = 415;
+ printf("CMMF_EncodeKeyRecRepContent failed\n");
+ rv = 415;
}
finish:
if (privKey)
- SECKEY_DestroyPrivateKey(privKey);
+ SECKEY_DestroyPrivateKey(privKey);
if (caPubKey)
- SECKEY_DestroyPublicKey(caPubKey);
+ SECKEY_DestroyPublicKey(caPubKey);
if (repContent)
- CMMF_DestroyKeyRecRepContent(repContent);
+ CMMF_DestroyKeyRecRepContent(repContent);
return rv;
}
int
-decodeCMMFRecoveryMessage(const char * filePath)
+decodeCMMFRecoveryMessage(const char *filePath)
{
- CMMFKeyRecRepContent *repContent = NULL;
- int rv = 0;
- SECItem fileBits = { siBuffer, NULL, 0 };
+ CMMFKeyRecRepContent *repContent = NULL;
+ int rv = 0;
+ SECItem fileBits = { siBuffer, NULL, 0 };
GetBitsFromFile(filePath, &fileBits);
if (!fileBits.len) {
- rv = 451;
- goto finish;
+ rv = 451;
+ goto finish;
}
- repContent =
- CMMF_CreateKeyRecRepContentFromDER(db, (const char *) fileBits.data,
- fileBits.len);
+ repContent =
+ CMMF_CreateKeyRecRepContentFromDER(db, (const char *)fileBits.data,
+ fileBits.len);
if (repContent == NULL) {
- printf ("ERROR: CMMF_CreateKeyRecRepContentFromDER failed on file:\n"
- "\t%s\n", filePath);
- rv = 452;
+ printf("ERROR: CMMF_CreateKeyRecRepContentFromDER failed on file:\n"
+ "\t%s\n",
+ filePath);
+ rv = 452;
}
finish:
if (repContent) {
@@ -869,10 +860,10 @@ finish:
int
DoCMMFStuff(void)
{
- CERTCertificate *cert = NULL;
- CERTCertList *list = NULL;
- int rv = 0;
- char filePath[PATH_LEN];
+ CERTCertificate *cert = NULL;
+ CERTCertList *list = NULL;
+ int rv = 0;
+ char filePath[PATH_LEN];
/* Do common setup for the following steps.
*/
@@ -880,20 +871,20 @@ DoCMMFStuff(void)
cert = CERT_FindCertByNickname(db, personalCert);
if (cert == NULL) {
- printf ("Could not find the certificate for %s\n", personalCert);
+ printf("Could not find the certificate for %s\n", personalCert);
rv = 416;
goto finish;
- }
+ }
list = CERT_GetCertChainFromCert(cert, PR_Now(), certUsageEmailSigner);
if (list == NULL) {
- printf ("Could not find the certificate chain for %s\n", personalCert);
+ printf("Could not find the certificate chain for %s\n", personalCert);
rv = 418;
goto finish;
- }
+ }
/* a) Generate the CMMF response message, using a user cert named
** by -p option, rather than a cert generated from the CRMF
- ** request itself. The CMMF message is placed in
+ ** request itself. The CMMF message is placed in
** configdir/CertRepContent.der.
*/
rv = EncodeCMMFCertReply(filePath, cert, list);
@@ -913,16 +904,16 @@ DoCMMFStuff(void)
/* c) Generate a CMMF Key Excrow message
** It takes the public and private keys for the cert identified
** by -p nickname, and wraps them with a sym key that is in turn
- ** wrapped with the pubkey in the CA cert, whose nickname is
+ ** wrapped with the pubkey in the CA cert, whose nickname is
** given by the -s option.
** Store the message in configdir/KeyRecRepContent.der
*/
- PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir,
- "KeyRecRepContent.der");
+ PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir,
+ "KeyRecRepContent.der");
rv = EncodeCMMFRecoveryMessage(filePath, cert, list);
if (rv)
- goto finish;
+ goto finish;
/* d) Decode the CMMF Key Excrow message generated just above.
** Get it from file configdir/KeyRecRepContent.der
@@ -931,7 +922,7 @@ DoCMMFStuff(void)
rv = decodeCMMFRecoveryMessage(filePath);
- finish:
+finish:
if (cert) {
CERT_DestroyCertificate(cert);
}
@@ -944,146 +935,145 @@ DoCMMFStuff(void)
#define KNOWN_MESSAGE_LENGTH 20 /*160 bits*/
int
-DoKeyRecovery( SECKEYPrivateKey *privKey)
+DoKeyRecovery(SECKEYPrivateKey *privKey)
{
-#ifdef DOING_KEY_RECOVERY /* Doesn't compile yet. */
- SECKEYPublicKey *pubKey;
- PK11SlotInfo *slot;
- unsigned char *ciphertext;
- unsigned char *text_compared;
- SECKEYPrivateKey *unwrappedPrivKey;
- SECKEYPrivateKey *caPrivKey;
+#ifdef DOING_KEY_RECOVERY /* Doesn't compile yet. */
+ SECKEYPublicKey *pubKey;
+ PK11SlotInfo *slot;
+ unsigned char *ciphertext;
+ unsigned char *text_compared;
+ SECKEYPrivateKey *unwrappedPrivKey;
+ SECKEYPrivateKey *caPrivKey;
CMMFKeyRecRepContent *keyRecRep;
CMMFCertifiedKeyPair *certKeyPair;
- CERTCertificate *caCert;
- CERTCertificate *myCert;
- SECKEYPublicKey *caPubKey;
- PRFileDesc *fileDesc;
- CK_ULONG max_bytes_encrypted;
- CK_ULONG bytes_encrypted;
- CK_ULONG bytes_compared;
- CK_ULONG bytes_decrypted;
- CK_RV crv;
- CK_OBJECT_HANDLE id;
- CK_MECHANISM mech = { CKM_INVALID_MECHANISM, NULL, 0};
- SECStatus rv;
- SECItem fileBits;
- SECItem nickname;
- unsigned char plaintext[KNOWN_MESSAGE_LENGTH];
- char filePath[PATH_LEN];
+ CERTCertificate *caCert;
+ CERTCertificate *myCert;
+ SECKEYPublicKey *caPubKey;
+ PRFileDesc *fileDesc;
+ CK_ULONG max_bytes_encrypted;
+ CK_ULONG bytes_encrypted;
+ CK_ULONG bytes_compared;
+ CK_ULONG bytes_decrypted;
+ CK_RV crv;
+ CK_OBJECT_HANDLE id;
+ CK_MECHANISM mech = { CKM_INVALID_MECHANISM, NULL, 0 };
+ SECStatus rv;
+ SECItem fileBits;
+ SECItem nickname;
+ unsigned char plaintext[KNOWN_MESSAGE_LENGTH];
+ char filePath[PATH_LEN];
static const unsigned char known_message[] = { "Known Crypto Message" };
/*caCert = CERT_FindCertByNickname(db, caCertName);*/
myCert = CERT_FindCertByNickname(db, personalCert);
if (myCert == NULL) {
- printf ("Could not find the certificate for %s\n", personalCert);
+ printf("Could not find the certificate for %s\n", personalCert);
return 700;
}
caCert = CERT_FindCertByNickname(db, recoveryEncrypter);
if (caCert == NULL) {
- printf ("Could not find the certificate for %s\n", recoveryEncrypter);
+ printf("Could not find the certificate for %s\n", recoveryEncrypter);
return 701;
}
caPubKey = CERT_ExtractPublicKey(caCert);
- pubKey = SECKEY_ConvertToPublicKey(privKey);
+ pubKey = SECKEY_ConvertToPublicKey(privKey);
max_bytes_encrypted = PK11_GetPrivateModulusLen(privKey);
- slot = PK11_GetBestSlotWithAttributes(mapWrapKeyType(privKey->keyType),
- CKF_ENCRYPT, 0, NULL);
- id = PK11_ImportPublicKey(slot, pubKey, PR_FALSE);
-
- switch(privKey->keyType) {
- case rsaKey:
- mech.mechanism = CKM_RSA_PKCS;
- break;
- case dsaKey:
- mech.mechanism = CKM_DSA;
- break;
- case dhKey:
- mech.mechanism = CKM_DH_PKCS_DERIVE;
- break;
- default:
- printf ("Bad Key type in key recovery.\n");
- return 512;
+ slot = PK11_GetBestSlotWithAttributes(mapWrapKeyType(privKey->keyType),
+ CKF_ENCRYPT, 0, NULL);
+ id = PK11_ImportPublicKey(slot, pubKey, PR_FALSE);
+ switch (privKey->keyType) {
+ case rsaKey:
+ mech.mechanism = CKM_RSA_PKCS;
+ break;
+ case dsaKey:
+ mech.mechanism = CKM_DSA;
+ break;
+ case dhKey:
+ mech.mechanism = CKM_DH_PKCS_DERIVE;
+ break;
+ default:
+ printf("Bad Key type in key recovery.\n");
+ return 512;
}
PK11_EnterSlotMonitor(slot);
crv = PK11_GETTAB(slot)->C_EncryptInit(slot->session, &mech, id);
if (crv != CKR_OK) {
PK11_ExitSlotMonitor(slot);
- PK11_FreeSlot(slot);
- printf ("C_EncryptInit failed in KeyRecovery\n");
- return 500;
+ PK11_FreeSlot(slot);
+ printf("C_EncryptInit failed in KeyRecovery\n");
+ return 500;
}
ciphertext = PORT_NewArray(unsigned char, max_bytes_encrypted);
if (ciphertext == NULL) {
PK11_ExitSlotMonitor(slot);
- PK11_FreeSlot(slot);
- printf ("Could not allocate memory for ciphertext.\n");
- return 501;
+ PK11_FreeSlot(slot);
+ printf("Could not allocate memory for ciphertext.\n");
+ return 501;
}
bytes_encrypted = max_bytes_encrypted;
- crv = PK11_GETTAB(slot)->C_Encrypt(slot->session,
- known_message,
- KNOWN_MESSAGE_LENGTH,
- ciphertext,
- &bytes_encrypted);
+ crv = PK11_GETTAB(slot)->C_Encrypt(slot->session,
+ known_message,
+ KNOWN_MESSAGE_LENGTH,
+ ciphertext,
+ &bytes_encrypted);
PK11_ExitSlotMonitor(slot);
PK11_FreeSlot(slot);
if (crv != CKR_OK) {
- PORT_Free(ciphertext);
- return 502;
+ PORT_Free(ciphertext);
+ return 502;
}
/* Always use the smaller of these two values . . . */
- bytes_compared = ( bytes_encrypted > KNOWN_MESSAGE_LENGTH )
- ? KNOWN_MESSAGE_LENGTH
- : bytes_encrypted;
-
+ bytes_compared = (bytes_encrypted > KNOWN_MESSAGE_LENGTH)
+ ? KNOWN_MESSAGE_LENGTH
+ : bytes_encrypted;
+
/* If there was a failure, the plaintext */
/* goes at the end, therefore . . . */
- text_compared = ( bytes_encrypted > KNOWN_MESSAGE_LENGTH )
- ? (ciphertext + bytes_encrypted -
- KNOWN_MESSAGE_LENGTH )
- : ciphertext;
+ text_compared = (bytes_encrypted > KNOWN_MESSAGE_LENGTH)
+ ? (ciphertext + bytes_encrypted -
+ KNOWN_MESSAGE_LENGTH)
+ : ciphertext;
keyRecRep = CMMF_CreateKeyRecRepContent();
if (keyRecRep == NULL) {
PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- printf ("Could not allocate a CMMFKeyRecRepContent structre.\n");
- return 503;
+ PK11_FreeSlot(slot);
+ CMMF_DestroyKeyRecRepContent(keyRecRep);
+ printf("Could not allocate a CMMFKeyRecRepContent structre.\n");
+ return 503;
}
rv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(keyRecRep,
- cmmfGranted);
+ cmmfGranted);
if (rv != SECSuccess) {
PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- printf ("Could not set the status for the KeyRecRepContent\n");
- return 504;
+ PK11_FreeSlot(slot);
+ CMMF_DestroyKeyRecRepContent(keyRecRep);
+ printf("Could not set the status for the KeyRecRepContent\n");
+ return 504;
}
/* The myCert here should correspond to the certificate corresponding
* to the private key, but for this test any certificate will do.
*/
rv = CMMF_KeyRecRepContentSetCertifiedKeyPair(keyRecRep, myCert,
- privKey, caPubKey);
+ privKey, caPubKey);
if (rv != SECSuccess) {
PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- printf ("Could not set the Certified Key Pair\n");
- return 505;
- }
- PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir,
- "KeyRecRepContent.der");
- fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
+ PK11_FreeSlot(slot);
+ CMMF_DestroyKeyRecRepContent(keyRecRep);
+ printf("Could not set the Certified Key Pair\n");
+ return 505;
+ }
+ PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir,
+ "KeyRecRepContent.der");
+ fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+ 0666);
if (fileDesc == NULL) {
PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- printf ("Could not open file %s\n", filePath);
- return 506;
+ PK11_FreeSlot(slot);
+ CMMF_DestroyKeyRecRepContent(keyRecRep);
+ printf("Could not open file %s\n", filePath);
+ return 506;
}
rv = CMMF_EncodeKeyRecRepContent(keyRecRep, WriteItOut, fileDesc);
CMMF_DestroyKeyRecRepContent(keyRecRep);
@@ -1091,88 +1081,89 @@ DoKeyRecovery( SECKEYPrivateKey *privKey)
if (rv != SECSuccess) {
PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- printf ("Error while encoding CMMFKeyRecRepContent\n");
- return 507;
+ PK11_FreeSlot(slot);
+ printf("Error while encoding CMMFKeyRecRepContent\n");
+ return 507;
}
GetBitsFromFile(filePath, &fileBits);
if (fileBits.data == NULL) {
PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- printf ("Could not get the bits from file %s\n", filePath);
- return 508;
+ PK11_FreeSlot(slot);
+ printf("Could not get the bits from file %s\n", filePath);
+ return 508;
}
- keyRecRep =
- CMMF_CreateKeyRecRepContentFromDER(db,(const char*)fileBits.data,
- fileBits.len);
+ keyRecRep =
+ CMMF_CreateKeyRecRepContentFromDER(db, (const char *)fileBits.data,
+ fileBits.len);
if (keyRecRep == NULL) {
- printf ("Could not decode the KeyRecRepContent in file %s\n",
- filePath);
- PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- return 509;
+ printf("Could not decode the KeyRecRepContent in file %s\n",
+ filePath);
+ PORT_Free(ciphertext);
+ PK11_FreeSlot(slot);
+ return 509;
}
caPrivKey = PK11_FindKeyByAnyCert(caCert, &pwdata);
- if (CMMF_KeyRecRepContentGetPKIStatusInfoStatus(keyRecRep) !=
- cmmfGranted) {
+ if (CMMF_KeyRecRepContentGetPKIStatusInfoStatus(keyRecRep) !=
+ cmmfGranted) {
PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- CMMF_DestroyKeyRecRepContent(keyRecRep);
- printf ("A bad status came back with the "
- "KeyRecRepContent structure\n");
- return 510;
+ PK11_FreeSlot(slot);
+ CMMF_DestroyKeyRecRepContent(keyRecRep);
+ printf("A bad status came back with the "
+ "KeyRecRepContent structure\n");
+ return 510;
}
#define NICKNAME "Key Recovery Test Key"
- nickname.data = (unsigned char*)NICKNAME;
- nickname.len = PORT_Strlen(NICKNAME);
+ nickname.data = (unsigned char *)NICKNAME;
+ nickname.len = PORT_Strlen(NICKNAME);
certKeyPair = CMMF_KeyRecRepContentGetCertKeyAtIndex(keyRecRep, 0);
CMMF_DestroyKeyRecRepContent(keyRecRep);
rv = CMMF_CertifiedKeyPairUnwrapPrivKey(certKeyPair,
- caPrivKey,
- &nickname,
- PK11_GetInternalKeySlot(),
- db,
- &unwrappedPrivKey, &pwdata);
+ caPrivKey,
+ &nickname,
+ PK11_GetInternalKeySlot(),
+ db,
+ &unwrappedPrivKey, &pwdata);
CMMF_DestroyCertifiedKeyPair(certKeyPair);
if (rv != SECSuccess) {
- printf ("Unwrapping the private key failed.\n");
- return 511;
+ printf("Unwrapping the private key failed.\n");
+ return 511;
}
/*Now let's try to decrypt the ciphertext with the "recovered" key*/
PK11_EnterSlotMonitor(slot);
- crv =
- PK11_GETTAB(slot)->C_DecryptInit(unwrappedPrivKey->pkcs11Slot->session,
- &mech,
- unwrappedPrivKey->pkcs11ID);
+ crv =
+ PK11_GETTAB(slot)->C_DecryptInit(unwrappedPrivKey->pkcs11Slot->session,
+ &mech,
+ unwrappedPrivKey->pkcs11ID);
if (crv != CKR_OK) {
PK11_ExitSlotMonitor(slot);
- PORT_Free(ciphertext);
- PK11_FreeSlot(slot);
- printf ("Decrypting with the recovered key failed.\n");
- return 513;
+ PORT_Free(ciphertext);
+ PK11_FreeSlot(slot);
+ printf("Decrypting with the recovered key failed.\n");
+ return 513;
}
bytes_decrypted = KNOWN_MESSAGE_LENGTH;
crv = PK11_GETTAB(slot)->C_Decrypt(unwrappedPrivKey->pkcs11Slot->session,
- ciphertext,
- bytes_encrypted, plaintext,
- &bytes_decrypted);
+ ciphertext,
+ bytes_encrypted, plaintext,
+ &bytes_decrypted);
SECKEY_DestroyPrivateKey(unwrappedPrivKey);
PK11_ExitSlotMonitor(slot);
PORT_Free(ciphertext);
if (crv != CKR_OK) {
PK11_FreeSlot(slot);
- printf ("Decrypting the ciphertext with recovered key failed.\n");
- return 514;
+ printf("Decrypting the ciphertext with recovered key failed.\n");
+ return 514;
}
- if ((bytes_decrypted != KNOWN_MESSAGE_LENGTH) ||
- (PORT_Memcmp(plaintext, known_message, KNOWN_MESSAGE_LENGTH) != 0)) {
+ if ((bytes_decrypted != KNOWN_MESSAGE_LENGTH) ||
+ (PORT_Memcmp(plaintext, known_message, KNOWN_MESSAGE_LENGTH) != 0)) {
PK11_FreeSlot(slot);
- printf ("The recovered plaintext does not equal the known message:\n"
- "\tKnown message: %s\n"
- "\tRecovered plaintext: %s\n", known_message, plaintext);
- return 515;
+ printf("The recovered plaintext does not equal the known message:\n"
+ "\tKnown message: %s\n"
+ "\tRecovered plaintext: %s\n",
+ known_message, plaintext);
+ return 515;
}
#endif
return 0;
@@ -1180,169 +1171,169 @@ DoKeyRecovery( SECKEYPrivateKey *privKey)
int
DoChallengeResponse(SECKEYPrivateKey *privKey,
- SECKEYPublicKey *pubKey)
+ SECKEYPublicKey *pubKey)
{
CMMFPOPODecKeyChallContent *chalContent = NULL;
- CMMFPOPODecKeyRespContent *respContent = NULL;
- CERTCertificate *myCert = NULL;
- CERTGeneralName *myGenName = NULL;
- PLArenaPool *poolp = NULL;
- PRFileDesc *fileDesc;
- SECItem *publicValue;
- SECItem *keyID;
- SECKEYPrivateKey *foundPrivKey;
- long *randomNums;
- int numChallengesFound = 0;
- int numChallengesSet = 1;
- int i;
- long retrieved;
- SECStatus rv;
- SECItem DecKeyChallBits;
- char filePath[PATH_LEN];
+ CMMFPOPODecKeyRespContent *respContent = NULL;
+ CERTCertificate *myCert = NULL;
+ CERTGeneralName *myGenName = NULL;
+ PLArenaPool *poolp = NULL;
+ PRFileDesc *fileDesc;
+ SECItem *publicValue;
+ SECItem *keyID;
+ SECKEYPrivateKey *foundPrivKey;
+ long *randomNums;
+ int numChallengesFound = 0;
+ int numChallengesSet = 1;
+ int i;
+ long retrieved;
+ SECStatus rv;
+ SECItem DecKeyChallBits;
+ char filePath[PATH_LEN];
chalContent = CMMF_CreatePOPODecKeyChallContent();
myCert = CERT_FindCertByNickname(db, personalCert);
if (myCert == NULL) {
- printf ("Could not find the certificate for %s\n", personalCert);
+ printf("Could not find the certificate for %s\n", personalCert);
return 900;
}
poolp = PORT_NewArena(1024);
if (poolp == NULL) {
printf("Could no allocate a new arena in DoChallengeResponse\n");
- return 901;
+ return 901;
}
myGenName = CERT_GetCertificateNames(myCert, poolp);
if (myGenName == NULL) {
- printf ("Could not get the general names for %s certificate\n",
- personalCert);
- return 902;
+ printf("Could not get the general names for %s certificate\n",
+ personalCert);
+ return 902;
}
- randomNums = PORT_ArenaNewArray(poolp,long, numChallengesSet);
- PK11_GenerateRandom((unsigned char *)randomNums,
+ randomNums = PORT_ArenaNewArray(poolp, long, numChallengesSet);
+ PK11_GenerateRandom((unsigned char *)randomNums,
numChallengesSet * sizeof(long));
- for (i=0; i<numChallengesSet; i++) {
- rv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent,
- randomNums[i],
- myGenName,
- pubKey,
- &pwdata);
- if (rv != SECSuccess) {
- printf ("Could not set the challenge in DoChallengeResponse\n");
- return 903;
- }
- }
- PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyChallContent.der",
- configdir);
+ for (i = 0; i < numChallengesSet; i++) {
+ rv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent,
+ randomNums[i],
+ myGenName,
+ pubKey,
+ &pwdata);
+ if (rv != SECSuccess) {
+ printf("Could not set the challenge in DoChallengeResponse\n");
+ return 903;
+ }
+ }
+ PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyChallContent.der",
+ configdir);
fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
+ 0666);
if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- return 904;
+ printf("Could not open file %s\n", filePath);
+ return 904;
}
- rv = CMMF_EncodePOPODecKeyChallContent(chalContent,WriteItOut,
- (void*)fileDesc);
+ rv = CMMF_EncodePOPODecKeyChallContent(chalContent, WriteItOut,
+ (void *)fileDesc);
PR_Close(fileDesc);
CMMF_DestroyPOPODecKeyChallContent(chalContent);
if (rv != SECSuccess) {
- printf ("Could not encode the POPODecKeyChallContent.\n");
- return 905;
+ printf("Could not encode the POPODecKeyChallContent.\n");
+ return 905;
}
GetBitsFromFile(filePath, &DecKeyChallBits);
- chalContent = CMMF_CreatePOPODecKeyChallContentFromDER
- ((const char*)DecKeyChallBits.data, DecKeyChallBits.len);
+ chalContent = CMMF_CreatePOPODecKeyChallContentFromDER((const char *)DecKeyChallBits.data, DecKeyChallBits.len);
SECITEM_FreeItem(&DecKeyChallBits, PR_FALSE);
if (chalContent == NULL) {
- printf ("Could not create the POPODecKeyChallContent from DER\n");
- return 906;
+ printf("Could not create the POPODecKeyChallContent from DER\n");
+ return 906;
}
- numChallengesFound =
- CMMF_POPODecKeyChallContentGetNumChallenges(chalContent);
+ numChallengesFound =
+ CMMF_POPODecKeyChallContentGetNumChallenges(chalContent);
if (numChallengesFound != numChallengesSet) {
- printf ("Number of Challenges Found (%d) does not equal the number "
- "set (%d)\n", numChallengesFound, numChallengesSet);
- return 907;
+ printf("Number of Challenges Found (%d) does not equal the number "
+ "set (%d)\n",
+ numChallengesFound, numChallengesSet);
+ return 907;
}
- for (i=0; i<numChallengesSet; i++) {
+ for (i = 0; i < numChallengesSet; i++) {
publicValue = CMMF_POPODecKeyChallContentGetPublicValue(chalContent, i);
- if (publicValue == NULL) {
- printf("Could not get the public value for challenge at index %d\n",
- i);
- return 908;
- }
- keyID = PK11_MakeIDFromPubKey(publicValue);
- if (keyID == NULL) {
- printf ("Could not make the keyID from the public value\n");
- return 909;
- }
- foundPrivKey = PK11_FindKeyByKeyID(privKey->pkcs11Slot, keyID, &pwdata);
- if (foundPrivKey == NULL) {
- printf ("Could not find the private key corresponding to the public"
- " value.\n");
- return 910;
- }
- rv = CMMF_POPODecKeyChallContDecryptChallenge(chalContent, i,
- foundPrivKey);
- if (rv != SECSuccess) {
- printf ("Could not decrypt the challenge at index %d\n", i);
- return 911;
- }
- rv = CMMF_POPODecKeyChallContentGetRandomNumber(chalContent, i,
- &retrieved);
- if (rv != SECSuccess) {
- printf ("Could not get the random number from the challenge at "
- "index %d\n", i);
- return 912;
- }
- if (retrieved != randomNums[i]) {
- printf ("Retrieved the number (%ld), expected (%ld)\n", retrieved,
- randomNums[i]);
- return 913;
- }
+ if (publicValue == NULL) {
+ printf("Could not get the public value for challenge at index %d\n",
+ i);
+ return 908;
+ }
+ keyID = PK11_MakeIDFromPubKey(publicValue);
+ if (keyID == NULL) {
+ printf("Could not make the keyID from the public value\n");
+ return 909;
+ }
+ foundPrivKey = PK11_FindKeyByKeyID(privKey->pkcs11Slot, keyID, &pwdata);
+ if (foundPrivKey == NULL) {
+ printf("Could not find the private key corresponding to the public"
+ " value.\n");
+ return 910;
+ }
+ rv = CMMF_POPODecKeyChallContDecryptChallenge(chalContent, i,
+ foundPrivKey);
+ if (rv != SECSuccess) {
+ printf("Could not decrypt the challenge at index %d\n", i);
+ return 911;
+ }
+ rv = CMMF_POPODecKeyChallContentGetRandomNumber(chalContent, i,
+ &retrieved);
+ if (rv != SECSuccess) {
+ printf("Could not get the random number from the challenge at "
+ "index %d\n",
+ i);
+ return 912;
+ }
+ if (retrieved != randomNums[i]) {
+ printf("Retrieved the number (%ld), expected (%ld)\n", retrieved,
+ randomNums[i]);
+ return 913;
+ }
}
CMMF_DestroyPOPODecKeyChallContent(chalContent);
- PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyRespContent.der",
- configdir);
+ PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyRespContent.der",
+ configdir);
fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
- 0666);
+ 0666);
if (fileDesc == NULL) {
- printf ("Could not open file %s\n", filePath);
- return 914;
+ printf("Could not open file %s\n", filePath);
+ return 914;
}
rv = CMMF_EncodePOPODecKeyRespContent(randomNums, numChallengesSet,
- WriteItOut, fileDesc);
+ WriteItOut, fileDesc);
PR_Close(fileDesc);
if (rv != 0) {
- printf ("Could not encode the POPODecKeyRespContent\n");
- return 915;
+ printf("Could not encode the POPODecKeyRespContent\n");
+ return 915;
}
GetBitsFromFile(filePath, &DecKeyChallBits);
- respContent =
- CMMF_CreatePOPODecKeyRespContentFromDER((const char*)DecKeyChallBits.data,
- DecKeyChallBits.len);
+ respContent =
+ CMMF_CreatePOPODecKeyRespContentFromDER((const char *)DecKeyChallBits.data,
+ DecKeyChallBits.len);
if (respContent == NULL) {
- printf ("Could not decode the contents of the file %s\n", filePath);
- return 916;
+ printf("Could not decode the contents of the file %s\n", filePath);
+ return 916;
}
- numChallengesFound =
- CMMF_POPODecKeyRespContentGetNumResponses(respContent);
+ numChallengesFound =
+ CMMF_POPODecKeyRespContentGetNumResponses(respContent);
if (numChallengesFound != numChallengesSet) {
- printf ("Number of responses found (%d) does not match the number "
- "of challenges set (%d)\n",
- numChallengesFound, numChallengesSet);
- return 917;
+ printf("Number of responses found (%d) does not match the number "
+ "of challenges set (%d)\n",
+ numChallengesFound, numChallengesSet);
+ return 917;
}
- for (i=0; i<numChallengesSet; i++) {
+ for (i = 0; i < numChallengesSet; i++) {
rv = CMMF_POPODecKeyRespContentGetResponse(respContent, i, &retrieved);
- if (rv != SECSuccess) {
- printf ("Could not retrieve the response at index %d\n", i);
- return 918;
- }
- if (retrieved != randomNums[i]) {
- printf ("Retrieved the number (%ld), expected (%ld)\n", retrieved,
- randomNums[i]);
- return 919;
- }
-
+ if (rv != SECSuccess) {
+ printf("Could not retrieve the response at index %d\n", i);
+ return 918;
+ }
+ if (retrieved != randomNums[i]) {
+ printf("Retrieved the number (%ld), expected (%ld)\n", retrieved,
+ randomNums[i]);
+ return 919;
+ }
}
CMMF_DestroyPOPODecKeyRespContent(respContent);
return 0;
@@ -1351,7 +1342,7 @@ DoChallengeResponse(SECKEYPrivateKey *privKey,
int
MakeCertRequest(TESTKeyPair *pair, CRMFPOPChoice inPOPChoice, long inRequestID)
{
- int irv;
+ int irv;
/* Generate a key pair and a cert request for it. */
irv = CreateCertRequest(pair, inRequestID);
@@ -1361,8 +1352,8 @@ MakeCertRequest(TESTKeyPair *pair, CRMFPOPChoice inPOPChoice, long inRequestID)
pair->certReqMsg = CRMF_CreateCertReqMsg();
if (!pair->certReqMsg) {
- irv = 999;
- goto loser;
+ irv = 999;
+ goto loser;
}
/* copy certReq into certReqMsg */
CRMF_CertReqMsgSetCertRequest(pair->certReqMsg, pair->certReq);
@@ -1374,25 +1365,25 @@ loser:
int
DestroyPairReqAndMsg(TESTKeyPair *pair)
{
- SECStatus rv = SECSuccess;
- int irv = 0;
+ SECStatus rv = SECSuccess;
+ int irv = 0;
if (pair->certReq) {
- rv = CRMF_DestroyCertRequest(pair->certReq);
- pair->certReq = NULL;
- if (rv != SECSuccess) {
- printf ("Error when destroying cert request.\n");
- irv = 100;
- }
+ rv = CRMF_DestroyCertRequest(pair->certReq);
+ pair->certReq = NULL;
+ if (rv != SECSuccess) {
+ printf("Error when destroying cert request.\n");
+ irv = 100;
+ }
}
if (pair->certReqMsg) {
- rv = CRMF_DestroyCertReqMsg(pair->certReqMsg);
- pair->certReqMsg = NULL;
- if (rv != SECSuccess) {
- printf ("Error when destroying cert request msg.\n");
- if (!irv)
- irv = 101;
- }
+ rv = CRMF_DestroyCertReqMsg(pair->certReqMsg);
+ pair->certReqMsg = NULL;
+ if (rv != SECSuccess) {
+ printf("Error when destroying cert request msg.\n");
+ if (!irv)
+ irv = 101;
+ }
}
return irv;
}
@@ -1400,15 +1391,15 @@ DestroyPairReqAndMsg(TESTKeyPair *pair)
int
DestroyPair(TESTKeyPair *pair)
{
- int irv = 0;
+ int irv = 0;
if (pair->pubKey) {
- SECKEY_DestroyPublicKey(pair->pubKey);
- pair->pubKey = NULL;
+ SECKEY_DestroyPublicKey(pair->pubKey);
+ pair->pubKey = NULL;
}
if (pair->privKey) {
- SECKEY_DestroyPrivateKey(pair->privKey);
- pair->privKey = NULL;
+ SECKEY_DestroyPrivateKey(pair->privKey);
+ pair->privKey = NULL;
}
DestroyPairReqAndMsg(pair);
return irv;
@@ -1426,10 +1417,10 @@ DoCRMFRequest(TESTKeyPair *signPair, TESTKeyPair *cryptPair)
}
if (!doingDSA) {
- irv = MakeCertRequest(cryptPair, crmfKeyAgreement, 0x0f050607);
- if (irv != 0 || cryptPair->certReq == NULL) {
- goto loser;
- }
+ irv = MakeCertRequest(cryptPair, crmfKeyAgreement, 0x0f050607);
+ if (irv != 0 || cryptPair->certReq == NULL) {
+ goto loser;
+ }
}
/* encode the cert request messages into a unified request message.
@@ -1439,225 +1430,225 @@ DoCRMFRequest(TESTKeyPair *signPair, TESTKeyPair *cryptPair)
loser:
if (signPair->certReq) {
- tirv = DestroyPairReqAndMsg(signPair);
- if (tirv && !irv)
- irv = tirv;
+ tirv = DestroyPairReqAndMsg(signPair);
+ if (tirv && !irv)
+ irv = tirv;
}
if (cryptPair->certReq) {
- tirv = DestroyPairReqAndMsg(cryptPair);
- if (tirv && !irv)
- irv = tirv;
+ tirv = DestroyPairReqAndMsg(cryptPair);
+ if (tirv && !irv)
+ irv = tirv;
}
return irv;
}
void
-Usage (void)
+Usage(void)
{
- printf ("Usage:\n"
- "\tcrmftest -d [Database Directory] -p [Personal Cert]\n"
- "\t -e [Encrypter] -s [CA Certificate] [-P password]\n\n"
- "\t [crmf] [dsa] [decode] [cmmf] [recover] [challenge]\n"
- "\t [-f password_file]\n"
- "Database Directory\n"
- "\tThis is the directory where the key3.db, cert7.db, and\n"
- "\tsecmod.db files are located. This is also the directory\n"
- "\twhere the program will place CRMF/CMMF der files\n"
- "Personal Cert\n"
- "\tThis is the certificate that already exists in the cert\n"
- "\tdatabase to use while encoding the response. The private\n"
- "\tkey associated with the certificate must also exist in the\n"
- "\tkey database.\n"
- "Encrypter\n"
- "\tThis is the certificate to use when encrypting the the \n"
- "\tkey recovery response. The private key for this cert\n"
- "\tmust also be present in the key database.\n"
- "CA Certificate\n"
- "\tThis is the nickname of the certificate to use as the\n"
- "\tCA when doing all of the encoding.\n");
+ printf("Usage:\n"
+ "\tcrmftest -d [Database Directory] -p [Personal Cert]\n"
+ "\t -e [Encrypter] -s [CA Certificate] [-P password]\n\n"
+ "\t [crmf] [dsa] [decode] [cmmf] [recover] [challenge]\n"
+ "\t [-f password_file]\n"
+ "Database Directory\n"
+ "\tThis is the directory where the key3.db, cert7.db, and\n"
+ "\tsecmod.db files are located. This is also the directory\n"
+ "\twhere the program will place CRMF/CMMF der files\n"
+ "Personal Cert\n"
+ "\tThis is the certificate that already exists in the cert\n"
+ "\tdatabase to use while encoding the response. The private\n"
+ "\tkey associated with the certificate must also exist in the\n"
+ "\tkey database.\n"
+ "Encrypter\n"
+ "\tThis is the certificate to use when encrypting the the \n"
+ "\tkey recovery response. The private key for this cert\n"
+ "\tmust also be present in the key database.\n"
+ "CA Certificate\n"
+ "\tThis is the nickname of the certificate to use as the\n"
+ "\tCA when doing all of the encoding.\n");
}
-#define TEST_MAKE_CRMF_REQ 0x0001
-#define TEST_USE_DSA 0x0002
-#define TEST_DECODE_CRMF_REQ 0x0004
-#define TEST_DO_CMMF_STUFF 0x0008
-#define TEST_KEY_RECOVERY 0x0010
-#define TEST_CHALLENGE_RESPONSE 0x0020
+#define TEST_MAKE_CRMF_REQ 0x0001
+#define TEST_USE_DSA 0x0002
+#define TEST_DECODE_CRMF_REQ 0x0004
+#define TEST_DO_CMMF_STUFF 0x0008
+#define TEST_KEY_RECOVERY 0x0010
+#define TEST_CHALLENGE_RESPONSE 0x0020
SECStatus
-parsePositionalParam(const char * arg, PRUint32 *flags)
+parsePositionalParam(const char *arg, PRUint32 *flags)
{
if (!strcmp(arg, "crmf")) {
- *flags |= TEST_MAKE_CRMF_REQ;
+ *flags |= TEST_MAKE_CRMF_REQ;
} else if (!strcmp(arg, "dsa")) {
- *flags |= TEST_MAKE_CRMF_REQ | TEST_USE_DSA;
- doingDSA = PR_TRUE;
+ *flags |= TEST_MAKE_CRMF_REQ | TEST_USE_DSA;
+ doingDSA = PR_TRUE;
} else if (!strcmp(arg, "decode")) {
- *flags |= TEST_DECODE_CRMF_REQ;
+ *flags |= TEST_DECODE_CRMF_REQ;
} else if (!strcmp(arg, "cmmf")) {
- *flags |= TEST_DO_CMMF_STUFF;
+ *flags |= TEST_DO_CMMF_STUFF;
} else if (!strcmp(arg, "recover")) {
- *flags |= TEST_KEY_RECOVERY;
+ *flags |= TEST_KEY_RECOVERY;
} else if (!strcmp(arg, "challenge")) {
- *flags |= TEST_CHALLENGE_RESPONSE;
+ *flags |= TEST_CHALLENGE_RESPONSE;
} else {
- printf("unknown positional paremeter: %s\n", arg);
- return SECFailure;
+ printf("unknown positional paremeter: %s\n", arg);
+ return SECFailure;
}
return SECSuccess;
}
-/* it's not clear, in some cases, whether the desired key is from
-** the sign pair or the crypt pair, so we're guessing in some places.
+/* it's not clear, in some cases, whether the desired key is from
+** the sign pair or the crypt pair, so we're guessing in some places.
** This define serves to remind us of the places where we're guessing.
*/
#define WHICH_KEY cryptPair
int
-main(int argc, char **argv)
+main(int argc, char **argv)
{
- TESTKeyPair signPair, cryptPair;
- PLOptState *optstate;
- PLOptStatus status;
- char *password = NULL;
- char *pwfile = NULL;
- int irv = 0;
- PRUint32 flags = 0;
- SECStatus rv;
- PRBool nssInit = PR_FALSE;
-
- memset( &signPair, 0, sizeof signPair);
- memset( &cryptPair, 0, sizeof cryptPair);
- printf ("\ncrmftest v1.0\n");
+ TESTKeyPair signPair, cryptPair;
+ PLOptState *optstate;
+ PLOptStatus status;
+ char *password = NULL;
+ char *pwfile = NULL;
+ int irv = 0;
+ PRUint32 flags = 0;
+ SECStatus rv;
+ PRBool nssInit = PR_FALSE;
+
+ memset(&signPair, 0, sizeof signPair);
+ memset(&cryptPair, 0, sizeof cryptPair);
+ printf("\ncrmftest v1.0\n");
optstate = PL_CreateOptState(argc, argv, "d:p:e:s:P:f:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'd':
- configdir = PORT_Strdup(optstate->value);
- rv = NSS_Init(configdir);
- if (rv != SECSuccess) {
- printf ("NSS_Init (-d) failed\n");
- return 101;
- }
- nssInit = PR_TRUE;
- break;
- case 'p':
- personalCert = PORT_Strdup(optstate->value);
- if (personalCert == NULL) {
- printf ("-p failed\n");
- return 603;
- }
- break;
- case 'e':
- recoveryEncrypter = PORT_Strdup(optstate->value);
- if (recoveryEncrypter == NULL) {
- printf ("-e failed\n");
- return 602;
- }
- break;
- case 's':
- caCertName = PORT_Strdup(optstate->value);
- if (caCertName == NULL) {
- printf ("-s failed\n");
- return 604;
- }
- break;
- case 'P':
- password = PORT_Strdup(optstate->value);
- if (password == NULL) {
- printf ("-P failed\n");
- return 606;
- }
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = password;
- break;
- case 'f':
- pwfile = PORT_Strdup(optstate->value);
- if (pwfile == NULL) {
- printf ("-f failed\n");
- return 607;
- }
- pwdata.source = PW_FROMFILE;
- pwdata.data = pwfile;
- break;
- case 0: /* positional parameter */
- rv = parsePositionalParam(optstate->value, &flags);
- if (rv) {
- printf ("bad positional parameter.\n");
- return 605;
- }
- break;
- default:
- Usage();
- return 601;
- }
+ switch (optstate->option) {
+ case 'd':
+ configdir = PORT_Strdup(optstate->value);
+ rv = NSS_Init(configdir);
+ if (rv != SECSuccess) {
+ printf("NSS_Init (-d) failed\n");
+ return 101;
+ }
+ nssInit = PR_TRUE;
+ break;
+ case 'p':
+ personalCert = PORT_Strdup(optstate->value);
+ if (personalCert == NULL) {
+ printf("-p failed\n");
+ return 603;
+ }
+ break;
+ case 'e':
+ recoveryEncrypter = PORT_Strdup(optstate->value);
+ if (recoveryEncrypter == NULL) {
+ printf("-e failed\n");
+ return 602;
+ }
+ break;
+ case 's':
+ caCertName = PORT_Strdup(optstate->value);
+ if (caCertName == NULL) {
+ printf("-s failed\n");
+ return 604;
+ }
+ break;
+ case 'P':
+ password = PORT_Strdup(optstate->value);
+ if (password == NULL) {
+ printf("-P failed\n");
+ return 606;
+ }
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = password;
+ break;
+ case 'f':
+ pwfile = PORT_Strdup(optstate->value);
+ if (pwfile == NULL) {
+ printf("-f failed\n");
+ return 607;
+ }
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = pwfile;
+ break;
+ case 0: /* positional parameter */
+ rv = parsePositionalParam(optstate->value, &flags);
+ if (rv) {
+ printf("bad positional parameter.\n");
+ return 605;
+ }
+ break;
+ default:
+ Usage();
+ return 601;
+ }
}
PL_DestroyOptState(optstate);
if (status == PL_OPT_BAD || !nssInit) {
Usage();
- return 600;
+ return 600;
}
- if (!flags)
- flags = ~ TEST_USE_DSA;
+ if (!flags)
+ flags = ~TEST_USE_DSA;
db = CERT_GetDefaultCertDB();
InitPKCS11();
if (flags & TEST_MAKE_CRMF_REQ) {
- printf("Generating CRMF request\n");
- irv = DoCRMFRequest(&signPair, &cryptPair);
- if (irv)
- goto loser;
+ printf("Generating CRMF request\n");
+ irv = DoCRMFRequest(&signPair, &cryptPair);
+ if (irv)
+ goto loser;
}
if (flags & TEST_DECODE_CRMF_REQ) {
- printf("Decoding CRMF request\n");
- irv = Decode();
- if (irv != 0) {
- printf("Error while decoding\n");
- goto loser;
- }
+ printf("Decoding CRMF request\n");
+ irv = Decode();
+ if (irv != 0) {
+ printf("Error while decoding\n");
+ goto loser;
+ }
}
if (flags & TEST_DO_CMMF_STUFF) {
- printf("Doing CMMF Stuff\n");
- if ((irv = DoCMMFStuff()) != 0) {
- printf ("CMMF tests failed.\n");
- goto loser;
- }
+ printf("Doing CMMF Stuff\n");
+ if ((irv = DoCMMFStuff()) != 0) {
+ printf("CMMF tests failed.\n");
+ goto loser;
+ }
}
if (flags & TEST_KEY_RECOVERY) {
- /* Requires some other options be set.
- ** Once we know exactly what hey are, test for them here.
- */
- printf("Doing Key Recovery\n");
- irv = DoKeyRecovery(WHICH_KEY.privKey);
- if (irv != 0) {
- printf ("Error doing key recovery\n");
- goto loser;
- }
+ /* Requires some other options be set.
+ ** Once we know exactly what hey are, test for them here.
+ */
+ printf("Doing Key Recovery\n");
+ irv = DoKeyRecovery(WHICH_KEY.privKey);
+ if (irv != 0) {
+ printf("Error doing key recovery\n");
+ goto loser;
+ }
}
if (flags & TEST_CHALLENGE_RESPONSE) {
- printf("Doing Challenge / Response\n");
- irv = DoChallengeResponse(WHICH_KEY.privKey, WHICH_KEY.pubKey);
- if (irv != 0) {
- printf ("Error doing challenge-response\n");
- goto loser;
- }
- }
- printf ("Exiting successfully!!!\n\n");
+ printf("Doing Challenge / Response\n");
+ irv = DoChallengeResponse(WHICH_KEY.privKey, WHICH_KEY.pubKey);
+ if (irv != 0) {
+ printf("Error doing challenge-response\n");
+ goto loser;
+ }
+ }
+ printf("Exiting successfully!!!\n\n");
irv = 0;
- loser:
+loser:
DestroyPair(&signPair);
DestroyPair(&cryptPair);
rv = NSS_Shutdown();
if (rv) {
- printf("NSS_Shutdown did not shutdown cleanly!\n");
+ printf("NSS_Shutdown did not shutdown cleanly!\n");
}
PORT_Free(configdir);
if (irv)
- printf("crmftest returning %d\n", irv);
+ printf("crmftest returning %d\n", irv);
return irv;
}
diff --git a/cmd/dbck/dbck.c b/cmd/dbck/dbck.c
index 31e1150bf..6791a0d19 100644
--- a/cmd/dbck/dbck.c
+++ b/cmd/dbck/dbck.c
@@ -30,45 +30,44 @@ static void *NoNickname;
static void *NoSMime;
typedef enum {
-/* 0*/ NoSubjectForCert = 0,
-/* 1*/ SubjectHasNoKeyForCert,
-/* 2*/ NoNicknameOrSMimeForSubject,
-/* 3*/ WrongNicknameForSubject,
-/* 4*/ NoNicknameEntry,
-/* 5*/ WrongSMimeForSubject,
-/* 6*/ NoSMimeEntry,
-/* 7*/ NoSubjectForNickname,
-/* 8*/ NoSubjectForSMime,
-/* 9*/ NicknameAndSMimeEntries,
+ /* 0*/ NoSubjectForCert = 0,
+ /* 1*/ SubjectHasNoKeyForCert,
+ /* 2*/ NoNicknameOrSMimeForSubject,
+ /* 3*/ WrongNicknameForSubject,
+ /* 4*/ NoNicknameEntry,
+ /* 5*/ WrongSMimeForSubject,
+ /* 6*/ NoSMimeEntry,
+ /* 7*/ NoSubjectForNickname,
+ /* 8*/ NoSubjectForSMime,
+ /* 9*/ NicknameAndSMimeEntries,
NUM_ERROR_TYPES
} dbErrorType;
static char *dbErrorString[NUM_ERROR_TYPES] = {
-/* 0*/ "<CERT ENTRY>\nDid not find a subject entry for this certificate.",
-/* 1*/ "<SUBJECT ENTRY>\nSubject has certKey which is not in db.",
-/* 2*/ "<SUBJECT ENTRY>\nSubject does not have a nickname or email address.",
-/* 3*/ "<SUBJECT ENTRY>\nUsing this subject's nickname, found a nickname entry for a different subject.",
-/* 4*/ "<SUBJECT ENTRY>\nDid not find a nickname entry for this subject.",
-/* 5*/ "<SUBJECT ENTRY>\nUsing this subject's email, found an S/MIME entry for a different subject.",
-/* 6*/ "<SUBJECT ENTRY>\nDid not find an S/MIME entry for this subject.",
-/* 7*/ "<NICKNAME ENTRY>\nDid not find a subject entry for this nickname.",
-/* 8*/ "<S/MIME ENTRY>\nDid not find a subject entry for this S/MIME profile.",
+ /* 0*/ "<CERT ENTRY>\nDid not find a subject entry for this certificate.",
+ /* 1*/ "<SUBJECT ENTRY>\nSubject has certKey which is not in db.",
+ /* 2*/ "<SUBJECT ENTRY>\nSubject does not have a nickname or email address.",
+ /* 3*/ "<SUBJECT ENTRY>\nUsing this subject's nickname, found a nickname entry for a different subject.",
+ /* 4*/ "<SUBJECT ENTRY>\nDid not find a nickname entry for this subject.",
+ /* 5*/ "<SUBJECT ENTRY>\nUsing this subject's email, found an S/MIME entry for a different subject.",
+ /* 6*/ "<SUBJECT ENTRY>\nDid not find an S/MIME entry for this subject.",
+ /* 7*/ "<NICKNAME ENTRY>\nDid not find a subject entry for this nickname.",
+ /* 8*/ "<S/MIME ENTRY>\nDid not find a subject entry for this S/MIME profile.",
};
static char *errResult[NUM_ERROR_TYPES] = {
- "Certificate entries that had no subject entry.",
- "Subject entries with no corresponding Certificate entries.",
+ "Certificate entries that had no subject entry.",
+ "Subject entries with no corresponding Certificate entries.",
"Subject entries that had no nickname or S/MIME entries.",
"Redundant nicknames (subjects with the same nickname).",
"Subject entries that had no nickname entry.",
"Redundant email addresses (subjects with the same email address).",
"Subject entries that had no S/MIME entry.",
- "Nickname entries that had no subject entry.",
+ "Nickname entries that had no subject entry.",
"S/MIME entries that had no subject entry.",
"Subject entries with BOTH nickname and S/MIME entries."
};
-
enum {
GOBOTH = 0,
GORIGHT,
@@ -89,7 +88,7 @@ struct certDBEntryListNodeStr {
certDBEntry entry;
void *appData;
};
-typedef struct certDBEntryListNodeStr certDBEntryListNode;
+typedef struct certDBEntryListNodeStr certDBEntryListNode;
/*
* A list node for a cert db entry. The index is a unique identifier
@@ -98,7 +97,7 @@ typedef struct certDBEntryListNodeStr certDBEntryListNode;
* single handle to a subject entry.
* This structure is pointed to by certDBEntryListNode->appData.
*/
-typedef struct
+typedef struct
{
PLArenaPool *arena;
int index;
@@ -142,16 +141,16 @@ typedef struct
#define LISTNODE_CAST(node) \
((certDBEntryListNode *)(node))
-static void
+static void
Usage(char *progName)
{
-#define FPS fprintf(stderr,
+#define FPS fprintf(stderr,
FPS "Type %s -H for more detailed descriptions\n", progName);
- FPS "Usage: %s -D [-d certdir] [-m] [-v [-f dumpfile]]\n",
- progName);
+ FPS "Usage: %s -D [-d certdir] [-m] [-v [-f dumpfile]]\n",
+ progName);
#ifdef DORECOVER
- FPS " %s -R -o newdbname [-d certdir] [-aprsx] [-v [-f dumpfile]]\n",
- progName);
+ FPS " %s -R -o newdbname [-d certdir] [-aprsx] [-v [-f dumpfile]]\n",
+ progName);
#endif
exit(-1);
}
@@ -160,20 +159,20 @@ static void
LongUsage(char *progName)
{
FPS "%-15s Display this help message.\n",
- "-H");
+ "-H");
FPS "%-15s Dump analysis. No changes will be made to the database.\n",
- "-D");
+ "-D");
FPS "%-15s Cert database directory (default is ~/.netscape)\n",
- " -d certdir");
+ " -d certdir");
FPS "%-15s Put database graph in ./mailfile (default is stdout).\n",
- " -m");
+ " -m");
FPS "%-15s Verbose mode. Dumps the entire contents of your cert8.db.\n",
- " -v");
+ " -v");
FPS "%-15s File to dump verbose output into. (default is stdout)\n",
- " -f dumpfile");
+ " -f dumpfile");
#ifdef DORECOVER
FPS "%-15s Repair the database. The program will look for broken\n",
- "-R");
+ "-R");
FPS "%-15s dependencies between subject entries and certificates,\n",
"");
FPS "%-15s between nickname entries and subjects, and between SMIME\n",
@@ -183,31 +182,31 @@ LongUsage(char *progName)
FPS "%-15s removed, any missing entries will be created.\n",
"");
FPS "%-15s File to store new database in (default is new_cert8.db)\n",
- " -o newdbname");
+ " -o newdbname");
FPS "%-15s Cert database directory (default is ~/.netscape)\n",
- " -d certdir");
+ " -d certdir");
FPS "%-15s Prompt before removing any certificates.\n",
" -p");
FPS "%-15s Keep all possible certificates. Only remove certificates\n",
- " -a");
+ " -a");
FPS "%-15s which prevent creation of a consistent database. Thus any\n",
- "");
+ "");
FPS "%-15s expired or redundant entries will be kept.\n",
- "");
+ "");
FPS "%-15s Keep redundant nickname/email entries. It is possible\n",
- " -r");
+ " -r");
FPS "%-15s only one such entry will be usable.\n",
- "");
+ "");
FPS "%-15s Don't require an S/MIME profile in order to keep an S/MIME\n",
- " -s");
+ " -s");
FPS "%-15s cert. An empty profile will be created.\n",
- "");
+ "");
FPS "%-15s Keep expired certificates.\n",
- " -x");
+ " -x");
FPS "%-15s Verbose mode - report all activity while recovering db.\n",
- " -v");
+ " -v");
FPS "%-15s File to dump verbose output into.\n",
- " -f dumpfile");
+ " -f dumpfile");
FPS "\n");
#endif
exit(-1);
@@ -225,16 +224,15 @@ printHexString(PRFileDesc *out, SECItem *hexval)
{
unsigned int i;
for (i = 0; i < hexval->len; i++) {
- if (i != hexval->len - 1) {
- PR_fprintf(out, "%02x:", hexval->data[i]);
- } else {
- PR_fprintf(out, "%02x", hexval->data[i]);
- }
+ if (i != hexval->len - 1) {
+ PR_fprintf(out, "%02x:", hexval->data[i]);
+ } else {
+ PR_fprintf(out, "%02x", hexval->data[i]);
+ }
}
PR_fprintf(out, "\n");
}
-
SECStatus
dumpCertificate(CERTCertificate *cert, int num, PRFileDesc *outfile)
{
@@ -244,30 +242,30 @@ dumpCertificate(CERTCertificate *cert, int num, PRFileDesc *outfile)
(SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) ||
(SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER);
if (num >= 0) {
- PR_fprintf(outfile, "Certificate: %3d\n", num);
+ PR_fprintf(outfile, "Certificate: %3d\n", num);
} else {
- PR_fprintf(outfile, "Certificate:\n");
+ PR_fprintf(outfile, "Certificate:\n");
}
PR_fprintf(outfile, "----------------\n");
if (userCert)
- PR_fprintf(outfile, "(User Cert)\n");
+ PR_fprintf(outfile, "(User Cert)\n");
PR_fprintf(outfile, "## SUBJECT: %s\n", cert->subjectName);
PR_fprintf(outfile, "## ISSUER: %s\n", cert->issuerName);
PR_fprintf(outfile, "## SERIAL NUMBER: ");
printHexString(outfile, &cert->serialNumber);
- { /* XXX should be separate function. */
- PRTime timeBefore, timeAfter;
- PRExplodedTime beforePrintable, afterPrintable;
- char *beforestr, *afterstr;
- DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
- DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
- PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
- PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
- beforestr = PORT_Alloc(100);
- afterstr = PORT_Alloc(100);
- PR_FormatTime(beforestr, 100, "%a %b %d %H:%M:%S %Y", &beforePrintable);
- PR_FormatTime(afterstr, 100, "%a %b %d %H:%M:%S %Y", &afterPrintable);
- PR_fprintf(outfile, "## VALIDITY: %s to %s\n", beforestr, afterstr);
+ { /* XXX should be separate function. */
+ PRTime timeBefore, timeAfter;
+ PRExplodedTime beforePrintable, afterPrintable;
+ char *beforestr, *afterstr;
+ DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
+ DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
+ PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
+ PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
+ beforestr = PORT_Alloc(100);
+ afterstr = PORT_Alloc(100);
+ PR_FormatTime(beforestr, 100, "%a %b %d %H:%M:%S %Y", &beforePrintable);
+ PR_FormatTime(afterstr, 100, "%a %b %d %H:%M:%S %Y", &afterPrintable);
+ PR_fprintf(outfile, "## VALIDITY: %s to %s\n", beforestr, afterstr);
}
PR_fprintf(outfile, "\n");
return SECSuccess;
@@ -279,15 +277,15 @@ dumpCertEntry(certDBEntryCert *entry, int num, PRFileDesc *outfile)
#if 0
NSSLOWCERTCertificate *cert;
/* should we check for existing duplicates? */
- cert = nsslowcert_DecodeDERCertificate(&entry->cert.derCert,
- entry->cert.nickname);
+ cert = nsslowcert_DecodeDERCertificate(&entry->cert.derCert,
+ entry->cert.nickname);
#else
CERTCertificate *cert;
cert = CERT_DecodeDERCertificate(&entry->derCert, PR_FALSE, NULL);
#endif
if (!cert) {
- fprintf(stderr, "Failed to decode certificate.\n");
- return SECFailure;
+ fprintf(stderr, "Failed to decode certificate.\n");
+ return SECFailure;
}
cert->trust = (CERTCertTrust *)&entry->trust;
dumpCertificate(cert, num, outfile);
@@ -304,16 +302,16 @@ dumpSubjectEntry(certDBEntrySubject *entry, int num, PRFileDesc *outfile)
PR_fprintf(outfile, "------------\n");
PR_fprintf(outfile, "## %s\n", subjectName);
if (entry->nickname)
- PR_fprintf(outfile, "## Subject nickname: %s\n", entry->nickname);
+ PR_fprintf(outfile, "## Subject nickname: %s\n", entry->nickname);
if (entry->emailAddrs) {
- unsigned int n;
- for (n = 0; n < entry->nemailAddrs && entry->emailAddrs[n]; ++n) {
- char * emailAddr = entry->emailAddrs[n];
- if (emailAddr[0]) {
- PR_fprintf(outfile, "## Subject email address: %s\n",
- emailAddr);
- }
- }
+ unsigned int n;
+ for (n = 0; n < entry->nemailAddrs && entry->emailAddrs[n]; ++n) {
+ char *emailAddr = entry->emailAddrs[n];
+ if (emailAddr[0]) {
+ PR_fprintf(outfile, "## Subject email address: %s\n",
+ emailAddr);
+ }
+ }
}
PR_fprintf(outfile, "## This subject has %d cert(s).\n", entry->ncerts);
PR_fprintf(outfile, "\n");
@@ -345,8 +343,8 @@ dumpSMimeEntry(certDBEntrySMime *entry, int num, PRFileDesc *outfile)
SECU_PrintAny(stdout, &entry->smimeOptions, "## OPTIONS ", 0);
fflush(stdout);
if (entry->optionsDate.len && entry->optionsDate.data)
- PR_fprintf(outfile, "## TIMESTAMP: %.*s\n",
- entry->optionsDate.len, entry->optionsDate.data);
+ PR_fprintf(outfile, "## TIMESTAMP: %.*s\n",
+ entry->optionsDate.len, entry->optionsDate.data);
#endif
PR_fprintf(outfile, "\n");
return SECSuccess;
@@ -368,42 +366,42 @@ mapCertEntries(certDBArray *dbArray)
/* Arena for decoded entries */
tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (tmparena == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return SECFailure;
}
- /* Iterate over cert entries and map them to subject entries.
+ /* Iterate over cert entries and map them to subject entries.
* NOTE: mapSubjectEntries must be called first to alloc memory
* for array of subject->cert map.
*/
- for (cElem = PR_LIST_HEAD(&dbArray->certs.link);
+ for (cElem = PR_LIST_HEAD(&dbArray->certs.link);
cElem != &dbArray->certs.link; cElem = PR_NEXT_LINK(cElem)) {
- certNode = LISTNODE_CAST(cElem);
- certEntry = (certDBEntryCert *)&certNode->entry;
- map = (certDBEntryMap *)certNode->appData;
- CERT_NameFromDERCert(&certEntry->derCert, &derSubject);
- CERT_KeyFromDERCert(tmparena, &certEntry->derCert, &certKey);
- /* Loop over found subjects for cert's DN. */
- for (sElem = PR_LIST_HEAD(&dbArray->subjects.link);
- sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) {
- subjNode = LISTNODE_CAST(sElem);
- subjectEntry = (certDBEntrySubject *)&subjNode->entry;
- if (SECITEM_ItemsAreEqual(&derSubject, &subjectEntry->derSubject)) {
- unsigned int i;
- /* Found matching subject name, create link. */
- map->pSubject = subjNode;
- /* Make sure subject entry has cert's key. */
- for (i=0; i<subjectEntry->ncerts; i++) {
- if (SECITEM_ItemsAreEqual(&certKey,
- &subjectEntry->certKeys[i])) {
- /* Found matching cert key. */
- smap = (certDBSubjectEntryMap *)subjNode->appData;
- smap->pCerts[i] = certNode;
- break;
- }
- }
- }
- }
+ certNode = LISTNODE_CAST(cElem);
+ certEntry = (certDBEntryCert *)&certNode->entry;
+ map = (certDBEntryMap *)certNode->appData;
+ CERT_NameFromDERCert(&certEntry->derCert, &derSubject);
+ CERT_KeyFromDERCert(tmparena, &certEntry->derCert, &certKey);
+ /* Loop over found subjects for cert's DN. */
+ for (sElem = PR_LIST_HEAD(&dbArray->subjects.link);
+ sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) {
+ subjNode = LISTNODE_CAST(sElem);
+ subjectEntry = (certDBEntrySubject *)&subjNode->entry;
+ if (SECITEM_ItemsAreEqual(&derSubject, &subjectEntry->derSubject)) {
+ unsigned int i;
+ /* Found matching subject name, create link. */
+ map->pSubject = subjNode;
+ /* Make sure subject entry has cert's key. */
+ for (i = 0; i < subjectEntry->ncerts; i++) {
+ if (SECITEM_ItemsAreEqual(&certKey,
+ &subjectEntry->certKeys[i])) {
+ /* Found matching cert key. */
+ smap = (certDBSubjectEntryMap *)subjNode->appData;
+ smap->pCerts[i] = certNode;
+ break;
+ }
+ }
+ }
+ }
}
PORT_FreeArena(tmparena, PR_FALSE);
return SECSuccess;
@@ -419,84 +417,85 @@ mapSubjectEntries(certDBArray *dbArray)
for (sElem = PR_LIST_HEAD(&dbArray->subjects.link);
sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) {
- /* Iterate over subject entries and map subjects to nickname
- * and smime entries. The cert<->subject map will be handled
- * by a subsequent call to mapCertEntries.
- */
- subjNode = LISTNODE_CAST(sElem);
- subjectEntry = (certDBEntrySubject *)&subjNode->entry;
- subjMap = (certDBSubjectEntryMap *)subjNode->appData;
- /* need to alloc memory here for array of matching certs. */
- subjMap->pCerts = PORT_ArenaAlloc(subjMap->arena,
- subjectEntry->ncerts*sizeof(int));
- subjMap->numCerts = subjectEntry->ncerts;
- subjMap->pNickname = NoNickname;
- subjMap->pSMime = NoSMime;
-
- if (subjectEntry->nickname) {
- /* Subject should have a nickname entry, so create a link. */
- PRCList *nElem;
- for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link);
- nElem != &dbArray->nicknames.link;
- nElem = PR_NEXT_LINK(nElem)) {
- certDBEntryListNode *nickNode;
- certDBEntryNickname *nicknameEntry;
- /* Look for subject's nickname in nickname entries. */
- nickNode = LISTNODE_CAST(nElem);
- nicknameEntry = (certDBEntryNickname *)&nickNode->entry;
- if (PL_strcmp(subjectEntry->nickname,
- nicknameEntry->nickname) == 0) {
- /* Found a nickname entry for subject's nickname. */
- if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject,
- &nicknameEntry->subjectName)) {
- certDBEntryMap *nickMap;
- nickMap = (certDBEntryMap *)nickNode->appData;
- /* Nickname and subject match. */
- subjMap->pNickname = nickNode;
- nickMap->pSubject = subjNode;
- } else if (subjMap->pNickname == NoNickname) {
- /* Nickname entry found is for diff. subject. */
- subjMap->pNickname = WrongEntry;
- }
- }
- }
- }
- if (subjectEntry->emailAddrs) {
- unsigned int n;
- for (n = 0; n < subjectEntry->nemailAddrs &&
- subjectEntry->emailAddrs[n]; ++n) {
- char * emailAddr = subjectEntry->emailAddrs[n];
- if (emailAddr[0]) {
- PRCList *mElem;
- /* Subject should have an smime entry, so create a link. */
- for (mElem = PR_LIST_HEAD(&dbArray->smime.link);
- mElem != &dbArray->smime.link;
- mElem = PR_NEXT_LINK(mElem)) {
- certDBEntryListNode *smimeNode;
- certDBEntrySMime *smimeEntry;
- /* Look for subject's email in S/MIME entries. */
- smimeNode = LISTNODE_CAST(mElem);
- smimeEntry = (certDBEntrySMime *)&smimeNode->entry;
- if (PL_strcmp(emailAddr,
- smimeEntry->emailAddr) == 0) {
- /* Found a S/MIME entry for subject's email. */
- if (SECITEM_ItemsAreEqual(
- &subjectEntry->derSubject,
- &smimeEntry->subjectName)) {
- certDBEntryMap *smimeMap;
- /* S/MIME entry and subject match. */
- subjMap->pSMime = smimeNode;
- smimeMap = (certDBEntryMap *)smimeNode->appData;
- smimeMap->pSubject = subjNode;
- } else if (subjMap->pSMime == NoSMime) {
- /* S/MIME entry found is for diff. subject. */
- subjMap->pSMime = WrongEntry;
- }
- }
- } /* end for */
- } /* endif (emailAddr[0]) */
- } /* end for */
- } /* endif (subjectEntry->emailAddrs) */
+ /* Iterate over subject entries and map subjects to nickname
+ * and smime entries. The cert<->subject map will be handled
+ * by a subsequent call to mapCertEntries.
+ */
+ subjNode = LISTNODE_CAST(sElem);
+ subjectEntry = (certDBEntrySubject *)&subjNode->entry;
+ subjMap = (certDBSubjectEntryMap *)subjNode->appData;
+ /* need to alloc memory here for array of matching certs. */
+ subjMap->pCerts = PORT_ArenaAlloc(subjMap->arena,
+ subjectEntry->ncerts * sizeof(int));
+ subjMap->numCerts = subjectEntry->ncerts;
+ subjMap->pNickname = NoNickname;
+ subjMap->pSMime = NoSMime;
+
+ if (subjectEntry->nickname) {
+ /* Subject should have a nickname entry, so create a link. */
+ PRCList *nElem;
+ for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link);
+ nElem != &dbArray->nicknames.link;
+ nElem = PR_NEXT_LINK(nElem)) {
+ certDBEntryListNode *nickNode;
+ certDBEntryNickname *nicknameEntry;
+ /* Look for subject's nickname in nickname entries. */
+ nickNode = LISTNODE_CAST(nElem);
+ nicknameEntry = (certDBEntryNickname *)&nickNode->entry;
+ if (PL_strcmp(subjectEntry->nickname,
+ nicknameEntry->nickname) == 0) {
+ /* Found a nickname entry for subject's nickname. */
+ if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject,
+ &nicknameEntry->subjectName)) {
+ certDBEntryMap *nickMap;
+ nickMap = (certDBEntryMap *)nickNode->appData;
+ /* Nickname and subject match. */
+ subjMap->pNickname = nickNode;
+ nickMap->pSubject = subjNode;
+ } else if (subjMap->pNickname == NoNickname) {
+ /* Nickname entry found is for diff. subject. */
+ subjMap->pNickname = WrongEntry;
+ }
+ }
+ }
+ }
+ if (subjectEntry->emailAddrs) {
+ unsigned int n;
+ for (n = 0; n < subjectEntry->nemailAddrs &&
+ subjectEntry->emailAddrs[n];
+ ++n) {
+ char *emailAddr = subjectEntry->emailAddrs[n];
+ if (emailAddr[0]) {
+ PRCList *mElem;
+ /* Subject should have an smime entry, so create a link. */
+ for (mElem = PR_LIST_HEAD(&dbArray->smime.link);
+ mElem != &dbArray->smime.link;
+ mElem = PR_NEXT_LINK(mElem)) {
+ certDBEntryListNode *smimeNode;
+ certDBEntrySMime *smimeEntry;
+ /* Look for subject's email in S/MIME entries. */
+ smimeNode = LISTNODE_CAST(mElem);
+ smimeEntry = (certDBEntrySMime *)&smimeNode->entry;
+ if (PL_strcmp(emailAddr,
+ smimeEntry->emailAddr) == 0) {
+ /* Found a S/MIME entry for subject's email. */
+ if (SECITEM_ItemsAreEqual(
+ &subjectEntry->derSubject,
+ &smimeEntry->subjectName)) {
+ certDBEntryMap *smimeMap;
+ /* S/MIME entry and subject match. */
+ subjMap->pSMime = smimeNode;
+ smimeMap = (certDBEntryMap *)smimeNode->appData;
+ smimeMap->pSubject = subjNode;
+ } else if (subjMap->pSMime == NoSMime) {
+ /* S/MIME entry found is for diff. subject. */
+ subjMap->pSMime = WrongEntry;
+ }
+ }
+ } /* end for */
+ } /* endif (emailAddr[0]) */
+ } /* end for */
+ } /* endif (subjectEntry->emailAddrs) */
}
return SECSuccess;
}
@@ -505,11 +504,11 @@ void
printnode(dbDebugInfo *info, const char *str, int num)
{
if (!info->dograph)
- return;
+ return;
if (num < 0) {
- PR_fprintf(info->graphfile, str);
+ PR_fprintf(info->graphfile, str);
} else {
- PR_fprintf(info->graphfile, str, num);
+ PR_fprintf(info->graphfile, str, num);
}
}
@@ -517,33 +516,33 @@ PRBool
map_handle_is_ok(dbDebugInfo *info, void *mapPtr, int indent)
{
if (mapPtr == NULL) {
- if (indent > 0)
- printnode(info, " ", -1);
- if (indent >= 0)
- printnode(info, "******************* ", -1);
- return PR_FALSE;
+ if (indent > 0)
+ printnode(info, " ", -1);
+ if (indent >= 0)
+ printnode(info, "******************* ", -1);
+ return PR_FALSE;
} else if (mapPtr == WrongEntry) {
- if (indent > 0)
- printnode(info, " ", -1);
- if (indent >= 0)
- printnode(info, "??????????????????? ", -1);
- return PR_FALSE;
+ if (indent > 0)
+ printnode(info, " ", -1);
+ if (indent >= 0)
+ printnode(info, "??????????????????? ", -1);
+ return PR_FALSE;
} else {
- return PR_TRUE;
+ return PR_TRUE;
}
}
/* these call each other */
-void print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap,
+void print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap,
int direction);
-void print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap,
+void print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap,
int direction);
-void print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap,
+void print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap,
int direction, int optindex, int opttype);
-void print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap,
+void print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap,
int direction);
-/* Given an smime entry, print its unique identifier. If GOLEFT is
+/* Given an smime entry, print its unique identifier. If GOLEFT is
* specified, print the cert<-subject<-smime map, else just print
* the smime entry.
*/
@@ -553,22 +552,22 @@ print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap, int direction)
certDBSubjectEntryMap *subjMap;
certDBEntryListNode *subjNode;
if (direction == GOLEFT) {
- /* Need to output subject and cert first, see print_subject_graph */
- subjNode = smimeMap->pSubject;
- if (map_handle_is_ok(info, (void *)subjNode, 1)) {
- subjMap = (certDBSubjectEntryMap *)subjNode->appData;
- print_subject_graph(info, subjMap, GOLEFT,
- smimeMap->index, certDBEntryTypeSMimeProfile);
- } else {
- printnode(info, "<---- S/MIME %5d ", smimeMap->index);
- info->dbErrors[NoSubjectForSMime]++;
- }
+ /* Need to output subject and cert first, see print_subject_graph */
+ subjNode = smimeMap->pSubject;
+ if (map_handle_is_ok(info, (void *)subjNode, 1)) {
+ subjMap = (certDBSubjectEntryMap *)subjNode->appData;
+ print_subject_graph(info, subjMap, GOLEFT,
+ smimeMap->index, certDBEntryTypeSMimeProfile);
+ } else {
+ printnode(info, "<---- S/MIME %5d ", smimeMap->index);
+ info->dbErrors[NoSubjectForSMime]++;
+ }
} else {
- printnode(info, "S/MIME %5d ", smimeMap->index);
+ printnode(info, "S/MIME %5d ", smimeMap->index);
}
}
-/* Given a nickname entry, print its unique identifier. If GOLEFT is
+/* Given a nickname entry, print its unique identifier. If GOLEFT is
* specified, print the cert<-subject<-nickname map, else just print
* the nickname entry.
*/
@@ -578,18 +577,18 @@ print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap, int direction)
certDBSubjectEntryMap *subjMap;
certDBEntryListNode *subjNode;
if (direction == GOLEFT) {
- /* Need to output subject and cert first, see print_subject_graph */
- subjNode = nickMap->pSubject;
- if (map_handle_is_ok(info, (void *)subjNode, 1)) {
- subjMap = (certDBSubjectEntryMap *)subjNode->appData;
- print_subject_graph(info, subjMap, GOLEFT,
- nickMap->index, certDBEntryTypeNickname);
- } else {
- printnode(info, "<---- Nickname %5d ", nickMap->index);
- info->dbErrors[NoSubjectForNickname]++;
- }
+ /* Need to output subject and cert first, see print_subject_graph */
+ subjNode = nickMap->pSubject;
+ if (map_handle_is_ok(info, (void *)subjNode, 1)) {
+ subjMap = (certDBSubjectEntryMap *)subjNode->appData;
+ print_subject_graph(info, subjMap, GOLEFT,
+ nickMap->index, certDBEntryTypeNickname);
+ } else {
+ printnode(info, "<---- Nickname %5d ", nickMap->index);
+ info->dbErrors[NoSubjectForNickname]++;
+ }
} else {
- printnode(info, "Nickname %5d ", nickMap->index);
+ printnode(info, "Nickname %5d ", nickMap->index);
}
}
@@ -598,7 +597,7 @@ print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap, int direction)
* print the list of certs that it points to.
*/
void
-print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap,
+print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap,
int direction, int optindex, int opttype)
{
certDBEntryMap *map;
@@ -619,70 +618,70 @@ print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap,
* than one may expect.
*/
if (direction == GOLEFT || direction == GOBOTH) {
- /* In this case, nothing should be output until the first cert is
- * located and output (cert 3 in the above example).
- */
- if (subjMap->numCerts == 0 || subjMap->pCerts == NULL)
- /* XXX uh-oh */
- return;
- /* get the first cert and dump it. */
- node = subjMap->pCerts[0];
- if (map_handle_is_ok(info, (void *)node, 0)) {
- map = (certDBEntryMap *)node->appData;
- /* going left here stops. */
- print_cert_graph(info, map, GOLEFT);
- } else {
- info->dbErrors[SubjectHasNoKeyForCert]++;
- }
- /* Now it is safe to output the subject id. */
- if (direction == GOLEFT)
- printnode(info, "Subject %5d <---- ", subjMap->index);
- else /* direction == GOBOTH */
- printnode(info, "Subject %5d ----> ", subjMap->index);
+ /* In this case, nothing should be output until the first cert is
+ * located and output (cert 3 in the above example).
+ */
+ if (subjMap->numCerts == 0 || subjMap->pCerts == NULL)
+ /* XXX uh-oh */
+ return;
+ /* get the first cert and dump it. */
+ node = subjMap->pCerts[0];
+ if (map_handle_is_ok(info, (void *)node, 0)) {
+ map = (certDBEntryMap *)node->appData;
+ /* going left here stops. */
+ print_cert_graph(info, map, GOLEFT);
+ } else {
+ info->dbErrors[SubjectHasNoKeyForCert]++;
+ }
+ /* Now it is safe to output the subject id. */
+ if (direction == GOLEFT)
+ printnode(info, "Subject %5d <---- ", subjMap->index);
+ else /* direction == GOBOTH */
+ printnode(info, "Subject %5d ----> ", subjMap->index);
}
- if (direction == GORIGHT || direction == GOBOTH) {
- /* Okay, now output the nickname|smime for this subject. */
- if (direction != GOBOTH) /* handled above */
- printnode(info, "Subject %5d ----> ", subjMap->index);
- if (subjMap->pNickname) {
- node = subjMap->pNickname;
- if (map_handle_is_ok(info, (void *)node, 0)) {
- map = (certDBEntryMap *)node->appData;
- /* going right here stops. */
- print_nickname_graph(info, map, GORIGHT);
- }
- }
- if (subjMap->pSMime) {
- node = subjMap->pSMime;
- if (map_handle_is_ok(info, (void *)node, 0)) {
- map = (certDBEntryMap *)node->appData;
- /* going right here stops. */
- print_smime_graph(info, map, GORIGHT);
- }
- }
- if (!subjMap->pNickname && !subjMap->pSMime) {
- printnode(info, "******************* ", -1);
- info->dbErrors[NoNicknameOrSMimeForSubject]++;
- }
- if (subjMap->pNickname && subjMap->pSMime) {
- info->dbErrors[NicknameAndSMimeEntries]++;
- }
+ if (direction == GORIGHT || direction == GOBOTH) {
+ /* Okay, now output the nickname|smime for this subject. */
+ if (direction != GOBOTH) /* handled above */
+ printnode(info, "Subject %5d ----> ", subjMap->index);
+ if (subjMap->pNickname) {
+ node = subjMap->pNickname;
+ if (map_handle_is_ok(info, (void *)node, 0)) {
+ map = (certDBEntryMap *)node->appData;
+ /* going right here stops. */
+ print_nickname_graph(info, map, GORIGHT);
+ }
+ }
+ if (subjMap->pSMime) {
+ node = subjMap->pSMime;
+ if (map_handle_is_ok(info, (void *)node, 0)) {
+ map = (certDBEntryMap *)node->appData;
+ /* going right here stops. */
+ print_smime_graph(info, map, GORIGHT);
+ }
+ }
+ if (!subjMap->pNickname && !subjMap->pSMime) {
+ printnode(info, "******************* ", -1);
+ info->dbErrors[NoNicknameOrSMimeForSubject]++;
+ }
+ if (subjMap->pNickname && subjMap->pSMime) {
+ info->dbErrors[NicknameAndSMimeEntries]++;
+ }
}
if (direction != GORIGHT) { /* going right has only one cert */
- if (opttype == certDBEntryTypeNickname)
- printnode(info, "Nickname %5d ", optindex);
- else if (opttype == certDBEntryTypeSMimeProfile)
- printnode(info, "S/MIME %5d ", optindex);
- for (i=1 /* 1st one already done */; i<subjMap->numCerts; i++) {
- printnode(info, "\n", -1); /* start a new line */
- node = subjMap->pCerts[i];
- if (map_handle_is_ok(info, (void *)node, 0)) {
- map = (certDBEntryMap *)node->appData;
- /* going left here stops. */
- print_cert_graph(info, map, GOLEFT);
- printnode(info, "/", -1);
- }
- }
+ if (opttype == certDBEntryTypeNickname)
+ printnode(info, "Nickname %5d ", optindex);
+ else if (opttype == certDBEntryTypeSMimeProfile)
+ printnode(info, "S/MIME %5d ", optindex);
+ for (i = 1 /* 1st one already done */; i < subjMap->numCerts; i++) {
+ printnode(info, "\n", -1); /* start a new line */
+ node = subjMap->pCerts[i];
+ if (map_handle_is_ok(info, (void *)node, 0)) {
+ map = (certDBEntryMap *)node->appData;
+ /* going left here stops. */
+ print_cert_graph(info, map, GOLEFT);
+ printnode(info, "/", -1);
+ }
+ }
}
}
@@ -696,18 +695,18 @@ print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap, int direction)
certDBSubjectEntryMap *subjMap;
certDBEntryListNode *subjNode;
if (direction == GOLEFT) {
- printnode(info, "Cert %5d <---- ", certMap->index);
- /* only want cert entry, terminate here. */
- return;
+ printnode(info, "Cert %5d <---- ", certMap->index);
+ /* only want cert entry, terminate here. */
+ return;
}
/* Keep going right then. */
printnode(info, "Cert %5d ----> ", certMap->index);
subjNode = certMap->pSubject;
if (map_handle_is_ok(info, (void *)subjNode, 0)) {
- subjMap = (certDBSubjectEntryMap *)subjNode->appData;
- print_subject_graph(info, subjMap, GORIGHT, -1, -1);
+ subjMap = (certDBSubjectEntryMap *)subjNode->appData;
+ print_subject_graph(info, subjMap, GORIGHT, -1, -1);
} else {
- info->dbErrors[NoSubjectForCert]++;
+ info->dbErrors[NoSubjectForCert]++;
}
}
@@ -734,45 +733,46 @@ computeDBGraph(certDBArray *dbArray, dbDebugInfo *info)
/* Print cert graph. */
for (cElem = PR_LIST_HEAD(&dbArray->certs.link);
cElem != &dbArray->certs.link; cElem = PR_NEXT_LINK(cElem)) {
- /* Print graph of everything to right of cert entry. */
- node = LISTNODE_CAST(cElem);
- map = (certDBEntryMap *)node->appData;
- print_cert_graph(info, map, GORIGHT);
- printnode(info, "\n", -1);
+ /* Print graph of everything to right of cert entry. */
+ node = LISTNODE_CAST(cElem);
+ map = (certDBEntryMap *)node->appData;
+ print_cert_graph(info, map, GORIGHT);
+ printnode(info, "\n", -1);
}
printnode(info, "\n", -1);
/* Print subject graph. */
for (sElem = PR_LIST_HEAD(&dbArray->subjects.link);
sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) {
- /* Print graph of everything to both sides of subject entry. */
- node = LISTNODE_CAST(sElem);
- subjMap = (certDBSubjectEntryMap *)node->appData;
- print_subject_graph(info, subjMap, GOBOTH, -1, -1);
- printnode(info, "\n", -1);
+ /* Print graph of everything to both sides of subject entry. */
+ node = LISTNODE_CAST(sElem);
+ subjMap = (certDBSubjectEntryMap *)node->appData;
+ print_subject_graph(info, subjMap, GOBOTH, -1, -1);
+ printnode(info, "\n", -1);
}
printnode(info, "\n", -1);
/* Print nickname graph. */
for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link);
nElem != &dbArray->nicknames.link; nElem = PR_NEXT_LINK(nElem)) {
- /* Print graph of everything to left of nickname entry. */
- node = LISTNODE_CAST(nElem);
- map = (certDBEntryMap *)node->appData;
- print_nickname_graph(info, map, GOLEFT);
- printnode(info, "\n", -1);
+ /* Print graph of everything to left of nickname entry. */
+ node = LISTNODE_CAST(nElem);
+ map = (certDBEntryMap *)node->appData;
+ print_nickname_graph(info, map, GOLEFT);
+ printnode(info, "\n", -1);
}
printnode(info, "\n", -1);
/* Print smime graph. */
for (mElem = PR_LIST_HEAD(&dbArray->smime.link);
mElem != &dbArray->smime.link; mElem = PR_NEXT_LINK(mElem)) {
- /* Print graph of everything to left of smime entry. */
- node = LISTNODE_CAST(mElem);
- if (node == NULL) break;
- map = (certDBEntryMap *)node->appData;
- print_smime_graph(info, map, GOLEFT);
- printnode(info, "\n", -1);
+ /* Print graph of everything to left of smime entry. */
+ node = LISTNODE_CAST(mElem);
+ if (node == NULL)
+ break;
+ map = (certDBEntryMap *)node->appData;
+ print_smime_graph(info, map, GOLEFT);
+ printnode(info, "\n", -1);
}
printnode(info, "\n", -1);
@@ -795,129 +795,127 @@ verboseOutput(certDBArray *dbArray, dbDebugInfo *info)
/* List certs */
for (elem = PR_LIST_HEAD(&dbArray->certs.link);
elem != &dbArray->certs.link; elem = PR_NEXT_LINK(elem)) {
- node = LISTNODE_CAST(elem);
- map = (certDBEntryMap *)node->appData;
- dumpCertEntry((certDBEntryCert*)&node->entry, map->index, info->out);
- /* walk the cert handle to it's subject entry */
- if (map_handle_is_ok(info, map->pSubject, -1)) {
- smap = (certDBSubjectEntryMap *)map->pSubject->appData;
- ref = smap->index;
- PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref);
- } else {
- PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n");
- }
+ node = LISTNODE_CAST(elem);
+ map = (certDBEntryMap *)node->appData;
+ dumpCertEntry((certDBEntryCert *)&node->entry, map->index, info->out);
+ /* walk the cert handle to it's subject entry */
+ if (map_handle_is_ok(info, map->pSubject, -1)) {
+ smap = (certDBSubjectEntryMap *)map->pSubject->appData;
+ ref = smap->index;
+ PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref);
+ } else {
+ PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n");
+ }
}
/* List subjects */
for (elem = PR_LIST_HEAD(&dbArray->subjects.link);
elem != &dbArray->subjects.link; elem = PR_NEXT_LINK(elem)) {
- int refs = 0;
- node = LISTNODE_CAST(elem);
- subjectEntry = (certDBEntrySubject *)&node->entry;
- smap = (certDBSubjectEntryMap *)node->appData;
- dumpSubjectEntry(subjectEntry, smap->index, info->out);
- /* iterate over subject's certs */
- for (i=0; i<smap->numCerts; i++) {
- /* walk each subject handle to it's cert entries */
- if (map_handle_is_ok(info, smap->pCerts[i], -1)) {
- ref = ((certDBEntryMap *)smap->pCerts[i]->appData)->index;
- PR_fprintf(info->out, "-->(%d. certificate %d)\n", i, ref);
- } else {
- PR_fprintf(info->out, "-->(%d. MISSING CERT ENTRY)\n", i);
- }
- }
- if (subjectEntry->nickname) {
- ++refs;
- /* walk each subject handle to it's nickname entry */
- if (map_handle_is_ok(info, smap->pNickname, -1)) {
- ref = ((certDBEntryMap *)smap->pNickname->appData)->index;
- PR_fprintf(info->out, "-->(nickname %d)\n", ref);
- } else {
- PR_fprintf(info->out, "-->(MISSING NICKNAME ENTRY)\n");
- }
- }
- if (subjectEntry->nemailAddrs &&
- subjectEntry->emailAddrs &&
- subjectEntry->emailAddrs[0] &&
- subjectEntry->emailAddrs[0][0]) {
- ++refs;
- /* walk each subject handle to it's smime entry */
- if (map_handle_is_ok(info, smap->pSMime, -1)) {
- ref = ((certDBEntryMap *)smap->pSMime->appData)->index;
- PR_fprintf(info->out, "-->(s/mime %d)\n", ref);
- } else {
- PR_fprintf(info->out, "-->(MISSING S/MIME ENTRY)\n");
- }
- }
- if (!refs) {
- PR_fprintf(info->out, "-->(NO NICKNAME+S/MIME ENTRY)\n");
- }
- PR_fprintf(info->out, "\n\n");
+ int refs = 0;
+ node = LISTNODE_CAST(elem);
+ subjectEntry = (certDBEntrySubject *)&node->entry;
+ smap = (certDBSubjectEntryMap *)node->appData;
+ dumpSubjectEntry(subjectEntry, smap->index, info->out);
+ /* iterate over subject's certs */
+ for (i = 0; i < smap->numCerts; i++) {
+ /* walk each subject handle to it's cert entries */
+ if (map_handle_is_ok(info, smap->pCerts[i], -1)) {
+ ref = ((certDBEntryMap *)smap->pCerts[i]->appData)->index;
+ PR_fprintf(info->out, "-->(%d. certificate %d)\n", i, ref);
+ } else {
+ PR_fprintf(info->out, "-->(%d. MISSING CERT ENTRY)\n", i);
+ }
+ }
+ if (subjectEntry->nickname) {
+ ++refs;
+ /* walk each subject handle to it's nickname entry */
+ if (map_handle_is_ok(info, smap->pNickname, -1)) {
+ ref = ((certDBEntryMap *)smap->pNickname->appData)->index;
+ PR_fprintf(info->out, "-->(nickname %d)\n", ref);
+ } else {
+ PR_fprintf(info->out, "-->(MISSING NICKNAME ENTRY)\n");
+ }
+ }
+ if (subjectEntry->nemailAddrs &&
+ subjectEntry->emailAddrs &&
+ subjectEntry->emailAddrs[0] &&
+ subjectEntry->emailAddrs[0][0]) {
+ ++refs;
+ /* walk each subject handle to it's smime entry */
+ if (map_handle_is_ok(info, smap->pSMime, -1)) {
+ ref = ((certDBEntryMap *)smap->pSMime->appData)->index;
+ PR_fprintf(info->out, "-->(s/mime %d)\n", ref);
+ } else {
+ PR_fprintf(info->out, "-->(MISSING S/MIME ENTRY)\n");
+ }
+ }
+ if (!refs) {
+ PR_fprintf(info->out, "-->(NO NICKNAME+S/MIME ENTRY)\n");
+ }
+ PR_fprintf(info->out, "\n\n");
}
for (elem = PR_LIST_HEAD(&dbArray->nicknames.link);
elem != &dbArray->nicknames.link; elem = PR_NEXT_LINK(elem)) {
- node = LISTNODE_CAST(elem);
- map = (certDBEntryMap *)node->appData;
- dumpNicknameEntry((certDBEntryNickname*)&node->entry, map->index,
- info->out);
- if (map_handle_is_ok(info, map->pSubject, -1)) {
- ref = ((certDBEntryMap *)map->pSubject->appData)->index;
- PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref);
- } else {
- PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n");
- }
+ node = LISTNODE_CAST(elem);
+ map = (certDBEntryMap *)node->appData;
+ dumpNicknameEntry((certDBEntryNickname *)&node->entry, map->index,
+ info->out);
+ if (map_handle_is_ok(info, map->pSubject, -1)) {
+ ref = ((certDBEntryMap *)map->pSubject->appData)->index;
+ PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref);
+ } else {
+ PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n");
+ }
}
for (elem = PR_LIST_HEAD(&dbArray->smime.link);
elem != &dbArray->smime.link; elem = PR_NEXT_LINK(elem)) {
- node = LISTNODE_CAST(elem);
- map = (certDBEntryMap *)node->appData;
- dumpSMimeEntry((certDBEntrySMime*)&node->entry, map->index, info->out);
- if (map_handle_is_ok(info, map->pSubject, -1)) {
- ref = ((certDBEntryMap *)map->pSubject->appData)->index;
- PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref);
- } else {
- PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n");
- }
+ node = LISTNODE_CAST(elem);
+ map = (certDBEntryMap *)node->appData;
+ dumpSMimeEntry((certDBEntrySMime *)&node->entry, map->index, info->out);
+ if (map_handle_is_ok(info, map->pSubject, -1)) {
+ ref = ((certDBEntryMap *)map->pSubject->appData)->index;
+ PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref);
+ } else {
+ PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n");
+ }
}
PR_fprintf(info->out, "\n\n");
}
-
/* A callback function, intended to be called from nsslowcert_TraverseDBEntries
* Builds a PRCList of DB entries of the specified type.
*/
-SECStatus
-SEC_GetCertDBEntryList(SECItem *dbdata, SECItem *dbkey,
+SECStatus
+SEC_GetCertDBEntryList(SECItem *dbdata, SECItem *dbkey,
certDBEntryType entryType, void *pdata)
{
- certDBEntry * entry;
- certDBEntryListNode * node;
- PRCList * list = (PRCList *)pdata;
+ certDBEntry *entry;
+ certDBEntryListNode *node;
+ PRCList *list = (PRCList *)pdata;
if (!dbdata || !dbkey || !pdata || !dbdata->data || !dbkey->data) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
entry = nsslowcert_DecodeAnyDBEntry(dbdata, dbkey, entryType, NULL);
if (!entry) {
- return SECSuccess; /* skip it */
+ return SECSuccess; /* skip it */
}
node = PORT_ArenaZNew(entry->common.arena, certDBEntryListNode);
if (!node) {
- /* DestroyDBEntry(entry); */
- PLArenaPool *arena = entry->common.arena;
- PORT_Memset(&entry->common, 0, sizeof entry->common);
- PORT_FreeArena(arena, PR_FALSE);
- return SECFailure;
+ /* DestroyDBEntry(entry); */
+ PLArenaPool *arena = entry->common.arena;
+ PORT_Memset(&entry->common, 0, sizeof entry->common);
+ PORT_FreeArena(arena, PR_FALSE);
+ return SECFailure;
}
- node->entry = *entry; /* crude but effective. */
+ node->entry = *entry; /* crude but effective. */
PR_INIT_CLIST(&node->link);
PR_INSERT_BEFORE(&node->link, list);
return SECSuccess;
}
-
int
-fillDBEntryArray(NSSLOWCERTCertDBHandle *handle, certDBEntryType type,
+fillDBEntryArray(NSSLOWCERTCertDBHandle *handle, certDBEntryType type,
certDBEntryListNode *list)
{
PRCList *elem;
@@ -934,27 +932,27 @@ fillDBEntryArray(NSSLOWCERTCertDBHandle *handle, certDBEntryType type,
/* Collect all of the cert db entries for this type into a list. */
nsslowcert_TraverseDBEntries(handle, type, SEC_GetCertDBEntryList, list);
- for (elem = PR_LIST_HEAD(&list->link);
+ for (elem = PR_LIST_HEAD(&list->link);
elem != &list->link; elem = PR_NEXT_LINK(elem)) {
- /* Iterate over the entries and ... */
- node = (certDBEntryListNode *)elem;
- if (type != certDBEntryTypeSubject) {
- arena = PORT_NewArena(sizeof(*mnode));
- mnode = PORT_ArenaZNew(arena, certDBEntryMap);
- mnode->arena = arena;
- /* ... assign a unique index number to each node, and ... */
- mnode->index = count;
- /* ... set the map pointer for the node. */
- node->appData = (void *)mnode;
- } else {
- /* allocate some room for the cert pointers also */
- arena = PORT_NewArena(sizeof(*smnode) + 20*sizeof(void *));
- smnode = PORT_ArenaZNew(arena, certDBSubjectEntryMap);
- smnode->arena = arena;
- smnode->index = count;
- node->appData = (void *)smnode;
- }
- count++;
+ /* Iterate over the entries and ... */
+ node = (certDBEntryListNode *)elem;
+ if (type != certDBEntryTypeSubject) {
+ arena = PORT_NewArena(sizeof(*mnode));
+ mnode = PORT_ArenaZNew(arena, certDBEntryMap);
+ mnode->arena = arena;
+ /* ... assign a unique index number to each node, and ... */
+ mnode->index = count;
+ /* ... set the map pointer for the node. */
+ node->appData = (void *)mnode;
+ } else {
+ /* allocate some room for the cert pointers also */
+ arena = PORT_NewArena(sizeof(*smnode) + 20 * sizeof(void *));
+ smnode = PORT_ArenaZNew(arena, certDBSubjectEntryMap);
+ smnode->arena = arena;
+ smnode->index = count;
+ node->appData = (void *)smnode;
+ }
+ count++;
}
return count;
}
@@ -966,20 +964,20 @@ freeDBEntryList(PRCList *list)
certDBEntryListNode *node;
certDBEntryMap *map;
- for (elem = PR_LIST_HEAD(list); elem != list;) {
- next = PR_NEXT_LINK(elem);
- node = (certDBEntryListNode *)elem;
- map = (certDBEntryMap *)node->appData;
- PR_REMOVE_LINK(&node->link);
- PORT_FreeArena(map->arena, PR_TRUE);
- PORT_FreeArena(node->entry.common.arena, PR_TRUE);
- elem = next;
+ for (elem = PR_LIST_HEAD(list); elem != list;) {
+ next = PR_NEXT_LINK(elem);
+ node = (certDBEntryListNode *)elem;
+ map = (certDBEntryMap *)node->appData;
+ PR_REMOVE_LINK(&node->link);
+ PORT_FreeArena(map->arena, PR_TRUE);
+ PORT_FreeArena(node->entry.common.arena, PR_TRUE);
+ elem = next;
}
}
void
-DBCK_DebugDB(NSSLOWCERTCertDBHandle *handle, PRFileDesc *out,
- PRFileDesc *mailfile)
+DBCK_DebugDB(NSSLOWCERTCertDBHandle *handle, PRFileDesc *out,
+ PRFileDesc *mailfile)
{
int i, nCertsFound, nSubjFound, nErr;
int nCerts, nSubjects, nSubjCerts, nNicknames, nSMime, nRevocation;
@@ -992,20 +990,20 @@ DBCK_DebugDB(NSSLOWCERTCertDBHandle *handle, PRFileDesc *out,
PORT_Memset(&info, 0, sizeof(info));
info.verbose = (PRBool)(out != NULL);
info.dograph = info.verbose;
- info.out = (out) ? out : PR_STDOUT;
+ info.out = (out) ? out : PR_STDOUT;
info.graphfile = mailfile ? mailfile : PR_STDOUT;
/* Fill the array structure with cert/subject/nickname/smime entries. */
- dbArray.numCerts = fillDBEntryArray(handle, certDBEntryTypeCert,
- &dbArray.certs);
- dbArray.numSubjects = fillDBEntryArray(handle, certDBEntryTypeSubject,
- &dbArray.subjects);
- dbArray.numNicknames = fillDBEntryArray(handle, certDBEntryTypeNickname,
+ dbArray.numCerts = fillDBEntryArray(handle, certDBEntryTypeCert,
+ &dbArray.certs);
+ dbArray.numSubjects = fillDBEntryArray(handle, certDBEntryTypeSubject,
+ &dbArray.subjects);
+ dbArray.numNicknames = fillDBEntryArray(handle, certDBEntryTypeNickname,
&dbArray.nicknames);
- dbArray.numSMime = fillDBEntryArray(handle, certDBEntryTypeSMimeProfile,
- &dbArray.smime);
- dbArray.numRevocation= fillDBEntryArray(handle, certDBEntryTypeRevocation,
- &dbArray.revocation);
+ dbArray.numSMime = fillDBEntryArray(handle, certDBEntryTypeSMimeProfile,
+ &dbArray.smime);
+ dbArray.numRevocation = fillDBEntryArray(handle, certDBEntryTypeRevocation,
+ &dbArray.revocation);
/* Compute the map between the database entries. */
mapSubjectEntries(&dbArray);
@@ -1013,22 +1011,22 @@ DBCK_DebugDB(NSSLOWCERTCertDBHandle *handle, PRFileDesc *out,
computeDBGraph(&dbArray, &info);
/* Store the totals for later reference. */
- nCerts = dbArray.numCerts;
- nSubjects = dbArray.numSubjects;
+ nCerts = dbArray.numCerts;
+ nSubjects = dbArray.numSubjects;
nNicknames = dbArray.numNicknames;
- nSMime = dbArray.numSMime;
- nRevocation= dbArray.numRevocation;
+ nSMime = dbArray.numSMime;
+ nRevocation = dbArray.numRevocation;
nSubjCerts = 0;
for (elem = PR_LIST_HEAD(&dbArray.subjects.link);
elem != &dbArray.subjects.link; elem = PR_NEXT_LINK(elem)) {
- certDBSubjectEntryMap *smap;
- smap = (certDBSubjectEntryMap *)LISTNODE_CAST(elem)->appData;
- nSubjCerts += smap->numCerts;
+ certDBSubjectEntryMap *smap;
+ smap = (certDBSubjectEntryMap *)LISTNODE_CAST(elem)->appData;
+ nSubjCerts += smap->numCerts;
}
if (info.verbose) {
- /* Dump the database contents. */
- verboseOutput(&dbArray, &info);
+ /* Dump the database contents. */
+ verboseOutput(&dbArray, &info);
}
freeDBEntryList(&dbArray.certs.link);
@@ -1039,71 +1037,71 @@ DBCK_DebugDB(NSSLOWCERTCertDBHandle *handle, PRFileDesc *out,
PR_fprintf(info.out, "\n");
PR_fprintf(info.out, "Database statistics:\n");
- PR_fprintf(info.out, "N0: Found %4d Certificate entries.\n",
- nCerts);
- PR_fprintf(info.out, "N1: Found %4d Subject entries (unique DN's).\n",
- nSubjects);
- PR_fprintf(info.out, "N2: Found %4d Cert keys within Subject entries.\n",
- nSubjCerts);
- PR_fprintf(info.out, "N3: Found %4d Nickname entries.\n",
- nNicknames);
- PR_fprintf(info.out, "N4: Found %4d S/MIME entries.\n",
- nSMime);
- PR_fprintf(info.out, "N5: Found %4d CRL entries.\n",
- nRevocation);
+ PR_fprintf(info.out, "N0: Found %4d Certificate entries.\n",
+ nCerts);
+ PR_fprintf(info.out, "N1: Found %4d Subject entries (unique DN's).\n",
+ nSubjects);
+ PR_fprintf(info.out, "N2: Found %4d Cert keys within Subject entries.\n",
+ nSubjCerts);
+ PR_fprintf(info.out, "N3: Found %4d Nickname entries.\n",
+ nNicknames);
+ PR_fprintf(info.out, "N4: Found %4d S/MIME entries.\n",
+ nSMime);
+ PR_fprintf(info.out, "N5: Found %4d CRL entries.\n",
+ nRevocation);
PR_fprintf(info.out, "\n");
nErr = 0;
- for (i=0; i < NUM_ERROR_TYPES; i++) {
- PR_fprintf(info.out, "E%d: Found %4d %s\n",
- i, info.dbErrors[i], errResult[i]);
- nErr += info.dbErrors[i];
+ for (i = 0; i < NUM_ERROR_TYPES; i++) {
+ PR_fprintf(info.out, "E%d: Found %4d %s\n",
+ i, info.dbErrors[i], errResult[i]);
+ nErr += info.dbErrors[i];
}
- PR_fprintf(info.out, "--------------\n Found %4d errors in database.\n",
+ PR_fprintf(info.out, "--------------\n Found %4d errors in database.\n",
nErr);
PR_fprintf(info.out, "\nCertificates:\n");
- PR_fprintf(info.out, "N0 == N2 + E%d + E%d\n", NoSubjectForCert,
- SubjectHasNoKeyForCert);
+ PR_fprintf(info.out, "N0 == N2 + E%d + E%d\n", NoSubjectForCert,
+ SubjectHasNoKeyForCert);
nCertsFound = nSubjCerts +
info.dbErrors[NoSubjectForCert] +
info.dbErrors[SubjectHasNoKeyForCert];
c = (nCertsFound == nCerts) ? '=' : '!';
- PR_fprintf(info.out, "%d %c= %d + %d + %d\n", nCerts, c, nSubjCerts,
- info.dbErrors[NoSubjectForCert],
- info.dbErrors[SubjectHasNoKeyForCert]);
+ PR_fprintf(info.out, "%d %c= %d + %d + %d\n", nCerts, c, nSubjCerts,
+ info.dbErrors[NoSubjectForCert],
+ info.dbErrors[SubjectHasNoKeyForCert]);
PR_fprintf(info.out, "\nSubjects:\n");
- PR_fprintf(info.out,
- "N1 == N3 + N4 + E%d + E%d + E%d + E%d + E%d - E%d - E%d - E%d\n",
- NoNicknameOrSMimeForSubject,
- WrongNicknameForSubject,
- NoNicknameEntry,
- WrongSMimeForSubject,
- NoSMimeEntry,
- NoSubjectForNickname,
- NoSubjectForSMime,
- NicknameAndSMimeEntries);
- nSubjFound = nNicknames + nSMime +
+ PR_fprintf(info.out,
+ "N1 == N3 + N4 + E%d + E%d + E%d + E%d + E%d - E%d - E%d - E%d\n",
+ NoNicknameOrSMimeForSubject,
+ WrongNicknameForSubject,
+ NoNicknameEntry,
+ WrongSMimeForSubject,
+ NoSMimeEntry,
+ NoSubjectForNickname,
+ NoSubjectForSMime,
+ NicknameAndSMimeEntries);
+ nSubjFound = nNicknames + nSMime +
info.dbErrors[NoNicknameOrSMimeForSubject] +
- info.dbErrors[WrongNicknameForSubject] +
- info.dbErrors[NoNicknameEntry] +
- info.dbErrors[WrongSMimeForSubject] +
+ info.dbErrors[WrongNicknameForSubject] +
+ info.dbErrors[NoNicknameEntry] +
+ info.dbErrors[WrongSMimeForSubject] +
info.dbErrors[NoSMimeEntry] -
- info.dbErrors[NoSubjectForNickname] -
- info.dbErrors[NoSubjectForSMime] -
- info.dbErrors[NicknameAndSMimeEntries];
+ info.dbErrors[NoSubjectForNickname] -
+ info.dbErrors[NoSubjectForSMime] -
+ info.dbErrors[NicknameAndSMimeEntries];
c = (nSubjFound == nSubjects) ? '=' : '!';
- PR_fprintf(info.out,
- "%2d %c= %2d + %2d + %2d + %2d + %2d + %2d + %2d - %2d - %2d - %2d\n",
- nSubjects, c, nNicknames, nSMime,
- info.dbErrors[NoNicknameOrSMimeForSubject],
- info.dbErrors[WrongNicknameForSubject],
- info.dbErrors[NoNicknameEntry],
- info.dbErrors[WrongSMimeForSubject],
- info.dbErrors[NoSMimeEntry],
- info.dbErrors[NoSubjectForNickname],
- info.dbErrors[NoSubjectForSMime],
- info.dbErrors[NicknameAndSMimeEntries]);
+ PR_fprintf(info.out,
+ "%2d %c= %2d + %2d + %2d + %2d + %2d + %2d + %2d - %2d - %2d - %2d\n",
+ nSubjects, c, nNicknames, nSMime,
+ info.dbErrors[NoNicknameOrSMimeForSubject],
+ info.dbErrors[WrongNicknameForSubject],
+ info.dbErrors[NoNicknameEntry],
+ info.dbErrors[WrongSMimeForSubject],
+ info.dbErrors[NoSMimeEntry],
+ info.dbErrors[NoSubjectForNickname],
+ info.dbErrors[NoSubjectForSMime],
+ info.dbErrors[NicknameAndSMimeEntries]);
PR_fprintf(info.out, "\n");
}
@@ -1132,26 +1130,26 @@ enum {
};
static secuCommandFlag dbck_commands[] =
-{
- { /* cmd_Debug, */ 'D', PR_FALSE, 0, PR_FALSE },
- { /* cmd_LongUsage,*/ 'H', PR_FALSE, 0, PR_FALSE },
- { /* cmd_Recover, */ 'R', PR_FALSE, 0, PR_FALSE }
-};
+ {
+ { /* cmd_Debug, */ 'D', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_LongUsage,*/ 'H', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_Recover, */ 'R', PR_FALSE, 0, PR_FALSE }
+ };
static secuCommandFlag dbck_options[] =
-{
- { /* opt_KeepAll, */ 'a', PR_FALSE, 0, PR_FALSE },
- { /* opt_CertDir, */ 'd', PR_TRUE, 0, PR_FALSE },
- { /* opt_Dumpfile, */ 'f', PR_TRUE, 0, PR_FALSE },
- { /* opt_InputDB, */ 'i', PR_TRUE, 0, PR_FALSE },
- { /* opt_OutputDB, */ 'o', PR_TRUE, 0, PR_FALSE },
- { /* opt_Mailfile, */ 'm', PR_FALSE, 0, PR_FALSE },
- { /* opt_Prompt, */ 'p', PR_FALSE, 0, PR_FALSE },
- { /* opt_KeepRedundant, */ 'r', PR_FALSE, 0, PR_FALSE },
- { /* opt_KeepNoSMimeProfile,*/ 's', PR_FALSE, 0, PR_FALSE },
- { /* opt_Verbose, */ 'v', PR_FALSE, 0, PR_FALSE },
- { /* opt_KeepExpired, */ 'x', PR_FALSE, 0, PR_FALSE }
-};
+ {
+ { /* opt_KeepAll, */ 'a', PR_FALSE, 0, PR_FALSE },
+ { /* opt_CertDir, */ 'd', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Dumpfile, */ 'f', PR_TRUE, 0, PR_FALSE },
+ { /* opt_InputDB, */ 'i', PR_TRUE, 0, PR_FALSE },
+ { /* opt_OutputDB, */ 'o', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Mailfile, */ 'm', PR_FALSE, 0, PR_FALSE },
+ { /* opt_Prompt, */ 'p', PR_FALSE, 0, PR_FALSE },
+ { /* opt_KeepRedundant, */ 'r', PR_FALSE, 0, PR_FALSE },
+ { /* opt_KeepNoSMimeProfile,*/ 's', PR_FALSE, 0, PR_FALSE },
+ { /* opt_Verbose, */ 'v', PR_FALSE, 0, PR_FALSE },
+ { /* opt_KeepExpired, */ 'x', PR_FALSE, 0, PR_FALSE }
+ };
#define CERT_DB_FMT "%s/cert%s.db"
@@ -1164,36 +1162,35 @@ dbck_certdb_name_cb(void *arg, int dbVersion)
char *dbname = NULL;
switch (dbVersion) {
- case 8:
- dbver = "8";
- break;
- case 7:
- dbver = "7";
- break;
- case 6:
- dbver = "6";
- break;
- case 5:
- dbver = "5";
- break;
- case 4:
- default:
- dbver = "";
- break;
+ case 8:
+ dbver = "8";
+ break;
+ case 7:
+ dbver = "7";
+ break;
+ case 6:
+ dbver = "6";
+ break;
+ case 5:
+ dbver = "5";
+ break;
+ case 4:
+ default:
+ dbver = "";
+ break;
}
/* make sure we return something allocated with PORT_ so we have properly
* matched frees at the end */
smpname = PR_smprintf(CERT_DB_FMT, configdir, dbver);
if (smpname) {
- dbname = PORT_Strdup(smpname);
- PR_smprintf_free(smpname);
+ dbname = PORT_Strdup(smpname);
+ PR_smprintf_free(smpname);
}
return dbname;
}
-
-int
+int
main(int argc, char **argv)
{
NSSLOWCERTCertDBHandle *certHandle;
@@ -1201,12 +1198,12 @@ main(int argc, char **argv)
PRFileDesc *mailfile = NULL;
PRFileDesc *dumpfile = NULL;
- char * pathname = 0;
- char * fullname = 0;
- char * newdbname = 0;
+ char *pathname = 0;
+ char *fullname = 0;
+ char *newdbname = 0;
PRBool removeExpired, requireProfile, singleEntry;
- SECStatus rv;
+ SECStatus rv;
secuCommand dbck;
dbck.numCommands = sizeof(dbck_commands) / sizeof(secuCommandFlag);
@@ -1215,63 +1212,63 @@ main(int argc, char **argv)
dbck.options = dbck_options;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
rv = SECU_ParseCommandLine(argc, argv, progName, &dbck);
if (rv != SECSuccess)
- Usage(progName);
+ Usage(progName);
if (dbck.commands[cmd_LongUsage].activated)
- LongUsage(progName);
+ LongUsage(progName);
if (!dbck.commands[cmd_Debug].activated &&
!dbck.commands[cmd_Recover].activated) {
- PR_fprintf(PR_STDERR, "Please specify -H, -D or -R.\n");
- Usage(progName);
+ PR_fprintf(PR_STDERR, "Please specify -H, -D or -R.\n");
+ Usage(progName);
}
removeExpired = !(dbck.options[opt_KeepAll].activated ||
dbck.options[opt_KeepExpired].activated);
requireProfile = !(dbck.options[opt_KeepAll].activated ||
- dbck.options[opt_KeepNoSMimeProfile].activated);
+ dbck.options[opt_KeepNoSMimeProfile].activated);
singleEntry = !(dbck.options[opt_KeepAll].activated ||
dbck.options[opt_KeepRedundant].activated);
if (dbck.options[opt_OutputDB].activated) {
- newdbname = PL_strdup(dbck.options[opt_OutputDB].arg);
+ newdbname = PL_strdup(dbck.options[opt_OutputDB].arg);
} else {
- newdbname = PL_strdup("new_cert8.db");
+ newdbname = PL_strdup("new_cert8.db");
}
/* Create a generic graph of the database. */
if (dbck.options[opt_Mailfile].activated) {
- mailfile = PR_Open("./mailfile", PR_RDWR | PR_CREATE_FILE, 00660);
- if (!mailfile) {
- fprintf(stderr, "Unable to create mailfile.\n");
- return -1;
- }
+ mailfile = PR_Open("./mailfile", PR_RDWR | PR_CREATE_FILE, 00660);
+ if (!mailfile) {
+ fprintf(stderr, "Unable to create mailfile.\n");
+ return -1;
+ }
}
/* Dump all debugging info while running. */
if (dbck.options[opt_Verbose].activated) {
- if (dbck.options[opt_Dumpfile].activated) {
- dumpfile = PR_Open(dbck.options[opt_Dumpfile].arg,
- PR_RDWR | PR_CREATE_FILE, 00660);
- if (!dumpfile) {
- fprintf(stderr, "Unable to create dumpfile.\n");
- return -1;
- }
- } else {
- dumpfile = PR_STDOUT;
- }
+ if (dbck.options[opt_Dumpfile].activated) {
+ dumpfile = PR_Open(dbck.options[opt_Dumpfile].arg,
+ PR_RDWR | PR_CREATE_FILE, 00660);
+ if (!dumpfile) {
+ fprintf(stderr, "Unable to create dumpfile.\n");
+ return -1;
+ }
+ } else {
+ dumpfile = PR_STDOUT;
+ }
}
/* Set the cert database directory. */
if (dbck.options[opt_CertDir].activated) {
- SECU_ConfigDirectory(dbck.options[opt_CertDir].arg);
+ SECU_ConfigDirectory(dbck.options[opt_CertDir].arg);
}
pathname = SECU_ConfigDirectory(NULL);
@@ -1279,75 +1276,75 @@ main(int argc, char **argv)
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_NoDB_Init(pathname);
if (rv != SECSuccess) {
- fprintf(stderr, "NSS_NoDB_Init failed\n");
- return -1;
+ fprintf(stderr, "NSS_NoDB_Init failed\n");
+ return -1;
}
certHandle = PORT_ZNew(NSSLOWCERTCertDBHandle);
if (!certHandle) {
- SECU_PrintError(progName, "unable to get database handle");
- return -1;
+ SECU_PrintError(progName, "unable to get database handle");
+ return -1;
}
certHandle->ref = 1;
#ifdef NOTYET
/* Open the possibly corrupt database. */
if (dbck.options[opt_InputDB].activated) {
- PRFileInfo fileInfo;
- fullname = PR_smprintf("%s/%s", pathname,
- dbck.options[opt_InputDB].arg);
- if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) {
- fprintf(stderr, "Unable to read file \"%s\".\n", fullname);
- return -1;
- }
- rv = CERT_OpenCertDBFilename(certHandle, fullname, PR_TRUE);
- } else
+ PRFileInfo fileInfo;
+ fullname = PR_smprintf("%s/%s", pathname,
+ dbck.options[opt_InputDB].arg);
+ if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) {
+ fprintf(stderr, "Unable to read file \"%s\".\n", fullname);
+ return -1;
+ }
+ rv = CERT_OpenCertDBFilename(certHandle, fullname, PR_TRUE);
+ } else
#endif
{
- /* Use the default. */
+/* Use the default. */
#ifdef NOTYET
- fullname = SECU_CertDBNameCallback(NULL, CERT_DB_FILE_VERSION);
- if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) {
- fprintf(stderr, "Unable to read file \"%s\".\n", fullname);
- return -1;
- }
+ fullname = SECU_CertDBNameCallback(NULL, CERT_DB_FILE_VERSION);
+ if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) {
+ fprintf(stderr, "Unable to read file \"%s\".\n", fullname);
+ return -1;
+ }
#endif
- rv = nsslowcert_OpenCertDB(certHandle,
- PR_TRUE, /* readOnly */
- NULL, /* rdb appName */
- "", /* rdb prefix */
- dbck_certdb_name_cb, /* namecb */
- pathname, /* configDir */
- PR_FALSE); /* volatile */
+ rv = nsslowcert_OpenCertDB(certHandle,
+ PR_TRUE, /* readOnly */
+ NULL, /* rdb appName */
+ "", /* rdb prefix */
+ dbck_certdb_name_cb, /* namecb */
+ pathname, /* configDir */
+ PR_FALSE); /* volatile */
}
if (rv) {
- SECU_PrintError(progName, "unable to open cert database");
- return -1;
+ SECU_PrintError(progName, "unable to open cert database");
+ return -1;
}
if (dbck.commands[cmd_Debug].activated) {
- DBCK_DebugDB(certHandle, dumpfile, mailfile);
- return 0;
+ DBCK_DebugDB(certHandle, dumpfile, mailfile);
+ return 0;
}
#ifdef DORECOVER
if (dbck.commands[cmd_Recover].activated) {
- DBCK_ReconstructDBFromCerts(certHandle, newdbname,
- dumpfile, removeExpired,
- requireProfile, singleEntry,
- dbck.options[opt_Prompt].activated);
- return 0;
+ DBCK_ReconstructDBFromCerts(certHandle, newdbname,
+ dumpfile, removeExpired,
+ requireProfile, singleEntry,
+ dbck.options[opt_Prompt].activated);
+ return 0;
}
#endif
if (mailfile)
- PR_Close(mailfile);
+ PR_Close(mailfile);
if (dumpfile)
- PR_Close(dumpfile);
+ PR_Close(dumpfile);
if (certHandle) {
- nsslowcert_ClosePermCertDB(certHandle);
- PORT_Free(certHandle);
+ nsslowcert_ClosePermCertDB(certHandle);
+ PORT_Free(certHandle);
}
return -1;
}
diff --git a/cmd/dbck/dbrecover.c b/cmd/dbck/dbrecover.c
index 372c73b3f..74d21d85e 100644
--- a/cmd/dbck/dbrecover.c
+++ b/cmd/dbck/dbrecover.c
@@ -10,8 +10,7 @@ enum {
dbCertNotWrittenToDB
};
-typedef struct dbRestoreInfoStr
-{
+typedef struct dbRestoreInfoStr {
NSSLOWCERTCertDBHandle *handle;
PRBool verbose;
PRFileDesc *out;
@@ -30,50 +29,50 @@ IsEmailCert(CERTCertificate *cert)
int len;
if (!cert->subjectName) {
- return NULL;
+ return NULL;
}
tmp1 = PORT_Strstr(cert->subjectName, "E=");
tmp2 = PORT_Strstr(cert->subjectName, "MAIL=");
/* XXX Nelson has cert for KTrilli which does not have either
- * of above but is email cert (has cert->emailAddr).
+ * of above but is email cert (has cert->emailAddr).
*/
if (!tmp1 && !tmp2 && !(cert->emailAddr && cert->emailAddr[0])) {
- return NULL;
+ return NULL;
}
/* Server or CA cert, not personal email. */
isCA = CERT_IsCACert(cert, NULL);
if (isCA)
- return NULL;
+ return NULL;
/* XXX CERT_IsCACert advertises checking the key usage ext.,
- but doesn't appear to. */
+ but doesn't appear to. */
/* Check the key usage extension. */
if (cert->keyUsagePresent) {
- /* Must at least be able to sign or encrypt (not neccesarily
- * both if it is one of a dual cert).
- */
- if (!((cert->rawKeyUsage & KU_DIGITAL_SIGNATURE) ||
+ /* Must at least be able to sign or encrypt (not neccesarily
+ * both if it is one of a dual cert).
+ */
+ if (!((cert->rawKeyUsage & KU_DIGITAL_SIGNATURE) ||
(cert->rawKeyUsage & KU_KEY_ENCIPHERMENT)))
- return NULL;
+ return NULL;
- /* CA cert, not personal email. */
- if (cert->rawKeyUsage & (KU_KEY_CERT_SIGN | KU_CRL_SIGN))
- return NULL;
+ /* CA cert, not personal email. */
+ if (cert->rawKeyUsage & (KU_KEY_CERT_SIGN | KU_CRL_SIGN))
+ return NULL;
}
if (cert->emailAddr && cert->emailAddr[0]) {
- email = PORT_Strdup(cert->emailAddr);
+ email = PORT_Strdup(cert->emailAddr);
} else {
- if (tmp1)
- tmp1 += 2; /* "E=" */
- else
- tmp1 = tmp2 + 5; /* "MAIL=" */
- len = strcspn(tmp1, ", ");
- email = (char*)PORT_Alloc(len+1);
- PORT_Strncpy(email, tmp1, len);
- email[len] = '\0';
+ if (tmp1)
+ tmp1 += 2; /* "E=" */
+ else
+ tmp1 = tmp2 + 5; /* "MAIL=" */
+ len = strcspn(tmp1, ", ");
+ email = (char *)PORT_Alloc(len + 1);
+ PORT_Strncpy(email, tmp1, len);
+ email[len] = '\0';
}
return email;
@@ -86,7 +85,7 @@ deleteit(CERTCertificate *cert, void *arg)
}
/* Different than DeleteCertificate - has the added bonus of removing
- * all certs with the same DN.
+ * all certs with the same DN.
*/
SECStatus
deleteAllEntriesForCert(NSSLOWCERTCertDBHandle *handle, CERTCertificate *cert,
@@ -100,9 +99,9 @@ deleteAllEntriesForCert(NSSLOWCERTCertDBHandle *handle, CERTCertificate *cert,
#endif
if (outfile) {
- PR_fprintf(outfile, "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\n");
- PR_fprintf(outfile, "Deleting redundant certificate:\n");
- dumpCertificate(cert, -1, outfile);
+ PR_fprintf(outfile, "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\n");
+ PR_fprintf(outfile, "Deleting redundant certificate:\n");
+ dumpCertificate(cert, -1, outfile);
}
CERT_TraverseCertsForSubject(handle, cert->subjectList, deleteit, NULL);
@@ -112,28 +111,28 @@ deleteAllEntriesForCert(NSSLOWCERTCertDBHandle *handle, CERTCertificate *cert,
/* It had better be there, or created a bad db. */
PORT_Assert(subjectEntry);
for (i=0; i<subjectEntry->ncerts; i++) {
- DeleteDBCertEntry(handle, &subjectEntry->certKeys[i]);
+ DeleteDBCertEntry(handle, &subjectEntry->certKeys[i]);
}
DeleteDBSubjectEntry(handle, &cert->derSubject);
if (subjectEntry->emailAddr && subjectEntry->emailAddr[0]) {
- smimeEntry = ReadDBSMimeEntry(handle, subjectEntry->emailAddr);
- if (smimeEntry) {
- if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject,
- &smimeEntry->subjectName))
- /* Only delete it if it's for this subject! */
- DeleteDBSMimeEntry(handle, subjectEntry->emailAddr);
- SEC_DestroyDBEntry((certDBEntry*)smimeEntry);
- }
+ smimeEntry = ReadDBSMimeEntry(handle, subjectEntry->emailAddr);
+ if (smimeEntry) {
+ if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject,
+ &smimeEntry->subjectName))
+ /* Only delete it if it's for this subject! */
+ DeleteDBSMimeEntry(handle, subjectEntry->emailAddr);
+ SEC_DestroyDBEntry((certDBEntry*)smimeEntry);
+ }
}
if (subjectEntry->nickname) {
- nicknameEntry = ReadDBNicknameEntry(handle, subjectEntry->nickname);
- if (nicknameEntry) {
- if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject,
- &nicknameEntry->subjectName))
- /* Only delete it if it's for this subject! */
- DeleteDBNicknameEntry(handle, subjectEntry->nickname);
- SEC_DestroyDBEntry((certDBEntry*)nicknameEntry);
- }
+ nicknameEntry = ReadDBNicknameEntry(handle, subjectEntry->nickname);
+ if (nicknameEntry) {
+ if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject,
+ &nicknameEntry->subjectName))
+ /* Only delete it if it's for this subject! */
+ DeleteDBNicknameEntry(handle, subjectEntry->nickname);
+ SEC_DestroyDBEntry((certDBEntry*)nicknameEntry);
+ }
}
SEC_DestroyDBEntry((certDBEntry*)subjectEntry);
CERT_UnlockDB(handle);
@@ -150,22 +149,22 @@ getCertsToDelete(char *numlist, int len, int *certNums, int nCerts)
numstr = numlist;
end = numstr + len - 1;
while (numstr != end) {
- numend = strpbrk(numstr, ", \n");
- *numend = '\0';
- if (PORT_Strlen(numstr) == 0)
- return;
- num = PORT_Atoi(numstr);
- if (numstr == numlist)
- certNums[0] = num;
- for (j=1; j<nCerts+1; j++) {
- if (num == certNums[j]) {
- certNums[j] = -1;
- break;
- }
- }
- if (numend == end)
- break;
- numstr = strpbrk(numend+1, "0123456789");
+ numend = strpbrk(numstr, ", \n");
+ *numend = '\0';
+ if (PORT_Strlen(numstr) == 0)
+ return;
+ num = PORT_Atoi(numstr);
+ if (numstr == numlist)
+ certNums[0] = num;
+ for (j = 1; j < nCerts + 1; j++) {
+ if (num == certNums[j]) {
+ certNums[j] = -1;
+ break;
+ }
+ }
+ if (numend == end)
+ break;
+ numstr = strpbrk(numend + 1, "0123456789");
}
}
@@ -178,68 +177,68 @@ userSaysDeleteCert(CERTCertificate **certs, int nCerts,
int i;
/* User wants to remove cert without prompting. */
if (info->promptUser[errtype] == PR_FALSE)
- return (info->removeType[errtype]);
+ return (info->removeType[errtype]);
switch (errtype) {
- case dbInvalidCert:
- PR_fprintf(PR_STDOUT, "******** Expired ********\n");
- PR_fprintf(PR_STDOUT, "Cert has expired.\n\n");
- dumpCertificate(certs[0], -1, PR_STDOUT);
- PR_fprintf(PR_STDOUT,
- "Keep it? (y/n - this one, Y/N - all expired certs) [n] ");
- break;
- case dbNoSMimeProfile:
- PR_fprintf(PR_STDOUT, "******** No Profile ********\n");
- PR_fprintf(PR_STDOUT, "S/MIME cert has no profile.\n\n");
- dumpCertificate(certs[0], -1, PR_STDOUT);
- PR_fprintf(PR_STDOUT,
- "Keep it? (y/n - this one, Y/N - all S/MIME w/o profile) [n] ");
- break;
- case dbOlderCert:
- PR_fprintf(PR_STDOUT, "******* Redundant nickname/email *******\n\n");
- PR_fprintf(PR_STDOUT, "These certs have the same nickname/email:\n");
- for (i=0; i<nCerts; i++)
- dumpCertificate(certs[i], i, PR_STDOUT);
- PR_fprintf(PR_STDOUT,
- "Enter the certs you would like to keep from those listed above.\n");
- PR_fprintf(PR_STDOUT,
- "Use a comma-separated list of the cert numbers (ex. 0, 8, 12).\n");
- PR_fprintf(PR_STDOUT,
- "The first cert in the list will be the primary cert\n");
- PR_fprintf(PR_STDOUT,
- " accessed by the nickname/email handle.\n");
- PR_fprintf(PR_STDOUT,
- "List cert numbers to keep here, or hit enter\n");
- PR_fprintf(PR_STDOUT,
- " to always keep only the newest cert: ");
- break;
- default:
+ case dbInvalidCert:
+ PR_fprintf(PR_STDOUT, "******** Expired ********\n");
+ PR_fprintf(PR_STDOUT, "Cert has expired.\n\n");
+ dumpCertificate(certs[0], -1, PR_STDOUT);
+ PR_fprintf(PR_STDOUT,
+ "Keep it? (y/n - this one, Y/N - all expired certs) [n] ");
+ break;
+ case dbNoSMimeProfile:
+ PR_fprintf(PR_STDOUT, "******** No Profile ********\n");
+ PR_fprintf(PR_STDOUT, "S/MIME cert has no profile.\n\n");
+ dumpCertificate(certs[0], -1, PR_STDOUT);
+ PR_fprintf(PR_STDOUT,
+ "Keep it? (y/n - this one, Y/N - all S/MIME w/o profile) [n] ");
+ break;
+ case dbOlderCert:
+ PR_fprintf(PR_STDOUT, "******* Redundant nickname/email *******\n\n");
+ PR_fprintf(PR_STDOUT, "These certs have the same nickname/email:\n");
+ for (i = 0; i < nCerts; i++)
+ dumpCertificate(certs[i], i, PR_STDOUT);
+ PR_fprintf(PR_STDOUT,
+ "Enter the certs you would like to keep from those listed above.\n");
+ PR_fprintf(PR_STDOUT,
+ "Use a comma-separated list of the cert numbers (ex. 0, 8, 12).\n");
+ PR_fprintf(PR_STDOUT,
+ "The first cert in the list will be the primary cert\n");
+ PR_fprintf(PR_STDOUT,
+ " accessed by the nickname/email handle.\n");
+ PR_fprintf(PR_STDOUT,
+ "List cert numbers to keep here, or hit enter\n");
+ PR_fprintf(PR_STDOUT,
+ " to always keep only the newest cert: ");
+ break;
+ default:
}
nb = PR_Read(PR_STDIN, response, sizeof(response));
PR_fprintf(PR_STDOUT, "\n\n");
if (errtype == dbOlderCert) {
- if (!isdigit(response[0])) {
- info->promptUser[errtype] = PR_FALSE;
- info->removeType[errtype] = PR_TRUE;
- return PR_TRUE;
- }
- getCertsToDelete(response, nb, certNums, nCerts);
- return PR_TRUE;
+ if (!isdigit(response[0])) {
+ info->promptUser[errtype] = PR_FALSE;
+ info->removeType[errtype] = PR_TRUE;
+ return PR_TRUE;
+ }
+ getCertsToDelete(response, nb, certNums, nCerts);
+ return PR_TRUE;
}
/* User doesn't want to be prompted for this type anymore. */
if (response[0] == 'Y') {
- info->promptUser[errtype] = PR_FALSE;
- info->removeType[errtype] = PR_FALSE;
- return PR_FALSE;
+ info->promptUser[errtype] = PR_FALSE;
+ info->removeType[errtype] = PR_FALSE;
+ return PR_FALSE;
} else if (response[0] == 'N') {
- info->promptUser[errtype] = PR_FALSE;
- info->removeType[errtype] = PR_TRUE;
- return PR_TRUE;
+ info->promptUser[errtype] = PR_FALSE;
+ info->removeType[errtype] = PR_TRUE;
+ return PR_TRUE;
}
return (response[0] != 'y') ? PR_TRUE : PR_FALSE;
}
SECStatus
-addCertToDB(certDBEntryCert *certEntry, dbRestoreInfo *info,
+addCertToDB(certDBEntryCert *certEntry, dbRestoreInfo *info,
NSSLOWCERTCertDBHandle *oldhandle)
{
SECStatus rv = SECSuccess;
@@ -258,9 +257,9 @@ addCertToDB(certDBEntryCert *certEntry, dbRestoreInfo *info,
oldCert = CERT_DecodeDERCertificate(&certEntry->derCert, PR_FALSE,
certEntry->nickname);
if (!oldCert) {
- info->dbErrors[dbBadCertificate]++;
- SEC_DestroyDBEntry((certDBEntry*)certEntry);
- return SECSuccess;
+ info->dbErrors[dbBadCertificate]++;
+ SEC_DestroyDBEntry((certDBEntry *)certEntry);
+ return SECSuccess;
}
oldCert->dbEntry = certEntry;
@@ -272,67 +271,67 @@ addCertToDB(certDBEntryCert *certEntry, dbRestoreInfo *info,
info->nOldCerts++;
if (info->verbose)
- PR_fprintf(info->out, "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n\n");
+ PR_fprintf(info->out, "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n\n");
if (oldCert->nickname)
- nickname = PORT_Strdup(oldCert->nickname);
+ nickname = PORT_Strdup(oldCert->nickname);
/* Always keep user certs. Skip ahead. */
/* XXX if someone sends themselves a signed message, it is possible
- for their cert to be imported as an "other" cert, not a user cert.
- this mucks with smime entries... */
+ for their cert to be imported as an "other" cert, not a user cert.
+ this mucks with smime entries... */
userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) ||
(SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) ||
(SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER);
if (userCert)
- goto createcert;
+ goto createcert;
/* If user chooses so, ignore expired certificates. */
allowOverride = (PRBool)((oldCert->keyUsage == certUsageSSLServer) ||
- (oldCert->keyUsage == certUsageSSLServerWithStepUp));
+ (oldCert->keyUsage == certUsageSSLServerWithStepUp));
validity = CERT_CheckCertValidTimes(oldCert, PR_Now(), allowOverride);
/* If cert expired and user wants to delete it, ignore it. */
- if ((validity != secCertTimeValid) &&
- userSaysDeleteCert(&oldCert, 1, dbInvalidCert, info, 0)) {
- info->dbErrors[dbInvalidCert]++;
- if (info->verbose) {
- PR_fprintf(info->out, "Deleting expired certificate:\n");
- dumpCertificate(oldCert, -1, info->out);
- }
- goto cleanup;
+ if ((validity != secCertTimeValid) &&
+ userSaysDeleteCert(&oldCert, 1, dbInvalidCert, info, 0)) {
+ info->dbErrors[dbInvalidCert]++;
+ if (info->verbose) {
+ PR_fprintf(info->out, "Deleting expired certificate:\n");
+ dumpCertificate(oldCert, -1, info->out);
+ }
+ goto cleanup;
}
/* New database will already have default certs, don't attempt
- to overwrite them. */
+ to overwrite them. */
dbCert = CERT_FindCertByDERCert(info->handle, &oldCert->derCert);
if (dbCert) {
- info->nCerts++;
- if (info->verbose) {
- PR_fprintf(info->out, "Added certificate to database:\n");
- dumpCertificate(oldCert, -1, info->out);
- }
- goto cleanup;
+ info->nCerts++;
+ if (info->verbose) {
+ PR_fprintf(info->out, "Added certificate to database:\n");
+ dumpCertificate(oldCert, -1, info->out);
+ }
+ goto cleanup;
}
-
+
/* Determine if cert is S/MIME and get its email if so. */
email = IsEmailCert(oldCert);
- /*
- XXX Just create empty profiles?
+/*
+ XXX Just create empty profiles?
if (email) {
- SECItem *profile = CERT_FindSMimeProfile(oldCert);
- if (!profile &&
- userSaysDeleteCert(&oldCert, 1, dbNoSMimeProfile, info, 0)) {
- info->dbErrors[dbNoSMimeProfile]++;
- if (info->verbose) {
- PR_fprintf(info->out,
- "Deleted cert missing S/MIME profile.\n");
- dumpCertificate(oldCert, -1, info->out);
- }
- goto cleanup;
- } else {
- SECITEM_FreeItem(profile);
- }
+ SECItem *profile = CERT_FindSMimeProfile(oldCert);
+ if (!profile &&
+ userSaysDeleteCert(&oldCert, 1, dbNoSMimeProfile, info, 0)) {
+ info->dbErrors[dbNoSMimeProfile]++;
+ if (info->verbose) {
+ PR_fprintf(info->out,
+ "Deleted cert missing S/MIME profile.\n");
+ dumpCertificate(oldCert, -1, info->out);
+ }
+ goto cleanup;
+ } else {
+ SECITEM_FreeItem(profile);
+ }
}
*/
@@ -340,30 +339,30 @@ createcert:
/* Sometimes happens... */
if (!nickname && userCert)
- nickname = PORT_Strdup(oldCert->subjectName);
+ nickname = PORT_Strdup(oldCert->subjectName);
/* Create a new certificate, copy of the old one. */
- newCert = CERT_NewTempCertificate(info->handle, &oldCert->derCert,
+ newCert = CERT_NewTempCertificate(info->handle, &oldCert->derCert,
nickname, PR_FALSE, PR_TRUE);
if (!newCert) {
- PR_fprintf(PR_STDERR, "Unable to create new certificate.\n");
- dumpCertificate(oldCert, -1, PR_STDERR);
- info->dbErrors[dbBadCertificate]++;
- goto cleanup;
+ PR_fprintf(PR_STDERR, "Unable to create new certificate.\n");
+ dumpCertificate(oldCert, -1, PR_STDERR);
+ info->dbErrors[dbBadCertificate]++;
+ goto cleanup;
}
/* Add the cert to the new database. */
rv = CERT_AddTempCertToPerm(newCert, nickname, oldCert->trust);
if (rv) {
- PR_fprintf(PR_STDERR, "Failed to write temp cert to perm database.\n");
- dumpCertificate(oldCert, -1, PR_STDERR);
- info->dbErrors[dbCertNotWrittenToDB]++;
- goto cleanup;
+ PR_fprintf(PR_STDERR, "Failed to write temp cert to perm database.\n");
+ dumpCertificate(oldCert, -1, PR_STDERR);
+ info->dbErrors[dbCertNotWrittenToDB]++;
+ goto cleanup;
}
if (info->verbose) {
- PR_fprintf(info->out, "Added certificate to database:\n");
- dumpCertificate(oldCert, -1, info->out);
+ PR_fprintf(info->out, "Added certificate to database:\n");
+ dumpCertificate(oldCert, -1, info->out);
}
/* If the cert is an S/MIME cert, and the first with it's subject,
@@ -372,13 +371,13 @@ createcert:
*/
if (smimeEntry) { /*&& !userCert && nCertsForSubject == 1) { */
#if 0
- UpdateSubjectWithEmailAddr(newCert, email);
+ UpdateSubjectWithEmailAddr(newCert, email);
#endif
- SECItem emailProfile, profileTime;
- rv = CERT_FindFullSMimeProfile(oldCert, &emailProfile, &profileTime);
- /* calls UpdateSubjectWithEmailAddr */
- if (rv == SECSuccess)
- rv = CERT_SaveSMimeProfile(newCert, &emailProfile, &profileTime);
+ SECItem emailProfile, profileTime;
+ rv = CERT_FindFullSMimeProfile(oldCert, &emailProfile, &profileTime);
+ /* calls UpdateSubjectWithEmailAddr */
+ if (rv == SECSuccess)
+ rv = CERT_SaveSMimeProfile(newCert, &emailProfile, &profileTime);
}
info->nCerts++;
@@ -386,17 +385,17 @@ createcert:
cleanup:
if (nickname)
- PORT_Free(nickname);
+ PORT_Free(nickname);
if (email)
- PORT_Free(email);
+ PORT_Free(email);
if (oldCert)
- CERT_DestroyCertificate(oldCert);
+ CERT_DestroyCertificate(oldCert);
if (dbCert)
- CERT_DestroyCertificate(dbCert);
+ CERT_DestroyCertificate(dbCert);
if (newCert)
- CERT_DestroyCertificate(newCert);
+ CERT_DestroyCertificate(newCert);
if (smimeEntry)
- SEC_DestroyDBEntry((certDBEntry*)smimeEntry);
+ SEC_DestroyDBEntry((certDBEntry *)smimeEntry);
return SECSuccess;
}
@@ -427,7 +426,7 @@ copyDBEntry(SECItem *data, SECItem *key, certDBEntryType type, void *pdata)
#endif
int
-certIsOlder(CERTCertificate **cert1, CERTCertificate** cert2)
+certIsOlder(CERTCertificate **cert1, CERTCertificate **cert2)
{
return !CERT_IsNewer(*cert1, *cert2);
}
@@ -451,7 +450,7 @@ findNewestSubjectForEmail(NSSLOWCERTCertDBHandle *handle, int subjectNum,
int *certNums;
ns = 0;
- subjectEntry1 = (certDBEntrySubject*)&subjects.entries[subjectNum];
+ subjectEntry1 = (certDBEntrySubject *)&subjects.entries[subjectNum];
subjectsForEmail[ns++] = subjectNum;
*subjectWithSMime = -1;
@@ -460,11 +459,11 @@ findNewestSubjectForEmail(NSSLOWCERTCertDBHandle *handle, int subjectNum,
cert = CERT_FindCertByKey(handle, &subjectEntry1->certKeys[0]);
if (cert) {
- trust = cert->trust;
- userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) ||
- (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) ||
- (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER);
- CERT_DestroyCertificate(cert);
+ trust = cert->trust;
+ userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) ||
+ (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) ||
+ (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER);
+ CERT_DestroyCertificate(cert);
}
/*
@@ -474,78 +473,78 @@ findNewestSubjectForEmail(NSSLOWCERTCertDBHandle *handle, int subjectNum,
*/
/* Loop over the remaining subjects. */
- for (i=subjectNum+1; i<subjects.numEntries; i++) {
- subjectEntry2 = (certDBEntrySubject*)&subjects.entries[i];
- if (!subjectEntry2)
- continue;
- if (subjectEntry2->emailAddr && subjectEntry2->emailAddr[0] &&
- PORT_Strcmp(subjectEntry1->emailAddr,
- subjectEntry2->emailAddr) == 0) {
- /* Found a subject using the same email address. */
- subjectsForEmail[ns++] = i;
- }
+ for (i = subjectNum + 1; i < subjects.numEntries; i++) {
+ subjectEntry2 = (certDBEntrySubject *)&subjects.entries[i];
+ if (!subjectEntry2)
+ continue;
+ if (subjectEntry2->emailAddr && subjectEntry2->emailAddr[0] &&
+ PORT_Strcmp(subjectEntry1->emailAddr,
+ subjectEntry2->emailAddr) == 0) {
+ /* Found a subject using the same email address. */
+ subjectsForEmail[ns++] = i;
+ }
}
/* Find the S/MIME entry for this email address. */
- for (i=0; i<smime.numEntries; i++) {
- smimeEntry = (certDBEntrySMime*)&smime.entries[i];
- if (smimeEntry->common.arena == NULL)
- continue;
- if (smimeEntry->emailAddr && smimeEntry->emailAddr[0] &&
- PORT_Strcmp(subjectEntry1->emailAddr, smimeEntry->emailAddr) == 0) {
- /* Find which of the subjects uses this S/MIME entry. */
- for (j=0; j<ns && *subjectWithSMime < 0; j++) {
- sNum = subjectsForEmail[j];
- subjectEntry2 = (certDBEntrySubject*)&subjects.entries[sNum];
- if (SECITEM_ItemsAreEqual(&smimeEntry->subjectName,
- &subjectEntry2->derSubject)) {
- /* Found the subject corresponding to the S/MIME entry. */
- *subjectWithSMime = sNum;
- *smimeForSubject = i;
- }
- }
- SEC_DestroyDBEntry((certDBEntry*)smimeEntry);
- PORT_Memset(smimeEntry, 0, sizeof(certDBEntry));
- break;
- }
+ for (i = 0; i < smime.numEntries; i++) {
+ smimeEntry = (certDBEntrySMime *)&smime.entries[i];
+ if (smimeEntry->common.arena == NULL)
+ continue;
+ if (smimeEntry->emailAddr && smimeEntry->emailAddr[0] &&
+ PORT_Strcmp(subjectEntry1->emailAddr, smimeEntry->emailAddr) == 0) {
+ /* Find which of the subjects uses this S/MIME entry. */
+ for (j = 0; j < ns && *subjectWithSMime < 0; j++) {
+ sNum = subjectsForEmail[j];
+ subjectEntry2 = (certDBEntrySubject *)&subjects.entries[sNum];
+ if (SECITEM_ItemsAreEqual(&smimeEntry->subjectName,
+ &subjectEntry2->derSubject)) {
+ /* Found the subject corresponding to the S/MIME entry. */
+ *subjectWithSMime = sNum;
+ *smimeForSubject = i;
+ }
+ }
+ SEC_DestroyDBEntry((certDBEntry *)smimeEntry);
+ PORT_Memset(smimeEntry, 0, sizeof(certDBEntry));
+ break;
+ }
}
if (ns <= 1)
- return subjectNum;
+ return subjectNum;
if (userCert)
- return *subjectWithSMime;
+ return *subjectWithSMime;
/* Now find which of the subjects has the newest cert. */
- certs = (CERTCertificate**)PORT_Alloc(ns*sizeof(CERTCertificate*));
- certNums = (int*)PORT_Alloc((ns+1)*sizeof(int));
+ certs = (CERTCertificate **)PORT_Alloc(ns * sizeof(CERTCertificate *));
+ certNums = (int *)PORT_Alloc((ns + 1) * sizeof(int));
certNums[0] = 0;
- for (i=0; i<ns; i++) {
- sNum = subjectsForEmail[i];
- subjectEntry1 = (certDBEntrySubject*)&subjects.entries[sNum];
- certs[i] = CERT_FindCertByKey(handle, &subjectEntry1->certKeys[0]);
- certNums[i+1] = i;
+ for (i = 0; i < ns; i++) {
+ sNum = subjectsForEmail[i];
+ subjectEntry1 = (certDBEntrySubject *)&subjects.entries[sNum];
+ certs[i] = CERT_FindCertByKey(handle, &subjectEntry1->certKeys[0]);
+ certNums[i + 1] = i;
}
/* Sort the array by validity. */
- qsort(certs, ns, sizeof(CERTCertificate*),
+ qsort(certs, ns, sizeof(CERTCertificate *),
(int (*)(const void *, const void *))certIsOlder);
newestSubject = -1;
- for (i=0; i<ns; i++) {
- sNum = subjectsForEmail[i];
- subjectEntry1 = (certDBEntrySubject*)&subjects.entries[sNum];
- if (SECITEM_ItemsAreEqual(&subjectEntry1->derSubject,
- &certs[0]->derSubject))
- newestSubject = sNum;
- else
- SEC_DestroyDBEntry((certDBEntry*)subjectEntry1);
+ for (i = 0; i < ns; i++) {
+ sNum = subjectsForEmail[i];
+ subjectEntry1 = (certDBEntrySubject *)&subjects.entries[sNum];
+ if (SECITEM_ItemsAreEqual(&subjectEntry1->derSubject,
+ &certs[0]->derSubject))
+ newestSubject = sNum;
+ else
+ SEC_DestroyDBEntry((certDBEntry *)subjectEntry1);
}
if (info && userSaysDeleteCert(certs, ns, dbOlderCert, info, certNums)) {
- for (i=1; i<ns+1; i++) {
- if (certNums[i] >= 0 && certNums[i] != certNums[0]) {
- deleteAllEntriesForCert(handle, certs[certNums[i]], info->out);
- info->dbErrors[dbOlderCert]++;
- }
- }
+ for (i = 1; i < ns + 1; i++) {
+ if (certNums[i] >= 0 && certNums[i] != certNums[0]) {
+ deleteAllEntriesForCert(handle, certs[certNums[i]], info->out);
+ info->dbErrors[dbOlderCert]++;
+ }
+ }
}
CERT_DestroyCertArray(certs, ns);
return newestSubject;
@@ -570,23 +569,23 @@ DBCK_ReconstructDBFromCerts(NSSLOWCERTCertDBHandle *oldhandle, char *newdbname,
info.removeType[dbInvalidCert] = removeExpired;
info.removeType[dbNoSMimeProfile] = requireProfile;
info.removeType[dbOlderCert] = singleEntry;
- info.promptUser[dbInvalidCert] = promptUser;
- info.promptUser[dbNoSMimeProfile] = promptUser;
- info.promptUser[dbOlderCert] = promptUser;
+ info.promptUser[dbInvalidCert] = promptUser;
+ info.promptUser[dbNoSMimeProfile] = promptUser;
+ info.promptUser[dbOlderCert] = promptUser;
/* Allocate a handle to fill with CERT_OpenCertDB below. */
info.handle = PORT_ZNew(NSSLOWCERTCertDBHandle);
if (!info.handle) {
- fprintf(stderr, "unable to get database handle");
- return NULL;
+ fprintf(stderr, "unable to get database handle");
+ return NULL;
}
/* Create a certdb with the most recent set of roots. */
rv = CERT_OpenCertDBFilename(info.handle, newdbname, PR_FALSE);
if (rv) {
- fprintf(stderr, "could not open certificate database");
- goto loser;
+ fprintf(stderr, "could not open certificate database");
+ goto loser;
}
/* Create certificate, subject, nickname, and email records.
@@ -598,16 +597,16 @@ DBCK_ReconstructDBFromCerts(NSSLOWCERTCertDBHandle *oldhandle, char *newdbname,
fillDBEntryArray(oldhandle, certDBEntryTypeCert, &dbArray.certs);
for (elem = PR_LIST_HEAD(&dbArray->certs.link);
elem != &dbArray->certs.link; elem = PR_NEXT_LINK(elem)) {
- node = LISTNODE_CAST(elem);
- addCertToDB((certDBEntryCert*)&node->entry, &info, oldhandle);
- /* entries get destroyed in addCertToDB */
+ node = LISTNODE_CAST(elem);
+ addCertToDB((certDBEntryCert *)&node->entry, &info, oldhandle);
+ /* entries get destroyed in addCertToDB */
}
#if 0
- rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeSMimeProfile,
+ rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeSMimeProfile,
copyDBEntry, info.handle);
#endif
- /* Fix up the pointers between (nickname|S/MIME) --> (subject).
+/* Fix up the pointers between (nickname|S/MIME) --> (subject).
* Create S/MIME entries for S/MIME certs.
* Have the S/MIME entry point to the last-expiring cert using
* an email address.
@@ -618,53 +617,52 @@ DBCK_ReconstructDBFromCerts(NSSLOWCERTCertDBHandle *oldhandle, char *newdbname,
freeDBEntryList(&dbArray.certs.link);
- /* Copy over the version record. */
- /* XXX Already exists - and _must_ be correct... */
- /*
+/* Copy over the version record. */
+/* XXX Already exists - and _must_ be correct... */
+/*
versionEntry = ReadDBVersionEntry(oldhandle);
rv = WriteDBVersionEntry(info.handle, versionEntry);
*/
- /* Copy over the content version record. */
- /* XXX Can probably get useful info from old content version?
+/* Copy over the content version record. */
+/* XXX Can probably get useful info from old content version?
* Was this db created before/after this tool? etc.
*/
#if 0
oldContentVersion = ReadDBContentVersionEntry(oldhandle);
- CERT_SetDBContentVersion(oldContentVersion->contentVersion, info.handle);
+ CERT_SetDBContentVersion(oldContentVersion->contentVersion, info.handle);
#endif
#if 0
/* Copy over the CRL & KRL records. */
- rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeRevocation,
+ rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeRevocation,
copyDBEntry, info.handle);
/* XXX Only one KRL, just do db->get? */
- rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeKeyRevocation,
+ rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeKeyRevocation,
copyDBEntry, info.handle);
#endif
PR_fprintf(info.out, "Database had %d certificates.\n", info.nOldCerts);
PR_fprintf(info.out, "Reconstructed %d certificates.\n", info.nCerts);
- PR_fprintf(info.out, "(ax) Rejected %d expired certificates.\n",
- info.dbErrors[dbInvalidCert]);
- PR_fprintf(info.out, "(as) Rejected %d S/MIME certificates missing a profile.\n",
- info.dbErrors[dbNoSMimeProfile]);
- PR_fprintf(info.out, "(ar) Rejected %d certificates for which a newer certificate was found.\n",
- info.dbErrors[dbOlderCert]);
- PR_fprintf(info.out, " Rejected %d corrupt certificates.\n",
- info.dbErrors[dbBadCertificate]);
- PR_fprintf(info.out, " Rejected %d certificates which did not write to the DB.\n",
- info.dbErrors[dbCertNotWrittenToDB]);
+ PR_fprintf(info.out, "(ax) Rejected %d expired certificates.\n",
+ info.dbErrors[dbInvalidCert]);
+ PR_fprintf(info.out, "(as) Rejected %d S/MIME certificates missing a profile.\n",
+ info.dbErrors[dbNoSMimeProfile]);
+ PR_fprintf(info.out, "(ar) Rejected %d certificates for which a newer certificate was found.\n",
+ info.dbErrors[dbOlderCert]);
+ PR_fprintf(info.out, " Rejected %d corrupt certificates.\n",
+ info.dbErrors[dbBadCertificate]);
+ PR_fprintf(info.out, " Rejected %d certificates which did not write to the DB.\n",
+ info.dbErrors[dbCertNotWrittenToDB]);
if (rv)
- goto loser;
+ goto loser;
return info.handle;
loser:
- if (info.handle)
- PORT_Free(info.handle);
+ if (info.handle)
+ PORT_Free(info.handle);
return NULL;
}
-
diff --git a/cmd/dbtest/dbtest.c b/cmd/dbtest/dbtest.c
index a0355cc49..2f1ea6d38 100644
--- a/cmd/dbtest/dbtest.c
+++ b/cmd/dbtest/dbtest.c
@@ -35,12 +35,12 @@
static char *progName;
-char *dbDir = NULL;
+char *dbDir = NULL;
-static char *dbName[]={"secmod.db", "cert8.db", "key3.db"};
-static char* dbprefix = "";
-static char* secmodName = "secmod.db";
-static char* userPassword = "";
+static char *dbName[] = { "secmod.db", "cert8.db", "key3.db" };
+static char *dbprefix = "";
+static char *secmodName = "secmod.db";
+static char *userPassword = "";
PRBool verbose;
static char *
@@ -49,30 +49,31 @@ getPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
int *success = (int *)arg;
if (retry) {
- *success = 0;
- return NULL;
+ *success = 0;
+ return NULL;
}
*success = 1;
- return PORT_Strdup(userPassword);
+ return PORT_Strdup(userPassword);
}
-
-static void Usage(const char *progName)
+static void
+Usage(const char *progName)
{
printf("Usage: %s [-r] [-f] [-i] [-d dbdir ] \n",
- progName);
+ progName);
printf("%-20s open database readonly (NSS_INIT_READONLY)\n", "-r");
printf("%-20s Continue to force initializations even if the\n", "-f");
printf("%-20s databases cannot be opened (NSS_INIT_FORCEOPEN)\n", " ");
printf("%-20s Try to initialize the database\n", "-i");
printf("%-20s Supply a password with which to initialize the db\n", "-p");
printf("%-20s Directory with cert database (default is .\n",
- "-d certdir");
+ "-d certdir");
exit(1);
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
PLOptState *optstate;
PLOptStatus optstatus;
@@ -80,36 +81,43 @@ int main(int argc, char **argv)
PRUint32 flags = 0;
Error ret;
SECStatus rv;
- char * dbString = NULL;
+ char *dbString = NULL;
PRBool doInitTest = PR_FALSE;
int i;
progName = strrchr(argv[0], '/');
if (!progName)
progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
optstate = PL_CreateOptState(argc, argv, "rfip:d:h");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
- case 'h':
- default : Usage(progName); break;
+ case 'h':
+ default:
+ Usage(progName);
+ break;
- case 'r': flags |= NSS_INIT_READONLY; break;
+ case 'r':
+ flags |= NSS_INIT_READONLY;
+ break;
- case 'f': flags |= NSS_INIT_FORCEOPEN; break;
+ case 'f':
+ flags |= NSS_INIT_FORCEOPEN;
+ break;
- case 'i': doInitTest = PR_TRUE; break;
+ case 'i':
+ doInitTest = PR_TRUE;
+ break;
- case 'p':
- userPassword = PORT_Strdup(optstate->value);
- break;
+ case 'p':
+ userPassword = PORT_Strdup(optstate->value);
+ break;
- case 'd':
+ case 'd':
dbDir = PORT_Strdup(optstate->value);
break;
-
}
}
if (optstatus == PL_OPT_BAD)
@@ -121,108 +129,106 @@ int main(int argc, char **argv)
dbDir = SECU_ConfigDirectory(dbDir);
PR_fprintf(PR_STDERR, "dbdir selected is %s\n\n", dbDir);
- if( dbDir[0] == '\0') {
+ if (dbDir[0] == '\0') {
PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir);
- ret= DIR_DOESNT_EXIST_ERR;
+ ret = DIR_DOESNT_EXIST_ERR;
goto loser;
}
-
- PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+ PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
/* get the status of the directory and databases and output message */
- if(PR_Access(dbDir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+ if (PR_Access(dbDir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir);
- } else if(PR_Access(dbDir, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+ } else if (PR_Access(dbDir, PR_ACCESS_READ_OK) != PR_SUCCESS) {
PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dbDir);
} else {
- if( !( flags & NSS_INIT_READONLY ) &&
- PR_Access(dbDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+ if (!(flags & NSS_INIT_READONLY) &&
+ PR_Access(dbDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dbDir);
}
- if (!doInitTest) {
- for (i=0;i<3;i++) {
- dbString=PR_smprintf("%s/%s",dbDir,dbName[i]);
- PR_fprintf(PR_STDOUT, "database checked is %s\n",dbString);
- if(PR_Access(dbString, PR_ACCESS_EXISTS) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_DOESNT_EXIST_ERR],
- dbString);
- } else if(PR_Access(dbString, PR_ACCESS_READ_OK) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR],
- dbString);
- } else if( !( flags & NSS_INIT_READONLY ) &&
- PR_Access(dbString, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR],
- dbString);
- }
- }
- }
+ if (!doInitTest) {
+ for (i = 0; i < 3; i++) {
+ dbString = PR_smprintf("%s/%s", dbDir, dbName[i]);
+ PR_fprintf(PR_STDOUT, "database checked is %s\n", dbString);
+ if (PR_Access(dbString, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+ PR_fprintf(PR_STDERR, errStrings[FILE_DOESNT_EXIST_ERR],
+ dbString);
+ } else if (PR_Access(dbString, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+ PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR],
+ dbString);
+ } else if (!(flags & NSS_INIT_READONLY) &&
+ PR_Access(dbString, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+ PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR],
+ dbString);
+ }
+ }
+ }
}
-
rv = NSS_Initialize(SECU_ConfigDirectory(dbDir), dbprefix, dbprefix,
- secmodName, flags);
+ secmodName, flags);
if (rv != SECSuccess) {
SECU_PrintPRandOSError(progName);
- ret=NSS_INITIALIZE_FAILED_ERR;
+ ret = NSS_INITIALIZE_FAILED_ERR;
} else {
- ret=SUCCESS;
- if (doInitTest) {
- PK11SlotInfo * slot = PK11_GetInternalKeySlot();
- SECStatus rv;
- int passwordSuccess = 0;
- int type = CKM_DES3_CBC;
- SECItem keyid = { 0, NULL, 0 };
- unsigned char keyIdData[] = { 0xff, 0xfe };
- PK11SymKey *key = NULL;
-
- keyid.data = keyIdData;
- keyid.len = sizeof(keyIdData);
-
- PK11_SetPasswordFunc(getPassword);
- rv = PK11_InitPin(slot, (char *)NULL, userPassword);
- if (rv != SECSuccess) {
- PR_fprintf(PR_STDERR, "Failed to Init DB: %s\n",
- SECU_Strerror(PORT_GetError()));
- ret = CHANGEPW_FAILED_ERR;
- }
- if (*userPassword && !PK11_IsLoggedIn(slot, &passwordSuccess)) {
+ ret = SUCCESS;
+ if (doInitTest) {
+ PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+ SECStatus rv;
+ int passwordSuccess = 0;
+ int type = CKM_DES3_CBC;
+ SECItem keyid = { 0, NULL, 0 };
+ unsigned char keyIdData[] = { 0xff, 0xfe };
+ PK11SymKey *key = NULL;
+
+ keyid.data = keyIdData;
+ keyid.len = sizeof(keyIdData);
+
+ PK11_SetPasswordFunc(getPassword);
+ rv = PK11_InitPin(slot, (char *)NULL, userPassword);
+ if (rv != SECSuccess) {
+ PR_fprintf(PR_STDERR, "Failed to Init DB: %s\n",
+ SECU_Strerror(PORT_GetError()));
+ ret = CHANGEPW_FAILED_ERR;
+ }
+ if (*userPassword && !PK11_IsLoggedIn(slot, &passwordSuccess)) {
PR_fprintf(PR_STDERR, "New DB did not log in after init\n");
- ret = AUTHENTICATION_FAILED_ERR;
- }
- /* generate a symetric key */
- key = PK11_TokenKeyGen(slot, type, NULL, 0, &keyid,
- PR_TRUE, &passwordSuccess);
-
- if (!key) {
- PR_fprintf(PR_STDERR, "Could not generated symetric key: %s\n",
- SECU_Strerror(PORT_GetError()));
- exit (UNSPECIFIED_ERR);
- }
- PK11_FreeSymKey(key);
- PK11_Logout(slot);
-
- PK11_Authenticate(slot, PR_TRUE, &passwordSuccess);
-
- if (*userPassword && !passwordSuccess) {
- PR_fprintf(PR_STDERR, "New DB Did not initalize\n");
- ret = AUTHENTICATION_FAILED_ERR;
- }
- key = PK11_FindFixedKey(slot, type, &keyid, &passwordSuccess);
-
- if (!key) {
- PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",
- SECU_Strerror(PORT_GetError()));
- ret = UNSPECIFIED_ERR;
- } else {
- PK11_FreeSymKey(key);
- }
- PK11_FreeSlot(slot);
- }
-
+ ret = AUTHENTICATION_FAILED_ERR;
+ }
+ /* generate a symetric key */
+ key = PK11_TokenKeyGen(slot, type, NULL, 0, &keyid,
+ PR_TRUE, &passwordSuccess);
+
+ if (!key) {
+ PR_fprintf(PR_STDERR, "Could not generated symetric key: %s\n",
+ SECU_Strerror(PORT_GetError()));
+ exit(UNSPECIFIED_ERR);
+ }
+ PK11_FreeSymKey(key);
+ PK11_Logout(slot);
+
+ PK11_Authenticate(slot, PR_TRUE, &passwordSuccess);
+
+ if (*userPassword && !passwordSuccess) {
+ PR_fprintf(PR_STDERR, "New DB Did not initalize\n");
+ ret = AUTHENTICATION_FAILED_ERR;
+ }
+ key = PK11_FindFixedKey(slot, type, &keyid, &passwordSuccess);
+
+ if (!key) {
+ PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",
+ SECU_Strerror(PORT_GetError()));
+ ret = UNSPECIFIED_ERR;
+ } else {
+ PK11_FreeSymKey(key);
+ }
+ PK11_FreeSlot(slot);
+ }
+
if (NSS_Shutdown() != SECSuccess) {
- PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",
- SECU_Strerror(PORT_GetError()));
+ PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",
+ SECU_Strerror(PORT_GetError()));
exit(1);
}
}
@@ -230,4 +236,3 @@ int main(int argc, char **argv)
loser:
return ret;
}
-
diff --git a/cmd/derdump/derdump.c b/cmd/derdump/derdump.c
index 3184b1b48..2916be6a5 100644
--- a/cmd/derdump/derdump.c
+++ b/cmd/derdump/derdump.c
@@ -13,21 +13,23 @@ extern int fprintf(FILE *, char *, ...);
#endif
#include "plgetopt.h"
-static void Usage(char *progName)
+static void
+Usage(char *progName)
{
fprintf(stderr,
- "Usage: %s [-r] [-i input] [-o output]\n",
- progName);
+ "Usage: %s [-r] [-i input] [-o output]\n",
+ progName);
fprintf(stderr, "%-20s For formatted items, dump raw bytes as well\n",
- "-r");
+ "-r");
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
+ "-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
+ "-o output");
exit(-1);
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
char *progName;
FILE *outFile;
@@ -40,66 +42,68 @@ int main(int argc, char **argv)
PLOptStatus status;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
/* Parse command line arguments */
inFile = 0;
outFile = 0;
optstate = PL_CreateOptState(argc, argv, "i:o:r");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'i':
- inFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
+ switch (optstate->option) {
+ case 'i':
+ inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+ if (!inFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
+ case 'o':
+ outFile = fopen(optstate->value, "w");
+ if (!outFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
- case 'r':
- raw = PR_TRUE;
- break;
+ case 'r':
+ raw = PR_TRUE;
+ break;
- default:
- Usage(progName);
- break;
- }
+ default:
+ Usage(progName);
+ break;
+ }
}
- if (status == PL_OPT_BAD)
- Usage(progName);
+ if (status == PL_OPT_BAD)
+ Usage(progName);
- if (!inFile) inFile = PR_STDIN;
- if (!outFile) outFile = stdout;
+ if (!inFile)
+ inFile = PR_STDIN;
+ if (!outFile)
+ outFile = stdout;
- rv = NSS_NoDB_Init(NULL); /* XXX */
+ rv = NSS_NoDB_Init(NULL); /* XXX */
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- return -1;
+ SECU_PrintPRandOSError(progName);
+ return -1;
}
- rv = SECU_ReadDERFromFile(&der, inFile, PR_FALSE, PR_FALSE);
+ rv = SECU_ReadDERFromFile(&der, inFile, PR_FALSE, PR_FALSE);
if (rv == SECSuccess) {
- rv = DER_PrettyPrint(outFile, &der, raw);
- if (rv == SECSuccess)
- return 0;
+ rv = DER_PrettyPrint(outFile, &der, raw);
+ if (rv == SECSuccess)
+ return 0;
}
xp_error = PORT_GetError();
if (xp_error) {
- SECU_PrintError(progName, "error %d", xp_error);
+ SECU_PrintError(progName, "error %d", xp_error);
}
if (errno) {
- SECU_PrintSystemError(progName, "errno=%d", errno);
+ SECU_PrintSystemError(progName, "errno=%d", errno);
}
return 1;
}
diff --git a/cmd/digest/digest.c b/cmd/digest/digest.c
index 4502fc39c..8c4c14926 100644
--- a/cmd/digest/digest.c
+++ b/cmd/digest/digest.c
@@ -8,8 +8,8 @@
#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
#if !defined(WIN32)
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
extern int fprintf(FILE *, char *, ...);
#endif
#endif
@@ -22,22 +22,22 @@ HashTypeToOID(HASH_HashType hashtype)
SECOidTag hashtag;
if (hashtype <= HASH_AlgNULL || hashtype >= HASH_AlgTOTAL)
- return NULL;
+ return NULL;
switch (hashtype) {
- case HASH_AlgMD2:
- hashtag = SEC_OID_MD2;
- break;
- case HASH_AlgMD5:
- hashtag = SEC_OID_MD5;
- break;
- case HASH_AlgSHA1:
- hashtag = SEC_OID_SHA1;
- break;
- default:
- fprintf(stderr, "A new hash type has been added to HASH_HashType.\n");
- fprintf(stderr, "This program needs to be updated!\n");
- return NULL;
+ case HASH_AlgMD2:
+ hashtag = SEC_OID_MD2;
+ break;
+ case HASH_AlgMD5:
+ hashtag = SEC_OID_MD5;
+ break;
+ case HASH_AlgSHA1:
+ hashtag = SEC_OID_SHA1;
+ break;
+ default:
+ fprintf(stderr, "A new hash type has been added to HASH_HashType.\n");
+ fprintf(stderr, "This program needs to be updated!\n");
+ return NULL;
}
return SECOID_FindOIDByTag(hashtag);
@@ -50,13 +50,13 @@ HashNameToOID(const char *hashName)
SECOidData *hashOID;
for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) {
- hashOID = HashTypeToOID(htype);
- if (PORT_Strcasecmp(hashName, hashOID->desc) == 0)
- break;
+ hashOID = HashTypeToOID(htype);
+ if (PORT_Strcasecmp(hashName, hashOID->desc) == 0)
+ break;
}
if (htype == HASH_AlgTOTAL)
- return NULL;
+ return NULL;
return hashOID;
}
@@ -67,23 +67,23 @@ Usage(char *progName)
HASH_HashType htype;
fprintf(stderr,
- "Usage: %s -t type [-i input] [-o output]\n",
- progName);
+ "Usage: %s -t type [-i input] [-o output]\n",
+ progName);
fprintf(stderr, "%-20s Specify the digest method (must be one of\n",
- "-t type");
+ "-t type");
fprintf(stderr, "%-20s ", "");
for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) {
- fprintf(stderr, "%s", HashTypeToOID(htype)->desc);
- if (htype == (HASH_AlgTOTAL - 2))
- fprintf(stderr, " or ");
- else if (htype != (HASH_AlgTOTAL - 1))
- fprintf(stderr, ", ");
+ fprintf(stderr, "%s", HashTypeToOID(htype)->desc);
+ if (htype == (HASH_AlgTOTAL - 2))
+ fprintf(stderr, " or ");
+ else if (htype != (HASH_AlgTOTAL - 1))
+ fprintf(stderr, ", ");
}
fprintf(stderr, " (case ignored))\n");
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
+ "-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
+ "-o output");
exit(-1);
}
@@ -98,41 +98,42 @@ DigestFile(FILE *outFile, FILE *inFile, SECOidData *hashOID)
hashcx = PK11_CreateDigestContext(hashOID->offset);
if (hashcx == NULL) {
- return -1;
+ return -1;
}
PK11_DigestBegin(hashcx);
-
for (;;) {
- if (feof(inFile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb != sizeof(ibuf)) {
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- PK11_DestroyContext(hashcx,PR_TRUE);
- return -1;
- }
- /* eof */
- break;
- }
- }
- rv = PK11_DigestOp(hashcx, ibuf, nb);
- if (rv != SECSuccess) {
- PK11_DestroyContext(hashcx, PR_TRUE);
- return -1;
- }
+ if (feof(inFile))
+ break;
+ nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+ if (nb != sizeof(ibuf)) {
+ if (nb == 0) {
+ if (ferror(inFile)) {
+ PORT_SetError(SEC_ERROR_IO);
+ PK11_DestroyContext(hashcx, PR_TRUE);
+ return -1;
+ }
+ /* eof */
+ break;
+ }
+ }
+ rv = PK11_DigestOp(hashcx, ibuf, nb);
+ if (rv != SECSuccess) {
+ PK11_DestroyContext(hashcx, PR_TRUE);
+ return -1;
+ }
}
rv = PK11_DigestFinal(hashcx, digest, &len, 32);
PK11_DestroyContext(hashcx, PR_TRUE);
- if (rv != SECSuccess) return -1;
+ if (rv != SECSuccess)
+ return -1;
nb = fwrite(digest, 1, len, outFile);
if (nb != len) {
- PORT_SetError(SEC_ERROR_IO);
- return -1;
+ PORT_SetError(SEC_ERROR_IO);
+ return -1;
}
return 0;
@@ -149,10 +150,10 @@ main(int argc, char **argv)
SECOidData *hashOID;
PLOptState *optstate;
PLOptStatus status;
- SECStatus rv;
+ SECStatus rv;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
inFile = NULL;
outFile = NULL;
@@ -160,8 +161,8 @@ main(int argc, char **argv)
rv = NSS_Init("/tmp");
if (rv != SECSuccess) {
- fprintf(stderr, "%s: NSS_Init failed in directory %s\n",
- progName, "/tmp");
+ fprintf(stderr, "%s: NSS_Init failed in directory %s\n",
+ progName, "/tmp");
return -1;
}
@@ -170,55 +171,58 @@ main(int argc, char **argv)
*/
optstate = PL_CreateOptState(argc, argv, "t:i:o:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'i':
- inFile = fopen(optstate->value, "r");
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 't':
- hashName = strdup(optstate->value);
- break;
- }
+ switch (optstate->option) {
+ case '?':
+ Usage(progName);
+ break;
+
+ case 'i':
+ inFile = fopen(optstate->value, "r");
+ if (!inFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'o':
+ outFile = fopen(optstate->value, "w");
+ if (!outFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 't':
+ hashName = strdup(optstate->value);
+ break;
+ }
}
- if (!hashName) Usage(progName);
+ if (!hashName)
+ Usage(progName);
- if (!inFile) inFile = stdin;
- if (!outFile) outFile = stdout;
+ if (!inFile)
+ inFile = stdin;
+ if (!outFile)
+ outFile = stdout;
hashOID = HashNameToOID(hashName);
if (hashOID == NULL) {
- fprintf(stderr, "%s: invalid digest type\n", progName);
- Usage(progName);
+ fprintf(stderr, "%s: invalid digest type\n", progName);
+ Usage(progName);
}
if (DigestFile(outFile, inFile, hashOID)) {
- fprintf(stderr, "%s: problem digesting data (%s)\n",
- progName, SECU_Strerror(PORT_GetError()));
- return -1;
+ fprintf(stderr, "%s: problem digesting data (%s)\n",
+ progName, SECU_Strerror(PORT_GetError()));
+ return -1;
}
if (NSS_Shutdown() != SECSuccess) {
exit(1);
- }
-
+ }
+
return 0;
}
diff --git a/cmd/ecperf/ecperf.c b/cmd/ecperf/ecperf.c
index 513d4ee00..8a60ac641 100644
--- a/cmd/ecperf/ecperf.c
+++ b/cmd/ecperf/ecperf.c
@@ -17,7 +17,7 @@
#include <sys/time.h>
#include <sys/resource.h>
-#define __PASTE(x,y) x##y
+#define __PASTE(x, y) x##y
/*
* Get the NSS specific PKCS #11 function names.
@@ -27,39 +27,37 @@
#define CK_EXTERN extern
#define CK_PKCS11_FUNCTION_INFO(func) \
- CK_RV __PASTE(NS,func)
-#define CK_NEED_ARG_LIST 1
+ CK_RV __PASTE(NS, func)
+#define CK_NEED_ARG_LIST 1
#include "pkcs11f.h"
-
-
/* mapping between ECCurveName enum and pointers to ECCurveParams */
static SECOidTag ecCurve_oid_map[] = {
- SEC_OID_UNKNOWN, /* ECCurve_noName */
- SEC_OID_ANSIX962_EC_PRIME192V1, /* ECCurve_NIST_P192 */
- SEC_OID_SECG_EC_SECP224R1, /* ECCurve_NIST_P224 */
- SEC_OID_ANSIX962_EC_PRIME256V1, /* ECCurve_NIST_P256 */
- SEC_OID_SECG_EC_SECP384R1, /* ECCurve_NIST_P384 */
- SEC_OID_SECG_EC_SECP521R1, /* ECCurve_NIST_P521 */
- SEC_OID_SECG_EC_SECT163K1, /* ECCurve_NIST_K163 */
- SEC_OID_SECG_EC_SECT163R1, /* ECCurve_NIST_B163 */
- SEC_OID_SECG_EC_SECT233K1, /* ECCurve_NIST_K233 */
- SEC_OID_SECG_EC_SECT233R1, /* ECCurve_NIST_B233 */
- SEC_OID_SECG_EC_SECT283K1, /* ECCurve_NIST_K283 */
- SEC_OID_SECG_EC_SECT283R1, /* ECCurve_NIST_B283 */
- SEC_OID_SECG_EC_SECT409K1, /* ECCurve_NIST_K409 */
- SEC_OID_SECG_EC_SECT409R1, /* ECCurve_NIST_B409 */
- SEC_OID_SECG_EC_SECT571K1, /* ECCurve_NIST_K571 */
- SEC_OID_SECG_EC_SECT571R1, /* ECCurve_NIST_B571 */
- SEC_OID_ANSIX962_EC_PRIME192V2,
+ SEC_OID_UNKNOWN, /* ECCurve_noName */
+ SEC_OID_ANSIX962_EC_PRIME192V1, /* ECCurve_NIST_P192 */
+ SEC_OID_SECG_EC_SECP224R1, /* ECCurve_NIST_P224 */
+ SEC_OID_ANSIX962_EC_PRIME256V1, /* ECCurve_NIST_P256 */
+ SEC_OID_SECG_EC_SECP384R1, /* ECCurve_NIST_P384 */
+ SEC_OID_SECG_EC_SECP521R1, /* ECCurve_NIST_P521 */
+ SEC_OID_SECG_EC_SECT163K1, /* ECCurve_NIST_K163 */
+ SEC_OID_SECG_EC_SECT163R1, /* ECCurve_NIST_B163 */
+ SEC_OID_SECG_EC_SECT233K1, /* ECCurve_NIST_K233 */
+ SEC_OID_SECG_EC_SECT233R1, /* ECCurve_NIST_B233 */
+ SEC_OID_SECG_EC_SECT283K1, /* ECCurve_NIST_K283 */
+ SEC_OID_SECG_EC_SECT283R1, /* ECCurve_NIST_B283 */
+ SEC_OID_SECG_EC_SECT409K1, /* ECCurve_NIST_K409 */
+ SEC_OID_SECG_EC_SECT409R1, /* ECCurve_NIST_B409 */
+ SEC_OID_SECG_EC_SECT571K1, /* ECCurve_NIST_K571 */
+ SEC_OID_SECG_EC_SECT571R1, /* ECCurve_NIST_B571 */
+ SEC_OID_ANSIX962_EC_PRIME192V2,
SEC_OID_ANSIX962_EC_PRIME192V3,
SEC_OID_ANSIX962_EC_PRIME239V1,
SEC_OID_ANSIX962_EC_PRIME239V2,
SEC_OID_ANSIX962_EC_PRIME239V3,
- SEC_OID_ANSIX962_EC_C2PNB163V1,
- SEC_OID_ANSIX962_EC_C2PNB163V2,
- SEC_OID_ANSIX962_EC_C2PNB163V3,
+ SEC_OID_ANSIX962_EC_C2PNB163V1,
+ SEC_OID_ANSIX962_EC_C2PNB163V2,
+ SEC_OID_ANSIX962_EC_C2PNB163V3,
SEC_OID_ANSIX962_EC_C2PNB176V1,
SEC_OID_ANSIX962_EC_C2TNB191V1,
SEC_OID_ANSIX962_EC_C2TNB191V2,
@@ -91,11 +89,11 @@ static SECOidTag ecCurve_oid_map[] = {
SEC_OID_SECG_EC_SECT193R1,
SEC_OID_SECG_EC_SECT193R2,
SEC_OID_SECG_EC_SECT239K1,
- SEC_OID_UNKNOWN /* ECCurve_pastLastCurve */
+ SEC_OID_UNKNOWN /* ECCurve_pastLastCurve */
};
-typedef SECStatus (*op_func) (void *, void *, void *);
-typedef SECStatus (*pk11_op_func) (CK_SESSION_HANDLE, void *, void *, void *);
+typedef SECStatus (*op_func)(void *, void *, void *);
+typedef SECStatus (*pk11_op_func)(CK_SESSION_HANDLE, void *, void *, void *);
typedef struct ThreadDataStr {
op_func op;
@@ -109,12 +107,13 @@ typedef struct ThreadDataStr {
int isSign;
} ThreadData;
-void PKCS11Thread(void *data)
+void
+PKCS11Thread(void *data)
{
ThreadData *threadData = (ThreadData *)data;
- pk11_op_func op = (pk11_op_func) threadData->op;
+ pk11_op_func op = (pk11_op_func)threadData->op;
int iters = threadData->iters;
- unsigned char sigData [256];
+ unsigned char sigData[256];
SECItem sig;
CK_SESSION_HANDLE session;
CK_RV crv;
@@ -128,174 +127,176 @@ void PKCS11Thread(void *data)
PR_Unlock(threadData->lock);
if (threadData->isSign) {
- sig.data = sigData;
- sig.len = sizeof(sigData);
- threadData->p2 = (void *)&sig;
- }
-
- while (iters --) {
- threadData->status = (*op)(session, threadData->p1,
- threadData->p2, threadData->p3);
- if (threadData->status != SECSuccess) {
- break;
+ sig.data = sigData;
+ sig.len = sizeof(sigData);
+ threadData->p2 = (void *)&sig;
}
- threadData->count++;
+
+ while (iters--) {
+ threadData->status = (*op)(session, threadData->p1,
+ threadData->p2, threadData->p3);
+ if (threadData->status != SECSuccess) {
+ break;
+ }
+ threadData->count++;
}
return;
}
-void genericThread(void *data)
+void
+genericThread(void *data)
{
ThreadData *threadData = (ThreadData *)data;
int iters = threadData->iters;
- unsigned char sigData [256];
+ unsigned char sigData[256];
SECItem sig;
threadData->status = SECSuccess;
threadData->count = 0;
if (threadData->isSign) {
- sig.data = sigData;
- sig.len = sizeof(sigData);
- threadData->p2 = (void *)&sig;
+ sig.data = sigData;
+ sig.len = sizeof(sigData);
+ threadData->p2 = (void *)&sig;
}
-
- while (iters --) {
- threadData->status = (*threadData->op)(threadData->p1,
- threadData->p2, threadData->p3);
- if (threadData->status != SECSuccess) {
- break;
- }
- threadData->count++;
+
+ while (iters--) {
+ threadData->status = (*threadData->op)(threadData->p1,
+ threadData->p2, threadData->p3);
+ if (threadData->status != SECSuccess) {
+ break;
+ }
+ threadData->count++;
}
return;
}
-
/* Time iter repetitions of operation op. */
SECStatus
-M_TimeOperation(void (*threadFunc)(void *),
- op_func opfunc, char *op, void *param1, void *param2,
- void *param3, int iters, int numThreads, PRLock *lock,
- CK_SESSION_HANDLE session, int isSign, double *rate)
+M_TimeOperation(void (*threadFunc)(void *),
+ op_func opfunc, char *op, void *param1, void *param2,
+ void *param3, int iters, int numThreads, PRLock *lock,
+ CK_SESSION_HANDLE session, int isSign, double *rate)
{
double dUserTime;
int i, total;
PRIntervalTime startTime, totalTime;
PRThread **threadIDs;
ThreadData *threadData;
- pk11_op_func pk11_op = (pk11_op_func) opfunc;
+ pk11_op_func pk11_op = (pk11_op_func)opfunc;
SECStatus rv;
/* verify operation works before testing performance */
if (session) {
- rv = (*pk11_op)(session, param1, param2, param3);
+ rv = (*pk11_op)(session, param1, param2, param3);
} else {
- rv = (*opfunc)(param1, param2, param3);
+ rv = (*opfunc)(param1, param2, param3);
}
if (rv != SECSuccess) {
- SECU_PrintError("Error:", op);
- return rv;
+ SECU_PrintError("Error:", op);
+ return rv;
}
/* get Data structures */
- threadIDs = (PRThread **)PORT_Alloc(numThreads*sizeof(PRThread *));
- threadData = (ThreadData *)PORT_Alloc(numThreads*sizeof(ThreadData));
+ threadIDs = (PRThread **)PORT_Alloc(numThreads * sizeof(PRThread *));
+ threadData = (ThreadData *)PORT_Alloc(numThreads * sizeof(ThreadData));
startTime = PR_Now();
if (numThreads == 1) {
- for (i=0; i < iters; i++) {
- if (session) {
- rv = (*pk11_op)(session, param1, param2, param3);
- } else {
- rv = (*opfunc)(param1, param2, param3);
- }
- }
- total = iters;
+ for (i = 0; i < iters; i++) {
+ if (session) {
+ rv = (*pk11_op)(session, param1, param2, param3);
+ } else {
+ rv = (*opfunc)(param1, param2, param3);
+ }
+ }
+ total = iters;
} else {
- for (i = 0; i < numThreads; i++) {
- threadData[i].op = opfunc;
- threadData[i].p1 = (void *)param1;
- threadData[i].p2 = (void *)param2;
- threadData[i].p3 = (void *)param3;
- threadData[i].iters = iters;
- threadData[i].lock = lock;
- threadData[i].isSign = isSign;
- threadIDs[i] = PR_CreateThread(PR_USER_THREAD, threadFunc,
- (void *)&threadData[i], PR_PRIORITY_NORMAL,
- PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0);
- }
-
- total = 0;
- for (i = 0; i < numThreads; i++) {
- PR_JoinThread(threadIDs[i]);
- /* check the status */
- total += threadData[i].count;
- }
-
- PORT_Free(threadIDs);
- PORT_Free(threadData);
- }
-
- totalTime = PR_Now()- startTime;
+ for (i = 0; i < numThreads; i++) {
+ threadData[i].op = opfunc;
+ threadData[i].p1 = (void *)param1;
+ threadData[i].p2 = (void *)param2;
+ threadData[i].p3 = (void *)param3;
+ threadData[i].iters = iters;
+ threadData[i].lock = lock;
+ threadData[i].isSign = isSign;
+ threadIDs[i] = PR_CreateThread(PR_USER_THREAD, threadFunc,
+ (void *)&threadData[i], PR_PRIORITY_NORMAL,
+ PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0);
+ }
+
+ total = 0;
+ for (i = 0; i < numThreads; i++) {
+ PR_JoinThread(threadIDs[i]);
+ /* check the status */
+ total += threadData[i].count;
+ }
+
+ PORT_Free(threadIDs);
+ PORT_Free(threadData);
+ }
+
+ totalTime = PR_Now() - startTime;
/* SecondsToInterval seems to be broken here ... */
- dUserTime = (double)totalTime/(double)1000000;
+ dUserTime = (double)totalTime / (double)1000000;
if (dUserTime) {
- printf(" %-15s count:%4d sec: %3.2f op/sec: %6.2f\n",
- op, total, dUserTime, (double)total/dUserTime);
- if (rate) {
- *rate = ((double)total)/dUserTime;
- }
+ printf(" %-15s count:%4d sec: %3.2f op/sec: %6.2f\n",
+ op, total, dUserTime, (double)total / dUserTime);
+ if (rate) {
+ *rate = ((double)total) / dUserTime;
+ }
}
return SECSuccess;
}
-#define GFP_POPULATE(params,name_v) \
- params.name = name_v; \
- if ((params.name < ECCurve_noName) || \
- (params.name > ECCurve_pastLastCurve)) goto cleanup; \
- params.type = ec_params_named; \
- params.curveOID.data = NULL; \
- params.curveOID.len = 0; \
- params.curve.seed.data = NULL; \
- params.curve.seed.len = 0; \
- params.DEREncoding.data = NULL; \
- params.DEREncoding.len = 0; \
- params.arena = NULL; \
- params.fieldID.size = ecCurve_map[name_v]->size; \
- params.fieldID.type = ec_field_GFp; \
+#define GFP_POPULATE(params, name_v) \
+ params.name = name_v; \
+ if ((params.name < ECCurve_noName) || \
+ (params.name > ECCurve_pastLastCurve)) \
+ goto cleanup; \
+ params.type = ec_params_named; \
+ params.curveOID.data = NULL; \
+ params.curveOID.len = 0; \
+ params.curve.seed.data = NULL; \
+ params.curve.seed.len = 0; \
+ params.DEREncoding.data = NULL; \
+ params.DEREncoding.len = 0; \
+ params.arena = NULL; \
+ params.fieldID.size = ecCurve_map[name_v]->size; \
+ params.fieldID.type = ec_field_GFp; \
hexString2SECItem(params.arena, &params.fieldID.u.prime, \
- ecCurve_map[name_v]->irr); \
- hexString2SECItem(params.arena, &params.curve.a, \
- ecCurve_map[name_v]->curvea); \
- hexString2SECItem(params.arena, &params.curve.b, \
- ecCurve_map[name_v]->curveb); \
- genenc[0] = '0'; \
- genenc[1] = '4'; \
- genenc[2] = '\0'; \
- strcat(genenc, ecCurve_map[name_v]->genx); \
- strcat(genenc, ecCurve_map[name_v]->geny); \
- hexString2SECItem(params.arena, &params.base, \
- genenc); \
- hexString2SECItem(params.arena, &params.order, \
- ecCurve_map[name_v]->order); \
+ ecCurve_map[name_v]->irr); \
+ hexString2SECItem(params.arena, &params.curve.a, \
+ ecCurve_map[name_v]->curvea); \
+ hexString2SECItem(params.arena, &params.curve.b, \
+ ecCurve_map[name_v]->curveb); \
+ genenc[0] = '0'; \
+ genenc[1] = '4'; \
+ genenc[2] = '\0'; \
+ strcat(genenc, ecCurve_map[name_v]->genx); \
+ strcat(genenc, ecCurve_map[name_v]->geny); \
+ hexString2SECItem(params.arena, &params.base, \
+ genenc); \
+ hexString2SECItem(params.arena, &params.order, \
+ ecCurve_map[name_v]->order); \
params.cofactor = ecCurve_map[name_v]->cofactor;
-
/* Test curve using specific field arithmetic. */
-#define ECTEST_NAMED_GFP(name_c, name_v) \
- if (usefreebl) { \
- printf("Testing %s using freebl implementation...\n", name_c); \
- rv = ectest_curve_freebl(name_v, iterations, numThreads); \
- if (rv != SECSuccess) goto cleanup; \
- printf("... okay.\n"); \
- } \
- if (usepkcs11) { \
- printf("Testing %s using pkcs11 implementation...\n", name_c); \
- rv = ectest_curve_pkcs11(name_v, iterations, numThreads); \
- if (rv != SECSuccess) goto cleanup; \
- printf("... okay.\n"); \
- }
+#define ECTEST_NAMED_GFP(name_c, name_v) \
+ if (usefreebl) { \
+ printf("Testing %s using freebl implementation...\n", name_c); \
+ rv = ectest_curve_freebl(name_v, iterations, numThreads); \
+ if (rv != SECSuccess) \
+ goto cleanup; \
+ printf("... okay.\n"); \
+ } \
+ if (usepkcs11) { \
+ printf("Testing %s using pkcs11 implementation...\n", name_c); \
+ rv = ectest_curve_pkcs11(name_v, iterations, numThreads); \
+ if (rv != SECSuccess) \
+ goto cleanup; \
+ printf("... okay.\n"); \
+ }
/*
* Initializes a SECItem from a hexadecimal string
@@ -310,46 +311,49 @@ hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
int byteval = 0;
int tmp = PORT_Strlen(str);
- if ((tmp % 2) != 0) return NULL;
-
+ if ((tmp % 2) != 0)
+ return NULL;
+
/* skip leading 00's unless the hex string is "00" */
while ((tmp > 2) && (str[0] == '0') && (str[1] == '0')) {
- str += 2;
- tmp -= 2;
+ str += 2;
+ tmp -= 2;
}
- item->data = (unsigned char *) PORT_Alloc( tmp/2);
- if (item->data == NULL) return NULL;
- item->len = tmp/2;
+ item->data = (unsigned char *)PORT_Alloc(tmp / 2);
+ if (item->data == NULL)
+ return NULL;
+ item->len = tmp / 2;
while (str[i]) {
- if ((str[i] >= '0') && (str[i] <= '9'))
- tmp = str[i] - '0';
- else if ((str[i] >= 'a') && (str[i] <= 'f'))
- tmp = str[i] - 'a' + 10;
- else if ((str[i] >= 'A') && (str[i] <= 'F'))
- tmp = str[i] - 'A' + 10;
- else
- return NULL;
-
- byteval = byteval * 16 + tmp;
- if ((i % 2) != 0) {
- item->data[i/2] = byteval;
- byteval = 0;
- }
- i++;
+ if ((str[i] >= '0') && (str[i] <= '9'))
+ tmp = str[i] - '0';
+ else if ((str[i] >= 'a') && (str[i] <= 'f'))
+ tmp = str[i] - 'a' + 10;
+ else if ((str[i] >= 'A') && (str[i] <= 'F'))
+ tmp = str[i] - 'A' + 10;
+ else
+ return NULL;
+
+ byteval = byteval * 16 + tmp;
+ if ((i % 2) != 0) {
+ item->data[i / 2] = byteval;
+ byteval = 0;
+ }
+ i++;
}
return item;
}
-#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
- (x)->pValue=(v); (x)->ulValueLen = (l);
-
+#define PK11_SETATTRS(x, id, v, l) \
+ (x)->type = (id); \
+ (x)->pValue = (v); \
+ (x)->ulValueLen = (l);
SECStatus
-PKCS11_Derive(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hKey,
- CK_MECHANISM *pMech , int *dummy)
+PKCS11_Derive(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hKey,
+ CK_MECHANISM *pMech, int *dummy)
{
CK_RV crv;
CK_OBJECT_HANDLE newKey;
@@ -363,75 +367,75 @@ PKCS11_Derive(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hKey,
attrs++;
PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
attrs++;
- PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, 1); attrs++;
-
+ PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, 1);
+ attrs++;
- crv = NSC_DeriveKey(session, pMech, *hKey, keyTemplate, 3, &newKey);
- if (crv != CKR_OK) {
- printf("Derive Failed CK_RV=0x%x\n", (int)crv);
- return SECFailure;
- }
- return SECSuccess;
+ crv = NSC_DeriveKey(session, pMech, *hKey, keyTemplate, 3, &newKey);
+ if (crv != CKR_OK) {
+ printf("Derive Failed CK_RV=0x%x\n", (int)crv);
+ return SECFailure;
+ }
+ return SECSuccess;
}
SECStatus
-PKCS11_Sign(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hKey,
- SECItem *sig, SECItem *digest)
+PKCS11_Sign(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hKey,
+ SECItem *sig, SECItem *digest)
{
- CK_RV crv;
- CK_MECHANISM mech;
-
- mech.mechanism = CKM_ECDSA;
- mech.pParameter = NULL;
- mech.ulParameterLen = 0;
-
- crv = NSC_SignInit(session, &mech, *hKey);
- if (crv != CKR_OK) {
- printf("Sign Failed CK_RV=0x%x\n", (int)crv);
- return SECFailure;
- }
- crv = NSC_Sign(session, digest->data, digest->len, sig->data,
- (CK_ULONG_PTR)&sig->len);
- if (crv != CKR_OK) {
- printf("Sign Failed CK_RV=0x%x\n", (int)crv);
- return SECFailure;
- }
- return SECSuccess;
+ CK_RV crv;
+ CK_MECHANISM mech;
+
+ mech.mechanism = CKM_ECDSA;
+ mech.pParameter = NULL;
+ mech.ulParameterLen = 0;
+
+ crv = NSC_SignInit(session, &mech, *hKey);
+ if (crv != CKR_OK) {
+ printf("Sign Failed CK_RV=0x%x\n", (int)crv);
+ return SECFailure;
+ }
+ crv = NSC_Sign(session, digest->data, digest->len, sig->data,
+ (CK_ULONG_PTR)&sig->len);
+ if (crv != CKR_OK) {
+ printf("Sign Failed CK_RV=0x%x\n", (int)crv);
+ return SECFailure;
+ }
+ return SECSuccess;
}
SECStatus
-PKCS11_Verify(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hKey,
- SECItem *sig, SECItem *digest)
+PKCS11_Verify(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hKey,
+ SECItem *sig, SECItem *digest)
{
- CK_RV crv;
- CK_MECHANISM mech;
-
- mech.mechanism = CKM_ECDSA;
- mech.pParameter = NULL;
- mech.ulParameterLen = 0;
-
- crv = NSC_VerifyInit(session, &mech, *hKey);
- if (crv != CKR_OK) {
- printf("Verify Failed CK_RV=0x%x\n", (int)crv);
- return SECFailure;
- }
- crv = NSC_Verify(session, digest->data, digest->len, sig->data, sig->len);
- if (crv != CKR_OK) {
- printf("Verify Failed CK_RV=0x%x\n", (int)crv);
- return SECFailure;
- }
- return SECSuccess;
+ CK_RV crv;
+ CK_MECHANISM mech;
+
+ mech.mechanism = CKM_ECDSA;
+ mech.pParameter = NULL;
+ mech.ulParameterLen = 0;
+
+ crv = NSC_VerifyInit(session, &mech, *hKey);
+ if (crv != CKR_OK) {
+ printf("Verify Failed CK_RV=0x%x\n", (int)crv);
+ return SECFailure;
+ }
+ crv = NSC_Verify(session, digest->data, digest->len, sig->data, sig->len);
+ if (crv != CKR_OK) {
+ printf("Verify Failed CK_RV=0x%x\n", (int)crv);
+ return SECFailure;
+ }
+ return SECSuccess;
}
static SECStatus
-ecName2params(ECCurveName curve, SECKEYECParams * params)
+ecName2params(ECCurveName curve, SECKEYECParams *params)
{
SECOidData *oidData = NULL;
if ((curve < ECCurve_noName) || (curve > ECCurve_pastLastCurve) ||
- ((oidData = SECOID_FindOIDByTag(ecCurve_oid_map[curve])) == NULL)) {
- PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
- return SECFailure;
+ ((oidData = SECOID_FindOIDByTag(ecCurve_oid_map[curve])) == NULL)) {
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+ return SECFailure;
}
SECITEM_AllocItem(NULL, params, (2 + oidData->oid.len));
@@ -447,8 +451,6 @@ ecName2params(ECCurveName curve, SECKEYECParams * params)
return SECSuccess;
}
-
-
/* Performs basic tests of elliptic curve cryptography over prime fields.
* If tests fail, then it prints an error message, aborts, and returns an
* error code. Otherwise, returns 0. */
@@ -463,7 +465,7 @@ ectest_curve_pkcs11(ECCurveName curve, int iterations, int numThreads)
SECKEYECParams ecParams;
CK_MECHANISM mech;
CK_ECDH1_DERIVE_PARAMS ecdh_params;
- unsigned char sigData [256];
+ unsigned char sigData[256];
unsigned char digestData[20];
unsigned char pubKeyData[256];
PRLock *lock = NULL;
@@ -476,13 +478,13 @@ ectest_curve_pkcs11(ECCurveName curve, int iterations, int numThreads)
ecParams.len = 0;
rv = ecName2params(curve, &ecParams);
if (rv != SECSuccess) {
- goto cleanup;
+ goto cleanup;
}
crv = NSC_OpenSession(1, CKF_SERIAL_SESSION, NULL, 0, &session);
if (crv != CKR_OK) {
- printf("OpenSession Failed CK_RV=0x%x\n", (int)crv);
- return SECFailure;
+ printf("OpenSession Failed CK_RV=0x%x\n", (int)crv);
+ return SECFailure;
}
PORT_Memset(digestData, 0xa5, sizeof(digestData));
@@ -497,11 +499,11 @@ ectest_curve_pkcs11(ECCurveName curve, int iterations, int numThreads)
mech.mechanism = CKM_EC_KEY_PAIR_GEN;
mech.pParameter = NULL;
mech.ulParameterLen = 0;
- crv = NSC_GenerateKeyPair(session, &mech,
- &template, 1, NULL, 0, &ecPub, &ecPriv);
+ crv = NSC_GenerateKeyPair(session, &mech,
+ &template, 1, NULL, 0, &ecPub, &ecPriv);
if (crv != CKR_OK) {
- printf("GenerateKeyPair Failed CK_RV=0x%x\n", (int)crv);
- return SECFailure;
+ printf("GenerateKeyPair Failed CK_RV=0x%x\n", (int)crv);
+ return SECFailure;
}
template.type = CKA_EC_POINT;
@@ -509,8 +511,8 @@ ectest_curve_pkcs11(ECCurveName curve, int iterations, int numThreads)
template.ulValueLen = sizeof(pubKeyData);
crv = NSC_GetAttributeValue(session, ecPub, &template, 1);
if (crv != CKR_OK) {
- printf("GenerateKeyPair Failed CK_RV=0x%x\n", (int)crv);
- return SECFailure;
+ printf("GenerateKeyPair Failed CK_RV=0x%x\n", (int)crv);
+ return SECFailure;
}
ecdh_params.kdf = CKD_NULL;
@@ -526,25 +528,29 @@ ectest_curve_pkcs11(ECCurveName curve, int iterations, int numThreads)
lock = PR_NewLock();
rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Derive, "ECDH_Derive",
- &ecPriv, &mech, NULL, iterations, numThreads,
- lock, session, 0, &deriveRate);
- if (rv != SECSuccess) goto cleanup;
+ &ecPriv, &mech, NULL, iterations, numThreads,
+ lock, session, 0, &deriveRate);
+ if (rv != SECSuccess)
+ goto cleanup;
rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Sign, "ECDSA_Sign",
- (void *)&ecPriv, &sig, &digest, iterations, numThreads,
- lock, session, 1, &signRate);
- if (rv != SECSuccess) goto cleanup;
- printf(" ECDHE max rate = %.2f\n", (deriveRate+signRate)/4.0);
+ (void *)&ecPriv, &sig, &digest, iterations, numThreads,
+ lock, session, 1, &signRate);
+ if (rv != SECSuccess)
+ goto cleanup;
+ printf(" ECDHE max rate = %.2f\n", (deriveRate + signRate) / 4.0);
/* get a signature */
rv = PKCS11_Sign(session, &ecPriv, &sig, &digest);
- if (rv != SECSuccess) goto cleanup;
+ if (rv != SECSuccess)
+ goto cleanup;
rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Verify, "ECDSA_Verify",
- (void *)&ecPub, &sig, &digest, iterations, numThreads,
- lock, session, 0, NULL);
- if (rv != SECSuccess) goto cleanup;
+ (void *)&ecPub, &sig, &digest, iterations, numThreads,
+ lock, session, 0, NULL);
+ if (rv != SECSuccess)
+ goto cleanup;
cleanup:
if (lock) {
- PR_DestroyLock(lock);
+ PR_DestroyLock(lock);
}
return rv;
}
@@ -559,11 +565,11 @@ ECDH_DeriveWrap(ECPrivateKey *priv, ECPublicKey *pub, int *dummy)
secret.data = secretData;
secret.len = sizeof(secretData);
- rv = ECDH_Derive(&pub->publicValue, &pub->ecParams,
- &priv->privateValue, 0, &secret);
+ rv = ECDH_Derive(&pub->publicValue, &pub->ecParams,
+ &priv->privateValue, 0, &secret);
#ifdef notdef
if (rv == SECSuccess) {
- PORT_Free(secret.data);
+ PORT_Free(secret.data);
}
#endif
return rv;
@@ -575,18 +581,17 @@ ECDH_DeriveWrap(ECPrivateKey *priv, ECPublicKey *pub, int *dummy)
SECStatus
ectest_curve_freebl(ECCurveName curve, int iterations, int numThreads)
{
- ECParams ecParams;
+ ECParams ecParams;
ECPrivateKey *ecPriv = NULL;
ECPublicKey ecPub;
SECItem sig;
SECItem digest;
- unsigned char sigData [256];
+ unsigned char sigData[256];
unsigned char digestData[20];
double signRate, deriveRate;
char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
SECStatus rv;
-
GFP_POPULATE(ecParams, curve);
PORT_Memset(digestData, 0xa5, sizeof(digestData));
@@ -597,23 +602,27 @@ ectest_curve_freebl(ECCurveName curve, int iterations, int numThreads)
rv = EC_NewKey(&ecParams, &ecPriv);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
ecPub.ecParams = ecParams;
ecPub.publicValue = ecPriv->publicValue;
- M_TimeOperation(genericThread, (op_func) ECDH_DeriveWrap, "ECDH_Derive",
- ecPriv, &ecPub, NULL, iterations, numThreads, 0, 0, 0, &deriveRate);
- if (rv != SECSuccess) goto cleanup;
- M_TimeOperation(genericThread, (op_func) ECDSA_SignDigest, "ECDSA_Sign",
- ecPriv, &sig, &digest, iterations, numThreads, 0, 0, 1, &signRate);
- if (rv != SECSuccess) goto cleanup;
- printf(" ECDHE max rate = %.2f\n", (deriveRate+signRate)/4.0);
+ M_TimeOperation(genericThread, (op_func)ECDH_DeriveWrap, "ECDH_Derive",
+ ecPriv, &ecPub, NULL, iterations, numThreads, 0, 0, 0, &deriveRate);
+ if (rv != SECSuccess)
+ goto cleanup;
+ M_TimeOperation(genericThread, (op_func)ECDSA_SignDigest, "ECDSA_Sign",
+ ecPriv, &sig, &digest, iterations, numThreads, 0, 0, 1, &signRate);
+ if (rv != SECSuccess)
+ goto cleanup;
+ printf(" ECDHE max rate = %.2f\n", (deriveRate + signRate) / 4.0);
rv = ECDSA_SignDigest(ecPriv, &sig, &digest);
- if (rv != SECSuccess) goto cleanup;
- M_TimeOperation(genericThread, (op_func) ECDSA_VerifyDigest, "ECDSA_Verify",
- &ecPub, &sig, &digest, iterations, numThreads, 0, 0, 0, NULL);
- if (rv != SECSuccess) goto cleanup;
+ if (rv != SECSuccess)
+ goto cleanup;
+ M_TimeOperation(genericThread, (op_func)ECDSA_VerifyDigest, "ECDSA_Verify",
+ &ecPub, &sig, &digest, iterations, numThreads, 0, 0, 0, NULL);
+ if (rv != SECSuccess)
+ goto cleanup;
cleanup:
return rv;
@@ -623,7 +632,7 @@ cleanup:
void
printUsage(char *prog)
{
- printf("Usage: %s [-i iterations] [-t threads ] [-ans] [-fp] [-A]\n",prog);
+ printf("Usage: %s [-i iterations] [-t threads ] [-ans] [-fp] [-A]\n", prog);
}
/* Performs tests of elliptic curve cryptography over prime fields If
@@ -644,42 +653,42 @@ main(int argv, char **argc)
/* read command-line arguments */
for (i = 1; i < argv; i++) {
- if (strcasecmp(argc[i], "-i") == 0) {
- i++;
- iterations = atoi(argc[i]);
- } else if (strcasecmp(argc[i], "-t") == 0) {
- i++;
- numThreads = atoi(argc[i]);
- } else if (strcasecmp(argc[i], "-A") == 0) {
- ansi = nist = secp = 1;
- usepkcs11 = usefreebl = 1;
- } else if (strcasecmp(argc[i], "-a") == 0) {
- ansi = 1;
- } else if (strcasecmp(argc[i], "-n") == 0) {
- nist = 1;
- } else if (strcasecmp(argc[i], "-s") == 0) {
- secp = 1;
- } else if (strcasecmp(argc[i], "-p") == 0) {
- usepkcs11 = 1;
- } else if (strcasecmp(argc[i], "-f") == 0) {
- usefreebl = 1;
- } else {
- printUsage(argc[0]);
- return 0;
- }
+ if (strcasecmp(argc[i], "-i") == 0) {
+ i++;
+ iterations = atoi(argc[i]);
+ } else if (strcasecmp(argc[i], "-t") == 0) {
+ i++;
+ numThreads = atoi(argc[i]);
+ } else if (strcasecmp(argc[i], "-A") == 0) {
+ ansi = nist = secp = 1;
+ usepkcs11 = usefreebl = 1;
+ } else if (strcasecmp(argc[i], "-a") == 0) {
+ ansi = 1;
+ } else if (strcasecmp(argc[i], "-n") == 0) {
+ nist = 1;
+ } else if (strcasecmp(argc[i], "-s") == 0) {
+ secp = 1;
+ } else if (strcasecmp(argc[i], "-p") == 0) {
+ usepkcs11 = 1;
+ } else if (strcasecmp(argc[i], "-f") == 0) {
+ usefreebl = 1;
+ } else {
+ printUsage(argc[0]);
+ return 0;
+ }
}
if ((ansi | nist | secp) == 0) {
- nist = 1;
+ nist = 1;
}
- if ((usepkcs11|usefreebl) == 0) {
- usefreebl = 1;
+ if ((usepkcs11 | usefreebl) == 0) {
+ usefreebl = 1;
}
rv = NSS_NoDB_Init(NULL);
if (rv != SECSuccess) {
- SECU_PrintError("Error:", "NSS_NoDB_Init");
- goto cleanup;
+ SECU_PrintError("Error:", "NSS_NoDB_Init");
+ goto cleanup;
}
/* specific arithmetic tests */
@@ -718,9 +727,9 @@ main(int argv, char **argc)
ECTEST_NAMED_GFP("SECP-521R1", ECCurve_SECG_PRIME_521R1);
}
- cleanup:
+cleanup:
if (rv != SECSuccess) {
- printf("Error: exiting with error value\n");
+ printf("Error: exiting with error value\n");
}
return rv;
}
diff --git a/cmd/fipstest/aes.sh b/cmd/fipstest/aes.sh
index 19caf98cf..7e25e60d2 100644
--- a/cmd/fipstest/aes.sh
+++ b/cmd/fipstest/aes.sh
@@ -1,5 +1,5 @@
#!/bin/sh
-#
+#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c
index 340d13d75..a6b67fe2c 100644
--- a/cmd/fipstest/fipstest.c
+++ b/cmd/fipstest/fipstest.c
@@ -18,20 +18,18 @@
#include "lowkeyi.h"
#include "softoken.h"
#include "pkcs11t.h"
-#define __PASTE(x,y) x##y
+#define __PASTE(x, y) x##y
#undef CK_PKCS11_FUNCTION_INFO
#undef CK_NEED_ARG_LIST
#define CK_EXTERN extern
#define CK_PKCS11_FUNCTION_INFO(func) \
- CK_RV __PASTE(NS,func)
-#define CK_NEED_ARG_LIST 1
+ CK_RV __PASTE(NS, func)
+#define CK_NEED_ARG_LIST 1
#include "pkcs11f.h"
#undef CK_PKCS11_FUNCTION_INFO
#undef CK_NEED_ARG_LIST
#undef __PASTE
-#define SSL3_RANDOM_LENGTH 32
-
-
+#define SSL3_RANDOM_LENGTH 32
#if 0
#include "../../lib/freebl/mpi/mpi.h"
@@ -48,11 +46,11 @@ EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
#define ENCRYPT 1
#define DECRYPT 0
#define BYTE unsigned char
-#define DEFAULT_RSA_PUBLIC_EXPONENT 0x10001
-#define RSA_MAX_TEST_MODULUS_BITS 4096
-#define RSA_MAX_TEST_MODULUS_BYTES RSA_MAX_TEST_MODULUS_BITS/8
-#define RSA_MAX_TEST_EXPONENT_BYTES 8
-#define PQG_TEST_SEED_BYTES 20
+#define DEFAULT_RSA_PUBLIC_EXPONENT 0x10001
+#define RSA_MAX_TEST_MODULUS_BITS 4096
+#define RSA_MAX_TEST_MODULUS_BYTES RSA_MAX_TEST_MODULUS_BITS / 8
+#define RSA_MAX_TEST_EXPONENT_BYTES 8
+#define PQG_TEST_SEED_BYTES 20
SECStatus
hex_to_byteval(const char *c2, unsigned char *byteval)
@@ -60,16 +58,16 @@ hex_to_byteval(const char *c2, unsigned char *byteval)
int i;
unsigned char offset;
*byteval = 0;
- for (i=0; i<2; i++) {
+ for (i = 0; i < 2; i++) {
if (c2[i] >= '0' && c2[i] <= '9') {
offset = c2[i] - '0';
- *byteval |= offset << 4*(1-i);
+ *byteval |= offset << 4 * (1 - i);
} else if (c2[i] >= 'a' && c2[i] <= 'f') {
offset = c2[i] - 'a';
- *byteval |= (offset + 10) << 4*(1-i);
+ *byteval |= (offset + 10) << 4 * (1 - i);
} else if (c2[i] >= 'A' && c2[i] <= 'F') {
offset = c2[i] - 'A';
- *byteval |= (offset + 10) << 4*(1-i);
+ *byteval |= (offset + 10) << 4 * (1 - i);
} else {
return SECFailure;
}
@@ -82,8 +80,8 @@ byteval_to_hex(unsigned char byteval, char *c2, char a)
{
int i;
unsigned char offset;
- for (i=0; i<2; i++) {
- offset = (byteval >> 4*(1-i)) & 0x0f;
+ for (i = 0; i < 2; i++) {
+ offset = (byteval >> 4 * (1 - i)) & 0x0f;
if (offset < 10) {
c2[i] = '0' + offset;
} else {
@@ -97,20 +95,20 @@ void
to_hex_str(char *str, const unsigned char *buf, unsigned int len)
{
unsigned int i;
- for (i=0; i<len; i++) {
- byteval_to_hex(buf[i], &str[2*i], 'a');
+ for (i = 0; i < len; i++) {
+ byteval_to_hex(buf[i], &str[2 * i], 'a');
}
- str[2*len] = '\0';
+ str[2 * len] = '\0';
}
void
to_hex_str_cap(char *str, const unsigned char *buf, unsigned int len)
{
unsigned int i;
- for (i=0; i<len; i++) {
- byteval_to_hex(buf[i], &str[2*i], 'A');
+ for (i = 0; i < len; i++) {
+ byteval_to_hex(buf[i], &str[2 * i], 'A');
}
- str[2*len] = '\0';
+ str[2 * len] = '\0';
}
/*
@@ -121,9 +119,9 @@ to_hex_str_cap(char *str, const unsigned char *buf, unsigned int len)
PRBool
from_hex_str(unsigned char *buf, unsigned int len, const char *str)
{
- unsigned int nxdigit; /* number of hex digits in str */
- unsigned int i; /* index into buf */
- unsigned int j; /* index into str */
+ unsigned int nxdigit; /* number of hex digits in str */
+ unsigned int i; /* index into buf */
+ unsigned int j; /* index into str */
/* count the hex digits */
nxdigit = 0;
@@ -133,24 +131,24 @@ from_hex_str(unsigned char *buf, unsigned int len, const char *str)
if (nxdigit == 0) {
return PR_FALSE;
}
- if (nxdigit > 2*len) {
+ if (nxdigit > 2 * len) {
/*
* The input hex string is too long, but we allow it if the
* extra digits are leading 0's.
*/
- for (j = 0; j < nxdigit-2*len; j++) {
+ for (j = 0; j < nxdigit - 2 * len; j++) {
if (str[j] != '0') {
return PR_FALSE;
}
}
/* skip leading 0's */
- str += nxdigit-2*len;
- nxdigit = 2*len;
+ str += nxdigit - 2 * len;
+ nxdigit = 2 * len;
}
- for (i=0, j=0; i< len; i++) {
- if (2*i < 2*len-nxdigit) {
+ for (i = 0, j = 0; i < len; i++) {
+ if (2 * i < 2 * len - nxdigit) {
/* Handle a short input as if we padded it with leading 0's. */
- if (2*i+1 < 2*len-nxdigit) {
+ if (2 * i + 1 < 2 * len - nxdigit) {
buf[i] = 0;
} else {
char tmp[2];
@@ -170,14 +168,14 @@ from_hex_str(unsigned char *buf, unsigned int len, const char *str)
SECStatus
tdea_encrypt_buf(
int mode,
- const unsigned char *key,
+ const unsigned char *key,
const unsigned char *iv,
unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
const unsigned char *input, unsigned int inputlen)
{
SECStatus rv = SECFailure;
DESContext *cx;
- unsigned char doublecheck[8*20]; /* 1 to 20 blocks */
+ unsigned char doublecheck[8 * 20]; /* 1 to 20 blocks */
unsigned int doublechecklen = 0;
cx = DES_CreateContext(key, iv, mode, PR_TRUE);
@@ -203,7 +201,7 @@ tdea_encrypt_buf(
goto loser;
}
rv = DES_Decrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck,
- output, *outputlen);
+ output, *outputlen);
if (rv != SECSuccess) {
goto loser;
}
@@ -227,14 +225,14 @@ loser:
SECStatus
tdea_decrypt_buf(
int mode,
- const unsigned char *key,
+ const unsigned char *key,
const unsigned char *iv,
unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
const unsigned char *input, unsigned int inputlen)
{
SECStatus rv = SECFailure;
DESContext *cx;
- unsigned char doublecheck[8*20]; /* 1 to 20 blocks */
+ unsigned char doublecheck[8 * 20]; /* 1 to 20 blocks */
unsigned int doublechecklen = 0;
cx = DES_CreateContext(key, iv, mode, PR_FALSE);
@@ -242,7 +240,7 @@ tdea_decrypt_buf(
goto loser;
}
rv = DES_Decrypt(cx, output, outputlen, maxoutputlen,
- input, inputlen);
+ input, inputlen);
if (rv != SECSuccess) {
goto loser;
}
@@ -261,7 +259,7 @@ tdea_decrypt_buf(
goto loser;
}
rv = DES_Encrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck,
- output, *outputlen);
+ output, *outputlen);
if (rv != SECSuccess) {
goto loser;
}
@@ -296,21 +294,21 @@ loser:
void
tdea_kat_mmt(char *reqfn)
{
- char buf[180]; /* holds one line from the input REQUEST file.
+ char buf[180]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "CIPHERTEXT = <180 hex digits>\n".
*/
- FILE *req; /* input stream from the REQUEST file */
- FILE *resp; /* output stream to the RESPONSE file */
+ FILE *req; /* input stream from the REQUEST file */
+ FILE *resp; /* output stream to the RESPONSE file */
int i, j;
- int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */
- int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */
- unsigned char key[24]; /* TDEA 3 key bundle */
+ int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */
+ int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */
+ unsigned char key[24]; /* TDEA 3 key bundle */
unsigned int numKeys = 0;
- unsigned char iv[8]; /* for all modes except ECB */
- unsigned char plaintext[8*20]; /* 1 to 20 blocks */
+ unsigned char iv[8]; /* for all modes except ECB */
+ unsigned char plaintext[8 * 20]; /* 1 to 20 blocks */
unsigned int plaintextlen;
- unsigned char ciphertext[8*20]; /* 1 to 20 blocks */
+ unsigned char ciphertext[8 * 20]; /* 1 to 20 blocks */
unsigned int ciphertextlen;
SECStatus rv;
@@ -362,10 +360,10 @@ tdea_kat_mmt(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
- key[j+8] = key[j];
- key[j+16] = key[j];
+ key[j + 8] = key[j];
+ key[j + 16] = key[j];
}
fputs(buf, resp);
continue;
@@ -377,7 +375,7 @@ tdea_kat_mmt(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
}
fputs(buf, resp);
@@ -389,7 +387,7 @@ tdea_kat_mmt(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=8; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 8; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
}
fputs(buf, resp);
@@ -401,7 +399,7 @@ tdea_kat_mmt(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=16; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 16; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
}
fputs(buf, resp);
@@ -416,7 +414,7 @@ tdea_kat_mmt(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<sizeof iv; i+=2,j++) {
+ for (j = 0; j < sizeof iv; i += 2, j++) {
hex_to_byteval(&buf[i], &iv[j]);
}
fputs(buf, resp);
@@ -433,18 +431,18 @@ tdea_kat_mmt(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &plaintext[j]);
}
plaintextlen = j;
rv = tdea_encrypt_buf(mode, key,
- (mode == NSS_DES_EDE3) ? NULL : iv,
- ciphertext, &ciphertextlen, sizeof ciphertext,
- plaintext, plaintextlen);
+ (mode == NSS_DES_EDE3) ? NULL : iv,
+ ciphertext, &ciphertextlen, sizeof ciphertext,
+ plaintext, plaintextlen);
if (rv != SECSuccess) {
goto loser;
}
-
+
fputs(buf, resp);
fputs("CIPHERTEXT = ", resp);
to_hex_str(buf, ciphertext, ciphertextlen);
@@ -458,24 +456,24 @@ tdea_kat_mmt(char *reqfn)
if (crypt != DECRYPT) {
goto loser;
}
-
+
i = 10;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &ciphertext[j]);
}
ciphertextlen = j;
-
+
rv = tdea_decrypt_buf(mode, key,
- (mode == NSS_DES_EDE3) ? NULL : iv,
- plaintext, &plaintextlen, sizeof plaintext,
- ciphertext, ciphertextlen);
+ (mode == NSS_DES_EDE3) ? NULL : iv,
+ plaintext, &plaintextlen, sizeof plaintext,
+ ciphertext, ciphertextlen);
if (rv != SECSuccess) {
goto loser;
}
-
+
fputs(buf, resp);
fputs("PLAINTEXT = ", resp);
to_hex_str(buf, plaintext, plaintextlen);
@@ -492,7 +490,8 @@ loser:
/*
* Set the parity bit for the given byte
*/
-BYTE odd_parity( BYTE in)
+BYTE
+odd_parity(BYTE in)
{
BYTE out = in;
in ^= in >> 4;
@@ -502,50 +501,50 @@ BYTE odd_parity( BYTE in)
}
/*
- * Generate Keys [i+1] from Key[i], PT/CT[j-2], PT/CT[j-1], and PT/CT[j]
+ * Generate Keys [i+1] from Key[i], PT/CT[j-2], PT/CT[j-1], and PT/CT[j]
* for TDEA Monte Carlo Test (MCT) in ECB and CBC modes.
*/
void
tdea_mct_next_keys(unsigned char *key,
- const unsigned char *text_2, const unsigned char *text_1,
- const unsigned char *text, unsigned int numKeys)
+ const unsigned char *text_2, const unsigned char *text_1,
+ const unsigned char *text, unsigned int numKeys)
{
int k;
/* key1[i+1] = key1[i] xor PT/CT[j] */
- for (k=0; k<8; k++) {
+ for (k = 0; k < 8; k++) {
key[k] ^= text[k];
}
/* key2 */
- if (numKeys == 2 || numKeys == 3) {
+ if (numKeys == 2 || numKeys == 3) {
/* key2 independent */
- for (k=8; k<16; k++) {
+ for (k = 8; k < 16; k++) {
/* key2[i+1] = KEY2[i] xor PT/CT[j-1] */
- key[k] ^= text_1[k-8];
+ key[k] ^= text_1[k - 8];
}
} else {
/* key2 == key 1 */
- for (k=8; k<16; k++) {
+ for (k = 8; k < 16; k++) {
/* key2[i+1] = KEY2[i] xor PT/CT[j] */
- key[k] = key[k-8];
+ key[k] = key[k - 8];
}
}
/* key3 */
if (numKeys == 1 || numKeys == 2) {
/* key3 == key 1 */
- for (k=16; k<24; k++) {
+ for (k = 16; k < 24; k++) {
/* key3[i+1] = KEY3[i] xor PT/CT[j] */
- key[k] = key[k-16];
+ key[k] = key[k - 16];
}
} else {
- /* key3 independent */
- for (k=16; k<24; k++) {
+ /* key3 independent */
+ for (k = 16; k < 24; k++) {
/* key3[i+1] = KEY3[i] xor PT/CT[j-2] */
- key[k] ^= text_2[k-16];
+ key[k] ^= text_2[k - 16];
}
}
- /* set the parity bits */
- for (k=0; k<24; k++) {
+ /* set the parity bits */
+ for (k = 0; k < 24; k++) {
key[k] = odd_parity(key[k]);
}
}
@@ -556,23 +555,23 @@ tdea_mct_next_keys(unsigned char *key,
* mode = NSS_DES_EDE3 or NSS_DES_EDE3_CBC
* crypt = ENCRYPT || DECRYPT
* inputtext = plaintext or Cyphertext depending on the value of crypt
- * inputlength is expected to be size 8 bytes
+ * inputlength is expected to be size 8 bytes
* iv = needs to be set for NSS_DES_EDE3_CBC mode
- * resp = is the output response file.
+ * resp = is the output response file.
*/
- void
-tdea_mct_test(int mode, unsigned char* key, unsigned int numKeys,
- unsigned int crypt, unsigned char* inputtext,
- unsigned int inputlength, unsigned char* iv, FILE *resp) {
+void
+tdea_mct_test(int mode, unsigned char *key, unsigned int numKeys,
+ unsigned int crypt, unsigned char *inputtext,
+ unsigned int inputlength, unsigned char *iv, FILE *resp)
+{
int i, j;
- unsigned char outputtext_1[8]; /* PT/CT[j-1] */
- unsigned char outputtext_2[8]; /* PT/CT[j-2] */
- char buf[80]; /* holds one line from the input REQUEST file. */
+ unsigned char outputtext_1[8]; /* PT/CT[j-1] */
+ unsigned char outputtext_2[8]; /* PT/CT[j-2] */
+ char buf[80]; /* holds one line from the input REQUEST file. */
unsigned int outputlen;
unsigned char outputtext[8];
-
-
+
SECStatus rv;
if (mode == NSS_DES_EDE3 && iv != NULL) {
@@ -584,8 +583,8 @@ tdea_mct_test(int mode, unsigned char* key, unsigned int numKeys,
}
/* loop 400 times */
- for (i=0; i<400; i++) {
- /* if i == 0 CV[0] = IV not necessary */
+ for (i = 0; i < 400; i++) {
+ /* if i == 0 CV[0] = IV not necessary */
/* record the count and key values and plainText */
sprintf(buf, "COUNT = %d\n", i);
fputs(buf, resp);
@@ -624,21 +623,27 @@ tdea_mct_test(int mode, unsigned char* key, unsigned int numKeys,
fputc('\n', resp);
/* loop 10,000 times */
- for (j=0; j<10000; j++) {
+ for (j = 0; j < 10000; j++) {
outputlen = 0;
if (crypt == ENCRYPT) {
/* inputtext == ciphertext outputtext == plaintext*/
rv = tdea_encrypt_buf(mode, key,
- (mode == NSS_DES_EDE3) ? NULL : iv,
- outputtext, &outputlen, 8,
- inputtext, 8);
+ (mode ==
+ NSS_DES_EDE3)
+ ? NULL
+ : iv,
+ outputtext, &outputlen, 8,
+ inputtext, 8);
} else {
/* inputtext == plaintext outputtext == ciphertext */
rv = tdea_decrypt_buf(mode, key,
- (mode == NSS_DES_EDE3) ? NULL : iv,
- outputtext, &outputlen, 8,
- inputtext, 8);
+ (mode ==
+ NSS_DES_EDE3)
+ ? NULL
+ : iv,
+ outputtext, &outputlen, 8,
+ inputtext, 8);
}
if (rv != SECSuccess) {
@@ -675,12 +680,13 @@ tdea_mct_test(int mode, unsigned char* key, unsigned int numKeys,
}
/* Save PT/CT[j-2] and PT/CT[j-1] */
- if (j==9997) memcpy(outputtext_2, outputtext, 8);
- if (j==9998) memcpy(outputtext_1, outputtext, 8);
+ if (j == 9997)
+ memcpy(outputtext_2, outputtext, 8);
+ if (j == 9998)
+ memcpy(outputtext_1, outputtext, 8);
/* done at the end of the for(j) loop */
}
-
if (crypt == ENCRYPT) {
/* Output CT[j] */
fputs("CIPHERTEXT = ", resp);
@@ -692,10 +698,10 @@ tdea_mct_test(int mode, unsigned char* key, unsigned int numKeys,
fputs(buf, resp);
fputc('\n', resp);
- /* Key[i+1] = Key[i] xor ... outputtext_2 == PT/CT[j-2]
- * outputtext_1 == PT/CT[j-1] outputtext == PT/CT[j]
+ /* Key[i+1] = Key[i] xor ... outputtext_2 == PT/CT[j-2]
+ * outputtext_1 == PT/CT[j-1] outputtext == PT/CT[j]
*/
- tdea_mct_next_keys(key, outputtext_2,
+ tdea_mct_next_keys(key, outputtext_2,
outputtext_1, outputtext, numKeys);
if (mode == NSS_DES_EDE3_CBC) {
@@ -722,7 +728,7 @@ loser:
/*
* Perform the TDEA Monte Carlo Test (MCT) in ECB/CBC modes.
- * by gathering the input from the request file, and then
+ * by gathering the input from the request file, and then
* calling tdea_mct_test.
*
* reqfn is the pathname of the input REQUEST file.
@@ -733,14 +739,14 @@ void
tdea_mct(int mode, char *reqfn)
{
int i, j;
- char buf[80]; /* holds one line from the input REQUEST file. */
- FILE *req; /* input stream from the REQUEST file */
- FILE *resp; /* output stream to the RESPONSE file */
- unsigned int crypt = 0; /* 1 means encrypt, 0 means decrypt */
- unsigned char key[24]; /* TDEA 3 key bundle */
+ char buf[80]; /* holds one line from the input REQUEST file. */
+ FILE *req; /* input stream from the REQUEST file */
+ FILE *resp; /* output stream to the RESPONSE file */
+ unsigned int crypt = 0; /* 1 means encrypt, 0 means decrypt */
+ unsigned char key[24]; /* TDEA 3 key bundle */
unsigned int numKeys = 0;
- unsigned char plaintext[8]; /* PT[j] */
- unsigned char ciphertext[8]; /* CT[j] */
+ unsigned char plaintext[8]; /* PT[j] */
+ unsigned char ciphertext[8]; /* CT[j] */
unsigned char iv[8];
/* zeroize the variables for the test with this data set */
@@ -763,9 +769,9 @@ tdea_mct(int mode, char *reqfn)
crypt = ENCRYPT;
} else {
crypt = DECRYPT;
- }
- fputs(buf, resp);
- continue;
+ }
+ fputs(buf, resp);
+ continue;
}
/* NumKeys */
if (strncmp(&buf[0], "NumKeys", 7) == 0) {
@@ -782,7 +788,7 @@ tdea_mct(int mode, char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
}
continue;
@@ -793,7 +799,7 @@ tdea_mct(int mode, char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=8; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 8; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
}
continue;
@@ -804,7 +810,7 @@ tdea_mct(int mode, char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=16; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 16; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
}
continue;
@@ -816,14 +822,14 @@ tdea_mct(int mode, char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<sizeof iv; i+=2,j++) {
+ for (j = 0; j < sizeof iv; i += 2, j++) {
hex_to_byteval(&buf[i], &iv[j]);
}
continue;
}
- /* PLAINTEXT = ... */
- if (strncmp(buf, "PLAINTEXT", 9) == 0) {
+ /* PLAINTEXT = ... */
+ if (strncmp(buf, "PLAINTEXT", 9) == 0) {
/* sanity check */
if (crypt != ENCRYPT) {
@@ -834,12 +840,12 @@ tdea_mct(int mode, char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<sizeof plaintext; i+=2,j++) {
+ for (j = 0; j < sizeof plaintext; i += 2, j++) {
hex_to_byteval(&buf[i], &plaintext[j]);
- }
+ }
/* do the Monte Carlo test */
- if (mode==NSS_DES_EDE3) {
+ if (mode == NSS_DES_EDE3) {
tdea_mct_test(NSS_DES_EDE3, key, numKeys, crypt, plaintext, sizeof plaintext, NULL, resp);
} else {
tdea_mct_test(NSS_DES_EDE3_CBC, key, numKeys, crypt, plaintext, sizeof plaintext, iv, resp);
@@ -857,15 +863,15 @@ tdea_mct(int mode, char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &ciphertext[j]);
}
-
+
/* do the Monte Carlo test */
- if (mode==NSS_DES_EDE3) {
- tdea_mct_test(NSS_DES_EDE3, key, numKeys, crypt, ciphertext, sizeof ciphertext, NULL, resp);
+ if (mode == NSS_DES_EDE3) {
+ tdea_mct_test(NSS_DES_EDE3, key, numKeys, crypt, ciphertext, sizeof ciphertext, NULL, resp);
} else {
- tdea_mct_test(NSS_DES_EDE3_CBC, key, numKeys, crypt, ciphertext, sizeof ciphertext, iv, resp);
+ tdea_mct_test(NSS_DES_EDE3_CBC, key, numKeys, crypt, ciphertext, sizeof ciphertext, iv, resp);
}
continue;
}
@@ -875,7 +881,6 @@ loser:
fclose(req);
}
-
SECStatus
aes_encrypt_buf(
int mode,
@@ -886,7 +891,7 @@ aes_encrypt_buf(
{
SECStatus rv = SECFailure;
AESContext *cx;
- unsigned char doublecheck[10*16]; /* 1 to 10 blocks */
+ unsigned char doublecheck[10 * 16]; /* 1 to 10 blocks */
unsigned int doublechecklen = 0;
cx = AES_CreateContext(key, iv, mode, PR_TRUE, keysize, 16);
@@ -912,7 +917,7 @@ aes_encrypt_buf(
goto loser;
}
rv = AES_Decrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck,
- output, *outputlen);
+ output, *outputlen);
if (rv != SECSuccess) {
goto loser;
}
@@ -943,7 +948,7 @@ aes_decrypt_buf(
{
SECStatus rv = SECFailure;
AESContext *cx;
- unsigned char doublecheck[10*16]; /* 1 to 10 blocks */
+ unsigned char doublecheck[10 * 16]; /* 1 to 10 blocks */
unsigned int doublechecklen = 0;
cx = AES_CreateContext(key, iv, mode, PR_FALSE, keysize, 16);
@@ -951,7 +956,7 @@ aes_decrypt_buf(
goto loser;
}
rv = AES_Decrypt(cx, output, outputlen, maxoutputlen,
- input, inputlen);
+ input, inputlen);
if (rv != SECSuccess) {
goto loser;
}
@@ -970,7 +975,7 @@ aes_decrypt_buf(
goto loser;
}
rv = AES_Encrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck,
- output, *outputlen);
+ output, *outputlen);
if (rv != SECSuccess) {
goto loser;
}
@@ -1000,21 +1005,21 @@ loser:
void
aes_gcm(char *reqfn, int encrypt)
{
- char buf[512]; /* holds one line from the input REQUEST file.
+ char buf[512]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "CIPHERTEXT = <320 hex digits>\n".
*/
- FILE *aesreq; /* input stream from the REQUEST file */
- FILE *aesresp; /* output stream to the RESPONSE file */
+ FILE *aesreq; /* input stream from the REQUEST file */
+ FILE *aesresp; /* output stream to the RESPONSE file */
int i, j;
- unsigned char key[32]; /* 128, 192, or 256 bits */
+ unsigned char key[32]; /* 128, 192, or 256 bits */
unsigned int keysize = 0;
- unsigned char iv[128]; /* handle large gcm IV's */
- unsigned char plaintext[10*16]; /* 1 to 10 blocks */
+ unsigned char iv[128]; /* handle large gcm IV's */
+ unsigned char plaintext[10 * 16]; /* 1 to 10 blocks */
unsigned int plaintextlen;
- unsigned char ciphertext[11*16]; /* 1 to 10 blocks + tag */
+ unsigned char ciphertext[11 * 16]; /* 1 to 10 blocks + tag */
unsigned int ciphertextlen;
- unsigned char aad[11*16]; /* 1 to 10 blocks + tag */
+ unsigned char aad[11 * 16]; /* 1 to 10 blocks + tag */
unsigned int aadlen = 0;
unsigned int tagbits;
unsigned int taglen = 0;
@@ -1032,18 +1037,18 @@ aes_gcm(char *reqfn, int encrypt)
}
/* [ENCRYPT] or [DECRYPT] */
if (buf[0] == '[') {
- if (strncmp(buf, "[Taglen", 7) == 0) {
+ if (strncmp(buf, "[Taglen", 7) == 0) {
if (sscanf(buf, "[Taglen = %d]", &tagbits) != 1) {
goto loser;
}
- taglen = tagbits/8;
- }
- if (strncmp(buf, "[IVlen", 6) == 0) {
+ taglen = tagbits / 8;
+ }
+ if (strncmp(buf, "[IVlen", 6) == 0) {
if (sscanf(buf, "[IVlen = %d]", &ivlen) != 1) {
goto loser;
}
- ivlen=ivlen/8;
- }
+ ivlen = ivlen / 8;
+ }
fputs(buf, aesresp);
continue;
}
@@ -1066,7 +1071,7 @@ aes_gcm(char *reqfn, int encrypt)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
}
keysize = j;
@@ -1079,7 +1084,7 @@ aes_gcm(char *reqfn, int encrypt)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<sizeof iv; i+=2,j++) {
+ for (j = 0; j < sizeof iv; i += 2, j++) {
hex_to_byteval(&buf[i], &iv[j]);
}
fputs(buf, aesresp);
@@ -1096,7 +1101,7 @@ aes_gcm(char *reqfn, int encrypt)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &plaintext[j]);
}
plaintextlen = j;
@@ -1114,7 +1119,7 @@ aes_gcm(char *reqfn, int encrypt)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &ciphertext[j]);
}
ciphertextlen = j;
@@ -1126,7 +1131,7 @@ aes_gcm(char *reqfn, int encrypt)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &aad[j]);
}
aadlen = j;
@@ -1144,25 +1149,25 @@ aes_gcm(char *reqfn, int encrypt)
params.ulAADLen = aadlen;
params.ulTagBits = tagbits;
rv = aes_encrypt_buf(NSS_AES_GCM, key, keysize,
- (unsigned char *)&params,
- ciphertext, &ciphertextlen, sizeof ciphertext,
- plaintext, plaintextlen);
+ (unsigned char *)&params,
+ ciphertext, &ciphertextlen, sizeof ciphertext,
+ plaintext, plaintextlen);
if (rv != SECSuccess) {
goto loser;
}
- if (encrypt == 2) {
+ if (encrypt == 2) {
fputs("IV = ", aesresp);
to_hex_str(buf, iv, ivlen);
fputs(buf, aesresp);
fputc('\n', aesresp);
- }
+ }
fputs("CT = ", aesresp);
- j = ciphertextlen-taglen;
+ j = ciphertextlen - taglen;
to_hex_str(buf, ciphertext, j);
fputs(buf, aesresp);
fputs("\nTag = ", aesresp);
- to_hex_str(buf, ciphertext+j, taglen);
+ to_hex_str(buf, ciphertext + j, taglen);
fputs(buf, aesresp);
fputc('\n', aesresp);
}
@@ -1178,8 +1183,8 @@ aes_gcm(char *reqfn, int encrypt)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
- hex_to_byteval(&buf[i], &ciphertext[j+ciphertextlen]);
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+ hex_to_byteval(&buf[i], &ciphertext[j + ciphertextlen]);
}
ciphertextlen += j;
params.pIv = iv;
@@ -1188,12 +1193,12 @@ aes_gcm(char *reqfn, int encrypt)
params.ulAADLen = aadlen;
params.ulTagBits = tagbits;
rv = aes_decrypt_buf(NSS_AES_GCM, key, keysize,
- (unsigned char *)&params,
- plaintext, &plaintextlen, sizeof plaintext,
- ciphertext, ciphertextlen);
+ (unsigned char *)&params,
+ plaintext, &plaintextlen, sizeof plaintext,
+ ciphertext, ciphertextlen);
fputs(buf, aesresp);
if (rv != SECSuccess) {
- fprintf(aesresp,"FAIL\n");
+ fprintf(aesresp, "FAIL\n");
} else {
fputs("PT = ", aesresp);
to_hex_str(buf, plaintext, plaintextlen);
@@ -1221,21 +1226,21 @@ loser:
void
aes_kat_mmt(char *reqfn)
{
- char buf[512]; /* holds one line from the input REQUEST file.
+ char buf[512]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "CIPHERTEXT = <320 hex digits>\n".
*/
- FILE *aesreq; /* input stream from the REQUEST file */
- FILE *aesresp; /* output stream to the RESPONSE file */
+ FILE *aesreq; /* input stream from the REQUEST file */
+ FILE *aesresp; /* output stream to the RESPONSE file */
int i, j;
- int mode = NSS_AES; /* NSS_AES (ECB) or NSS_AES_CBC */
- int encrypt = 0; /* 1 means encrypt, 0 means decrypt */
- unsigned char key[32]; /* 128, 192, or 256 bits */
+ int mode = NSS_AES; /* NSS_AES (ECB) or NSS_AES_CBC */
+ int encrypt = 0; /* 1 means encrypt, 0 means decrypt */
+ unsigned char key[32]; /* 128, 192, or 256 bits */
unsigned int keysize = 0;
- unsigned char iv[16]; /* for all modes except ECB */
- unsigned char plaintext[10*16]; /* 1 to 10 blocks */
+ unsigned char iv[16]; /* for all modes except ECB */
+ unsigned char plaintext[10 * 16]; /* 1 to 10 blocks */
unsigned int plaintextlen;
- unsigned char ciphertext[10*16]; /* 1 to 10 blocks */
+ unsigned char ciphertext[10 * 16]; /* 1 to 10 blocks */
unsigned int ciphertextlen;
SECStatus rv;
@@ -1277,7 +1282,7 @@ aes_kat_mmt(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
}
keysize = j;
@@ -1291,7 +1296,7 @@ aes_kat_mmt(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<sizeof iv; i+=2,j++) {
+ for (j = 0; j < sizeof iv; i += 2, j++) {
hex_to_byteval(&buf[i], &iv[j]);
}
fputs(buf, aesresp);
@@ -1308,15 +1313,18 @@ aes_kat_mmt(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &plaintext[j]);
}
plaintextlen = j;
rv = aes_encrypt_buf(mode, key, keysize,
- (mode == NSS_AES) ? NULL : iv,
- ciphertext, &ciphertextlen, sizeof ciphertext,
- plaintext, plaintextlen);
+ (mode ==
+ NSS_AES)
+ ? NULL
+ : iv,
+ ciphertext, &ciphertextlen, sizeof ciphertext,
+ plaintext, plaintextlen);
if (rv != SECSuccess) {
goto loser;
}
@@ -1339,15 +1347,18 @@ aes_kat_mmt(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &ciphertext[j]);
}
ciphertextlen = j;
rv = aes_decrypt_buf(mode, key, keysize,
- (mode == NSS_AES) ? NULL : iv,
- plaintext, &plaintextlen, sizeof plaintext,
- ciphertext, ciphertextlen);
+ (mode ==
+ NSS_AES)
+ ? NULL
+ : iv,
+ plaintext, &plaintextlen, sizeof plaintext,
+ ciphertext, ciphertextlen);
if (rv != SECSuccess) {
goto loser;
}
@@ -1370,38 +1381,38 @@ loser:
*/
void
aes_mct_next_key(unsigned char *key, unsigned int keysize,
- const unsigned char *ciphertext_1, const unsigned char *ciphertext)
+ const unsigned char *ciphertext_1, const unsigned char *ciphertext)
{
int k;
switch (keysize) {
- case 16: /* 128-bit key */
- /* Key[i+1] = Key[i] xor CT[j] */
- for (k=0; k<16; k++) {
- key[k] ^= ciphertext[k];
- }
- break;
- case 24: /* 192-bit key */
- /*
+ case 16: /* 128-bit key */
+ /* Key[i+1] = Key[i] xor CT[j] */
+ for (k = 0; k < 16; k++) {
+ key[k] ^= ciphertext[k];
+ }
+ break;
+ case 24: /* 192-bit key */
+ /*
* Key[i+1] = Key[i] xor (last 64-bits of
* CT[j-1] || CT[j])
*/
- for (k=0; k<8; k++) {
- key[k] ^= ciphertext_1[k+8];
- }
- for (k=8; k<24; k++) {
- key[k] ^= ciphertext[k-8];
- }
- break;
- case 32: /* 256-bit key */
- /* Key[i+1] = Key[i] xor (CT[j-1] || CT[j]) */
- for (k=0; k<16; k++) {
- key[k] ^= ciphertext_1[k];
- }
- for (k=16; k<32; k++) {
- key[k] ^= ciphertext[k-16];
- }
- break;
+ for (k = 0; k < 8; k++) {
+ key[k] ^= ciphertext_1[k + 8];
+ }
+ for (k = 8; k < 24; k++) {
+ key[k] ^= ciphertext[k - 8];
+ }
+ break;
+ case 32: /* 256-bit key */
+ /* Key[i+1] = Key[i] xor (CT[j-1] || CT[j]) */
+ for (k = 0; k < 16; k++) {
+ key[k] ^= ciphertext_1[k];
+ }
+ for (k = 16; k < 32; k++) {
+ key[k] ^= ciphertext[k - 16];
+ }
+ break;
}
}
@@ -1419,24 +1430,24 @@ aes_mct_next_key(unsigned char *key, unsigned int keysize,
void
aes_ecb_mct(char *reqfn)
{
- char buf[80]; /* holds one line from the input REQUEST file.
+ char buf[80]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "KEY = <64 hex digits>\n".
*/
- FILE *aesreq; /* input stream from the REQUEST file */
- FILE *aesresp; /* output stream to the RESPONSE file */
+ FILE *aesreq; /* input stream from the REQUEST file */
+ FILE *aesresp; /* output stream to the RESPONSE file */
int i, j;
- int encrypt = 0; /* 1 means encrypt, 0 means decrypt */
- unsigned char key[32]; /* 128, 192, or 256 bits */
+ int encrypt = 0; /* 1 means encrypt, 0 means decrypt */
+ unsigned char key[32]; /* 128, 192, or 256 bits */
unsigned int keysize = 0;
- unsigned char plaintext[16]; /* PT[j] */
- unsigned char plaintext_1[16]; /* PT[j-1] */
- unsigned char ciphertext[16]; /* CT[j] */
- unsigned char ciphertext_1[16]; /* CT[j-1] */
+ unsigned char plaintext[16]; /* PT[j] */
+ unsigned char plaintext_1[16]; /* PT[j-1] */
+ unsigned char ciphertext[16]; /* CT[j] */
+ unsigned char ciphertext_1[16]; /* CT[j-1] */
unsigned char doublecheck[16];
unsigned int outputlen;
- AESContext *cx = NULL; /* the operation being tested */
- AESContext *cx2 = NULL; /* the inverse operation done in parallel
+ AESContext *cx = NULL; /* the operation being tested */
+ AESContext *cx2 = NULL; /* the inverse operation done in parallel
* to doublecheck our result.
*/
SECStatus rv;
@@ -1475,7 +1486,7 @@ aes_ecb_mct(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
}
keysize = j;
@@ -1492,11 +1503,11 @@ aes_ecb_mct(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<sizeof plaintext; i+=2,j++) {
+ for (j = 0; j < sizeof plaintext; i += 2, j++) {
hex_to_byteval(&buf[i], &plaintext[j]);
}
- for (i=0; i<100; i++) {
+ for (i = 0; i < 100; i++) {
sprintf(buf, "COUNT = %d\n", i);
fputs(buf, aesresp);
/* Output Key[i] */
@@ -1511,7 +1522,7 @@ aes_ecb_mct(char *reqfn)
fputc('\n', aesresp);
cx = AES_CreateContext(key, NULL, NSS_AES,
- PR_TRUE, keysize, 16);
+ PR_TRUE, keysize, 16);
if (cx == NULL) {
goto loser;
}
@@ -1520,19 +1531,19 @@ aes_ecb_mct(char *reqfn)
* and comparing the output with the plaintext.
*/
cx2 = AES_CreateContext(key, NULL, NSS_AES,
- PR_FALSE, keysize, 16);
+ PR_FALSE, keysize, 16);
if (cx2 == NULL) {
goto loser;
}
- for (j=0; j<1000; j++) {
+ for (j = 0; j < 1000; j++) {
/* Save CT[j-1] */
memcpy(ciphertext_1, ciphertext, sizeof ciphertext);
/* CT[j] = AES(Key[i], PT[j]) */
outputlen = 0;
rv = AES_Encrypt(cx,
- ciphertext, &outputlen, sizeof ciphertext,
- plaintext, sizeof plaintext);
+ ciphertext, &outputlen, sizeof ciphertext,
+ plaintext, sizeof plaintext);
if (rv != SECSuccess) {
goto loser;
}
@@ -1543,8 +1554,8 @@ aes_ecb_mct(char *reqfn)
/* doublecheck our result */
outputlen = 0;
rv = AES_Decrypt(cx2,
- doublecheck, &outputlen, sizeof doublecheck,
- ciphertext, sizeof ciphertext);
+ doublecheck, &outputlen, sizeof doublecheck,
+ ciphertext, sizeof ciphertext);
if (rv != SECSuccess) {
goto loser;
}
@@ -1590,11 +1601,11 @@ aes_ecb_mct(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &ciphertext[j]);
}
- for (i=0; i<100; i++) {
+ for (i = 0; i < 100; i++) {
sprintf(buf, "COUNT = %d\n", i);
fputs(buf, aesresp);
/* Output Key[i] */
@@ -1609,7 +1620,7 @@ aes_ecb_mct(char *reqfn)
fputc('\n', aesresp);
cx = AES_CreateContext(key, NULL, NSS_AES,
- PR_FALSE, keysize, 16);
+ PR_FALSE, keysize, 16);
if (cx == NULL) {
goto loser;
}
@@ -1618,19 +1629,19 @@ aes_ecb_mct(char *reqfn)
* and comparing the output with the ciphertext.
*/
cx2 = AES_CreateContext(key, NULL, NSS_AES,
- PR_TRUE, keysize, 16);
+ PR_TRUE, keysize, 16);
if (cx2 == NULL) {
goto loser;
}
- for (j=0; j<1000; j++) {
+ for (j = 0; j < 1000; j++) {
/* Save PT[j-1] */
memcpy(plaintext_1, plaintext, sizeof plaintext);
/* PT[j] = AES(Key[i], CT[j]) */
outputlen = 0;
rv = AES_Decrypt(cx,
- plaintext, &outputlen, sizeof plaintext,
- ciphertext, sizeof ciphertext);
+ plaintext, &outputlen, sizeof plaintext,
+ ciphertext, sizeof ciphertext);
if (rv != SECSuccess) {
goto loser;
}
@@ -1641,8 +1652,8 @@ aes_ecb_mct(char *reqfn)
/* doublecheck our result */
outputlen = 0;
rv = AES_Encrypt(cx2,
- doublecheck, &outputlen, sizeof doublecheck,
- plaintext, sizeof plaintext);
+ doublecheck, &outputlen, sizeof doublecheck,
+ plaintext, sizeof plaintext);
if (rv != SECSuccess) {
goto loser;
}
@@ -1702,25 +1713,25 @@ loser:
void
aes_cbc_mct(char *reqfn)
{
- char buf[80]; /* holds one line from the input REQUEST file.
+ char buf[80]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "KEY = <64 hex digits>\n".
*/
- FILE *aesreq; /* input stream from the REQUEST file */
- FILE *aesresp; /* output stream to the RESPONSE file */
+ FILE *aesreq; /* input stream from the REQUEST file */
+ FILE *aesresp; /* output stream to the RESPONSE file */
int i, j;
- int encrypt = 0; /* 1 means encrypt, 0 means decrypt */
- unsigned char key[32]; /* 128, 192, or 256 bits */
+ int encrypt = 0; /* 1 means encrypt, 0 means decrypt */
+ unsigned char key[32]; /* 128, 192, or 256 bits */
unsigned int keysize = 0;
unsigned char iv[16];
- unsigned char plaintext[16]; /* PT[j] */
- unsigned char plaintext_1[16]; /* PT[j-1] */
- unsigned char ciphertext[16]; /* CT[j] */
- unsigned char ciphertext_1[16]; /* CT[j-1] */
+ unsigned char plaintext[16]; /* PT[j] */
+ unsigned char plaintext_1[16]; /* PT[j-1] */
+ unsigned char ciphertext[16]; /* CT[j] */
+ unsigned char ciphertext_1[16]; /* CT[j-1] */
unsigned char doublecheck[16];
unsigned int outputlen;
- AESContext *cx = NULL; /* the operation being tested */
- AESContext *cx2 = NULL; /* the inverse operation done in parallel
+ AESContext *cx = NULL; /* the operation being tested */
+ AESContext *cx2 = NULL; /* the inverse operation done in parallel
* to doublecheck our result.
*/
SECStatus rv;
@@ -1760,7 +1771,7 @@ aes_cbc_mct(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
}
keysize = j;
@@ -1773,7 +1784,7 @@ aes_cbc_mct(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<sizeof iv; i+=2,j++) {
+ for (j = 0; j < sizeof iv; i += 2, j++) {
hex_to_byteval(&buf[i], &iv[j]);
}
continue;
@@ -1789,11 +1800,11 @@ aes_cbc_mct(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<sizeof plaintext; i+=2,j++) {
+ for (j = 0; j < sizeof plaintext; i += 2, j++) {
hex_to_byteval(&buf[i], &plaintext[j]);
}
- for (i=0; i<100; i++) {
+ for (i = 0; i < 100; i++) {
sprintf(buf, "COUNT = %d\n", i);
fputs(buf, aesresp);
/* Output Key[i] */
@@ -1813,7 +1824,7 @@ aes_cbc_mct(char *reqfn)
fputc('\n', aesresp);
cx = AES_CreateContext(key, iv, NSS_AES_CBC,
- PR_TRUE, keysize, 16);
+ PR_TRUE, keysize, 16);
if (cx == NULL) {
goto loser;
}
@@ -1822,13 +1833,13 @@ aes_cbc_mct(char *reqfn)
* and comparing the output with the plaintext.
*/
cx2 = AES_CreateContext(key, iv, NSS_AES_CBC,
- PR_FALSE, keysize, 16);
+ PR_FALSE, keysize, 16);
if (cx2 == NULL) {
goto loser;
}
/* CT[-1] = IV[i] */
memcpy(ciphertext, iv, sizeof ciphertext);
- for (j=0; j<1000; j++) {
+ for (j = 0; j < 1000; j++) {
/* Save CT[j-1] */
memcpy(ciphertext_1, ciphertext, sizeof ciphertext);
/*
@@ -1841,8 +1852,8 @@ aes_cbc_mct(char *reqfn)
*/
outputlen = 0;
rv = AES_Encrypt(cx,
- ciphertext, &outputlen, sizeof ciphertext,
- plaintext, sizeof plaintext);
+ ciphertext, &outputlen, sizeof ciphertext,
+ plaintext, sizeof plaintext);
if (rv != SECSuccess) {
goto loser;
}
@@ -1853,8 +1864,8 @@ aes_cbc_mct(char *reqfn)
/* doublecheck our result */
outputlen = 0;
rv = AES_Decrypt(cx2,
- doublecheck, &outputlen, sizeof doublecheck,
- ciphertext, sizeof ciphertext);
+ doublecheck, &outputlen, sizeof doublecheck,
+ ciphertext, sizeof ciphertext);
if (rv != SECSuccess) {
goto loser;
}
@@ -1901,11 +1912,11 @@ aes_cbc_mct(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &ciphertext[j]);
}
- for (i=0; i<100; i++) {
+ for (i = 0; i < 100; i++) {
sprintf(buf, "COUNT = %d\n", i);
fputs(buf, aesresp);
/* Output Key[i] */
@@ -1925,7 +1936,7 @@ aes_cbc_mct(char *reqfn)
fputc('\n', aesresp);
cx = AES_CreateContext(key, iv, NSS_AES_CBC,
- PR_FALSE, keysize, 16);
+ PR_FALSE, keysize, 16);
if (cx == NULL) {
goto loser;
}
@@ -1934,13 +1945,13 @@ aes_cbc_mct(char *reqfn)
* and comparing the output with the ciphertext.
*/
cx2 = AES_CreateContext(key, iv, NSS_AES_CBC,
- PR_TRUE, keysize, 16);
+ PR_TRUE, keysize, 16);
if (cx2 == NULL) {
goto loser;
}
/* PT[-1] = IV[i] */
memcpy(plaintext, iv, sizeof plaintext);
- for (j=0; j<1000; j++) {
+ for (j = 0; j < 1000; j++) {
/* Save PT[j-1] */
memcpy(plaintext_1, plaintext, sizeof plaintext);
/*
@@ -1953,8 +1964,8 @@ aes_cbc_mct(char *reqfn)
*/
outputlen = 0;
rv = AES_Decrypt(cx,
- plaintext, &outputlen, sizeof plaintext,
- ciphertext, sizeof ciphertext);
+ plaintext, &outputlen, sizeof plaintext,
+ ciphertext, sizeof ciphertext);
if (rv != SECSuccess) {
goto loser;
}
@@ -1965,8 +1976,8 @@ aes_cbc_mct(char *reqfn)
/* doublecheck our result */
outputlen = 0;
rv = AES_Encrypt(cx2,
- doublecheck, &outputlen, sizeof doublecheck,
- plaintext, sizeof plaintext);
+ doublecheck, &outputlen, sizeof doublecheck,
+ plaintext, sizeof plaintext);
if (rv != SECSuccess) {
goto loser;
}
@@ -2013,21 +2024,22 @@ loser:
fclose(aesreq);
}
-void write_compact_string(FILE *out, unsigned char *hash, unsigned int len)
+void
+write_compact_string(FILE *out, unsigned char *hash, unsigned int len)
{
unsigned int i;
int j, count = 0, last = -1, z = 0;
long start = ftell(out);
- for (i=0; i<len; i++) {
- for (j=7; j>=0; j--) {
+ for (i = 0; i < len; i++) {
+ for (j = 7; j >= 0; j--) {
if (last < 0) {
last = (hash[i] & (1 << j)) ? 1 : 0;
fprintf(out, "%d ", last);
count = 1;
} else if (hash[i] & (1 << j)) {
if (last) {
- count++;
- } else {
+ count++;
+ } else {
last = 0;
fprintf(out, "%d ", count);
count = 1;
@@ -2035,8 +2047,8 @@ void write_compact_string(FILE *out, unsigned char *hash, unsigned int len)
}
} else {
if (!last) {
- count++;
- } else {
+ count++;
+ } else {
last = 1;
fprintf(out, "%d ", count);
count = 1;
@@ -2051,7 +2063,8 @@ void write_compact_string(FILE *out, unsigned char *hash, unsigned int len)
fseek(out, 0, SEEK_END);
}
-int get_next_line(FILE *req, char *key, char *val, FILE *rsp)
+int
+get_next_line(FILE *req, char *key, char *val, FILE *rsp)
{
int ignore = 0;
char *writeto = key;
@@ -2060,7 +2073,8 @@ int get_next_line(FILE *req, char *key, char *val, FILE *rsp)
while ((c = fgetc(req)) != EOF) {
if (ignore) {
fprintf(rsp, "%c", c);
- if (c == '\n') return ignore;
+ if (c == '\n')
+ return ignore;
} else if (c == '\n') {
break;
} else if (c == '#') {
@@ -2086,92 +2100,92 @@ typedef struct curveNameTagPairStr {
SECOidTag curveOidTag;
} CurveNameTagPair;
-#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
+#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */
static CurveNameTagPair nameTagPair[] =
-{
- { "sect163k1", SEC_OID_SECG_EC_SECT163K1},
- { "nistk163", SEC_OID_SECG_EC_SECT163K1},
- { "sect163r1", SEC_OID_SECG_EC_SECT163R1},
- { "sect163r2", SEC_OID_SECG_EC_SECT163R2},
- { "nistb163", SEC_OID_SECG_EC_SECT163R2},
- { "sect193r1", SEC_OID_SECG_EC_SECT193R1},
- { "sect193r2", SEC_OID_SECG_EC_SECT193R2},
- { "sect233k1", SEC_OID_SECG_EC_SECT233K1},
- { "nistk233", SEC_OID_SECG_EC_SECT233K1},
- { "sect233r1", SEC_OID_SECG_EC_SECT233R1},
- { "nistb233", SEC_OID_SECG_EC_SECT233R1},
- { "sect239k1", SEC_OID_SECG_EC_SECT239K1},
- { "sect283k1", SEC_OID_SECG_EC_SECT283K1},
- { "nistk283", SEC_OID_SECG_EC_SECT283K1},
- { "sect283r1", SEC_OID_SECG_EC_SECT283R1},
- { "nistb283", SEC_OID_SECG_EC_SECT283R1},
- { "sect409k1", SEC_OID_SECG_EC_SECT409K1},
- { "nistk409", SEC_OID_SECG_EC_SECT409K1},
- { "sect409r1", SEC_OID_SECG_EC_SECT409R1},
- { "nistb409", SEC_OID_SECG_EC_SECT409R1},
- { "sect571k1", SEC_OID_SECG_EC_SECT571K1},
- { "nistk571", SEC_OID_SECG_EC_SECT571K1},
- { "sect571r1", SEC_OID_SECG_EC_SECT571R1},
- { "nistb571", SEC_OID_SECG_EC_SECT571R1},
- { "secp160k1", SEC_OID_SECG_EC_SECP160K1},
- { "secp160r1", SEC_OID_SECG_EC_SECP160R1},
- { "secp160r2", SEC_OID_SECG_EC_SECP160R2},
- { "secp192k1", SEC_OID_SECG_EC_SECP192K1},
- { "secp192r1", SEC_OID_SECG_EC_SECP192R1},
- { "nistp192", SEC_OID_SECG_EC_SECP192R1},
- { "secp224k1", SEC_OID_SECG_EC_SECP224K1},
- { "secp224r1", SEC_OID_SECG_EC_SECP224R1},
- { "nistp224", SEC_OID_SECG_EC_SECP224R1},
- { "secp256k1", SEC_OID_SECG_EC_SECP256K1},
- { "secp256r1", SEC_OID_SECG_EC_SECP256R1},
- { "nistp256", SEC_OID_SECG_EC_SECP256R1},
- { "secp384r1", SEC_OID_SECG_EC_SECP384R1},
- { "nistp384", SEC_OID_SECG_EC_SECP384R1},
- { "secp521r1", SEC_OID_SECG_EC_SECP521R1},
- { "nistp521", SEC_OID_SECG_EC_SECP521R1},
-
- { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
- { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
- { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
- { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
- { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
- { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
-
- { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
- { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
- { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
- { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
- { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
- { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
- { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
- { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
- { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
- { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
- { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
- { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
- { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
- { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
- { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
- { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
- { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
- { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
- { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
- { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
-
- { "secp112r1", SEC_OID_SECG_EC_SECP112R1},
- { "secp112r2", SEC_OID_SECG_EC_SECP112R2},
- { "secp128r1", SEC_OID_SECG_EC_SECP128R1},
- { "secp128r2", SEC_OID_SECG_EC_SECP128R2},
-
- { "sect113r1", SEC_OID_SECG_EC_SECT113R1},
- { "sect113r2", SEC_OID_SECG_EC_SECT113R2},
- { "sect131r1", SEC_OID_SECG_EC_SECT131R1},
- { "sect131r2", SEC_OID_SECG_EC_SECT131R2},
-};
-
-static SECItem *
+ {
+ { "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
+ { "nistk163", SEC_OID_SECG_EC_SECT163K1 },
+ { "sect163r1", SEC_OID_SECG_EC_SECT163R1 },
+ { "sect163r2", SEC_OID_SECG_EC_SECT163R2 },
+ { "nistb163", SEC_OID_SECG_EC_SECT163R2 },
+ { "sect193r1", SEC_OID_SECG_EC_SECT193R1 },
+ { "sect193r2", SEC_OID_SECG_EC_SECT193R2 },
+ { "sect233k1", SEC_OID_SECG_EC_SECT233K1 },
+ { "nistk233", SEC_OID_SECG_EC_SECT233K1 },
+ { "sect233r1", SEC_OID_SECG_EC_SECT233R1 },
+ { "nistb233", SEC_OID_SECG_EC_SECT233R1 },
+ { "sect239k1", SEC_OID_SECG_EC_SECT239K1 },
+ { "sect283k1", SEC_OID_SECG_EC_SECT283K1 },
+ { "nistk283", SEC_OID_SECG_EC_SECT283K1 },
+ { "sect283r1", SEC_OID_SECG_EC_SECT283R1 },
+ { "nistb283", SEC_OID_SECG_EC_SECT283R1 },
+ { "sect409k1", SEC_OID_SECG_EC_SECT409K1 },
+ { "nistk409", SEC_OID_SECG_EC_SECT409K1 },
+ { "sect409r1", SEC_OID_SECG_EC_SECT409R1 },
+ { "nistb409", SEC_OID_SECG_EC_SECT409R1 },
+ { "sect571k1", SEC_OID_SECG_EC_SECT571K1 },
+ { "nistk571", SEC_OID_SECG_EC_SECT571K1 },
+ { "sect571r1", SEC_OID_SECG_EC_SECT571R1 },
+ { "nistb571", SEC_OID_SECG_EC_SECT571R1 },
+ { "secp160k1", SEC_OID_SECG_EC_SECP160K1 },
+ { "secp160r1", SEC_OID_SECG_EC_SECP160R1 },
+ { "secp160r2", SEC_OID_SECG_EC_SECP160R2 },
+ { "secp192k1", SEC_OID_SECG_EC_SECP192K1 },
+ { "secp192r1", SEC_OID_SECG_EC_SECP192R1 },
+ { "nistp192", SEC_OID_SECG_EC_SECP192R1 },
+ { "secp224k1", SEC_OID_SECG_EC_SECP224K1 },
+ { "secp224r1", SEC_OID_SECG_EC_SECP224R1 },
+ { "nistp224", SEC_OID_SECG_EC_SECP224R1 },
+ { "secp256k1", SEC_OID_SECG_EC_SECP256K1 },
+ { "secp256r1", SEC_OID_SECG_EC_SECP256R1 },
+ { "nistp256", SEC_OID_SECG_EC_SECP256R1 },
+ { "secp384r1", SEC_OID_SECG_EC_SECP384R1 },
+ { "nistp384", SEC_OID_SECG_EC_SECP384R1 },
+ { "secp521r1", SEC_OID_SECG_EC_SECP521R1 },
+ { "nistp521", SEC_OID_SECG_EC_SECP521R1 },
+
+ { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
+ { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
+ { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
+ { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
+ { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
+ { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
+
+ { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
+ { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
+ { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
+ { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
+ { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
+ { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
+ { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
+ { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
+ { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
+ { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
+ { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
+ { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
+ { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
+ { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
+ { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
+ { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
+ { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
+ { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
+ { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
+ { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
+
+ { "secp112r1", SEC_OID_SECG_EC_SECP112R1 },
+ { "secp112r2", SEC_OID_SECG_EC_SECP112R2 },
+ { "secp128r1", SEC_OID_SECG_EC_SECP128R1 },
+ { "secp128r2", SEC_OID_SECG_EC_SECP128R2 },
+
+ { "sect113r1", SEC_OID_SECG_EC_SECT113R1 },
+ { "sect113r2", SEC_OID_SECG_EC_SECT113R2 },
+ { "sect131r1", SEC_OID_SECG_EC_SECT131R1 },
+ { "sect131r2", SEC_OID_SECG_EC_SECT131R2 },
+ };
+
+static SECItem *
getECParams(const char *curve)
{
SECItem *ecparams;
@@ -2180,8 +2194,8 @@ getECParams(const char *curve)
int i, numCurves;
if (curve != NULL) {
- numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
- for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
+ numCurves = sizeof(nameTagPair) / sizeof(CurveNameTagPair);
+ for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
i++) {
if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
curveOidTag = nameTagPair[i].curveOidTag;
@@ -2189,7 +2203,7 @@ getECParams(const char *curve)
}
/* Return NULL if curve name is not recognized */
- if ((curveOidTag == SEC_OID_UNKNOWN) ||
+ if ((curveOidTag == SEC_OID_UNKNOWN) ||
(oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
return NULL;
@@ -2197,9 +2211,9 @@ getECParams(const char *curve)
ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
- /*
+ /*
* ecparams->data needs to contain the ASN encoding of an object ID (OID)
- * representing the named curve. The actual OID is in
+ * representing the named curve. The actual OID is in
* oidData->oid.data so we simply prepend 0x06 and OID length
*/
ecparams->data[0] = SEC_ASN1_OBJECT_ID;
@@ -2215,29 +2229,29 @@ getECParams(const char *curve)
* replace the functionality for fipstest.
*/
SECStatus
-fips_hashBuf(HASH_HashType type, unsigned char *hashBuf,
- unsigned char *msg, int len)
+fips_hashBuf(HASH_HashType type, unsigned char *hashBuf,
+ unsigned char *msg, int len)
{
SECStatus rv = SECFailure;
switch (type) {
- case HASH_AlgSHA1:
- rv = SHA1_HashBuf(hashBuf, msg, len);
- break;
- case HASH_AlgSHA224:
- rv = SHA224_HashBuf(hashBuf, msg, len);
- break;
- case HASH_AlgSHA256:
- rv = SHA256_HashBuf(hashBuf, msg, len);
- break;
- case HASH_AlgSHA384:
- rv = SHA384_HashBuf(hashBuf, msg, len);
- break;
- case HASH_AlgSHA512:
- rv = SHA512_HashBuf(hashBuf, msg, len);
- break;
- default:
- break;
+ case HASH_AlgSHA1:
+ rv = SHA1_HashBuf(hashBuf, msg, len);
+ break;
+ case HASH_AlgSHA224:
+ rv = SHA224_HashBuf(hashBuf, msg, len);
+ break;
+ case HASH_AlgSHA256:
+ rv = SHA256_HashBuf(hashBuf, msg, len);
+ break;
+ case HASH_AlgSHA384:
+ rv = SHA384_HashBuf(hashBuf, msg, len);
+ break;
+ case HASH_AlgSHA512:
+ rv = SHA512_HashBuf(hashBuf, msg, len);
+ break;
+ default:
+ break;
}
return rv;
}
@@ -2248,23 +2262,23 @@ fips_hashLen(HASH_HashType type)
int len = 0;
switch (type) {
- case HASH_AlgSHA1:
- len = SHA1_LENGTH;
- break;
- case HASH_AlgSHA224:
- len = SHA224_LENGTH;
- break;
- case HASH_AlgSHA256:
- len = SHA256_LENGTH;
- break;
- case HASH_AlgSHA384:
- len = SHA384_LENGTH;
- break;
- case HASH_AlgSHA512:
- len = SHA512_LENGTH;
- break;
- default:
- break;
+ case HASH_AlgSHA1:
+ len = SHA1_LENGTH;
+ break;
+ case HASH_AlgSHA224:
+ len = SHA224_LENGTH;
+ break;
+ case HASH_AlgSHA256:
+ len = SHA256_LENGTH;
+ break;
+ case HASH_AlgSHA384:
+ len = SHA384_LENGTH;
+ break;
+ case HASH_AlgSHA512:
+ len = SHA512_LENGTH;
+ break;
+ default:
+ break;
}
return len;
}
@@ -2275,23 +2289,23 @@ fips_hashOid(HASH_HashType type)
SECOidTag oid = SEC_OID_UNKNOWN;
switch (type) {
- case HASH_AlgSHA1:
- oid = SEC_OID_SHA1;
- break;
- case HASH_AlgSHA224:
- oid = SEC_OID_SHA224;
- break;
- case HASH_AlgSHA256:
- oid = SEC_OID_SHA256;
- break;
- case HASH_AlgSHA384:
- oid = SEC_OID_SHA384;
- break;
- case HASH_AlgSHA512:
- oid = SEC_OID_SHA512;
- break;
- default:
- break;
+ case HASH_AlgSHA1:
+ oid = SEC_OID_SHA1;
+ break;
+ case HASH_AlgSHA224:
+ oid = SEC_OID_SHA224;
+ break;
+ case HASH_AlgSHA256:
+ oid = SEC_OID_SHA256;
+ break;
+ case HASH_AlgSHA384:
+ oid = SEC_OID_SHA384;
+ break;
+ case HASH_AlgSHA512:
+ oid = SEC_OID_SHA512;
+ break;
+ default:
+ break;
}
return oid;
}
@@ -2302,24 +2316,24 @@ sha_get_hashType(int hashbits)
HASH_HashType hashType = HASH_AlgNULL;
switch (hashbits) {
- case 1:
- case (SHA1_LENGTH*PR_BITS_PER_BYTE):
- hashType = HASH_AlgSHA1;
- break;
- case (SHA224_LENGTH*PR_BITS_PER_BYTE):
- hashType = HASH_AlgSHA224;
- break;
- case (SHA256_LENGTH*PR_BITS_PER_BYTE):
- hashType = HASH_AlgSHA256;
- break;
- case (SHA384_LENGTH*PR_BITS_PER_BYTE):
- hashType = HASH_AlgSHA384;
- break;
- case (SHA512_LENGTH*PR_BITS_PER_BYTE):
- hashType = HASH_AlgSHA512;
- break;
- default:
- break;
+ case 1:
+ case (SHA1_LENGTH * PR_BITS_PER_BYTE):
+ hashType = HASH_AlgSHA1;
+ break;
+ case (SHA224_LENGTH * PR_BITS_PER_BYTE):
+ hashType = HASH_AlgSHA224;
+ break;
+ case (SHA256_LENGTH * PR_BITS_PER_BYTE):
+ hashType = HASH_AlgSHA256;
+ break;
+ case (SHA384_LENGTH * PR_BITS_PER_BYTE):
+ hashType = HASH_AlgSHA384;
+ break;
+ case (SHA512_LENGTH * PR_BITS_PER_BYTE):
+ hashType = HASH_AlgSHA512;
+ break;
+ default:
+ break;
}
return hashType;
}
@@ -2334,14 +2348,14 @@ sha_get_hashType(int hashbits)
void
ecdsa_keypair_test(char *reqfn)
{
- char buf[256]; /* holds one line from the input REQUEST file
+ char buf[256]; /* holds one line from the input REQUEST file
* or to the output RESPONSE file.
* needs to be large enough to hold the longest
* line "Qx = <144 hex digits>\n".
*/
- FILE *ecdsareq; /* input stream from the REQUEST file */
- FILE *ecdsaresp; /* output stream to the RESPONSE file */
- char curve[16]; /* "nistxddd" */
+ FILE *ecdsareq; /* input stream from the REQUEST file */
+ FILE *ecdsaresp; /* output stream to the RESPONSE file */
+ char curve[16]; /* "nistxddd" */
ECParams *ecparams = NULL;
int N;
int i;
@@ -2374,7 +2388,7 @@ ecdsa_keypair_test(char *reqfn)
src = &buf[1];
dst = &curve[4];
*dst++ = tolower(*src);
- src += 2; /* skip the hyphen */
+ src += 2; /* skip the hyphen */
*dst++ = *src++;
*dst++ = *src++;
*dst++ = *src++;
@@ -2408,17 +2422,17 @@ ecdsa_keypair_test(char *reqfn)
ecpriv->privateValue.len);
fputs(buf, ecdsaresp);
fputc('\n', ecdsaresp);
- if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue)
- != SECSuccess) {
+ if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) !=
+ SECSuccess) {
goto loser;
}
len = ecpriv->publicValue.len;
- if (len%2 == 0) {
+ if (len % 2 == 0) {
goto loser;
}
- len = (len-1)/2;
- if (ecpriv->publicValue.data[0]
- != EC_POINT_FORM_UNCOMPRESSED) {
+ len = (len - 1) / 2;
+ if (ecpriv->publicValue.data[0] !=
+ EC_POINT_FORM_UNCOMPRESSED) {
goto loser;
}
fputs("Qx = ", ecdsaresp);
@@ -2426,7 +2440,7 @@ ecdsa_keypair_test(char *reqfn)
fputs(buf, ecdsaresp);
fputc('\n', ecdsaresp);
fputs("Qy = ", ecdsaresp);
- to_hex_str(buf, &ecpriv->publicValue.data[1+len], len);
+ to_hex_str(buf, &ecpriv->publicValue.data[1 + len], len);
fputs(buf, ecdsaresp);
fputc('\n', ecdsaresp);
fputc('\n', ecdsaresp);
@@ -2453,13 +2467,13 @@ loser:
void
ecdsa_pkv_test(char *reqfn)
{
- char buf[256]; /* holds one line from the input REQUEST file.
+ char buf[256]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "Qx = <144 hex digits>\n".
*/
- FILE *ecdsareq; /* input stream from the REQUEST file */
- FILE *ecdsaresp; /* output stream to the RESPONSE file */
- char curve[16]; /* "nistxddd" */
+ FILE *ecdsareq; /* input stream from the REQUEST file */
+ FILE *ecdsaresp; /* output stream to the RESPONSE file */
+ char curve[16]; /* "nistxddd" */
ECParams *ecparams = NULL;
SECItem pubkey;
unsigned int i;
@@ -2485,7 +2499,7 @@ ecdsa_pkv_test(char *reqfn)
src = &buf[1];
dst = &curve[4];
*dst++ = tolower(*src);
- src += 2; /* skip the hyphen */
+ src += 2; /* skip the hyphen */
*dst++ = *src++;
*dst++ = *src++;
*dst++ = *src++;
@@ -2509,7 +2523,7 @@ ecdsa_pkv_test(char *reqfn)
PORT_Free(pubkey.data);
pubkey.data = NULL;
}
- SECITEM_AllocItem(NULL, &pubkey, 2*len+1);
+ SECITEM_AllocItem(NULL, &pubkey, 2 * len + 1);
if (pubkey.data == NULL) {
goto loser;
}
@@ -2538,7 +2552,7 @@ ecdsa_pkv_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- keyvalid = from_hex_str(&pubkey.data[1+len], len, &buf[i]);
+ keyvalid = from_hex_str(&pubkey.data[1 + len], len, &buf[i]);
if (!keyvalid) {
fputs("Result = F\n", ecdsaresp);
continue;
@@ -2573,23 +2587,23 @@ loser:
void
ecdsa_siggen_test(char *reqfn)
{
- char buf[1024]; /* holds one line from the input REQUEST file
+ char buf[1024]; /* holds one line from the input REQUEST file
* or to the output RESPONSE file.
* needs to be large enough to hold the longest
* line "Msg = <256 hex digits>\n".
*/
- FILE *ecdsareq; /* input stream from the REQUEST file */
- FILE *ecdsaresp; /* output stream to the RESPONSE file */
- char curve[16]; /* "nistxddd" */
+ FILE *ecdsareq; /* input stream from the REQUEST file */
+ FILE *ecdsaresp; /* output stream to the RESPONSE file */
+ char curve[16]; /* "nistxddd" */
ECParams *ecparams = NULL;
int i, j;
unsigned int len;
- unsigned char msg[512]; /* message to be signed (<= 128 bytes) */
+ unsigned char msg[512]; /* message to be signed (<= 128 bytes) */
unsigned int msglen;
- unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
- unsigned int shaLength = 0; /* length of SHA */
- HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */
- unsigned char sig[2*MAX_ECKEY_LEN];
+ unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
+ unsigned int shaLength = 0; /* length of SHA */
+ HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */
+ unsigned char sig[2 * MAX_ECKEY_LEN];
SECItem signature, digest;
ecdsareq = fopen(reqfn, "r");
@@ -2610,7 +2624,7 @@ ecdsa_siggen_test(char *reqfn)
src = &buf[1];
dst = &curve[4];
*dst++ = tolower(*src);
- src += 2; /* skip the hyphen */
+ src += 2; /* skip the hyphen */
*dst++ = *src++;
*dst++ = *src++;
*dst++ = *src++;
@@ -2623,13 +2637,13 @@ ecdsa_siggen_test(char *reqfn)
shaAlg = HASH_AlgSHA224;
} else if (strncmp(src, "SHA-256", 7) == 0) {
shaAlg = HASH_AlgSHA256;
- } else if (strncmp(src, "SHA-384", 7)== 0) {
- shaAlg = HASH_AlgSHA384;
+ } else if (strncmp(src, "SHA-384", 7) == 0) {
+ shaAlg = HASH_AlgSHA384;
} else if (strncmp(src, "SHA-512", 7) == 0) {
- shaAlg = HASH_AlgSHA512;
+ shaAlg = HASH_AlgSHA512;
} else {
- fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type");
- goto loser;
+ fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type");
+ goto loser;
}
if (ecparams != NULL) {
PORT_FreeArena(ecparams->arena, PR_FALSE);
@@ -2656,14 +2670,14 @@ ecdsa_siggen_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &msg[j]);
}
msglen = j;
shaLength = fips_hashLen(shaAlg);
- if (fips_hashBuf(shaAlg,sha,msg,msglen) != SECSuccess) {
+ if (fips_hashBuf(shaAlg, sha, msg, msglen) != SECSuccess) {
if (shaLength == 0) {
- fprintf(ecdsaresp, "ERROR: SHAAlg not defined.");
+ fprintf(ecdsaresp, "ERROR: SHAAlg not defined.");
}
fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x",
shaLength == 160 ? 1 : shaLength);
@@ -2674,15 +2688,15 @@ ecdsa_siggen_test(char *reqfn)
if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) {
goto loser;
}
- if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue)
- != SECSuccess) {
+ if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) !=
+ SECSuccess) {
goto loser;
}
len = ecpriv->publicValue.len;
- if (len%2 == 0) {
+ if (len % 2 == 0) {
goto loser;
}
- len = (len-1)/2;
+ len = (len - 1) / 2;
if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
goto loser;
}
@@ -2691,7 +2705,7 @@ ecdsa_siggen_test(char *reqfn)
fputs(buf, ecdsaresp);
fputc('\n', ecdsaresp);
fputs("Qy = ", ecdsaresp);
- to_hex_str(buf, &ecpriv->publicValue.data[1+len], len);
+ to_hex_str(buf, &ecpriv->publicValue.data[1 + len], len);
fputs(buf, ecdsaresp);
fputc('\n', ecdsaresp);
@@ -2705,10 +2719,10 @@ ecdsa_siggen_test(char *reqfn)
goto loser;
}
len = signature.len;
- if (len%2 != 0) {
+ if (len % 2 != 0) {
goto loser;
}
- len = len/2;
+ len = len / 2;
fputs("R = ", ecdsaresp);
to_hex_str(buf, &signature.data[0], len);
fputs(buf, ecdsaresp);
@@ -2739,23 +2753,23 @@ loser:
void
ecdsa_sigver_test(char *reqfn)
{
- char buf[1024]; /* holds one line from the input REQUEST file.
+ char buf[1024]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "Msg = <256 hex digits>\n".
*/
- FILE *ecdsareq; /* input stream from the REQUEST file */
- FILE *ecdsaresp; /* output stream to the RESPONSE file */
- char curve[16]; /* "nistxddd" */
+ FILE *ecdsareq; /* input stream from the REQUEST file */
+ FILE *ecdsaresp; /* output stream to the RESPONSE file */
+ char curve[16]; /* "nistxddd" */
ECPublicKey ecpub;
unsigned int i, j;
unsigned int flen = 0; /* length in bytes of the field size */
unsigned int olen = 0; /* length in bytes of the base point order */
- unsigned char msg[512]; /* message that was signed (<= 128 bytes) */
+ unsigned char msg[512]; /* message that was signed (<= 128 bytes) */
unsigned int msglen = 0;
- unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
- unsigned int shaLength = 0; /* length of SHA */
- HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */
- unsigned char sig[2*MAX_ECKEY_LEN];
+ unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
+ unsigned int shaLength = 0; /* length of SHA */
+ HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */
+ unsigned char sig[2 * MAX_ECKEY_LEN];
SECItem signature, digest;
PRBool keyvalid = PR_TRUE;
PRBool sigvalid = PR_TRUE;
@@ -2780,7 +2794,7 @@ ecdsa_sigver_test(char *reqfn)
src = &buf[1];
dst = &curve[4];
*dst++ = tolower(*src);
- src += 2; /* skip the hyphen */
+ src += 2; /* skip the hyphen */
*dst++ = *src++;
*dst++ = *src++;
*dst++ = *src++;
@@ -2793,13 +2807,13 @@ ecdsa_sigver_test(char *reqfn)
shaAlg = HASH_AlgSHA224;
} else if (strncmp(src, "SHA-256", 7) == 0) {
shaAlg = HASH_AlgSHA256;
- } else if (strncmp(src, "SHA-384", 7)== 0) {
- shaAlg = HASH_AlgSHA384;
+ } else if (strncmp(src, "SHA-384", 7) == 0) {
+ shaAlg = HASH_AlgSHA384;
} else if (strncmp(src, "SHA-512", 7) == 0) {
- shaAlg = HASH_AlgSHA512;
+ shaAlg = HASH_AlgSHA512;
} else {
- fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type");
- goto loser;
+ fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type");
+ goto loser;
}
encodedparams = getECParams(curve);
if (encodedparams == NULL) {
@@ -2818,21 +2832,21 @@ ecdsa_sigver_test(char *reqfn)
if (ecpub.ecParams.arena == NULL) {
goto loser;
}
- if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams)
- != SECSuccess) {
+ if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams) !=
+ SECSuccess) {
goto loser;
}
PORT_FreeArena(ecparams->arena, PR_FALSE);
flen = (ecpub.ecParams.fieldID.size + 7) >> 3;
olen = ecpub.ecParams.order.len;
- if (2*olen > sizeof sig) {
+ if (2 * olen > sizeof sig) {
goto loser;
}
ecpub.publicValue.type = siBuffer;
ecpub.publicValue.data = NULL;
ecpub.publicValue.len = 0;
SECITEM_AllocItem(ecpub.ecParams.arena,
- &ecpub.publicValue, 2*flen+1);
+ &ecpub.publicValue, 2 * flen + 1);
if (ecpub.publicValue.data == NULL) {
goto loser;
}
@@ -2846,14 +2860,14 @@ ecdsa_sigver_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &msg[j]);
}
msglen = j;
shaLength = fips_hashLen(shaAlg);
- if (fips_hashBuf(shaAlg,sha,msg,msglen) != SECSuccess) {
+ if (fips_hashBuf(shaAlg, sha, msg, msglen) != SECSuccess) {
if (shaLength == 0) {
- fprintf(ecdsaresp, "ERROR: SHAAlg not defined.");
+ fprintf(ecdsaresp, "ERROR: SHAAlg not defined.");
}
fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x",
shaLength == 160 ? 1 : shaLength);
@@ -2888,13 +2902,13 @@ ecdsa_sigver_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- keyvalid = from_hex_str(&ecpub.publicValue.data[1+flen], flen,
+ keyvalid = from_hex_str(&ecpub.publicValue.data[1 + flen], flen,
&buf[i]);
if (!keyvalid) {
continue;
}
- if (EC_ValidatePublicKey(&ecpub.ecParams, &ecpub.publicValue)
- != SECSuccess) {
+ if (EC_ValidatePublicKey(&ecpub.ecParams, &ecpub.publicValue) !=
+ SECSuccess) {
if (PORT_GetError() == SEC_ERROR_BAD_KEY) {
keyvalid = PR_FALSE;
} else {
@@ -2925,12 +2939,12 @@ ecdsa_sigver_test(char *reqfn)
}
signature.type = siBuffer;
signature.data = sig;
- signature.len = 2*olen;
+ signature.len = 2 * olen;
if (!keyvalid || !sigvalid) {
fputs("Result = F\n", ecdsaresp);
- } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest)
- == SECSuccess) {
+ } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest) ==
+ SECSuccess) {
fputs("Result = P\n", ecdsaresp);
} else {
fputs("Result = F\n", ecdsaresp);
@@ -2949,11 +2963,12 @@ loser:
PRBool
isblankline(char *b)
{
- while (isspace(*b)) b++;
- if ((*b == '\n') || (*b == 0)) {
+ while (isspace(*b))
+ b++;
+ if ((*b == '\n') || (*b == 0)) {
return PR_TRUE;
- }
- return PR_FALSE;
+ }
+ return PR_FALSE;
}
static int debug = 0;
@@ -2968,85 +2983,89 @@ static int debug = 0;
void
drbg(char *reqfn)
{
- char buf[2000]; /* test case has some very long lines, returned bits
+ char buf[2000]; /* test case has some very long lines, returned bits
* as high as 800 bytes (6400 bits). That 1600 byte
* plus a tag */
- char buf2[2000];
- FILE *rngreq; /* input stream from the REQUEST file */
- FILE *rngresp; /* output stream to the RESPONSE file */
-
+ char buf2[2000];
+ FILE *rngreq; /* input stream from the REQUEST file */
+ FILE *rngresp; /* output stream to the RESPONSE file */
+
unsigned int i, j;
#ifdef HANDLE_PREDICTION_RESISTANCE
PRBool predictionResistance = PR_FALSE;
#endif
- unsigned char *nonce = NULL;
+ unsigned char *nonce = NULL;
int nonceLen = 0;
- unsigned char *personalizationString = NULL;
+ unsigned char *personalizationString = NULL;
int personalizationStringLen = 0;
- unsigned char *additionalInput = NULL;
+ unsigned char *additionalInput = NULL;
int additionalInputLen = 0;
unsigned char *entropyInput = NULL;
int entropyInputLen = 0;
unsigned char *predictedreturn_bytes = NULL;
unsigned char *return_bytes = NULL;
int return_bytes_len = 0;
- enum { NONE, INSTANTIATE, GENERATE, RESEED, RESULT } command =
- NONE;
+ enum { NONE,
+ INSTANTIATE,
+ GENERATE,
+ RESEED,
+ RESULT } command =
+ NONE;
PRBool genResult = PR_FALSE;
SECStatus rv;
-
+
rngreq = fopen(reqfn, "r");
rngresp = stdout;
while (fgets(buf, sizeof buf, rngreq) != NULL) {
- switch (command) {
+ switch (command) {
case INSTANTIATE:
if (debug) {
- fputs("# PRNGTEST_Instantiate(",rngresp);
- to_hex_str(buf2,entropyInput, entropyInputLen);
- fputs(buf2,rngresp);
- fprintf(rngresp,",%d,",entropyInputLen);
- to_hex_str(buf2,nonce, nonceLen);
- fputs(buf2,rngresp);
- fprintf(rngresp,",%d,",nonceLen);
- to_hex_str(buf2,personalizationString,
- personalizationStringLen);
- fputs(buf2,rngresp);
- fprintf(rngresp,",%d)\n", personalizationStringLen);
+ fputs("# PRNGTEST_Instantiate(", rngresp);
+ to_hex_str(buf2, entropyInput, entropyInputLen);
+ fputs(buf2, rngresp);
+ fprintf(rngresp, ",%d,", entropyInputLen);
+ to_hex_str(buf2, nonce, nonceLen);
+ fputs(buf2, rngresp);
+ fprintf(rngresp, ",%d,", nonceLen);
+ to_hex_str(buf2, personalizationString,
+ personalizationStringLen);
+ fputs(buf2, rngresp);
+ fprintf(rngresp, ",%d)\n", personalizationStringLen);
}
rv = PRNGTEST_Instantiate(entropyInput, entropyInputLen,
nonce, nonceLen,
- personalizationString,
+ personalizationString,
personalizationStringLen);
if (rv != SECSuccess) {
goto loser;
}
break;
-
+
case GENERATE:
case RESULT:
memset(return_bytes, 0, return_bytes_len);
if (debug) {
- fputs("# PRNGTEST_Generate(returnbytes",rngresp);
- fprintf(rngresp,",%d,", return_bytes_len);
- to_hex_str(buf2,additionalInput, additionalInputLen);
- fputs(buf2,rngresp);
- fprintf(rngresp,",%d)\n",additionalInputLen);
+ fputs("# PRNGTEST_Generate(returnbytes", rngresp);
+ fprintf(rngresp, ",%d,", return_bytes_len);
+ to_hex_str(buf2, additionalInput, additionalInputLen);
+ fputs(buf2, rngresp);
+ fprintf(rngresp, ",%d)\n", additionalInputLen);
}
- rv = PRNGTEST_Generate((PRUint8 *) return_bytes,
- return_bytes_len,
- (PRUint8 *) additionalInput,
- additionalInputLen);
+ rv = PRNGTEST_Generate((PRUint8 *)return_bytes,
+ return_bytes_len,
+ (PRUint8 *)additionalInput,
+ additionalInputLen);
if (rv != SECSuccess) {
goto loser;
}
-
+
if (command == RESULT) {
fputs("ReturnedBits = ", rngresp);
to_hex_str(buf2, return_bytes, return_bytes_len);
fputs(buf2, rngresp);
fputc('\n', rngresp);
if (debug) {
- fputs("# PRNGTEST_Uninstantiate()\n",rngresp);
+ fputs("# PRNGTEST_Uninstantiate()\n", rngresp);
}
rv = PRNGTEST_Uninstantiate();
if (rv != SECSuccess) {
@@ -3058,24 +3077,24 @@ drbg(char *reqfn)
fputs(buf2, rngresp);
fputc('\n', rngresp);
}
-
+
memset(additionalInput, 0, additionalInputLen);
break;
-
+
case RESEED:
if (entropyInput || additionalInput) {
if (debug) {
- fputs("# PRNGTEST_Reseed(",rngresp);
- fprintf(rngresp,",%d,", return_bytes_len);
- to_hex_str(buf2,entropyInput, entropyInputLen);
- fputs(buf2,rngresp);
- fprintf(rngresp,",%d,", entropyInputLen);
- to_hex_str(buf2,additionalInput, additionalInputLen);
- fputs(buf2,rngresp);
- fprintf(rngresp,",%d)\n",additionalInputLen);
- }
+ fputs("# PRNGTEST_Reseed(", rngresp);
+ fprintf(rngresp, ",%d,", return_bytes_len);
+ to_hex_str(buf2, entropyInput, entropyInputLen);
+ fputs(buf2, rngresp);
+ fprintf(rngresp, ",%d,", entropyInputLen);
+ to_hex_str(buf2, additionalInput, additionalInputLen);
+ fputs(buf2, rngresp);
+ fprintf(rngresp, ",%d)\n", additionalInputLen);
+ }
rv = PRNGTEST_Reseed(entropyInput, entropyInputLen,
- additionalInput, additionalInputLen);
+ additionalInput, additionalInputLen);
if (rv != SECSuccess) {
goto loser;
}
@@ -3085,45 +3104,44 @@ drbg(char *reqfn)
break;
case NONE:
break;
-
- }
+ }
command = NONE;
-
+
/* a comment or blank line */
- if (buf[0] == '#' || buf[0] == '\n' || buf[0] == '\r' ) {
+ if (buf[0] == '#' || buf[0] == '\n' || buf[0] == '\r') {
fputs(buf, rngresp);
continue;
}
-
+
/* [Hash - SHA256] */
if (strncmp(buf, "[SHA-256]", 9) == 0) {
fputs(buf, rngresp);
continue;
}
-
- if (strncmp(buf, "[PredictionResistance", 21) == 0) {
+
+ if (strncmp(buf, "[PredictionResistance", 21) == 0) {
#ifdef HANDLE_PREDICTION_RESISTANCE
i = 21;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
- }
+ }
if (strncmp(buf, "False", 5) == 0) {
predictionResistance = PR_FALSE;
} else {
predictionResistance = PR_TRUE;
}
#endif
-
+
fputs(buf, rngresp);
continue;
}
- if (strncmp(buf, "[ReturnedBitsLen", 16) == 0) {
+ if (strncmp(buf, "[ReturnedBitsLen", 16) == 0) {
if (return_bytes) {
PORT_ZFree(return_bytes, return_bytes_len);
return_bytes = NULL;
}
- if (predictedreturn_bytes) {
+ if (predictedreturn_bytes) {
PORT_ZFree(predictedreturn_bytes, return_bytes_len);
predictedreturn_bytes = NULL;
}
@@ -3131,7 +3149,7 @@ drbg(char *reqfn)
if (sscanf(buf, "[ReturnedBitsLen = %d]", &return_bytes_len) != 1) {
goto loser;
}
- return_bytes_len = return_bytes_len/8;
+ return_bytes_len = return_bytes_len / 8;
if (return_bytes_len > 0) {
return_bytes = PORT_Alloc(return_bytes_len);
predictedreturn_bytes = PORT_Alloc(return_bytes_len);
@@ -3139,8 +3157,8 @@ drbg(char *reqfn)
fputs(buf, rngresp);
continue;
}
-
- if (strncmp(buf, "[EntropyInputLen", 16) == 0) {
+
+ if (strncmp(buf, "[EntropyInputLen", 16) == 0) {
if (entropyInput) {
PORT_ZFree(entropyInput, entropyInputLen);
entropyInput = NULL;
@@ -3149,39 +3167,39 @@ drbg(char *reqfn)
if (sscanf(buf, "[EntropyInputLen = %d]", &entropyInputLen) != 1) {
goto loser;
}
- entropyInputLen = entropyInputLen/8;
+ entropyInputLen = entropyInputLen / 8;
if (entropyInputLen > 0) {
entropyInput = PORT_Alloc(entropyInputLen);
}
fputs(buf, rngresp);
continue;
}
-
- if (strncmp(buf, "[NonceLen", 9) == 0) {
+
+ if (strncmp(buf, "[NonceLen", 9) == 0) {
if (nonce) {
PORT_ZFree(nonce, nonceLen);
nonce = NULL;
nonceLen = 0;
}
-
+
if (sscanf(buf, "[NonceLen = %d]", &nonceLen) != 1) {
goto loser;
}
- nonceLen = nonceLen/8;
+ nonceLen = nonceLen / 8;
if (nonceLen > 0) {
nonce = PORT_Alloc(nonceLen);
- }
+ }
fputs(buf, rngresp);
continue;
}
-
- if (strncmp(buf, "[PersonalizationStringLen", 16) == 0) {
+
+ if (strncmp(buf, "[PersonalizationStringLen", 16) == 0) {
if (personalizationString) {
PORT_ZFree(personalizationString, personalizationStringLen);
personalizationString = NULL;
personalizationStringLen = 0;
}
-
+
if (sscanf(buf, "[PersonalizationStringLen = %d]", &personalizationStringLen) != 1) {
goto loser;
}
@@ -3190,35 +3208,35 @@ drbg(char *reqfn)
personalizationString = PORT_Alloc(personalizationStringLen);
}
fputs(buf, rngresp);
-
+
continue;
}
-
- if (strncmp(buf, "[AdditionalInputLen", 16) == 0) {
+
+ if (strncmp(buf, "[AdditionalInputLen", 16) == 0) {
if (additionalInput) {
PORT_ZFree(additionalInput, additionalInputLen);
additionalInput = NULL;
additionalInputLen = 0;
}
-
+
if (sscanf(buf, "[AdditionalInputLen = %d]", &additionalInputLen) != 1) {
goto loser;
}
- additionalInputLen = additionalInputLen/8;
+ additionalInputLen = additionalInputLen / 8;
if (additionalInputLen > 0) {
additionalInput = PORT_Alloc(additionalInputLen);
}
fputs(buf, rngresp);
continue;
}
-
+
if (strncmp(buf, "COUNT", 5) == 0) {
/* zeroize the variables for the test with this data set */
if (entropyInput) {
memset(entropyInput, 0, entropyInputLen);
}
if (nonce) {
- memset(nonce, 0, nonceLen);
+ memset(nonce, 0, nonceLen);
}
if (personalizationString) {
memset(personalizationString, 0, personalizationStringLen);
@@ -3227,11 +3245,11 @@ drbg(char *reqfn)
memset(additionalInput, 0, additionalInputLen);
}
genResult = PR_FALSE;
-
+
fputs(buf, rngresp);
continue;
}
-
+
/* EntropyInputReseed = ... */
if (strncmp(buf, "EntropyInputReseed", 18) == 0) {
if (entropyInput) {
@@ -3239,16 +3257,16 @@ drbg(char *reqfn)
i = 18;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
- }
-
- for (j=0; isxdigit(buf[i]); i+=2,j++) { /*j<entropyInputLen*/
+ }
+
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<entropyInputLen*/
hex_to_byteval(&buf[i], &entropyInput[j]);
- }
+ }
}
fputs(buf, rngresp);
continue;
}
-
+
/* AttionalInputReseed = ... */
if (strncmp(buf, "AdditionalInputReseed", 21) == 0) {
if (additionalInput) {
@@ -3257,41 +3275,41 @@ drbg(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) { /*j<additionalInputLen*/
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<additionalInputLen*/
hex_to_byteval(&buf[i], &additionalInput[j]);
- }
+ }
}
command = RESEED;
fputs(buf, rngresp);
continue;
}
-
+
/* Entropy input = ... */
if (strncmp(buf, "EntropyInput", 12) == 0) {
i = 12;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) { /*j<entropyInputLen*/
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<entropyInputLen*/
hex_to_byteval(&buf[i], &entropyInput[j]);
- }
+ }
fputs(buf, rngresp);
continue;
}
-
+
/* nouce = ... */
if (strncmp(buf, "Nonce", 5) == 0) {
i = 5;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) { /*j<nonceLen*/
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<nonceLen*/
hex_to_byteval(&buf[i], &nonce[j]);
- }
+ }
fputs(buf, rngresp);
continue;
}
-
+
/* Personalization string = ... */
if (strncmp(buf, "PersonalizationString", 21) == 0) {
if (personalizationString) {
@@ -3299,7 +3317,7 @@ drbg(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) { /*j<personalizationStringLen*/
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<personalizationStringLen*/
hex_to_byteval(&buf[i], &personalizationString[j]);
}
}
@@ -3307,7 +3325,7 @@ drbg(char *reqfn)
command = INSTANTIATE;
continue;
}
-
+
/* Additional input = ... */
if (strncmp(buf, "AdditionalInput", 15) == 0) {
if (additionalInput) {
@@ -3315,9 +3333,9 @@ drbg(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) { /*j<additionalInputLen*/
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<additionalInputLen*/
hex_to_byteval(&buf[i], &additionalInput[j]);
- }
+ }
}
if (genResult) {
command = RESULT;
@@ -3328,41 +3346,41 @@ drbg(char *reqfn)
fputs(buf, rngresp);
continue;
}
-
+
/* Returned bits = ... */
if (strncmp(buf, "ReturnedBits", 12) == 0) {
i = 12;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) { /*j<additionalInputLen*/
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<additionalInputLen*/
hex_to_byteval(&buf[i], &predictedreturn_bytes[j]);
- }
+ }
- if (memcmp(return_bytes,
+ if (memcmp(return_bytes,
predictedreturn_bytes, return_bytes_len) != 0) {
if (debug) {
- fprintf(rngresp, "# Generate failed:\n");
- fputs( "# predicted=", rngresp);
- to_hex_str(buf, predictedreturn_bytes,
- return_bytes_len);
- fputs(buf, rngresp);
- fputs("\n# actual = ", rngresp);
- fputs(buf2, rngresp);
- fputc('\n', rngresp);
+ fprintf(rngresp, "# Generate failed:\n");
+ fputs("# predicted=", rngresp);
+ to_hex_str(buf, predictedreturn_bytes,
+ return_bytes_len);
+ fputs(buf, rngresp);
+ fputs("\n# actual = ", rngresp);
+ fputs(buf2, rngresp);
+ fputc('\n', rngresp);
} else {
- fprintf(stderr, "Generate failed:\n");
- fputs( " predicted=", stderr);
- to_hex_str(buf, predictedreturn_bytes,
- return_bytes_len);
- fputs(buf, stderr);
- fputs("\n actual = ", stderr);
- fputs(buf2, stderr);
- fputc('\n', stderr);
+ fprintf(stderr, "Generate failed:\n");
+ fputs(" predicted=", stderr);
+ to_hex_str(buf, predictedreturn_bytes,
+ return_bytes_len);
+ fputs(buf, stderr);
+ fputs("\n actual = ", stderr);
+ fputs(buf2, stderr);
+ fputc('\n', stderr);
}
}
- memset(predictedreturn_bytes, 0 , return_bytes_len);
+ memset(predictedreturn_bytes, 0, return_bytes_len);
continue;
}
@@ -3402,18 +3420,18 @@ loser:
void
rng_vst(char *reqfn)
{
- char buf[256]; /* holds one line from the input REQUEST file.
+ char buf[256]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "XSeed = <128 hex digits>\n".
*/
- FILE *rngreq; /* input stream from the REQUEST file */
- FILE *rngresp; /* output stream to the RESPONSE file */
+ FILE *rngreq; /* input stream from the REQUEST file */
+ FILE *rngresp; /* output stream to the RESPONSE file */
unsigned int i, j;
unsigned char Q[DSA1_SUBPRIME_LEN];
PRBool hasQ = PR_FALSE;
- unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */
- unsigned char XKey[512/8];
- unsigned char XSeed[512/8];
+ unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */
+ unsigned char XKey[512 / 8];
+ unsigned char XSeed[512 / 8];
unsigned char GENX[DSA1_SIGNATURE_LEN];
unsigned char DSAX[DSA1_SUBPRIME_LEN];
SECStatus rv;
@@ -3437,7 +3455,7 @@ rng_vst(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<sizeof Q; i+=2,j++) {
+ for (j = 0; j < sizeof Q; i += 2, j++) {
hex_to_byteval(&buf[i], &Q[j]);
}
fputs(buf, rngresp);
@@ -3460,7 +3478,7 @@ rng_vst(char *reqfn)
i++;
}
b = atoi(&buf[i]);
- if (b < 160 || b > 512 || b%8 != 0) {
+ if (b < 160 || b > 512 || b % 8 != 0) {
goto loser;
}
fputs(buf, rngresp);
@@ -3472,7 +3490,7 @@ rng_vst(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<b/8; i+=2,j++) {
+ for (j = 0; j < b / 8; i += 2, j++) {
hex_to_byteval(&buf[i], &XKey[j]);
}
fputs(buf, rngresp);
@@ -3484,7 +3502,7 @@ rng_vst(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<b/8; i+=2,j++) {
+ for (j = 0; j < b / 8; i += 2, j++) {
hex_to_byteval(&buf[i], &XSeed[j]);
}
fputs(buf, rngresp);
@@ -3525,130 +3543,131 @@ loser:
void
rng_mct(char *reqfn)
{
- char buf[256]; /* holds one line from the input REQUEST file.
+ char buf[256]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "XSeed = <128 hex digits>\n".
*/
- FILE *rngreq; /* input stream from the REQUEST file */
- FILE *rngresp; /* output stream to the RESPONSE file */
+ FILE *rngreq; /* input stream from the REQUEST file */
+ FILE *rngresp; /* output stream to the RESPONSE file */
unsigned int i, j;
unsigned char Q[DSA1_SUBPRIME_LEN];
PRBool hasQ = PR_FALSE;
- unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */
- unsigned char XKey[512/8];
- unsigned char XSeed[512/8];
- unsigned char GENX[2*SHA1_LENGTH];
+ unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */
+ unsigned char XKey[512 / 8];
+ unsigned char XSeed[512 / 8];
+ unsigned char GENX[2 * SHA1_LENGTH];
unsigned char DSAX[DSA1_SUBPRIME_LEN];
SECStatus rv;
rngreq = fopen(reqfn, "r");
rngresp = stdout;
while (fgets(buf, sizeof buf, rngreq) != NULL) {
- /* a comment or blank line */
- if (buf[0] == '#' || buf[0] == '\n') {
- fputs(buf, rngresp);
- continue;
- }
- /* [Xchange - SHA1] */
- if (buf[0] == '[') {
- fputs(buf, rngresp);
- continue;
- }
- /* Q = ... */
- if (buf[0] == 'Q') {
- i = 1;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- for (j=0; j<sizeof Q; i+=2,j++) {
- hex_to_byteval(&buf[i], &Q[j]);
- }
- fputs(buf, rngresp);
- hasQ = PR_TRUE;
- continue;
- }
- /* "COUNT = x" begins a new data set */
- if (strncmp(buf, "COUNT", 5) == 0) {
- /* zeroize the variables for the test with this data set */
- b = 0;
- memset(XKey, 0, sizeof XKey);
- memset(XSeed, 0, sizeof XSeed);
- fputs(buf, rngresp);
- continue;
- }
- /* b = ... */
- if (buf[0] == 'b') {
- i = 1;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- b = atoi(&buf[i]);
- if (b < 160 || b > 512 || b%8 != 0) {
- goto loser;
- }
- fputs(buf, rngresp);
- continue;
- }
- /* XKey = ... */
- if (strncmp(buf, "XKey", 4) == 0) {
- i = 4;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- for (j=0; j<b/8; i+=2,j++) {
- hex_to_byteval(&buf[i], &XKey[j]);
- }
- fputs(buf, rngresp);
- continue;
- }
- /* XSeed = ... */
- if (strncmp(buf, "XSeed", 5) == 0) {
- unsigned int k;
- i = 5;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- for (j=0; j<b/8; i+=2,j++) {
- hex_to_byteval(&buf[i], &XSeed[j]);
- }
- fputs(buf, rngresp);
-
- for (k = 0; k < 10000; k++) {
- rv = FIPS186Change_GenerateX(XKey, XSeed, GENX);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- fputs("X = ", rngresp);
- if (hasQ) {
- rv = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
- if (rv != SECSuccess) {
- goto loser;
- }
- to_hex_str(buf, DSAX, sizeof DSAX);
- } else {
- to_hex_str(buf, GENX, sizeof GENX);
- }
- fputs(buf, rngresp);
- fputc('\n', rngresp);
- continue;
- }
+ /* a comment or blank line */
+ if (buf[0] == '#' || buf[0] == '\n') {
+ fputs(buf, rngresp);
+ continue;
+ }
+ /* [Xchange - SHA1] */
+ if (buf[0] == '[') {
+ fputs(buf, rngresp);
+ continue;
+ }
+ /* Q = ... */
+ if (buf[0] == 'Q') {
+ i = 1;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ for (j = 0; j < sizeof Q; i += 2, j++) {
+ hex_to_byteval(&buf[i], &Q[j]);
+ }
+ fputs(buf, rngresp);
+ hasQ = PR_TRUE;
+ continue;
+ }
+ /* "COUNT = x" begins a new data set */
+ if (strncmp(buf, "COUNT", 5) == 0) {
+ /* zeroize the variables for the test with this data set */
+ b = 0;
+ memset(XKey, 0, sizeof XKey);
+ memset(XSeed, 0, sizeof XSeed);
+ fputs(buf, rngresp);
+ continue;
+ }
+ /* b = ... */
+ if (buf[0] == 'b') {
+ i = 1;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ b = atoi(&buf[i]);
+ if (b < 160 || b > 512 || b % 8 != 0) {
+ goto loser;
+ }
+ fputs(buf, rngresp);
+ continue;
+ }
+ /* XKey = ... */
+ if (strncmp(buf, "XKey", 4) == 0) {
+ i = 4;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ for (j = 0; j < b / 8; i += 2, j++) {
+ hex_to_byteval(&buf[i], &XKey[j]);
+ }
+ fputs(buf, rngresp);
+ continue;
+ }
+ /* XSeed = ... */
+ if (strncmp(buf, "XSeed", 5) == 0) {
+ unsigned int k;
+ i = 5;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ for (j = 0; j < b / 8; i += 2, j++) {
+ hex_to_byteval(&buf[i], &XSeed[j]);
+ }
+ fputs(buf, rngresp);
+
+ for (k = 0; k < 10000; k++) {
+ rv = FIPS186Change_GenerateX(XKey, XSeed, GENX);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ }
+ fputs("X = ", rngresp);
+ if (hasQ) {
+ rv = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ to_hex_str(buf, DSAX, sizeof DSAX);
+ } else {
+ to_hex_str(buf, GENX, sizeof GENX);
+ }
+ fputs(buf, rngresp);
+ fputc('\n', rngresp);
+ continue;
+ }
}
loser:
fclose(rngreq);
}
/*
- * Calculate the SHA Message Digest
+ * Calculate the SHA Message Digest
*
- * MD = Message digest
+ * MD = Message digest
* MDLen = length of Message Digest and SHA_Type
- * msg = message to digest
+ * msg = message to digest
* msgLen = length of message to digest
*/
-SECStatus sha_calcMD(unsigned char *MD, unsigned int MDLen, unsigned char *msg, unsigned int msgLen)
-{
- HASH_HashType hashType = sha_get_hashType(MDLen*PR_BITS_PER_BYTE);
+SECStatus
+sha_calcMD(unsigned char *MD, unsigned int MDLen, unsigned char *msg, unsigned int msgLen)
+{
+ HASH_HashType hashType = sha_get_hashType(MDLen * PR_BITS_PER_BYTE);
return fips_hashBuf(hashType, MD, msg, msgLen);
}
@@ -3658,33 +3677,34 @@ SECStatus sha_calcMD(unsigned char *MD, unsigned int MDLen, unsigned char *msg,
*
* MDLen = length of Message Digest and SHA_Type
* seed = input seed value
- * resp = is the output response file.
+ * resp = is the output response file.
*/
-SECStatus sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp)
+SECStatus
+sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp)
{
int i, j;
- unsigned int msgLen = MDLen*3;
- unsigned char MD_i3[HASH_LENGTH_MAX]; /* MD[i-3] */
- unsigned char MD_i2[HASH_LENGTH_MAX]; /* MD[i-2] */
- unsigned char MD_i1[HASH_LENGTH_MAX]; /* MD[i-1] */
- unsigned char MD_i[HASH_LENGTH_MAX]; /* MD[i] */
- unsigned char msg[HASH_LENGTH_MAX*3];
- char buf[HASH_LENGTH_MAX*2 + 1]; /* MAX buf MD_i as a hex string */
-
- for (j=0; j<100; j++) {
+ unsigned int msgLen = MDLen * 3;
+ unsigned char MD_i3[HASH_LENGTH_MAX]; /* MD[i-3] */
+ unsigned char MD_i2[HASH_LENGTH_MAX]; /* MD[i-2] */
+ unsigned char MD_i1[HASH_LENGTH_MAX]; /* MD[i-1] */
+ unsigned char MD_i[HASH_LENGTH_MAX]; /* MD[i] */
+ unsigned char msg[HASH_LENGTH_MAX * 3];
+ char buf[HASH_LENGTH_MAX * 2 + 1]; /* MAX buf MD_i as a hex string */
+
+ for (j = 0; j < 100; j++) {
/* MD_0 = MD_1 = MD_2 = seed */
memcpy(MD_i3, seed, MDLen);
memcpy(MD_i2, seed, MDLen);
memcpy(MD_i1, seed, MDLen);
- for (i=3; i < 1003; i++) {
+ for (i = 3; i < 1003; i++) {
/* Mi = MD[i-3] || MD [i-2] || MD [i-1] */
memcpy(msg, MD_i3, MDLen);
memcpy(&msg[MDLen], MD_i2, MDLen);
- memcpy(&msg[MDLen*2], MD_i1,MDLen);
+ memcpy(&msg[MDLen * 2], MD_i1, MDLen);
/* MDi = SHA(Msg) */
- if (sha_calcMD(MD_i, MDLen,
+ if (sha_calcMD(MD_i, MDLen,
msg, msgLen) != SECSuccess) {
return SECFailure;
}
@@ -3693,7 +3713,6 @@ SECStatus sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp)
memcpy(MD_i3, MD_i2, MDLen);
memcpy(MD_i2, MD_i1, MDLen);
memcpy(MD_i1, MD_i, MDLen);
-
}
/* seed = MD_i */
@@ -3719,24 +3738,25 @@ SECStatus sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp)
*
* The output RESPONSE file is written to stdout.
*/
-void sha_test(char *reqfn)
+void
+sha_test(char *reqfn)
{
unsigned int i, j;
- unsigned int MDlen = 0; /* the length of the Message Digest in Bytes */
- unsigned int msgLen = 0; /* the length of the input Message in Bytes */
- unsigned char *msg = NULL; /* holds the message to digest.*/
- size_t bufSize = 256*128; /*MAX buffer size */
- char *buf = NULL; /* holds one line from the input REQUEST file.*/
- unsigned char seed[HASH_LENGTH_MAX]; /* max size of seed 64 bytes */
- unsigned char MD[HASH_LENGTH_MAX]; /* message digest */
+ unsigned int MDlen = 0; /* the length of the Message Digest in Bytes */
+ unsigned int msgLen = 0; /* the length of the input Message in Bytes */
+ unsigned char *msg = NULL; /* holds the message to digest.*/
+ size_t bufSize = 256 * 128; /*MAX buffer size */
+ char *buf = NULL; /* holds one line from the input REQUEST file.*/
+ unsigned char seed[HASH_LENGTH_MAX]; /* max size of seed 64 bytes */
+ unsigned char MD[HASH_LENGTH_MAX]; /* message digest */
- FILE *req = NULL; /* input stream from the REQUEST file */
- FILE *resp; /* output stream to the RESPONSE file */
+ FILE *req = NULL; /* input stream from the REQUEST file */
+ FILE *resp; /* output stream to the RESPONSE file */
buf = PORT_ZAlloc(bufSize);
if (buf == NULL) {
goto loser;
- }
+ }
/* zeroize the variables for the test with this data set */
memset(seed, 0, sizeof seed);
@@ -3769,21 +3789,21 @@ void sha_test(char *reqfn)
i++;
}
if (msg) {
- PORT_ZFree(msg,msgLen);
+ PORT_ZFree(msg, msgLen);
msg = NULL;
}
msgLen = atoi(&buf[i]); /* in bits */
- if (msgLen%8 != 0) {
+ if (msgLen % 8 != 0) {
fprintf(stderr, "SHA tests are incorrectly configured for "
- "BIT oriented implementations\n");
+ "BIT oriented implementations\n");
goto loser;
}
- msgLen = msgLen/8; /* convert to bytes */
+ msgLen = msgLen / 8; /* convert to bytes */
fputs(buf, resp);
msg = PORT_ZAlloc(msgLen);
if (msg == NULL && msgLen != 0) {
goto loser;
- }
+ }
continue;
}
/* MSG = ... */
@@ -3792,23 +3812,23 @@ void sha_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j< msgLen; i+=2,j++) {
+ for (j = 0; j < msgLen; i += 2, j++) {
hex_to_byteval(&buf[i], &msg[j]);
}
- fputs(buf, resp);
- /* calculate the Message Digest */
- memset(MD, 0, sizeof MD);
- if (sha_calcMD(MD, MDlen,
- msg, msgLen) != SECSuccess) {
- goto loser;
- }
+ fputs(buf, resp);
+ /* calculate the Message Digest */
+ memset(MD, 0, sizeof MD);
+ if (sha_calcMD(MD, MDlen,
+ msg, msgLen) != SECSuccess) {
+ goto loser;
+ }
- fputs("MD = ", resp);
- to_hex_str(buf, MD, MDlen);
- fputs(buf, resp);
- fputc('\n', resp);
+ fputs("MD = ", resp);
+ to_hex_str(buf, MD, MDlen);
+ fputs(buf, resp);
+ fputc('\n', resp);
- continue;
+ continue;
}
/* Seed = ... */
if (strncmp(buf, "Seed", 4) == 0) {
@@ -3816,16 +3836,16 @@ void sha_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<sizeof seed; i+=2,j++) {
+ for (j = 0; j < sizeof seed; i += 2, j++) {
hex_to_byteval(&buf[i], &seed[j]);
- }
+ }
fputs(buf, resp);
fputc('\n', resp);
/* do the Monte Carlo test */
if (sha_mct_test(MDlen, seed, resp) != SECSuccess) {
- goto loser;
+ goto loser;
}
continue;
@@ -3834,7 +3854,7 @@ void sha_test(char *reqfn)
loser:
if (req) {
fclose(req);
- }
+ }
if (buf) {
PORT_ZFree(buf, bufSize);
}
@@ -3859,33 +3879,33 @@ hmac_calc(unsigned char *hmac_computed,
const unsigned int secret_key_length,
const unsigned char *message,
const unsigned int message_length,
- const HASH_HashType hashAlg )
+ const HASH_HashType hashAlg)
{
SECStatus hmac_status = SECFailure;
HMACContext *cx = NULL;
SECHashObject *hashObj = NULL;
unsigned int bytes_hashed = 0;
- hashObj = (SECHashObject *) HASH_GetRawHashObject(hashAlg);
-
- if (!hashObj)
- return( SECFailure );
+ hashObj = (SECHashObject *)HASH_GetRawHashObject(hashAlg);
+
+ if (!hashObj)
+ return (SECFailure);
- cx = HMAC_Create(hashObj, secret_key,
- secret_key_length,
- PR_TRUE); /* PR_TRUE for in FIPS mode */
+ cx = HMAC_Create(hashObj, secret_key,
+ secret_key_length,
+ PR_TRUE); /* PR_TRUE for in FIPS mode */
- if (cx == NULL)
- return( SECFailure );
+ if (cx == NULL)
+ return (SECFailure);
HMAC_Begin(cx);
HMAC_Update(cx, message, message_length);
- hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
+ hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
hmac_length);
HMAC_Destroy(cx, PR_TRUE);
- return( hmac_status );
+ return (hmac_status);
}
/*
@@ -3895,36 +3915,36 @@ hmac_calc(unsigned char *hmac_computed,
*
* The output RESPONSE file is written to stdout.
*/
-void hmac_test(char *reqfn)
+void
+hmac_test(char *reqfn)
{
unsigned int i, j;
- size_t bufSize = 400; /* MAX buffer size */
- char *buf = NULL; /* holds one line from the input REQUEST file.*/
- unsigned int keyLen = 0; /* Key Length */
- unsigned char key[200]; /* key MAX size = 184 */
- unsigned int msgLen = 128; /* the length of the input */
- /* Message is always 128 Bytes */
- unsigned char *msg = NULL; /* holds the message to digest.*/
- unsigned int HMACLen = 0; /* the length of the HMAC Bytes */
- unsigned int TLen = 0; /* the length of the requested */
- /* truncated HMAC Bytes */
- unsigned char HMAC[HASH_LENGTH_MAX]; /* computed HMAC */
- unsigned char expectedHMAC[HASH_LENGTH_MAX]; /* for .fax files that have */
+ size_t bufSize = 400; /* MAX buffer size */
+ char *buf = NULL; /* holds one line from the input REQUEST file.*/
+ unsigned int keyLen = 0; /* Key Length */
+ unsigned char key[200]; /* key MAX size = 184 */
+ unsigned int msgLen = 128; /* the length of the input */
+ /* Message is always 128 Bytes */
+ unsigned char *msg = NULL; /* holds the message to digest.*/
+ unsigned int HMACLen = 0; /* the length of the HMAC Bytes */
+ unsigned int TLen = 0; /* the length of the requested */
+ /* truncated HMAC Bytes */
+ unsigned char HMAC[HASH_LENGTH_MAX]; /* computed HMAC */
+ unsigned char expectedHMAC[HASH_LENGTH_MAX]; /* for .fax files that have */
/* supplied known answer */
HASH_HashType hash_alg = HASH_AlgNULL; /* HMAC type */
-
- FILE *req = NULL; /* input stream from the REQUEST file */
- FILE *resp; /* output stream to the RESPONSE file */
+ FILE *req = NULL; /* input stream from the REQUEST file */
+ FILE *resp; /* output stream to the RESPONSE file */
buf = PORT_ZAlloc(bufSize);
if (buf == NULL) {
goto loser;
- }
+ }
msg = PORT_ZAlloc(msgLen);
if (msg == NULL) {
goto loser;
- }
+ }
req = fopen(reqfn, "r");
resp = stdout;
@@ -3935,17 +3955,17 @@ void hmac_test(char *reqfn)
i++;
}
memset(expectedHMAC, 0, HASH_LENGTH_MAX);
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &expectedHMAC[j]);
}
if (memcmp(HMAC, expectedHMAC, TLen) != 0) {
fprintf(stderr, "Generate failed:\n");
- fputs( " expected=", stderr);
- to_hex_str(buf, expectedHMAC,
+ fputs(" expected=", stderr);
+ to_hex_str(buf, expectedHMAC,
TLen);
fputs(buf, stderr);
fputs("\n generated=", stderr);
- to_hex_str(buf, HMAC,
+ to_hex_str(buf, HMAC,
TLen);
fputs(buf, stderr);
fputc('\n', stderr);
@@ -3966,22 +3986,22 @@ void hmac_test(char *reqfn)
}
/* HMACLen will get reused for Tlen */
HMACLen = atoi(&buf[i]);
- hash_alg = sha_get_hashType(HMACLen*PR_BITS_PER_BYTE);
- if (hash_alg == HASH_AlgNULL) {
- goto loser;
- }
+ hash_alg = sha_get_hashType(HMACLen * PR_BITS_PER_BYTE);
+ if (hash_alg == HASH_AlgNULL) {
+ goto loser;
+ }
fputs(buf, resp);
continue;
}
}
/* Count = test iteration number*/
- if (strncmp(buf, "Count ", 5) == 0) {
+ if (strncmp(buf, "Count ", 5) == 0) {
/* count can just be put into resp file */
fputs(buf, resp);
/* zeroize the variables for the test with this data set */
- keyLen = 0;
+ keyLen = 0;
TLen = 0;
- memset(key, 0, sizeof key);
+ memset(key, 0, sizeof key);
memset(msg, 0, msgLen);
memset(HMAC, 0, sizeof HMAC);
continue;
@@ -4002,10 +4022,10 @@ void hmac_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j< keyLen; i+=2,j++) {
+ for (j = 0; j < keyLen; i += 2, j++) {
hex_to_byteval(&buf[i], &key[j]);
}
- fputs(buf, resp);
+ fputs(buf, resp);
}
/* TLen = Length of the calculated HMAC */
if (strncmp(buf, "Tlen", 4) == 0) {
@@ -4023,20 +4043,20 @@ void hmac_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j< msgLen; i+=2,j++) {
+ for (j = 0; j < msgLen; i += 2, j++) {
hex_to_byteval(&buf[i], &msg[j]);
}
- fputs(buf, resp);
- /* calculate the HMAC and output */
- if (hmac_calc(HMAC, HMACLen, key, keyLen,
- msg, msgLen, hash_alg) != SECSuccess) {
- goto loser;
- }
- fputs("Mac = ", resp);
- to_hex_str(buf, HMAC, TLen);
- fputs(buf, resp);
- fputc('\n', resp);
- continue;
+ fputs(buf, resp);
+ /* calculate the HMAC and output */
+ if (hmac_calc(HMAC, HMACLen, key, keyLen,
+ msg, msgLen, hash_alg) != SECSuccess) {
+ goto loser;
+ }
+ fputs("Mac = ", resp);
+ to_hex_str(buf, HMAC, TLen);
+ fputs(buf, resp);
+ fputc('\n', resp);
+ continue;
}
}
loser:
@@ -4061,12 +4081,12 @@ loser:
void
dsa_keypair_test(char *reqfn)
{
- char buf[800]; /* holds one line from the input REQUEST file
+ char buf[800]; /* holds one line from the input REQUEST file
* or to the output RESPONSE file.
* 800 to hold (384 public key (x2 for HEX) + 1'\n'
*/
- FILE *dsareq; /* input stream from the REQUEST file */
- FILE *dsaresp; /* output stream to the RESPONSE file */
+ FILE *dsareq; /* input stream from the REQUEST file */
+ FILE *dsaresp; /* output stream to the RESPONSE file */
int count;
int N;
int L;
@@ -4074,7 +4094,7 @@ dsa_keypair_test(char *reqfn)
PQGParams *pqg = NULL;
PQGVerify *vfy = NULL;
PRBool use_dsa1 = PR_FALSE;
- int keySizeIndex; /* index for valid key sizes */
+ int keySizeIndex; /* index for valid key sizes */
dsareq = fopen(reqfn, "r");
dsaresp = stdout;
@@ -4087,11 +4107,11 @@ dsa_keypair_test(char *reqfn)
/* [Mod = x] */
if (buf[0] == '[') {
- if(pqg!=NULL) {
+ if (pqg != NULL) {
PQG_DestroyParams(pqg);
pqg = NULL;
}
- if(vfy!=NULL) {
+ if (vfy != NULL) {
PQG_DestroyVerify(vfy);
vfy = NULL;
}
@@ -4107,28 +4127,29 @@ dsa_keypair_test(char *reqfn)
if (use_dsa1) {
/*************************************************************
- * PQG_ParamGenSeedLen doesn't take a key size, it takes an
+ * PQG_ParamGenSeedLen doesn't take a key size, it takes an
* index that points to a valid key size.
*/
keySizeIndex = PQG_PBITS_TO_INDEX(L);
- if(keySizeIndex == -1 || L<512 || L>1024) {
- fprintf(dsaresp,
- "DSA key size must be a multiple of 64 between 512 "
- "and 1024, inclusive");
+ if (keySizeIndex == -1 || L < 512 || L > 1024) {
+ fprintf(dsaresp,
+ "DSA key size must be a multiple of 64 between 512 "
+ "and 1024, inclusive");
goto loser;
}
/* Generate the parameters P, Q, and G */
if (PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES,
- &pqg, &vfy) != SECSuccess) {
- fprintf(dsaresp,
- "ERROR: Unable to generate PQG parameters");
+ &pqg, &vfy) !=
+ SECSuccess) {
+ fprintf(dsaresp,
+ "ERROR: Unable to generate PQG parameters");
goto loser;
}
} else {
if (PQG_ParamGenV2(L, N, N, &pqg, &vfy) != SECSuccess) {
- fprintf(dsaresp,
- "ERROR: Unable to generate PQG parameters");
+ fprintf(dsaresp,
+ "ERROR: Unable to generate PQG parameters");
goto loser;
}
}
@@ -4166,7 +4187,6 @@ dsa_keypair_test(char *reqfn)
}
continue;
}
-
}
loser:
fclose(dsareq);
@@ -4176,14 +4196,14 @@ loser:
* pqg generation type
*/
typedef enum {
- FIPS186_1,/* Generate/Verify P,Q & G according to FIPS 186-1 */
- A_1_2_1, /* Generate Provable P & Q */
- A_1_1_3, /* Verify Probable P & Q */
- A_1_2_2, /* Verify Provable P & Q */
- A_2_1, /* Generate Unverifiable G */
- A_2_2, /* Assure Unverifiable G */
- A_2_3, /* Generate Verifiable G */
- A_2_4 /* Verify Verifiable G */
+ FIPS186_1, /* Generate/Verify P,Q & G according to FIPS 186-1 */
+ A_1_2_1, /* Generate Provable P & Q */
+ A_1_1_3, /* Verify Probable P & Q */
+ A_1_2_2, /* Verify Provable P & Q */
+ A_2_1, /* Generate Unverifiable G */
+ A_2_2, /* Assure Unverifiable G */
+ A_2_3, /* Generate Verifiable G */
+ A_2_4 /* Verify Verifiable G */
} dsa_pqg_type;
/*
@@ -4196,18 +4216,18 @@ typedef enum {
void
dsa_pqgver_test(char *reqfn)
{
- char buf[800]; /* holds one line from the input REQUEST file
+ char buf[800]; /* holds one line from the input REQUEST file
* or to the output RESPONSE file.
* 800 to hold (384 public key (x2 for HEX) + P = ...
*/
- FILE *dsareq; /* input stream from the REQUEST file */
- FILE *dsaresp; /* output stream to the RESPONSE file */
+ FILE *dsareq; /* input stream from the REQUEST file */
+ FILE *dsaresp; /* output stream to the RESPONSE file */
int N;
int L;
unsigned int i, j;
PQGParams pqg;
PQGVerify vfy;
- unsigned int pghSize = 0; /* size for p, g, and h */
+ unsigned int pghSize = 0; /* size for p, g, and h */
dsa_pqg_type type = FIPS186_1;
dsareq = fopen(reqfn, "r");
@@ -4223,34 +4243,33 @@ dsa_pqgver_test(char *reqfn)
}
/* [A.xxxxx ] */
- if (buf[0] == '[' && buf[1] == 'A') {
+ if (buf[0] == '[' && buf[1] == 'A') {
- if (strncmp(&buf[1],"A.1.1.3",7) == 0) {
+ if (strncmp(&buf[1], "A.1.1.3", 7) == 0) {
type = A_1_1_3;
- } else if (strncmp(&buf[1],"A.2.2",5) == 0) {
+ } else if (strncmp(&buf[1], "A.2.2", 5) == 0) {
type = A_2_2;
- } else if (strncmp(&buf[1],"A.2.4",5) == 0) {
+ } else if (strncmp(&buf[1], "A.2.4", 5) == 0) {
type = A_2_4;
- } else if (strncmp(&buf[1],"A.1.2.2",7) == 0) {
+ } else if (strncmp(&buf[1], "A.1.2.2", 7) == 0) {
type = A_1_2_2;
- /* validate our output from PQGGEN */
- } else if (strncmp(&buf[1],"A.1.1.2",7) == 0) {
+ /* validate our output from PQGGEN */
+ } else if (strncmp(&buf[1], "A.1.1.2", 7) == 0) {
type = A_2_4; /* validate PQ and G together */
} else {
fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]);
exit(1);
}
-
+
fputs(buf, dsaresp);
continue;
}
-
/* [Mod = x] */
if (buf[0] == '[') {
if (type == FIPS186_1) {
- N=160;
+ N = 160;
if (sscanf(buf, "[mod = %d]", &L) != 1) {
goto loser;
}
@@ -4264,36 +4283,36 @@ dsa_pqgver_test(char *reqfn)
if (pqg.subPrime.data) { /* Q */
SECITEM_ZfreeItem(&pqg.subPrime, PR_FALSE);
}
- if (pqg.base.data) { /* G */
+ if (pqg.base.data) { /* G */
SECITEM_ZfreeItem(&pqg.base, PR_FALSE);
}
- if (vfy.seed.data) { /* seed */
+ if (vfy.seed.data) { /* seed */
SECITEM_ZfreeItem(&vfy.seed, PR_FALSE);
}
- if (vfy.h.data) { /* H */
+ if (vfy.h.data) { /* H */
SECITEM_ZfreeItem(&vfy.h, PR_FALSE);
}
fputs(buf, dsaresp);
/*calculate the size of p, g, and h then allocate items */
- pghSize = L/8;
+ pghSize = L / 8;
pqg.base.data = vfy.h.data = NULL;
vfy.seed.len = pqg.base.len = vfy.h.len = 0;
SECITEM_AllocItem(NULL, &pqg.prime, pghSize);
- SECITEM_AllocItem(NULL, &vfy.seed, pghSize*3);
+ SECITEM_AllocItem(NULL, &vfy.seed, pghSize * 3);
if (type == A_2_2) {
SECITEM_AllocItem(NULL, &vfy.h, pghSize);
- vfy.h.len = pghSize;
+ vfy.h.len = pghSize;
} else if (type == A_2_4) {
SECITEM_AllocItem(NULL, &vfy.h, 1);
- vfy.h.len = 1;
+ vfy.h.len = 1;
}
pqg.prime.len = pghSize;
/* q is always N bits */
- SECITEM_AllocItem(NULL, &pqg.subPrime, N/8);
- pqg.subPrime.len = N/8;
+ SECITEM_AllocItem(NULL, &pqg.subPrime, N / 8);
+ pqg.subPrime.len = N / 8;
vfy.counter = -1;
continue;
@@ -4304,7 +4323,7 @@ dsa_pqgver_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j< pqg.prime.len; i+=2,j++) {
+ for (j = 0; j < pqg.prime.len; i += 2, j++) {
hex_to_byteval(&buf[i], &pqg.prime.data[j]);
}
@@ -4318,7 +4337,7 @@ dsa_pqgver_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j< pqg.subPrime.len; i+=2,j++) {
+ for (j = 0; j < pqg.subPrime.len; i += 2, j++) {
hex_to_byteval(&buf[i], &pqg.subPrime.data[j]);
}
@@ -4336,7 +4355,7 @@ dsa_pqgver_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j< pqg.base.len; i+=2,j++) {
+ for (j = 0; j < pqg.base.len; i += 2, j++) {
hex_to_byteval(&buf[i], &pqg.base.data[j]);
}
@@ -4349,7 +4368,7 @@ dsa_pqgver_test(char *reqfn)
i = 4;
} else if (strncmp(buf, "domain_parameter_seed", 21) == 0) {
i = 21;
- } else if (strncmp(buf,"firstseed",9) == 0) {
+ } else if (strncmp(buf, "firstseed", 9) == 0) {
i = 9;
} else {
i = 0;
@@ -4358,7 +4377,7 @@ dsa_pqgver_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &vfy.seed.data[j]);
}
vfy.seed.len = j;
@@ -4380,14 +4399,13 @@ dsa_pqgver_test(char *reqfn)
}
continue;
}
- if ((strncmp(buf,"pseed",5) == 0) ||
- (strncmp(buf,"qseed",5) == 0))
- {
+ if ((strncmp(buf, "pseed", 5) == 0) ||
+ (strncmp(buf, "qseed", 5) == 0)) {
i = 5;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=vfy.seed.len; isxdigit(buf[i]); i+=2,j++) {
+ for (j = vfy.seed.len; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &vfy.seed.data[j]);
}
vfy.seed.len = j;
@@ -4396,7 +4414,7 @@ dsa_pqgver_test(char *reqfn)
continue;
}
if (strncmp(buf, "index", 4) == 0) {
- i=5;
+ i = 5;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
@@ -4406,8 +4424,8 @@ dsa_pqgver_test(char *reqfn)
}
/* c = ... or counter=*/
- if (buf[0] == 'c') {
- if (strncmp(buf,"counter", 7) == 0) {
+ if (buf[0] == 'c') {
+ if (strncmp(buf, "counter", 7) == 0) {
if (sscanf(buf, "counter = %u", &vfy.counter) != 1) {
goto loser;
}
@@ -4434,14 +4452,14 @@ dsa_pqgver_test(char *reqfn)
}
continue;
}
- if (strncmp(buf,"pgen_counter", 12) == 0) {
+ if (strncmp(buf, "pgen_counter", 12) == 0) {
if (sscanf(buf, "pgen_counter = %u", &vfy.counter) != 1) {
goto loser;
- }
+ }
fputs(buf, dsaresp);
continue;
}
- if (strncmp(buf,"qgen_counter", 12) == 0) {
+ if (strncmp(buf, "qgen_counter", 12) == 0) {
fputs(buf, dsaresp);
if (type == A_1_2_2) {
SECStatus result;
@@ -4456,7 +4474,7 @@ dsa_pqgver_test(char *reqfn)
fprintf(dsaresp, "Result = F\n");
}
fprintf(dsaresp, "\n");
- }
+ }
continue;
}
/* H = ... */
@@ -4467,14 +4485,14 @@ dsa_pqgver_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &vfy.h.data[j]);
}
vfy.h.len = j;
fputs(buf, dsaresp);
/* this should be a byte value. Remove the leading zeros. If
- * it doesn't reduce to a byte, PQG_VerifyParams will catch it
+ * it doesn't reduce to a byte, PQG_VerifyParams will catch it
if (type == A_2_2) {
data_save = vfy.h.data;
while(vfy.h.data[0] && (vfy.h.len > 1)) {
@@ -4505,16 +4523,15 @@ loser:
if (pqg.subPrime.data) { /* Q */
SECITEM_ZfreeItem(&pqg.subPrime, PR_FALSE);
}
- if (pqg.base.data) { /* G */
+ if (pqg.base.data) { /* G */
SECITEM_ZfreeItem(&pqg.base, PR_FALSE);
}
- if (vfy.seed.data) { /* seed */
+ if (vfy.seed.data) { /* seed */
SECITEM_ZfreeItem(&vfy.seed, PR_FALSE);
}
- if (vfy.h.data) { /* H */
+ if (vfy.h.data) { /* H */
SECITEM_ZfreeItem(&vfy.h, PR_FALSE);
}
-
}
/*
@@ -4527,13 +4544,13 @@ loser:
void
dsa_pqggen_test(char *reqfn)
{
- char buf[800]; /* holds one line from the input REQUEST file
+ char buf[800]; /* holds one line from the input REQUEST file
* or to the output RESPONSE file.
* 800 to hold seed = (384 public key (x2 for HEX)
*/
- FILE *dsareq; /* input stream from the REQUEST file */
- FILE *dsaresp; /* output stream to the RESPONSE file */
- int count; /* number of times to generate parameters */
+ FILE *dsareq; /* input stream from the REQUEST file */
+ FILE *dsaresp; /* output stream to the RESPONSE file */
+ int count; /* number of times to generate parameters */
int N;
int L;
int i;
@@ -4554,20 +4571,20 @@ dsa_pqggen_test(char *reqfn)
}
/* [A.xxxxx ] */
- if (buf[0] == '[' && buf[1] == 'A') {
- if (strncmp(&buf[1],"A.1.1.2",7) == 0) {
+ if (buf[0] == '[' && buf[1] == 'A') {
+ if (strncmp(&buf[1], "A.1.1.2", 7) == 0) {
fprintf(stderr, "NSS does Generate Probablistic Primes\n");
- exit(1);
- } else if (strncmp(&buf[1],"A.2.1",5) == 0) {
+ exit(1);
+ } else if (strncmp(&buf[1], "A.2.1", 5) == 0) {
type = A_1_2_1;
- output_g = 1;
+ output_g = 1;
exit(1);
- } else if (strncmp(&buf[1],"A.2.3",5) == 0) {
+ } else if (strncmp(&buf[1], "A.2.3", 5) == 0) {
fprintf(stderr, "NSS only Generates G with P&Q\n");
exit(1);
- } else if (strncmp(&buf[1],"A.1.2.1",7) == 0) {
+ } else if (strncmp(&buf[1], "A.1.2.1", 7) == 0) {
type = A_1_2_1;
- output_g = 0;
+ output_g = 0;
} else {
fprintf(stderr, "Unknown dsa pqggen test %s\n", &buf[1]);
exit(1);
@@ -4580,7 +4597,7 @@ dsa_pqggen_test(char *reqfn)
if (buf[0] == '[') {
if (type == FIPS186_1) {
- N=160;
+ N = 160;
if (sscanf(buf, "[mod = %d]", &L) != 1) {
goto loser;
}
@@ -4597,10 +4614,10 @@ dsa_pqggen_test(char *reqfn)
* index that points to a valid key size.
*/
keySizeIndex = PQG_PBITS_TO_INDEX(L);
- if(keySizeIndex == -1 || L<512 || L>1024) {
- fprintf(dsaresp,
- "DSA key size must be a multiple of 64 between 512 "
- "and 1024, inclusive");
+ if (keySizeIndex == -1 || L < 512 || L > 1024) {
+ fprintf(dsaresp,
+ "DSA key size must be a multiple of 64 between 512 "
+ "and 1024, inclusive");
goto loser;
}
}
@@ -4608,7 +4625,7 @@ dsa_pqggen_test(char *reqfn)
}
/* N = ... */
if (buf[0] == 'N') {
- if (strncmp(buf, "Num", 3) == 0) {
+ if (strncmp(buf, "Num", 3) == 0) {
if (sscanf(buf, "Num = %d", &count) != 1) {
goto loser;
}
@@ -4620,7 +4637,7 @@ dsa_pqggen_test(char *reqfn)
if (type == FIPS186_1) {
rv = PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES,
- &pqg, &vfy);
+ &pqg, &vfy);
} else {
rv = PQG_ParamGenV2(L, N, N, &pqg, &vfy);
}
@@ -4633,44 +4650,43 @@ dsa_pqggen_test(char *reqfn)
fprintf(dsaresp, "P = %s\n", buf);
to_hex_str(buf, pqg->subPrime.data, pqg->subPrime.len);
fprintf(dsaresp, "Q = %s\n", buf);
- if (output_g) {
+ if (output_g) {
to_hex_str(buf, pqg->base.data, pqg->base.len);
fprintf(dsaresp, "G = %s\n", buf);
- }
+ }
if (type == FIPS186_1) {
to_hex_str(buf, vfy->seed.data, vfy->seed.len);
fprintf(dsaresp, "Seed = %s\n", buf);
fprintf(dsaresp, "c = %d\n", vfy->counter);
to_hex_str(buf, vfy->h.data, vfy->h.len);
fputs("H = ", dsaresp);
- for (j=vfy->h.len; j< pqg->prime.len; j++) {
+ for (j = vfy->h.len; j < pqg->prime.len; j++) {
fprintf(dsaresp, "00");
}
fprintf(dsaresp, "%s\n", buf);
} else {
- unsigned int seedlen = vfy->seed.len/2;
- unsigned int pgen_counter = vfy->counter >> 16;
- unsigned int qgen_counter = vfy->counter & 0xffff;
+ unsigned int seedlen = vfy->seed.len / 2;
+ unsigned int pgen_counter = vfy->counter >> 16;
+ unsigned int qgen_counter = vfy->counter & 0xffff;
/*fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); */
to_hex_str(buf, vfy->seed.data, seedlen);
fprintf(dsaresp, "pseed = %s\n", buf);
- to_hex_str(buf, vfy->seed.data+seedlen, seedlen);
+ to_hex_str(buf, vfy->seed.data + seedlen, seedlen);
fprintf(dsaresp, "qseed = %s\n", buf);
fprintf(dsaresp, "pgen_counter = %d\n", pgen_counter);
fprintf(dsaresp, "qgen_counter = %d\n", qgen_counter);
- if (output_g) {
+ if (output_g) {
to_hex_str(buf, vfy->seed.data, vfy->seed.len);
fprintf(dsaresp, "domain_parameter_seed = %s\n", buf);
- fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]);
- }
-
+ fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]);
+ }
}
fputc('\n', dsaresp);
- if(pqg!=NULL) {
+ if (pqg != NULL) {
PQG_DestroyParams(pqg);
pqg = NULL;
}
- if(vfy!=NULL) {
+ if (vfy != NULL) {
PQG_DestroyVerify(vfy);
vfy = NULL;
}
@@ -4678,19 +4694,17 @@ dsa_pqggen_test(char *reqfn)
continue;
}
-
}
loser:
fclose(dsareq);
- if(pqg!=NULL) {
+ if (pqg != NULL) {
PQG_DestroyParams(pqg);
}
- if(vfy!=NULL) {
+ if (vfy != NULL) {
PQG_DestroyVerify(vfy);
}
}
-
/*
* Perform the DSA Signature Generation Test.
*
@@ -4701,12 +4715,12 @@ loser:
void
dsa_siggen_test(char *reqfn)
{
- char buf[800]; /* holds one line from the input REQUEST file
+ char buf[800]; /* holds one line from the input REQUEST file
* or to the output RESPONSE file.
* max for Msg = ....
*/
- FILE *dsareq; /* input stream from the REQUEST file */
- FILE *dsaresp; /* output stream to the RESPONSE file */
+ FILE *dsareq; /* input stream from the REQUEST file */
+ FILE *dsaresp; /* output stream to the RESPONSE file */
int modulus;
int L;
int N;
@@ -4715,8 +4729,8 @@ dsa_siggen_test(char *reqfn)
PQGParams *pqg = NULL;
PQGVerify *vfy = NULL;
DSAPrivateKey *dsakey = NULL;
- int keySizeIndex; /* index for valid key sizes */
- unsigned char hashBuf[HASH_LENGTH_MAX]; /* SHA-x hash (160-512 bits) */
+ int keySizeIndex; /* index for valid key sizes */
+ unsigned char hashBuf[HASH_LENGTH_MAX]; /* SHA-x hash (160-512 bits) */
unsigned char sig[DSA_MAX_SIGNATURE_LEN];
SECItem digest, signature;
HASH_HashType hashType = HASH_AlgNULL;
@@ -4734,21 +4748,21 @@ dsa_siggen_test(char *reqfn)
/* [Mod = x] */
if (buf[0] == '[') {
- if(pqg!=NULL) {
+ if (pqg != NULL) {
PQG_DestroyParams(pqg);
pqg = NULL;
}
- if(vfy!=NULL) {
+ if (vfy != NULL) {
PQG_DestroyVerify(vfy);
vfy = NULL;
}
if (dsakey != NULL) {
- PORT_FreeArena(dsakey->params.arena, PR_TRUE);
- dsakey = NULL;
+ PORT_FreeArena(dsakey->params.arena, PR_TRUE);
+ dsakey = NULL;
}
- if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, & N,
- &hashNum) != 3) {
+ if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, &N,
+ &hashNum) != 3) {
use_dsa1 = PR_TRUE;
hashNum = 1;
if (sscanf(buf, "[mod = %d]", &modulus) != 1) {
@@ -4764,22 +4778,23 @@ dsa_siggen_test(char *reqfn)
*/
if (use_dsa1) {
keySizeIndex = PQG_PBITS_TO_INDEX(modulus);
- if(keySizeIndex == -1 || modulus<512 || modulus>1024) {
+ if (keySizeIndex == -1 || modulus < 512 || modulus > 1024) {
fprintf(dsaresp,
- "DSA key size must be a multiple of 64 between 512 "
- "and 1024, inclusive");
+ "DSA key size must be a multiple of 64 between 512 "
+ "and 1024, inclusive");
goto loser;
}
/* Generate PQG and output PQG */
if (PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES,
- &pqg, &vfy) != SECSuccess) {
- fprintf(dsaresp,
+ &pqg, &vfy) !=
+ SECSuccess) {
+ fprintf(dsaresp,
"ERROR: Unable to generate PQG parameters");
goto loser;
}
} else {
if (PQG_ParamGenV2(L, N, N, &pqg, &vfy) != SECSuccess) {
- fprintf(dsaresp,
+ fprintf(dsaresp,
"ERROR: Unable to generate PQG parameters");
goto loser;
}
@@ -4796,10 +4811,10 @@ dsa_siggen_test(char *reqfn)
fprintf(dsaresp, "ERROR: Unable to generate DSA key");
goto loser;
}
-
+
hashType = sha_get_hashType(hashNum);
if (hashType == HASH_AlgNULL) {
- fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum);
+ fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)", hashNum);
goto loser;
}
continue;
@@ -4816,22 +4831,21 @@ dsa_siggen_test(char *reqfn)
}
memset(hashBuf, 0, sizeof hashBuf);
- memset(sig, 0, sizeof sig);
+ memset(sig, 0, sizeof sig);
i = 3;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &msg[j]);
}
if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) {
- fprintf(dsaresp, "ERROR: Unable to generate SHA% digest",
- hashNum);
- goto loser;
+ fprintf(dsaresp, "ERROR: Unable to generate SHA% digest",
+ hashNum);
+ goto loser;
}
-
digest.type = siBuffer;
digest.data = hashBuf;
digest.len = fips_hashLen(hashType);
@@ -4844,10 +4858,10 @@ dsa_siggen_test(char *reqfn)
goto loser;
}
len = signature.len;
- if (len%2 != 0) {
+ if (len % 2 != 0) {
goto loser;
}
- len = len/2;
+ len = len / 2;
/* output the orginal Msg, and generated Y, R, and S */
fputs(buf, dsaresp);
@@ -4861,15 +4875,14 @@ dsa_siggen_test(char *reqfn)
fputc('\n', dsaresp);
continue;
}
-
}
loser:
fclose(dsareq);
- if(pqg != NULL) {
+ if (pqg != NULL) {
PQG_DestroyParams(pqg);
pqg = NULL;
}
- if(vfy != NULL) {
+ if (vfy != NULL) {
PQG_DestroyVerify(vfy);
vfy = NULL;
}
@@ -4879,7 +4892,7 @@ loser:
}
}
- /*
+/*
* Perform the DSA Signature Verification Test.
*
* reqfn is the pathname of the REQUEST file.
@@ -4889,19 +4902,19 @@ loser:
void
dsa_sigver_test(char *reqfn)
{
- char buf[800]; /* holds one line from the input REQUEST file
+ char buf[800]; /* holds one line from the input REQUEST file
* or to the output RESPONSE file.
* max for Msg = ....
*/
- FILE *dsareq; /* input stream from the REQUEST file */
- FILE *dsaresp; /* output stream to the RESPONSE file */
+ FILE *dsareq; /* input stream from the REQUEST file */
+ FILE *dsaresp; /* output stream to the RESPONSE file */
int L;
int N;
unsigned int i, j;
SECItem digest, signature;
DSAPublicKey pubkey;
- unsigned int pgySize; /* size for p, g, and y */
- unsigned char hashBuf[HASH_LENGTH_MAX]; /* SHA-x hash (160-512 bits) */
+ unsigned int pgySize; /* size for p, g, and y */
+ unsigned char hashBuf[HASH_LENGTH_MAX]; /* SHA-x hash (160-512 bits) */
unsigned char sig[DSA_MAX_SIGNATURE_LEN];
HASH_HashType hashType = HASH_AlgNULL;
int hashNum = 0;
@@ -4920,9 +4933,9 @@ dsa_sigver_test(char *reqfn)
/* [Mod = x] */
if (buf[0] == '[') {
- if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, & N,
- &hashNum) != 3) {
- N=160;
+ if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, &N,
+ &hashNum) != 3) {
+ N = 160;
hashNum = 1;
if (sscanf(buf, "[mod = %d]", &L) != 1) {
goto loser;
@@ -4935,16 +4948,16 @@ dsa_sigver_test(char *reqfn)
if (pubkey.params.subPrime.data) { /* Q */
SECITEM_ZfreeItem(&pubkey.params.subPrime, PR_FALSE);
}
- if (pubkey.params.base.data) { /* G */
+ if (pubkey.params.base.data) { /* G */
SECITEM_ZfreeItem(&pubkey.params.base, PR_FALSE);
}
- if (pubkey.publicValue.data) { /* Y */
+ if (pubkey.publicValue.data) { /* Y */
SECITEM_ZfreeItem(&pubkey.publicValue, PR_FALSE);
}
fputs(buf, dsaresp);
/* calculate the size of p, g, and y then allocate items */
- pgySize = L/8;
+ pgySize = L / 8;
SECITEM_AllocItem(NULL, &pubkey.params.prime, pgySize);
SECITEM_AllocItem(NULL, &pubkey.params.base, pgySize);
SECITEM_AllocItem(NULL, &pubkey.publicValue, pgySize);
@@ -4952,12 +4965,12 @@ dsa_sigver_test(char *reqfn)
pubkey.publicValue.len = pgySize;
/* q always N/8 bytes */
- SECITEM_AllocItem(NULL, &pubkey.params.subPrime, N/8);
- pubkey.params.subPrime.len = N/8;
+ SECITEM_AllocItem(NULL, &pubkey.params.subPrime, N / 8);
+ pubkey.params.subPrime.len = N / 8;
hashType = sha_get_hashType(hashNum);
if (hashType == HASH_AlgNULL) {
- fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum);
+ fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)", hashNum);
goto loser;
}
@@ -4970,7 +4983,7 @@ dsa_sigver_test(char *reqfn)
i++;
}
memset(pubkey.params.prime.data, 0, pubkey.params.prime.len);
- for (j=0; j< pubkey.params.prime.len; i+=2,j++) {
+ for (j = 0; j < pubkey.params.prime.len; i += 2, j++) {
hex_to_byteval(&buf[i], &pubkey.params.prime.data[j]);
}
@@ -4985,7 +4998,7 @@ dsa_sigver_test(char *reqfn)
i++;
}
memset(pubkey.params.subPrime.data, 0, pubkey.params.subPrime.len);
- for (j=0; j< pubkey.params.subPrime.len; i+=2,j++) {
+ for (j = 0; j < pubkey.params.subPrime.len; i += 2, j++) {
hex_to_byteval(&buf[i], &pubkey.params.subPrime.data[j]);
}
@@ -5000,7 +5013,7 @@ dsa_sigver_test(char *reqfn)
i++;
}
memset(pubkey.params.base.data, 0, pubkey.params.base.len);
- for (j=0; j< pubkey.params.base.len; i+=2,j++) {
+ for (j = 0; j < pubkey.params.base.len; i += 2, j++) {
hex_to_byteval(&buf[i], &pubkey.params.base.data[j]);
}
@@ -5022,12 +5035,12 @@ dsa_sigver_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
hex_to_byteval(&buf[i], &msg[j]);
}
if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) {
fprintf(dsaresp, "ERROR: Unable to generate SHA-%d digest",
- hashNum);
+ hashNum);
goto loser;
}
@@ -5042,7 +5055,7 @@ dsa_sigver_test(char *reqfn)
i++;
}
memset(pubkey.publicValue.data, 0, pubkey.params.subPrime.len);
- for (j=0; j< pubkey.publicValue.len; i+=2,j++) {
+ for (j = 0; j < pubkey.publicValue.len; i += 2, j++) {
hex_to_byteval(&buf[i], &pubkey.publicValue.data[j]);
}
@@ -5052,12 +5065,12 @@ dsa_sigver_test(char *reqfn)
/* R = ... */
if (buf[0] == 'R') {
- memset(sig, 0, sizeof sig);
+ memset(sig, 0, sizeof sig);
i = 1;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j< pubkey.params.subPrime.len; i+=2,j++) {
+ for (j = 0; j < pubkey.params.subPrime.len; i += 2, j++) {
hex_to_byteval(&buf[i], &sig[j]);
}
@@ -5076,8 +5089,8 @@ dsa_sigver_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=pubkey.params.subPrime.len;
- j< pubkey.params.subPrime.len*2; i+=2,j++) {
+ for (j = pubkey.params.subPrime.len;
+ j < pubkey.params.subPrime.len * 2; i += 2, j++) {
hex_to_byteval(&buf[i], &sig[j]);
}
fputs(buf, dsaresp);
@@ -5087,7 +5100,7 @@ dsa_sigver_test(char *reqfn)
digest.len = fips_hashLen(hashType);
signature.type = siBuffer;
signature.data = sig;
- signature.len = pubkey.params.subPrime.len*2;
+ signature.len = pubkey.params.subPrime.len * 2;
if (DSA_VerifyDigest(&pubkey, &signature, &digest) == SECSuccess) {
fprintf(dsaresp, "Result = P\n");
@@ -5106,31 +5119,30 @@ loser:
if (pubkey.params.subPrime.data) { /* Q */
SECITEM_ZfreeItem(&pubkey.params.subPrime, PR_FALSE);
}
- if (pubkey.params.base.data) { /* G */
+ if (pubkey.params.base.data) { /* G */
SECITEM_ZfreeItem(&pubkey.params.base, PR_FALSE);
}
- if (pubkey.publicValue.data) { /* Y */
+ if (pubkey.publicValue.data) { /* Y */
SECITEM_ZfreeItem(&pubkey.publicValue, PR_FALSE);
}
}
-static void
-pad(unsigned char *buf, int pad_len, unsigned char *src, int src_len)
+static void
+pad(unsigned char *buf, int pad_len, unsigned char *src, int src_len)
{
int offset = 0;
/* this shouldn't happen, fail right away rather than produce bad output */
if (pad_len < src_len) {
- fprintf(stderr, "data bigger than expected! %d > %d\n", src_len, pad_len);
- exit(1);
+ fprintf(stderr, "data bigger than expected! %d > %d\n", src_len, pad_len);
+ exit(1);
}
offset = pad_len - src_len;
memset(buf, 0, offset);
- memcpy(buf+offset, src, src_len);
+ memcpy(buf + offset, src, src_len);
return;
}
-
/*
* Perform the DSA Key Pair Generation Test.
*
@@ -5141,23 +5153,23 @@ pad(unsigned char *buf, int pad_len, unsigned char *src, int src_len)
void
rsa_keypair_test(char *reqfn)
{
- char buf[800]; /* holds one line from the input REQUEST file
+ char buf[800]; /* holds one line from the input REQUEST file
* or to the output RESPONSE file.
* 800 to hold (384 public key (x2 for HEX) + 1'\n'
*/
- unsigned char buf2[400]; /* can't need more then 1/2 buf length */
- FILE *rsareq; /* input stream from the REQUEST file */
- FILE *rsaresp; /* output stream to the RESPONSE file */
+ unsigned char buf2[400]; /* can't need more then 1/2 buf length */
+ FILE *rsareq; /* input stream from the REQUEST file */
+ FILE *rsaresp; /* output stream to the RESPONSE file */
int count;
int i;
- int keySize = 1; /* key size in bits*/
- int len = 0; /* key size in bytes */
- int len2 = 0; /* key size in bytes/2 (prime size) */
+ int keySize = 1; /* key size in bits*/
+ int len = 0; /* key size in bytes */
+ int len2 = 0; /* key size in bytes/2 (prime size) */
SECItem e;
unsigned char default_e[] = { 0x1, 0x0, 0x1 };
e.data = default_e;
- e.len = sizeof (default_e);
+ e.len = sizeof(default_e);
rsareq = fopen(reqfn, "r");
rsaresp = stdout;
@@ -5170,13 +5182,13 @@ rsa_keypair_test(char *reqfn)
/* [Mod = x] */
if (buf[0] == '[') {
- if (buf[1] == 'm') {
- if (sscanf(buf, "[mod = %d]", &keySize) != 1) {
+ if (buf[1] == 'm') {
+ if (sscanf(buf, "[mod = %d]", &keySize) != 1) {
goto loser;
- }
- len = keySize/8;
- len2 = keySize/16;
- }
+ }
+ len = keySize / 8;
+ len2 = keySize / 16;
+ }
fputs(buf, rsaresp);
continue;
}
@@ -5194,24 +5206,24 @@ rsa_keypair_test(char *reqfn)
fprintf(rsaresp, "ERROR: Unable to generate RSA key");
goto loser;
}
- pad(buf2,len,rsakey->publicExponent.data,
- rsakey->publicExponent.len);
+ pad(buf2, len, rsakey->publicExponent.data,
+ rsakey->publicExponent.len);
to_hex_str(buf, buf2, len);
fprintf(rsaresp, "e = %s\n", buf);
- pad(buf2,len2,rsakey->prime1.data,
- rsakey->prime1.len);
+ pad(buf2, len2, rsakey->prime1.data,
+ rsakey->prime1.len);
to_hex_str(buf, buf2, len2);
fprintf(rsaresp, "p = %s\n", buf);
- pad(buf2,len2,rsakey->prime2.data,
- rsakey->prime2.len);
+ pad(buf2, len2, rsakey->prime2.data,
+ rsakey->prime2.len);
to_hex_str(buf, buf2, len2);
fprintf(rsaresp, "q = %s\n", buf);
- pad(buf2,len,rsakey->modulus.data,
- rsakey->modulus.len);
+ pad(buf2, len, rsakey->modulus.data,
+ rsakey->modulus.len);
to_hex_str(buf, buf2, len);
fprintf(rsaresp, "n = %s\n", buf);
- pad(buf2,len,rsakey->privateExponent.data,
- rsakey->privateExponent.len);
+ pad(buf2, len, rsakey->privateExponent.data,
+ rsakey->privateExponent.len);
to_hex_str(buf, buf2, len);
fprintf(rsaresp, "d = %s\n", buf);
fprintf(rsaresp, "\n");
@@ -5220,7 +5232,6 @@ rsa_keypair_test(char *reqfn)
}
continue;
}
-
}
loser:
fclose(rsareq);
@@ -5236,37 +5247,38 @@ loser:
void
rsa_siggen_test(char *reqfn)
{
- char buf[2*RSA_MAX_TEST_MODULUS_BYTES+1];
- /* buf holds one line from the input REQUEST file
+ char buf[2 * RSA_MAX_TEST_MODULUS_BYTES + 1];
+ /* buf holds one line from the input REQUEST file
* or to the output RESPONSE file.
* 2x for HEX output + 1 for \n
*/
- FILE *rsareq; /* input stream from the REQUEST file */
- FILE *rsaresp; /* output stream to the RESPONSE file */
+ FILE *rsareq; /* input stream from the REQUEST file */
+ FILE *rsaresp; /* output stream to the RESPONSE file */
int i, j;
- unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
- unsigned int shaLength = 0; /* length of SHA */
- HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */
- SECOidTag shaOid = SEC_OID_UNKNOWN;
- int modulus; /* the Modulus size */
- int publicExponent = DEFAULT_RSA_PUBLIC_EXPONENT;
- SECItem pe = {0, 0, 0 };
+ unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
+ unsigned int shaLength = 0; /* length of SHA */
+ HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */
+ SECOidTag shaOid = SEC_OID_UNKNOWN;
+ int modulus; /* the Modulus size */
+ int publicExponent = DEFAULT_RSA_PUBLIC_EXPONENT;
+ SECItem pe = { 0, 0, 0 };
unsigned char pubEx[4];
int peCount = 0;
- RSAPrivateKey *rsaBlapiPrivKey = NULL; /* holds RSA private and
+ RSAPrivateKey *rsaBlapiPrivKey = NULL; /* holds RSA private and
* public keys */
- RSAPublicKey *rsaBlapiPublicKey = NULL; /* hold RSA public key */
+ RSAPublicKey *rsaBlapiPublicKey = NULL; /* hold RSA public key */
rsareq = fopen(reqfn, "r");
rsaresp = stdout;
/* calculate the exponent */
- for (i=0; i < 4; i++) {
+ for (i = 0; i < 4; i++) {
if (peCount || (publicExponent &
- ((unsigned long)0xff000000L >> (i*8)))) {
+ ((unsigned long)0xff000000L >> (i *
+ 8)))) {
pubEx[peCount] =
- (unsigned char)((publicExponent >> (3-i)*8) & 0xff);
+ (unsigned char)((publicExponent >> (3 - i) * 8) & 0xff);
peCount++;
}
}
@@ -5288,7 +5300,7 @@ rsa_siggen_test(char *reqfn)
goto loser;
}
if (modulus > RSA_MAX_TEST_MODULUS_BITS) {
- fprintf(rsaresp,"ERROR: modulus greater than test maximum\n");
+ fprintf(rsaresp, "ERROR: modulus greater than test maximum\n");
goto loser;
}
@@ -5315,8 +5327,8 @@ rsa_siggen_test(char *reqfn)
/* convert private key to public key. Memory
* is freed with private key's arena */
rsaBlapiPublicKey = (RSAPublicKey *)PORT_ArenaAlloc(
- rsaBlapiPrivKey->arena,
- sizeof(RSAPublicKey));
+ rsaBlapiPrivKey->arena,
+ sizeof(RSAPublicKey));
rsaBlapiPublicKey->modulus.len = rsaBlapiPrivKey->modulus.len;
rsaBlapiPublicKey->modulus.data = rsaBlapiPrivKey->modulus.data;
@@ -5329,28 +5341,27 @@ rsa_siggen_test(char *reqfn)
/* SHAAlg = ... */
if (strncmp(buf, "SHAAlg", 6) == 0) {
- i = 6;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- /* set the SHA Algorithm */
- if (strncmp(&buf[i], "SHA1", 4) == 0) {
+ i = 6;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ /* set the SHA Algorithm */
+ if (strncmp(&buf[i], "SHA1", 4) == 0) {
shaAlg = HASH_AlgSHA1;
- } else if (strncmp(&buf[i], "SHA224", 6) == 0) {
+ } else if (strncmp(&buf[i], "SHA224", 6) == 0) {
shaAlg = HASH_AlgSHA224;
- } else if (strncmp(&buf[i], "SHA256", 6) == 0) {
+ } else if (strncmp(&buf[i], "SHA256", 6) == 0) {
shaAlg = HASH_AlgSHA256;
- } else if (strncmp(&buf[i], "SHA384", 6)== 0) {
- shaAlg = HASH_AlgSHA384;
- } else if (strncmp(&buf[i], "SHA512", 6) == 0) {
- shaAlg = HASH_AlgSHA512;
- } else {
- fprintf(rsaresp, "ERROR: Unable to find SHAAlg type");
- goto loser;
- }
- fputs(buf, rsaresp);
- continue;
-
+ } else if (strncmp(&buf[i], "SHA384", 6) == 0) {
+ shaAlg = HASH_AlgSHA384;
+ } else if (strncmp(&buf[i], "SHA512", 6) == 0) {
+ shaAlg = HASH_AlgSHA512;
+ } else {
+ fprintf(rsaresp, "ERROR: Unable to find SHAAlg type");
+ goto loser;
+ }
+ fputs(buf, rsaresp);
+ continue;
}
/* Msg = ... */
if (strncmp(buf, "Msg", 3) == 0) {
@@ -5358,13 +5369,13 @@ rsa_siggen_test(char *reqfn)
unsigned char msg[128]; /* MAX msg 128 */
unsigned int rsa_bytes_signed;
unsigned char rsa_computed_signature[RSA_MAX_TEST_MODULUS_BYTES];
- SECStatus rv = SECFailure;
- NSSLOWKEYPublicKey * rsa_public_key;
- NSSLOWKEYPrivateKey * rsa_private_key;
- NSSLOWKEYPrivateKey low_RSA_private_key = { NULL,
- NSSLOWKEYRSAKey };
- NSSLOWKEYPublicKey low_RSA_public_key = { NULL,
- NSSLOWKEYRSAKey };
+ SECStatus rv = SECFailure;
+ NSSLOWKEYPublicKey *rsa_public_key;
+ NSSLOWKEYPrivateKey *rsa_private_key;
+ NSSLOWKEYPrivateKey low_RSA_private_key = { NULL,
+ NSSLOWKEYRSAKey };
+ NSSLOWKEYPublicKey low_RSA_public_key = { NULL,
+ NSSLOWKEYRSAKey };
low_RSA_private_key.u.rsa = *rsaBlapiPrivKey;
low_RSA_public_key.u.rsa = *rsaBlapiPublicKey;
@@ -5381,13 +5392,13 @@ rsa_siggen_test(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; isxdigit(buf[i]) && j < sizeof(msg); i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]) && j < sizeof(msg); i += 2, j++) {
hex_to_byteval(&buf[i], &msg[j]);
}
shaLength = fips_hashLen(shaAlg);
- if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) {
+ if (fips_hashBuf(shaAlg, sha, msg, j) != SECSuccess) {
if (shaLength == 0) {
- fprintf(rsaresp, "ERROR: SHAAlg not defined.");
+ fprintf(rsaresp, "ERROR: SHAAlg not defined.");
}
fprintf(rsaresp, "ERROR: Unable to generate SHA%x",
shaLength == 160 ? 1 : shaLength);
@@ -5396,17 +5407,17 @@ rsa_siggen_test(char *reqfn)
shaOid = fips_hashOid(shaAlg);
/* Perform RSA signature with the RSA private key. */
- rv = RSA_HashSign( shaOid,
- rsa_private_key,
- rsa_computed_signature,
- &rsa_bytes_signed,
- nsslowkey_PrivateModulusLen(rsa_private_key),
- sha,
- shaLength);
+ rv = RSA_HashSign(shaOid,
+ rsa_private_key,
+ rsa_computed_signature,
+ &rsa_bytes_signed,
+ nsslowkey_PrivateModulusLen(rsa_private_key),
+ sha,
+ shaLength);
- if( rv != SECSuccess ) {
- fprintf(rsaresp, "ERROR: RSA_HashSign failed");
- goto loser;
+ if (rv != SECSuccess) {
+ fprintf(rsaresp, "ERROR: RSA_HashSign failed");
+ goto loser;
}
/* Output the signature */
@@ -5415,15 +5426,15 @@ rsa_siggen_test(char *reqfn)
fprintf(rsaresp, "S = %s\n", buf);
/* Perform RSA verification with the RSA public key. */
- rv = RSA_HashCheckSign( shaOid,
- rsa_public_key,
- rsa_computed_signature,
- rsa_bytes_signed,
- sha,
- shaLength);
- if( rv != SECSuccess ) {
- fprintf(rsaresp, "ERROR: RSA_HashCheckSign failed");
- goto loser;
+ rv = RSA_HashCheckSign(shaOid,
+ rsa_public_key,
+ rsa_computed_signature,
+ rsa_bytes_signed,
+ sha,
+ shaLength);
+ if (rv != SECSuccess) {
+ fprintf(rsaresp, "ERROR: RSA_HashCheckSign failed");
+ goto loser;
}
continue;
}
@@ -5437,7 +5448,6 @@ loser:
rsaBlapiPrivKey = NULL;
rsaBlapiPublicKey = NULL;
}
-
}
/*
* Perform the RSA Signature Verification Test.
@@ -5449,24 +5459,24 @@ loser:
void
rsa_sigver_test(char *reqfn)
{
- char buf[2*RSA_MAX_TEST_MODULUS_BYTES+7];
- /* buf holds one line from the input REQUEST file
+ char buf[2 * RSA_MAX_TEST_MODULUS_BYTES + 7];
+ /* buf holds one line from the input REQUEST file
* or to the output RESPONSE file.
* s = 2x for HEX output + 1 for \n
*/
- FILE *rsareq; /* input stream from the REQUEST file */
- FILE *rsaresp; /* output stream to the RESPONSE file */
+ FILE *rsareq; /* input stream from the REQUEST file */
+ FILE *rsaresp; /* output stream to the RESPONSE file */
int i, j;
- unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
- unsigned int shaLength = 0; /* actual length of the digest */
- HASH_HashType shaAlg = HASH_AlgNULL;
- SECOidTag shaOid = SEC_OID_UNKNOWN;
- int modulus = 0; /* the Modulus size */
- unsigned char signature[513]; /* largest signature size + '\n' */
- unsigned int signatureLength = 0; /* actual length of the signature */
+ unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
+ unsigned int shaLength = 0; /* actual length of the digest */
+ HASH_HashType shaAlg = HASH_AlgNULL;
+ SECOidTag shaOid = SEC_OID_UNKNOWN;
+ int modulus = 0; /* the Modulus size */
+ unsigned char signature[513]; /* largest signature size + '\n' */
+ unsigned int signatureLength = 0; /* actual length of the signature */
PRBool keyvalid = PR_TRUE;
- RSAPublicKey rsaBlapiPublicKey; /* hold RSA public key */
+ RSAPublicKey rsaBlapiPublicKey; /* hold RSA public key */
rsareq = fopen(reqfn, "r");
rsaresp = stdout;
@@ -5481,7 +5491,7 @@ rsa_sigver_test(char *reqfn)
/* [Mod = ...] */
if (buf[0] == '[') {
- unsigned int flen; /* length in bytes of the field size */
+ unsigned int flen; /* length in bytes of the field size */
if (rsaBlapiPublicKey.modulus.data) { /* n */
SECITEM_ZfreeItem(&rsaBlapiPublicKey.modulus, PR_FALSE);
@@ -5491,13 +5501,13 @@ rsa_sigver_test(char *reqfn)
}
if (modulus > RSA_MAX_TEST_MODULUS_BITS) {
- fprintf(rsaresp,"ERROR: modulus greater than test maximum\n");
+ fprintf(rsaresp, "ERROR: modulus greater than test maximum\n");
goto loser;
}
fputs(buf, rsaresp);
- signatureLength = flen = modulus/8;
+ signatureLength = flen = modulus / 8;
SECITEM_AllocItem(NULL, &rsaBlapiPublicKey.modulus, flen);
if (rsaBlapiPublicKey.modulus.data == NULL) {
@@ -5518,7 +5528,7 @@ rsa_sigver_test(char *reqfn)
if (!keyvalid) {
fprintf(rsaresp, "ERROR: rsa_sigver n not valid.\n");
- goto loser;
+ goto loser;
}
fputs(buf, rsaresp);
continue;
@@ -5526,27 +5536,27 @@ rsa_sigver_test(char *reqfn)
/* SHAAlg = ... */
if (strncmp(buf, "SHAAlg", 6) == 0) {
- i = 6;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- /* set the SHA Algorithm */
- if (strncmp(&buf[i], "SHA1", 4) == 0) {
+ i = 6;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ /* set the SHA Algorithm */
+ if (strncmp(&buf[i], "SHA1", 4) == 0) {
shaAlg = HASH_AlgSHA1;
- } else if (strncmp(&buf[i], "SHA224", 6) == 0) {
+ } else if (strncmp(&buf[i], "SHA224", 6) == 0) {
shaAlg = HASH_AlgSHA224;
- } else if (strncmp(&buf[i], "SHA256", 6) == 0) {
+ } else if (strncmp(&buf[i], "SHA256", 6) == 0) {
shaAlg = HASH_AlgSHA256;
- } else if (strncmp(&buf[i], "SHA384", 6) == 0) {
- shaAlg = HASH_AlgSHA384;
- } else if (strncmp(&buf[i], "SHA512", 6) == 0) {
- shaAlg = HASH_AlgSHA512;
- } else {
- fprintf(rsaresp, "ERROR: Unable to find SHAAlg type");
- goto loser;
- }
- fputs(buf, rsaresp);
- continue;
+ } else if (strncmp(&buf[i], "SHA384", 6) == 0) {
+ shaAlg = HASH_AlgSHA384;
+ } else if (strncmp(&buf[i], "SHA512", 6) == 0) {
+ shaAlg = HASH_AlgSHA512;
+ } else {
+ fprintf(rsaresp, "ERROR: Unable to find SHAAlg type");
+ goto loser;
+ }
+ fputs(buf, rsaresp);
+ continue;
}
/* e = ... public Key */
@@ -5568,23 +5578,26 @@ rsa_sigver_test(char *reqfn)
while (isxdigit(buf[i])) {
hex_to_byteval(&buf[i], &t);
if (t == 0) {
- i+=2;
- } else break;
+ i += 2;
+ } else
+ break;
}
-
+
/* get the exponent */
- for (j=0; isxdigit(buf[i]) && j < sizeof data; i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]) && j < sizeof data; i += 2, j++) {
hex_to_byteval(&buf[i], &data[j]);
}
- if (j == 0) { j = 1; } /* to handle 1 byte length exponents */
+ if (j == 0) {
+ j = 1;
+ } /* to handle 1 byte length exponents */
- SECITEM_AllocItem(NULL, &rsaBlapiPublicKey.publicExponent, j);
+ SECITEM_AllocItem(NULL, &rsaBlapiPublicKey.publicExponent, j);
if (rsaBlapiPublicKey.publicExponent.data == NULL) {
goto loser;
}
- for (i=0; i < j; i++) {
+ for (i = 0; i < j; i++) {
rsaBlapiPublicKey.publicExponent.data[i] = data[i];
}
@@ -5604,14 +5617,14 @@ rsa_sigver_test(char *reqfn)
i++;
}
- for (j=0; isxdigit(buf[i]) && j < sizeof msg; i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]) && j < sizeof msg; i += 2, j++) {
hex_to_byteval(&buf[i], &msg[j]);
}
shaLength = fips_hashLen(shaAlg);
- if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) {
+ if (fips_hashBuf(shaAlg, sha, msg, j) != SECSuccess) {
if (shaLength == 0) {
- fprintf(rsaresp, "ERROR: SHAAlg not defined.");
+ fprintf(rsaresp, "ERROR: SHAAlg not defined.");
}
fprintf(rsaresp, "ERROR: Unable to generate SHA%x",
shaLength == 160 ? 1 : shaLength);
@@ -5620,15 +5633,14 @@ rsa_sigver_test(char *reqfn)
fputs(buf, rsaresp);
continue;
-
}
/* S = ... */
if (buf[0] == 'S') {
SECStatus rv = SECFailure;
- NSSLOWKEYPublicKey * rsa_public_key;
- NSSLOWKEYPublicKey low_RSA_public_key = { NULL,
- NSSLOWKEYRSAKey };
+ NSSLOWKEYPublicKey *rsa_public_key;
+ NSSLOWKEYPublicKey low_RSA_public_key = { NULL,
+ NSSLOWKEYRSAKey };
/* convert to a low RSA public key */
low_RSA_public_key.u.rsa = rsaBlapiPublicKey;
@@ -5640,7 +5652,7 @@ rsa_sigver_test(char *reqfn)
i++;
}
- for (j=0; isxdigit(buf[i]) && j < sizeof signature; i+=2,j++) {
+ for (j = 0; isxdigit(buf[i]) && j < sizeof signature; i += 2, j++) {
hex_to_byteval(&buf[i], &signature[j]);
}
@@ -5650,13 +5662,13 @@ rsa_sigver_test(char *reqfn)
shaOid = fips_hashOid(shaAlg);
/* Perform RSA verification with the RSA public key. */
- rv = RSA_HashCheckSign( shaOid,
- rsa_public_key,
- signature,
- signatureLength,
- sha,
- shaLength);
- if( rv == SECSuccess ) {
+ rv = RSA_HashCheckSign(shaOid,
+ rsa_public_key,
+ signature,
+ signatureLength,
+ sha,
+ shaLength);
+ if (rv == SECSuccess) {
fputs("Result = P\n", rsaresp);
} else {
fputs("Result = F\n", rsaresp);
@@ -5677,7 +5689,7 @@ loser:
void
tls(char *reqfn)
{
- char buf[256]; /* holds one line from the input REQUEST file.
+ char buf[256]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "XSeed = <128 hex digits>\n".
*/
@@ -5695,41 +5707,41 @@ tls(char *reqfn)
unsigned int i, j;
CK_SLOT_ID slotList[10];
CK_SLOT_ID slotID;
- CK_ULONG slotListCount = sizeof(slotList)/sizeof(slotList[0]);
+ CK_ULONG slotListCount = sizeof(slotList) / sizeof(slotList[0]);
CK_ULONG count;
- static const CK_C_INITIALIZE_ARGS pk11args= {
- NULL, NULL, NULL, NULL, CKF_LIBRARY_CANT_CREATE_OS_THREADS ,
- (void *)"flags=readOnly,noCertDB,noModDB", NULL };
+ static const CK_C_INITIALIZE_ARGS pk11args = {
+ NULL, NULL, NULL, NULL, CKF_LIBRARY_CANT_CREATE_OS_THREADS,
+ (void *)"flags=readOnly,noCertDB,noModDB", NULL
+ };
static CK_OBJECT_CLASS ck_secret = CKO_SECRET_KEY;
static CK_KEY_TYPE ck_generic = CKK_GENERIC_SECRET;
static CK_BBOOL ck_true = CK_TRUE;
static CK_ULONG one = 1;
CK_ATTRIBUTE create_template[] = {
- { CKA_VALUE, NULL, 0 },
- { CKA_CLASS, &ck_secret, sizeof(ck_secret) },
- { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) },
- { CKA_DERIVE, &ck_true, sizeof (ck_true) },
+ { CKA_VALUE, NULL, 0 },
+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) },
+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) },
+ { CKA_DERIVE, &ck_true, sizeof(ck_true) },
};
- CK_ULONG create_template_count =
- sizeof(create_template)/sizeof(create_template[0]);
+ CK_ULONG create_template_count =
+ sizeof(create_template) / sizeof(create_template[0]);
CK_ATTRIBUTE derive_template[] = {
- { CKA_CLASS, &ck_secret, sizeof(ck_secret) },
- { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) },
- { CKA_DERIVE, &ck_true, sizeof(ck_true) },
- { CKA_VALUE_LEN, &one, sizeof(one) },
+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) },
+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) },
+ { CKA_DERIVE, &ck_true, sizeof(ck_true) },
+ { CKA_VALUE_LEN, &one, sizeof(one) },
};
- CK_ULONG derive_template_count =
- sizeof(derive_template)/sizeof(derive_template[0]);
- CK_ATTRIBUTE master_template =
- { CKA_VALUE, NULL, 0 };
- CK_ATTRIBUTE kb1_template =
- { CKA_VALUE, NULL, 0 };
- CK_ATTRIBUTE kb2_template =
- { CKA_VALUE, NULL, 0 };
-
-
- CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE , NULL, 0 };
- CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE , NULL, 0};
+ CK_ULONG derive_template_count =
+ sizeof(derive_template) / sizeof(derive_template[0]);
+ CK_ATTRIBUTE master_template =
+ { CKA_VALUE, NULL, 0 };
+ CK_ATTRIBUTE kb1_template =
+ { CKA_VALUE, NULL, 0 };
+ CK_ATTRIBUTE kb2_template =
+ { CKA_VALUE, NULL, 0 };
+
+ CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE, NULL, 0 };
+ CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE, NULL, 0 };
CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
CK_SSL3_KEY_MAT_PARAMS key_block_params;
CK_SSL3_KEY_MAT_OUT key_material;
@@ -5741,7 +5753,7 @@ tls(char *reqfn)
master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random);
master_params.RandomInfo.pServerRandom = serverHello_random;
master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random);
- master_mech.pParameter = (void *) &master_params;
+ master_mech.pParameter = (void *)&master_params;
master_mech.ulParameterLen = sizeof(master_params);
key_block_params.ulMacSizeInBits = 0;
key_block_params.ulKeySizeInBits = 0;
@@ -5752,26 +5764,25 @@ tls(char *reqfn)
key_block_params.RandomInfo.pServerRandom = server_random;
key_block_params.RandomInfo.ulServerRandomLen = sizeof(server_random);
key_block_params.pReturnedKeyMaterial = &key_material;
- key_block_mech.pParameter = (void *) &key_block_params;
+ key_block_mech.pParameter = (void *)&key_block_params;
key_block_mech.ulParameterLen = sizeof(key_block_params);
-
crv = NSC_Initialize((CK_VOID_PTR)&pk11args);
if (crv != CKR_OK) {
- fprintf(stderr,"NSC_Initialize failed crv=0x%x\n",(unsigned int)crv);
- goto loser;
+ fprintf(stderr, "NSC_Initialize failed crv=0x%x\n", (unsigned int)crv);
+ goto loser;
}
count = slotListCount;
- crv = NSC_GetSlotList(PR_TRUE,slotList, &count);
+ crv = NSC_GetSlotList(PR_TRUE, slotList, &count);
if (crv != CKR_OK) {
- fprintf(stderr,"NSC_GetSlotList failed crv=0x%x\n",(unsigned int)crv);
- goto loser;
+ fprintf(stderr, "NSC_GetSlotList failed crv=0x%x\n", (unsigned int)crv);
+ goto loser;
}
if ((count > slotListCount) || count < 1) {
- fprintf(stderr,
-"NSC_GetSlotList returned too many or too few slots: %d slots max=%d min=1\n",
- (int) count, (int) slotListCount);
- goto loser;
+ fprintf(stderr,
+ "NSC_GetSlotList returned too many or too few slots: %d slots max=%d min=1\n",
+ (int)count, (int)slotListCount);
+ goto loser;
}
slotID = slotList[0];
tlsreq = fopen(reqfn, "r");
@@ -5784,49 +5795,49 @@ tls(char *reqfn)
}
/* [Xchange - SHA1] */
if (buf[0] == '[') {
- if (strncmp(buf, "[TLS", 4) == 0) {
- if (buf[7] == '0') {
- master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE;
- key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
- } else if (buf[7] == '2') {
- master_mech.mechanism =
- CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256;
- key_block_mech.mechanism =
- CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
- } else {
- fprintf(stderr, "Unknown TLS type %x\n",
- (unsigned int)buf[0]);
- goto loser;
- }
- }
- if (strncmp(buf, "[pre-master", 11) == 0) {
- if (sscanf(buf, "[pre-master secret length = %d]",
- &pms_len) != 1) {
+ if (strncmp(buf, "[TLS", 4) == 0) {
+ if (buf[7] == '0') {
+ master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE;
+ key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
+ } else if (buf[7] == '2') {
+ master_mech.mechanism =
+ CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256;
+ key_block_mech.mechanism =
+ CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+ } else {
+ fprintf(stderr, "Unknown TLS type %x\n",
+ (unsigned int)buf[0]);
+ goto loser;
+ }
+ }
+ if (strncmp(buf, "[pre-master", 11) == 0) {
+ if (sscanf(buf, "[pre-master secret length = %d]",
+ &pms_len) != 1) {
goto loser;
}
- pms_len = pms_len/8;
- pms = malloc(pms_len);
- master_secret = malloc(pms_len);
- create_template[0].pValue = pms;
- create_template[0].ulValueLen = pms_len;
- master_template.pValue = master_secret;
- master_template.ulValueLen = pms_len;
- }
- if (strncmp(buf, "[key", 4) == 0) {
+ pms_len = pms_len / 8;
+ pms = malloc(pms_len);
+ master_secret = malloc(pms_len);
+ create_template[0].pValue = pms;
+ create_template[0].ulValueLen = pms_len;
+ master_template.pValue = master_secret;
+ master_template.ulValueLen = pms_len;
+ }
+ if (strncmp(buf, "[key", 4) == 0) {
if (sscanf(buf, "[key block length = %d]", &key_block_len) != 1) {
goto loser;
}
- key_block_params.ulKeySizeInBits = 8;
- key_block_params.ulIVSizeInBits = key_block_len/2-8;
- key_block_len=key_block_len/8;
- key_block = malloc(key_block_len);
- kb1_template.pValue = &key_block[0];
- kb1_template.ulValueLen = 1;
- kb2_template.pValue = &key_block[1];
- kb2_template.ulValueLen = 1;
- key_material.pIVClient = &key_block[2];
- key_material.pIVServer = &key_block[2+key_block_len/2-1];
- }
+ key_block_params.ulKeySizeInBits = 8;
+ key_block_params.ulIVSizeInBits = key_block_len / 2 - 8;
+ key_block_len = key_block_len / 8;
+ key_block = malloc(key_block_len);
+ kb1_template.pValue = &key_block[0];
+ kb1_template.ulValueLen = 1;
+ kb2_template.pValue = &key_block[1];
+ kb2_template.ulValueLen = 1;
+ key_material.pIVClient = &key_block[2];
+ key_material.pIVServer = &key_block[2 + key_block_len / 2 - 1];
+ }
fputs(buf, tlsresp);
continue;
}
@@ -5845,7 +5856,7 @@ tls(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<pms_len; i+=2,j++) {
+ for (j = 0; j < pms_len; i += 2, j++) {
hex_to_byteval(&buf[i], &pms[j]);
}
fputs(buf, tlsresp);
@@ -5857,7 +5868,7 @@ tls(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<SSL3_RANDOM_LENGTH; i+=2,j++) {
+ for (j = 0; j < SSL3_RANDOM_LENGTH; i += 2, j++) {
hex_to_byteval(&buf[i], &serverHello_random[j]);
}
fputs(buf, tlsresp);
@@ -5869,7 +5880,7 @@ tls(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<SSL3_RANDOM_LENGTH; i+=2,j++) {
+ for (j = 0; j < SSL3_RANDOM_LENGTH; i += 2, j++) {
hex_to_byteval(&buf[i], &clientHello_random[j]);
}
fputs(buf, tlsresp);
@@ -5881,7 +5892,7 @@ tls(char *reqfn)
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<SSL3_RANDOM_LENGTH; i+=2,j++) {
+ for (j = 0; j < SSL3_RANDOM_LENGTH; i += 2, j++) {
hex_to_byteval(&buf[i], &server_random[j]);
}
fputs(buf, tlsresp);
@@ -5889,90 +5900,98 @@ tls(char *reqfn)
}
/* client_random = ... */
if (strncmp(buf, "client_random", 13) == 0) {
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE pms_handle;
- CK_OBJECT_HANDLE master_handle;
- CK_OBJECT_HANDLE fake_handle;
+ CK_SESSION_HANDLE session;
+ CK_OBJECT_HANDLE pms_handle;
+ CK_OBJECT_HANDLE master_handle;
+ CK_OBJECT_HANDLE fake_handle;
i = 13;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
- for (j=0; j<SSL3_RANDOM_LENGTH; i+=2,j++) {
+ for (j = 0; j < SSL3_RANDOM_LENGTH; i += 2, j++) {
hex_to_byteval(&buf[i], &client_random[j]);
}
fputs(buf, tlsresp);
- crv = NSC_OpenSession(slotID, 0, NULL, NULL, &session);
- if (crv != CKR_OK) {
- fprintf(stderr,"NSC_OpenSession failed crv=0x%x\n",
- (unsigned int)crv);
- goto loser;
- }
- crv = NSC_CreateObject(session, create_template,
- create_template_count, &pms_handle);
- if (crv != CKR_OK) {
- fprintf(stderr,"NSC_CreateObject failed crv=0x%x\n",
- (unsigned int)crv);
- goto loser;
- }
- crv = NSC_DeriveKey(session, &master_mech, pms_handle,
- derive_template, derive_template_count-1, &master_handle);
- if (crv != CKR_OK) {
- fprintf(stderr,"NSC_DeriveKey(master) failed crv=0x%x\n",
- (unsigned int) crv);
- goto loser;
- }
- crv = NSC_GetAttributeValue(session, master_handle,
- &master_template, 1);
- if (crv != CKR_OK) {
- fprintf(stderr,"NSC_GetAttribute failed crv=0x%x\n",
- (unsigned int) crv);
- goto loser;
- }
+ crv = NSC_OpenSession(slotID, 0, NULL, NULL, &session);
+ if (crv != CKR_OK) {
+ fprintf(stderr, "NSC_OpenSession failed crv=0x%x\n",
+ (unsigned int)crv);
+ goto loser;
+ }
+ crv = NSC_CreateObject(session, create_template,
+ create_template_count, &pms_handle);
+ if (crv != CKR_OK) {
+ fprintf(stderr, "NSC_CreateObject failed crv=0x%x\n",
+ (unsigned int)crv);
+ goto loser;
+ }
+ crv = NSC_DeriveKey(session, &master_mech, pms_handle,
+ derive_template, derive_template_count -
+ 1,
+ &master_handle);
+ if (crv != CKR_OK) {
+ fprintf(stderr, "NSC_DeriveKey(master) failed crv=0x%x\n",
+ (unsigned int)crv);
+ goto loser;
+ }
+ crv = NSC_GetAttributeValue(session, master_handle,
+ &master_template, 1);
+ if (crv != CKR_OK) {
+ fprintf(stderr, "NSC_GetAttribute failed crv=0x%x\n",
+ (unsigned int)crv);
+ goto loser;
+ }
fputs("master_secret = ", tlsresp);
to_hex_str(buf, master_secret, pms_len);
fputs(buf, tlsresp);
fputc('\n', tlsresp);
- crv = NSC_DeriveKey(session, &key_block_mech, master_handle,
- derive_template, derive_template_count, &fake_handle);
- if (crv != CKR_OK) {
- fprintf(stderr,
- "NSC_DeriveKey(keyblock) failed crv=0x%x\n",
- (unsigned int) crv);
- goto loser;
- }
- crv = NSC_GetAttributeValue(session, key_material.hClientKey,
- &kb1_template, 1);
- if (crv != CKR_OK) {
- fprintf(stderr,"NSC_GetAttribute failed crv=0x%x\n",
- (unsigned int) crv);
- goto loser;
- }
- crv = NSC_GetAttributeValue(session, key_material.hServerKey,
- &kb2_template, 1);
- if (crv != CKR_OK) {
- fprintf(stderr,"NSC_GetAttribute failed crv=0x%x\n",
- (unsigned int) crv);
- goto loser;
- }
+ crv = NSC_DeriveKey(session, &key_block_mech, master_handle,
+ derive_template, derive_template_count, &fake_handle);
+ if (crv != CKR_OK) {
+ fprintf(stderr,
+ "NSC_DeriveKey(keyblock) failed crv=0x%x\n",
+ (unsigned int)crv);
+ goto loser;
+ }
+ crv = NSC_GetAttributeValue(session, key_material.hClientKey,
+ &kb1_template, 1);
+ if (crv != CKR_OK) {
+ fprintf(stderr, "NSC_GetAttribute failed crv=0x%x\n",
+ (unsigned int)crv);
+ goto loser;
+ }
+ crv = NSC_GetAttributeValue(session, key_material.hServerKey,
+ &kb2_template, 1);
+ if (crv != CKR_OK) {
+ fprintf(stderr, "NSC_GetAttribute failed crv=0x%x\n",
+ (unsigned int)crv);
+ goto loser;
+ }
fputs("key_block = ", tlsresp);
to_hex_str(buf, key_block, key_block_len);
fputs(buf, tlsresp);
fputc('\n', tlsresp);
- crv = NSC_CloseSession(session);
+ crv = NSC_CloseSession(session);
continue;
}
}
loser:
NSC_Finalize(NULL);
- if (pms) free(pms);
- if (master_secret) free(master_secret);
- if (key_block) free(key_block);
- if (tlsreq) fclose(tlsreq);
+ if (pms)
+ free(pms);
+ if (master_secret)
+ free(master_secret);
+ if (key_block)
+ free(key_block);
+ if (tlsreq)
+ fclose(tlsreq);
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
- if (argc < 2) exit (-1);
+ if (argc < 2)
+ exit(-1);
RNG_RNGInit();
SECOID_Init();
@@ -5984,42 +6003,42 @@ int main(int argc, char **argv)
/* argv[2]=kat|mmt|mct argv[3]=ecb|cbc argv[4]=<test name>.req */
if (strcmp(argv[2], "kat") == 0) {
/* Known Answer Test (KAT) */
- tdea_kat_mmt(argv[4]);
+ tdea_kat_mmt(argv[4]);
} else if (strcmp(argv[2], "mmt") == 0) {
/* Multi-block Message Test (MMT) */
- tdea_kat_mmt(argv[4]);
+ tdea_kat_mmt(argv[4]);
} else if (strcmp(argv[2], "mct") == 0) {
- /* Monte Carlo Test (MCT) */
- if (strcmp(argv[3], "ecb") == 0) {
- /* ECB mode */
- tdea_mct(NSS_DES_EDE3, argv[4]);
- } else if (strcmp(argv[3], "cbc") == 0) {
- /* CBC mode */
- tdea_mct(NSS_DES_EDE3_CBC, argv[4]);
- }
+ /* Monte Carlo Test (MCT) */
+ if (strcmp(argv[3], "ecb") == 0) {
+ /* ECB mode */
+ tdea_mct(NSS_DES_EDE3, argv[4]);
+ } else if (strcmp(argv[3], "cbc") == 0) {
+ /* CBC mode */
+ tdea_mct(NSS_DES_EDE3_CBC, argv[4]);
+ }
}
- /*************/
- /* AES */
- /*************/
+ /*************/
+ /* AES */
+ /*************/
} else if (strcmp(argv[1], "aes") == 0) {
/* argv[2]=kat|mmt|mct argv[3]=ecb|cbc argv[4]=<test name>.req */
- if ( strcmp(argv[2], "kat") == 0) {
+ if (strcmp(argv[2], "kat") == 0) {
/* Known Answer Test (KAT) */
aes_kat_mmt(argv[4]);
} else if (strcmp(argv[2], "mmt") == 0) {
/* Multi-block Message Test (MMT) */
aes_kat_mmt(argv[4]);
} else if (strcmp(argv[2], "gcm") == 0) {
- if ( strcmp(argv[3], "decrypt") == 0) {
- aes_gcm(argv[4],0);
+ if (strcmp(argv[3], "decrypt") == 0) {
+ aes_gcm(argv[4], 0);
} else if (strcmp(argv[3], "encrypt_extiv") == 0) {
- aes_gcm(argv[4],1);
+ aes_gcm(argv[4], 1);
} else if (strcmp(argv[3], "encrypt_intiv") == 0) {
- aes_gcm(argv[4],2);
+ aes_gcm(argv[4], 2);
}
} else if (strcmp(argv[2], "mct") == 0) {
/* Monte Carlo Test (MCT) */
- if ( strcmp(argv[3], "ecb") == 0) {
+ if (strcmp(argv[3], "ecb") == 0) {
/* ECB mode */
aes_ecb_mct(argv[4]);
} else if (strcmp(argv[3], "cbc") == 0) {
@@ -6027,14 +6046,14 @@ int main(int argc, char **argv)
aes_cbc_mct(argv[4]);
}
}
- /*************/
- /* SHA */
- /*************/
+ /*************/
+ /* SHA */
+ /*************/
} else if (strcmp(argv[1], "sha") == 0) {
sha_test(argv[2]);
- /*************/
- /* RSA */
- /*************/
+ /*************/
+ /* RSA */
+ /*************/
} else if (strcmp(argv[1], "rsa") == 0) {
/* argv[2]=siggen|sigver */
/* argv[3]=<test name>.req */
@@ -6047,15 +6066,15 @@ int main(int argc, char **argv)
} else if (strcmp(argv[2], "keypair") == 0) {
/* Key Pair Generation Test */
rsa_keypair_test(argv[3]);
- }
- /*************/
- /* HMAC */
- /*************/
+ }
+ /*************/
+ /* HMAC */
+ /*************/
} else if (strcmp(argv[1], "hmac") == 0) {
hmac_test(argv[2]);
- /*************/
- /* DSA */
- /*************/
+ /*************/
+ /* DSA */
+ /*************/
} else if (strcmp(argv[1], "dsa") == 0) {
/* argv[2]=keypair|pqggen|pqgver|siggen|sigver */
/* argv[3]=<test name>.req */
@@ -6063,10 +6082,10 @@ int main(int argc, char **argv)
/* Key Pair Generation Test */
dsa_keypair_test(argv[3]);
} else if (strcmp(argv[2], "pqggen") == 0) {
- /* Domain Parameter Generation Test */
+ /* Domain Parameter Generation Test */
dsa_pqggen_test(argv[3]);
} else if (strcmp(argv[2], "pqgver") == 0) {
- /* Domain Parameter Validation Test */
+ /* Domain Parameter Validation Test */
dsa_pqgver_test(argv[3]);
} else if (strcmp(argv[2], "siggen") == 0) {
/* Signature Generation Test */
@@ -6076,43 +6095,43 @@ int main(int argc, char **argv)
dsa_sigver_test(argv[3]);
}
#ifndef NSS_DISABLE_ECC
- /*************/
- /* ECDSA */
- /*************/
+ /*************/
+ /* ECDSA */
+ /*************/
} else if (strcmp(argv[1], "ecdsa") == 0) {
- /* argv[2]=keypair|pkv|siggen|sigver argv[3]=<test name>.req */
- if ( strcmp(argv[2], "keypair") == 0) {
- /* Key Pair Generation Test */
- ecdsa_keypair_test(argv[3]);
- } else if (strcmp(argv[2], "pkv") == 0) {
- /* Public Key Validation Test */
- ecdsa_pkv_test(argv[3]);
- } else if (strcmp(argv[2], "siggen") == 0) {
- /* Signature Generation Test */
- ecdsa_siggen_test(argv[3]);
- } else if (strcmp(argv[2], "sigver") == 0) {
- /* Signature Verification Test */
- ecdsa_sigver_test(argv[3]);
- }
+ /* argv[2]=keypair|pkv|siggen|sigver argv[3]=<test name>.req */
+ if (strcmp(argv[2], "keypair") == 0) {
+ /* Key Pair Generation Test */
+ ecdsa_keypair_test(argv[3]);
+ } else if (strcmp(argv[2], "pkv") == 0) {
+ /* Public Key Validation Test */
+ ecdsa_pkv_test(argv[3]);
+ } else if (strcmp(argv[2], "siggen") == 0) {
+ /* Signature Generation Test */
+ ecdsa_siggen_test(argv[3]);
+ } else if (strcmp(argv[2], "sigver") == 0) {
+ /* Signature Verification Test */
+ ecdsa_sigver_test(argv[3]);
+ }
#endif /* NSS_DISABLE_ECC */
- /*************/
- /* RNG */
- /*************/
+ /*************/
+ /* RNG */
+ /*************/
} else if (strcmp(argv[1], "rng") == 0) {
- /* argv[2]=vst|mct argv[3]=<test name>.req */
- if ( strcmp(argv[2], "vst") == 0) {
- /* Variable Seed Test */
- rng_vst(argv[3]);
- } else if (strcmp(argv[2], "mct") == 0) {
- /* Monte Carlo Test */
- rng_mct(argv[3]);
- }
+ /* argv[2]=vst|mct argv[3]=<test name>.req */
+ if (strcmp(argv[2], "vst") == 0) {
+ /* Variable Seed Test */
+ rng_vst(argv[3]);
+ } else if (strcmp(argv[2], "mct") == 0) {
+ /* Monte Carlo Test */
+ rng_mct(argv[3]);
+ }
} else if (strcmp(argv[1], "drbg") == 0) {
- /* Variable Seed Test */
- drbg(argv[2]);
+ /* Variable Seed Test */
+ drbg(argv[2]);
} else if (strcmp(argv[1], "ddrbg") == 0) {
- debug = 1;
- drbg(argv[2]);
+ debug = 1;
+ drbg(argv[2]);
}
return 0;
}
diff --git a/cmd/httpserv/httpserv.c b/cmd/httpserv/httpserv.c
index 3e8a0f6a1..3fef0ec82 100644
--- a/cmd/httpserv/httpserv.c
+++ b/cmd/httpserv/httpserv.c
@@ -12,7 +12,7 @@
#endif
#if defined(_WINDOWS)
-#include <process.h> /* for getpid() */
+#include <process.h> /* for getpid() */
#endif
#include <signal.h>
@@ -49,55 +49,63 @@
#define PORT_Malloc PR_Malloc
#endif
-static int handle_connection( PRFileDesc *, PRFileDesc *, int );
+static int handle_connection(PRFileDesc *, PRFileDesc *, int);
/* data and structures for shutdown */
-static int stopping;
+static int stopping;
-static PRBool noDelay;
-static int verbose;
+static PRBool noDelay;
+static int verbose;
-static PRThread * acceptorThread;
+static PRThread *acceptorThread;
static PRLogModuleInfo *lm;
-#define PRINTF if (verbose) printf
-#define FPRINTF if (verbose) fprintf
-#define FLUSH if (verbose) { fflush(stdout); fflush(stderr); }
-#define VLOG(arg) PR_LOG(lm,PR_LOG_DEBUG,arg)
+#define PRINTF \
+ if (verbose) \
+ printf
+#define FPRINTF \
+ if (verbose) \
+ fprintf
+#define FLUSH \
+ if (verbose) { \
+ fflush(stdout); \
+ fflush(stderr); \
+ }
+#define VLOG(arg) PR_LOG(lm, PR_LOG_DEBUG, arg)
static void
Usage(const char *progName)
{
- fprintf(stderr,
-
-"Usage: %s -p port [-Dbv]\n"
-" [-t threads] [-i pid_file]\n"
-" [-A nickname -C crl-filename]... [-O method]\n"
-" [-d dbdir] [-f password_file] [-w password] [-P dbprefix]\n"
-"-D means disable Nagle delays in TCP\n"
-"-b means try binding to the port and exit\n"
-"-v means verbose output\n"
-"-t threads -- specify the number of threads to use for connections.\n"
-"-i pid_file file to write the process id of httpserv\n"
-"Parameters -A, -C and -O are used to provide an OCSP server at /ocsp?\n"
-"-A a nickname of a CA certificate\n"
-"-C a CRL filename corresponding to the preceding CA nickname\n"
-"-O allowed HTTP methods for OCSP requests: get, post, all, random, get-unknown\n"
-" random means: randomly fail if request method is GET, POST always works\n"
-" get-unknown means: status unknown for GET, correct status for POST\n"
-"Multiple pairs of parameters -A and -C are allowed.\n"
-"If status for a cert from an unknown CA is requested, the cert from the\n"
-"first -A parameter will be used to sign the unknown status response.\n"
-"NSS database parameters are used only if OCSP parameters are used.\n"
- ,progName);
+ fprintf(stderr,
+
+ "Usage: %s -p port [-Dbv]\n"
+ " [-t threads] [-i pid_file]\n"
+ " [-A nickname -C crl-filename]... [-O method]\n"
+ " [-d dbdir] [-f password_file] [-w password] [-P dbprefix]\n"
+ "-D means disable Nagle delays in TCP\n"
+ "-b means try binding to the port and exit\n"
+ "-v means verbose output\n"
+ "-t threads -- specify the number of threads to use for connections.\n"
+ "-i pid_file file to write the process id of httpserv\n"
+ "Parameters -A, -C and -O are used to provide an OCSP server at /ocsp?\n"
+ "-A a nickname of a CA certificate\n"
+ "-C a CRL filename corresponding to the preceding CA nickname\n"
+ "-O allowed HTTP methods for OCSP requests: get, post, all, random, get-unknown\n"
+ " random means: randomly fail if request method is GET, POST always works\n"
+ " get-unknown means: status unknown for GET, correct status for POST\n"
+ "Multiple pairs of parameters -A and -C are allowed.\n"
+ "If status for a cert from an unknown CA is requested, the cert from the\n"
+ "first -A parameter will be used to sign the unknown status response.\n"
+ "NSS database parameters are used only if OCSP parameters are used.\n",
+ progName);
}
static const char *
-errWarn(char * funcString)
+errWarn(char *funcString)
{
- PRErrorCode perr = PR_GetError();
- const char * errString = SECU_Strerror(perr);
+ PRErrorCode perr = PR_GetError();
+ const char *errString = SECU_Strerror(perr);
fprintf(stderr, "httpserv: %s returned error %d:\n%s\n",
funcString, perr, errString);
@@ -105,13 +113,13 @@ errWarn(char * funcString)
}
static void
-errExit(char * funcString)
+errExit(char *funcString)
{
errWarn(funcString);
exit(3);
}
-#define MAX_VIRT_SERVER_NAME_ARRAY_INDEX 10
+#define MAX_VIRT_SERVER_NAME_ARRAY_INDEX 10
/**************************************************************************
** Begin thread management routines and data.
@@ -120,24 +128,23 @@ errExit(char * funcString)
#define DEFAULT_THREADS 8
#define MAX_THREADS 4096
#define MAX_PROCS 25
-static int maxThreads = DEFAULT_THREADS;
-
+static int maxThreads = DEFAULT_THREADS;
typedef struct jobStr {
- PRCList link;
+ PRCList link;
PRFileDesc *tcp_sock;
PRFileDesc *model_sock;
- int requestCert;
+ int requestCert;
} JOB;
-static PZLock * qLock; /* this lock protects all data immediately below */
-static PRLock * lastLoadedCrlLock; /* this lock protects lastLoadedCrl variable */
-static PZCondVar * jobQNotEmptyCv;
-static PZCondVar * freeListNotEmptyCv;
-static PZCondVar * threadCountChangeCv;
-static int threadCount;
-static PRCList jobQ;
-static PRCList freeJobs;
+static PZLock *qLock; /* this lock protects all data immediately below */
+static PRLock *lastLoadedCrlLock; /* this lock protects lastLoadedCrl variable */
+static PZCondVar *jobQNotEmptyCv;
+static PZCondVar *freeListNotEmptyCv;
+static PZCondVar *threadCountChangeCv;
+static int threadCount;
+static PRCList jobQ;
+static PRCList freeJobs;
static JOB *jobTable;
SECStatus
@@ -147,40 +154,42 @@ setupJobs(int maxJobs)
jobTable = (JOB *)PR_Calloc(maxJobs, sizeof(JOB));
if (!jobTable)
- return SECFailure;
+ return SECFailure;
PR_INIT_CLIST(&jobQ);
PR_INIT_CLIST(&freeJobs);
for (i = 0; i < maxJobs; ++i) {
- JOB * pJob = jobTable + i;
- PR_APPEND_LINK(&pJob->link, &freeJobs);
+ JOB *pJob = jobTable + i;
+ PR_APPEND_LINK(&pJob->link, &freeJobs);
}
return SECSuccess;
}
typedef int startFn(PRFileDesc *a, PRFileDesc *b, int c);
-typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState;
+typedef enum { rs_idle = 0,
+ rs_running = 1,
+ rs_zombie = 2 } runState;
typedef struct perThreadStr {
PRFileDesc *a;
PRFileDesc *b;
- int c;
- int rv;
- startFn * startFunc;
- PRThread * prThread;
- runState state;
+ int c;
+ int rv;
+ startFn *startFunc;
+ PRThread *prThread;
+ runState state;
} perThread;
static perThread *threads;
void
-thread_wrapper(void * arg)
+thread_wrapper(void *arg)
{
- perThread * slot = (perThread *)arg;
+ perThread *slot = (perThread *)arg;
- slot->rv = (* slot->startFunc)(slot->a, slot->b, slot->c);
+ slot->rv = (*slot->startFunc)(slot->a, slot->b, slot->c);
/* notify the thread exit handler. */
PZ_Lock(qLock);
@@ -190,103 +199,110 @@ thread_wrapper(void * arg)
PZ_Unlock(qLock);
}
-int
+int
jobLoop(PRFileDesc *a, PRFileDesc *b, int c)
{
- PRCList * myLink = 0;
- JOB * myJob;
+ PRCList *myLink = 0;
+ JOB *myJob;
PZ_Lock(qLock);
do {
- myLink = 0;
- while (PR_CLIST_IS_EMPTY(&jobQ) && !stopping) {
+ myLink = 0;
+ while (PR_CLIST_IS_EMPTY(&jobQ) && !stopping) {
PZ_WaitCondVar(jobQNotEmptyCv, PR_INTERVAL_NO_TIMEOUT);
- }
- if (!PR_CLIST_IS_EMPTY(&jobQ)) {
- myLink = PR_LIST_HEAD(&jobQ);
- PR_REMOVE_AND_INIT_LINK(myLink);
- }
- PZ_Unlock(qLock);
- myJob = (JOB *)myLink;
- /* myJob will be null when stopping is true and jobQ is empty */
- if (!myJob)
- break;
- handle_connection( myJob->tcp_sock, myJob->model_sock,
- myJob->requestCert);
- PZ_Lock(qLock);
- PR_APPEND_LINK(myLink, &freeJobs);
- PZ_NotifyCondVar(freeListNotEmptyCv);
+ }
+ if (!PR_CLIST_IS_EMPTY(&jobQ)) {
+ myLink = PR_LIST_HEAD(&jobQ);
+ PR_REMOVE_AND_INIT_LINK(myLink);
+ }
+ PZ_Unlock(qLock);
+ myJob = (JOB *)myLink;
+ /* myJob will be null when stopping is true and jobQ is empty */
+ if (!myJob)
+ break;
+ handle_connection(myJob->tcp_sock, myJob->model_sock,
+ myJob->requestCert);
+ PZ_Lock(qLock);
+ PR_APPEND_LINK(myLink, &freeJobs);
+ PZ_NotifyCondVar(freeListNotEmptyCv);
} while (PR_TRUE);
return 0;
}
-
SECStatus
launch_threads(
- startFn *startFunc,
+ startFn *startFunc,
PRFileDesc *a,
PRFileDesc *b,
- int c,
- PRBool local)
+ int c,
+ PRBool local)
{
int i;
SECStatus rv = SECSuccess;
/* create the thread management serialization structs */
- qLock = PZ_NewLock(nssILockSelfServ);
- jobQNotEmptyCv = PZ_NewCondVar(qLock);
- freeListNotEmptyCv = PZ_NewCondVar(qLock);
+ qLock = PZ_NewLock(nssILockSelfServ);
+ jobQNotEmptyCv = PZ_NewCondVar(qLock);
+ freeListNotEmptyCv = PZ_NewCondVar(qLock);
threadCountChangeCv = PZ_NewCondVar(qLock);
/* create monitor for crl reload procedure */
- lastLoadedCrlLock = PR_NewLock();
+ lastLoadedCrlLock = PR_NewLock();
/* allocate the array of thread slots */
threads = PR_Calloc(maxThreads, sizeof(perThread));
- if ( NULL == threads ) {
+ if (NULL == threads) {
fprintf(stderr, "Oh Drat! Can't allocate the perThread array\n");
return SECFailure;
}
- /* 5 is a little extra, intended to keep the jobQ from underflowing.
+ /* 5 is a little extra, intended to keep the jobQ from underflowing.
** That is, from going empty while not stopping and clients are still
** trying to contact us.
*/
rv = setupJobs(maxThreads + 5);
if (rv != SECSuccess)
- return rv;
+ return rv;
PZ_Lock(qLock);
for (i = 0; i < maxThreads; ++i) {
- perThread * slot = threads + i;
-
- slot->state = rs_running;
- slot->a = a;
- slot->b = b;
- slot->c = c;
- slot->startFunc = startFunc;
- slot->prThread = PR_CreateThread(PR_USER_THREAD,
- thread_wrapper, slot, PR_PRIORITY_NORMAL,
- (PR_TRUE==local)?PR_LOCAL_THREAD:PR_GLOBAL_THREAD,
- PR_UNJOINABLE_THREAD, 0);
- if (slot->prThread == NULL) {
- printf("httpserv: Failed to launch thread!\n");
- slot->state = rs_idle;
- rv = SECFailure;
- break;
- }
-
- ++threadCount;
+ perThread *slot = threads + i;
+
+ slot->state = rs_running;
+ slot->a = a;
+ slot->b = b;
+ slot->c = c;
+ slot->startFunc = startFunc;
+ slot->prThread = PR_CreateThread(PR_USER_THREAD,
+ thread_wrapper, slot, PR_PRIORITY_NORMAL,
+ (PR_TRUE ==
+ local)
+ ? PR_LOCAL_THREAD
+ : PR_GLOBAL_THREAD,
+ PR_UNJOINABLE_THREAD, 0);
+ if (slot->prThread == NULL) {
+ printf("httpserv: Failed to launch thread!\n");
+ slot->state = rs_idle;
+ rv = SECFailure;
+ break;
+ }
+
+ ++threadCount;
}
- PZ_Unlock(qLock);
+ PZ_Unlock(qLock);
return rv;
}
-#define DESTROY_CONDVAR(name) if (name) { \
- PZ_DestroyCondVar(name); name = NULL; }
-#define DESTROY_LOCK(name) if (name) { \
- PZ_DestroyLock(name); name = NULL; }
-
+#define DESTROY_CONDVAR(name) \
+ if (name) { \
+ PZ_DestroyCondVar(name); \
+ name = NULL; \
+ }
+#define DESTROY_LOCK(name) \
+ if (name) { \
+ PZ_DestroyLock(name); \
+ name = NULL; \
+ }
void
terminateWorkerThreads(void)
@@ -295,11 +311,11 @@ terminateWorkerThreads(void)
PZ_Lock(qLock);
PZ_NotifyAllCondVar(jobQNotEmptyCv);
while (threadCount > 0) {
- PZ_WaitCondVar(threadCountChangeCv, PR_INTERVAL_NO_TIMEOUT);
+ PZ_WaitCondVar(threadCountChangeCv, PR_INTERVAL_NO_TIMEOUT);
}
/* The worker threads empty the jobQ before they terminate. */
PORT_Assert(PR_CLIST_IS_EMPTY(&jobQ));
- PZ_Unlock(qLock);
+ PZ_Unlock(qLock);
DESTROY_CONDVAR(jobQNotEmptyCv);
DESTROY_CONDVAR(freeListNotEmptyCv);
@@ -315,12 +331,11 @@ terminateWorkerThreads(void)
** End thread management routines.
**************************************************************************/
-PRBool NoReuse = PR_FALSE;
-PRBool disableLocking = PR_FALSE;
-static secuPWData pwdata = { PW_NONE, 0 };
+PRBool NoReuse = PR_FALSE;
+PRBool disableLocking = PR_FALSE;
+static secuPWData pwdata = { PW_NONE, 0 };
-struct caRevoInfoStr
-{
+struct caRevoInfoStr {
PRCList link;
char *nickname;
char *crlFilename;
@@ -329,16 +344,20 @@ struct caRevoInfoStr
CERTSignedCrl *crl;
};
typedef struct caRevoInfoStr caRevoInfo;
-/* Created during app init. No locks necessary,
+/* Created during app init. No locks necessary,
* because later on, only read access will occur. */
static caRevoInfo *caRevoInfos = NULL;
-static enum {
- ocspGetOnly, ocspPostOnly, ocspGetAndPost, ocspRandomGetFailure, ocspGetUnknown
+static enum {
+ ocspGetOnly,
+ ocspPostOnly,
+ ocspGetAndPost,
+ ocspRandomGetFailure,
+ ocspGetUnknown
} ocspMethodsAllowed = ocspGetAndPost;
static const char stopCmd[] = { "GET /stop " };
-static const char getCmd[] = { "GET " };
+static const char getCmd[] = { "GET " };
static const char outHeader[] = {
"HTTP/1.0 200 OK\r\n"
"Server: Generic Web Server\r\n"
@@ -358,7 +377,8 @@ static const char outBadRequestHeader[] = {
"\r\n"
};
-void stop_server()
+void
+stop_server()
{
stopping = 1;
PR_Interrupt(acceptorThread);
@@ -377,59 +397,58 @@ urldecode_base64chars_inplace(char *buf)
{
char *walk;
size_t remaining_bytes;
-
+
if (!buf || !*buf)
- return SECFailure;
-
+ return SECFailure;
+
walk = buf;
remaining_bytes = strlen(buf) + 1; /* include terminator */
-
+
while (*walk) {
- if (*walk == '%') {
- if (!PL_strncasecmp(walk, "%2B", 3)) {
- *walk = '+';
- } else if (!PL_strncasecmp(walk, "%2F", 3)) {
- *walk = '/';
- } else if (!PL_strncasecmp(walk, "%3D", 3)) {
- *walk = '=';
- } else {
- return SECFailure;
- }
- remaining_bytes -= 3;
- ++walk;
- memmove(walk, walk+2, remaining_bytes);
- } else {
- ++walk;
- --remaining_bytes;
- }
+ if (*walk == '%') {
+ if (!PL_strncasecmp(walk, "%2B", 3)) {
+ *walk = '+';
+ } else if (!PL_strncasecmp(walk, "%2F", 3)) {
+ *walk = '/';
+ } else if (!PL_strncasecmp(walk, "%3D", 3)) {
+ *walk = '=';
+ } else {
+ return SECFailure;
+ }
+ remaining_bytes -= 3;
+ ++walk;
+ memmove(walk, walk + 2, remaining_bytes);
+ } else {
+ ++walk;
+ --remaining_bytes;
+ }
}
return SECSuccess;
}
int
-handle_connection(
+handle_connection(
PRFileDesc *tcp_sock,
PRFileDesc *model_sock,
- int requestCert
- )
+ int requestCert)
{
- PRFileDesc * ssl_sock = NULL;
- PRFileDesc * local_file_fd = NULL;
- char * pBuf; /* unused space at end of buf */
- const char * errString;
- PRStatus status;
- int bufRem; /* unused bytes at end of buf */
- int bufDat; /* characters received in buf */
- int newln = 0; /* # of consecutive newlns */
- int firstTime = 1;
- int reqLen;
- int rv;
- int numIOVs;
+ PRFileDesc *ssl_sock = NULL;
+ PRFileDesc *local_file_fd = NULL;
+ char *pBuf; /* unused space at end of buf */
+ const char *errString;
+ PRStatus status;
+ int bufRem; /* unused bytes at end of buf */
+ int bufDat; /* characters received in buf */
+ int newln = 0; /* # of consecutive newlns */
+ int firstTime = 1;
+ int reqLen;
+ int rv;
+ int numIOVs;
PRSocketOptionData opt;
- PRIOVec iovs[16];
- char msgBuf[160];
- char buf[10240];
- char fileName[513];
+ PRIOVec iovs[16];
+ char msgBuf[160];
+ char buf[10240];
+ char fileName[513];
char *getData = NULL; /* inplace conversion */
SECItem postData;
PRBool isOcspRequest = PR_FALSE;
@@ -438,381 +457,381 @@ handle_connection(
postData.data = NULL;
postData.len = 0;
- pBuf = buf;
+ pBuf = buf;
bufRem = sizeof buf;
VLOG(("httpserv: handle_connection: starting"));
- opt.option = PR_SockOpt_Nonblocking;
+ opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
PR_SetSocketOption(tcp_sock, &opt);
VLOG(("httpserv: handle_connection: starting\n"));
- ssl_sock = tcp_sock;
+ ssl_sock = tcp_sock;
if (noDelay) {
- opt.option = PR_SockOpt_NoDelay;
- opt.value.no_delay = PR_TRUE;
- status = PR_SetSocketOption(ssl_sock, &opt);
- if (status != PR_SUCCESS) {
- errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
+ opt.option = PR_SockOpt_NoDelay;
+ opt.value.no_delay = PR_TRUE;
+ status = PR_SetSocketOption(ssl_sock, &opt);
+ if (status != PR_SUCCESS) {
+ errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
if (ssl_sock) {
- PR_Close(ssl_sock);
+ PR_Close(ssl_sock);
}
- return SECFailure;
- }
+ return SECFailure;
+ }
}
while (1) {
- const char *post;
- const char *foundStr = NULL;
- const char *tmp = NULL;
-
- newln = 0;
- reqLen = 0;
-
- rv = PR_Read(ssl_sock, pBuf, bufRem - 1);
- if (rv == 0 ||
- (rv < 0 && PR_END_OF_FILE_ERROR == PR_GetError())) {
- if (verbose)
- errWarn("HDX PR_Read hit EOF");
- break;
- }
- if (rv < 0) {
- errWarn("HDX PR_Read");
- goto cleanup;
- }
- /* NULL termination */
- pBuf[rv] = 0;
- if (firstTime) {
- firstTime = 0;
- }
-
- pBuf += rv;
- bufRem -= rv;
- bufDat = pBuf - buf;
- /* Parse the input, starting at the beginning of the buffer.
- * Stop when we detect two consecutive \n's (or \r\n's)
- * as this signifies the end of the GET or POST portion.
- * The posted data follows.
- */
- while (reqLen < bufDat && newln < 2) {
- int octet = buf[reqLen++];
- if (octet == '\n') {
- newln++;
- } else if (octet != '\r') {
- newln = 0;
- }
- }
-
- /* came to the end of the buffer, or second newln
- * If we didn't get an empty line (CRLFCRLF) then keep on reading.
- */
- if (newln < 2)
- continue;
-
- /* we're at the end of the HTTP request.
- * If the request is a POST, then there will be one more
- * line of data.
- * This parsing is a hack, but ok for SSL test purposes.
- */
- post = PORT_Strstr(buf, "POST ");
- if (!post || *post != 'P')
- break;
-
- postData.data = (void*)(buf + reqLen);
-
- tmp = "content-length: ";
- foundStr = PL_strcasestr(buf, tmp);
- if (foundStr) {
- int expectedPostLen;
- int havePostLen;
-
- expectedPostLen = atoi(foundStr+strlen(tmp));
- havePostLen = bufDat - reqLen;
- if (havePostLen >= expectedPostLen) {
- postData.len = expectedPostLen;
- break;
- }
- } else {
- /* use legacy hack */
- /* It's a post, so look for the next and final CR/LF. */
- while (reqLen < bufDat && newln < 3) {
- int octet = buf[reqLen++];
- if (octet == '\n') {
- newln++;
- }
- }
- if (newln == 3)
- break;
- }
+ const char *post;
+ const char *foundStr = NULL;
+ const char *tmp = NULL;
+
+ newln = 0;
+ reqLen = 0;
+
+ rv = PR_Read(ssl_sock, pBuf, bufRem - 1);
+ if (rv == 0 ||
+ (rv < 0 && PR_END_OF_FILE_ERROR == PR_GetError())) {
+ if (verbose)
+ errWarn("HDX PR_Read hit EOF");
+ break;
+ }
+ if (rv < 0) {
+ errWarn("HDX PR_Read");
+ goto cleanup;
+ }
+ /* NULL termination */
+ pBuf[rv] = 0;
+ if (firstTime) {
+ firstTime = 0;
+ }
+
+ pBuf += rv;
+ bufRem -= rv;
+ bufDat = pBuf - buf;
+ /* Parse the input, starting at the beginning of the buffer.
+ * Stop when we detect two consecutive \n's (or \r\n's)
+ * as this signifies the end of the GET or POST portion.
+ * The posted data follows.
+ */
+ while (reqLen < bufDat && newln < 2) {
+ int octet = buf[reqLen++];
+ if (octet == '\n') {
+ newln++;
+ } else if (octet != '\r') {
+ newln = 0;
+ }
+ }
+
+ /* came to the end of the buffer, or second newln
+ * If we didn't get an empty line (CRLFCRLF) then keep on reading.
+ */
+ if (newln < 2)
+ continue;
+
+ /* we're at the end of the HTTP request.
+ * If the request is a POST, then there will be one more
+ * line of data.
+ * This parsing is a hack, but ok for SSL test purposes.
+ */
+ post = PORT_Strstr(buf, "POST ");
+ if (!post || *post != 'P')
+ break;
+
+ postData.data = (void *)(buf + reqLen);
+
+ tmp = "content-length: ";
+ foundStr = PL_strcasestr(buf, tmp);
+ if (foundStr) {
+ int expectedPostLen;
+ int havePostLen;
+
+ expectedPostLen = atoi(foundStr + strlen(tmp));
+ havePostLen = bufDat - reqLen;
+ if (havePostLen >= expectedPostLen) {
+ postData.len = expectedPostLen;
+ break;
+ }
+ } else {
+ /* use legacy hack */
+ /* It's a post, so look for the next and final CR/LF. */
+ while (reqLen < bufDat && newln < 3) {
+ int octet = buf[reqLen++];
+ if (octet == '\n') {
+ newln++;
+ }
+ }
+ if (newln == 3)
+ break;
+ }
} /* read loop */
bufDat = pBuf - buf;
- if (bufDat) do { /* just close if no data */
- /* Have either (a) a complete get, (b) a complete post, (c) EOF */
- if (reqLen > 0) {
- PRBool isGetOrPost = PR_FALSE;
- unsigned skipChars = 0;
- isPost = PR_FALSE;
-
- if (!strncmp(buf, getCmd, sizeof getCmd - 1)) {
- isGetOrPost = PR_TRUE;
- skipChars = 4;
- }
- else if (!strncmp(buf, "POST ", 5)) {
- isGetOrPost = PR_TRUE;
- isPost = PR_TRUE;
- skipChars = 5;
- }
-
- if (isGetOrPost) {
- char * fnBegin = buf;
- char * fnEnd;
- char * fnstart = NULL;
- PRFileInfo info;
-
- fnBegin += skipChars;
-
- fnEnd = strpbrk(fnBegin, " \r\n");
- if (fnEnd) {
- int fnLen = fnEnd - fnBegin;
- if (fnLen < sizeof fileName) {
- strncpy(fileName, fnBegin, fnLen);
- fileName[fnLen] = 0; /* null terminate */
- fnstart = fileName;
- /* strip initial / because our root is the current directory*/
- while (*fnstart && *fnstart=='/')
- ++fnstart;
- }
- }
- if (fnstart) {
- if (!strncmp(fnstart, "ocsp", 4)) {
- if (isPost) {
- if (postData.data) {
- isOcspRequest = PR_TRUE;
- }
- } else {
- if (!strncmp(fnstart, "ocsp/", 5)) {
- isOcspRequest = PR_TRUE;
- getData = fnstart + 5;
- }
- }
- } else {
- /* try to open the file named.
- * If successful, then write it to the client.
- */
- status = PR_GetFileInfo(fnstart, &info);
- if (status == PR_SUCCESS &&
- info.type == PR_FILE_FILE &&
- info.size >= 0 ) {
- local_file_fd = PR_Open(fnstart, PR_RDONLY, 0);
- }
- }
- }
- }
- }
-
- numIOVs = 0;
-
- iovs[numIOVs].iov_base = (char *)outHeader;
- iovs[numIOVs].iov_len = (sizeof(outHeader)) - 1;
- numIOVs++;
-
- if (isOcspRequest && caRevoInfos) {
- CERTOCSPRequest *request = NULL;
- PRBool failThisRequest = PR_FALSE;
-
- if (ocspMethodsAllowed == ocspGetOnly && postData.len) {
- failThisRequest = PR_TRUE;
- } else if (ocspMethodsAllowed == ocspPostOnly && getData) {
- failThisRequest = PR_TRUE;
- } else if (ocspMethodsAllowed == ocspRandomGetFailure && getData) {
- if (!(rand() % 2)) {
- failThisRequest = PR_TRUE;
- }
- }
-
- if (failThisRequest) {
- PR_Write(ssl_sock, outBadRequestHeader, strlen(outBadRequestHeader));
- break;
- }
- /* get is base64, post is binary.
- * If we have base64, convert into the (empty) postData array.
- */
- if (getData) {
- if (urldecode_base64chars_inplace(getData) == SECSuccess) {
- NSSBase64_DecodeBuffer(NULL, &postData, getData, strlen(getData));
- }
- }
- if (postData.len) {
- request = CERT_DecodeOCSPRequest(&postData);
- }
- if (!request || !request->tbsRequest ||
- !request->tbsRequest->requestList ||
- !request->tbsRequest->requestList[0]) {
- PORT_Sprintf(msgBuf, "Cannot decode OCSP request.\r\n");
-
- iovs[numIOVs].iov_base = msgBuf;
- iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
- numIOVs++;
- } else {
- /* TODO: support more than one request entry */
- CERTOCSPCertID *reqid = request->tbsRequest->requestList[0]->reqCert;
- const caRevoInfo *revoInfo = NULL;
- PRBool unknown = PR_FALSE;
- PRBool revoked = PR_FALSE;
- PRTime nextUpdate = 0;
- PRTime revoDate = 0;
- PRCList *caRevoIter;
-
- caRevoIter = &caRevoInfos->link;
- do {
- CERTOCSPCertID *caid;
-
- revoInfo = (caRevoInfo*)caRevoIter;
- caid = revoInfo->id;
-
- if (SECOID_CompareAlgorithmID(&reqid->hashAlgorithm,
- &caid->hashAlgorithm) == SECEqual
- &&
- SECITEM_CompareItem(&reqid->issuerNameHash,
- &caid->issuerNameHash) == SECEqual
- &&
- SECITEM_CompareItem(&reqid->issuerKeyHash,
- &caid->issuerKeyHash) == SECEqual) {
- break;
- }
- revoInfo = NULL;
- caRevoIter = PR_NEXT_LINK(caRevoIter);
- } while (caRevoIter != &caRevoInfos->link);
-
- if (!revoInfo) {
- unknown = PR_TRUE;
- revoInfo = caRevoInfos;
- } else {
- CERTCrl *crl = &revoInfo->crl->crl;
- CERTCrlEntry *entry = NULL;
- DER_DecodeTimeChoice(&nextUpdate, &crl->nextUpdate);
- if (crl->entries) {
- int iv = 0;
- /* assign, not compare */
- while ((entry = crl->entries[iv++])) {
- if (SECITEM_CompareItem(&reqid->serialNumber,
- &entry->serialNumber) == SECEqual) {
- break;
- }
- }
- }
- if (entry) {
- /* revoked status response */
- revoked = PR_TRUE;
- DER_DecodeTimeChoice(&revoDate, &entry->revocationDate);
- } else {
- /* else good status response */
- if (!isPost && ocspMethodsAllowed == ocspGetUnknown) {
- unknown = PR_TRUE;
- nextUpdate = PR_Now() + (PRTime)60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/
- revoDate = PR_Now() - (PRTime)60*60*24 * PR_USEC_PER_SEC; /*yesterday*/
- }
- }
- }
-
- {
- PRTime now = PR_Now();
- PLArenaPool *arena = NULL;
- CERTOCSPSingleResponse *sr;
- CERTOCSPSingleResponse **singleResponses;
- SECItem *ocspResponse;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if (unknown) {
- sr = CERT_CreateOCSPSingleResponseUnknown(arena, reqid, now,
- &nextUpdate);
- } else if (revoked) {
- sr = CERT_CreateOCSPSingleResponseRevoked(arena, reqid, now,
- &nextUpdate, revoDate, NULL);
- } else {
- sr = CERT_CreateOCSPSingleResponseGood(arena, reqid, now,
- &nextUpdate);
- }
-
- /* meaning of value 2: one entry + one end marker */
- singleResponses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2);
- singleResponses[0] = sr;
- singleResponses[1] = NULL;
- ocspResponse = CERT_CreateEncodedOCSPSuccessResponse(arena,
- revoInfo->cert, ocspResponderID_byName, now,
- singleResponses, &pwdata);
-
- if (!ocspResponse) {
- PORT_Sprintf(msgBuf, "Failed to encode response\r\n");
- iovs[numIOVs].iov_base = msgBuf;
- iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
- numIOVs++;
- } else {
- PR_Write(ssl_sock, outOcspHeader, strlen(outOcspHeader));
- PR_Write(ssl_sock, ocspResponse->data, ocspResponse->len);
- PORT_FreeArena(arena, PR_FALSE);
- }
- }
- break;
- }
- } else if (local_file_fd) {
- PRInt32 bytes;
- int errLen;
- bytes = PR_TransmitFile(ssl_sock, local_file_fd, outHeader,
- sizeof outHeader - 1,
- PR_TRANSMITFILE_KEEP_OPEN,
- PR_INTERVAL_NO_TIMEOUT);
- if (bytes >= 0) {
- bytes -= sizeof outHeader - 1;
- FPRINTF(stderr,
- "httpserv: PR_TransmitFile wrote %d bytes from %s\n",
- bytes, fileName);
- break;
+ if (bufDat)
+ do { /* just close if no data */
+ /* Have either (a) a complete get, (b) a complete post, (c) EOF */
+ if (reqLen > 0) {
+ PRBool isGetOrPost = PR_FALSE;
+ unsigned skipChars = 0;
+ isPost = PR_FALSE;
+
+ if (!strncmp(buf, getCmd, sizeof getCmd - 1)) {
+ isGetOrPost = PR_TRUE;
+ skipChars = 4;
+ } else if (!strncmp(buf, "POST ", 5)) {
+ isGetOrPost = PR_TRUE;
+ isPost = PR_TRUE;
+ skipChars = 5;
+ }
+
+ if (isGetOrPost) {
+ char *fnBegin = buf;
+ char *fnEnd;
+ char *fnstart = NULL;
+ PRFileInfo info;
+
+ fnBegin += skipChars;
+
+ fnEnd = strpbrk(fnBegin, " \r\n");
+ if (fnEnd) {
+ int fnLen = fnEnd - fnBegin;
+ if (fnLen < sizeof fileName) {
+ strncpy(fileName, fnBegin, fnLen);
+ fileName[fnLen] = 0; /* null terminate */
+ fnstart = fileName;
+ /* strip initial / because our root is the current directory*/
+ while (*fnstart && *fnstart == '/')
+ ++fnstart;
+ }
+ }
+ if (fnstart) {
+ if (!strncmp(fnstart, "ocsp", 4)) {
+ if (isPost) {
+ if (postData.data) {
+ isOcspRequest = PR_TRUE;
+ }
+ } else {
+ if (!strncmp(fnstart, "ocsp/", 5)) {
+ isOcspRequest = PR_TRUE;
+ getData = fnstart + 5;
+ }
+ }
+ } else {
+ /* try to open the file named.
+ * If successful, then write it to the client.
+ */
+ status = PR_GetFileInfo(fnstart, &info);
+ if (status == PR_SUCCESS &&
+ info.type == PR_FILE_FILE &&
+ info.size >= 0) {
+ local_file_fd = PR_Open(fnstart, PR_RDONLY, 0);
+ }
+ }
+ }
+ }
}
- errString = errWarn("PR_TransmitFile");
- errLen = PORT_Strlen(errString);
- errLen = PR_MIN(errLen, sizeof msgBuf - 1);
- PORT_Memcpy(msgBuf, errString, errLen);
- msgBuf[errLen] = 0;
-
- iovs[numIOVs].iov_base = msgBuf;
- iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+
+ numIOVs = 0;
+
+ iovs[numIOVs].iov_base = (char *)outHeader;
+ iovs[numIOVs].iov_len = (sizeof(outHeader)) - 1;
numIOVs++;
- } else if (reqLen <= 0) { /* hit eof */
- PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n",
- bufDat);
-
- iovs[numIOVs].iov_base = msgBuf;
- iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
- numIOVs++;
- } else if (reqLen < bufDat) {
- PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n",
- bufDat - reqLen);
-
- iovs[numIOVs].iov_base = msgBuf;
- iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
- numIOVs++;
- }
-
- if (reqLen > 0) {
- if (verbose > 1)
- fwrite(buf, 1, reqLen, stdout); /* display it */
-
- iovs[numIOVs].iov_base = buf;
- iovs[numIOVs].iov_len = reqLen;
- numIOVs++;
- }
-
- rv = PR_Writev(ssl_sock, iovs, numIOVs, PR_INTERVAL_NO_TIMEOUT);
- if (rv < 0) {
- errWarn("PR_Writev");
- break;
- }
-
- } while (0);
+
+ if (isOcspRequest && caRevoInfos) {
+ CERTOCSPRequest *request = NULL;
+ PRBool failThisRequest = PR_FALSE;
+
+ if (ocspMethodsAllowed == ocspGetOnly && postData.len) {
+ failThisRequest = PR_TRUE;
+ } else if (ocspMethodsAllowed == ocspPostOnly && getData) {
+ failThisRequest = PR_TRUE;
+ } else if (ocspMethodsAllowed == ocspRandomGetFailure && getData) {
+ if (!(rand() % 2)) {
+ failThisRequest = PR_TRUE;
+ }
+ }
+
+ if (failThisRequest) {
+ PR_Write(ssl_sock, outBadRequestHeader, strlen(outBadRequestHeader));
+ break;
+ }
+ /* get is base64, post is binary.
+ * If we have base64, convert into the (empty) postData array.
+ */
+ if (getData) {
+ if (urldecode_base64chars_inplace(getData) == SECSuccess) {
+ NSSBase64_DecodeBuffer(NULL, &postData, getData, strlen(getData));
+ }
+ }
+ if (postData.len) {
+ request = CERT_DecodeOCSPRequest(&postData);
+ }
+ if (!request || !request->tbsRequest ||
+ !request->tbsRequest->requestList ||
+ !request->tbsRequest->requestList[0]) {
+ PORT_Sprintf(msgBuf, "Cannot decode OCSP request.\r\n");
+
+ iovs[numIOVs].iov_base = msgBuf;
+ iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+ numIOVs++;
+ } else {
+ /* TODO: support more than one request entry */
+ CERTOCSPCertID *reqid = request->tbsRequest->requestList[0]->reqCert;
+ const caRevoInfo *revoInfo = NULL;
+ PRBool unknown = PR_FALSE;
+ PRBool revoked = PR_FALSE;
+ PRTime nextUpdate = 0;
+ PRTime revoDate = 0;
+ PRCList *caRevoIter;
+
+ caRevoIter = &caRevoInfos->link;
+ do {
+ CERTOCSPCertID *caid;
+
+ revoInfo = (caRevoInfo *)caRevoIter;
+ caid = revoInfo->id;
+
+ if (SECOID_CompareAlgorithmID(&reqid->hashAlgorithm,
+ &caid->hashAlgorithm) == SECEqual &&
+ SECITEM_CompareItem(&reqid->issuerNameHash,
+ &caid->issuerNameHash) == SECEqual &&
+ SECITEM_CompareItem(&reqid->issuerKeyHash,
+ &caid->issuerKeyHash) == SECEqual) {
+ break;
+ }
+ revoInfo = NULL;
+ caRevoIter = PR_NEXT_LINK(caRevoIter);
+ } while (caRevoIter != &caRevoInfos->link);
+
+ if (!revoInfo) {
+ unknown = PR_TRUE;
+ revoInfo = caRevoInfos;
+ } else {
+ CERTCrl *crl = &revoInfo->crl->crl;
+ CERTCrlEntry *entry = NULL;
+ DER_DecodeTimeChoice(&nextUpdate, &crl->nextUpdate);
+ if (crl->entries) {
+ int iv = 0;
+ /* assign, not compare */
+ while ((entry = crl->entries[iv++])) {
+ if (SECITEM_CompareItem(&reqid->serialNumber,
+ &entry->serialNumber) == SECEqual) {
+ break;
+ }
+ }
+ }
+ if (entry) {
+ /* revoked status response */
+ revoked = PR_TRUE;
+ DER_DecodeTimeChoice(&revoDate, &entry->revocationDate);
+ } else {
+ /* else good status response */
+ if (!isPost && ocspMethodsAllowed == ocspGetUnknown) {
+ unknown = PR_TRUE;
+ nextUpdate = PR_Now() + (PRTime)60 * 60 *
+ 24 * PR_USEC_PER_SEC; /*tomorrow*/
+ revoDate = PR_Now() - (PRTime)60 * 60 *
+ 24 * PR_USEC_PER_SEC; /*yesterday*/
+ }
+ }
+ }
+
+ {
+ PRTime now = PR_Now();
+ PLArenaPool *arena = NULL;
+ CERTOCSPSingleResponse *sr;
+ CERTOCSPSingleResponse **singleResponses;
+ SECItem *ocspResponse;
+
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+ if (unknown) {
+ sr = CERT_CreateOCSPSingleResponseUnknown(arena, reqid, now,
+ &nextUpdate);
+ } else if (revoked) {
+ sr = CERT_CreateOCSPSingleResponseRevoked(arena, reqid, now,
+ &nextUpdate, revoDate, NULL);
+ } else {
+ sr = CERT_CreateOCSPSingleResponseGood(arena, reqid, now,
+ &nextUpdate);
+ }
+
+ /* meaning of value 2: one entry + one end marker */
+ singleResponses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
+ singleResponses[0] = sr;
+ singleResponses[1] = NULL;
+ ocspResponse = CERT_CreateEncodedOCSPSuccessResponse(arena,
+ revoInfo->cert, ocspResponderID_byName, now,
+ singleResponses, &pwdata);
+
+ if (!ocspResponse) {
+ PORT_Sprintf(msgBuf, "Failed to encode response\r\n");
+ iovs[numIOVs].iov_base = msgBuf;
+ iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+ numIOVs++;
+ } else {
+ PR_Write(ssl_sock, outOcspHeader, strlen(outOcspHeader));
+ PR_Write(ssl_sock, ocspResponse->data, ocspResponse->len);
+ PORT_FreeArena(arena, PR_FALSE);
+ }
+ }
+ break;
+ }
+ } else if (local_file_fd) {
+ PRInt32 bytes;
+ int errLen;
+ bytes = PR_TransmitFile(ssl_sock, local_file_fd, outHeader,
+ sizeof outHeader - 1,
+ PR_TRANSMITFILE_KEEP_OPEN,
+ PR_INTERVAL_NO_TIMEOUT);
+ if (bytes >= 0) {
+ bytes -= sizeof outHeader - 1;
+ FPRINTF(stderr,
+ "httpserv: PR_TransmitFile wrote %d bytes from %s\n",
+ bytes, fileName);
+ break;
+ }
+ errString = errWarn("PR_TransmitFile");
+ errLen = PORT_Strlen(errString);
+ errLen = PR_MIN(errLen, sizeof msgBuf - 1);
+ PORT_Memcpy(msgBuf, errString, errLen);
+ msgBuf[errLen] = 0;
+
+ iovs[numIOVs].iov_base = msgBuf;
+ iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+ numIOVs++;
+ } else if (reqLen <= 0) { /* hit eof */
+ PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n",
+ bufDat);
+
+ iovs[numIOVs].iov_base = msgBuf;
+ iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+ numIOVs++;
+ } else if (reqLen < bufDat) {
+ PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n",
+ bufDat - reqLen);
+
+ iovs[numIOVs].iov_base = msgBuf;
+ iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+ numIOVs++;
+ }
+
+ if (reqLen > 0) {
+ if (verbose > 1)
+ fwrite(buf, 1, reqLen, stdout); /* display it */
+
+ iovs[numIOVs].iov_base = buf;
+ iovs[numIOVs].iov_len = reqLen;
+ numIOVs++;
+ }
+
+ rv = PR_Writev(ssl_sock, iovs, numIOVs, PR_INTERVAL_NO_TIMEOUT);
+ if (rv < 0) {
+ errWarn("PR_Writev");
+ break;
+ }
+
+ } while (0);
cleanup:
if (ssl_sock) {
@@ -821,7 +840,7 @@ cleanup:
PR_Close(tcp_sock);
}
if (local_file_fd)
- PR_Close(local_file_fd);
+ PR_Close(local_file_fd);
VLOG(("httpserv: handle_connection: exiting\n"));
/* do a nice shutdown if asked. */
@@ -830,12 +849,13 @@ cleanup:
stop_server();
}
VLOG(("httpserv: handle_connection: exiting"));
- return SECSuccess; /* success */
+ return SECSuccess; /* success */
}
#ifdef XP_UNIX
-void sigusr1_handler(int sig)
+void
+sigusr1_handler(int sig)
{
VLOG(("httpserv: sigusr1_handler: stop server"));
stop_server();
@@ -847,17 +867,16 @@ SECStatus
do_accepts(
PRFileDesc *listen_sock,
PRFileDesc *model_sock,
- int requestCert
- )
+ int requestCert)
{
- PRNetAddr addr;
- PRErrorCode perr;
+ PRNetAddr addr;
+ PRErrorCode perr;
#ifdef XP_UNIX
struct sigaction act;
#endif
VLOG(("httpserv: do_accepts: starting"));
- PR_SetThreadPriority( PR_GetCurrentThread(), PR_PRIORITY_HIGH);
+ PR_SetThreadPriority(PR_GetCurrentThread(), PR_PRIORITY_HIGH);
acceptorThread = PR_GetCurrentThread();
#ifdef XP_UNIX
@@ -871,54 +890,55 @@ do_accepts(
}
#endif
while (!stopping) {
- PRFileDesc *tcp_sock;
- PRCList *myLink;
-
- FPRINTF(stderr, "\n\n\nhttpserv: About to call accept.\n");
- tcp_sock = PR_Accept(listen_sock, &addr, PR_INTERVAL_NO_TIMEOUT);
- if (tcp_sock == NULL) {
- perr = PR_GetError();
- if ((perr != PR_CONNECT_RESET_ERROR &&
- perr != PR_PENDING_INTERRUPT_ERROR) || verbose) {
- errWarn("PR_Accept");
- }
- if (perr == PR_CONNECT_RESET_ERROR) {
- FPRINTF(stderr,
- "Ignoring PR_CONNECT_RESET_ERROR error - continue\n");
- continue;
- }
- stopping = 1;
- break;
- }
+ PRFileDesc *tcp_sock;
+ PRCList *myLink;
+
+ FPRINTF(stderr, "\n\n\nhttpserv: About to call accept.\n");
+ tcp_sock = PR_Accept(listen_sock, &addr, PR_INTERVAL_NO_TIMEOUT);
+ if (tcp_sock == NULL) {
+ perr = PR_GetError();
+ if ((perr != PR_CONNECT_RESET_ERROR &&
+ perr != PR_PENDING_INTERRUPT_ERROR) ||
+ verbose) {
+ errWarn("PR_Accept");
+ }
+ if (perr == PR_CONNECT_RESET_ERROR) {
+ FPRINTF(stderr,
+ "Ignoring PR_CONNECT_RESET_ERROR error - continue\n");
+ continue;
+ }
+ stopping = 1;
+ break;
+ }
VLOG(("httpserv: do_accept: Got connection\n"));
- PZ_Lock(qLock);
- while (PR_CLIST_IS_EMPTY(&freeJobs) && !stopping) {
+ PZ_Lock(qLock);
+ while (PR_CLIST_IS_EMPTY(&freeJobs) && !stopping) {
PZ_WaitCondVar(freeListNotEmptyCv, PR_INTERVAL_NO_TIMEOUT);
- }
- if (stopping) {
- PZ_Unlock(qLock);
+ }
+ if (stopping) {
+ PZ_Unlock(qLock);
if (tcp_sock) {
- PR_Close(tcp_sock);
+ PR_Close(tcp_sock);
}
- break;
- }
- myLink = PR_LIST_HEAD(&freeJobs);
- PR_REMOVE_AND_INIT_LINK(myLink);
- /* could release qLock here and reaquire it 7 lines below, but
- ** why bother for 4 assignment statements?
- */
- {
- JOB * myJob = (JOB *)myLink;
- myJob->tcp_sock = tcp_sock;
- myJob->model_sock = model_sock;
- myJob->requestCert = requestCert;
- }
-
- PR_APPEND_LINK(myLink, &jobQ);
- PZ_NotifyCondVar(jobQNotEmptyCv);
- PZ_Unlock(qLock);
+ break;
+ }
+ myLink = PR_LIST_HEAD(&freeJobs);
+ PR_REMOVE_AND_INIT_LINK(myLink);
+ /* could release qLock here and reaquire it 7 lines below, but
+ ** why bother for 4 assignment statements?
+ */
+ {
+ JOB *myJob = (JOB *)myLink;
+ myJob->tcp_sock = tcp_sock;
+ myJob->model_sock = model_sock;
+ myJob->requestCert = requestCert;
+ }
+
+ PR_APPEND_LINK(myLink, &jobQ);
+ PZ_NotifyCondVar(jobQNotEmptyCv);
+ PZ_Unlock(qLock);
}
FPRINTF(stderr, "httpserv: Closing listen socket.\n");
@@ -932,19 +952,19 @@ do_accepts(
PRFileDesc *
getBoundListenSocket(unsigned short port)
{
- PRFileDesc * listen_sock;
- int listenQueueDepth = 5 + (2 * maxThreads);
- PRStatus prStatus;
- PRNetAddr addr;
+ PRFileDesc *listen_sock;
+ int listenQueueDepth = 5 + (2 * maxThreads);
+ PRStatus prStatus;
+ PRNetAddr addr;
PRSocketOptionData opt;
addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
+ addr.inet.ip = PR_INADDR_ANY;
+ addr.inet.port = PR_htons(port);
listen_sock = PR_NewTCPSocket();
if (listen_sock == NULL) {
- errExit("PR_NewTCPSocket");
+ errExit("PR_NewTCPSocket");
}
opt.option = PR_SockOpt_Nonblocking;
@@ -952,15 +972,15 @@ getBoundListenSocket(unsigned short port)
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
- errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
+ errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
}
- opt.option=PR_SockOpt_Reuseaddr;
+ opt.option = PR_SockOpt_Reuseaddr;
opt.value.reuse_addr = PR_TRUE;
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
- errExit("PR_SetSocketOption(PR_SockOpt_Reuseaddr)");
+ errExit("PR_SetSocketOption(PR_SockOpt_Reuseaddr)");
}
#ifndef WIN95
@@ -969,7 +989,7 @@ getBoundListenSocket(unsigned short port)
* Don't do it in the WIN95 build configuration because clean shutdown is
* not implemented, and PR_SockOpt_Linger causes a hang in ssl.sh .
* See bug 332348 */
- opt.option=PR_SockOpt_Linger;
+ opt.option = PR_SockOpt_Linger;
opt.value.linger.polarity = PR_TRUE;
opt.value.linger.linger = PR_SecondsToInterval(1);
prStatus = PR_SetSocketOption(listen_sock, &opt);
@@ -982,51 +1002,50 @@ getBoundListenSocket(unsigned short port)
prStatus = PR_Bind(listen_sock, &addr);
if (prStatus < 0) {
PR_Close(listen_sock);
- errExit("PR_Bind");
+ errExit("PR_Bind");
}
prStatus = PR_Listen(listen_sock, listenQueueDepth);
if (prStatus < 0) {
PR_Close(listen_sock);
- errExit("PR_Listen");
+ errExit("PR_Listen");
}
return listen_sock;
}
void
server_main(
- PRFileDesc * listen_sock,
- int requestCert,
- SECKEYPrivateKey ** privKey,
- CERTCertificate ** cert,
+ PRFileDesc *listen_sock,
+ int requestCert,
+ SECKEYPrivateKey **privKey,
+ CERTCertificate **cert,
const char *expectedHostNameVal)
{
- PRFileDesc *model_sock = NULL;
+ PRFileDesc *model_sock = NULL;
/* Now, do the accepting, here in the main thread. */
do_accepts(listen_sock, model_sock, requestCert);
terminateWorkerThreads();
- if (model_sock) {
- PR_Close(model_sock);
- }
-
+ if (model_sock) {
+ PR_Close(model_sock);
+ }
}
-int numChildren;
-PRProcess * child[MAX_PROCS];
+int numChildren;
+PRProcess *child[MAX_PROCS];
PRProcess *
-haveAChild(int argc, char **argv, PRProcessAttr * attr)
+haveAChild(int argc, char **argv, PRProcessAttr *attr)
{
- PRProcess * newProcess;
+ PRProcess *newProcess;
newProcess = PR_CreateProcess(argv[0], argv, NULL, attr);
if (!newProcess) {
- errWarn("Can't create new process.");
+ errWarn("Can't create new process.");
} else {
- child[numChildren++] = newProcess;
+ child[numChildren++] = newProcess;
}
return newProcess;
}
@@ -1043,13 +1062,13 @@ ocsp_CreateSelfCAID(PLArenaPool *arena, CERTCertificate *cert, PRTime time)
certID = PORT_ArenaZNew(arena, CERTOCSPCertID);
if (certID == NULL) {
- goto loser;
+ goto loser;
}
rv = SECOID_SetAlgorithmID(arena, &certID->hashAlgorithm, SEC_OID_SHA1,
- NULL);
+ NULL);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
if (CERT_GetSubjectNameDigest(arena, cert, SEC_OID_SHA1,
@@ -1070,19 +1089,19 @@ ocsp_CreateSelfCAID(PLArenaPool *arena, CERTCertificate *cert, PRTime time)
}
if (CERT_GetSubjectPublicKeyDigest(arena, cert, SEC_OID_SHA1,
- &certID->issuerKeyHash) == NULL) {
- goto loser;
+ &certID->issuerKeyHash) == NULL) {
+ goto loser;
}
certID->issuerSHA1KeyHash.data = certID->issuerKeyHash.data;
certID->issuerSHA1KeyHash.len = certID->issuerKeyHash.len;
/* cache the other two hash algorithms as well */
if (CERT_GetSubjectPublicKeyDigest(arena, cert, SEC_OID_MD5,
- &certID->issuerMD5KeyHash) == NULL) {
- goto loser;
+ &certID->issuerMD5KeyHash) == NULL) {
+ goto loser;
}
if (CERT_GetSubjectPublicKeyDigest(arena, cert, SEC_OID_MD2,
- &certID->issuerMD2KeyHash) == NULL) {
- goto loser;
+ &certID->issuerMD2KeyHash) == NULL) {
+ goto loser;
}
PORT_ArenaUnmark(arena, mark);
@@ -1094,19 +1113,19 @@ loser:
}
/* slightly adjusted version of CERT_CreateOCSPCertID */
-CERTOCSPCertID*
+CERTOCSPCertID *
cert_CreateSelfCAID(CERTCertificate *cert, PRTime time)
{
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
CERTOCSPCertID *certID;
PORT_Assert(arena != NULL);
if (!arena)
- return NULL;
-
+ return NULL;
+
certID = ocsp_CreateSelfCAID(arena, cert, time);
if (!certID) {
- PORT_FreeArena(arena, PR_FALSE);
- return NULL;
+ PORT_FreeArena(arena, PR_FALSE);
+ return NULL;
}
certID->poolp = arena;
return certID;
@@ -1115,129 +1134,155 @@ cert_CreateSelfCAID(CERTCertificate *cert, PRTime time)
int
main(int argc, char **argv)
{
- char * progName = NULL;
- const char * dir = ".";
- char * passwd = NULL;
- char * pwfile = NULL;
- const char * pidFile = NULL;
- char * tmp;
- PRFileDesc * listen_sock;
- int optionsFound = 0;
- unsigned short port = 0;
- SECStatus rv;
- PRStatus prStatus;
- PRBool bindOnly = PR_FALSE;
- PRBool useLocalThreads = PR_FALSE;
- PLOptState *optstate;
- PLOptStatus status;
- char emptyString[] = { "" };
- char* certPrefix = emptyString;
- caRevoInfo *revoInfo = NULL;
- PRCList *caRevoIter = NULL;
- PRBool provideOcsp = PR_FALSE;
+ char *progName = NULL;
+ const char *dir = ".";
+ char *passwd = NULL;
+ char *pwfile = NULL;
+ const char *pidFile = NULL;
+ char *tmp;
+ PRFileDesc *listen_sock;
+ int optionsFound = 0;
+ unsigned short port = 0;
+ SECStatus rv;
+ PRStatus prStatus;
+ PRBool bindOnly = PR_FALSE;
+ PRBool useLocalThreads = PR_FALSE;
+ PLOptState *optstate;
+ PLOptStatus status;
+ char emptyString[] = { "" };
+ char *certPrefix = emptyString;
+ caRevoInfo *revoInfo = NULL;
+ PRCList *caRevoIter = NULL;
+ PRBool provideOcsp = PR_FALSE;
tmp = strrchr(argv[0], '/');
tmp = tmp ? tmp + 1 : argv[0];
progName = strrchr(tmp, '\\');
progName = progName ? progName + 1 : tmp;
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
/* please keep this list of options in ASCII collating sequence.
- ** numbers, then capital letters, then lower case, alphabetical.
+ ** numbers, then capital letters, then lower case, alphabetical.
*/
- optstate = PL_CreateOptState(argc, argv,
- "A:C:DO:P:bd:f:hi:p:t:vw:");
+ optstate = PL_CreateOptState(argc, argv,
+ "A:C:DO:P:bd:f:hi:p:t:vw:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- ++optionsFound;
- switch(optstate->option) {
- /* A first, must be followed by C. Any other order is an error.
- * A creates the object. C completes and moves into list.
- */
- case 'A':
- provideOcsp = PR_TRUE;
- if (revoInfo) { Usage(progName); exit(0); }
- revoInfo = PORT_New(caRevoInfo);
- revoInfo->nickname = PORT_Strdup(optstate->value);
- break;
- case 'C':
- if (!revoInfo) { Usage(progName); exit(0); }
- revoInfo->crlFilename = PORT_Strdup(optstate->value);
- if (!caRevoInfos) {
- PR_INIT_CLIST(&revoInfo->link);
- caRevoInfos = revoInfo;
- } else {
- PR_APPEND_LINK(&revoInfo->link, &caRevoInfos->link);
- }
- revoInfo = NULL;
- break;
-
- case 'O':
- if (!PL_strcasecmp(optstate->value, "all")) {
- ocspMethodsAllowed = ocspGetAndPost;
- } else if (!PL_strcasecmp(optstate->value, "get")) {
- ocspMethodsAllowed = ocspGetOnly;
- } else if (!PL_strcasecmp(optstate->value, "post")) {
- ocspMethodsAllowed = ocspPostOnly;
- } else if (!PL_strcasecmp(optstate->value, "random")) {
- ocspMethodsAllowed = ocspRandomGetFailure;
- } else if (!PL_strcasecmp(optstate->value, "get-unknown")) {
- ocspMethodsAllowed = ocspGetUnknown;
- } else {
- Usage(progName); exit(0);
- }
- break;
-
- case 'D': noDelay = PR_TRUE; break;
-
- case 'P': certPrefix = PORT_Strdup(optstate->value); break;
-
- case 'b': bindOnly = PR_TRUE; break;
-
- case 'd': dir = optstate->value; break;
-
- case 'f':
- pwdata.source = PW_FROMFILE;
- pwdata.data = pwfile = PORT_Strdup(optstate->value);
- break;
+ ++optionsFound;
+ switch (optstate->option) {
+ /* A first, must be followed by C. Any other order is an error.
+ * A creates the object. C completes and moves into list.
+ */
+ case 'A':
+ provideOcsp = PR_TRUE;
+ if (revoInfo) {
+ Usage(progName);
+ exit(0);
+ }
+ revoInfo = PORT_New(caRevoInfo);
+ revoInfo->nickname = PORT_Strdup(optstate->value);
+ break;
+ case 'C':
+ if (!revoInfo) {
+ Usage(progName);
+ exit(0);
+ }
+ revoInfo->crlFilename = PORT_Strdup(optstate->value);
+ if (!caRevoInfos) {
+ PR_INIT_CLIST(&revoInfo->link);
+ caRevoInfos = revoInfo;
+ } else {
+ PR_APPEND_LINK(&revoInfo->link, &caRevoInfos->link);
+ }
+ revoInfo = NULL;
+ break;
+
+ case 'O':
+ if (!PL_strcasecmp(optstate->value, "all")) {
+ ocspMethodsAllowed = ocspGetAndPost;
+ } else if (!PL_strcasecmp(optstate->value, "get")) {
+ ocspMethodsAllowed = ocspGetOnly;
+ } else if (!PL_strcasecmp(optstate->value, "post")) {
+ ocspMethodsAllowed = ocspPostOnly;
+ } else if (!PL_strcasecmp(optstate->value, "random")) {
+ ocspMethodsAllowed = ocspRandomGetFailure;
+ } else if (!PL_strcasecmp(optstate->value, "get-unknown")) {
+ ocspMethodsAllowed = ocspGetUnknown;
+ } else {
+ Usage(progName);
+ exit(0);
+ }
+ break;
+
+ case 'D':
+ noDelay = PR_TRUE;
+ break;
- case 'h': Usage(progName); exit(0); break;
+ case 'P':
+ certPrefix = PORT_Strdup(optstate->value);
+ break;
- case 'i': pidFile = optstate->value; break;
+ case 'b':
+ bindOnly = PR_TRUE;
+ break;
- case 'p': port = PORT_Atoi(optstate->value); break;
+ case 'd':
+ dir = optstate->value;
+ break;
- case 't':
- maxThreads = PORT_Atoi(optstate->value);
- if ( maxThreads > MAX_THREADS ) maxThreads = MAX_THREADS;
- if ( maxThreads < MIN_THREADS ) maxThreads = MIN_THREADS;
- break;
+ case 'f':
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = pwfile = PORT_Strdup(optstate->value);
+ break;
- case 'v': verbose++; break;
+ case 'h':
+ Usage(progName);
+ exit(0);
+ break;
- case 'w':
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = passwd = PORT_Strdup(optstate->value);
- break;
+ case 'i':
+ pidFile = optstate->value;
+ break;
+
+ case 'p':
+ port = PORT_Atoi(optstate->value);
+ break;
+
+ case 't':
+ maxThreads = PORT_Atoi(optstate->value);
+ if (maxThreads > MAX_THREADS)
+ maxThreads = MAX_THREADS;
+ if (maxThreads < MIN_THREADS)
+ maxThreads = MIN_THREADS;
+ break;
+
+ case 'v':
+ verbose++;
+ break;
- default:
- case '?':
- fprintf(stderr, "Unrecognized or bad option specified.\n");
- fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
- exit(4);
- break;
- }
+ case 'w':
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = passwd = PORT_Strdup(optstate->value);
+ break;
+
+ default:
+ case '?':
+ fprintf(stderr, "Unrecognized or bad option specified.\n");
+ fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+ exit(4);
+ break;
+ }
}
PL_DestroyOptState(optstate);
if (status == PL_OPT_BAD) {
- fprintf(stderr, "Unrecognized or bad option specified.\n");
- fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
- exit(5);
+ fprintf(stderr, "Unrecognized or bad option specified.\n");
+ fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+ exit(5);
}
if (!optionsFound) {
- Usage(progName);
- exit(51);
- }
+ Usage(progName);
+ exit(51);
+ }
/* The -b (bindOnly) option is only used by the ssl.sh test
* script on Linux to determine whether a previous httpserv
@@ -1255,24 +1300,24 @@ main(int argc, char **argv)
}
if (port == 0) {
- fprintf(stderr, "Required argument 'port' must be non-zero value\n");
- exit(7);
+ fprintf(stderr, "Required argument 'port' must be non-zero value\n");
+ exit(7);
}
if (pidFile) {
- FILE *tmpfile=fopen(pidFile,"w+");
+ FILE *tmpfile = fopen(pidFile, "w+");
- if (tmpfile) {
- fprintf(tmpfile,"%d",getpid());
- fclose(tmpfile);
- }
+ if (tmpfile) {
+ fprintf(tmpfile, "%d", getpid());
+ fclose(tmpfile);
+ }
}
tmp = PR_GetEnvSecure("TMP");
if (!tmp)
- tmp = PR_GetEnvSecure("TMPDIR");
+ tmp = PR_GetEnvSecure("TMPDIR");
if (!tmp)
- tmp = PR_GetEnvSecure("TEMP");
+ tmp = PR_GetEnvSecure("TEMP");
/* we're an ordinary single process server. */
listen_sock = getBoundListenSocket(port);
prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
@@ -1285,97 +1330,96 @@ main(int argc, char **argv)
PK11_SetPasswordFunc(SECU_GetModulePassword);
if (provideOcsp) {
- /* Call the NSS initialization routines */
- rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
- if (rv != SECSuccess) {
- fputs("NSS_Init failed.\n", stderr);
- exit(8);
- }
-
- if (caRevoInfos) {
- caRevoIter = &caRevoInfos->link;
- do {
- PRFileDesc *inFile;
- int rv = SECFailure;
- SECItem crlDER;
- crlDER.data = NULL;
-
- revoInfo = (caRevoInfo*)caRevoIter;
- revoInfo->cert = CERT_FindCertByNickname(
- CERT_GetDefaultCertDB(), revoInfo->nickname);
- if (!revoInfo->cert) {
- fprintf(stderr, "cannot find cert with nickname %s\n",
- revoInfo->nickname);
- exit(1);
- }
- inFile = PR_Open(revoInfo->crlFilename, PR_RDONLY, 0);
- if (inFile) {
- rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
- PR_Close(inFile);
- inFile = NULL;
- }
- if (rv != SECSuccess) {
- fprintf(stderr, "unable to read crl file %s\n",
- revoInfo->crlFilename);
- exit(1);
- }
- revoInfo->crl =
- CERT_DecodeDERCrlWithFlags(NULL, &crlDER, SEC_CRL_TYPE,
- CRL_DECODE_DEFAULT_OPTIONS);
- if (!revoInfo->crl) {
- fprintf(stderr, "unable to decode crl file %s\n",
- revoInfo->crlFilename);
- exit(1);
- }
- if (CERT_CompareName(&revoInfo->crl->crl.name,
- &revoInfo->cert->subject) != SECEqual) {
- fprintf(stderr, "CRL %s doesn't match cert identified by preceding nickname %s\n",
- revoInfo->crlFilename, revoInfo->nickname);
- exit(1);
- }
- revoInfo->id = cert_CreateSelfCAID(revoInfo->cert, PR_Now());
- caRevoIter = PR_NEXT_LINK(caRevoIter);
- } while (caRevoIter != &caRevoInfos->link);
- }
+ /* Call the NSS initialization routines */
+ rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
+ if (rv != SECSuccess) {
+ fputs("NSS_Init failed.\n", stderr);
+ exit(8);
+ }
+
+ if (caRevoInfos) {
+ caRevoIter = &caRevoInfos->link;
+ do {
+ PRFileDesc *inFile;
+ int rv = SECFailure;
+ SECItem crlDER;
+ crlDER.data = NULL;
+
+ revoInfo = (caRevoInfo *)caRevoIter;
+ revoInfo->cert = CERT_FindCertByNickname(
+ CERT_GetDefaultCertDB(), revoInfo->nickname);
+ if (!revoInfo->cert) {
+ fprintf(stderr, "cannot find cert with nickname %s\n",
+ revoInfo->nickname);
+ exit(1);
+ }
+ inFile = PR_Open(revoInfo->crlFilename, PR_RDONLY, 0);
+ if (inFile) {
+ rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
+ PR_Close(inFile);
+ inFile = NULL;
+ }
+ if (rv != SECSuccess) {
+ fprintf(stderr, "unable to read crl file %s\n",
+ revoInfo->crlFilename);
+ exit(1);
+ }
+ revoInfo->crl =
+ CERT_DecodeDERCrlWithFlags(NULL, &crlDER, SEC_CRL_TYPE,
+ CRL_DECODE_DEFAULT_OPTIONS);
+ if (!revoInfo->crl) {
+ fprintf(stderr, "unable to decode crl file %s\n",
+ revoInfo->crlFilename);
+ exit(1);
+ }
+ if (CERT_CompareName(&revoInfo->crl->crl.name,
+ &revoInfo->cert->subject) != SECEqual) {
+ fprintf(stderr, "CRL %s doesn't match cert identified by preceding nickname %s\n",
+ revoInfo->crlFilename, revoInfo->nickname);
+ exit(1);
+ }
+ revoInfo->id = cert_CreateSelfCAID(revoInfo->cert, PR_Now());
+ caRevoIter = PR_NEXT_LINK(caRevoIter);
+ } while (caRevoIter != &caRevoInfos->link);
+ }
}
-/* allocate the array of thread slots, and launch the worker threads. */
+ /* allocate the array of thread slots, and launch the worker threads. */
rv = launch_threads(&jobLoop, 0, 0, 0, useLocalThreads);
if (rv == SECSuccess) {
- server_main(listen_sock, 0, 0, 0,
+ server_main(listen_sock, 0, 0, 0,
0);
}
VLOG(("httpserv: server_thread: exiting"));
if (provideOcsp) {
- if (caRevoInfos) {
- PRCList *caRevoIter;
-
- caRevoIter = &caRevoInfos->link;
- do {
- caRevoInfo *revoInfo = (caRevoInfo*)caRevoIter;
- if (revoInfo->nickname)
- PORT_Free(revoInfo->nickname);
- if (revoInfo->crlFilename)
- PORT_Free(revoInfo->crlFilename);
- if (revoInfo->cert)
- CERT_DestroyCertificate(revoInfo->cert);
- if (revoInfo->id)
- CERT_DestroyOCSPCertID(revoInfo->id);
- if (revoInfo->crl)
- SEC_DestroyCrl(revoInfo->crl);
-
- caRevoIter = PR_NEXT_LINK(caRevoIter);
- } while (caRevoIter != &caRevoInfos->link);
-
- }
- if (NSS_Shutdown() != SECSuccess) {
- SECU_PrintError(progName, "NSS_Shutdown");
- PR_Cleanup();
- exit(1);
- }
+ if (caRevoInfos) {
+ PRCList *caRevoIter;
+
+ caRevoIter = &caRevoInfos->link;
+ do {
+ caRevoInfo *revoInfo = (caRevoInfo *)caRevoIter;
+ if (revoInfo->nickname)
+ PORT_Free(revoInfo->nickname);
+ if (revoInfo->crlFilename)
+ PORT_Free(revoInfo->crlFilename);
+ if (revoInfo->cert)
+ CERT_DestroyCertificate(revoInfo->cert);
+ if (revoInfo->id)
+ CERT_DestroyOCSPCertID(revoInfo->id);
+ if (revoInfo->crl)
+ SEC_DestroyCrl(revoInfo->crl);
+
+ caRevoIter = PR_NEXT_LINK(caRevoIter);
+ } while (caRevoIter != &caRevoInfos->link);
+ }
+ if (NSS_Shutdown() != SECSuccess) {
+ SECU_PrintError(progName, "NSS_Shutdown");
+ PR_Cleanup();
+ exit(1);
+ }
}
if (passwd) {
PORT_Free(passwd);
@@ -1390,4 +1434,3 @@ main(int argc, char **argv)
printf("httpserv: normal termination\n");
return 0;
}
-
diff --git a/cmd/lib/basicutil.c b/cmd/lib/basicutil.c
index 77b70b1e6..c9afbd0a5 100644
--- a/cmd/lib/basicutil.c
+++ b/cmd/lib/basicutil.c
@@ -42,13 +42,13 @@ SECU_GetWrapEnabled(void)
return wrapEnabled;
}
-void
+void
SECU_PrintErrMsg(FILE *out, int level, const char *progName, const char *msg,
...)
{
va_list args;
PRErrorCode err = PORT_GetError();
- const char * errString = PORT_ErrorToString(err);
+ const char *errString = PORT_ErrorToString(err);
va_start(args, msg);
@@ -56,20 +56,20 @@ SECU_PrintErrMsg(FILE *out, int level, const char *progName, const char *msg,
fprintf(out, "%s: ", progName);
vfprintf(out, msg, args);
if (errString != NULL && PORT_Strlen(errString) > 0)
- fprintf(out, ": %s\n", errString);
+ fprintf(out, ": %s\n", errString);
else
- fprintf(out, ": error %d\n", (int)err);
+ fprintf(out, ": error %d\n", (int)err);
va_end(args);
}
-void
+void
SECU_PrintError(const char *progName, const char *msg, ...)
{
va_list args;
PRErrorCode err = PORT_GetError();
- const char * errName = PR_ErrorToName(err);
- const char * errString = PR_ErrorToString(err, 0);
+ const char *errName = PR_ErrorToName(err);
+ const char *errString = PR_ErrorToString(err, 0);
va_start(args, msg);
@@ -77,13 +77,13 @@ SECU_PrintError(const char *progName, const char *msg, ...)
vfprintf(stderr, msg, args);
if (errName != NULL) {
- fprintf(stderr, ": %s", errName);
+ fprintf(stderr, ": %s", errName);
} else {
- fprintf(stderr, ": error %d", (int)err);
+ fprintf(stderr, ": error %d", (int)err);
}
if (errString != NULL && PORT_Strlen(errString) > 0)
- fprintf(stderr, ": %s\n", errString);
+ fprintf(stderr, ": %s\n", errString);
va_end(args);
}
@@ -111,29 +111,29 @@ secu_StdinToItem(SECItem *dst)
dst->data = NULL;
while (notDone) {
- numBytes = PR_Read(PR_STDIN, buf, sizeof(buf));
-
- if (numBytes < 0) {
- return SECFailure;
- }
-
- if (numBytes == 0)
- break;
-
- if (dst->data) {
- unsigned char * p = dst->data;
- dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes);
- if (!dst->data) {
- PORT_Free(p);
- }
- } else {
- dst->data = (unsigned char*)PORT_Alloc(numBytes);
- }
- if (!dst->data) {
- return SECFailure;
- }
- PORT_Memcpy(dst->data + dst->len, buf, numBytes);
- dst->len += numBytes;
+ numBytes = PR_Read(PR_STDIN, buf, sizeof(buf));
+
+ if (numBytes < 0) {
+ return SECFailure;
+ }
+
+ if (numBytes == 0)
+ break;
+
+ if (dst->data) {
+ unsigned char *p = dst->data;
+ dst->data = (unsigned char *)PORT_Realloc(p, dst->len + numBytes);
+ if (!dst->data) {
+ PORT_Free(p);
+ }
+ } else {
+ dst->data = (unsigned char *)PORT_Alloc(numBytes);
+ }
+ if (!dst->data) {
+ return SECFailure;
+ }
+ PORT_Memcpy(dst->data + dst->len, buf, numBytes);
+ dst->len += numBytes;
}
return SECSuccess;
@@ -147,24 +147,24 @@ SECU_FileToItem(SECItem *dst, PRFileDesc *src)
PRStatus prStatus;
if (src == PR_STDIN)
- return secu_StdinToItem(dst);
+ return secu_StdinToItem(dst);
prStatus = PR_GetOpenFileInfo(src, &info);
if (prStatus != PR_SUCCESS) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_IO);
+ return SECFailure;
}
/* XXX workaround for 3.1, not all utils zero dst before sending */
dst->data = 0;
if (!SECITEM_AllocItem(NULL, dst, info.size))
- goto loser;
+ goto loser;
numBytes = PR_Read(src, dst->data, info.size);
if (numBytes != info.size) {
- PORT_SetError(SEC_ERROR_IO);
- goto loser;
+ PORT_SetError(SEC_ERROR_IO);
+ goto loser;
}
return SECSuccess;
@@ -183,34 +183,36 @@ SECU_TextFileToItem(SECItem *dst, PRFileDesc *src)
unsigned char *buf;
if (src == PR_STDIN)
- return secu_StdinToItem(dst);
+ return secu_StdinToItem(dst);
prStatus = PR_GetOpenFileInfo(src, &info);
if (prStatus != PR_SUCCESS) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_IO);
+ return SECFailure;
}
- buf = (unsigned char*)PORT_Alloc(info.size);
+ buf = (unsigned char *)PORT_Alloc(info.size);
if (!buf)
- return SECFailure;
+ return SECFailure;
numBytes = PR_Read(src, buf, info.size);
if (numBytes != info.size) {
- PORT_SetError(SEC_ERROR_IO);
- goto loser;
+ PORT_SetError(SEC_ERROR_IO);
+ goto loser;
}
- if (buf[numBytes-1] == '\n') numBytes--;
+ if (buf[numBytes - 1] == '\n')
+ numBytes--;
#ifdef _WINDOWS
- if (buf[numBytes-1] == '\r') numBytes--;
+ if (buf[numBytes - 1] == '\r')
+ numBytes--;
#endif
/* XXX workaround for 3.1, not all utils zero dst before sending */
dst->data = 0;
if (!SECITEM_AllocItem(NULL, dst, numBytes))
- goto loser;
+ goto loser;
memcpy(dst->data, buf, numBytes);
@@ -221,18 +223,19 @@ loser:
return SECFailure;
}
-#define INDENT_MULT 4
+#define INDENT_MULT 4
void
SECU_Indent(FILE *out, int level)
{
int i;
for (i = 0; i < level; i++) {
- fprintf(out, " ");
+ fprintf(out, " ");
}
}
-void SECU_Newline(FILE *out)
+void
+SECU_Newline(FILE *out)
{
fprintf(out, "\n");
}
@@ -242,35 +245,37 @@ SECU_PrintAsHex(FILE *out, const SECItem *data, const char *m, int level)
{
unsigned i;
int column = 0;
- PRBool isString = PR_TRUE;
+ PRBool isString = PR_TRUE;
PRBool isWhiteSpace = PR_TRUE;
- PRBool printedHex = PR_FALSE;
+ PRBool printedHex = PR_FALSE;
unsigned int limit = 15;
- if ( m ) {
- SECU_Indent(out, level); fprintf(out, "%s:", m);
- level++;
- if (wrapEnabled)
- fprintf(out, "\n");
+ if (m) {
+ SECU_Indent(out, level);
+ fprintf(out, "%s:", m);
+ level++;
+ if (wrapEnabled)
+ fprintf(out, "\n");
}
if (wrapEnabled) {
- SECU_Indent(out, level); column = level*INDENT_MULT;
+ SECU_Indent(out, level);
+ column = level * INDENT_MULT;
}
if (!data->len) {
- fprintf(out, "(empty)\n");
- return;
+ fprintf(out, "(empty)\n");
+ return;
}
/* take a pass to see if it's all printable. */
for (i = 0; i < data->len; i++) {
- unsigned char val = data->data[i];
+ unsigned char val = data->data[i];
if (!val || !isprint(val)) {
- isString = PR_FALSE;
- break;
- }
- if (isWhiteSpace && !isspace(val)) {
- isWhiteSpace = PR_FALSE;
- }
+ isString = PR_FALSE;
+ break;
+ }
+ if (isWhiteSpace && !isspace(val)) {
+ isWhiteSpace = PR_FALSE;
+ }
}
/* Short values, such as bit strings (which are printed with this
@@ -280,73 +285,75 @@ SECU_PrintAsHex(FILE *out, const SECItem *data, const char *m, int level)
** The threshold size (4 bytes) is arbitrary.
*/
if (!isString || data->len <= 4) {
- for (i = 0; i < data->len; i++) {
- if (i != data->len - 1) {
- fprintf(out, "%02x:", data->data[i]);
- column += 3;
- } else {
- fprintf(out, "%02x", data->data[i]);
- column += 2;
- break;
- }
- if (wrapEnabled &&
- (column > 76 || (i % 16 == limit))) {
- SECU_Newline(out);
- SECU_Indent(out, level);
- column = level*INDENT_MULT;
- limit = i % 16;
- }
- }
- printedHex = PR_TRUE;
+ for (i = 0; i < data->len; i++) {
+ if (i != data->len - 1) {
+ fprintf(out, "%02x:", data->data[i]);
+ column += 3;
+ } else {
+ fprintf(out, "%02x", data->data[i]);
+ column += 2;
+ break;
+ }
+ if (wrapEnabled &&
+ (column > 76 || (i % 16 == limit))) {
+ SECU_Newline(out);
+ SECU_Indent(out, level);
+ column = level * INDENT_MULT;
+ limit = i % 16;
+ }
+ }
+ printedHex = PR_TRUE;
}
if (isString && !isWhiteSpace) {
- if (printedHex != PR_FALSE) {
- SECU_Newline(out);
- SECU_Indent(out, level); column = level*INDENT_MULT;
- }
- for (i = 0; i < data->len; i++) {
- unsigned char val = data->data[i];
-
- if (val) {
- fprintf(out,"%c",val);
- column++;
- } else {
- column = 77;
- }
- if (wrapEnabled && column > 76) {
- SECU_Newline(out);
- SECU_Indent(out, level); column = level*INDENT_MULT;
- }
- }
- }
-
- if (column != level*INDENT_MULT) {
- SECU_Newline(out);
+ if (printedHex != PR_FALSE) {
+ SECU_Newline(out);
+ SECU_Indent(out, level);
+ column = level * INDENT_MULT;
+ }
+ for (i = 0; i < data->len; i++) {
+ unsigned char val = data->data[i];
+
+ if (val) {
+ fprintf(out, "%c", val);
+ column++;
+ } else {
+ column = 77;
+ }
+ if (wrapEnabled && column > 76) {
+ SECU_Newline(out);
+ SECU_Indent(out, level);
+ column = level * INDENT_MULT;
+ }
+ }
+ }
+
+ if (column != level * INDENT_MULT) {
+ SECU_Newline(out);
}
}
const char *hex = "0123456789abcdef";
const char printable[257] = {
- "................" /* 0x */
- "................" /* 1x */
- " !\"#$%&'()*+,-./" /* 2x */
- "0123456789:;<=>?" /* 3x */
- "@ABCDEFGHIJKLMNO" /* 4x */
- "PQRSTUVWXYZ[\\]^_" /* 5x */
- "`abcdefghijklmno" /* 6x */
- "pqrstuvwxyz{|}~." /* 7x */
- "................" /* 8x */
- "................" /* 9x */
- "................" /* ax */
- "................" /* bx */
- "................" /* cx */
- "................" /* dx */
- "................" /* ex */
- "................" /* fx */
+ "................" /* 0x */
+ "................" /* 1x */
+ " !\"#$%&'()*+,-./" /* 2x */
+ "0123456789:;<=>?" /* 3x */
+ "@ABCDEFGHIJKLMNO" /* 4x */
+ "PQRSTUVWXYZ[\\]^_" /* 5x */
+ "`abcdefghijklmno" /* 6x */
+ "pqrstuvwxyz{|}~." /* 7x */
+ "................" /* 8x */
+ "................" /* 9x */
+ "................" /* ax */
+ "................" /* bx */
+ "................" /* cx */
+ "................" /* dx */
+ "................" /* ex */
+ "................" /* fx */
};
-void
+void
SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len)
{
const unsigned char *cp = (const unsigned char *)vp;
@@ -359,26 +366,25 @@ SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len)
bp = buf;
ap = buf + 50;
while (--len >= 0) {
- unsigned char ch = *cp++;
- *bp++ = hex[(ch >> 4) & 0xf];
- *bp++ = hex[ch & 0xf];
- *bp++ = ' ';
- *ap++ = printable[ch];
- if (ap - buf >= 66) {
- *ap = 0;
- fprintf(out, " %s\n", buf);
- memset(buf, ' ', sizeof buf);
- bp = buf;
- ap = buf + 50;
- }
+ unsigned char ch = *cp++;
+ *bp++ = hex[(ch >> 4) & 0xf];
+ *bp++ = hex[ch & 0xf];
+ *bp++ = ' ';
+ *ap++ = printable[ch];
+ if (ap - buf >= 66) {
+ *ap = 0;
+ fprintf(out, " %s\n", buf);
+ memset(buf, ' ', sizeof buf);
+ bp = buf;
+ ap = buf + 50;
+ }
}
if (bp > buf) {
- *ap = 0;
- fprintf(out, " %s\n", buf);
+ *ap = 0;
+ fprintf(out, " %s\n", buf);
}
}
-
/* This expents i->data[0] to be the MSB of the integer.
** if you want to print a DER-encoded integer (with the tag and length)
** call SECU_PrintEncodedInteger();
@@ -389,92 +395,95 @@ SECU_PrintInteger(FILE *out, const SECItem *i, const char *m, int level)
int iv;
if (!i || !i->len || !i->data) {
- SECU_Indent(out, level);
- if (m) {
- fprintf(out, "%s: (null)\n", m);
- } else {
- fprintf(out, "(null)\n");
- }
+ SECU_Indent(out, level);
+ if (m) {
+ fprintf(out, "%s: (null)\n", m);
+ } else {
+ fprintf(out, "(null)\n");
+ }
} else if (i->len > 4) {
- SECU_PrintAsHex(out, i, m, level);
+ SECU_PrintAsHex(out, i, m, level);
} else {
- if (i->type == siUnsignedInteger && *i->data & 0x80) {
- /* Make sure i->data has zero in the highest bite
+ if (i->type == siUnsignedInteger && *i->data & 0x80) {
+ /* Make sure i->data has zero in the highest bite
* if i->data is an unsigned integer */
SECItem tmpI;
- char data[] = {0, 0, 0, 0, 0};
+ char data[] = { 0, 0, 0, 0, 0 };
PORT_Memcpy(data + 1, i->data, i->len);
tmpI.len = i->len + 1;
- tmpI.data = (void*)data;
+ tmpI.data = (void *)data;
iv = DER_GetInteger(&tmpI);
- } else {
+ } else {
iv = DER_GetInteger(i);
- }
- SECU_Indent(out, level);
- if (m) {
- fprintf(out, "%s: %d (0x%x)\n", m, iv, iv);
- } else {
- fprintf(out, "%d (0x%x)\n", iv, iv);
- }
+ }
+ SECU_Indent(out, level);
+ if (m) {
+ fprintf(out, "%s: %d (0x%x)\n", m, iv, iv);
+ } else {
+ fprintf(out, "%d (0x%x)\n", iv, iv);
+ }
}
}
#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
/* Returns true iff a[i].flag has a duplicate in a[i+1 : count-1] */
-static PRBool HasShortDuplicate(int i, secuCommandFlag *a, int count)
+static PRBool
+HasShortDuplicate(int i, secuCommandFlag *a, int count)
{
- char target = a[i].flag;
- int j;
-
- /* duplicate '\0' flags are okay, they are used with long forms */
- for (j = i+1; j < count; j++) {
- if (a[j].flag && a[j].flag == target) {
- return PR_TRUE;
- }
- }
- return PR_FALSE;
+ char target = a[i].flag;
+ int j;
+
+ /* duplicate '\0' flags are okay, they are used with long forms */
+ for (j = i + 1; j < count; j++) {
+ if (a[j].flag && a[j].flag == target) {
+ return PR_TRUE;
+ }
+ }
+ return PR_FALSE;
}
/* Returns true iff a[i].longform has a duplicate in a[i+1 : count-1] */
-static PRBool HasLongDuplicate(int i, secuCommandFlag *a, int count)
+static PRBool
+HasLongDuplicate(int i, secuCommandFlag *a, int count)
{
- int j;
- char *target = a[i].longform;
-
- if (!target)
- return PR_FALSE;
-
- for (j = i+1; j < count; j++) {
- if (a[j].longform && strcmp(a[j].longform, target) == 0) {
- return PR_TRUE;
- }
- }
- return PR_FALSE;
+ int j;
+ char *target = a[i].longform;
+
+ if (!target)
+ return PR_FALSE;
+
+ for (j = i + 1; j < count; j++) {
+ if (a[j].longform && strcmp(a[j].longform, target) == 0) {
+ return PR_TRUE;
+ }
+ }
+ return PR_FALSE;
}
/* Returns true iff a has no short or long form duplicates
*/
-PRBool HasNoDuplicates(secuCommandFlag *a, int count)
+PRBool
+HasNoDuplicates(secuCommandFlag *a, int count)
{
int i;
- for (i = 0; i < count; i++) {
- if (a[i].flag && HasShortDuplicate(i, a, count)) {
- return PR_FALSE;
- }
- if (a[i].longform && HasLongDuplicate(i, a, count)) {
- return PR_FALSE;
- }
- }
- return PR_TRUE;
+ for (i = 0; i < count; i++) {
+ if (a[i].flag && HasShortDuplicate(i, a, count)) {
+ return PR_FALSE;
+ }
+ if (a[i].longform && HasLongDuplicate(i, a, count)) {
+ return PR_FALSE;
+ }
+ }
+ return PR_TRUE;
}
#endif
SECStatus
SECU_ParseCommandLine(int argc, char **argv, char *progName,
- const secuCommand *cmd)
+ const secuCommand *cmd)
{
PRBool found;
PLOptState *optstate;
@@ -487,53 +496,53 @@ SECU_ParseCommandLine(int argc, char **argv, char *progName,
PR_ASSERT(HasNoDuplicates(cmd->commands, cmd->numCommands));
PR_ASSERT(HasNoDuplicates(cmd->options, cmd->numOptions));
- optstring = (char *)PORT_Alloc(cmd->numCommands + 2*cmd->numOptions+1);
+ optstring = (char *)PORT_Alloc(cmd->numCommands + 2 * cmd->numOptions + 1);
if (optstring == NULL)
return SECFailure;
-
+
j = 0;
- for (i=0; i<cmd->numCommands; i++) {
- if (cmd->commands[i].flag) /* single character option ? */
- optstring[j++] = cmd->commands[i].flag;
- if (cmd->commands[i].longform)
- lcmd++;
- }
- for (i=0; i<cmd->numOptions; i++) {
- if (cmd->options[i].flag) {
- optstring[j++] = cmd->options[i].flag;
- if (cmd->options[i].needsArg)
- optstring[j++] = ':';
- }
- if (cmd->options[i].longform)
- lopt++;
- }
-
+ for (i = 0; i < cmd->numCommands; i++) {
+ if (cmd->commands[i].flag) /* single character option ? */
+ optstring[j++] = cmd->commands[i].flag;
+ if (cmd->commands[i].longform)
+ lcmd++;
+ }
+ for (i = 0; i < cmd->numOptions; i++) {
+ if (cmd->options[i].flag) {
+ optstring[j++] = cmd->options[i].flag;
+ if (cmd->options[i].needsArg)
+ optstring[j++] = ':';
+ }
+ if (cmd->options[i].longform)
+ lopt++;
+ }
+
optstring[j] = '\0';
-
+
if (lcmd + lopt > 0) {
- longopts = PORT_NewArray(PLLongOpt, lcmd+lopt+1);
- if (!longopts) {
- PORT_Free(optstring);
- return SECFailure;
- }
-
- j = 0;
- for (i=0; j<lcmd && i<cmd->numCommands; i++) {
- if (cmd->commands[i].longform) {
- longopts[j].longOptName = cmd->commands[i].longform;
- longopts[j].longOption = 0;
- longopts[j++].valueRequired = cmd->commands[i].needsArg;
- }
- }
- lopt += lcmd;
- for (i=0; j<lopt && i<cmd->numOptions; i++) {
- if (cmd->options[i].longform) {
- longopts[j].longOptName = cmd->options[i].longform;
- longopts[j].longOption = 0;
- longopts[j++].valueRequired = cmd->options[i].needsArg;
- }
- }
- longopts[j].longOptName = NULL;
+ longopts = PORT_NewArray(PLLongOpt, lcmd + lopt + 1);
+ if (!longopts) {
+ PORT_Free(optstring);
+ return SECFailure;
+ }
+
+ j = 0;
+ for (i = 0; j < lcmd && i < cmd->numCommands; i++) {
+ if (cmd->commands[i].longform) {
+ longopts[j].longOptName = cmd->commands[i].longform;
+ longopts[j].longOption = 0;
+ longopts[j++].valueRequired = cmd->commands[i].needsArg;
+ }
+ }
+ lopt += lcmd;
+ for (i = 0; j < lopt && i < cmd->numOptions; i++) {
+ if (cmd->options[i].longform) {
+ longopts[j].longOptName = cmd->options[i].longform;
+ longopts[j].longOption = 0;
+ longopts[j++].valueRequired = cmd->options[i].needsArg;
+ }
+ }
+ longopts[j].longOptName = NULL;
}
optstate = PL_CreateLongOptState(argc, argv, optstring, longopts);
@@ -544,87 +553,86 @@ SECU_ParseCommandLine(int argc, char **argv, char *progName,
}
/* Parse command line arguments */
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- const char *optstatelong;
- char option = optstate->option;
-
- /* positional parameter, single-char option or long opt? */
- if (optstate->longOptIndex == -1) {
- /* not a long opt */
- if (option == '\0')
- continue; /* it's a positional parameter */
- optstatelong = "";
- } else {
- /* long opt */
+ const char *optstatelong;
+ char option = optstate->option;
+
+ /* positional parameter, single-char option or long opt? */
+ if (optstate->longOptIndex == -1) {
+ /* not a long opt */
if (option == '\0')
- option = '\377'; /* force unequal with all flags */
- optstatelong = longopts[optstate->longOptIndex].longOptName;
- }
-
- found = PR_FALSE;
-
- for (i=0; i<cmd->numCommands; i++) {
- if (cmd->commands[i].flag == option ||
- cmd->commands[i].longform == optstatelong) {
- cmd->commands[i].activated = PR_TRUE;
- if (optstate->value) {
- cmd->commands[i].arg = (char *)optstate->value;
- }
- found = PR_TRUE;
- break;
- }
- }
-
- if (found)
- continue;
-
- for (i=0; i<cmd->numOptions; i++) {
- if (cmd->options[i].flag == option ||
- cmd->options[i].longform == optstatelong) {
- cmd->options[i].activated = PR_TRUE;
- if (optstate->value) {
- cmd->options[i].arg = (char *)optstate->value;
- } else if (cmd->options[i].needsArg) {
- status = PL_OPT_BAD;
- goto loser;
- }
- found = PR_TRUE;
- break;
- }
- }
-
- if (!found) {
- status = PL_OPT_BAD;
- break;
- }
+ continue; /* it's a positional parameter */
+ optstatelong = "";
+ } else {
+ /* long opt */
+ if (option == '\0')
+ option = '\377'; /* force unequal with all flags */
+ optstatelong = longopts[optstate->longOptIndex].longOptName;
+ }
+
+ found = PR_FALSE;
+
+ for (i = 0; i < cmd->numCommands; i++) {
+ if (cmd->commands[i].flag == option ||
+ cmd->commands[i].longform == optstatelong) {
+ cmd->commands[i].activated = PR_TRUE;
+ if (optstate->value) {
+ cmd->commands[i].arg = (char *)optstate->value;
+ }
+ found = PR_TRUE;
+ break;
+ }
+ }
+
+ if (found)
+ continue;
+
+ for (i = 0; i < cmd->numOptions; i++) {
+ if (cmd->options[i].flag == option ||
+ cmd->options[i].longform == optstatelong) {
+ cmd->options[i].activated = PR_TRUE;
+ if (optstate->value) {
+ cmd->options[i].arg = (char *)optstate->value;
+ } else if (cmd->options[i].needsArg) {
+ status = PL_OPT_BAD;
+ goto loser;
+ }
+ found = PR_TRUE;
+ break;
+ }
+ }
+
+ if (!found) {
+ status = PL_OPT_BAD;
+ break;
+ }
}
loser:
PL_DestroyOptState(optstate);
PORT_Free(optstring);
if (longopts)
- PORT_Free(longopts);
+ PORT_Free(longopts);
if (status == PL_OPT_BAD)
- return SECFailure;
+ return SECFailure;
return SECSuccess;
}
char *
SECU_GetOptionArg(const secuCommand *cmd, int optionNum)
{
- if (optionNum < 0 || optionNum >= cmd->numOptions)
- return NULL;
- if (cmd->options[optionNum].activated)
- return PL_strdup(cmd->options[optionNum].arg);
- else
- return NULL;
+ if (optionNum < 0 || optionNum >= cmd->numOptions)
+ return NULL;
+ if (cmd->options[optionNum].activated)
+ return PL_strdup(cmd->options[optionNum].arg);
+ else
+ return NULL;
}
-
-void
-SECU_PrintPRandOSError(const char *progName)
+void
+SECU_PrintPRandOSError(const char *progName)
{
char buffer[513];
- PRInt32 errLen = PR_GetErrorTextLength();
+ PRInt32 errLen = PR_GetErrorTextLength();
if (errLen > 0 && errLen < sizeof buffer) {
PR_GetErrorText(buffer);
}
@@ -634,55 +642,62 @@ SECU_PrintPRandOSError(const char *progName)
}
}
-SECOidTag
+SECOidTag
SECU_StringToSignatureAlgTag(const char *alg)
{
SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
if (alg) {
- if (!PL_strcmp(alg, "MD2")) {
- hashAlgTag = SEC_OID_MD2;
- } else if (!PL_strcmp(alg, "MD4")) {
- hashAlgTag = SEC_OID_MD4;
- } else if (!PL_strcmp(alg, "MD5")) {
- hashAlgTag = SEC_OID_MD5;
- } else if (!PL_strcmp(alg, "SHA1")) {
- hashAlgTag = SEC_OID_SHA1;
- } else if (!PL_strcmp(alg, "SHA224")) {
- hashAlgTag = SEC_OID_SHA224;
- } else if (!PL_strcmp(alg, "SHA256")) {
- hashAlgTag = SEC_OID_SHA256;
- } else if (!PL_strcmp(alg, "SHA384")) {
- hashAlgTag = SEC_OID_SHA384;
- } else if (!PL_strcmp(alg, "SHA512")) {
- hashAlgTag = SEC_OID_SHA512;
- }
+ if (!PL_strcmp(alg, "MD2")) {
+ hashAlgTag = SEC_OID_MD2;
+ } else if (!PL_strcmp(alg, "MD4")) {
+ hashAlgTag = SEC_OID_MD4;
+ } else if (!PL_strcmp(alg, "MD5")) {
+ hashAlgTag = SEC_OID_MD5;
+ } else if (!PL_strcmp(alg, "SHA1")) {
+ hashAlgTag = SEC_OID_SHA1;
+ } else if (!PL_strcmp(alg, "SHA224")) {
+ hashAlgTag = SEC_OID_SHA224;
+ } else if (!PL_strcmp(alg, "SHA256")) {
+ hashAlgTag = SEC_OID_SHA256;
+ } else if (!PL_strcmp(alg, "SHA384")) {
+ hashAlgTag = SEC_OID_SHA384;
+ } else if (!PL_strcmp(alg, "SHA512")) {
+ hashAlgTag = SEC_OID_SHA512;
+ }
}
return hashAlgTag;
}
/* Caller ensures that dst is at least item->len*2+1 bytes long */
void
-SECU_SECItemToHex(const SECItem * item, char * dst)
+SECU_SECItemToHex(const SECItem *item, char *dst)
{
if (dst && item && item->data) {
- unsigned char * src = item->data;
- unsigned int len = item->len;
- for (; len > 0; --len, dst += 2) {
- sprintf(dst, "%02x", *src++);
- }
- *dst = '\0';
+ unsigned char *src = item->data;
+ unsigned int len = item->len;
+ for (; len > 0; --len, dst += 2) {
+ sprintf(dst, "%02x", *src++);
+ }
+ *dst = '\0';
}
}
-static unsigned char nibble(char c) {
+static unsigned char
+nibble(char c)
+{
c = PORT_Tolower(c);
- return ( c >= '0' && c <= '9') ? c - '0' :
- ( c >= 'a' && c <= 'f') ? c - 'a' +10 : -1;
+ return (c >= '0' && c <= '9') ? c - '0' :
+ (c >=
+ 'a' &&
+ c <=
+ 'f')
+ ? c - 'a' + 10
+ : -1;
}
SECStatus
-SECU_SECItemHexStringToBinary(SECItem* srcdest)
+SECU_SECItemHexStringToBinary(SECItem *srcdest)
{
unsigned int i;
@@ -690,32 +705,31 @@ SECU_SECItemHexStringToBinary(SECItem* srcdest)
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- if (srcdest->len < 4 || (srcdest->len % 2) ) {
+ if (srcdest->len < 4 || (srcdest->len % 2)) {
/* too short to convert, or even number of characters */
PORT_SetError(SEC_ERROR_BAD_DATA);
return SECFailure;
}
- if (PORT_Strncasecmp((const char*)srcdest->data, "0x", 2)) {
+ if (PORT_Strncasecmp((const char *)srcdest->data, "0x", 2)) {
/* wrong prefix */
PORT_SetError(SEC_ERROR_BAD_DATA);
return SECFailure;
}
/* 1st pass to check for hex characters */
- for (i=2; i<srcdest->len; i++) {
+ for (i = 2; i < srcdest->len; i++) {
char c = PORT_Tolower(srcdest->data[i]);
- if (! ( ( c >= '0' && c <= '9') ||
- ( c >= 'a' && c <= 'f')
- ) ) {
+ if (!((c >= '0' && c <= '9') ||
+ (c >= 'a' && c <= 'f'))) {
PORT_SetError(SEC_ERROR_BAD_DATA);
return SECFailure;
}
}
/* 2nd pass to convert */
- for (i=2; i<srcdest->len; i+=2) {
- srcdest->data[(i-2)/2] = (nibble(srcdest->data[i]) << 4) +
- nibble(srcdest->data[i+1]);
+ for (i = 2; i < srcdest->len; i += 2) {
+ srcdest->data[(i - 2) / 2] = (nibble(srcdest->data[i]) << 4) +
+ nibble(srcdest->data[i + 1]);
}
/* adjust length */
diff --git a/cmd/lib/basicutil.h b/cmd/lib/basicutil.h
index fec1cf443..3eeeef73b 100644
--- a/cmd/lib/basicutil.h
+++ b/cmd/lib/basicutil.h
@@ -16,7 +16,7 @@
#include <stdio.h>
#ifdef SECUTIL_NEW
-typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item,
+typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item,
char *msg, int level);
#else
typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
@@ -62,7 +62,7 @@ extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level);
extern SECStatus SECU_PKCS11Init(PRBool readOnly);
/* Dump contents of signed data */
-extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
+extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
int level, SECU_PPFunc inner);
extern void SECU_PrintString(FILE *out, const SECItem *si, const char *m,
@@ -73,16 +73,16 @@ extern void SECU_PrintPRandOSError(const char *progName);
/* Caller ensures that dst is at least item->len*2+1 bytes long */
void
-SECU_SECItemToHex(const SECItem * item, char * dst);
+SECU_SECItemToHex(const SECItem *item, char *dst);
/* Requires 0x prefix. Case-insensitive. Will do in-place replacement if
* successful */
SECStatus
-SECU_SECItemHexStringToBinary(SECItem* srcdest);
+SECU_SECItemHexStringToBinary(SECItem *srcdest);
/*
*
- * Utilities for parsing security tools command lines
+ * Utilities for parsing security tools command lines
*
*/
@@ -106,9 +106,9 @@ typedef struct
} secuCommand;
/* fill the "arg" and "activated" fields for each flag */
-SECStatus
+SECStatus
SECU_ParseCommandLine(int argc, char **argv, char *progName,
- const secuCommand *cmd);
+ const secuCommand *cmd);
char *
SECU_GetOptionArg(const secuCommand *cmd, int optionNum);
diff --git a/cmd/lib/berparse.c b/cmd/lib/berparse.c
index 9e65361e5..8cd1ebae0 100644
--- a/cmd/lib/berparse.c
+++ b/cmd/lib/berparse.c
@@ -4,16 +4,20 @@
#include "secutil.h"
typedef enum {
- tagDone, lengthDone, leafDone, compositeDone,
+ tagDone,
+ lengthDone,
+ leafDone,
+ compositeDone,
notDone,
- parseError, parseComplete
+ parseError,
+ parseComplete
} ParseState;
typedef unsigned char Byte;
typedef void (*ParseProc)(BERParse *h, unsigned char **buf, int *len);
typedef struct {
SECArb arb;
- int pos; /* length from global start to item start */
+ int pos; /* length from global start to item start */
SECArb *parent;
} ParseStackElem;
@@ -24,8 +28,8 @@ struct BERParseStr {
int stackDepth;
ParseStackElem *stackPtr;
ParseStackElem *stack;
- int pending; /* bytes remaining to complete this part */
- int pos; /* running length of consumed characters */
+ int pending; /* bytes remaining to complete this part */
+ int pos; /* running length of consumed characters */
ParseState state;
PRBool keepLeaves;
PRBool derOnly;
@@ -39,46 +43,49 @@ struct BERParseStr {
#define UNKNOWN -1
-static unsigned char NextChar(BERParse *h, unsigned char **buf, int *len)
+static unsigned char
+NextChar(BERParse *h, unsigned char **buf, int *len)
{
unsigned char c = *(*buf)++;
(*len)--;
h->pos++;
if (h->filter)
- (*h->filter)(h->filterArg, &c, 1);
+ (*h->filter)(h->filterArg, &c, 1);
return c;
}
-static void ParseTag(BERParse *h, unsigned char **buf, int *len)
+static void
+ParseTag(BERParse *h, unsigned char **buf, int *len)
{
- SECArb* arb = &(h->stackPtr->arb);
+ SECArb *arb = &(h->stackPtr->arb);
arb->tag = NextChar(h, buf, len);
PORT_Assert(h->state == notDone);
- /*
- * NOTE: This does not handle the high-tag-number form
- */
+ /*
+ * NOTE: This does not handle the high-tag-number form
+ */
if ((arb->tag & DER_HIGH_TAG_NUMBER) == DER_HIGH_TAG_NUMBER) {
PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return;
+ h->state = parseError;
+ return;
}
h->pending = UNKNOWN;
arb->length = UNKNOWN;
if (arb->tag & DER_CONSTRUCTED) {
- arb->body.cons.numSubs = 0;
- arb->body.cons.subs = NULL;
+ arb->body.cons.numSubs = 0;
+ arb->body.cons.subs = NULL;
} else {
- arb->body.item.len = UNKNOWN;
- arb->body.item.data = NULL;
+ arb->body.item.len = UNKNOWN;
+ arb->body.item.data = NULL;
}
h->state = tagDone;
}
-static void ParseLength(BERParse *h, unsigned char **buf, int *len)
+static void
+ParseLength(BERParse *h, unsigned char **buf, int *len)
{
Byte b;
SECArb *arb = &(h->stackPtr->arb);
@@ -86,46 +93,47 @@ static void ParseLength(BERParse *h, unsigned char **buf, int *len)
PORT_Assert(h->state == notDone);
if (h->pending == UNKNOWN) {
- b = NextChar(h, buf, len);
- if ((b & 0x80) == 0) { /* short form */
- arb->length = b;
- /*
- * if the tag and the length are both zero bytes, then this
- * should be the marker showing end of list for the
- * indefinite length composite
- */
- if (arb->length == 0 && arb->tag == 0)
- h->state = compositeDone;
- else
- h->state = lengthDone;
- return;
- }
-
- h->pending = b & 0x7f;
- /* 0 implies this is an indefinite length */
- if (h->pending > 4) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return;
- }
- arb->length = 0;
+ b = NextChar(h, buf, len);
+ if ((b & 0x80) == 0) { /* short form */
+ arb->length = b;
+ /*
+ * if the tag and the length are both zero bytes, then this
+ * should be the marker showing end of list for the
+ * indefinite length composite
+ */
+ if (arb->length == 0 && arb->tag == 0)
+ h->state = compositeDone;
+ else
+ h->state = lengthDone;
+ return;
+ }
+
+ h->pending = b & 0x7f;
+ /* 0 implies this is an indefinite length */
+ if (h->pending > 4) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ h->state = parseError;
+ return;
+ }
+ arb->length = 0;
}
while ((*len > 0) && (h->pending > 0)) {
- b = NextChar(h, buf, len);
- arb->length = (arb->length << 8) + b;
- h->pending--;
+ b = NextChar(h, buf, len);
+ arb->length = (arb->length << 8) + b;
+ h->pending--;
}
if (h->pending == 0) {
- if (h->derOnly && (arb->length == 0))
- h->state = parseError;
- else
- h->state = lengthDone;
+ if (h->derOnly && (arb->length == 0))
+ h->state = parseError;
+ else
+ h->state = lengthDone;
}
return;
}
-static void ParseLeaf(BERParse *h, unsigned char **buf, int *len)
+static void
+ParseLeaf(BERParse *h, unsigned char **buf, int *len)
{
int count;
SECArb *arb = &(h->stackPtr->arb);
@@ -134,191 +142,196 @@ static void ParseLeaf(BERParse *h, unsigned char **buf, int *len)
PORT_Assert(h->pending >= 0);
if (*len < h->pending)
- count = *len;
+ count = *len;
else
- count = h->pending;
+ count = h->pending;
if (h->keepLeaves)
- memcpy(arb->body.item.data + arb->body.item.len, *buf, count);
+ memcpy(arb->body.item.data + arb->body.item.len, *buf, count);
if (h->filter)
- (*h->filter)(h->filterArg, *buf, count);
+ (*h->filter)(h->filterArg, *buf, count);
*buf += count;
*len -= count;
arb->body.item.len += count;
h->pending -= count;
h->pos += count;
if (h->pending == 0) {
- h->state = leafDone;
+ h->state = leafDone;
}
return;
}
-static void CreateArbNode(BERParse *h)
+static void
+CreateArbNode(BERParse *h)
{
SECArb *arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
*arb = h->stackPtr->arb;
- /*
+ /*
* Special case closing the root
- */
+ */
if (h->stackPtr == h->stack) {
- PORT_Assert(arb->tag & DER_CONSTRUCTED);
- h->state = parseComplete;
+ PORT_Assert(arb->tag & DER_CONSTRUCTED);
+ h->state = parseComplete;
} else {
- SECArb *parent = h->stackPtr->parent;
- parent->body.cons.subs = DS_ArenaGrow(
- h->his, parent->body.cons.subs,
- (parent->body.cons.numSubs) * sizeof(SECArb*),
- (parent->body.cons.numSubs + 1) * sizeof(SECArb*));
- parent->body.cons.subs[parent->body.cons.numSubs] = arb;
- parent->body.cons.numSubs++;
- h->proc = ParseTag;
- h->state = notDone;
- h->pending = UNKNOWN;
+ SECArb *parent = h->stackPtr->parent;
+ parent->body.cons.subs = DS_ArenaGrow(
+ h->his, parent->body.cons.subs,
+ (parent->body.cons.numSubs) * sizeof(SECArb *),
+ (parent->body.cons.numSubs + 1) * sizeof(SECArb *));
+ parent->body.cons.subs[parent->body.cons.numSubs] = arb;
+ parent->body.cons.numSubs++;
+ h->proc = ParseTag;
+ h->state = notDone;
+ h->pending = UNKNOWN;
}
if (h->after)
- (*h->after)(h->afterArg, arb, h->stackPtr - h->stack, PR_FALSE);
+ (*h->after)(h->afterArg, arb, h->stackPtr - h->stack, PR_FALSE);
}
-SECStatus BER_ParseSome(BERParse *h, unsigned char *buf, int len)
+SECStatus
+BER_ParseSome(BERParse *h, unsigned char *buf, int len)
{
- if (h->state == parseError) return PR_TRUE;
+ if (h->state == parseError)
+ return PR_TRUE;
while (len) {
(*h->proc)(h, &buf, &len);
- if (h->state == parseComplete) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- if (h->state == parseError) return PR_TRUE;
- PORT_Assert(h->state != parseComplete);
+ if (h->state == parseComplete) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ h->state = parseError;
+ return PR_TRUE;
+ }
+ if (h->state == parseError)
+ return PR_TRUE;
+ PORT_Assert(h->state != parseComplete);
if (h->state <= compositeDone) {
- if (h->proc == ParseTag) {
- PORT_Assert(h->state == tagDone);
- h->proc = ParseLength;
- h->state = notDone;
- } else if (h->proc == ParseLength) {
- SECArb *arb = &(h->stackPtr->arb);
- PORT_Assert(h->state == lengthDone || h->state == compositeDone);
-
- if (h->before)
- (*h->before)(h->beforeArg, arb,
- h->stackPtr - h->stack, PR_TRUE);
-
- /*
- * Check to see if this is the end of an indefinite
- * length composite
- */
- if (h->state == compositeDone) {
- SECArb *parent = h->stackPtr->parent;
- PORT_Assert(parent);
- PORT_Assert(parent->tag & DER_CONSTRUCTED);
- if (parent->length != 0) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- /*
- * NOTE: This does not check for an indefinite length
- * composite being contained inside a definite length
- * composite. It is not clear that is legal.
- */
- h->stackPtr--;
- CreateArbNode(h);
- } else {
- h->stackPtr->pos = h->pos;
-
-
- if (arb->tag & DER_CONSTRUCTED) {
- SECArb *parent;
- /*
- * Make sure there is room on the stack before we
- * stick anything else there.
- */
- PORT_Assert(h->stackPtr - h->stack < h->stackDepth);
- if (h->stackPtr - h->stack == h->stackDepth - 1) {
- int newDepth = h->stackDepth * 2;
- h->stack = DS_ArenaGrow(h->mine, h->stack,
- sizeof(ParseStackElem) * h->stackDepth,
- sizeof(ParseStackElem) * newDepth);
- h->stackPtr = h->stack + h->stackDepth + 1;
- h->stackDepth = newDepth;
- }
- parent = &(h->stackPtr->arb);
- h->stackPtr++;
- h->stackPtr->parent = parent;
- h->proc = ParseTag;
- h->state = notDone;
- h->pending = UNKNOWN;
- } else {
- if (arb->length < 0) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- arb->body.item.len = 0;
- if (arb->length > 0 && h->keepLeaves) {
- arb->body.item.data =
- PORT_ArenaAlloc(h->his, arb->length);
- } else {
- arb->body.item.data = NULL;
- }
- h->proc = ParseLeaf;
- h->state = notDone;
- h->pending = arb->length;
- }
- }
- } else {
- ParseStackElem *parent;
- PORT_Assert(h->state = leafDone);
- PORT_Assert(h->proc == ParseLeaf);
-
- for (;;) {
- CreateArbNode(h);
- if (h->stackPtr == h->stack)
- break;
- parent = (h->stackPtr - 1);
- PORT_Assert(parent->arb.tag & DER_CONSTRUCTED);
- if (parent->arb.length == 0) /* need explicit end */
- break;
- if (parent->pos + parent->arb.length > h->pos)
- break;
- if (parent->pos + parent->arb.length < h->pos) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- h->stackPtr = parent;
- }
- }
-
- }
+ if (h->proc == ParseTag) {
+ PORT_Assert(h->state == tagDone);
+ h->proc = ParseLength;
+ h->state = notDone;
+ } else if (h->proc == ParseLength) {
+ SECArb *arb = &(h->stackPtr->arb);
+ PORT_Assert(h->state == lengthDone || h->state == compositeDone);
+
+ if (h->before)
+ (*h->before)(h->beforeArg, arb,
+ h->stackPtr - h->stack, PR_TRUE);
+
+ /*
+ * Check to see if this is the end of an indefinite
+ * length composite
+ */
+ if (h->state == compositeDone) {
+ SECArb *parent = h->stackPtr->parent;
+ PORT_Assert(parent);
+ PORT_Assert(parent->tag & DER_CONSTRUCTED);
+ if (parent->length != 0) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ h->state = parseError;
+ return PR_TRUE;
+ }
+ /*
+ * NOTE: This does not check for an indefinite length
+ * composite being contained inside a definite length
+ * composite. It is not clear that is legal.
+ */
+ h->stackPtr--;
+ CreateArbNode(h);
+ } else {
+ h->stackPtr->pos = h->pos;
+
+ if (arb->tag & DER_CONSTRUCTED) {
+ SECArb *parent;
+ /*
+ * Make sure there is room on the stack before we
+ * stick anything else there.
+ */
+ PORT_Assert(h->stackPtr - h->stack < h->stackDepth);
+ if (h->stackPtr - h->stack == h->stackDepth - 1) {
+ int newDepth = h->stackDepth * 2;
+ h->stack = DS_ArenaGrow(h->mine, h->stack,
+ sizeof(ParseStackElem) *
+ h->stackDepth,
+ sizeof(ParseStackElem) *
+ newDepth);
+ h->stackPtr = h->stack + h->stackDepth + 1;
+ h->stackDepth = newDepth;
+ }
+ parent = &(h->stackPtr->arb);
+ h->stackPtr++;
+ h->stackPtr->parent = parent;
+ h->proc = ParseTag;
+ h->state = notDone;
+ h->pending = UNKNOWN;
+ } else {
+ if (arb->length < 0) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ h->state = parseError;
+ return PR_TRUE;
+ }
+ arb->body.item.len = 0;
+ if (arb->length > 0 && h->keepLeaves) {
+ arb->body.item.data =
+ PORT_ArenaAlloc(h->his, arb->length);
+ } else {
+ arb->body.item.data = NULL;
+ }
+ h->proc = ParseLeaf;
+ h->state = notDone;
+ h->pending = arb->length;
+ }
+ }
+ } else {
+ ParseStackElem *parent;
+ PORT_Assert(h->state = leafDone);
+ PORT_Assert(h->proc == ParseLeaf);
+
+ for (;;) {
+ CreateArbNode(h);
+ if (h->stackPtr == h->stack)
+ break;
+ parent = (h->stackPtr - 1);
+ PORT_Assert(parent->arb.tag & DER_CONSTRUCTED);
+ if (parent->arb.length == 0) /* need explicit end */
+ break;
+ if (parent->pos + parent->arb.length > h->pos)
+ break;
+ if (parent->pos + parent->arb.length < h->pos) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ h->state = parseError;
+ return PR_TRUE;
+ }
+ h->stackPtr = parent;
+ }
+ }
+ }
}
return PR_FALSE;
}
-BERParse *BER_ParseInit(PLArenaPool *arena, PRBool derOnly)
+BERParse *
+BER_ParseInit(PLArenaPool *arena, PRBool derOnly)
{
BERParse *h;
PLArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (temp == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return NULL;
}
h = PORT_ArenaAlloc(temp, sizeof(BERParse));
if (h == NULL) {
- PORT_FreeArena(temp, PR_FALSE);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
+ PORT_FreeArena(temp, PR_FALSE);
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return NULL;
}
h->his = arena;
h->mine = temp;
h->proc = ParseTag;
h->stackDepth = 20;
h->stack = PORT_ArenaZAlloc(h->mine,
- sizeof(ParseStackElem) * h->stackDepth);
+ sizeof(ParseStackElem) * h->stackDepth);
h->stackPtr = h->stack;
h->state = notDone;
h->pos = 0;
@@ -330,16 +343,17 @@ BERParse *BER_ParseInit(PLArenaPool *arena, PRBool derOnly)
return h;
}
-SECArb *BER_ParseFini(BERParse *h)
+SECArb *
+BER_ParseFini(BERParse *h)
{
PLArenaPool *myArena = h->mine;
SECArb *arb;
if (h->state != parseComplete) {
- arb = NULL;
+ arb = NULL;
} else {
- arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
- *arb = h->stackPtr->arb;
+ arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
+ *arb = h->stackPtr->arb;
}
PORT_FreeArena(myArena, PR_FALSE);
@@ -347,29 +361,28 @@ SECArb *BER_ParseFini(BERParse *h)
return arb;
}
-
-void BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance)
+void
+BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance)
{
h->filter = proc;
h->filterArg = instance;
}
-void BER_SetLeafStorage(BERParse *h, PRBool keep)
+void
+BER_SetLeafStorage(BERParse *h, PRBool keep)
{
h->keepLeaves = keep;
}
-void BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance,
- PRBool beforeData)
+void
+BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance,
+ PRBool beforeData)
{
if (beforeData) {
- h->before = proc;
- h->beforeArg = instance;
+ h->before = proc;
+ h->beforeArg = instance;
} else {
- h->after = proc;
- h->afterArg = instance;
+ h->after = proc;
+ h->afterArg = instance;
}
}
-
-
-
diff --git a/cmd/lib/derprint.c b/cmd/lib/derprint.c
index 28d14665f..08ef66d08 100644
--- a/cmd/lib/derprint.c
+++ b/cmd/lib/derprint.c
@@ -5,11 +5,11 @@
#include "secoid.h"
#ifdef __sun
-extern int fprintf(FILE *strm, const char *format, .../* args */);
+extern int fprintf(FILE *strm, const char *format, ... /* args */);
extern int fflush(FILE *stream);
#endif
-#define RIGHT_MARGIN 24
+#define RIGHT_MARGIN 24
/*#define RAW_BYTES 1 */
static int prettyColumn = 0;
@@ -20,28 +20,28 @@ getInteger256(const unsigned char *data, unsigned int nb)
int val;
switch (nb) {
- case 1:
- val = data[0];
- break;
- case 2:
- val = (data[0] << 8) | data[1];
- break;
- case 3:
- val = (data[0] << 16) | (data[1] << 8) | data[2];
- break;
- case 4:
- /* If the most significant bit of data[0] is 1, val would be negative.
- * Treat it as an error.
- */
- if (data[0] & 0x80) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
- val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
- break;
- default:
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
+ case 1:
+ val = data[0];
+ break;
+ case 2:
+ val = (data[0] << 8) | data[1];
+ break;
+ case 3:
+ val = (data[0] << 16) | (data[1] << 8) | data[2];
+ break;
+ case 4:
+ /* If the most significant bit of data[0] is 1, val would be negative.
+ * Treat it as an error.
+ */
+ if (data[0] & 0x80) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return -1;
+ }
+ val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return -1;
}
return val;
@@ -53,12 +53,12 @@ prettyNewline(FILE *out)
int rv;
if (prettyColumn != -1) {
- rv = fprintf(out, "\n");
- prettyColumn = -1;
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
+ rv = fprintf(out, "\n");
+ prettyColumn = -1;
+ if (rv < 0) {
+ PORT_SetError(SEC_ERROR_IO);
+ return rv;
+ }
}
return 0;
}
@@ -70,14 +70,14 @@ prettyIndent(FILE *out, unsigned level)
int rv;
if (prettyColumn == -1) {
- prettyColumn = level;
- for (i = 0; i < level; i++) {
- rv = fprintf(out, " ");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- }
+ prettyColumn = level;
+ for (i = 0; i < level; i++) {
+ rv = fprintf(out, " ");
+ if (rv < 0) {
+ PORT_SetError(SEC_ERROR_IO);
+ return rv;
+ }
+ }
}
return 0;
@@ -90,17 +90,17 @@ prettyPrintByte(FILE *out, unsigned char item, unsigned int level)
rv = prettyIndent(out, level);
if (rv < 0)
- return rv;
+ return rv;
rv = fprintf(out, "%02x ", item);
if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
+ PORT_SetError(SEC_ERROR_IO);
+ return rv;
}
prettyColumn++;
if (prettyColumn >= RIGHT_MARGIN) {
- return prettyNewline(out);
+ return prettyNewline(out);
}
return 0;
@@ -108,45 +108,45 @@ prettyPrintByte(FILE *out, unsigned char item, unsigned int level)
static int
prettyPrintLeaf(FILE *out, const unsigned char *data,
- unsigned int len, unsigned int lv)
+ unsigned int len, unsigned int lv)
{
unsigned int i;
int rv;
for (i = 0; i < len; i++) {
- rv = prettyPrintByte(out, *data++, lv);
- if (rv < 0)
- return rv;
+ rv = prettyPrintByte(out, *data++, lv);
+ if (rv < 0)
+ return rv;
}
return prettyNewline(out);
}
static int
prettyPrintStringStart(FILE *out, const unsigned char *str,
- unsigned int len, unsigned int level)
+ unsigned int len, unsigned int level)
{
#define BUF_SIZE 100
unsigned char buf[BUF_SIZE];
int rv;
if (len >= BUF_SIZE)
- len = BUF_SIZE - 1;
+ len = BUF_SIZE - 1;
rv = prettyNewline(out);
if (rv < 0)
- return rv;
+ return rv;
rv = prettyIndent(out, level);
if (rv < 0)
- return rv;
+ return rv;
memcpy(buf, str, len);
buf[len] = '\000';
rv = fprintf(out, "\"%s\"", buf);
if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
+ PORT_SetError(SEC_ERROR_IO);
+ return rv;
}
return 0;
@@ -155,22 +155,22 @@ prettyPrintStringStart(FILE *out, const unsigned char *str,
static int
prettyPrintString(FILE *out, const unsigned char *str,
- unsigned int len, unsigned int level, PRBool raw)
+ unsigned int len, unsigned int level, PRBool raw)
{
int rv;
rv = prettyPrintStringStart(out, str, len, level);
if (rv < 0)
- return rv;
+ return rv;
rv = prettyNewline(out);
if (rv < 0)
- return rv;
+ return rv;
if (raw) {
- rv = prettyPrintLeaf(out, str, len, level);
- if (rv < 0)
- return rv;
+ rv = prettyPrintLeaf(out, str, len, level);
+ if (rv < 0)
+ return rv;
}
return 0;
@@ -178,43 +178,43 @@ prettyPrintString(FILE *out, const unsigned char *str,
static int
prettyPrintTime(FILE *out, const unsigned char *str,
- unsigned int len, unsigned int level, PRBool raw, PRBool utc)
+ unsigned int len, unsigned int level, PRBool raw, PRBool utc)
{
SECItem time_item;
int rv;
rv = prettyPrintStringStart(out, str, len, level);
if (rv < 0)
- return rv;
+ return rv;
time_item.data = (unsigned char *)str;
time_item.len = len;
rv = fprintf(out, " (");
if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
+ PORT_SetError(SEC_ERROR_IO);
+ return rv;
}
if (utc)
- SECU_PrintUTCTime(out, &time_item, NULL, 0);
+ SECU_PrintUTCTime(out, &time_item, NULL, 0);
else
- SECU_PrintGeneralizedTime(out, &time_item, NULL, 0);
+ SECU_PrintGeneralizedTime(out, &time_item, NULL, 0);
rv = fprintf(out, ")");
if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
+ PORT_SetError(SEC_ERROR_IO);
+ return rv;
}
rv = prettyNewline(out);
if (rv < 0)
- return rv;
+ return rv;
if (raw) {
- rv = prettyPrintLeaf(out, str, len, level);
- if (rv < 0)
- return rv;
+ rv = prettyPrintLeaf(out, str, len, level);
+ if (rv < 0)
+ return rv;
}
return 0;
@@ -222,7 +222,7 @@ prettyPrintTime(FILE *out, const unsigned char *str,
static int
prettyPrintObjectID(FILE *out, const unsigned char *data,
- unsigned int len, unsigned int level, PRBool raw)
+ unsigned int len, unsigned int level, PRBool raw)
{
SECOidData *oiddata;
SECItem oiditem;
@@ -230,42 +230,41 @@ prettyPrintObjectID(FILE *out, const unsigned char *data,
unsigned long val;
int rv;
-
/*
* First print the Object Id in numeric format
*/
rv = prettyIndent(out, level);
if (rv < 0)
- return rv;
+ return rv;
if (len == 0) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return -1;
}
val = data[0];
- i = val % 40;
+ i = val % 40;
val = val / 40;
rv = fprintf(out, "%lu %u ", val, i);
if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
+ PORT_SetError(SEC_ERROR_IO);
+ return rv;
}
val = 0;
for (i = 1; i < len; ++i) {
unsigned long j;
- j = data[i];
- val = (val << 7) | (j & 0x7f);
- if (j & 0x80)
- continue;
- rv = fprintf(out, "%lu ", val);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- val = 0;
+ j = data[i];
+ val = (val << 7) | (j & 0x7f);
+ if (j & 0x80)
+ continue;
+ rv = fprintf(out, "%lu ", val);
+ if (rv < 0) {
+ PORT_SetError(SEC_ERROR_IO);
+ return rv;
+ }
+ val = 0;
}
/*
@@ -275,82 +274,82 @@ prettyPrintObjectID(FILE *out, const unsigned char *data,
oiditem.len = len;
oiddata = SECOID_FindOID(&oiditem);
if (oiddata != NULL) {
- i = PORT_Strlen(oiddata->desc);
- if ((prettyColumn + 1 + (i / 3)) > RIGHT_MARGIN) {
- rv = prettyNewline(out);
- if (rv < 0)
- return rv;
- }
-
- rv = prettyIndent(out, level);
- if (rv < 0)
- return rv;
-
- rv = fprintf(out, "(%s)", oiddata->desc);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
+ i = PORT_Strlen(oiddata->desc);
+ if ((prettyColumn + 1 + (i / 3)) > RIGHT_MARGIN) {
+ rv = prettyNewline(out);
+ if (rv < 0)
+ return rv;
+ }
+
+ rv = prettyIndent(out, level);
+ if (rv < 0)
+ return rv;
+
+ rv = fprintf(out, "(%s)", oiddata->desc);
+ if (rv < 0) {
+ PORT_SetError(SEC_ERROR_IO);
+ return rv;
+ }
}
rv = prettyNewline(out);
if (rv < 0)
- return rv;
+ return rv;
if (raw) {
- rv = prettyPrintLeaf(out, data, len, level);
- if (rv < 0)
- return rv;
+ rv = prettyPrintLeaf(out, data, len, level);
+ if (rv < 0)
+ return rv;
}
return 0;
}
-static char *prettyTagType [32] = {
- "End of Contents",
- "Boolean",
- "Integer",
- "Bit String",
- "Octet String",
- "NULL",
- "Object Identifier",
- "0x07",
- "0x08",
- "0x09",
- "Enumerated",
- "0x0B",
- "UTF8 String",
- "0x0D",
- "0x0E",
- "0x0F",
- "Sequence",
- "Set",
- "0x12",
- "Printable String",
- "T61 String",
- "0x15",
- "IA5 String",
- "UTC Time",
- "Generalized Time",
- "0x19",
- "Visible String",
- "0x1B",
- "Universal String",
- "0x1D",
- "BMP String",
- "High-Tag-Number"
+static char *prettyTagType[32] = {
+ "End of Contents",
+ "Boolean",
+ "Integer",
+ "Bit String",
+ "Octet String",
+ "NULL",
+ "Object Identifier",
+ "0x07",
+ "0x08",
+ "0x09",
+ "Enumerated",
+ "0x0B",
+ "UTF8 String",
+ "0x0D",
+ "0x0E",
+ "0x0F",
+ "Sequence",
+ "Set",
+ "0x12",
+ "Printable String",
+ "T61 String",
+ "0x15",
+ "IA5 String",
+ "UTC Time",
+ "Generalized Time",
+ "0x19",
+ "Visible String",
+ "0x1B",
+ "Universal String",
+ "0x1D",
+ "BMP String",
+ "High-Tag-Number"
};
static int
prettyPrintTag(FILE *out, const unsigned char *src, const unsigned char *end,
- unsigned char *codep, unsigned int level, PRBool raw)
+ unsigned char *codep, unsigned int level, PRBool raw)
{
int rv;
unsigned char code, tagnum;
if (src >= end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return -1;
}
code = *src;
@@ -361,43 +360,43 @@ prettyPrintTag(FILE *out, const unsigned char *src, const unsigned char *end,
*/
if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) {
PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
+ return -1;
}
if (raw)
- rv = prettyPrintByte(out, code, level);
+ rv = prettyPrintByte(out, code, level);
else
- rv = prettyIndent(out, level);
+ rv = prettyIndent(out, level);
if (rv < 0)
- return rv;
+ return rv;
if (code & SEC_ASN1_CONSTRUCTED) {
rv = fprintf(out, "C-");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
+ if (rv < 0) {
+ PORT_SetError(SEC_ERROR_IO);
+ return rv;
+ }
}
switch (code & SEC_ASN1_CLASS_MASK) {
- case SEC_ASN1_UNIVERSAL:
- rv = fprintf(out, "%s ", prettyTagType[tagnum]);
- break;
- case SEC_ASN1_APPLICATION:
- rv = fprintf(out, "Application: %d ", tagnum);
- break;
- case SEC_ASN1_CONTEXT_SPECIFIC:
- rv = fprintf(out, "[%d] ", tagnum);
- break;
- case SEC_ASN1_PRIVATE:
- rv = fprintf(out, "Private: %d ", tagnum);
- break;
+ case SEC_ASN1_UNIVERSAL:
+ rv = fprintf(out, "%s ", prettyTagType[tagnum]);
+ break;
+ case SEC_ASN1_APPLICATION:
+ rv = fprintf(out, "Application: %d ", tagnum);
+ break;
+ case SEC_ASN1_CONTEXT_SPECIFIC:
+ rv = fprintf(out, "[%d] ", tagnum);
+ break;
+ case SEC_ASN1_PRIVATE:
+ rv = fprintf(out, "Private: %d ", tagnum);
+ break;
}
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
- return rv;
+ return rv;
}
*codep = code;
@@ -407,21 +406,21 @@ prettyPrintTag(FILE *out, const unsigned char *src, const unsigned char *end,
static int
prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end,
- int *lenp, PRBool *indefinitep, unsigned int lv, PRBool raw)
+ int *lenp, PRBool *indefinitep, unsigned int lv, PRBool raw)
{
unsigned char lbyte;
int lenLen;
int rv;
if (data >= end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return -1;
}
rv = fprintf(out, " ");
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
- return rv;
+ return rv;
}
*indefinitep = PR_FALSE;
@@ -429,54 +428,55 @@ prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end
lbyte = *data++;
lenLen = 1;
if (lbyte >= 0x80) {
- /* Multibyte length */
- unsigned nb = (unsigned) (lbyte & 0x7f);
- if (nb > 4) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
- if (nb > 0) {
- int il;
-
- if ((data + nb) > end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
- il = getInteger256(data, nb);
- if (il < 0) return -1;
- *lenp = (unsigned) il;
- } else {
- *lenp = 0;
- *indefinitep = PR_TRUE;
- }
- lenLen += nb;
- if (raw) {
- unsigned int i;
-
- rv = prettyPrintByte(out, lbyte, lv);
- if (rv < 0)
- return rv;
- for (i = 0; i < nb; i++) {
- rv = prettyPrintByte(out, data[i], lv);
- if (rv < 0)
- return rv;
- }
- }
+ /* Multibyte length */
+ unsigned nb = (unsigned)(lbyte & 0x7f);
+ if (nb > 4) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return -1;
+ }
+ if (nb > 0) {
+ int il;
+
+ if ((data + nb) > end) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return -1;
+ }
+ il = getInteger256(data, nb);
+ if (il < 0)
+ return -1;
+ *lenp = (unsigned)il;
+ } else {
+ *lenp = 0;
+ *indefinitep = PR_TRUE;
+ }
+ lenLen += nb;
+ if (raw) {
+ unsigned int i;
+
+ rv = prettyPrintByte(out, lbyte, lv);
+ if (rv < 0)
+ return rv;
+ for (i = 0; i < nb; i++) {
+ rv = prettyPrintByte(out, data[i], lv);
+ if (rv < 0)
+ return rv;
+ }
+ }
} else {
- *lenp = lbyte;
- if (raw) {
- rv = prettyPrintByte(out, lbyte, lv);
- if (rv < 0)
- return rv;
- }
+ *lenp = lbyte;
+ if (raw) {
+ rv = prettyPrintByte(out, lbyte, lv);
+ if (rv < 0)
+ return rv;
+ }
}
if (*indefinitep)
- rv = fprintf(out, "(indefinite)\n");
+ rv = fprintf(out, "(indefinite)\n");
else
- rv = fprintf(out, "(%d)\n", *lenp);
+ rv = fprintf(out, "(%d)\n", *lenp);
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
- return rv;
+ return rv;
}
prettyColumn = -1;
@@ -485,7 +485,7 @@ prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end
static int
prettyPrintItem(FILE *out, const unsigned char *data, const unsigned char *end,
- unsigned int lv, PRBool raw)
+ unsigned int lv, PRBool raw)
{
int slen;
int lenLen;
@@ -494,88 +494,88 @@ prettyPrintItem(FILE *out, const unsigned char *data, const unsigned char *end,
while (data < end) {
unsigned char code;
- PRBool indefinite;
-
- slen = prettyPrintTag(out, data, end, &code, lv, raw);
- if (slen < 0)
- return slen;
- data += slen;
-
- lenLen = prettyPrintLength(out, data, end, &slen, &indefinite, lv, raw);
- if (lenLen < 0)
- return lenLen;
- data += lenLen;
-
- /*
- * Just quit now if slen more bytes puts us off the end.
- */
- if ((data + slen) > end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
+ PRBool indefinite;
+
+ slen = prettyPrintTag(out, data, end, &code, lv, raw);
+ if (slen < 0)
+ return slen;
+ data += slen;
+
+ lenLen = prettyPrintLength(out, data, end, &slen, &indefinite, lv, raw);
+ if (lenLen < 0)
+ return lenLen;
+ data += lenLen;
+
+ /*
+ * Just quit now if slen more bytes puts us off the end.
+ */
+ if ((data + slen) > end) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return -1;
+ }
if (code & SEC_ASN1_CONSTRUCTED) {
- if (slen > 0 || indefinite) {
- slen = prettyPrintItem(out, data,
- slen == 0 ? end : data + slen,
- lv+1, raw);
- if (slen < 0)
- return slen;
- data += slen;
- }
- } else if (code == 0) {
- if (slen != 0 || lenLen != 1) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
- break;
- } else {
- switch (code) {
- case SEC_ASN1_PRINTABLE_STRING:
- case SEC_ASN1_IA5_STRING:
- case SEC_ASN1_VISIBLE_STRING:
- rv = prettyPrintString(out, data, slen, lv+1, raw);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_UTC_TIME:
- rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_TRUE);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_GENERALIZED_TIME:
- rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_FALSE);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_OBJECT_ID:
- rv = prettyPrintObjectID(out, data, slen, lv+1, raw);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_BOOLEAN: /* could do nicer job */
- case SEC_ASN1_INTEGER: /* could do nicer job */
- case SEC_ASN1_BIT_STRING: /* could do nicer job */
- case SEC_ASN1_OCTET_STRING:
- case SEC_ASN1_NULL:
- case SEC_ASN1_ENUMERATED: /* could do nicer job, as INTEGER */
- case SEC_ASN1_UTF8_STRING:
- case SEC_ASN1_T61_STRING: /* print as printable string? */
- case SEC_ASN1_UNIVERSAL_STRING:
- case SEC_ASN1_BMP_STRING:
- default:
- rv = prettyPrintLeaf(out, data, slen, lv+1);
- if (rv < 0)
- return rv;
- break;
- }
- data += slen;
- }
+ if (slen > 0 || indefinite) {
+ slen = prettyPrintItem(out, data,
+ slen == 0 ? end : data + slen,
+ lv + 1, raw);
+ if (slen < 0)
+ return slen;
+ data += slen;
+ }
+ } else if (code == 0) {
+ if (slen != 0 || lenLen != 1) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return -1;
+ }
+ break;
+ } else {
+ switch (code) {
+ case SEC_ASN1_PRINTABLE_STRING:
+ case SEC_ASN1_IA5_STRING:
+ case SEC_ASN1_VISIBLE_STRING:
+ rv = prettyPrintString(out, data, slen, lv + 1, raw);
+ if (rv < 0)
+ return rv;
+ break;
+ case SEC_ASN1_UTC_TIME:
+ rv = prettyPrintTime(out, data, slen, lv + 1, raw, PR_TRUE);
+ if (rv < 0)
+ return rv;
+ break;
+ case SEC_ASN1_GENERALIZED_TIME:
+ rv = prettyPrintTime(out, data, slen, lv + 1, raw, PR_FALSE);
+ if (rv < 0)
+ return rv;
+ break;
+ case SEC_ASN1_OBJECT_ID:
+ rv = prettyPrintObjectID(out, data, slen, lv + 1, raw);
+ if (rv < 0)
+ return rv;
+ break;
+ case SEC_ASN1_BOOLEAN: /* could do nicer job */
+ case SEC_ASN1_INTEGER: /* could do nicer job */
+ case SEC_ASN1_BIT_STRING: /* could do nicer job */
+ case SEC_ASN1_OCTET_STRING:
+ case SEC_ASN1_NULL:
+ case SEC_ASN1_ENUMERATED: /* could do nicer job, as INTEGER */
+ case SEC_ASN1_UTF8_STRING:
+ case SEC_ASN1_T61_STRING: /* print as printable string? */
+ case SEC_ASN1_UNIVERSAL_STRING:
+ case SEC_ASN1_BMP_STRING:
+ default:
+ rv = prettyPrintLeaf(out, data, slen, lv + 1);
+ if (rv < 0)
+ return rv;
+ break;
+ }
+ data += slen;
+ }
}
rv = prettyNewline(out);
if (rv < 0)
- return rv;
+ return rv;
return data - orig;
}
@@ -589,6 +589,6 @@ DER_PrettyPrint(FILE *out, const SECItem *it, PRBool raw)
rv = prettyPrintItem(out, it->data, it->data + it->len, 0, raw);
if (rv < 0)
- return SECFailure;
+ return SECFailure;
return SECSuccess;
}
diff --git a/cmd/lib/ffs.c b/cmd/lib/ffs.c
index 8456181e9..d1cbf67e2 100644
--- a/cmd/lib/ffs.c
+++ b/cmd/lib/ffs.c
@@ -3,15 +3,17 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#if !defined(XP_UNIX) && !defined(XP_OS2)
-int ffs( unsigned int i)
+int
+ffs(unsigned int i)
{
- int rv = 1;
+ int rv = 1;
- if (!i) return 0;
+ if (!i)
+ return 0;
while (!(i & 1)) {
- i >>= 1;
- ++rv;
+ i >>= 1;
+ ++rv;
}
return rv;
diff --git a/cmd/lib/moreoids.c b/cmd/lib/moreoids.c
index 6c184764c..ed5022cef 100644
--- a/cmd/lib/moreoids.c
+++ b/cmd/lib/moreoids.c
@@ -5,41 +5,50 @@
#include "secoid.h"
#include "secmodt.h" /* for CKM_INVALID_MECHANISM */
-#define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
-#define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext }
-#define ODN(oid,desc) \
- { OI(oid), 0, desc, CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION }
+#define OI(x) \
+ { \
+ siDEROID, (unsigned char *)x, sizeof x \
+ }
+#define OD(oid, tag, desc, mech, ext) \
+ { \
+ OI(oid) \
+ , tag, desc, mech, ext \
+ }
+#define ODN(oid, desc) \
+ { \
+ OI(oid) \
+ , 0, desc, CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION \
+ }
#define OIDT static const unsigned char
/* OIW Security Special Interest Group defined algorithms. */
-#define OIWSSIG 0x2B, 13, 3, 2
-
-OIDT oiwMD5RSA[] = { OIWSSIG, 3 };
-OIDT oiwDESCBC[] = { OIWSSIG, 7 };
-OIDT oiwRSAsig[] = { OIWSSIG, 11 };
-OIDT oiwDSA [] = { OIWSSIG, 12 };
-OIDT oiwMD5RSAsig[] = { OIWSSIG, 25 };
-OIDT oiwSHA1 [] = { OIWSSIG, 26 };
-OIDT oiwDSASHA1[] = { OIWSSIG, 27 };
-OIDT oiwDSASHA1param[] = { OIWSSIG, 28 };
-OIDT oiwSHA1RSA[] = { OIWSSIG, 29 };
-
+#define OIWSSIG 0x2B, 13, 3, 2
+
+OIDT oiwMD5RSA[] = { OIWSSIG, 3 };
+OIDT oiwDESCBC[] = { OIWSSIG, 7 };
+OIDT oiwRSAsig[] = { OIWSSIG, 11 };
+OIDT oiwDSA[] = { OIWSSIG, 12 };
+OIDT oiwMD5RSAsig[] = { OIWSSIG, 25 };
+OIDT oiwSHA1[] = { OIWSSIG, 26 };
+OIDT oiwDSASHA1[] = { OIWSSIG, 27 };
+OIDT oiwDSASHA1param[] = { OIWSSIG, 28 };
+OIDT oiwSHA1RSA[] = { OIWSSIG, 29 };
/* Microsoft OIDs. (1 3 6 1 4 1 311 ... ) */
#define MICROSOFT 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37
-OIDT mCTL[] = { MICROSOFT, 10, 3, 1 }; /* Cert Trust List signing */
-OIDT mTSS[] = { MICROSOFT, 10, 3, 2 }; /* Time Stamp Signing */
-OIDT mSGC[] = { MICROSOFT, 10, 3, 3 }; /* Server gated cryptography */
-OIDT mEFS[] = { MICROSOFT, 10, 3, 4 }; /* Encrypted File System */
-OIDT mSMIME[] = { MICROSOFT, 16, 4 }; /* SMIME encryption key prefs */
+OIDT mCTL[] = { MICROSOFT, 10, 3, 1 }; /* Cert Trust List signing */
+OIDT mTSS[] = { MICROSOFT, 10, 3, 2 }; /* Time Stamp Signing */
+OIDT mSGC[] = { MICROSOFT, 10, 3, 3 }; /* Server gated cryptography */
+OIDT mEFS[] = { MICROSOFT, 10, 3, 4 }; /* Encrypted File System */
+OIDT mSMIME[] = { MICROSOFT, 16, 4 }; /* SMIME encryption key prefs */
-OIDT mECRTT[] = { MICROSOFT, 20, 2 }; /* Enrollment cert type xtn */
-OIDT mEAGNT[] = { MICROSOFT, 20, 2, 1 }; /* Enrollment Agent */
-OIDT mKPSCL[] = { MICROSOFT, 20, 2, 2 }; /* KP SmartCard Logon */
-OIDT mNTPN [] = { MICROSOFT, 20, 2, 3 }; /* NT Principal Name */
-OIDT mCASRV[] = { MICROSOFT, 21, 1 }; /* CertServ CA version */
+OIDT mECRTT[] = { MICROSOFT, 20, 2 }; /* Enrollment cert type xtn */
+OIDT mEAGNT[] = { MICROSOFT, 20, 2, 1 }; /* Enrollment Agent */
+OIDT mKPSCL[] = { MICROSOFT, 20, 2, 2 }; /* KP SmartCard Logon */
+OIDT mNTPN[] = { MICROSOFT, 20, 2, 3 }; /* NT Principal Name */
+OIDT mCASRV[] = { MICROSOFT, 21, 1 }; /* CertServ CA version */
/* AOL OIDs (1 3 6 1 4 1 1066 ... ) */
#define AOL 0x2B, 0x06, 0x01, 0x04, 0x01, 0x88, 0x2A
@@ -47,81 +56,80 @@ OIDT mCASRV[] = { MICROSOFT, 21, 1 }; /* CertServ CA version */
/* PKIX IDs (1 3 6 1 5 5 7 ...) */
#define ID_PKIX 0x2B, 6, 1, 5, 5, 7
/* PKIX Access Descriptors (methods for Authority Info Access Extns) */
-#define ID_AD ID_PKIX, 48
+#define ID_AD ID_PKIX, 48
-OIDT padOCSP[] = { ID_AD, 1 }; /* OCSP method */
-OIDT padCAissuer[] = { ID_AD, 2 }; /* URI (for CRL ?) */
-OIDT padTimeStamp[] = { ID_AD, 3 }; /* time stamping */
+OIDT padOCSP[] = { ID_AD, 1 }; /* OCSP method */
+OIDT padCAissuer[] = { ID_AD, 2 }; /* URI (for CRL ?) */
+OIDT padTimeStamp[] = { ID_AD, 3 }; /* time stamping */
/* ISO Cert Extension type OIDs (id-ce) (2 5 29 ...) */
-#define X500 0x55
-#define X520_ATTRIBUTE_TYPE X500, 0x04
-#define X500_ALG X500, 0x08
-#define X500_ALG_ENCRYPTION X500_ALG, 0x01
-#define ID_CE X500, 29
+#define X500 0x55
+#define X520_ATTRIBUTE_TYPE X500, 0x04
+#define X500_ALG X500, 0x08
+#define X500_ALG_ENCRYPTION X500_ALG, 0x01
+#define ID_CE X500, 29
-OIDT cePlcyObs[] = { ID_CE, 3 }; /* Cert policies, obsolete. */
-OIDT cePlcyCns[] = { ID_CE, 36 }; /* Cert policy constraints. */
+OIDT cePlcyObs[] = { ID_CE, 3 }; /* Cert policies, obsolete. */
+OIDT cePlcyCns[] = { ID_CE, 36 }; /* Cert policy constraints. */
/* US Company arc (2 16 840 1 ...) */
-#define USCOM 0x60, 0x86, 0x48, 0x01
-#define USGOV USCOM, 0x65
-#define USDOD USGOV, 2
-#define ID_INFOSEC USDOD, 1
+#define USCOM 0x60, 0x86, 0x48, 0x01
+#define USGOV USCOM, 0x65
+#define USDOD USGOV, 2
+#define ID_INFOSEC USDOD, 1
/* Verisign PKI OIDs (2 16 840 1 113733 1 ...) */
#define VERISIGN_PKI USCOM, 0x86, 0xf8, 0x45, 1
#define VERISIGN_XTN VERISIGN_PKI, 6
-#define VERISIGN_POL VERISIGN_PKI, 7 /* Cert policies */
-#define VERISIGN_TNET VERISIGN_POL, 23 /* Verisign Trust Network */
-
-OIDT vcx7[] = { VERISIGN_XTN, 7 }; /* Cert Extension 7 (?) */
-OIDT vcp1[] = { VERISIGN_TNET, 1 }; /* class 1 cert policy */
-OIDT vcp2[] = { VERISIGN_TNET, 2 }; /* class 2 cert policy */
-OIDT vcp3[] = { VERISIGN_TNET, 3 }; /* class 3 cert policy */
-OIDT vcp4[] = { VERISIGN_TNET, 4 }; /* class 4 cert policy */
+#define VERISIGN_POL VERISIGN_PKI, 7 /* Cert policies */
+#define VERISIGN_TNET VERISIGN_POL, 23 /* Verisign Trust Network */
+OIDT vcx7[] = { VERISIGN_XTN, 7 }; /* Cert Extension 7 (?) */
+OIDT vcp1[] = { VERISIGN_TNET, 1 }; /* class 1 cert policy */
+OIDT vcp2[] = { VERISIGN_TNET, 2 }; /* class 2 cert policy */
+OIDT vcp3[] = { VERISIGN_TNET, 3 }; /* class 3 cert policy */
+OIDT vcp4[] = { VERISIGN_TNET, 4 }; /* class 4 cert policy */
/* ------------------------------------------------------------------- */
static const SECOidData oids[] = {
-/* OIW Security Special Interest Group OIDs */
- ODN( oiwMD5RSA, "OIWSecSIG MD5 with RSA"),
- ODN( oiwDESCBC, "OIWSecSIG DES CBC"),
- ODN( oiwRSAsig, "OIWSecSIG RSA signature"),
- ODN( oiwDSA , "OIWSecSIG DSA"),
- ODN( oiwMD5RSAsig, "OIWSecSIG MD5 with RSA signature"),
- ODN( oiwSHA1 , "OIWSecSIG SHA1"),
- ODN( oiwDSASHA1, "OIWSecSIG DSA with SHA1"),
- ODN( oiwDSASHA1param, "OIWSecSIG DSA with SHA1 with params"),
- ODN( oiwSHA1RSA, "OIWSecSIG MD5 with RSA"),
-
-/* Microsoft OIDs */
- ODN( mCTL, "Microsoft Cert Trust List signing"),
- ODN( mTSS, "Microsoft Time Stamp signing"),
- ODN( mSGC, "Microsoft SGC SSL server"),
- ODN( mEFS, "Microsoft Encrypted File System"),
- ODN( mSMIME, "Microsoft SMIME preferences"),
- ODN( mECRTT, "Microsoft Enrollment Cert Type Extension"),
- ODN( mEAGNT, "Microsoft Enrollment Agent"),
- ODN( mKPSCL, "Microsoft KP SmartCard Logon"),
- ODN( mNTPN, "Microsoft NT Principal Name"),
- ODN( mCASRV, "Microsoft CertServ CA version"),
-
-/* PKIX OIDs */
- ODN( padOCSP, "PKIX OCSP method"),
- ODN( padCAissuer, "PKIX CA Issuer method"),
- ODN( padTimeStamp, "PKIX Time Stamping method"),
-
-/* ID_CE OIDs. */
- ODN( cePlcyObs, "Certificate Policies (Obsolete)"),
- ODN( cePlcyCns, "Certificate Policy Constraints"),
-
-/* Verisign OIDs. */
- ODN( vcx7, "Verisign Cert Extension 7 (?)"),
- ODN( vcp1, "Verisign Class 1 Certificate Policy"),
- ODN( vcp2, "Verisign Class 2 Certificate Policy"),
- ODN( vcp3, "Verisign Class 3 Certificate Policy"),
- ODN( vcp4, "Verisign Class 4 Certificate Policy"),
+ /* OIW Security Special Interest Group OIDs */
+ ODN(oiwMD5RSA, "OIWSecSIG MD5 with RSA"),
+ ODN(oiwDESCBC, "OIWSecSIG DES CBC"),
+ ODN(oiwRSAsig, "OIWSecSIG RSA signature"),
+ ODN(oiwDSA, "OIWSecSIG DSA"),
+ ODN(oiwMD5RSAsig, "OIWSecSIG MD5 with RSA signature"),
+ ODN(oiwSHA1, "OIWSecSIG SHA1"),
+ ODN(oiwDSASHA1, "OIWSecSIG DSA with SHA1"),
+ ODN(oiwDSASHA1param, "OIWSecSIG DSA with SHA1 with params"),
+ ODN(oiwSHA1RSA, "OIWSecSIG MD5 with RSA"),
+
+ /* Microsoft OIDs */
+ ODN(mCTL, "Microsoft Cert Trust List signing"),
+ ODN(mTSS, "Microsoft Time Stamp signing"),
+ ODN(mSGC, "Microsoft SGC SSL server"),
+ ODN(mEFS, "Microsoft Encrypted File System"),
+ ODN(mSMIME, "Microsoft SMIME preferences"),
+ ODN(mECRTT, "Microsoft Enrollment Cert Type Extension"),
+ ODN(mEAGNT, "Microsoft Enrollment Agent"),
+ ODN(mKPSCL, "Microsoft KP SmartCard Logon"),
+ ODN(mNTPN, "Microsoft NT Principal Name"),
+ ODN(mCASRV, "Microsoft CertServ CA version"),
+
+ /* PKIX OIDs */
+ ODN(padOCSP, "PKIX OCSP method"),
+ ODN(padCAissuer, "PKIX CA Issuer method"),
+ ODN(padTimeStamp, "PKIX Time Stamping method"),
+
+ /* ID_CE OIDs. */
+ ODN(cePlcyObs, "Certificate Policies (Obsolete)"),
+ ODN(cePlcyCns, "Certificate Policy Constraints"),
+
+ /* Verisign OIDs. */
+ ODN(vcx7, "Verisign Cert Extension 7 (?)"),
+ ODN(vcp1, "Verisign Class 1 Certificate Policy"),
+ ODN(vcp2, "Verisign Class 2 Certificate Policy"),
+ ODN(vcp3, "Verisign Class 3 Certificate Policy"),
+ ODN(vcp4, "Verisign Class 4 Certificate Policy"),
};
@@ -145,15 +153,15 @@ SECU_RegisterDynamicOids(void)
SECStatus rv = SECSuccess;
for (i = 0; i < numOids; ++i) {
- SECOidTag tag = SECOID_AddEntry(&oids[i]);
- if (tag == SEC_OID_UNKNOWN) {
- rv = SECFailure;
+ SECOidTag tag = SECOID_AddEntry(&oids[i]);
+ if (tag == SEC_OID_UNKNOWN) {
+ rv = SECFailure;
#ifdef DEBUG_DYN_OIDS
- fprintf(stderr, "Add OID[%d] failed\n", i);
- } else {
- fprintf(stderr, "Add OID[%d] returned tag %d\n", i, tag);
+ fprintf(stderr, "Add OID[%d] failed\n", i);
+ } else {
+ fprintf(stderr, "Add OID[%d] returned tag %d\n", i, tag);
#endif
- }
+ }
}
return rv;
}
diff --git a/cmd/lib/pk11table.c b/cmd/lib/pk11table.c
index f76dafe81..15c0a8d1e 100644
--- a/cmd/lib/pk11table.c
+++ b/cmd/lib/pk11table.c
@@ -22,7 +22,7 @@ const char *_valueString[] = {
};
const char **valueString = &_valueString[0];
-const int valueCount = sizeof(_valueString)/sizeof(_valueString[0]);
+const int valueCount = sizeof(_valueString) / sizeof(_valueString[0]);
const char *_constTypeString[] = {
"None",
@@ -48,1350 +48,1444 @@ const char *_constTypeString[] = {
};
const char **constTypeString = &_constTypeString[0];
-const int constTypeCount = sizeof(_constTypeString)/sizeof(_constTypeString[0]);
+const int constTypeCount = sizeof(_constTypeString) / sizeof(_constTypeString[0]);
-#define mkEntry(x,t) { #x, x, Const##t, ConstNone }
-#define mkEntry2(x,t,t2) { #x, x, Const##t, Const##t2 }
+#define mkEntry(x, t) \
+ { \
+ #x, x, Const##t, ConstNone \
+ }
+#define mkEntry2(x, t, t2) \
+ { \
+ #x, x, Const##t, Const##t2 \
+ }
const Constant _consts[] = {
- mkEntry(CK_FALSE, Bool),
- mkEntry(CK_TRUE, Bool),
+ mkEntry(CK_FALSE, Bool),
+ mkEntry(CK_TRUE, Bool),
- mkEntry(CKF_TOKEN_PRESENT, SlotFlags),
- mkEntry(CKF_REMOVABLE_DEVICE, SlotFlags),
- mkEntry(CKF_HW_SLOT, SlotFlags),
+ mkEntry(CKF_TOKEN_PRESENT, SlotFlags),
+ mkEntry(CKF_REMOVABLE_DEVICE, SlotFlags),
+ mkEntry(CKF_HW_SLOT, SlotFlags),
- mkEntry(CKF_RNG, TokenFlags),
- mkEntry(CKF_WRITE_PROTECTED, TokenFlags),
- mkEntry(CKF_LOGIN_REQUIRED, TokenFlags),
- mkEntry(CKF_USER_PIN_INITIALIZED, TokenFlags),
- mkEntry(CKF_RESTORE_KEY_NOT_NEEDED, TokenFlags),
- mkEntry(CKF_CLOCK_ON_TOKEN, TokenFlags),
- mkEntry(CKF_PROTECTED_AUTHENTICATION_PATH, TokenFlags),
- mkEntry(CKF_DUAL_CRYPTO_OPERATIONS, TokenFlags),
- mkEntry(CKF_TOKEN_INITIALIZED, TokenFlags),
- mkEntry(CKF_SECONDARY_AUTHENTICATION, TokenFlags),
- mkEntry(CKF_USER_PIN_COUNT_LOW, TokenFlags),
- mkEntry(CKF_USER_PIN_FINAL_TRY, TokenFlags),
- mkEntry(CKF_USER_PIN_LOCKED, TokenFlags),
- mkEntry(CKF_USER_PIN_TO_BE_CHANGED, TokenFlags),
- mkEntry(CKF_SO_PIN_COUNT_LOW, TokenFlags),
- mkEntry(CKF_SO_PIN_FINAL_TRY, TokenFlags),
- mkEntry(CKF_SO_PIN_LOCKED, TokenFlags),
- mkEntry(CKF_SO_PIN_TO_BE_CHANGED, TokenFlags),
+ mkEntry(CKF_RNG, TokenFlags),
+ mkEntry(CKF_WRITE_PROTECTED, TokenFlags),
+ mkEntry(CKF_LOGIN_REQUIRED, TokenFlags),
+ mkEntry(CKF_USER_PIN_INITIALIZED, TokenFlags),
+ mkEntry(CKF_RESTORE_KEY_NOT_NEEDED, TokenFlags),
+ mkEntry(CKF_CLOCK_ON_TOKEN, TokenFlags),
+ mkEntry(CKF_PROTECTED_AUTHENTICATION_PATH, TokenFlags),
+ mkEntry(CKF_DUAL_CRYPTO_OPERATIONS, TokenFlags),
+ mkEntry(CKF_TOKEN_INITIALIZED, TokenFlags),
+ mkEntry(CKF_SECONDARY_AUTHENTICATION, TokenFlags),
+ mkEntry(CKF_USER_PIN_COUNT_LOW, TokenFlags),
+ mkEntry(CKF_USER_PIN_FINAL_TRY, TokenFlags),
+ mkEntry(CKF_USER_PIN_LOCKED, TokenFlags),
+ mkEntry(CKF_USER_PIN_TO_BE_CHANGED, TokenFlags),
+ mkEntry(CKF_SO_PIN_COUNT_LOW, TokenFlags),
+ mkEntry(CKF_SO_PIN_FINAL_TRY, TokenFlags),
+ mkEntry(CKF_SO_PIN_LOCKED, TokenFlags),
+ mkEntry(CKF_SO_PIN_TO_BE_CHANGED, TokenFlags),
- mkEntry(CKF_RW_SESSION, SessionFlags),
- mkEntry(CKF_SERIAL_SESSION, SessionFlags),
+ mkEntry(CKF_RW_SESSION, SessionFlags),
+ mkEntry(CKF_SERIAL_SESSION, SessionFlags),
- mkEntry(CKF_HW, MechanismFlags),
- mkEntry(CKF_ENCRYPT, MechanismFlags),
- mkEntry(CKF_DECRYPT, MechanismFlags),
- mkEntry(CKF_DIGEST, MechanismFlags),
- mkEntry(CKF_SIGN, MechanismFlags),
- mkEntry(CKF_SIGN_RECOVER, MechanismFlags),
- mkEntry(CKF_VERIFY, MechanismFlags),
- mkEntry(CKF_VERIFY_RECOVER, MechanismFlags),
- mkEntry(CKF_GENERATE, MechanismFlags),
- mkEntry(CKF_GENERATE_KEY_PAIR, MechanismFlags),
- mkEntry(CKF_WRAP, MechanismFlags),
- mkEntry(CKF_UNWRAP, MechanismFlags),
- mkEntry(CKF_DERIVE, MechanismFlags),
- mkEntry(CKF_EC_FP, MechanismFlags),
- mkEntry(CKF_EC_F_2M, MechanismFlags),
- mkEntry(CKF_EC_ECPARAMETERS, MechanismFlags),
- mkEntry(CKF_EC_NAMEDCURVE, MechanismFlags),
- mkEntry(CKF_EC_UNCOMPRESS, MechanismFlags),
- mkEntry(CKF_EC_COMPRESS, MechanismFlags),
+ mkEntry(CKF_HW, MechanismFlags),
+ mkEntry(CKF_ENCRYPT, MechanismFlags),
+ mkEntry(CKF_DECRYPT, MechanismFlags),
+ mkEntry(CKF_DIGEST, MechanismFlags),
+ mkEntry(CKF_SIGN, MechanismFlags),
+ mkEntry(CKF_SIGN_RECOVER, MechanismFlags),
+ mkEntry(CKF_VERIFY, MechanismFlags),
+ mkEntry(CKF_VERIFY_RECOVER, MechanismFlags),
+ mkEntry(CKF_GENERATE, MechanismFlags),
+ mkEntry(CKF_GENERATE_KEY_PAIR, MechanismFlags),
+ mkEntry(CKF_WRAP, MechanismFlags),
+ mkEntry(CKF_UNWRAP, MechanismFlags),
+ mkEntry(CKF_DERIVE, MechanismFlags),
+ mkEntry(CKF_EC_FP, MechanismFlags),
+ mkEntry(CKF_EC_F_2M, MechanismFlags),
+ mkEntry(CKF_EC_ECPARAMETERS, MechanismFlags),
+ mkEntry(CKF_EC_NAMEDCURVE, MechanismFlags),
+ mkEntry(CKF_EC_UNCOMPRESS, MechanismFlags),
+ mkEntry(CKF_EC_COMPRESS, MechanismFlags),
- mkEntry(CKF_LIBRARY_CANT_CREATE_OS_THREADS, InitializeFlags),
- mkEntry(CKF_OS_LOCKING_OK, InitializeFlags),
+ mkEntry(CKF_LIBRARY_CANT_CREATE_OS_THREADS, InitializeFlags),
+ mkEntry(CKF_OS_LOCKING_OK, InitializeFlags),
- mkEntry(CKU_SO, Users),
- mkEntry(CKU_USER, Users),
+ mkEntry(CKU_SO, Users),
+ mkEntry(CKU_USER, Users),
- mkEntry(CKS_RO_PUBLIC_SESSION, SessionState),
- mkEntry(CKS_RO_USER_FUNCTIONS, SessionState),
- mkEntry(CKS_RW_PUBLIC_SESSION, SessionState),
- mkEntry(CKS_RW_USER_FUNCTIONS, SessionState),
- mkEntry(CKS_RW_SO_FUNCTIONS, SessionState),
+ mkEntry(CKS_RO_PUBLIC_SESSION, SessionState),
+ mkEntry(CKS_RO_USER_FUNCTIONS, SessionState),
+ mkEntry(CKS_RW_PUBLIC_SESSION, SessionState),
+ mkEntry(CKS_RW_USER_FUNCTIONS, SessionState),
+ mkEntry(CKS_RW_SO_FUNCTIONS, SessionState),
- mkEntry(CKO_DATA, Object),
- mkEntry(CKO_CERTIFICATE, Object),
- mkEntry(CKO_PUBLIC_KEY, Object),
- mkEntry(CKO_PRIVATE_KEY, Object),
- mkEntry(CKO_SECRET_KEY, Object),
- mkEntry(CKO_HW_FEATURE, Object),
- mkEntry(CKO_DOMAIN_PARAMETERS, Object),
- mkEntry(CKO_KG_PARAMETERS, Object),
- mkEntry(CKO_NSS_CRL, Object),
- mkEntry(CKO_NSS_SMIME, Object),
- mkEntry(CKO_NSS_TRUST, Object),
- mkEntry(CKO_NSS_BUILTIN_ROOT_LIST, Object),
+ mkEntry(CKO_DATA, Object),
+ mkEntry(CKO_CERTIFICATE, Object),
+ mkEntry(CKO_PUBLIC_KEY, Object),
+ mkEntry(CKO_PRIVATE_KEY, Object),
+ mkEntry(CKO_SECRET_KEY, Object),
+ mkEntry(CKO_HW_FEATURE, Object),
+ mkEntry(CKO_DOMAIN_PARAMETERS, Object),
+ mkEntry(CKO_KG_PARAMETERS, Object),
+ mkEntry(CKO_NSS_CRL, Object),
+ mkEntry(CKO_NSS_SMIME, Object),
+ mkEntry(CKO_NSS_TRUST, Object),
+ mkEntry(CKO_NSS_BUILTIN_ROOT_LIST, Object),
- mkEntry(CKH_MONOTONIC_COUNTER, Hardware),
- mkEntry(CKH_CLOCK, Hardware),
+ mkEntry(CKH_MONOTONIC_COUNTER, Hardware),
+ mkEntry(CKH_CLOCK, Hardware),
- mkEntry(CKK_RSA, KeyType),
- mkEntry(CKK_DSA, KeyType),
- mkEntry(CKK_DH, KeyType),
- mkEntry(CKK_ECDSA, KeyType),
- mkEntry(CKK_EC, KeyType),
- mkEntry(CKK_X9_42_DH, KeyType),
- mkEntry(CKK_KEA, KeyType),
- mkEntry(CKK_GENERIC_SECRET, KeyType),
- mkEntry(CKK_RC2, KeyType),
- mkEntry(CKK_RC4, KeyType),
- mkEntry(CKK_DES, KeyType),
- mkEntry(CKK_DES2, KeyType),
- mkEntry(CKK_DES3, KeyType),
- mkEntry(CKK_CAST, KeyType),
- mkEntry(CKK_CAST3, KeyType),
- mkEntry(CKK_CAST5, KeyType),
- mkEntry(CKK_CAST128, KeyType),
- mkEntry(CKK_RC5, KeyType),
- mkEntry(CKK_IDEA, KeyType),
- mkEntry(CKK_SKIPJACK, KeyType),
- mkEntry(CKK_BATON, KeyType),
- mkEntry(CKK_JUNIPER, KeyType),
- mkEntry(CKK_CDMF, KeyType),
- mkEntry(CKK_AES, KeyType),
- mkEntry(CKK_CAMELLIA, KeyType),
- mkEntry(CKK_NSS_PKCS8, KeyType),
+ mkEntry(CKK_RSA, KeyType),
+ mkEntry(CKK_DSA, KeyType),
+ mkEntry(CKK_DH, KeyType),
+ mkEntry(CKK_ECDSA, KeyType),
+ mkEntry(CKK_EC, KeyType),
+ mkEntry(CKK_X9_42_DH, KeyType),
+ mkEntry(CKK_KEA, KeyType),
+ mkEntry(CKK_GENERIC_SECRET, KeyType),
+ mkEntry(CKK_RC2, KeyType),
+ mkEntry(CKK_RC4, KeyType),
+ mkEntry(CKK_DES, KeyType),
+ mkEntry(CKK_DES2, KeyType),
+ mkEntry(CKK_DES3, KeyType),
+ mkEntry(CKK_CAST, KeyType),
+ mkEntry(CKK_CAST3, KeyType),
+ mkEntry(CKK_CAST5, KeyType),
+ mkEntry(CKK_CAST128, KeyType),
+ mkEntry(CKK_RC5, KeyType),
+ mkEntry(CKK_IDEA, KeyType),
+ mkEntry(CKK_SKIPJACK, KeyType),
+ mkEntry(CKK_BATON, KeyType),
+ mkEntry(CKK_JUNIPER, KeyType),
+ mkEntry(CKK_CDMF, KeyType),
+ mkEntry(CKK_AES, KeyType),
+ mkEntry(CKK_CAMELLIA, KeyType),
+ mkEntry(CKK_NSS_PKCS8, KeyType),
- mkEntry(CKC_X_509, CertType),
- mkEntry(CKC_X_509_ATTR_CERT, CertType),
+ mkEntry(CKC_X_509, CertType),
+ mkEntry(CKC_X_509_ATTR_CERT, CertType),
- mkEntry2(CKA_CLASS, Attribute, Object),
- mkEntry2(CKA_TOKEN, Attribute, Bool),
- mkEntry2(CKA_PRIVATE, Attribute, Bool),
- mkEntry2(CKA_LABEL, Attribute, None),
- mkEntry2(CKA_APPLICATION, Attribute, None),
- mkEntry2(CKA_VALUE, Attribute, None),
- mkEntry2(CKA_OBJECT_ID, Attribute, None),
- mkEntry2(CKA_CERTIFICATE_TYPE, Attribute, CertType),
- mkEntry2(CKA_ISSUER, Attribute, None),
- mkEntry2(CKA_SERIAL_NUMBER, Attribute, None),
- mkEntry2(CKA_AC_ISSUER, Attribute, None),
- mkEntry2(CKA_OWNER, Attribute, None),
- mkEntry2(CKA_ATTR_TYPES, Attribute, None),
- mkEntry2(CKA_TRUSTED, Attribute, Bool),
- mkEntry2(CKA_KEY_TYPE, Attribute, KeyType),
- mkEntry2(CKA_SUBJECT, Attribute, None),
- mkEntry2(CKA_ID, Attribute, None),
- mkEntry2(CKA_SENSITIVE, Attribute, Bool),
- mkEntry2(CKA_ENCRYPT, Attribute, Bool),
- mkEntry2(CKA_DECRYPT, Attribute, Bool),
- mkEntry2(CKA_WRAP, Attribute, Bool),
- mkEntry2(CKA_UNWRAP, Attribute, Bool),
- mkEntry2(CKA_SIGN, Attribute, Bool),
- mkEntry2(CKA_SIGN_RECOVER, Attribute, Bool),
- mkEntry2(CKA_VERIFY, Attribute, Bool),
- mkEntry2(CKA_VERIFY_RECOVER, Attribute, Bool),
- mkEntry2(CKA_DERIVE, Attribute, Bool),
- mkEntry2(CKA_START_DATE, Attribute, None),
- mkEntry2(CKA_END_DATE, Attribute, None),
- mkEntry2(CKA_MODULUS, Attribute, None),
- mkEntry2(CKA_MODULUS_BITS, Attribute, None),
- mkEntry2(CKA_PUBLIC_EXPONENT, Attribute, None),
- mkEntry2(CKA_PRIVATE_EXPONENT, Attribute, None),
- mkEntry2(CKA_PRIME_1, Attribute, None),
- mkEntry2(CKA_PRIME_2, Attribute, None),
- mkEntry2(CKA_EXPONENT_1, Attribute, None),
- mkEntry2(CKA_EXPONENT_2, Attribute, None),
- mkEntry2(CKA_COEFFICIENT, Attribute, None),
- mkEntry2(CKA_PRIME, Attribute, None),
- mkEntry2(CKA_SUBPRIME, Attribute, None),
- mkEntry2(CKA_BASE, Attribute, None),
- mkEntry2(CKA_PRIME_BITS, Attribute, None),
- mkEntry2(CKA_SUB_PRIME_BITS, Attribute, None),
- mkEntry2(CKA_VALUE_BITS, Attribute, None),
- mkEntry2(CKA_VALUE_LEN, Attribute, None),
- mkEntry2(CKA_EXTRACTABLE, Attribute, Bool),
- mkEntry2(CKA_LOCAL, Attribute, Bool),
- mkEntry2(CKA_NEVER_EXTRACTABLE, Attribute, Bool),
- mkEntry2(CKA_ALWAYS_SENSITIVE, Attribute, Bool),
- mkEntry2(CKA_KEY_GEN_MECHANISM, Attribute, Mechanism),
- mkEntry2(CKA_MODIFIABLE, Attribute, Bool),
- mkEntry2(CKA_ECDSA_PARAMS, Attribute, None),
- mkEntry2(CKA_EC_PARAMS, Attribute, None),
- mkEntry2(CKA_EC_POINT, Attribute, None),
- mkEntry2(CKA_SECONDARY_AUTH, Attribute, None),
- mkEntry2(CKA_AUTH_PIN_FLAGS, Attribute, None),
- mkEntry2(CKA_HW_FEATURE_TYPE, Attribute, Hardware),
- mkEntry2(CKA_RESET_ON_INIT, Attribute, Bool),
- mkEntry2(CKA_HAS_RESET, Attribute, Bool),
- mkEntry2(CKA_NSS_URL, Attribute, None),
- mkEntry2(CKA_NSS_EMAIL, Attribute, None),
- mkEntry2(CKA_NSS_SMIME_INFO, Attribute, None),
- mkEntry2(CKA_NSS_SMIME_TIMESTAMP, Attribute, None),
- mkEntry2(CKA_NSS_PKCS8_SALT, Attribute, None),
- mkEntry2(CKA_NSS_PASSWORD_CHECK, Attribute, None),
- mkEntry2(CKA_NSS_EXPIRES, Attribute, None),
- mkEntry2(CKA_NSS_KRL, Attribute, None),
- mkEntry2(CKA_NSS_PQG_COUNTER, Attribute, None),
- mkEntry2(CKA_NSS_PQG_SEED, Attribute, None),
- mkEntry2(CKA_NSS_PQG_H, Attribute, None),
- mkEntry2(CKA_NSS_PQG_SEED_BITS, Attribute, None),
- mkEntry2(CKA_TRUST_DIGITAL_SIGNATURE, Attribute, Trust),
- mkEntry2(CKA_TRUST_NON_REPUDIATION, Attribute, Trust),
- mkEntry2(CKA_TRUST_KEY_ENCIPHERMENT, Attribute, Trust),
- mkEntry2(CKA_TRUST_DATA_ENCIPHERMENT, Attribute, Trust),
- mkEntry2(CKA_TRUST_KEY_AGREEMENT, Attribute, Trust),
- mkEntry2(CKA_TRUST_KEY_CERT_SIGN, Attribute, Trust),
- mkEntry2(CKA_TRUST_CRL_SIGN, Attribute, Trust),
- mkEntry2(CKA_TRUST_SERVER_AUTH, Attribute, Trust),
- mkEntry2(CKA_TRUST_CLIENT_AUTH, Attribute, Trust),
- mkEntry2(CKA_TRUST_CODE_SIGNING, Attribute, Trust),
- mkEntry2(CKA_TRUST_EMAIL_PROTECTION, Attribute, Trust),
- mkEntry2(CKA_TRUST_IPSEC_END_SYSTEM, Attribute, Trust),
- mkEntry2(CKA_TRUST_IPSEC_TUNNEL, Attribute, Trust),
- mkEntry2(CKA_TRUST_IPSEC_USER, Attribute, Trust),
- mkEntry2(CKA_TRUST_TIME_STAMPING, Attribute, Trust),
- mkEntry2(CKA_CERT_SHA1_HASH, Attribute, None),
- mkEntry2(CKA_CERT_MD5_HASH, Attribute, None),
- mkEntry2(CKA_NETSCAPE_DB, Attribute, None),
- mkEntry2(CKA_NETSCAPE_TRUST, Attribute, Trust),
+ mkEntry2(CKA_CLASS, Attribute, Object),
+ mkEntry2(CKA_TOKEN, Attribute, Bool),
+ mkEntry2(CKA_PRIVATE, Attribute, Bool),
+ mkEntry2(CKA_LABEL, Attribute, None),
+ mkEntry2(CKA_APPLICATION, Attribute, None),
+ mkEntry2(CKA_VALUE, Attribute, None),
+ mkEntry2(CKA_OBJECT_ID, Attribute, None),
+ mkEntry2(CKA_CERTIFICATE_TYPE, Attribute, CertType),
+ mkEntry2(CKA_ISSUER, Attribute, None),
+ mkEntry2(CKA_SERIAL_NUMBER, Attribute, None),
+ mkEntry2(CKA_AC_ISSUER, Attribute, None),
+ mkEntry2(CKA_OWNER, Attribute, None),
+ mkEntry2(CKA_ATTR_TYPES, Attribute, None),
+ mkEntry2(CKA_TRUSTED, Attribute, Bool),
+ mkEntry2(CKA_KEY_TYPE, Attribute, KeyType),
+ mkEntry2(CKA_SUBJECT, Attribute, None),
+ mkEntry2(CKA_ID, Attribute, None),
+ mkEntry2(CKA_SENSITIVE, Attribute, Bool),
+ mkEntry2(CKA_ENCRYPT, Attribute, Bool),
+ mkEntry2(CKA_DECRYPT, Attribute, Bool),
+ mkEntry2(CKA_WRAP, Attribute, Bool),
+ mkEntry2(CKA_UNWRAP, Attribute, Bool),
+ mkEntry2(CKA_SIGN, Attribute, Bool),
+ mkEntry2(CKA_SIGN_RECOVER, Attribute, Bool),
+ mkEntry2(CKA_VERIFY, Attribute, Bool),
+ mkEntry2(CKA_VERIFY_RECOVER, Attribute, Bool),
+ mkEntry2(CKA_DERIVE, Attribute, Bool),
+ mkEntry2(CKA_START_DATE, Attribute, None),
+ mkEntry2(CKA_END_DATE, Attribute, None),
+ mkEntry2(CKA_MODULUS, Attribute, None),
+ mkEntry2(CKA_MODULUS_BITS, Attribute, None),
+ mkEntry2(CKA_PUBLIC_EXPONENT, Attribute, None),
+ mkEntry2(CKA_PRIVATE_EXPONENT, Attribute, None),
+ mkEntry2(CKA_PRIME_1, Attribute, None),
+ mkEntry2(CKA_PRIME_2, Attribute, None),
+ mkEntry2(CKA_EXPONENT_1, Attribute, None),
+ mkEntry2(CKA_EXPONENT_2, Attribute, None),
+ mkEntry2(CKA_COEFFICIENT, Attribute, None),
+ mkEntry2(CKA_PRIME, Attribute, None),
+ mkEntry2(CKA_SUBPRIME, Attribute, None),
+ mkEntry2(CKA_BASE, Attribute, None),
+ mkEntry2(CKA_PRIME_BITS, Attribute, None),
+ mkEntry2(CKA_SUB_PRIME_BITS, Attribute, None),
+ mkEntry2(CKA_VALUE_BITS, Attribute, None),
+ mkEntry2(CKA_VALUE_LEN, Attribute, None),
+ mkEntry2(CKA_EXTRACTABLE, Attribute, Bool),
+ mkEntry2(CKA_LOCAL, Attribute, Bool),
+ mkEntry2(CKA_NEVER_EXTRACTABLE, Attribute, Bool),
+ mkEntry2(CKA_ALWAYS_SENSITIVE, Attribute, Bool),
+ mkEntry2(CKA_KEY_GEN_MECHANISM, Attribute, Mechanism),
+ mkEntry2(CKA_MODIFIABLE, Attribute, Bool),
+ mkEntry2(CKA_ECDSA_PARAMS, Attribute, None),
+ mkEntry2(CKA_EC_PARAMS, Attribute, None),
+ mkEntry2(CKA_EC_POINT, Attribute, None),
+ mkEntry2(CKA_SECONDARY_AUTH, Attribute, None),
+ mkEntry2(CKA_AUTH_PIN_FLAGS, Attribute, None),
+ mkEntry2(CKA_HW_FEATURE_TYPE, Attribute, Hardware),
+ mkEntry2(CKA_RESET_ON_INIT, Attribute, Bool),
+ mkEntry2(CKA_HAS_RESET, Attribute, Bool),
+ mkEntry2(CKA_NSS_URL, Attribute, None),
+ mkEntry2(CKA_NSS_EMAIL, Attribute, None),
+ mkEntry2(CKA_NSS_SMIME_INFO, Attribute, None),
+ mkEntry2(CKA_NSS_SMIME_TIMESTAMP, Attribute, None),
+ mkEntry2(CKA_NSS_PKCS8_SALT, Attribute, None),
+ mkEntry2(CKA_NSS_PASSWORD_CHECK, Attribute, None),
+ mkEntry2(CKA_NSS_EXPIRES, Attribute, None),
+ mkEntry2(CKA_NSS_KRL, Attribute, None),
+ mkEntry2(CKA_NSS_PQG_COUNTER, Attribute, None),
+ mkEntry2(CKA_NSS_PQG_SEED, Attribute, None),
+ mkEntry2(CKA_NSS_PQG_H, Attribute, None),
+ mkEntry2(CKA_NSS_PQG_SEED_BITS, Attribute, None),
+ mkEntry2(CKA_TRUST_DIGITAL_SIGNATURE, Attribute, Trust),
+ mkEntry2(CKA_TRUST_NON_REPUDIATION, Attribute, Trust),
+ mkEntry2(CKA_TRUST_KEY_ENCIPHERMENT, Attribute, Trust),
+ mkEntry2(CKA_TRUST_DATA_ENCIPHERMENT, Attribute, Trust),
+ mkEntry2(CKA_TRUST_KEY_AGREEMENT, Attribute, Trust),
+ mkEntry2(CKA_TRUST_KEY_CERT_SIGN, Attribute, Trust),
+ mkEntry2(CKA_TRUST_CRL_SIGN, Attribute, Trust),
+ mkEntry2(CKA_TRUST_SERVER_AUTH, Attribute, Trust),
+ mkEntry2(CKA_TRUST_CLIENT_AUTH, Attribute, Trust),
+ mkEntry2(CKA_TRUST_CODE_SIGNING, Attribute, Trust),
+ mkEntry2(CKA_TRUST_EMAIL_PROTECTION, Attribute, Trust),
+ mkEntry2(CKA_TRUST_IPSEC_END_SYSTEM, Attribute, Trust),
+ mkEntry2(CKA_TRUST_IPSEC_TUNNEL, Attribute, Trust),
+ mkEntry2(CKA_TRUST_IPSEC_USER, Attribute, Trust),
+ mkEntry2(CKA_TRUST_TIME_STAMPING, Attribute, Trust),
+ mkEntry2(CKA_CERT_SHA1_HASH, Attribute, None),
+ mkEntry2(CKA_CERT_MD5_HASH, Attribute, None),
+ mkEntry2(CKA_NETSCAPE_DB, Attribute, None),
+ mkEntry2(CKA_NETSCAPE_TRUST, Attribute, Trust),
- mkEntry(CKM_RSA_PKCS, Mechanism),
- mkEntry(CKM_RSA_9796, Mechanism),
- mkEntry(CKM_RSA_X_509, Mechanism),
- mkEntry(CKM_RSA_PKCS_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_MD2_RSA_PKCS, Mechanism),
- mkEntry(CKM_MD5_RSA_PKCS, Mechanism),
- mkEntry(CKM_SHA1_RSA_PKCS, Mechanism),
- mkEntry(CKM_RIPEMD128_RSA_PKCS, Mechanism),
- mkEntry(CKM_RIPEMD160_RSA_PKCS, Mechanism),
- mkEntry(CKM_RSA_PKCS_OAEP, Mechanism),
- mkEntry(CKM_RSA_X9_31_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_RSA_X9_31, Mechanism),
- mkEntry(CKM_SHA1_RSA_X9_31, Mechanism),
- mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_DSA, Mechanism),
- mkEntry(CKM_DSA_SHA1, Mechanism),
- mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_DH_PKCS_DERIVE, Mechanism),
- mkEntry(CKM_X9_42_DH_DERIVE, Mechanism),
- mkEntry(CKM_X9_42_DH_HYBRID_DERIVE, Mechanism),
- mkEntry(CKM_X9_42_MQV_DERIVE, Mechanism),
- mkEntry(CKM_SHA256_RSA_PKCS, Mechanism),
- mkEntry(CKM_SHA384_RSA_PKCS, Mechanism),
- mkEntry(CKM_SHA512_RSA_PKCS, Mechanism),
- mkEntry(CKM_RC2_KEY_GEN, Mechanism),
- mkEntry(CKM_RC2_ECB, Mechanism),
- mkEntry(CKM_RC2_CBC, Mechanism),
- mkEntry(CKM_RC2_MAC, Mechanism),
- mkEntry(CKM_RC2_MAC_GENERAL, Mechanism),
- mkEntry(CKM_RC2_CBC_PAD, Mechanism),
- mkEntry(CKM_RC4_KEY_GEN, Mechanism),
- mkEntry(CKM_RC4, Mechanism),
- mkEntry(CKM_DES_KEY_GEN, Mechanism),
- mkEntry(CKM_DES_ECB, Mechanism),
- mkEntry(CKM_DES_CBC, Mechanism),
- mkEntry(CKM_DES_MAC, Mechanism),
- mkEntry(CKM_DES_MAC_GENERAL, Mechanism),
- mkEntry(CKM_DES_CBC_PAD, Mechanism),
- mkEntry(CKM_DES2_KEY_GEN, Mechanism),
- mkEntry(CKM_DES3_KEY_GEN, Mechanism),
- mkEntry(CKM_DES3_ECB, Mechanism),
- mkEntry(CKM_DES3_CBC, Mechanism),
- mkEntry(CKM_DES3_MAC, Mechanism),
- mkEntry(CKM_DES3_MAC_GENERAL, Mechanism),
- mkEntry(CKM_DES3_CBC_PAD, Mechanism),
- mkEntry(CKM_CDMF_KEY_GEN, Mechanism),
- mkEntry(CKM_CDMF_ECB, Mechanism),
- mkEntry(CKM_CDMF_CBC, Mechanism),
- mkEntry(CKM_CDMF_MAC, Mechanism),
- mkEntry(CKM_CDMF_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CDMF_CBC_PAD, Mechanism),
- mkEntry(CKM_MD2, Mechanism),
- mkEntry(CKM_MD2_HMAC, Mechanism),
- mkEntry(CKM_MD2_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_MD5, Mechanism),
- mkEntry(CKM_MD5_HMAC, Mechanism),
- mkEntry(CKM_MD5_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_SHA_1, Mechanism),
- mkEntry(CKM_SHA_1_HMAC, Mechanism),
- mkEntry(CKM_SHA_1_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_RIPEMD128, Mechanism),
- mkEntry(CKM_RIPEMD128_HMAC, Mechanism),
- mkEntry(CKM_RIPEMD128_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_RIPEMD160, Mechanism),
- mkEntry(CKM_RIPEMD160_HMAC, Mechanism),
- mkEntry(CKM_RIPEMD160_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_SHA256, Mechanism),
- mkEntry(CKM_SHA256_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_SHA256_HMAC, Mechanism),
- mkEntry(CKM_SHA384, Mechanism),
- mkEntry(CKM_SHA384_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_SHA384_HMAC, Mechanism),
- mkEntry(CKM_SHA512, Mechanism),
- mkEntry(CKM_SHA512_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_SHA512_HMAC, Mechanism),
- mkEntry(CKM_CAST_KEY_GEN, Mechanism),
- mkEntry(CKM_CAST_ECB, Mechanism),
- mkEntry(CKM_CAST_CBC, Mechanism),
- mkEntry(CKM_CAST_MAC, Mechanism),
- mkEntry(CKM_CAST_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CAST_CBC_PAD, Mechanism),
- mkEntry(CKM_CAST3_KEY_GEN, Mechanism),
- mkEntry(CKM_CAST3_ECB, Mechanism),
- mkEntry(CKM_CAST3_CBC, Mechanism),
- mkEntry(CKM_CAST3_MAC, Mechanism),
- mkEntry(CKM_CAST3_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CAST3_CBC_PAD, Mechanism),
- mkEntry(CKM_CAST5_KEY_GEN, Mechanism),
- mkEntry(CKM_CAST128_KEY_GEN, Mechanism),
- mkEntry(CKM_CAST5_ECB, Mechanism),
- mkEntry(CKM_CAST128_ECB, Mechanism),
- mkEntry(CKM_CAST5_CBC, Mechanism),
- mkEntry(CKM_CAST128_CBC, Mechanism),
- mkEntry(CKM_CAST5_MAC, Mechanism),
- mkEntry(CKM_CAST128_MAC, Mechanism),
- mkEntry(CKM_CAST5_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CAST128_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CAST5_CBC_PAD, Mechanism),
- mkEntry(CKM_CAST128_CBC_PAD, Mechanism),
- mkEntry(CKM_RC5_KEY_GEN, Mechanism),
- mkEntry(CKM_RC5_ECB, Mechanism),
- mkEntry(CKM_RC5_CBC, Mechanism),
- mkEntry(CKM_RC5_MAC, Mechanism),
- mkEntry(CKM_RC5_MAC_GENERAL, Mechanism),
- mkEntry(CKM_RC5_CBC_PAD, Mechanism),
- mkEntry(CKM_IDEA_KEY_GEN, Mechanism),
- mkEntry(CKM_IDEA_ECB, Mechanism),
- mkEntry(CKM_IDEA_CBC, Mechanism),
- mkEntry(CKM_IDEA_MAC, Mechanism),
- mkEntry(CKM_IDEA_MAC_GENERAL, Mechanism),
- mkEntry(CKM_IDEA_CBC_PAD, Mechanism),
- mkEntry(CKM_GENERIC_SECRET_KEY_GEN, Mechanism),
- mkEntry(CKM_CONCATENATE_BASE_AND_KEY, Mechanism),
- mkEntry(CKM_CONCATENATE_BASE_AND_DATA, Mechanism),
- mkEntry(CKM_CONCATENATE_DATA_AND_BASE, Mechanism),
- mkEntry(CKM_XOR_BASE_AND_DATA, Mechanism),
- mkEntry(CKM_EXTRACT_KEY_FROM_KEY, Mechanism),
- mkEntry(CKM_SSL3_PRE_MASTER_KEY_GEN, Mechanism),
- mkEntry(CKM_SSL3_MASTER_KEY_DERIVE, Mechanism),
- mkEntry(CKM_SSL3_KEY_AND_MAC_DERIVE, Mechanism),
- mkEntry(CKM_SSL3_MASTER_KEY_DERIVE_DH, Mechanism),
- mkEntry(CKM_TLS_PRE_MASTER_KEY_GEN, Mechanism),
- mkEntry(CKM_TLS_MASTER_KEY_DERIVE, Mechanism),
- mkEntry(CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256, Mechanism),
- mkEntry(CKM_TLS_KEY_AND_MAC_DERIVE, Mechanism),
- mkEntry(CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, Mechanism),
- mkEntry(CKM_TLS_MASTER_KEY_DERIVE_DH, Mechanism),
- mkEntry(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256, Mechanism),
- mkEntry(CKM_SSL3_MD5_MAC, Mechanism),
- mkEntry(CKM_SSL3_SHA1_MAC, Mechanism),
- mkEntry(CKM_MD5_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_MD2_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_SHA1_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_SHA256_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_SHA384_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_SHA512_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_PBE_MD2_DES_CBC, Mechanism),
- mkEntry(CKM_PBE_MD5_DES_CBC, Mechanism),
- mkEntry(CKM_PBE_MD5_CAST_CBC, Mechanism),
- mkEntry(CKM_PBE_MD5_CAST3_CBC, Mechanism),
- mkEntry(CKM_PBE_MD5_CAST5_CBC, Mechanism),
- mkEntry(CKM_PBE_MD5_CAST128_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_CAST5_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_CAST128_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_RC4_128, Mechanism),
- mkEntry(CKM_PBE_SHA1_RC4_40, Mechanism),
- mkEntry(CKM_PBE_SHA1_DES3_EDE_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_DES2_EDE_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_RC2_128_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_RC2_40_CBC, Mechanism),
- mkEntry(CKM_PKCS5_PBKD2, Mechanism),
- mkEntry(CKM_PBA_SHA1_WITH_SHA1_HMAC, Mechanism),
- mkEntry(CKM_KEY_WRAP_LYNKS, Mechanism),
- mkEntry(CKM_KEY_WRAP_SET_OAEP, Mechanism),
- mkEntry(CKM_SKIPJACK_KEY_GEN, Mechanism),
- mkEntry(CKM_SKIPJACK_ECB64, Mechanism),
- mkEntry(CKM_SKIPJACK_CBC64, Mechanism),
- mkEntry(CKM_SKIPJACK_OFB64, Mechanism),
- mkEntry(CKM_SKIPJACK_CFB64, Mechanism),
- mkEntry(CKM_SKIPJACK_CFB32, Mechanism),
- mkEntry(CKM_SKIPJACK_CFB16, Mechanism),
- mkEntry(CKM_SKIPJACK_CFB8, Mechanism),
- mkEntry(CKM_SKIPJACK_WRAP, Mechanism),
- mkEntry(CKM_SKIPJACK_PRIVATE_WRAP, Mechanism),
- mkEntry(CKM_SKIPJACK_RELAYX, Mechanism),
- mkEntry(CKM_KEA_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_KEA_KEY_DERIVE, Mechanism),
- mkEntry(CKM_FORTEZZA_TIMESTAMP, Mechanism),
- mkEntry(CKM_BATON_KEY_GEN, Mechanism),
- mkEntry(CKM_BATON_ECB128, Mechanism),
- mkEntry(CKM_BATON_ECB96, Mechanism),
- mkEntry(CKM_BATON_CBC128, Mechanism),
- mkEntry(CKM_BATON_COUNTER, Mechanism),
- mkEntry(CKM_BATON_SHUFFLE, Mechanism),
- mkEntry(CKM_BATON_WRAP, Mechanism),
- mkEntry(CKM_ECDSA_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_ECDSA, Mechanism),
- mkEntry(CKM_ECDSA_SHA1, Mechanism),
- mkEntry(CKM_ECDH1_DERIVE, Mechanism),
- mkEntry(CKM_ECDH1_COFACTOR_DERIVE, Mechanism),
- mkEntry(CKM_ECMQV_DERIVE, Mechanism),
- mkEntry(CKM_JUNIPER_KEY_GEN, Mechanism),
- mkEntry(CKM_JUNIPER_ECB128, Mechanism),
- mkEntry(CKM_JUNIPER_CBC128, Mechanism),
- mkEntry(CKM_JUNIPER_COUNTER, Mechanism),
- mkEntry(CKM_JUNIPER_SHUFFLE, Mechanism),
- mkEntry(CKM_JUNIPER_WRAP, Mechanism),
- mkEntry(CKM_FASTHASH, Mechanism),
- mkEntry(CKM_AES_KEY_GEN, Mechanism),
- mkEntry(CKM_AES_ECB, Mechanism),
- mkEntry(CKM_AES_CBC, Mechanism),
- mkEntry(CKM_AES_MAC, Mechanism),
- mkEntry(CKM_AES_MAC_GENERAL, Mechanism),
- mkEntry(CKM_AES_CBC_PAD, Mechanism),
- mkEntry(CKM_CAMELLIA_KEY_GEN, Mechanism),
- mkEntry(CKM_CAMELLIA_ECB, Mechanism),
- mkEntry(CKM_CAMELLIA_CBC, Mechanism),
- mkEntry(CKM_CAMELLIA_MAC, Mechanism),
- mkEntry(CKM_CAMELLIA_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CAMELLIA_CBC_PAD, Mechanism),
- mkEntry(CKM_SEED_KEY_GEN, Mechanism),
- mkEntry(CKM_SEED_ECB, Mechanism),
- mkEntry(CKM_SEED_CBC, Mechanism),
- mkEntry(CKM_SEED_MAC, Mechanism),
- mkEntry(CKM_SEED_MAC_GENERAL, Mechanism),
- mkEntry(CKM_SEED_CBC_PAD, Mechanism),
- mkEntry(CKM_SEED_ECB_ENCRYPT_DATA, Mechanism),
- mkEntry(CKM_SEED_CBC_ENCRYPT_DATA, Mechanism),
- mkEntry(CKM_DSA_PARAMETER_GEN, Mechanism),
- mkEntry(CKM_DH_PKCS_PARAMETER_GEN, Mechanism),
- mkEntry(CKM_NSS_AES_KEY_WRAP, Mechanism),
- mkEntry(CKM_NSS_AES_KEY_WRAP_PAD, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_DES_CBC, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, Mechanism),
- mkEntry(CKM_TLS_PRF_GENERAL, Mechanism),
- mkEntry(CKM_NSS_TLS_PRF_GENERAL_SHA256, Mechanism),
+ mkEntry(CKM_RSA_PKCS, Mechanism),
+ mkEntry(CKM_RSA_9796, Mechanism),
+ mkEntry(CKM_RSA_X_509, Mechanism),
+ mkEntry(CKM_RSA_PKCS_KEY_PAIR_GEN, Mechanism),
+ mkEntry(CKM_MD2_RSA_PKCS, Mechanism),
+ mkEntry(CKM_MD5_RSA_PKCS, Mechanism),
+ mkEntry(CKM_SHA1_RSA_PKCS, Mechanism),
+ mkEntry(CKM_RIPEMD128_RSA_PKCS, Mechanism),
+ mkEntry(CKM_RIPEMD160_RSA_PKCS, Mechanism),
+ mkEntry(CKM_RSA_PKCS_OAEP, Mechanism),
+ mkEntry(CKM_RSA_X9_31_KEY_PAIR_GEN, Mechanism),
+ mkEntry(CKM_RSA_X9_31, Mechanism),
+ mkEntry(CKM_SHA1_RSA_X9_31, Mechanism),
+ mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism),
+ mkEntry(CKM_DSA, Mechanism),
+ mkEntry(CKM_DSA_SHA1, Mechanism),
+ mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism),
+ mkEntry(CKM_DH_PKCS_DERIVE, Mechanism),
+ mkEntry(CKM_X9_42_DH_DERIVE, Mechanism),
+ mkEntry(CKM_X9_42_DH_HYBRID_DERIVE, Mechanism),
+ mkEntry(CKM_X9_42_MQV_DERIVE, Mechanism),
+ mkEntry(CKM_SHA256_RSA_PKCS, Mechanism),
+ mkEntry(CKM_SHA384_RSA_PKCS, Mechanism),
+ mkEntry(CKM_SHA512_RSA_PKCS, Mechanism),
+ mkEntry(CKM_RC2_KEY_GEN, Mechanism),
+ mkEntry(CKM_RC2_ECB, Mechanism),
+ mkEntry(CKM_RC2_CBC, Mechanism),
+ mkEntry(CKM_RC2_MAC, Mechanism),
+ mkEntry(CKM_RC2_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_RC2_CBC_PAD, Mechanism),
+ mkEntry(CKM_RC4_KEY_GEN, Mechanism),
+ mkEntry(CKM_RC4, Mechanism),
+ mkEntry(CKM_DES_KEY_GEN, Mechanism),
+ mkEntry(CKM_DES_ECB, Mechanism),
+ mkEntry(CKM_DES_CBC, Mechanism),
+ mkEntry(CKM_DES_MAC, Mechanism),
+ mkEntry(CKM_DES_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_DES_CBC_PAD, Mechanism),
+ mkEntry(CKM_DES2_KEY_GEN, Mechanism),
+ mkEntry(CKM_DES3_KEY_GEN, Mechanism),
+ mkEntry(CKM_DES3_ECB, Mechanism),
+ mkEntry(CKM_DES3_CBC, Mechanism),
+ mkEntry(CKM_DES3_MAC, Mechanism),
+ mkEntry(CKM_DES3_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_DES3_CBC_PAD, Mechanism),
+ mkEntry(CKM_CDMF_KEY_GEN, Mechanism),
+ mkEntry(CKM_CDMF_ECB, Mechanism),
+ mkEntry(CKM_CDMF_CBC, Mechanism),
+ mkEntry(CKM_CDMF_MAC, Mechanism),
+ mkEntry(CKM_CDMF_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_CDMF_CBC_PAD, Mechanism),
+ mkEntry(CKM_MD2, Mechanism),
+ mkEntry(CKM_MD2_HMAC, Mechanism),
+ mkEntry(CKM_MD2_HMAC_GENERAL, Mechanism),
+ mkEntry(CKM_MD5, Mechanism),
+ mkEntry(CKM_MD5_HMAC, Mechanism),
+ mkEntry(CKM_MD5_HMAC_GENERAL, Mechanism),
+ mkEntry(CKM_SHA_1, Mechanism),
+ mkEntry(CKM_SHA_1_HMAC, Mechanism),
+ mkEntry(CKM_SHA_1_HMAC_GENERAL, Mechanism),
+ mkEntry(CKM_RIPEMD128, Mechanism),
+ mkEntry(CKM_RIPEMD128_HMAC, Mechanism),
+ mkEntry(CKM_RIPEMD128_HMAC_GENERAL, Mechanism),
+ mkEntry(CKM_RIPEMD160, Mechanism),
+ mkEntry(CKM_RIPEMD160_HMAC, Mechanism),
+ mkEntry(CKM_RIPEMD160_HMAC_GENERAL, Mechanism),
+ mkEntry(CKM_SHA256, Mechanism),
+ mkEntry(CKM_SHA256_HMAC_GENERAL, Mechanism),
+ mkEntry(CKM_SHA256_HMAC, Mechanism),
+ mkEntry(CKM_SHA384, Mechanism),
+ mkEntry(CKM_SHA384_HMAC_GENERAL, Mechanism),
+ mkEntry(CKM_SHA384_HMAC, Mechanism),
+ mkEntry(CKM_SHA512, Mechanism),
+ mkEntry(CKM_SHA512_HMAC_GENERAL, Mechanism),
+ mkEntry(CKM_SHA512_HMAC, Mechanism),
+ mkEntry(CKM_CAST_KEY_GEN, Mechanism),
+ mkEntry(CKM_CAST_ECB, Mechanism),
+ mkEntry(CKM_CAST_CBC, Mechanism),
+ mkEntry(CKM_CAST_MAC, Mechanism),
+ mkEntry(CKM_CAST_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_CAST_CBC_PAD, Mechanism),
+ mkEntry(CKM_CAST3_KEY_GEN, Mechanism),
+ mkEntry(CKM_CAST3_ECB, Mechanism),
+ mkEntry(CKM_CAST3_CBC, Mechanism),
+ mkEntry(CKM_CAST3_MAC, Mechanism),
+ mkEntry(CKM_CAST3_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_CAST3_CBC_PAD, Mechanism),
+ mkEntry(CKM_CAST5_KEY_GEN, Mechanism),
+ mkEntry(CKM_CAST128_KEY_GEN, Mechanism),
+ mkEntry(CKM_CAST5_ECB, Mechanism),
+ mkEntry(CKM_CAST128_ECB, Mechanism),
+ mkEntry(CKM_CAST5_CBC, Mechanism),
+ mkEntry(CKM_CAST128_CBC, Mechanism),
+ mkEntry(CKM_CAST5_MAC, Mechanism),
+ mkEntry(CKM_CAST128_MAC, Mechanism),
+ mkEntry(CKM_CAST5_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_CAST128_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_CAST5_CBC_PAD, Mechanism),
+ mkEntry(CKM_CAST128_CBC_PAD, Mechanism),
+ mkEntry(CKM_RC5_KEY_GEN, Mechanism),
+ mkEntry(CKM_RC5_ECB, Mechanism),
+ mkEntry(CKM_RC5_CBC, Mechanism),
+ mkEntry(CKM_RC5_MAC, Mechanism),
+ mkEntry(CKM_RC5_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_RC5_CBC_PAD, Mechanism),
+ mkEntry(CKM_IDEA_KEY_GEN, Mechanism),
+ mkEntry(CKM_IDEA_ECB, Mechanism),
+ mkEntry(CKM_IDEA_CBC, Mechanism),
+ mkEntry(CKM_IDEA_MAC, Mechanism),
+ mkEntry(CKM_IDEA_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_IDEA_CBC_PAD, Mechanism),
+ mkEntry(CKM_GENERIC_SECRET_KEY_GEN, Mechanism),
+ mkEntry(CKM_CONCATENATE_BASE_AND_KEY, Mechanism),
+ mkEntry(CKM_CONCATENATE_BASE_AND_DATA, Mechanism),
+ mkEntry(CKM_CONCATENATE_DATA_AND_BASE, Mechanism),
+ mkEntry(CKM_XOR_BASE_AND_DATA, Mechanism),
+ mkEntry(CKM_EXTRACT_KEY_FROM_KEY, Mechanism),
+ mkEntry(CKM_SSL3_PRE_MASTER_KEY_GEN, Mechanism),
+ mkEntry(CKM_SSL3_MASTER_KEY_DERIVE, Mechanism),
+ mkEntry(CKM_SSL3_KEY_AND_MAC_DERIVE, Mechanism),
+ mkEntry(CKM_SSL3_MASTER_KEY_DERIVE_DH, Mechanism),
+ mkEntry(CKM_TLS_PRE_MASTER_KEY_GEN, Mechanism),
+ mkEntry(CKM_TLS_MASTER_KEY_DERIVE, Mechanism),
+ mkEntry(CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256, Mechanism),
+ mkEntry(CKM_TLS_KEY_AND_MAC_DERIVE, Mechanism),
+ mkEntry(CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, Mechanism),
+ mkEntry(CKM_TLS_MASTER_KEY_DERIVE_DH, Mechanism),
+ mkEntry(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256, Mechanism),
+ mkEntry(CKM_SSL3_MD5_MAC, Mechanism),
+ mkEntry(CKM_SSL3_SHA1_MAC, Mechanism),
+ mkEntry(CKM_MD5_KEY_DERIVATION, Mechanism),
+ mkEntry(CKM_MD2_KEY_DERIVATION, Mechanism),
+ mkEntry(CKM_SHA1_KEY_DERIVATION, Mechanism),
+ mkEntry(CKM_SHA256_KEY_DERIVATION, Mechanism),
+ mkEntry(CKM_SHA384_KEY_DERIVATION, Mechanism),
+ mkEntry(CKM_SHA512_KEY_DERIVATION, Mechanism),
+ mkEntry(CKM_PBE_MD2_DES_CBC, Mechanism),
+ mkEntry(CKM_PBE_MD5_DES_CBC, Mechanism),
+ mkEntry(CKM_PBE_MD5_CAST_CBC, Mechanism),
+ mkEntry(CKM_PBE_MD5_CAST3_CBC, Mechanism),
+ mkEntry(CKM_PBE_MD5_CAST5_CBC, Mechanism),
+ mkEntry(CKM_PBE_MD5_CAST128_CBC, Mechanism),
+ mkEntry(CKM_PBE_SHA1_CAST5_CBC, Mechanism),
+ mkEntry(CKM_PBE_SHA1_CAST128_CBC, Mechanism),
+ mkEntry(CKM_PBE_SHA1_RC4_128, Mechanism),
+ mkEntry(CKM_PBE_SHA1_RC4_40, Mechanism),
+ mkEntry(CKM_PBE_SHA1_DES3_EDE_CBC, Mechanism),
+ mkEntry(CKM_PBE_SHA1_DES2_EDE_CBC, Mechanism),
+ mkEntry(CKM_PBE_SHA1_RC2_128_CBC, Mechanism),
+ mkEntry(CKM_PBE_SHA1_RC2_40_CBC, Mechanism),
+ mkEntry(CKM_PKCS5_PBKD2, Mechanism),
+ mkEntry(CKM_PBA_SHA1_WITH_SHA1_HMAC, Mechanism),
+ mkEntry(CKM_KEY_WRAP_LYNKS, Mechanism),
+ mkEntry(CKM_KEY_WRAP_SET_OAEP, Mechanism),
+ mkEntry(CKM_SKIPJACK_KEY_GEN, Mechanism),
+ mkEntry(CKM_SKIPJACK_ECB64, Mechanism),
+ mkEntry(CKM_SKIPJACK_CBC64, Mechanism),
+ mkEntry(CKM_SKIPJACK_OFB64, Mechanism),
+ mkEntry(CKM_SKIPJACK_CFB64, Mechanism),
+ mkEntry(CKM_SKIPJACK_CFB32, Mechanism),
+ mkEntry(CKM_SKIPJACK_CFB16, Mechanism),
+ mkEntry(CKM_SKIPJACK_CFB8, Mechanism),
+ mkEntry(CKM_SKIPJACK_WRAP, Mechanism),
+ mkEntry(CKM_SKIPJACK_PRIVATE_WRAP, Mechanism),
+ mkEntry(CKM_SKIPJACK_RELAYX, Mechanism),
+ mkEntry(CKM_KEA_KEY_PAIR_GEN, Mechanism),
+ mkEntry(CKM_KEA_KEY_DERIVE, Mechanism),
+ mkEntry(CKM_FORTEZZA_TIMESTAMP, Mechanism),
+ mkEntry(CKM_BATON_KEY_GEN, Mechanism),
+ mkEntry(CKM_BATON_ECB128, Mechanism),
+ mkEntry(CKM_BATON_ECB96, Mechanism),
+ mkEntry(CKM_BATON_CBC128, Mechanism),
+ mkEntry(CKM_BATON_COUNTER, Mechanism),
+ mkEntry(CKM_BATON_SHUFFLE, Mechanism),
+ mkEntry(CKM_BATON_WRAP, Mechanism),
+ mkEntry(CKM_ECDSA_KEY_PAIR_GEN, Mechanism),
+ mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism),
+ mkEntry(CKM_ECDSA, Mechanism),
+ mkEntry(CKM_ECDSA_SHA1, Mechanism),
+ mkEntry(CKM_ECDH1_DERIVE, Mechanism),
+ mkEntry(CKM_ECDH1_COFACTOR_DERIVE, Mechanism),
+ mkEntry(CKM_ECMQV_DERIVE, Mechanism),
+ mkEntry(CKM_JUNIPER_KEY_GEN, Mechanism),
+ mkEntry(CKM_JUNIPER_ECB128, Mechanism),
+ mkEntry(CKM_JUNIPER_CBC128, Mechanism),
+ mkEntry(CKM_JUNIPER_COUNTER, Mechanism),
+ mkEntry(CKM_JUNIPER_SHUFFLE, Mechanism),
+ mkEntry(CKM_JUNIPER_WRAP, Mechanism),
+ mkEntry(CKM_FASTHASH, Mechanism),
+ mkEntry(CKM_AES_KEY_GEN, Mechanism),
+ mkEntry(CKM_AES_ECB, Mechanism),
+ mkEntry(CKM_AES_CBC, Mechanism),
+ mkEntry(CKM_AES_MAC, Mechanism),
+ mkEntry(CKM_AES_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_AES_CBC_PAD, Mechanism),
+ mkEntry(CKM_CAMELLIA_KEY_GEN, Mechanism),
+ mkEntry(CKM_CAMELLIA_ECB, Mechanism),
+ mkEntry(CKM_CAMELLIA_CBC, Mechanism),
+ mkEntry(CKM_CAMELLIA_MAC, Mechanism),
+ mkEntry(CKM_CAMELLIA_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_CAMELLIA_CBC_PAD, Mechanism),
+ mkEntry(CKM_SEED_KEY_GEN, Mechanism),
+ mkEntry(CKM_SEED_ECB, Mechanism),
+ mkEntry(CKM_SEED_CBC, Mechanism),
+ mkEntry(CKM_SEED_MAC, Mechanism),
+ mkEntry(CKM_SEED_MAC_GENERAL, Mechanism),
+ mkEntry(CKM_SEED_CBC_PAD, Mechanism),
+ mkEntry(CKM_SEED_ECB_ENCRYPT_DATA, Mechanism),
+ mkEntry(CKM_SEED_CBC_ENCRYPT_DATA, Mechanism),
+ mkEntry(CKM_DSA_PARAMETER_GEN, Mechanism),
+ mkEntry(CKM_DH_PKCS_PARAMETER_GEN, Mechanism),
+ mkEntry(CKM_NSS_AES_KEY_WRAP, Mechanism),
+ mkEntry(CKM_NSS_AES_KEY_WRAP_PAD, Mechanism),
+ mkEntry(CKM_NETSCAPE_PBE_SHA1_DES_CBC, Mechanism),
+ mkEntry(CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, Mechanism),
+ mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, Mechanism),
+ mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, Mechanism),
+ mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, Mechanism),
+ mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, Mechanism),
+ mkEntry(CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, Mechanism),
+ mkEntry(CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, Mechanism),
+ mkEntry(CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, Mechanism),
+ mkEntry(CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, Mechanism),
+ mkEntry(CKM_TLS_PRF_GENERAL, Mechanism),
+ mkEntry(CKM_NSS_TLS_PRF_GENERAL_SHA256, Mechanism),
- mkEntry(CKR_OK, Result),
- mkEntry(CKR_CANCEL, Result),
- mkEntry(CKR_HOST_MEMORY, Result),
- mkEntry(CKR_SLOT_ID_INVALID, Result),
- mkEntry(CKR_GENERAL_ERROR, Result),
- mkEntry(CKR_FUNCTION_FAILED, Result),
- mkEntry(CKR_ARGUMENTS_BAD, Result),
- mkEntry(CKR_NO_EVENT, Result),
- mkEntry(CKR_NEED_TO_CREATE_THREADS, Result),
- mkEntry(CKR_CANT_LOCK, Result),
- mkEntry(CKR_ATTRIBUTE_READ_ONLY, Result),
- mkEntry(CKR_ATTRIBUTE_SENSITIVE, Result),
- mkEntry(CKR_ATTRIBUTE_TYPE_INVALID, Result),
- mkEntry(CKR_ATTRIBUTE_VALUE_INVALID, Result),
- mkEntry(CKR_DATA_INVALID, Result),
- mkEntry(CKR_DATA_LEN_RANGE, Result),
- mkEntry(CKR_DEVICE_ERROR, Result),
- mkEntry(CKR_DEVICE_MEMORY, Result),
- mkEntry(CKR_DEVICE_REMOVED, Result),
- mkEntry(CKR_ENCRYPTED_DATA_INVALID, Result),
- mkEntry(CKR_ENCRYPTED_DATA_LEN_RANGE, Result),
- mkEntry(CKR_FUNCTION_CANCELED, Result),
- mkEntry(CKR_FUNCTION_NOT_PARALLEL, Result),
- mkEntry(CKR_FUNCTION_NOT_SUPPORTED, Result),
- mkEntry(CKR_KEY_HANDLE_INVALID, Result),
- mkEntry(CKR_KEY_SIZE_RANGE, Result),
- mkEntry(CKR_KEY_TYPE_INCONSISTENT, Result),
- mkEntry(CKR_KEY_NOT_NEEDED, Result),
- mkEntry(CKR_KEY_CHANGED, Result),
- mkEntry(CKR_KEY_NEEDED, Result),
- mkEntry(CKR_KEY_INDIGESTIBLE, Result),
- mkEntry(CKR_KEY_FUNCTION_NOT_PERMITTED, Result),
- mkEntry(CKR_KEY_NOT_WRAPPABLE, Result),
- mkEntry(CKR_KEY_UNEXTRACTABLE, Result),
- mkEntry(CKR_KEY_PARAMS_INVALID, Result),
- mkEntry(CKR_MECHANISM_INVALID, Result),
- mkEntry(CKR_MECHANISM_PARAM_INVALID, Result),
- mkEntry(CKR_OBJECT_HANDLE_INVALID, Result),
- mkEntry(CKR_OPERATION_ACTIVE, Result),
- mkEntry(CKR_OPERATION_NOT_INITIALIZED, Result),
- mkEntry(CKR_PIN_INCORRECT, Result),
- mkEntry(CKR_PIN_INVALID, Result),
- mkEntry(CKR_PIN_LEN_RANGE, Result),
- mkEntry(CKR_PIN_EXPIRED, Result),
- mkEntry(CKR_PIN_LOCKED, Result),
- mkEntry(CKR_SESSION_CLOSED, Result),
- mkEntry(CKR_SESSION_COUNT, Result),
- mkEntry(CKR_SESSION_HANDLE_INVALID, Result),
- mkEntry(CKR_SESSION_PARALLEL_NOT_SUPPORTED, Result),
- mkEntry(CKR_SESSION_READ_ONLY, Result),
- mkEntry(CKR_SESSION_EXISTS, Result),
- mkEntry(CKR_SESSION_READ_ONLY_EXISTS, Result),
- mkEntry(CKR_SESSION_READ_WRITE_SO_EXISTS, Result),
- mkEntry(CKR_SIGNATURE_INVALID, Result),
- mkEntry(CKR_SIGNATURE_LEN_RANGE, Result),
- mkEntry(CKR_TEMPLATE_INCOMPLETE, Result),
- mkEntry(CKR_TEMPLATE_INCONSISTENT, Result),
- mkEntry(CKR_TOKEN_NOT_PRESENT, Result),
- mkEntry(CKR_TOKEN_NOT_RECOGNIZED, Result),
- mkEntry(CKR_TOKEN_WRITE_PROTECTED, Result),
- mkEntry(CKR_UNWRAPPING_KEY_HANDLE_INVALID, Result),
- mkEntry(CKR_UNWRAPPING_KEY_SIZE_RANGE, Result),
- mkEntry(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, Result),
- mkEntry(CKR_USER_ALREADY_LOGGED_IN, Result),
- mkEntry(CKR_USER_NOT_LOGGED_IN, Result),
- mkEntry(CKR_USER_PIN_NOT_INITIALIZED, Result),
- mkEntry(CKR_USER_TYPE_INVALID, Result),
- mkEntry(CKR_USER_ANOTHER_ALREADY_LOGGED_IN, Result),
- mkEntry(CKR_USER_TOO_MANY_TYPES, Result),
- mkEntry(CKR_WRAPPED_KEY_INVALID, Result),
- mkEntry(CKR_WRAPPED_KEY_LEN_RANGE, Result),
- mkEntry(CKR_WRAPPING_KEY_HANDLE_INVALID, Result),
- mkEntry(CKR_WRAPPING_KEY_SIZE_RANGE, Result),
- mkEntry(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, Result),
- mkEntry(CKR_RANDOM_SEED_NOT_SUPPORTED, Result),
- mkEntry(CKR_RANDOM_NO_RNG, Result),
- mkEntry(CKR_DOMAIN_PARAMS_INVALID, Result),
- mkEntry(CKR_BUFFER_TOO_SMALL, Result),
- mkEntry(CKR_SAVED_STATE_INVALID, Result),
- mkEntry(CKR_INFORMATION_SENSITIVE, Result),
- mkEntry(CKR_STATE_UNSAVEABLE, Result),
- mkEntry(CKR_CRYPTOKI_NOT_INITIALIZED, Result),
- mkEntry(CKR_CRYPTOKI_ALREADY_INITIALIZED, Result),
- mkEntry(CKR_MUTEX_BAD, Result),
- mkEntry(CKR_MUTEX_NOT_LOCKED, Result),
- mkEntry(CKR_VENDOR_DEFINED, Result),
+ mkEntry(CKR_OK, Result),
+ mkEntry(CKR_CANCEL, Result),
+ mkEntry(CKR_HOST_MEMORY, Result),
+ mkEntry(CKR_SLOT_ID_INVALID, Result),
+ mkEntry(CKR_GENERAL_ERROR, Result),
+ mkEntry(CKR_FUNCTION_FAILED, Result),
+ mkEntry(CKR_ARGUMENTS_BAD, Result),
+ mkEntry(CKR_NO_EVENT, Result),
+ mkEntry(CKR_NEED_TO_CREATE_THREADS, Result),
+ mkEntry(CKR_CANT_LOCK, Result),
+ mkEntry(CKR_ATTRIBUTE_READ_ONLY, Result),
+ mkEntry(CKR_ATTRIBUTE_SENSITIVE, Result),
+ mkEntry(CKR_ATTRIBUTE_TYPE_INVALID, Result),
+ mkEntry(CKR_ATTRIBUTE_VALUE_INVALID, Result),
+ mkEntry(CKR_DATA_INVALID, Result),
+ mkEntry(CKR_DATA_LEN_RANGE, Result),
+ mkEntry(CKR_DEVICE_ERROR, Result),
+ mkEntry(CKR_DEVICE_MEMORY, Result),
+ mkEntry(CKR_DEVICE_REMOVED, Result),
+ mkEntry(CKR_ENCRYPTED_DATA_INVALID, Result),
+ mkEntry(CKR_ENCRYPTED_DATA_LEN_RANGE, Result),
+ mkEntry(CKR_FUNCTION_CANCELED, Result),
+ mkEntry(CKR_FUNCTION_NOT_PARALLEL, Result),
+ mkEntry(CKR_FUNCTION_NOT_SUPPORTED, Result),
+ mkEntry(CKR_KEY_HANDLE_INVALID, Result),
+ mkEntry(CKR_KEY_SIZE_RANGE, Result),
+ mkEntry(CKR_KEY_TYPE_INCONSISTENT, Result),
+ mkEntry(CKR_KEY_NOT_NEEDED, Result),
+ mkEntry(CKR_KEY_CHANGED, Result),
+ mkEntry(CKR_KEY_NEEDED, Result),
+ mkEntry(CKR_KEY_INDIGESTIBLE, Result),
+ mkEntry(CKR_KEY_FUNCTION_NOT_PERMITTED, Result),
+ mkEntry(CKR_KEY_NOT_WRAPPABLE, Result),
+ mkEntry(CKR_KEY_UNEXTRACTABLE, Result),
+ mkEntry(CKR_KEY_PARAMS_INVALID, Result),
+ mkEntry(CKR_MECHANISM_INVALID, Result),
+ mkEntry(CKR_MECHANISM_PARAM_INVALID, Result),
+ mkEntry(CKR_OBJECT_HANDLE_INVALID, Result),
+ mkEntry(CKR_OPERATION_ACTIVE, Result),
+ mkEntry(CKR_OPERATION_NOT_INITIALIZED, Result),
+ mkEntry(CKR_PIN_INCORRECT, Result),
+ mkEntry(CKR_PIN_INVALID, Result),
+ mkEntry(CKR_PIN_LEN_RANGE, Result),
+ mkEntry(CKR_PIN_EXPIRED, Result),
+ mkEntry(CKR_PIN_LOCKED, Result),
+ mkEntry(CKR_SESSION_CLOSED, Result),
+ mkEntry(CKR_SESSION_COUNT, Result),
+ mkEntry(CKR_SESSION_HANDLE_INVALID, Result),
+ mkEntry(CKR_SESSION_PARALLEL_NOT_SUPPORTED, Result),
+ mkEntry(CKR_SESSION_READ_ONLY, Result),
+ mkEntry(CKR_SESSION_EXISTS, Result),
+ mkEntry(CKR_SESSION_READ_ONLY_EXISTS, Result),
+ mkEntry(CKR_SESSION_READ_WRITE_SO_EXISTS, Result),
+ mkEntry(CKR_SIGNATURE_INVALID, Result),
+ mkEntry(CKR_SIGNATURE_LEN_RANGE, Result),
+ mkEntry(CKR_TEMPLATE_INCOMPLETE, Result),
+ mkEntry(CKR_TEMPLATE_INCONSISTENT, Result),
+ mkEntry(CKR_TOKEN_NOT_PRESENT, Result),
+ mkEntry(CKR_TOKEN_NOT_RECOGNIZED, Result),
+ mkEntry(CKR_TOKEN_WRITE_PROTECTED, Result),
+ mkEntry(CKR_UNWRAPPING_KEY_HANDLE_INVALID, Result),
+ mkEntry(CKR_UNWRAPPING_KEY_SIZE_RANGE, Result),
+ mkEntry(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, Result),
+ mkEntry(CKR_USER_ALREADY_LOGGED_IN, Result),
+ mkEntry(CKR_USER_NOT_LOGGED_IN, Result),
+ mkEntry(CKR_USER_PIN_NOT_INITIALIZED, Result),
+ mkEntry(CKR_USER_TYPE_INVALID, Result),
+ mkEntry(CKR_USER_ANOTHER_ALREADY_LOGGED_IN, Result),
+ mkEntry(CKR_USER_TOO_MANY_TYPES, Result),
+ mkEntry(CKR_WRAPPED_KEY_INVALID, Result),
+ mkEntry(CKR_WRAPPED_KEY_LEN_RANGE, Result),
+ mkEntry(CKR_WRAPPING_KEY_HANDLE_INVALID, Result),
+ mkEntry(CKR_WRAPPING_KEY_SIZE_RANGE, Result),
+ mkEntry(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, Result),
+ mkEntry(CKR_RANDOM_SEED_NOT_SUPPORTED, Result),
+ mkEntry(CKR_RANDOM_NO_RNG, Result),
+ mkEntry(CKR_DOMAIN_PARAMS_INVALID, Result),
+ mkEntry(CKR_BUFFER_TOO_SMALL, Result),
+ mkEntry(CKR_SAVED_STATE_INVALID, Result),
+ mkEntry(CKR_INFORMATION_SENSITIVE, Result),
+ mkEntry(CKR_STATE_UNSAVEABLE, Result),
+ mkEntry(CKR_CRYPTOKI_NOT_INITIALIZED, Result),
+ mkEntry(CKR_CRYPTOKI_ALREADY_INITIALIZED, Result),
+ mkEntry(CKR_MUTEX_BAD, Result),
+ mkEntry(CKR_MUTEX_NOT_LOCKED, Result),
+ mkEntry(CKR_VENDOR_DEFINED, Result),
- mkEntry(CKT_NSS_TRUSTED, Trust),
- mkEntry(CKT_NSS_TRUSTED_DELEGATOR, Trust),
- mkEntry(CKT_NSS_NOT_TRUSTED, Trust),
- mkEntry(CKT_NSS_MUST_VERIFY_TRUST, Trust),
- mkEntry(CKT_NSS_TRUST_UNKNOWN, Trust),
- mkEntry(CKT_NSS_VALID_DELEGATOR, Trust),
+ mkEntry(CKT_NSS_TRUSTED, Trust),
+ mkEntry(CKT_NSS_TRUSTED_DELEGATOR, Trust),
+ mkEntry(CKT_NSS_NOT_TRUSTED, Trust),
+ mkEntry(CKT_NSS_MUST_VERIFY_TRUST, Trust),
+ mkEntry(CKT_NSS_TRUST_UNKNOWN, Trust),
+ mkEntry(CKT_NSS_VALID_DELEGATOR, Trust),
- mkEntry(CK_EFFECTIVELY_INFINITE, AvailableSizes),
- mkEntry(CK_UNAVAILABLE_INFORMATION, CurrentSize),
+ mkEntry(CK_EFFECTIVELY_INFINITE, AvailableSizes),
+ mkEntry(CK_UNAVAILABLE_INFORMATION, CurrentSize),
};
const Constant *consts = &_consts[0];
-const unsigned int constCount = sizeof(_consts)/sizeof(_consts[0]);
+const unsigned int constCount = sizeof(_consts) / sizeof(_consts[0]);
const Commands _commands[] = {
- {"C_Initialize", F_C_Initialize,
-"C_Initialize pInitArgs\n\n"
-"C_Initialize initializes the PKCS #11 library.\n"
-" pInitArgs if this is not NULL_PTR it gets cast to and dereferenced\n",
- {ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Finalize", F_C_Finalize,
-"C_Finalize pReserved\n\n"
-"C_Finalize indicates that an application is done with the PKCS #11 library.\n"
-" pReserved reserved. Should be NULL_PTR\n",
- {ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetInfo", F_C_GetInfo,
-"C_GetInfo pInfo\n\n"
-"C_GetInfo returns general information about PKCS #11.\n"
-" pInfo location that receives information\n",
- {ArgInfo|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetFunctionList", F_C_GetFunctionList,
-"C_GetFunctionList ppFunctionList\n\n"
-"C_GetFunctionList returns the function list.\n"
-" ppFunctionList receives pointer to function list\n",
- {ArgFunctionList|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetSlotList", F_C_GetSlotList,
-"C_GetSlotList tokenPresent pSlotList pulCount\n\n"
-"C_GetSlotList obtains a list of slots in the system.\n"
-" tokenPresent only slots with tokens?\n"
-" pSlotList receives array of slot IDs\n"
-" pulCount receives number of slots\n",
- {ArgULong, ArgULong|ArgArray|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetSlotInfo", F_C_GetSlotInfo,
-"C_GetSlotInfo slotID pInfo\n\n"
-"C_GetSlotInfo obtains information about a particular slot in the system.\n"
-" slotID the ID of the slot\n"
-" pInfo receives the slot information\n",
- {ArgULong, ArgSlotInfo|ArgOut, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetTokenInfo", F_C_GetTokenInfo,
-"C_GetTokenInfo slotID pInfo\n\n"
-"C_GetTokenInfo obtains information about a particular token in the system.\n"
-" slotID ID of the token's slot\n"
-" pInfo receives the token information\n",
- {ArgULong, ArgTokenInfo|ArgOut, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetMechanismList", F_C_GetMechanismList,
-"C_GetMechanismList slotID pMechanismList pulCount\n\n"
-"C_GetMechanismList obtains a list of mechanism types supported by a token.\n"
-" slotID ID of token's slot\n"
-" pMechanismList gets mech. array\n"
-" pulCount gets # of mechs.\n",
- {ArgULong, ArgULong|ArgArray|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetMechanismInfo", F_C_GetMechanismInfo,
-"C_GetMechanismInfo slotID type pInfo\n\n"
-"C_GetMechanismInfo obtains information about a particular mechanism possibly\n"
-"supported by a token.\n"
-" slotID ID of the token's slot\n"
-" type type of mechanism\n"
-" pInfo receives mechanism info\n",
- {ArgULong, ArgULong, ArgMechanismInfo|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_InitToken", F_C_InitToken,
-"C_InitToken slotID pPin ulPinLen pLabel\n\n"
-"C_InitToken initializes a token.\n"
-" slotID ID of the token's slot\n"
-" pPin the SO's initial PIN\n"
-" ulPinLen length in bytes of the PIN\n"
-" pLabel 32-byte token label (blank padded)\n",
- {ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_InitPIN", F_C_InitPIN,
-"C_InitPIN hSession pPin ulPinLen\n\n"
-"C_InitPIN initializes the normal user's PIN.\n"
-" hSession the session's handle\n"
-" pPin the normal user's PIN\n"
-" ulPinLen length in bytes of the PIN\n",
- {ArgULong, ArgUTF8, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SetPIN", F_C_SetPIN,
-"C_SetPIN hSession pOldPin ulOldLen pNewPin ulNewLen\n\n"
-"C_SetPIN modifies the PIN of the user who is logged in.\n"
-" hSession the session's handle\n"
-" pOldPin the old PIN\n"
-" ulOldLen length of the old PIN\n"
-" pNewPin the new PIN\n"
-" ulNewLen length of the new PIN\n",
- {ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgULong,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_OpenSession", F_C_OpenSession,
-"C_OpenSession slotID flags phSession\n\n"
-"C_OpenSession opens a session between an application and a token.\n"
-" slotID the slot's ID\n"
-" flags from\n"
-" phSession gets session handle\n",
- {ArgULong, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_CloseSession", F_C_CloseSession,
-"C_CloseSession hSession\n\n"
-"C_CloseSession closes a session between an application and a token.\n"
-" hSession the session's handle\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_CloseAllSessions", F_C_CloseAllSessions,
-"C_CloseAllSessions slotID\n\n"
-"C_CloseAllSessions closes all sessions with a token.\n"
-" slotID the token's slot\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetSessionInfo", F_C_GetSessionInfo,
-"C_GetSessionInfo hSession pInfo\n\n"
-"C_GetSessionInfo obtains information about the session.\n"
-" hSession the session's handle\n"
-" pInfo receives session info\n",
- {ArgULong, ArgSessionInfo|ArgOut, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetOperationState", F_C_GetOperationState,
-"C_GetOperationState hSession pOpState pulOpStateLen\n\n"
-"C_GetOperationState obtains the state of the cryptographic operation in a\n"
-"session.\n"
-" hSession session's handle\n"
-" pOpState gets state\n"
-" pulOpStateLen gets state length\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SetOperationState", F_C_SetOperationState,
-"C_SetOperationState hSession pOpState ulOpStateLen hEncKey hAuthKey\n\n"
-"C_SetOperationState restores the state of the cryptographic operation in a\n"
-"session.\n"
-" hSession session's handle\n"
-" pOpState holds state\n"
-" ulOpStateLen holds state length\n"
-" hEncKey en/decryption key\n"
-" hAuthnKey sign/verify key\n",
- {ArgULong, ArgChar|ArgOut, ArgULong, ArgULong, ArgULong,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Login", F_C_Login,
-"C_Login hSession userType pPin ulPinLen\n\n"
-"C_Login logs a user into a token.\n"
-" hSession the session's handle\n"
-" userType the user type\n"
-" pPin the user's PIN\n"
-" ulPinLen the length of the PIN\n",
- {ArgULong, ArgULong, ArgVar, ArgULong, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Logout", F_C_Logout,
-"C_Logout hSession\n\n"
-"C_Logout logs a user out from a token.\n"
-" hSession the session's handle\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_CreateObject", F_C_CreateObject,
-"C_CreateObject hSession pTemplate ulCount phObject\n\n"
-"C_CreateObject creates a new object.\n"
-" hSession the session's handle\n"
-" pTemplate the object's template\n"
-" ulCount attributes in template\n"
-" phObject gets new object's handle.\n",
- {ArgULong, ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_CopyObject", F_C_CopyObject,
-"C_CopyObject hSession hObject pTemplate ulCount phNewObject\n\n"
-"C_CopyObject copies an object creating a new object for the copy.\n"
-" hSession the session's handle\n"
-" hObject the object's handle\n"
-" pTemplate template for new object\n"
-" ulCount attributes in template\n"
-" phNewObject receives handle of copy\n",
- {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DestroyObject", F_C_DestroyObject,
-"C_DestroyObject hSession hObject\n\n"
-"C_DestroyObject destroys an object.\n"
-" hSession the session's handle\n"
-" hObject the object's handle\n",
- {ArgULong, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetObjectSize", F_C_GetObjectSize,
-"C_GetObjectSize hSession hObject pulSize\n\n"
-"C_GetObjectSize gets the size of an object in bytes.\n"
-" hSession the session's handle\n"
-" hObject the object's handle\n"
-" pulSize receives size of object\n",
- {ArgULong, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetAttributeValue", F_C_GetAttributeValue,
-"C_GetAttributeValue hSession hObject pTemplate ulCount\n\n"
-"C_GetAttributeValue obtains the value of one or more object attributes.\n"
-" hSession the session's handle\n"
-" hObject the object's handle\n"
-" pTemplate specifies attrs; gets vals\n"
-" ulCount attributes in template\n",
- {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SetAttributeValue", F_C_SetAttributeValue,
-"C_SetAttributeValue hSession hObject pTemplate ulCount\n\n"
-"C_SetAttributeValue modifies the value of one or more object attributes\n"
-" hSession the session's handle\n"
-" hObject the object's handle\n"
-" pTemplate specifies attrs and values\n"
-" ulCount attributes in template\n",
- {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_FindObjectsInit", F_C_FindObjectsInit,
-"C_FindObjectsInit hSession pTemplate ulCount\n\n"
-"C_FindObjectsInit initializes a search for token and session objects that\n"
-"match a template.\n"
-" hSession the session's handle\n"
-" pTemplate attribute values to match\n"
-" ulCount attrs in search template\n",
- {ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_FindObjectsFinal", F_C_FindObjectsFinal,
-"C_FindObjectsFinal hSession\n\n"
-"C_FindObjectsFinal finishes a search for token and session objects.\n"
-" hSession the session's handle\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_FindObjects", F_C_FindObjects,
-"C_FindObjects hSession phObject ulMaxObjectCount pulObjectCount\n\n"
-"C_FindObjects continues a search for token and session objects that match\n"
-"a template obtaining additional object handles.\n"
-" hSession session's handle\n"
-" phObject gets obj. handles\n"
-" ulMaxObjectCount max handles to get\n"
-" pulObjectCount actual # returned\n",
- {ArgULong, ArgULong|ArgOut, ArgULong, ArgULong|ArgOut, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_EncryptInit", F_C_EncryptInit,
-"C_EncryptInit hSession pMechanism hKey\n\n"
-"C_EncryptInit initializes an encryption operation.\n"
-" hSession the session's handle\n"
-" pMechanism the encryption mechanism\n"
-" hKey handle of encryption key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_EncryptUpdate", F_C_EncryptUpdate,
-"C_EncryptUpdate hSession pPart ulPartLen pEncryptedPart pulEncryptedPartLen\n"
-"\n"
-"C_EncryptUpdate continues a multiple-part encryption operation.\n"
-" hSession session's handle\n"
-" pPart the plaintext data\n"
-" ulPartLen plaintext data len\n"
-" pEncryptedPart gets ciphertext\n"
-" pulEncryptedPartLen gets c-text size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_EncryptFinal", F_C_EncryptFinal,
-"C_EncryptFinal hSession pLastEncryptedPart pulLastEncryptedPartLen\n\n"
-"C_EncryptFinal finishes a multiple-part encryption operation.\n"
-" hSession session handle\n"
-" pLastEncryptedPart last c-text\n"
-" pulLastEncryptedPartLen gets last size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Encrypt", F_C_Encrypt,
-"C_Encrypt hSession pData ulDataLen pEncryptedData pulEncryptedDataLen\n\n"
-"C_Encrypt encrypts single-part data.\n"
-" hSession session's handle\n"
-" pData the plaintext data\n"
-" ulDataLen bytes of plaintext\n"
-" pEncryptedData gets ciphertext\n"
-" pulEncryptedDataLen gets c-text size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DecryptInit", F_C_DecryptInit,
-"C_DecryptInit hSession pMechanism hKey\n\n"
-"C_DecryptInit initializes a decryption operation.\n"
-" hSession the session's handle\n"
-" pMechanism the decryption mechanism\n"
-" hKey handle of decryption key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DecryptUpdate", F_C_DecryptUpdate,
-"C_DecryptUpdate hSession pEncryptedPart ulEncryptedPartLen pPart pulPartLen\n"
-"\n"
-"C_DecryptUpdate continues a multiple-part decryption operation.\n"
-" hSession session's handle\n"
-" pEncryptedPart encrypted data\n"
-" ulEncryptedPartLen input length\n"
-" pPart gets plaintext\n"
-" pulPartLen p-text size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DecryptFinal", F_C_DecryptFinal,
-"C_DecryptFinal hSession pLastPart pulLastPartLen\n\n"
-"C_DecryptFinal finishes a multiple-part decryption operation.\n"
-" hSession the session's handle\n"
-" pLastPart gets plaintext\n"
-" pulLastPartLen p-text size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Decrypt", F_C_Decrypt,
-"C_Decrypt hSession pEncryptedData ulEncryptedDataLen pData pulDataLen\n\n"
-"C_Decrypt decrypts encrypted data in a single part.\n"
-" hSession session's handle\n"
-" pEncryptedData ciphertext\n"
-" ulEncryptedDataLen ciphertext length\n"
-" pData gets plaintext\n"
-" pulDataLen gets p-text size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DigestInit", F_C_DigestInit,
-"C_DigestInit hSession pMechanism\n\n"
-"C_DigestInit initializes a message-digesting operation.\n"
-" hSession the session's handle\n"
-" pMechanism the digesting mechanism\n",
- {ArgULong, ArgMechanism, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DigestUpdate", F_C_DigestUpdate,
-"C_DigestUpdate hSession pPart ulPartLen\n\n"
-"C_DigestUpdate continues a multiple-part message-digesting operation.\n"
-" hSession the session's handle\n"
-" pPart data to be digested\n"
-" ulPartLen bytes of data to be digested\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DigestKey", F_C_DigestKey,
-"C_DigestKey hSession hKey\n\n"
-"C_DigestKey continues a multi-part message-digesting operation by digesting\n"
-"the value of a secret key as part of the data already digested.\n"
-" hSession the session's handle\n"
-" hKey secret key to digest\n",
- {ArgULong, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DigestFinal", F_C_DigestFinal,
-"C_DigestFinal hSession pDigest pulDigestLen\n\n"
-"C_DigestFinal finishes a multiple-part message-digesting operation.\n"
-" hSession the session's handle\n"
-" pDigest gets the message digest\n"
-" pulDigestLen gets byte count of digest\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Digest", F_C_Digest,
-"C_Digest hSession pData ulDataLen pDigest pulDigestLen\n\n"
-"C_Digest digests data in a single part.\n"
-" hSession the session's handle\n"
-" pData data to be digested\n"
-" ulDataLen bytes of data to digest\n"
-" pDigest gets the message digest\n"
-" pulDigestLen gets digest length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignInit", F_C_SignInit,
-"C_SignInit hSession pMechanism hKey\n\n"
-"C_SignInit initializes a signature (private key encryption operation where\n"
-"the signature is (will be) an appendix to the data and plaintext cannot be\n"
-"recovered from the signature.\n"
-" hSession the session's handle\n"
-" pMechanism the signature mechanism\n"
-" hKey handle of signature key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignUpdate", F_C_SignUpdate,
-"C_SignUpdate hSession pPart ulPartLen\n\n"
-"C_SignUpdate continues a multiple-part signature operation where the\n"
-"signature is (will be) an appendix to the data and plaintext cannot be\n"
-"recovered from the signature.\n"
-" hSession the session's handle\n"
-" pPart the data to sign\n"
-" ulPartLen count of bytes to sign\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignFinal", F_C_SignFinal,
-"C_SignFinal hSession pSignature pulSignatureLen\n\n"
-"C_SignFinal finishes a multiple-part signature operation returning the\n"
-"signature.\n"
-" hSession the session's handle\n"
-" pSignature gets the signature\n"
-" pulSignatureLen gets signature length\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignRecoverInit", F_C_SignRecoverInit,
-"C_SignRecoverInit hSession pMechanism hKey\n\n"
-"C_SignRecoverInit initializes a signature operation where the data can be\n"
-"recovered from the signature.\n"
-" hSession the session's handle\n"
-" pMechanism the signature mechanism\n"
-" hKey handle of the signature key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignRecover", F_C_SignRecover,
-"C_SignRecover hSession pData ulDataLen pSignature pulSignatureLen\n\n"
-"C_SignRecover signs data in a single operation where the data can be\n"
-"recovered from the signature.\n"
-" hSession the session's handle\n"
-" pData the data to sign\n"
-" ulDataLen count of bytes to sign\n"
-" pSignature gets the signature\n"
-" pulSignatureLen gets signature length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Sign", F_C_Sign,
-"C_Sign hSession pData ulDataLen pSignature pulSignatureLen\n\n"
-"C_Sign signs (encrypts with private key) data in a single part where the\n"
-"signature is (will be) an appendix to the data and plaintext cannot be\n"
-"recovered from the signature.\n"
-" hSession the session's handle\n"
-" pData the data to sign\n"
-" ulDataLen count of bytes to sign\n"
-" pSignature gets the signature\n"
-" pulSignatureLen gets signature length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_VerifyInit", F_C_VerifyInit,
-"C_VerifyInit hSession pMechanism hKey\n\n"
-"C_VerifyInit initializes a verification operation where the signature is an\n"
-"appendix to the data and plaintext cannot cannot be recovered from the\n"
-"signature (e.g. DSA).\n"
-" hSession the session's handle\n"
-" pMechanism the verification mechanism\n"
-" hKey verification key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_VerifyUpdate", F_C_VerifyUpdate,
-"C_VerifyUpdate hSession pPart ulPartLen\n\n"
-"C_VerifyUpdate continues a multiple-part verification operation where the\n"
-"signature is an appendix to the data and plaintext cannot be recovered from\n"
-"the signature.\n"
-" hSession the session's handle\n"
-" pPart signed data\n"
-" ulPartLen length of signed data\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_VerifyFinal", F_C_VerifyFinal,
-"C_VerifyFinal hSession pSignature ulSignatureLen\n\n"
-"C_VerifyFinal finishes a multiple-part verification operation checking the\n"
-"signature.\n"
-" hSession the session's handle\n"
-" pSignature signature to verify\n"
-" ulSignatureLen signature length\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_VerifyRecoverInit", F_C_VerifyRecoverInit,
-"C_VerifyRecoverInit hSession pMechanism hKey\n\n"
-"C_VerifyRecoverInit initializes a signature verification operation where the\n"
-"data is recovered from the signature.\n"
-" hSession the session's handle\n"
-" pMechanism the verification mechanism\n"
-" hKey verification key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_VerifyRecover", F_C_VerifyRecover,
-"C_VerifyRecover hSession pSignature ulSignatureLen pData pulDataLen\n\n"
-"C_VerifyRecover verifies a signature in a single-part operation where the\n"
-"data is recovered from the signature.\n"
-" hSession the session's handle\n"
-" pSignature signature to verify\n"
-" ulSignatureLen signature length\n"
-" pData gets signed data\n"
-" pulDataLen gets signed data len\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Verify", F_C_Verify,
-"C_Verify hSession pData ulDataLen pSignature ulSignatureLen\n\n"
-"C_Verify verifies a signature in a single-part operation where the signature\n"
-"is an appendix to the data and plaintext cannot be recovered from the\n"
-"signature.\n"
-" hSession the session's handle\n"
-" pData signed data\n"
-" ulDataLen length of signed data\n"
-" pSignature signature\n"
-" ulSignatureLen signature length*/\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DigestEncryptUpdate", F_C_DigestEncryptUpdate,
-"C_DigestEncryptUpdate hSession pPart ulPartLen pEncryptedPart \\\n"
-" pulEncryptedPartLen\n\n"
-"C_DigestEncryptUpdate continues a multiple-part digesting and encryption\n"
-"operation.\n"
-" hSession session's handle\n"
-" pPart the plaintext data\n"
-" ulPartLen plaintext length\n"
-" pEncryptedPart gets ciphertext\n"
-" pulEncryptedPartLen gets c-text length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DecryptDigestUpdate", F_C_DecryptDigestUpdate,
-"C_DecryptDigestUpdate hSession pEncryptedPart ulEncryptedPartLen pPart \\\n"
-" pulPartLen\n\n"
-"C_DecryptDigestUpdate continues a multiple-part decryption and digesting\n"
-"operation.\n"
-" hSession session's handle\n"
-" pEncryptedPart ciphertext\n"
-" ulEncryptedPartLen ciphertext length\n"
-" pPart gets plaintext\n"
-" pulPartLen gets plaintext len\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignEncryptUpdate", F_C_SignEncryptUpdate,
-"C_SignEncryptUpdate hSession pPart ulPartLen pEncryptedPart \\\n"
-" pulEncryptedPartLen\n\n"
-"C_SignEncryptUpdate continues a multiple-part signing and encryption\n"
-"operation.\n"
-" hSession session's handle\n"
-" pPart the plaintext data\n"
-" ulPartLen plaintext length\n"
-" pEncryptedPart gets ciphertext\n"
-" pulEncryptedPartLen gets c-text length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DecryptVerifyUpdate", F_C_DecryptVerifyUpdate,
-"C_DecryptVerifyUpdate hSession pEncryptedPart ulEncryptedPartLen pPart \\\n"
-" pulPartLen\n\n"
-"C_DecryptVerifyUpdate continues a multiple-part decryption and verify\n"
-"operation.\n"
-" hSession session's handle\n"
-" pEncryptedPart ciphertext\n"
-" ulEncryptedPartLen ciphertext length\n"
-" pPart gets plaintext\n"
-" pulPartLen gets p-text length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GenerateKeyPair", F_C_GenerateKeyPair,
-"C_GenerateKeyPair hSession pMechanism pPublicKeyTemplate \\\n"
-" ulPublicKeyAttributeCount pPrivateKeyTemplate ulPrivateKeyAttributeCount \\\n"
-" phPublicKey phPrivateKey\n\n"
-"C_GenerateKeyPair generates a public-key/private-key pair creating new key\n"
-"objects.\n"
-" hSession sessionhandle\n"
-" pMechanism key-genmech.\n"
-" pPublicKeyTemplate templatefor pub. key\n"
-" ulPublicKeyAttributeCount # pub. attrs.\n"
-" pPrivateKeyTemplate templatefor priv. key\n"
-" ulPrivateKeyAttributeCount # priv. attrs.\n"
-" phPublicKey gets pub. keyhandle\n"
-" phPrivateKey getspriv. keyhandle\n",
- {ArgULong, ArgMechanism, ArgAttribute|ArgArray, ArgULong,
- ArgAttribute|ArgArray,
- ArgULong, ArgULong|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone }},
- {"C_GenerateKey", F_C_GenerateKey,
-"C_GenerateKey hSession pMechanism pTemplate ulCount phKey\n\n"
-"C_GenerateKey generates a secret key creating a new key object.\n"
-" hSession the session's handle\n"
-" pMechanism key generation mech.\n"
-" pTemplate template for new key\n"
-" ulCount # of attrs in template\n"
-" phKey gets handle of new key\n",
- {ArgULong, ArgMechanism, ArgAttribute|ArgArray, ArgULong,
- ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_WrapKey", F_C_WrapKey,
-"C_WrapKey hSession pMechanism hWrappingKey hKey pWrappedKey pulWrappedKeyLen\n\n"
-"C_WrapKey wraps (i.e. encrypts) a key.\n"
-" hSession the session's handle\n"
-" pMechanism the wrapping mechanism\n"
-" hWrappingKey wrapping key\n"
-" hKey key to be wrapped\n"
-" pWrappedKey gets wrapped key\n"
-" pulWrappedKeyLen gets wrapped key size\n",
- {ArgULong, ArgMechanism, ArgULong, ArgULong, ArgULong,
- ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, ArgNone }},
- {"C_UnwrapKey", F_C_UnwrapKey,
-"C_UnwrapKey hSession pMechanism hUnwrappingKey pWrappedKey ulWrappedKeyLen \\\n"
-" pTemplate ulAttributeCount phKey\n\n"
-"C_UnwrapKey unwraps (decrypts) a wrapped key creating a new key object.\n"
-" hSession session's handle\n"
-" pMechanism unwrapping mech.\n"
-" hUnwrappingKey unwrapping key\n"
-" pWrappedKey the wrapped key\n"
-" ulWrappedKeyLen wrapped key len\n"
-" pTemplate new key template\n"
-" ulAttributeCount template length\n"
-" phKey gets new handle\n",
- {ArgULong, ArgMechanism, ArgULong, ArgChar, ArgULong,
- ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone }},
- {"C_DeriveKey", F_C_DeriveKey,
-"C_DeriveKey hSession pMechanism hBaseKey pTemplate ulAttributeCount phKey\n\n"
-"C_DeriveKey derives a key from a base key creating a new key object.\n"
-" hSession session's handle\n"
-" pMechanism key deriv. mech.\n"
-" hBaseKey base key\n"
-" pTemplate new key template\n"
-" ulAttributeCount template length\n"
-" phKey gets new handle\n",
- {ArgULong, ArgMechanism, ArgULong, ArgAttribute|ArgArray, ArgULong,
- ArgULong|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SeedRandom", F_C_SeedRandom,
-"C_SeedRandom hSession pSeed ulSeedLen\n\n"
-"C_SeedRandom mixes additional seed material into the token's random number\n"
-"generator.\n"
-" hSession the session's handle\n"
-" pSeed the seed material\n"
-" ulSeedLen length of seed material\n",
- {ArgULong, ArgChar, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GenerateRandom", F_C_GenerateRandom,
-"C_GenerateRandom hSession RandomData ulRandomLen\n\n"
-"C_GenerateRandom generates random data.\n"
-" hSession the session's handle\n"
-" RandomData receives the random data\n"
-" ulRandomLen # of bytes to generate\n",
- {ArgULong, ArgChar, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetFunctionStatus", F_C_GetFunctionStatus,
-"C_GetFunctionStatus hSession\n\n"
-"C_GetFunctionStatus is a legacy function; it obtains an updated status of\n"
-"a function running in parallel with an application.\n"
-" hSession the session's handle\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_CancelFunction", F_C_CancelFunction,
-"C_CancelFunction hSession\n\n"
-"C_CancelFunction is a legacy function; it cancels a function running in\n"
-"parallel.\n"
-" hSession the session's handle\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_WaitForSlotEvent", F_C_WaitForSlotEvent,
-"C_WaitForSlotEvent flags pSlot pRserved\n\n"
-"C_WaitForSlotEvent waits for a slot event (token insertion removal etc.)\n"
-"to occur.\n"
-" flags blocking/nonblocking flag\n"
-" pSlot location that receives the slot ID\n"
-" pRserved reserved. Should be NULL_PTR\n",
- {ArgULong, ArgULong|ArgArray, ArgVar, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"NewArray", F_NewArray,
-"NewArray varName varType array size\n\n"
-"Creates a new array variable.\n"
-" varName variable name of the new array\n"
-" varType data type of the new array\n"
-" size number of elements in the array\n",
- {ArgVar|ArgNew, ArgVar, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"NewInitArg", F_NewInitializeArgs,
-"NewInitArg varName flags string\n\n"
-"Creates a new init variable.\n"
-" varName variable name of the new initArg\n"
-" flags value to set the flags field\n"
-" string string parameter for init arg\n",
- {ArgVar|ArgNew, ArgULong, ArgVar|ArgNew, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"NewTemplate", F_NewTemplate,
-"NewTemplate varName attributeList\n\n"
-"Create a new empty template and populate the attribute list\n"
-" varName variable name of the new template\n"
-" attributeList comma separated list of CKA_ATTRIBUTE types\n",
- {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"NewMechanism", F_NewMechanism,
-"NewMechanism varName mechanismType\n\n"
-"Create a new CK_MECHANISM object with type NULL parameters and specified type\n"
-" varName variable name of the new mechansim\n"
-" mechanismType CKM_ mechanism type value to set int the type field\n",
- {ArgVar|ArgNew, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"BuildTemplate", F_BuildTemplate,
-"BuildTemplate template\n\n"
-"Allocates space for the value in a template which has the sizes filled in,\n"
-"but no values allocated yet.\n"
-" template variable name of the template\n",
- {ArgAttribute, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"SetTemplate", F_SetTemplate,
-"SetTemplate template index value\n\n"
-"Sets a particular element of a template to a CK_ULONG\n"
-" template variable name of the template\n"
-" index index into the template to the element to change\n"
-" value 32 bit value to set in the template\n",
- {ArgAttribute, ArgULong, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"SetString", F_SetStringVar,
-"SetString varName string\n\n"
-"Sets a particular variable to a string value\n"
-" variable variable name of new string\n"
-" string String to set the variable to\n",
- {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Set", F_SetVar,
-"Set varName value\n\n"
-"Sets a particular variable to CK_ULONG\n"
-" variable name of the new variable\n"
-" value 32 bit value to set variable to\n",
- {ArgVar|ArgNew, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Print", F_Print,
-"Print varName\n\n"
-"prints a variable\n"
-" variable name of the variable to print\n",
- {ArgVar, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Delete", F_Delete,
-"Delete varName\n\n"
-"delete a variable\n"
-" variable name of the variable to delete\n",
- {ArgVar|ArgNew, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Load", F_Load,
-"load libraryName\n\n"
-"load a pkcs #11 module\n"
-" libraryName Name of a shared library\n",
- {ArgVar, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Save", F_SaveVar,
-"Save filename variable\n\n"
-"Saves the binary value of 'variable' in file 'filename'\n"
-" fileName target file to save the variable in\n"
-" variable variable to save\n",
- {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Restore", F_RestoreVar,
-"Restore filename variable\n\n"
-"Restores a variable from a file\n"
-" fileName target file to restore the variable from\n"
-" variable variable to restore\n",
- {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Increment", F_Increment,
-"Increment variable value\n\n"
-"Increment a variable by value\n",
- {ArgVar, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Decrement", F_Decrement,
-"Decrement variable value\n\n"
-"Decrement a variable by value\n",
- {ArgVar, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"List", F_List,
-"List all the variables\n",
- {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Unload", F_Unload,
-"Unload the currrently loaded PKCS #11 library\n",
- {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Run", F_Run,
-"Run filename\n\n"
-"reads filename as script of commands to execute\n",
- {ArgVar|ArgNew, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Time", F_Time,
-"Time pkcs11 command\n\n"
-"Execute a pkcs #11 command and time the results\n",
- {ArgVar|ArgFull, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"System", F_System,
- "Set System Flag",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"LoopRun", F_Loop,
-"LoopRun filename var start end step\n\n"
-"Run in a loop. Loop exit if scrip does and explicit quit (Quit QuitIf etc.)",
- {ArgVar|ArgNew, ArgVar|ArgNew, ArgULong, ArgULong, ArgULong,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Help", F_Help,
-"Help [command]\n\n"
-"print general help, or help for a specific command\n",
- {ArgVar|ArgOpt, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"QuitIf", F_QuitIf,
-"QuitIf arg1 comparator arg2\n\n"
-"Exit from this program if Condition is valid, valid comparators:\n"
-" < > <= >= = !=\n",
- {ArgULong, ArgVar|ArgNew, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"QuitIfString", F_QuitIfString,
-"QuitIfString arg1 comparator arg2\n\n"
-"Exit from this program if Condition is valid, valid comparators:\n"
-" = !=\n",
- {ArgVar|ArgNew, ArgVar|ArgNew, ArgVar|ArgNew, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Quit", F_Quit,
-"Exit from this program",
- {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
+ { "C_Initialize",
+ F_C_Initialize,
+ "C_Initialize pInitArgs\n\n"
+ "C_Initialize initializes the PKCS #11 library.\n"
+ " pInitArgs if this is not NULL_PTR it gets cast to and dereferenced\n",
+ { ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "C_Finalize",
+ F_C_Finalize,
+ "C_Finalize pReserved\n\n"
+ "C_Finalize indicates that an application is done with the PKCS #11 library.\n"
+ " pReserved reserved. Should be NULL_PTR\n",
+ { ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "C_GetInfo",
+ F_C_GetInfo,
+ "C_GetInfo pInfo\n\n"
+ "C_GetInfo returns general information about PKCS #11.\n"
+ " pInfo location that receives information\n",
+ { ArgInfo | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "C_GetFunctionList",
+ F_C_GetFunctionList,
+ "C_GetFunctionList ppFunctionList\n\n"
+ "C_GetFunctionList returns the function list.\n"
+ " ppFunctionList receives pointer to function list\n",
+ { ArgFunctionList | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_GetSlotList",
+ F_C_GetSlotList,
+ "C_GetSlotList tokenPresent pSlotList pulCount\n\n"
+ "C_GetSlotList obtains a list of slots in the system.\n"
+ " tokenPresent only slots with tokens?\n"
+ " pSlotList receives array of slot IDs\n"
+ " pulCount receives number of slots\n",
+ { ArgULong, ArgULong | ArgArray | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_GetSlotInfo",
+ F_C_GetSlotInfo,
+ "C_GetSlotInfo slotID pInfo\n\n"
+ "C_GetSlotInfo obtains information about a particular slot in the system.\n"
+ " slotID the ID of the slot\n"
+ " pInfo receives the slot information\n",
+ { ArgULong, ArgSlotInfo | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_GetTokenInfo",
+ F_C_GetTokenInfo,
+ "C_GetTokenInfo slotID pInfo\n\n"
+ "C_GetTokenInfo obtains information about a particular token in the system.\n"
+ " slotID ID of the token's slot\n"
+ " pInfo receives the token information\n",
+ { ArgULong, ArgTokenInfo | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_GetMechanismList",
+ F_C_GetMechanismList,
+ "C_GetMechanismList slotID pMechanismList pulCount\n\n"
+ "C_GetMechanismList obtains a list of mechanism types supported by a token.\n"
+ " slotID ID of token's slot\n"
+ " pMechanismList gets mech. array\n"
+ " pulCount gets # of mechs.\n",
+ { ArgULong, ArgULong | ArgArray | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_GetMechanismInfo",
+ F_C_GetMechanismInfo,
+ "C_GetMechanismInfo slotID type pInfo\n\n"
+ "C_GetMechanismInfo obtains information about a particular mechanism possibly\n"
+ "supported by a token.\n"
+ " slotID ID of the token's slot\n"
+ " type type of mechanism\n"
+ " pInfo receives mechanism info\n",
+ { ArgULong, ArgULong, ArgMechanismInfo | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_InitToken",
+ F_C_InitToken,
+ "C_InitToken slotID pPin ulPinLen pLabel\n\n"
+ "C_InitToken initializes a token.\n"
+ " slotID ID of the token's slot\n"
+ " pPin the SO's initial PIN\n"
+ " ulPinLen length in bytes of the PIN\n"
+ " pLabel 32-byte token label (blank padded)\n",
+ { ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_InitPIN",
+ F_C_InitPIN,
+ "C_InitPIN hSession pPin ulPinLen\n\n"
+ "C_InitPIN initializes the normal user's PIN.\n"
+ " hSession the session's handle\n"
+ " pPin the normal user's PIN\n"
+ " ulPinLen length in bytes of the PIN\n",
+ { ArgULong, ArgUTF8, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_SetPIN",
+ F_C_SetPIN,
+ "C_SetPIN hSession pOldPin ulOldLen pNewPin ulNewLen\n\n"
+ "C_SetPIN modifies the PIN of the user who is logged in.\n"
+ " hSession the session's handle\n"
+ " pOldPin the old PIN\n"
+ " ulOldLen length of the old PIN\n"
+ " pNewPin the new PIN\n"
+ " ulNewLen length of the new PIN\n",
+ { ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgULong, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "C_OpenSession",
+ F_C_OpenSession,
+ "C_OpenSession slotID flags phSession\n\n"
+ "C_OpenSession opens a session between an application and a token.\n"
+ " slotID the slot's ID\n"
+ " flags from\n"
+ " phSession gets session handle\n",
+ { ArgULong, ArgULong, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_CloseSession",
+ F_C_CloseSession,
+ "C_CloseSession hSession\n\n"
+ "C_CloseSession closes a session between an application and a token.\n"
+ " hSession the session's handle\n",
+ { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_CloseAllSessions",
+ F_C_CloseAllSessions,
+ "C_CloseAllSessions slotID\n\n"
+ "C_CloseAllSessions closes all sessions with a token.\n"
+ " slotID the token's slot\n",
+ { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_GetSessionInfo",
+ F_C_GetSessionInfo,
+ "C_GetSessionInfo hSession pInfo\n\n"
+ "C_GetSessionInfo obtains information about the session.\n"
+ " hSession the session's handle\n"
+ " pInfo receives session info\n",
+ { ArgULong, ArgSessionInfo | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_GetOperationState",
+ F_C_GetOperationState,
+ "C_GetOperationState hSession pOpState pulOpStateLen\n\n"
+ "C_GetOperationState obtains the state of the cryptographic operation in a\n"
+ "session.\n"
+ " hSession session's handle\n"
+ " pOpState gets state\n"
+ " pulOpStateLen gets state length\n",
+ { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_SetOperationState",
+ F_C_SetOperationState,
+ "C_SetOperationState hSession pOpState ulOpStateLen hEncKey hAuthKey\n\n"
+ "C_SetOperationState restores the state of the cryptographic operation in a\n"
+ "session.\n"
+ " hSession session's handle\n"
+ " pOpState holds state\n"
+ " ulOpStateLen holds state length\n"
+ " hEncKey en/decryption key\n"
+ " hAuthnKey sign/verify key\n",
+ { ArgULong, ArgChar | ArgOut, ArgULong, ArgULong, ArgULong, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_Login",
+ F_C_Login,
+ "C_Login hSession userType pPin ulPinLen\n\n"
+ "C_Login logs a user into a token.\n"
+ " hSession the session's handle\n"
+ " userType the user type\n"
+ " pPin the user's PIN\n"
+ " ulPinLen the length of the PIN\n",
+ { ArgULong, ArgULong, ArgVar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_Logout",
+ F_C_Logout,
+ "C_Logout hSession\n\n"
+ "C_Logout logs a user out from a token.\n"
+ " hSession the session's handle\n",
+ { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_CreateObject",
+ F_C_CreateObject,
+ "C_CreateObject hSession pTemplate ulCount phObject\n\n"
+ "C_CreateObject creates a new object.\n"
+ " hSession the session's handle\n"
+ " pTemplate the object's template\n"
+ " ulCount attributes in template\n"
+ " phObject gets new object's handle.\n",
+ { ArgULong, ArgAttribute | ArgArray, ArgULong, ArgULong | ArgOut, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_CopyObject",
+ F_C_CopyObject,
+ "C_CopyObject hSession hObject pTemplate ulCount phNewObject\n\n"
+ "C_CopyObject copies an object creating a new object for the copy.\n"
+ " hSession the session's handle\n"
+ " hObject the object's handle\n"
+ " pTemplate template for new object\n"
+ " ulCount attributes in template\n"
+ " phNewObject receives handle of copy\n",
+ { ArgULong, ArgULong, ArgAttribute | ArgArray, ArgULong, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_DestroyObject",
+ F_C_DestroyObject,
+ "C_DestroyObject hSession hObject\n\n"
+ "C_DestroyObject destroys an object.\n"
+ " hSession the session's handle\n"
+ " hObject the object's handle\n",
+ { ArgULong, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_GetObjectSize",
+ F_C_GetObjectSize,
+ "C_GetObjectSize hSession hObject pulSize\n\n"
+ "C_GetObjectSize gets the size of an object in bytes.\n"
+ " hSession the session's handle\n"
+ " hObject the object's handle\n"
+ " pulSize receives size of object\n",
+ { ArgULong, ArgULong, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_GetAttributeValue",
+ F_C_GetAttributeValue,
+ "C_GetAttributeValue hSession hObject pTemplate ulCount\n\n"
+ "C_GetAttributeValue obtains the value of one or more object attributes.\n"
+ " hSession the session's handle\n"
+ " hObject the object's handle\n"
+ " pTemplate specifies attrs; gets vals\n"
+ " ulCount attributes in template\n",
+ { ArgULong, ArgULong, ArgAttribute | ArgArray, ArgULong, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_SetAttributeValue",
+ F_C_SetAttributeValue,
+ "C_SetAttributeValue hSession hObject pTemplate ulCount\n\n"
+ "C_SetAttributeValue modifies the value of one or more object attributes\n"
+ " hSession the session's handle\n"
+ " hObject the object's handle\n"
+ " pTemplate specifies attrs and values\n"
+ " ulCount attributes in template\n",
+ { ArgULong, ArgULong, ArgAttribute | ArgArray, ArgULong, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_FindObjectsInit",
+ F_C_FindObjectsInit,
+ "C_FindObjectsInit hSession pTemplate ulCount\n\n"
+ "C_FindObjectsInit initializes a search for token and session objects that\n"
+ "match a template.\n"
+ " hSession the session's handle\n"
+ " pTemplate attribute values to match\n"
+ " ulCount attrs in search template\n",
+ { ArgULong, ArgAttribute | ArgArray, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_FindObjectsFinal",
+ F_C_FindObjectsFinal,
+ "C_FindObjectsFinal hSession\n\n"
+ "C_FindObjectsFinal finishes a search for token and session objects.\n"
+ " hSession the session's handle\n",
+ { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_FindObjects",
+ F_C_FindObjects,
+ "C_FindObjects hSession phObject ulMaxObjectCount pulObjectCount\n\n"
+ "C_FindObjects continues a search for token and session objects that match\n"
+ "a template obtaining additional object handles.\n"
+ " hSession session's handle\n"
+ " phObject gets obj. handles\n"
+ " ulMaxObjectCount max handles to get\n"
+ " pulObjectCount actual # returned\n",
+ { ArgULong, ArgULong | ArgOut, ArgULong, ArgULong | ArgOut, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_EncryptInit",
+ F_C_EncryptInit,
+ "C_EncryptInit hSession pMechanism hKey\n\n"
+ "C_EncryptInit initializes an encryption operation.\n"
+ " hSession the session's handle\n"
+ " pMechanism the encryption mechanism\n"
+ " hKey handle of encryption key\n",
+ { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "C_EncryptUpdate",
+ F_C_EncryptUpdate,
+ "C_EncryptUpdate hSession pPart ulPartLen pEncryptedPart pulEncryptedPartLen\n"
+ "\n"
+ "C_EncryptUpdate continues a multiple-part encryption operation.\n"
+ " hSession session's handle\n"
+ " pPart the plaintext data\n"
+ " ulPartLen plaintext data len\n"
+ " pEncryptedPart gets ciphertext\n"
+ " pulEncryptedPartLen gets c-text size\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_EncryptFinal",
+ F_C_EncryptFinal,
+ "C_EncryptFinal hSession pLastEncryptedPart pulLastEncryptedPartLen\n\n"
+ "C_EncryptFinal finishes a multiple-part encryption operation.\n"
+ " hSession session handle\n"
+ " pLastEncryptedPart last c-text\n"
+ " pulLastEncryptedPartLen gets last size\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_Encrypt",
+ F_C_Encrypt,
+ "C_Encrypt hSession pData ulDataLen pEncryptedData pulEncryptedDataLen\n\n"
+ "C_Encrypt encrypts single-part data.\n"
+ " hSession session's handle\n"
+ " pData the plaintext data\n"
+ " ulDataLen bytes of plaintext\n"
+ " pEncryptedData gets ciphertext\n"
+ " pulEncryptedDataLen gets c-text size\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_DecryptInit",
+ F_C_DecryptInit,
+ "C_DecryptInit hSession pMechanism hKey\n\n"
+ "C_DecryptInit initializes a decryption operation.\n"
+ " hSession the session's handle\n"
+ " pMechanism the decryption mechanism\n"
+ " hKey handle of decryption key\n",
+ { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "C_DecryptUpdate",
+ F_C_DecryptUpdate,
+ "C_DecryptUpdate hSession pEncryptedPart ulEncryptedPartLen pPart pulPartLen\n"
+ "\n"
+ "C_DecryptUpdate continues a multiple-part decryption operation.\n"
+ " hSession session's handle\n"
+ " pEncryptedPart encrypted data\n"
+ " ulEncryptedPartLen input length\n"
+ " pPart gets plaintext\n"
+ " pulPartLen p-text size\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_DecryptFinal",
+ F_C_DecryptFinal,
+ "C_DecryptFinal hSession pLastPart pulLastPartLen\n\n"
+ "C_DecryptFinal finishes a multiple-part decryption operation.\n"
+ " hSession the session's handle\n"
+ " pLastPart gets plaintext\n"
+ " pulLastPartLen p-text size\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_Decrypt",
+ F_C_Decrypt,
+ "C_Decrypt hSession pEncryptedData ulEncryptedDataLen pData pulDataLen\n\n"
+ "C_Decrypt decrypts encrypted data in a single part.\n"
+ " hSession session's handle\n"
+ " pEncryptedData ciphertext\n"
+ " ulEncryptedDataLen ciphertext length\n"
+ " pData gets plaintext\n"
+ " pulDataLen gets p-text size\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_DigestInit",
+ F_C_DigestInit,
+ "C_DigestInit hSession pMechanism\n\n"
+ "C_DigestInit initializes a message-digesting operation.\n"
+ " hSession the session's handle\n"
+ " pMechanism the digesting mechanism\n",
+ { ArgULong, ArgMechanism, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "C_DigestUpdate",
+ F_C_DigestUpdate,
+ "C_DigestUpdate hSession pPart ulPartLen\n\n"
+ "C_DigestUpdate continues a multiple-part message-digesting operation.\n"
+ " hSession the session's handle\n"
+ " pPart data to be digested\n"
+ " ulPartLen bytes of data to be digested\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_DigestKey",
+ F_C_DigestKey,
+ "C_DigestKey hSession hKey\n\n"
+ "C_DigestKey continues a multi-part message-digesting operation by digesting\n"
+ "the value of a secret key as part of the data already digested.\n"
+ " hSession the session's handle\n"
+ " hKey secret key to digest\n",
+ { ArgULong, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_DigestFinal",
+ F_C_DigestFinal,
+ "C_DigestFinal hSession pDigest pulDigestLen\n\n"
+ "C_DigestFinal finishes a multiple-part message-digesting operation.\n"
+ " hSession the session's handle\n"
+ " pDigest gets the message digest\n"
+ " pulDigestLen gets byte count of digest\n",
+ { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_Digest",
+ F_C_Digest,
+ "C_Digest hSession pData ulDataLen pDigest pulDigestLen\n\n"
+ "C_Digest digests data in a single part.\n"
+ " hSession the session's handle\n"
+ " pData data to be digested\n"
+ " ulDataLen bytes of data to digest\n"
+ " pDigest gets the message digest\n"
+ " pulDigestLen gets digest length\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_SignInit",
+ F_C_SignInit,
+ "C_SignInit hSession pMechanism hKey\n\n"
+ "C_SignInit initializes a signature (private key encryption operation where\n"
+ "the signature is (will be) an appendix to the data and plaintext cannot be\n"
+ "recovered from the signature.\n"
+ " hSession the session's handle\n"
+ " pMechanism the signature mechanism\n"
+ " hKey handle of signature key\n",
+ { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "C_SignUpdate",
+ F_C_SignUpdate,
+ "C_SignUpdate hSession pPart ulPartLen\n\n"
+ "C_SignUpdate continues a multiple-part signature operation where the\n"
+ "signature is (will be) an appendix to the data and plaintext cannot be\n"
+ "recovered from the signature.\n"
+ " hSession the session's handle\n"
+ " pPart the data to sign\n"
+ " ulPartLen count of bytes to sign\n",
+ { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_SignFinal",
+ F_C_SignFinal,
+ "C_SignFinal hSession pSignature pulSignatureLen\n\n"
+ "C_SignFinal finishes a multiple-part signature operation returning the\n"
+ "signature.\n"
+ " hSession the session's handle\n"
+ " pSignature gets the signature\n"
+ " pulSignatureLen gets signature length\n",
+ { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_SignRecoverInit",
+ F_C_SignRecoverInit,
+ "C_SignRecoverInit hSession pMechanism hKey\n\n"
+ "C_SignRecoverInit initializes a signature operation where the data can be\n"
+ "recovered from the signature.\n"
+ " hSession the session's handle\n"
+ " pMechanism the signature mechanism\n"
+ " hKey handle of the signature key\n",
+ { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "C_SignRecover",
+ F_C_SignRecover,
+ "C_SignRecover hSession pData ulDataLen pSignature pulSignatureLen\n\n"
+ "C_SignRecover signs data in a single operation where the data can be\n"
+ "recovered from the signature.\n"
+ " hSession the session's handle\n"
+ " pData the data to sign\n"
+ " ulDataLen count of bytes to sign\n"
+ " pSignature gets the signature\n"
+ " pulSignatureLen gets signature length\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_Sign",
+ F_C_Sign,
+ "C_Sign hSession pData ulDataLen pSignature pulSignatureLen\n\n"
+ "C_Sign signs (encrypts with private key) data in a single part where the\n"
+ "signature is (will be) an appendix to the data and plaintext cannot be\n"
+ "recovered from the signature.\n"
+ " hSession the session's handle\n"
+ " pData the data to sign\n"
+ " ulDataLen count of bytes to sign\n"
+ " pSignature gets the signature\n"
+ " pulSignatureLen gets signature length\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_VerifyInit",
+ F_C_VerifyInit,
+ "C_VerifyInit hSession pMechanism hKey\n\n"
+ "C_VerifyInit initializes a verification operation where the signature is an\n"
+ "appendix to the data and plaintext cannot cannot be recovered from the\n"
+ "signature (e.g. DSA).\n"
+ " hSession the session's handle\n"
+ " pMechanism the verification mechanism\n"
+ " hKey verification key\n",
+ { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "C_VerifyUpdate",
+ F_C_VerifyUpdate,
+ "C_VerifyUpdate hSession pPart ulPartLen\n\n"
+ "C_VerifyUpdate continues a multiple-part verification operation where the\n"
+ "signature is an appendix to the data and plaintext cannot be recovered from\n"
+ "the signature.\n"
+ " hSession the session's handle\n"
+ " pPart signed data\n"
+ " ulPartLen length of signed data\n",
+ { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_VerifyFinal",
+ F_C_VerifyFinal,
+ "C_VerifyFinal hSession pSignature ulSignatureLen\n\n"
+ "C_VerifyFinal finishes a multiple-part verification operation checking the\n"
+ "signature.\n"
+ " hSession the session's handle\n"
+ " pSignature signature to verify\n"
+ " ulSignatureLen signature length\n",
+ { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "C_VerifyRecoverInit",
+ F_C_VerifyRecoverInit,
+ "C_VerifyRecoverInit hSession pMechanism hKey\n\n"
+ "C_VerifyRecoverInit initializes a signature verification operation where the\n"
+ "data is recovered from the signature.\n"
+ " hSession the session's handle\n"
+ " pMechanism the verification mechanism\n"
+ " hKey verification key\n",
+ { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "C_VerifyRecover",
+ F_C_VerifyRecover,
+ "C_VerifyRecover hSession pSignature ulSignatureLen pData pulDataLen\n\n"
+ "C_VerifyRecover verifies a signature in a single-part operation where the\n"
+ "data is recovered from the signature.\n"
+ " hSession the session's handle\n"
+ " pSignature signature to verify\n"
+ " ulSignatureLen signature length\n"
+ " pData gets signed data\n"
+ " pulDataLen gets signed data len\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_Verify",
+ F_C_Verify,
+ "C_Verify hSession pData ulDataLen pSignature ulSignatureLen\n\n"
+ "C_Verify verifies a signature in a single-part operation where the signature\n"
+ "is an appendix to the data and plaintext cannot be recovered from the\n"
+ "signature.\n"
+ " hSession the session's handle\n"
+ " pData signed data\n"
+ " ulDataLen length of signed data\n"
+ " pSignature signature\n"
+ " ulSignatureLen signature length*/\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_DigestEncryptUpdate",
+ F_C_DigestEncryptUpdate,
+ "C_DigestEncryptUpdate hSession pPart ulPartLen pEncryptedPart \\\n"
+ " pulEncryptedPartLen\n\n"
+ "C_DigestEncryptUpdate continues a multiple-part digesting and encryption\n"
+ "operation.\n"
+ " hSession session's handle\n"
+ " pPart the plaintext data\n"
+ " ulPartLen plaintext length\n"
+ " pEncryptedPart gets ciphertext\n"
+ " pulEncryptedPartLen gets c-text length\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_DecryptDigestUpdate",
+ F_C_DecryptDigestUpdate,
+ "C_DecryptDigestUpdate hSession pEncryptedPart ulEncryptedPartLen pPart \\\n"
+ " pulPartLen\n\n"
+ "C_DecryptDigestUpdate continues a multiple-part decryption and digesting\n"
+ "operation.\n"
+ " hSession session's handle\n"
+ " pEncryptedPart ciphertext\n"
+ " ulEncryptedPartLen ciphertext length\n"
+ " pPart gets plaintext\n"
+ " pulPartLen gets plaintext len\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_SignEncryptUpdate",
+ F_C_SignEncryptUpdate,
+ "C_SignEncryptUpdate hSession pPart ulPartLen pEncryptedPart \\\n"
+ " pulEncryptedPartLen\n\n"
+ "C_SignEncryptUpdate continues a multiple-part signing and encryption\n"
+ "operation.\n"
+ " hSession session's handle\n"
+ " pPart the plaintext data\n"
+ " ulPartLen plaintext length\n"
+ " pEncryptedPart gets ciphertext\n"
+ " pulEncryptedPartLen gets c-text length\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_DecryptVerifyUpdate",
+ F_C_DecryptVerifyUpdate,
+ "C_DecryptVerifyUpdate hSession pEncryptedPart ulEncryptedPartLen pPart \\\n"
+ " pulPartLen\n\n"
+ "C_DecryptVerifyUpdate continues a multiple-part decryption and verify\n"
+ "operation.\n"
+ " hSession session's handle\n"
+ " pEncryptedPart ciphertext\n"
+ " ulEncryptedPartLen ciphertext length\n"
+ " pPart gets plaintext\n"
+ " pulPartLen gets p-text length\n",
+ { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_GenerateKeyPair",
+ F_C_GenerateKeyPair,
+ "C_GenerateKeyPair hSession pMechanism pPublicKeyTemplate \\\n"
+ " ulPublicKeyAttributeCount pPrivateKeyTemplate ulPrivateKeyAttributeCount \\\n"
+ " phPublicKey phPrivateKey\n\n"
+ "C_GenerateKeyPair generates a public-key/private-key pair creating new key\n"
+ "objects.\n"
+ " hSession sessionhandle\n"
+ " pMechanism key-genmech.\n"
+ " pPublicKeyTemplate templatefor pub. key\n"
+ " ulPublicKeyAttributeCount # pub. attrs.\n"
+ " pPrivateKeyTemplate templatefor priv. key\n"
+ " ulPrivateKeyAttributeCount # priv. attrs.\n"
+ " phPublicKey gets pub. keyhandle\n"
+ " phPrivateKey getspriv. keyhandle\n",
+ { ArgULong, ArgMechanism, ArgAttribute | ArgArray, ArgULong,
+ ArgAttribute | ArgArray, ArgULong, ArgULong | ArgOut, ArgULong | ArgOut, ArgNone,
+ ArgNone } },
+ { "C_GenerateKey",
+ F_C_GenerateKey,
+ "C_GenerateKey hSession pMechanism pTemplate ulCount phKey\n\n"
+ "C_GenerateKey generates a secret key creating a new key object.\n"
+ " hSession the session's handle\n"
+ " pMechanism key generation mech.\n"
+ " pTemplate template for new key\n"
+ " ulCount # of attrs in template\n"
+ " phKey gets handle of new key\n",
+ { ArgULong, ArgMechanism, ArgAttribute | ArgArray, ArgULong, ArgULong | ArgOut,
+ ArgNone, ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_WrapKey",
+ F_C_WrapKey,
+ "C_WrapKey hSession pMechanism hWrappingKey hKey pWrappedKey pulWrappedKeyLen\n\n"
+ "C_WrapKey wraps (i.e. encrypts) a key.\n"
+ " hSession the session's handle\n"
+ " pMechanism the wrapping mechanism\n"
+ " hWrappingKey wrapping key\n"
+ " hKey key to be wrapped\n"
+ " pWrappedKey gets wrapped key\n"
+ " pulWrappedKeyLen gets wrapped key size\n",
+ { ArgULong, ArgMechanism, ArgULong, ArgULong, ArgULong, ArgChar | ArgOut,
+ ArgULong | ArgOut, ArgNone, ArgNone, ArgNone } },
+ { "C_UnwrapKey",
+ F_C_UnwrapKey,
+ "C_UnwrapKey hSession pMechanism hUnwrappingKey pWrappedKey ulWrappedKeyLen \\\n"
+ " pTemplate ulAttributeCount phKey\n\n"
+ "C_UnwrapKey unwraps (decrypts) a wrapped key creating a new key object.\n"
+ " hSession session's handle\n"
+ " pMechanism unwrapping mech.\n"
+ " hUnwrappingKey unwrapping key\n"
+ " pWrappedKey the wrapped key\n"
+ " ulWrappedKeyLen wrapped key len\n"
+ " pTemplate new key template\n"
+ " ulAttributeCount template length\n"
+ " phKey gets new handle\n",
+ { ArgULong, ArgMechanism, ArgULong, ArgChar, ArgULong, ArgAttribute | ArgArray,
+ ArgULong, ArgULong | ArgOut, ArgNone, ArgNone } },
+ { "C_DeriveKey",
+ F_C_DeriveKey,
+ "C_DeriveKey hSession pMechanism hBaseKey pTemplate ulAttributeCount phKey\n\n"
+ "C_DeriveKey derives a key from a base key creating a new key object.\n"
+ " hSession session's handle\n"
+ " pMechanism key deriv. mech.\n"
+ " hBaseKey base key\n"
+ " pTemplate new key template\n"
+ " ulAttributeCount template length\n"
+ " phKey gets new handle\n",
+ { ArgULong, ArgMechanism, ArgULong, ArgAttribute | ArgArray, ArgULong,
+ ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "C_SeedRandom",
+ F_C_SeedRandom,
+ "C_SeedRandom hSession pSeed ulSeedLen\n\n"
+ "C_SeedRandom mixes additional seed material into the token's random number\n"
+ "generator.\n"
+ " hSession the session's handle\n"
+ " pSeed the seed material\n"
+ " ulSeedLen length of seed material\n",
+ { ArgULong, ArgChar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_GenerateRandom",
+ F_C_GenerateRandom,
+ "C_GenerateRandom hSession RandomData ulRandomLen\n\n"
+ "C_GenerateRandom generates random data.\n"
+ " hSession the session's handle\n"
+ " RandomData receives the random data\n"
+ " ulRandomLen # of bytes to generate\n",
+ { ArgULong, ArgChar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_GetFunctionStatus",
+ F_C_GetFunctionStatus,
+ "C_GetFunctionStatus hSession\n\n"
+ "C_GetFunctionStatus is a legacy function; it obtains an updated status of\n"
+ "a function running in parallel with an application.\n"
+ " hSession the session's handle\n",
+ { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_CancelFunction",
+ F_C_CancelFunction,
+ "C_CancelFunction hSession\n\n"
+ "C_CancelFunction is a legacy function; it cancels a function running in\n"
+ "parallel.\n"
+ " hSession the session's handle\n",
+ { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "C_WaitForSlotEvent",
+ F_C_WaitForSlotEvent,
+ "C_WaitForSlotEvent flags pSlot pRserved\n\n"
+ "C_WaitForSlotEvent waits for a slot event (token insertion removal etc.)\n"
+ "to occur.\n"
+ " flags blocking/nonblocking flag\n"
+ " pSlot location that receives the slot ID\n"
+ " pRserved reserved. Should be NULL_PTR\n",
+ { ArgULong, ArgULong | ArgArray, ArgVar, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "NewArray",
+ F_NewArray,
+ "NewArray varName varType array size\n\n"
+ "Creates a new array variable.\n"
+ " varName variable name of the new array\n"
+ " varType data type of the new array\n"
+ " size number of elements in the array\n",
+ { ArgVar | ArgNew, ArgVar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "NewInitArg",
+ F_NewInitializeArgs,
+ "NewInitArg varName flags string\n\n"
+ "Creates a new init variable.\n"
+ " varName variable name of the new initArg\n"
+ " flags value to set the flags field\n"
+ " string string parameter for init arg\n",
+ { ArgVar | ArgNew, ArgULong, ArgVar | ArgNew, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "NewTemplate",
+ F_NewTemplate,
+ "NewTemplate varName attributeList\n\n"
+ "Create a new empty template and populate the attribute list\n"
+ " varName variable name of the new template\n"
+ " attributeList comma separated list of CKA_ATTRIBUTE types\n",
+ { ArgVar | ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "NewMechanism",
+ F_NewMechanism,
+ "NewMechanism varName mechanismType\n\n"
+ "Create a new CK_MECHANISM object with type NULL parameters and specified type\n"
+ " varName variable name of the new mechansim\n"
+ " mechanismType CKM_ mechanism type value to set int the type field\n",
+ { ArgVar | ArgNew, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "BuildTemplate",
+ F_BuildTemplate,
+ "BuildTemplate template\n\n"
+ "Allocates space for the value in a template which has the sizes filled in,\n"
+ "but no values allocated yet.\n"
+ " template variable name of the template\n",
+ { ArgAttribute, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "SetTemplate",
+ F_SetTemplate,
+ "SetTemplate template index value\n\n"
+ "Sets a particular element of a template to a CK_ULONG\n"
+ " template variable name of the template\n"
+ " index index into the template to the element to change\n"
+ " value 32 bit value to set in the template\n",
+ { ArgAttribute, ArgULong, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "SetString",
+ F_SetStringVar,
+ "SetString varName string\n\n"
+ "Sets a particular variable to a string value\n"
+ " variable variable name of new string\n"
+ " string String to set the variable to\n",
+ { ArgVar | ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "Set",
+ F_SetVar,
+ "Set varName value\n\n"
+ "Sets a particular variable to CK_ULONG\n"
+ " variable name of the new variable\n"
+ " value 32 bit value to set variable to\n",
+ { ArgVar | ArgNew, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "Print",
+ F_Print,
+ "Print varName\n\n"
+ "prints a variable\n"
+ " variable name of the variable to print\n",
+ { ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "Delete",
+ F_Delete,
+ "Delete varName\n\n"
+ "delete a variable\n"
+ " variable name of the variable to delete\n",
+ { ArgVar | ArgNew, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "Load",
+ F_Load,
+ "load libraryName\n\n"
+ "load a pkcs #11 module\n"
+ " libraryName Name of a shared library\n",
+ { ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "Save",
+ F_SaveVar,
+ "Save filename variable\n\n"
+ "Saves the binary value of 'variable' in file 'filename'\n"
+ " fileName target file to save the variable in\n"
+ " variable variable to save\n",
+ { ArgVar | ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "Restore",
+ F_RestoreVar,
+ "Restore filename variable\n\n"
+ "Restores a variable from a file\n"
+ " fileName target file to restore the variable from\n"
+ " variable variable to restore\n",
+ { ArgVar | ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "Increment",
+ F_Increment,
+ "Increment variable value\n\n"
+ "Increment a variable by value\n",
+ { ArgVar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "Decrement",
+ F_Decrement,
+ "Decrement variable value\n\n"
+ "Decrement a variable by value\n",
+ { ArgVar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "List",
+ F_List,
+ "List all the variables\n",
+ { ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "Unload",
+ F_Unload,
+ "Unload the currrently loaded PKCS #11 library\n",
+ { ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "Run",
+ F_Run,
+ "Run filename\n\n"
+ "reads filename as script of commands to execute\n",
+ { ArgVar | ArgNew, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "Time",
+ F_Time,
+ "Time pkcs11 command\n\n"
+ "Execute a pkcs #11 command and time the results\n",
+ { ArgVar | ArgFull, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "System",
+ F_System,
+ "Set System Flag",
+ { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
+ { "LoopRun",
+ F_Loop,
+ "LoopRun filename var start end step\n\n"
+ "Run in a loop. Loop exit if scrip does and explicit quit (Quit QuitIf etc.)",
+ { ArgVar | ArgNew, ArgVar | ArgNew, ArgULong, ArgULong, ArgULong, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone } },
+ { "Help",
+ F_Help,
+ "Help [command]\n\n"
+ "print general help, or help for a specific command\n",
+ { ArgVar | ArgOpt, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "QuitIf",
+ F_QuitIf,
+ "QuitIf arg1 comparator arg2\n\n"
+ "Exit from this program if Condition is valid, valid comparators:\n"
+ " < > <= >= = !=\n",
+ { ArgULong, ArgVar | ArgNew, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone } },
+ { "QuitIfString",
+ F_QuitIfString,
+ "QuitIfString arg1 comparator arg2\n\n"
+ "Exit from this program if Condition is valid, valid comparators:\n"
+ " = !=\n",
+ { ArgVar | ArgNew, ArgVar | ArgNew, ArgVar | ArgNew, ArgNone, ArgNone, ArgNone,
+ ArgNone, ArgNone, ArgNone, ArgNone } },
+ { "Quit",
+ F_Quit,
+ "Exit from this program",
+ { ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+ ArgNone } },
};
-const Commands *commands= &_commands[0];
+const Commands *commands = &_commands[0];
const int commandCount = sizeof(_commands) / sizeof(_commands[0]);
const Topics _topics[] = {
- { "variables",
-"Variables are random strings of characters. These should begin with alpha\n"
-" characters, and should not contain any spaces, nor should they match any\n"
-" built-in constants. There is some checking in the code for these things,\n"
-" but it's not 100% and using invalid variable names can cause problems.\n"
-" Variables are created by any 'OUT' parameter. If the variable does not\n"
-" exist, it will be created. For in parameters variables must already exist.\n"
- },
- { "constants",
-"pk11util recognizes *lots* of constants. All CKA_, CKF_, CKO_, CKU_, CKS_,\n"
-" CKC_, CKK_, CKH_, CKM_, CKT_ values from the PKCS #11 spec are recognized.\n"
-" Constants can be specified with their fully qualified CK?_ value, or the\n"
-" prefix can be dropped. Constants are matched case insensitve.\n"
- },
- { "arrays",
-"Arrays are special variables which represent 'C' arrays. Each array \n"
-" variable can be referenced as a group (using just the name), or as \n"
-" individual elements (with the [int] operator). Example:\n"
-" print myArray # prints the full array.\n"
-" print myArray[3] # prints the 3rd elemement of the array \n"
- },
- { "sizes",
-"Size operaters returns the size in bytes of a variable, or the number of\n"
-" elements in an array.\n"
-" size(var) and sizeof(var) return the size of var in bytes.\n"
-" sizea(var) and sizeofarray(var) return the number of elements in var.\n"
-" If var is not an array, sizea(var) returns 1.\n"
- },
+ { "variables",
+ "Variables are random strings of characters. These should begin with alpha\n"
+ " characters, and should not contain any spaces, nor should they match any\n"
+ " built-in constants. There is some checking in the code for these things,\n"
+ " but it's not 100% and using invalid variable names can cause problems.\n"
+ " Variables are created by any 'OUT' parameter. If the variable does not\n"
+ " exist, it will be created. For in parameters variables must already exist.\n" },
+ { "constants",
+ "pk11util recognizes *lots* of constants. All CKA_, CKF_, CKO_, CKU_, CKS_,\n"
+ " CKC_, CKK_, CKH_, CKM_, CKT_ values from the PKCS #11 spec are recognized.\n"
+ " Constants can be specified with their fully qualified CK?_ value, or the\n"
+ " prefix can be dropped. Constants are matched case insensitve.\n" },
+ { "arrays",
+ "Arrays are special variables which represent 'C' arrays. Each array \n"
+ " variable can be referenced as a group (using just the name), or as \n"
+ " individual elements (with the [int] operator). Example:\n"
+ " print myArray # prints the full array.\n"
+ " print myArray[3] # prints the 3rd elemement of the array \n" },
+ { "sizes",
+ "Size operaters returns the size in bytes of a variable, or the number of\n"
+ " elements in an array.\n"
+ " size(var) and sizeof(var) return the size of var in bytes.\n"
+ " sizea(var) and sizeofarray(var) return the number of elements in var.\n"
+ " If var is not an array, sizea(var) returns 1.\n" },
};
-const Topics *topics= &_topics[0];
+const Topics *topics = &_topics[0];
const int topicCount = sizeof(_topics) / sizeof(_topics[0]);
const char *
getName(CK_ULONG value, ConstType type)
{
unsigned int i;
-
- for (i=0; i < constCount; i++) {
+
+ for (i = 0; i < constCount; i++) {
if (consts[i].type == type && consts[i].value == value) {
return consts[i].name;
}
@@ -1409,12 +1503,15 @@ getNameFromAttribute(CK_ATTRIBUTE_TYPE type)
return getName(type, ConstAttribute);
}
-unsigned int totalKnownType(ConstType type) {
+unsigned int
+totalKnownType(ConstType type)
+{
unsigned int count = 0;
unsigned int i;
-
- for (i=0; i < constCount; i++) {
- if (consts[i].type == type) count++;
+
+ for (i = 0; i < constCount; i++) {
+ if (consts[i].type == type)
+ count++;
}
return count;
}
diff --git a/cmd/lib/pk11table.h b/cmd/lib/pk11table.h
index 0c4052ece..3dea8204d 100644
--- a/cmd/lib/pk11table.h
+++ b/cmd/lib/pk11table.h
@@ -63,7 +63,7 @@ typedef enum {
ArgMechanismInfo,
ArgInitializeArgs,
ArgFunctionList,
-/* Modifier Flags */
+ /* Modifier Flags */
ArgMask = 0xff,
ArgOut = 0x100,
ArgArray = 0x200,
@@ -74,8 +74,7 @@ typedef enum {
ArgFull = 0x4000
} ArgType;
-typedef enum _constType
-{
+typedef enum _constType {
ConstNone,
ConstBool,
ConstInfoFlags,
@@ -103,19 +102,19 @@ typedef struct _constant {
CK_ULONG value;
ConstType type;
ConstType attrType;
-} Constant ;
+} Constant;
/*
* Values structures.
*/
typedef struct _values {
- ArgType type;
- ConstType constType;
- int size;
- char *filename;
- void *data;
- int reference;
- int arraySize;
+ ArgType type;
+ ConstType constType;
+ int size;
+ char *filename;
+ void *data;
+ int reference;
+ int arraySize;
} Value;
/*
@@ -137,10 +136,10 @@ struct _variable {
* structure for master command array
*/
typedef struct _commands {
- char *fname;
- FunctionType fType;
- char *helpString;
- ArgType args[MAX_ARGS];
+ char *fname;
+ FunctionType fType;
+ char *helpString;
+ ArgType args[MAX_ARGS];
} Commands;
typedef struct _module {
@@ -149,8 +148,8 @@ typedef struct _module {
} Module;
typedef struct _topics {
- char *name;
- char *helpString;
+ char *name;
+ char *helpString;
} Topics;
/*
@@ -177,4 +176,3 @@ getNameFromAttribute(CK_ATTRIBUTE_TYPE type);
extern unsigned int totalKnownType(ConstType type);
#endif /* _PK11_TABLE_H_ */
-
diff --git a/cmd/lib/pppolicy.c b/cmd/lib/pppolicy.c
index 7a5bd0b77..aaf45599d 100644
--- a/cmd/lib/pppolicy.c
+++ b/cmd/lib/pppolicy.c
@@ -17,45 +17,44 @@
#include "secutil.h"
/* This implementation is derived from the one in nss/lib/certdb/policyxtn.c .
-** The chief difference is the addition of the OPTIONAL flag to many
-** parts. The idea is to be able to parse and print as much of the
+** The chief difference is the addition of the OPTIONAL flag to many
+** parts. The idea is to be able to parse and print as much of the
** policy extension as possible, even if some parts are invalid.
**
** If this approach still is unable to decode policy extensions that
-** contain invalid parts, then the next approach will be to parse
-** the PolicyInfos as a SEQUENCE of ANYs, and then parse each of them
+** contain invalid parts, then the next approach will be to parse
+** the PolicyInfos as a SEQUENCE of ANYs, and then parse each of them
** as PolicyInfos, with the PolicyQualifiers being ANYs, and finally
** parse each of the PolicyQualifiers.
*/
static const SEC_ASN1Template secu_PolicyQualifierTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTPolicyQualifier) },
+ 0, NULL, sizeof(CERTPolicyQualifier) },
{ SEC_ASN1_OBJECT_ID,
- offsetof(CERTPolicyQualifier, qualifierID) },
+ offsetof(CERTPolicyQualifier, qualifierID) },
{ SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
- offsetof(CERTPolicyQualifier, qualifierValue) },
+ offsetof(CERTPolicyQualifier, qualifierValue) },
{ 0 }
};
static const SEC_ASN1Template secu_PolicyInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTPolicyInfo) },
+ 0, NULL, sizeof(CERTPolicyInfo) },
{ SEC_ASN1_OBJECT_ID,
- offsetof(CERTPolicyInfo, policyID) },
+ offsetof(CERTPolicyInfo, policyID) },
{ SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL,
- offsetof(CERTPolicyInfo, policyQualifiers),
- secu_PolicyQualifierTemplate },
+ offsetof(CERTPolicyInfo, policyQualifiers),
+ secu_PolicyQualifierTemplate },
{ 0 }
};
static const SEC_ASN1Template secu_CertificatePoliciesTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTCertificatePolicies, policyInfos),
- secu_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) }
+ offsetof(CERTCertificatePolicies, policyInfos),
+ secu_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) }
};
-
static CERTCertificatePolicies *
secu_DecodeCertificatePoliciesExtension(SECItem *extnValue)
{
@@ -65,201 +64,200 @@ secu_DecodeCertificatePoliciesExtension(SECItem *extnValue)
CERTPolicyInfo **policyInfos, *policyInfo;
CERTPolicyQualifier **policyQualifiers, *policyQualifier;
SECItem newExtnValue;
-
+
/* make a new arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- goto loser;
+
+ if (!arena) {
+ goto loser;
}
/* allocate the certifiate policies structure */
policies = PORT_ArenaZNew(arena, CERTCertificatePolicies);
- if ( policies == NULL ) {
- goto loser;
+ if (policies == NULL) {
+ goto loser;
}
-
+
policies->arena = arena;
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
/* decode the policy info */
- rv = SEC_QuickDERDecodeItem(arena, policies,
+ rv = SEC_QuickDERDecodeItem(arena, policies,
secu_CertificatePoliciesTemplate,
- &newExtnValue);
+ &newExtnValue);
- if ( rv != SECSuccess ) {
- goto loser;
+ if (rv != SECSuccess) {
+ goto loser;
}
/* initialize the oid tags */
policyInfos = policies->policyInfos;
- while (policyInfos != NULL && *policyInfos != NULL ) {
- policyInfo = *policyInfos;
- policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
- policyQualifiers = policyInfo->policyQualifiers;
- while ( policyQualifiers && *policyQualifiers != NULL ) {
- policyQualifier = *policyQualifiers;
- policyQualifier->oid =
- SECOID_FindOIDTag(&policyQualifier->qualifierID);
- policyQualifiers++;
- }
- policyInfos++;
+ while (policyInfos != NULL && *policyInfos != NULL) {
+ policyInfo = *policyInfos;
+ policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
+ policyQualifiers = policyInfo->policyQualifiers;
+ while (policyQualifiers && *policyQualifiers != NULL) {
+ policyQualifier = *policyQualifiers;
+ policyQualifier->oid =
+ SECOID_FindOIDTag(&policyQualifier->qualifierID);
+ policyQualifiers++;
+ }
+ policyInfos++;
}
- return(policies);
-
+ return (policies);
+
loser:
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
+ if (arena != NULL) {
+ PORT_FreeArena(arena, PR_FALSE);
}
-
- return(NULL);
-}
+ return (NULL);
+}
static char *
itemToString(SECItem *item)
{
char *string;
- string = PORT_ZAlloc(item->len+1);
- if (string == NULL) return NULL;
- PORT_Memcpy(string,item->data,item->len);
+ string = PORT_ZAlloc(item->len + 1);
+ if (string == NULL)
+ return NULL;
+ PORT_Memcpy(string, item->data, item->len);
string[item->len] = 0;
return string;
}
static SECStatus
-secu_PrintUserNoticeQualifier(FILE *out, SECItem * qualifierValue,
+secu_PrintUserNoticeQualifier(FILE *out, SECItem *qualifierValue,
char *msg, int level)
{
CERTUserNotice *userNotice = NULL;
if (qualifierValue)
- userNotice = CERT_DecodeUserNotice(qualifierValue);
+ userNotice = CERT_DecodeUserNotice(qualifierValue);
if (userNotice) {
- if (userNotice->noticeReference.organization.len != 0) {
- char *string =
- itemToString(&userNotice->noticeReference.organization);
+ if (userNotice->noticeReference.organization.len != 0) {
+ char *string =
+ itemToString(&userNotice->noticeReference.organization);
SECItem **itemList = userNotice->noticeReference.noticeNumbers;
- while (itemList && *itemList) {
- SECU_PrintInteger(out,*itemList,string,level+1);
- itemList++;
- }
- PORT_Free(string);
- }
- if (userNotice->displayText.len != 0) {
- SECU_PrintString(out,&userNotice->displayText,
- "Display Text", level+1);
- }
- CERT_DestroyUserNotice(userNotice);
- return SECSuccess;
+ while (itemList && *itemList) {
+ SECU_PrintInteger(out, *itemList, string, level + 1);
+ itemList++;
+ }
+ PORT_Free(string);
+ }
+ if (userNotice->displayText.len != 0) {
+ SECU_PrintString(out, &userNotice->displayText,
+ "Display Text", level + 1);
+ }
+ CERT_DestroyUserNotice(userNotice);
+ return SECSuccess;
}
- return SECFailure; /* caller will print this value */
+ return SECFailure; /* caller will print this value */
}
static SECStatus
-secu_PrintPolicyQualifier(FILE *out,CERTPolicyQualifier *policyQualifier,
- char *msg,int level)
+secu_PrintPolicyQualifier(FILE *out, CERTPolicyQualifier *policyQualifier,
+ char *msg, int level)
{
- SECStatus rv;
- SECItem * qualifierValue = &policyQualifier->qualifierValue;
-
- SECU_PrintObjectID(out, &policyQualifier->qualifierID ,
- "Policy Qualifier Name", level);
- if (!qualifierValue->data) {
- SECU_Indent(out, level);
- fprintf(out,"Error: missing qualifier\n");
- } else
- switch (policyQualifier->oid) {
- case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
- rv = secu_PrintUserNoticeQualifier(out, qualifierValue, msg, level);
- if (SECSuccess == rv)
- break;
- /* fall through on error */
- case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
- default:
- SECU_PrintAny(out, qualifierValue, "Policy Qualifier Data", level);
- break;
- }
- return SECSuccess;
+ SECStatus rv;
+ SECItem *qualifierValue = &policyQualifier->qualifierValue;
+
+ SECU_PrintObjectID(out, &policyQualifier->qualifierID,
+ "Policy Qualifier Name", level);
+ if (!qualifierValue->data) {
+ SECU_Indent(out, level);
+ fprintf(out, "Error: missing qualifier\n");
+ } else
+ switch (policyQualifier->oid) {
+ case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
+ rv = secu_PrintUserNoticeQualifier(out, qualifierValue, msg, level);
+ if (SECSuccess == rv)
+ break;
+ /* fall through on error */
+ case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
+ default:
+ SECU_PrintAny(out, qualifierValue, "Policy Qualifier Data", level);
+ break;
+ }
+ return SECSuccess;
}
static SECStatus
-secu_PrintPolicyInfo(FILE *out,CERTPolicyInfo *policyInfo,char *msg,int level)
+secu_PrintPolicyInfo(FILE *out, CERTPolicyInfo *policyInfo, char *msg, int level)
{
- CERTPolicyQualifier **policyQualifiers;
-
- policyQualifiers = policyInfo->policyQualifiers;
- SECU_PrintObjectID(out, &policyInfo->policyID , "Policy Name", level);
-
- while (policyQualifiers && *policyQualifiers != NULL) {
- secu_PrintPolicyQualifier(out,*policyQualifiers,"",level+1);
- policyQualifiers++;
- }
- return SECSuccess;
+ CERTPolicyQualifier **policyQualifiers;
+
+ policyQualifiers = policyInfo->policyQualifiers;
+ SECU_PrintObjectID(out, &policyInfo->policyID, "Policy Name", level);
+
+ while (policyQualifiers && *policyQualifiers != NULL) {
+ secu_PrintPolicyQualifier(out, *policyQualifiers, "", level + 1);
+ policyQualifiers++;
+ }
+ return SECSuccess;
}
void
SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level)
{
- CERTCertificatePolicies *policies = NULL;
- CERTPolicyInfo **policyInfos;
-
- if (msg) {
- SECU_Indent(out, level);
- fprintf(out,"%s: \n",msg);
- level++;
- }
- policies = secu_DecodeCertificatePoliciesExtension(value);
- if (policies == NULL) {
- SECU_PrintAny(out, value, "Invalid Policy Data", level);
- return;
- }
-
- policyInfos = policies->policyInfos;
- while (policyInfos && *policyInfos != NULL) {
- secu_PrintPolicyInfo(out,*policyInfos,"",level);
- policyInfos++;
- }
-
- CERT_DestroyCertificatePoliciesExtension(policies);
-}
+ CERTCertificatePolicies *policies = NULL;
+ CERTPolicyInfo **policyInfos;
+
+ if (msg) {
+ SECU_Indent(out, level);
+ fprintf(out, "%s: \n", msg);
+ level++;
+ }
+ policies = secu_DecodeCertificatePoliciesExtension(value);
+ if (policies == NULL) {
+ SECU_PrintAny(out, value, "Invalid Policy Data", level);
+ return;
+ }
+ policyInfos = policies->policyInfos;
+ while (policyInfos && *policyInfos != NULL) {
+ secu_PrintPolicyInfo(out, *policyInfos, "", level);
+ policyInfos++;
+ }
+
+ CERT_DestroyCertificatePoliciesExtension(policies);
+}
void
-SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
- char *msg, int level)
+SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
+ char *msg, int level)
{
- CERTPrivKeyUsagePeriod * prd;
- PLArenaPool * arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ CERTPrivKeyUsagePeriod *prd;
+ PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- goto loser;
+ if (!arena) {
+ goto loser;
}
prd = CERT_DecodePrivKeyUsagePeriodExtension(arena, value);
if (!prd) {
- goto loser;
+ goto loser;
}
if (prd->notBefore.data) {
- SECU_PrintGeneralizedTime(out, &prd->notBefore, "Not Before", level);
+ SECU_PrintGeneralizedTime(out, &prd->notBefore, "Not Before", level);
}
if (prd->notAfter.data) {
- SECU_PrintGeneralizedTime(out, &prd->notAfter, "Not After ", level);
+ SECU_PrintGeneralizedTime(out, &prd->notAfter, "Not After ", level);
}
if (!prd->notBefore.data && !prd->notAfter.data) {
- SECU_Indent(out, level);
- fprintf(out, "Error: notBefore or notAfter MUST be present.\n");
-loser:
- SECU_PrintAny(out, value, msg, level);
+ SECU_Indent(out, level);
+ fprintf(out, "Error: notBefore or notAfter MUST be present.\n");
+ loser:
+ SECU_PrintAny(out, value, msg, level);
}
if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
}
diff --git a/cmd/lib/secpwd.c b/cmd/lib/secpwd.c
index d78e56ccd..7e99b2757 100644
--- a/cmd/lib/secpwd.c
+++ b/cmd/lib/secpwd.c
@@ -8,123 +8,126 @@
* (They are part of the security library as a whole, but they are
* NOT USED BY THE CLIENT.) Do not change things on behalf of the
* client (like localizing strings), or add things that are only
- * for the client (put them elsewhere).
+ * for the client (put them elsewhere).
*/
-
#ifdef XP_UNIX
#include <termios.h>
#endif
#if defined(XP_UNIX) || defined(XP_BEOS)
-#include <unistd.h> /* for isatty() */
+#include <unistd.h> /* for isatty() */
#endif
#if defined(_WINDOWS)
#include <conio.h>
#include <io.h>
#define QUIET_FGETS quiet_fgets
-static char * quiet_fgets (char *buf, int length, FILE *input);
+static char *quiet_fgets(char *buf, int length, FILE *input);
#else
#define QUIET_FGETS fgets
#endif
-static void echoOff(int fd)
+static void
+echoOff(int fd)
{
#if defined(XP_UNIX)
if (isatty(fd)) {
- struct termios tio;
- tcgetattr(fd, &tio);
- tio.c_lflag &= ~ECHO;
- tcsetattr(fd, TCSAFLUSH, &tio);
+ struct termios tio;
+ tcgetattr(fd, &tio);
+ tio.c_lflag &= ~ECHO;
+ tcsetattr(fd, TCSAFLUSH, &tio);
}
#endif
}
-static void echoOn(int fd)
+static void
+echoOn(int fd)
{
#if defined(XP_UNIX)
if (isatty(fd)) {
- struct termios tio;
- tcgetattr(fd, &tio);
- tio.c_lflag |= ECHO;
- tcsetattr(fd, TCSAFLUSH, &tio);
+ struct termios tio;
+ tcgetattr(fd, &tio);
+ tio.c_lflag |= ECHO;
+ tcsetattr(fd, TCSAFLUSH, &tio);
}
#endif
}
-char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
- PRBool (*ok)(char *))
+char *
+SEC_GetPassword(FILE *input, FILE *output, char *prompt,
+ PRBool (*ok)(char *))
{
#if defined(_WINDOWS)
int isTTY = (input == stdin);
#define echoOn(x)
#define echoOff(x)
#else
- int infd = fileno(input);
+ int infd = fileno(input);
int isTTY = isatty(infd);
#endif
- char phrase[200] = {'\0'}; /* ensure EOF doesn't return junk */
+ char phrase[200] = { '\0' }; /* ensure EOF doesn't return junk */
for (;;) {
- /* Prompt for password */
- if (isTTY) {
- fprintf(output, "%s", prompt);
- fflush (output);
- echoOff(infd);
- }
-
- if (QUIET_FGETS(phrase, sizeof(phrase), input) == NULL) {
+ /* Prompt for password */
+ if (isTTY) {
+ fprintf(output, "%s", prompt);
+ fflush(output);
+ echoOff(infd);
+ }
+
+ if (QUIET_FGETS(phrase, sizeof(phrase), input) == NULL) {
return NULL;
}
- if (isTTY) {
- fprintf(output, "\n");
- echoOn(infd);
- }
-
- /* stomp on newline */
- phrase[PORT_Strlen(phrase)-1] = 0;
-
- /* Validate password */
- if (!(*ok)(phrase)) {
- /* Not weird enough */
- if (!isTTY) return NULL;
- fprintf(output, "Password must be at least 8 characters long with one or more\n");
- fprintf(output, "non-alphabetic characters\n");
- continue;
- }
- return (char*) PORT_Strdup(phrase);
+ if (isTTY) {
+ fprintf(output, "\n");
+ echoOn(infd);
+ }
+
+ /* stomp on newline */
+ phrase[PORT_Strlen(phrase) - 1] = 0;
+
+ /* Validate password */
+ if (!(*ok)(phrase)) {
+ /* Not weird enough */
+ if (!isTTY)
+ return NULL;
+ fprintf(output, "Password must be at least 8 characters long with one or more\n");
+ fprintf(output, "non-alphabetic characters\n");
+ continue;
+ }
+ return (char *)PORT_Strdup(phrase);
}
}
-
-
-PRBool SEC_CheckPassword(char *cp)
+PRBool
+SEC_CheckPassword(char *cp)
{
int len;
char *end;
len = PORT_Strlen(cp);
if (len < 8) {
- return PR_FALSE;
+ return PR_FALSE;
}
end = cp + len;
while (cp < end) {
- unsigned char ch = *cp++;
- if (!((ch >= 'A') && (ch <= 'Z')) &&
- !((ch >= 'a') && (ch <= 'z'))) {
- /* pass phrase has at least one non alphabetic in it */
- return PR_TRUE;
- }
+ unsigned char ch = *cp++;
+ if (!((ch >= 'A') && (ch <= 'Z')) &&
+ !((ch >= 'a') && (ch <= 'z'))) {
+ /* pass phrase has at least one non alphabetic in it */
+ return PR_TRUE;
+ }
}
return PR_FALSE;
}
-PRBool SEC_BlindCheckPassword(char *cp)
+PRBool
+SEC_BlindCheckPassword(char *cp)
{
if (cp != NULL) {
- return PR_TRUE;
+ return PR_TRUE;
}
return PR_FALSE;
}
@@ -132,35 +135,34 @@ PRBool SEC_BlindCheckPassword(char *cp)
/* Get a password from the input terminal, without echoing */
#if defined(_WINDOWS)
-static char * quiet_fgets (char *buf, int length, FILE *input)
- {
- int c;
- char *end = buf;
+static char *
+quiet_fgets(char *buf, int length, FILE *input)
+{
+ int c;
+ char *end = buf;
- /* fflush (input); */
- memset (buf, 0, length);
+ /* fflush (input); */
+ memset(buf, 0, length);
- if (!isatty(fileno(input))) {
- return fgets(buf,length,input);
- }
+ if (!isatty(fileno(input))) {
+ return fgets(buf, length, input);
+ }
- while (1)
- {
- c = getch(); /* getch gets a character from the console */
+ while (1) {
+ c = getch(); /* getch gets a character from the console */
- if (c == '\b')
- {
- if (end > buf)
- end--;
- }
+ if (c == '\b') {
+ if (end > buf)
+ end--;
+ }
- else if (--length > 0)
- *end++ = c;
+ else if (--length > 0)
+ *end++ = c;
- if (!c || c == '\n' || c == '\r')
- break;
+ if (!c || c == '\n' || c == '\r')
+ break;
}
- return buf;
- }
+ return buf;
+}
#endif
diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c
index 754f73876..d59ed775d 100644
--- a/cmd/lib/secutil.c
+++ b/cmd/lib/secutil.c
@@ -36,7 +36,7 @@
#include "pk11func.h"
#include "secoid.h"
-static char consoleName[] = {
+static char consoleName[] = {
#ifdef XP_UNIX
"/dev/tty"
#else
@@ -70,8 +70,8 @@ static void
secu_ClearPassword(char *p)
{
if (p) {
- PORT_Memset(p, 0, PORT_Strlen(p));
- PORT_Free(p);
+ PORT_Memset(p, 0, PORT_Strlen(p));
+ PORT_Free(p);
}
}
@@ -85,19 +85,18 @@ SECU_GetPasswordString(void *arg, char *prompt)
/* open terminal */
input = fopen(consoleName, "r");
if (input == NULL) {
- fprintf(stderr, "Error opening input terminal for read\n");
- return NULL;
+ fprintf(stderr, "Error opening input terminal for read\n");
+ return NULL;
}
output = fopen(consoleName, "w");
if (output == NULL) {
- fprintf(stderr, "Error opening output terminal for write\n");
- fclose(input);
- return NULL;
+ fprintf(stderr, "Error opening output terminal for write\n");
+ fclose(input);
+ return NULL;
}
- p = SEC_GetPassword (input, output, prompt, SEC_BlindCheckPassword);
-
+ p = SEC_GetPassword(input, output, prompt, SEC_BlindCheckPassword);
fclose(input);
fclose(output);
@@ -110,38 +109,37 @@ SECU_GetPasswordString(void *arg, char *prompt)
char *p = NULL;
- p = SEC_GetPassword (stdin, stdout, prompt, SEC_BlindCheckPassword);
+ p = SEC_GetPassword(stdin, stdout, prompt, SEC_BlindCheckPassword);
return p;
#endif
}
-
/*
- * p a s s w o r d _ h a r d c o d e
+ * p a s s w o r d _ h a r d c o d e
*
* A function to use the password passed in the -f(pwfile) argument
- * of the command line.
+ * of the command line.
* After use once, null it out otherwise PKCS11 calls us forever.?
*
*/
char *
SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
{
- char* phrases, *phrase;
+ char *phrases, *phrase;
PRFileDesc *fd;
PRInt32 nb;
char *pwFile = arg;
int i;
const long maxPwdFileSize = 4096;
- char* tokenName = NULL;
+ char *tokenName = NULL;
int tokenLen = 0;
if (!pwFile)
- return 0;
+ return 0;
if (retry) {
- return 0; /* no good retrying - the files contents will be the same */
+ return 0; /* no good retrying - the files contents will be the same */
}
phrases = PORT_ZAlloc(maxPwdFileSize);
@@ -149,20 +147,20 @@ SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
if (!phrases) {
return 0; /* out of memory */
}
-
+
fd = PR_Open(pwFile, PR_RDONLY, 0);
if (!fd) {
- fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
+ fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
PORT_Free(phrases);
- return NULL;
+ return NULL;
}
nb = PR_Read(fd, phrases, maxPwdFileSize);
-
+
PR_Close(fd);
if (nb == 0) {
- fprintf(stderr,"password file contains no data\n");
+ fprintf(stderr, "password file contains no data\n");
PORT_Free(phrases);
return NULL;
}
@@ -174,39 +172,42 @@ SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
}
}
i = 0;
- do
- {
+ do {
int startphrase = i;
int phraseLen;
/* handle the Windows EOL case */
- while (phrases[i] != '\r' && phrases[i] != '\n' && i < nb) i++;
+ while (phrases[i] != '\r' && phrases[i] != '\n' && i < nb)
+ i++;
/* terminate passphrase */
phrases[i++] = '\0';
/* clean up any EOL before the start of the next passphrase */
- while ( (i<nb) && (phrases[i] == '\r' || phrases[i] == '\n')) {
+ while ((i < nb) && (phrases[i] == '\r' || phrases[i] == '\n')) {
phrases[i++] = '\0';
}
/* now analyze the current passphrase */
phrase = &phrases[startphrase];
if (!tokenName)
break;
- if (PORT_Strncmp(phrase, tokenName, tokenLen)) continue;
+ if (PORT_Strncmp(phrase, tokenName, tokenLen))
+ continue;
phraseLen = PORT_Strlen(phrase);
- if (phraseLen < (tokenLen+1)) continue;
- if (phrase[tokenLen] != ':') continue;
- phrase = &phrase[tokenLen+1];
+ if (phraseLen < (tokenLen + 1))
+ continue;
+ if (phrase[tokenLen] != ':')
+ continue;
+ phrase = &phrase[tokenLen + 1];
break;
- } while (i<nb);
+ } while (i < nb);
- phrase = PORT_Strdup((char*)phrase);
+ phrase = PORT_Strdup((char *)phrase);
PORT_Free(phrases);
return phrase;
}
char *
-SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
+SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
{
char prompt[255];
secuPWData *pwdata = (secuPWData *)arg;
@@ -215,40 +216,40 @@ SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
char *pw;
if (pwdata == NULL)
- pwdata = &pwnull;
+ pwdata = &pwnull;
if (PK11_ProtectedAuthenticationPath(slot)) {
- pwdata = &pwxtrn;
+ pwdata = &pwxtrn;
}
if (retry && pwdata->source != PW_NONE) {
- PR_fprintf(PR_STDERR, "Incorrect password/PIN entered.\n");
- return NULL;
+ PR_fprintf(PR_STDERR, "Incorrect password/PIN entered.\n");
+ return NULL;
}
switch (pwdata->source) {
- case PW_NONE:
- sprintf(prompt, "Enter Password or Pin for \"%s\":",
- PK11_GetTokenName(slot));
- return SECU_GetPasswordString(NULL, prompt);
- case PW_FROMFILE:
- /* Instead of opening and closing the file every time, get the pw
- * once, then keep it in memory (duh).
- */
- pw = SECU_FilePasswd(slot, retry, pwdata->data);
- pwdata->source = PW_PLAINTEXT;
- pwdata->data = PL_strdup(pw);
- /* it's already been dup'ed */
- return pw;
- case PW_EXTERNAL:
- sprintf(prompt,
- "Press Enter, then enter PIN for \"%s\" on external device.\n",
- PK11_GetTokenName(slot));
- (void) SECU_GetPasswordString(NULL, prompt);
- /* Fall Through */
- case PW_PLAINTEXT:
- return PL_strdup(pwdata->data);
- default:
- break;
+ case PW_NONE:
+ sprintf(prompt, "Enter Password or Pin for \"%s\":",
+ PK11_GetTokenName(slot));
+ return SECU_GetPasswordString(NULL, prompt);
+ case PW_FROMFILE:
+ /* Instead of opening and closing the file every time, get the pw
+ * once, then keep it in memory (duh).
+ */
+ pw = SECU_FilePasswd(slot, retry, pwdata->data);
+ pwdata->source = PW_PLAINTEXT;
+ pwdata->data = PL_strdup(pw);
+ /* it's already been dup'ed */
+ return pw;
+ case PW_EXTERNAL:
+ sprintf(prompt,
+ "Press Enter, then enter PIN for \"%s\" on external device.\n",
+ PK11_GetTokenName(slot));
+ (void)SECU_GetPasswordString(NULL, prompt);
+ /* Fall Through */
+ case PW_PLAINTEXT:
+ return PL_strdup(pwdata->data);
+ default:
+ break;
}
PR_fprintf(PR_STDERR, "Password check failed: No password found.\n");
@@ -264,59 +265,58 @@ secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
secuPWData *pwdata = arg;
if (pwdata->source == PW_FROMFILE) {
- return SECU_FilePasswd(slot, retry, pwdata->data);
- }
+ return SECU_FilePasswd(slot, retry, pwdata->data);
+ }
if (pwdata->source == PW_PLAINTEXT) {
- return PL_strdup(pwdata->data);
+ return PL_strdup(pwdata->data);
}
-
- /* PW_NONE - get it from tty */
- /* open terminal */
+
+/* PW_NONE - get it from tty */
+/* open terminal */
#ifdef _WINDOWS
input = stdin;
#else
input = fopen(consoleName, "r");
#endif
if (input == NULL) {
- PR_fprintf(PR_STDERR, "Error opening input terminal for read\n");
- return NULL;
+ PR_fprintf(PR_STDERR, "Error opening input terminal for read\n");
+ return NULL;
}
/* we have no password, so initialize database with one */
- PR_fprintf(PR_STDERR,
- "Enter a password which will be used to encrypt your keys.\n"
- "The password should be at least 8 characters long,\n"
- "and should contain at least one non-alphabetic character.\n\n");
+ PR_fprintf(PR_STDERR,
+ "Enter a password which will be used to encrypt your keys.\n"
+ "The password should be at least 8 characters long,\n"
+ "and should contain at least one non-alphabetic character.\n\n");
output = fopen(consoleName, "w");
if (output == NULL) {
- PR_fprintf(PR_STDERR, "Error opening output terminal for write\n");
+ PR_fprintf(PR_STDERR, "Error opening output terminal for write\n");
#ifndef _WINDOWS
- fclose(input);
+ fclose(input);
#endif
- return NULL;
+ return NULL;
}
-
for (;;) {
- if (p0)
- PORT_Free(p0);
- p0 = SEC_GetPassword(input, output, "Enter new password: ",
- SEC_BlindCheckPassword);
-
- if (p1)
- PORT_Free(p1);
- p1 = SEC_GetPassword(input, output, "Re-enter password: ",
- SEC_BlindCheckPassword);
- if (p0 && p1 && !PORT_Strcmp(p0, p1)) {
- break;
- }
- PR_fprintf(PR_STDERR, "Passwords do not match. Try again.\n");
- }
-
+ if (p0)
+ PORT_Free(p0);
+ p0 = SEC_GetPassword(input, output, "Enter new password: ",
+ SEC_BlindCheckPassword);
+
+ if (p1)
+ PORT_Free(p1);
+ p1 = SEC_GetPassword(input, output, "Re-enter password: ",
+ SEC_BlindCheckPassword);
+ if (p0 && p1 && !PORT_Strcmp(p0, p1)) {
+ break;
+ }
+ PR_fprintf(PR_STDERR, "Passwords do not match. Try again.\n");
+ }
+
/* clear out the duplicate password string */
secu_ClearPassword(p1);
-
+
fclose(input);
fclose(output);
@@ -331,64 +331,64 @@ SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile)
SECStatus
SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass,
- char *oldPwFile, char *newPwFile)
+ char *oldPwFile, char *newPwFile)
{
SECStatus rv;
secuPWData pwdata, newpwdata;
char *oldpw = NULL, *newpw = NULL;
if (oldPass) {
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = oldPass;
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = oldPass;
} else if (oldPwFile) {
- pwdata.source = PW_FROMFILE;
- pwdata.data = oldPwFile;
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = oldPwFile;
} else {
- pwdata.source = PW_NONE;
- pwdata.data = NULL;
+ pwdata.source = PW_NONE;
+ pwdata.data = NULL;
}
if (newPass) {
- newpwdata.source = PW_PLAINTEXT;
- newpwdata.data = newPass;
+ newpwdata.source = PW_PLAINTEXT;
+ newpwdata.data = newPass;
} else if (newPwFile) {
- newpwdata.source = PW_FROMFILE;
- newpwdata.data = newPwFile;
+ newpwdata.source = PW_FROMFILE;
+ newpwdata.data = newPwFile;
} else {
- newpwdata.source = PW_NONE;
- newpwdata.data = NULL;
+ newpwdata.source = PW_NONE;
+ newpwdata.data = NULL;
}
if (PK11_NeedUserInit(slot)) {
- newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata);
- rv = PK11_InitPin(slot, (char*)NULL, newpw);
- goto done;
+ newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata);
+ rv = PK11_InitPin(slot, (char *)NULL, newpw);
+ goto done;
}
for (;;) {
- oldpw = SECU_GetModulePassword(slot, PR_FALSE, &pwdata);
-
- if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
- if (pwdata.source == PW_NONE) {
- PR_fprintf(PR_STDERR, "Invalid password. Try again.\n");
- } else {
- PR_fprintf(PR_STDERR, "Invalid password.\n");
- PORT_Memset(oldpw, 0, PL_strlen(oldpw));
- PORT_Free(oldpw);
- rv = SECFailure;
+ oldpw = SECU_GetModulePassword(slot, PR_FALSE, &pwdata);
+
+ if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
+ if (pwdata.source == PW_NONE) {
+ PR_fprintf(PR_STDERR, "Invalid password. Try again.\n");
+ } else {
+ PR_fprintf(PR_STDERR, "Invalid password.\n");
+ PORT_Memset(oldpw, 0, PL_strlen(oldpw));
+ PORT_Free(oldpw);
+ rv = SECFailure;
goto done;
- }
- } else
- break;
+ }
+ } else
+ break;
- PORT_Free(oldpw);
+ PORT_Free(oldpw);
}
newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata);
rv = PK11_ChangePW(slot, oldpw, newpw);
if (rv != SECSuccess) {
- PR_fprintf(PR_STDERR, "Failed to change password.\n");
+ PR_fprintf(PR_STDERR, "Failed to change password.\n");
} else {
PR_fprintf(PR_STDOUT, "Password changed successfully.\n");
}
@@ -418,15 +418,15 @@ SECU_DefaultSSLDir(void)
dir = PR_GetEnvSecure("SSL_DIR");
if (!dir)
- return NULL;
+ return NULL;
if (strlen(dir) >= PR_ARRAY_SIZE(sslDir)) {
- return NULL;
+ return NULL;
}
sprintf(sslDir, "%s", dir);
- if (sslDir[strlen(sslDir)-1] == '/')
- sslDir[strlen(sslDir)-1] = 0;
+ if (sslDir[strlen(sslDir) - 1] == '/')
+ sslDir[strlen(sslDir) - 1] = 0;
return sslDir;
}
@@ -436,39 +436,39 @@ SECU_AppendFilenameToDir(char *dir, char *filename)
{
static char path[1000];
- if (dir[strlen(dir)-1] == '/')
- sprintf(path, "%s%s", dir, filename);
+ if (dir[strlen(dir) - 1] == '/')
+ sprintf(path, "%s%s", dir, filename);
else
- sprintf(path, "%s/%s", dir, filename);
+ sprintf(path, "%s/%s", dir, filename);
return path;
}
char *
-SECU_ConfigDirectory(const char* base)
+SECU_ConfigDirectory(const char *base)
{
static PRBool initted = PR_FALSE;
const char *dir = ".netscape";
char *home;
static char buf[1000];
- if (initted) return buf;
-
+ if (initted)
+ return buf;
if (base == NULL || *base == 0) {
- home = PR_GetEnvSecure("HOME");
- if (!home) home = "";
+ home = PR_GetEnvSecure("HOME");
+ if (!home)
+ home = "";
- if (*home && home[strlen(home) - 1] == '/')
- sprintf (buf, "%.900s%s", home, dir);
- else
- sprintf (buf, "%.900s/%s", home, dir);
+ if (*home && home[strlen(home) - 1] == '/')
+ sprintf(buf, "%.900s%s", home, dir);
+ else
+ sprintf(buf, "%.900s/%s", home, dir);
} else {
- sprintf(buf, "%.900s", base);
- if (buf[strlen(buf) - 1] == '/')
- buf[strlen(buf) - 1] = 0;
+ sprintf(buf, "%.900s", base);
+ if (buf[strlen(buf) - 1] == '/')
+ buf[strlen(buf) - 1] = 0;
}
-
initted = PR_TRUE;
return buf;
}
@@ -477,9 +477,9 @@ SECU_ConfigDirectory(const char* base)
/* This gets called by SSL when server wants our cert & key */
int
SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
- struct CERTDistNamesStr *caNames,
- struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey)
+ struct CERTDistNamesStr *caNames,
+ struct CERTCertificateStr **pRetCert,
+ struct SECKEYPrivateKeyStr **pRetKey)
{
SECKEYPrivateKey *key;
CERTCertificate *cert;
@@ -503,13 +503,12 @@ SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
return -1;
}
- key = PK11_FindKeyByAnyCert(arg,NULL);
+ key = PK11_FindKeyByAnyCert(arg, NULL);
if (!key) {
fprintf(stderr, "Unable to get key (%d)\n", PORT_GetError());
return -1;
}
-
*pRetCert = cert;
*pRetKey = key;
@@ -518,79 +517,79 @@ SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
SECStatus
SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii,
- PRBool warnOnPrivateKeyInAsciiFile)
+ PRBool warnOnPrivateKeyInAsciiFile)
{
SECStatus rv;
if (ascii) {
- /* First convert ascii to binary */
- SECItem filedata;
- char *asc, *body;
-
- /* Read in ascii data */
- rv = SECU_FileToItem(&filedata, inFile);
- if (rv != SECSuccess)
- return rv;
- asc = (char *)filedata.data;
- if (!asc) {
- fprintf(stderr, "unable to read data from input file\n");
- return SECFailure;
- }
-
- if (warnOnPrivateKeyInAsciiFile && strstr(asc, "PRIVATE KEY")) {
- fprintf(stderr, "Warning: ignoring private key. Consider to use "
- "pk12util.\n");
- }
-
- /* check for headers and trailers and remove them */
- if ((body = strstr(asc, "-----BEGIN")) != NULL) {
- char *trailer = NULL;
- asc = body;
- body = PORT_Strchr(body, '\n');
- if (!body)
- body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
- if (body)
- trailer = strstr(++body, "-----END");
- if (trailer != NULL) {
- *trailer = '\0';
- } else {
- fprintf(stderr, "input has header but no trailer\n");
- PORT_Free(filedata.data);
- return SECFailure;
- }
- } else {
- /* need one additional byte for zero terminator */
- rv = SECITEM_ReallocItemV2(NULL, &filedata, filedata.len+1);
- if (rv != SECSuccess) {
- PORT_Free(filedata.data);
- return rv;
- }
- body = (char*)filedata.data;
- body[filedata.len-1] = '\0';
- }
-
- /* Convert to binary */
- rv = ATOB_ConvertAsciiToItem(der, body);
- if (rv != SECSuccess) {
- fprintf(stderr, "error converting ascii to binary (%s)\n",
- SECU_Strerror(PORT_GetError()));
- PORT_Free(filedata.data);
- return SECFailure;
- }
-
- PORT_Free(filedata.data);
+ /* First convert ascii to binary */
+ SECItem filedata;
+ char *asc, *body;
+
+ /* Read in ascii data */
+ rv = SECU_FileToItem(&filedata, inFile);
+ if (rv != SECSuccess)
+ return rv;
+ asc = (char *)filedata.data;
+ if (!asc) {
+ fprintf(stderr, "unable to read data from input file\n");
+ return SECFailure;
+ }
+
+ if (warnOnPrivateKeyInAsciiFile && strstr(asc, "PRIVATE KEY")) {
+ fprintf(stderr, "Warning: ignoring private key. Consider to use "
+ "pk12util.\n");
+ }
+
+ /* check for headers and trailers and remove them */
+ if ((body = strstr(asc, "-----BEGIN")) != NULL) {
+ char *trailer = NULL;
+ asc = body;
+ body = PORT_Strchr(body, '\n');
+ if (!body)
+ body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
+ if (body)
+ trailer = strstr(++body, "-----END");
+ if (trailer != NULL) {
+ *trailer = '\0';
+ } else {
+ fprintf(stderr, "input has header but no trailer\n");
+ PORT_Free(filedata.data);
+ return SECFailure;
+ }
+ } else {
+ /* need one additional byte for zero terminator */
+ rv = SECITEM_ReallocItemV2(NULL, &filedata, filedata.len + 1);
+ if (rv != SECSuccess) {
+ PORT_Free(filedata.data);
+ return rv;
+ }
+ body = (char *)filedata.data;
+ body[filedata.len - 1] = '\0';
+ }
+
+ /* Convert to binary */
+ rv = ATOB_ConvertAsciiToItem(der, body);
+ if (rv != SECSuccess) {
+ fprintf(stderr, "error converting ascii to binary (%s)\n",
+ SECU_Strerror(PORT_GetError()));
+ PORT_Free(filedata.data);
+ return SECFailure;
+ }
+
+ PORT_Free(filedata.data);
} else {
- /* Read in binary der */
- rv = SECU_FileToItem(der, inFile);
- if (rv != SECSuccess) {
- fprintf(stderr, "error converting der (%s)\n",
- SECU_Strerror(PORT_GetError()));
- return SECFailure;
- }
+ /* Read in binary der */
+ rv = SECU_FileToItem(der, inFile);
+ if (rv != SECSuccess) {
+ fprintf(stderr, "error converting der (%s)\n",
+ SECU_Strerror(PORT_GetError()));
+ return SECFailure;
+ }
}
return SECSuccess;
}
-#define INDENT_MULT 4
+#define INDENT_MULT 4
SECStatus
SECU_StripTagAndLength(SECItem *i)
@@ -605,57 +604,59 @@ SECU_StripTagAndLength(SECItem *i)
return SECFailure;
}
i->data += start;
- i->len -= start;
+ i->len -= start;
return SECSuccess;
}
-
-
static void
-secu_PrintRawStringQuotesOptional(FILE *out, SECItem *si, const char *m,
- int level, PRBool quotes)
+secu_PrintRawStringQuotesOptional(FILE *out, SECItem *si, const char *m,
+ int level, PRBool quotes)
{
int column;
unsigned int i;
- if ( m ) {
- SECU_Indent(out, level); fprintf(out, "%s: ", m);
- column = (level * INDENT_MULT) + strlen(m) + 2;
- level++;
+ if (m) {
+ SECU_Indent(out, level);
+ fprintf(out, "%s: ", m);
+ column = (level * INDENT_MULT) + strlen(m) + 2;
+ level++;
} else {
- SECU_Indent(out, level);
- column = level*INDENT_MULT;
+ SECU_Indent(out, level);
+ column = level * INDENT_MULT;
}
if (quotes) {
- fprintf(out, "\""); column++;
+ fprintf(out, "\"");
+ column++;
}
for (i = 0; i < si->len; i++) {
- unsigned char val = si->data[i];
- unsigned char c;
- if (SECU_GetWrapEnabled() && column > 76) {
- SECU_Newline(out);
- SECU_Indent(out, level); column = level*INDENT_MULT;
- }
-
- if (utf8DisplayEnabled) {
- if (val < 32)
- c = '.';
- else
- c = val;
- } else {
- c = printable[val];
- }
- fprintf(out,"%c", c);
- column++;
+ unsigned char val = si->data[i];
+ unsigned char c;
+ if (SECU_GetWrapEnabled() && column > 76) {
+ SECU_Newline(out);
+ SECU_Indent(out, level);
+ column = level * INDENT_MULT;
+ }
+
+ if (utf8DisplayEnabled) {
+ if (val < 32)
+ c = '.';
+ else
+ c = val;
+ } else {
+ c = printable[val];
+ }
+ fprintf(out, "%c", c);
+ column++;
}
if (quotes) {
- fprintf(out, "\""); column++;
+ fprintf(out, "\"");
+ column++;
}
if (SECU_GetWrapEnabled() &&
- (column != level*INDENT_MULT || column > 76)) {
- SECU_Newline(out);
+ (column != level * INDENT_MULT || column > 76)) {
+ SECU_Newline(out);
}
}
@@ -671,7 +672,7 @@ SECU_PrintString(FILE *out, const SECItem *si, const char *m, int level)
SECItem my = *si;
if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len)
- return;
+ return;
secu_PrintRawString(out, &my, m, level);
}
@@ -680,15 +681,15 @@ static void
secu_PrintBoolean(FILE *out, SECItem *i, const char *m, int level)
{
int val = 0;
-
- if ( i->data && i->len ) {
- val = i->data[0];
+
+ if (i->data && i->len) {
+ val = i->data[0];
}
if (!m) {
- m = "Boolean";
+ m = "Boolean";
}
- SECU_Indent(out, level);
+ SECU_Indent(out, level);
fprintf(out, "%s: %s\n", m, (val ? "True" : "False"));
}
@@ -700,7 +701,7 @@ secu_PrintBoolean(FILE *out, SECItem *i, const char *m, int level)
static void
secu_PrintTime(FILE *out, const PRTime time, const char *m, int level)
{
- PRExplodedTime printableTime;
+ PRExplodedTime printableTime;
char *timeString;
/* Convert to local time */
@@ -708,11 +709,11 @@ secu_PrintTime(FILE *out, const PRTime time, const char *m, int level)
timeString = PORT_Alloc(256);
if (timeString == NULL)
- return;
+ return;
if (m != NULL) {
- SECU_Indent(out, level);
- fprintf(out, "%s: ", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s: ", m);
}
if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) {
@@ -720,7 +721,7 @@ secu_PrintTime(FILE *out, const PRTime time, const char *m, int level)
}
if (m != NULL)
- fprintf(out, "\n");
+ fprintf(out, "\n");
PORT_Free(timeString);
}
@@ -738,7 +739,7 @@ SECU_PrintUTCTime(FILE *out, const SECItem *t, const char *m, int level)
rv = DER_UTCTimeToTime(&time, t);
if (rv != SECSuccess)
- return;
+ return;
secu_PrintTime(out, time, m, level);
}
@@ -754,10 +755,9 @@ SECU_PrintGeneralizedTime(FILE *out, const SECItem *t, const char *m, int level)
PRTime time;
SECStatus rv;
-
rv = DER_GeneralizedTimeToTime(&time, t);
if (rv != SECSuccess)
- return;
+ return;
secu_PrintTime(out, time, m, level);
}
@@ -785,91 +785,91 @@ SECU_PrintTimeChoice(FILE *out, const SECItem *t, const char *m, int level)
}
}
-
/* This prints a SET or SEQUENCE */
static void
SECU_PrintSet(FILE *out, const SECItem *t, const char *m, int level)
{
- int type = t->data[0] & SEC_ASN1_TAGNUM_MASK;
- int constructed = t->data[0] & SEC_ASN1_CONSTRUCTED;
- const char * label;
- SECItem my = *t;
+ int type = t->data[0] & SEC_ASN1_TAGNUM_MASK;
+ int constructed = t->data[0] & SEC_ASN1_CONSTRUCTED;
+ const char *label;
+ SECItem my = *t;
if (!constructed) {
- SECU_PrintAsHex(out, t, m, level);
+ SECU_PrintAsHex(out, t, m, level);
return;
}
if (SECSuccess != SECU_StripTagAndLength(&my))
- return;
+ return;
SECU_Indent(out, level);
if (m) {
- fprintf(out, "%s: ", m);
+ fprintf(out, "%s: ", m);
}
if (type == SEC_ASN1_SET)
- label = "Set ";
+ label = "Set ";
else if (type == SEC_ASN1_SEQUENCE)
- label = "Sequence ";
+ label = "Sequence ";
else
- label = "";
- fprintf(out,"%s{\n", label); /* } */
+ label = "";
+ fprintf(out, "%s{\n", label); /* } */
while (my.len >= 2) {
- SECItem tmp = my;
+ SECItem tmp = my;
if (tmp.data[1] & 0x80) {
- unsigned int i;
- unsigned int lenlen = tmp.data[1] & 0x7f;
- if (lenlen > sizeof tmp.len)
- break;
- tmp.len = 0;
- for (i=0; i < lenlen; i++) {
- tmp.len = (tmp.len << 8) | tmp.data[2+i];
- }
- tmp.len += lenlen + 2;
- } else {
- tmp.len = tmp.data[1] + 2;
- }
- if (tmp.len > my.len) {
- tmp.len = my.len;
- }
- my.data += tmp.len;
- my.len -= tmp.len;
- SECU_PrintAny(out, &tmp, NULL, level + 1);
- }
- SECU_Indent(out, level); fprintf(out, /* { */ "}\n");
+ unsigned int i;
+ unsigned int lenlen = tmp.data[1] & 0x7f;
+ if (lenlen > sizeof tmp.len)
+ break;
+ tmp.len = 0;
+ for (i = 0; i < lenlen; i++) {
+ tmp.len = (tmp.len << 8) | tmp.data[2 + i];
+ }
+ tmp.len += lenlen + 2;
+ } else {
+ tmp.len = tmp.data[1] + 2;
+ }
+ if (tmp.len > my.len) {
+ tmp.len = my.len;
+ }
+ my.data += tmp.len;
+ my.len -= tmp.len;
+ SECU_PrintAny(out, &tmp, NULL, level + 1);
+ }
+ SECU_Indent(out, level);
+ fprintf(out, /* { */ "}\n");
}
static void
secu_PrintContextSpecific(FILE *out, const SECItem *i, const char *m, int level)
{
- int type = i->data[0] & SEC_ASN1_TAGNUM_MASK;
+ int type = i->data[0] & SEC_ASN1_TAGNUM_MASK;
int constructed = i->data[0] & SEC_ASN1_CONSTRUCTED;
SECItem tmp;
if (constructed) {
- char * m2;
- if (!m)
- m2 = PR_smprintf("[%d]", type);
- else
- m2 = PR_smprintf("%s: [%d]", m, type);
- if (m2) {
- SECU_PrintSet(out, i, m2, level);
- PR_smprintf_free(m2);
- }
- return;
+ char *m2;
+ if (!m)
+ m2 = PR_smprintf("[%d]", type);
+ else
+ m2 = PR_smprintf("%s: [%d]", m, type);
+ if (m2) {
+ SECU_PrintSet(out, i, m2, level);
+ PR_smprintf_free(m2);
+ }
+ return;
}
SECU_Indent(out, level);
if (m) {
- fprintf(out, "%s: ", m);
+ fprintf(out, "%s: ", m);
}
- fprintf(out,"[%d]\n", type);
+ fprintf(out, "[%d]\n", type);
tmp = *i;
if (SECSuccess == SECU_StripTagAndLength(&tmp))
- SECU_PrintAsHex(out, &tmp, m, level+1);
+ SECU_PrintAsHex(out, &tmp, m, level + 1);
}
static void
@@ -877,7 +877,7 @@ secu_PrintOctetString(FILE *out, const SECItem *i, const char *m, int level)
{
SECItem tmp = *i;
if (SECSuccess == SECU_StripTagAndLength(&tmp))
- SECU_PrintAsHex(out, &tmp, m, level);
+ SECU_PrintAsHex(out, &tmp, m, level);
}
static void
@@ -887,15 +887,15 @@ secu_PrintBitString(FILE *out, const SECItem *i, const char *m, int level)
SECItem tmp = *i;
if (SECSuccess != SECU_StripTagAndLength(&tmp) || tmp.len < 2)
- return;
+ return;
unused_bits = *tmp.data++;
tmp.len--;
SECU_PrintAsHex(out, &tmp, m, level);
if (unused_bits) {
- SECU_Indent(out, level + 1);
- fprintf(out, "(%d least significant bits unused)\n", unused_bits);
+ SECU_Indent(out, level + 1);
+ fprintf(out, "(%d least significant bits unused)\n", unused_bits);
}
}
@@ -906,68 +906,67 @@ secu_PrintDecodedBitString(FILE *out, const SECItem *i, const char *m, int level
int unused_bits;
SECItem tmp = *i;
-
unused_bits = (tmp.len & 0x7) ? 8 - (tmp.len & 7) : 0;
DER_ConvertBitString(&tmp); /* convert length to byte length */
SECU_PrintAsHex(out, &tmp, m, level);
if (unused_bits) {
- SECU_Indent(out, level + 1);
- fprintf(out, "(%d least significant bits unused)\n", unused_bits);
+ SECU_Indent(out, level + 1);
+ fprintf(out, "(%d least significant bits unused)\n", unused_bits);
}
}
-
/* Print a DER encoded Boolean */
void
SECU_PrintEncodedBoolean(FILE *out, const SECItem *i, const char *m, int level)
{
- SECItem my = *i;
+ SECItem my = *i;
if (SECSuccess == SECU_StripTagAndLength(&my))
- secu_PrintBoolean(out, &my, m, level);
+ secu_PrintBoolean(out, &my, m, level);
}
/* Print a DER encoded integer */
void
SECU_PrintEncodedInteger(FILE *out, const SECItem *i, const char *m, int level)
{
- SECItem my = *i;
+ SECItem my = *i;
if (SECSuccess == SECU_StripTagAndLength(&my))
- SECU_PrintInteger(out, &my, m, level);
+ SECU_PrintInteger(out, &my, m, level);
}
/* Print a DER encoded OID */
void
SECU_PrintEncodedObjectID(FILE *out, const SECItem *i, const char *m, int level)
{
- SECItem my = *i;
+ SECItem my = *i;
if (SECSuccess == SECU_StripTagAndLength(&my))
- SECU_PrintObjectID(out, &my, m, level);
+ SECU_PrintObjectID(out, &my, m, level);
}
static void
secu_PrintBMPString(FILE *out, const SECItem *i, const char *m, int level)
{
- unsigned char * s;
- unsigned char * d;
- int len;
- SECItem tmp = {0, 0, 0};
- SECItem my = *i;
+ unsigned char *s;
+ unsigned char *d;
+ int len;
+ SECItem tmp = { 0, 0, 0 };
+ SECItem my = *i;
if (SECSuccess != SECU_StripTagAndLength(&my))
- goto loser;
- if (my.len % 2)
- goto loser;
+ goto loser;
+ if (my.len % 2)
+ goto loser;
len = (int)(my.len / 2);
tmp.data = (unsigned char *)PORT_Alloc(len);
if (!tmp.data)
- goto loser;
+ goto loser;
tmp.len = len;
- for (s = my.data, d = tmp.data ; len > 0; len--) {
- PRUint32 bmpChar = (s[0] << 8) | s[1]; s += 2;
- if (!isprint(bmpChar))
- goto loser;
- *d++ = (unsigned char)bmpChar;
+ for (s = my.data, d = tmp.data; len > 0; len--) {
+ PRUint32 bmpChar = (s[0] << 8) | s[1];
+ s += 2;
+ if (!isprint(bmpChar))
+ goto loser;
+ *d++ = (unsigned char)bmpChar;
}
secu_PrintRawString(out, &tmp, m, level);
PORT_Free(tmp.data);
@@ -976,33 +975,33 @@ secu_PrintBMPString(FILE *out, const SECItem *i, const char *m, int level)
loser:
SECU_PrintAsHex(out, i, m, level);
if (tmp.data)
- PORT_Free(tmp.data);
+ PORT_Free(tmp.data);
}
static void
secu_PrintUniversalString(FILE *out, const SECItem *i, const char *m, int level)
{
- unsigned char * s;
- unsigned char * d;
- int len;
- SECItem tmp = {0, 0, 0};
- SECItem my = *i;
+ unsigned char *s;
+ unsigned char *d;
+ int len;
+ SECItem tmp = { 0, 0, 0 };
+ SECItem my = *i;
if (SECSuccess != SECU_StripTagAndLength(&my))
- goto loser;
- if (my.len % 4)
- goto loser;
+ goto loser;
+ if (my.len % 4)
+ goto loser;
len = (int)(my.len / 4);
tmp.data = (unsigned char *)PORT_Alloc(len);
if (!tmp.data)
- goto loser;
+ goto loser;
tmp.len = len;
- for (s = my.data, d = tmp.data ; len > 0; len--) {
- PRUint32 bmpChar = (s[0] << 24) | (s[1] << 16) | (s[2] << 8) | s[3];
- s += 4;
- if (!isprint(bmpChar))
- goto loser;
- *d++ = (unsigned char)bmpChar;
+ for (s = my.data, d = tmp.data; len > 0; len--) {
+ PRUint32 bmpChar = (s[0] << 24) | (s[1] << 16) | (s[2] << 8) | s[3];
+ s += 4;
+ if (!isprint(bmpChar))
+ goto loser;
+ *d++ = (unsigned char)bmpChar;
}
secu_PrintRawString(out, &tmp, m, level);
PORT_Free(tmp.data);
@@ -1011,89 +1010,90 @@ secu_PrintUniversalString(FILE *out, const SECItem *i, const char *m, int level)
loser:
SECU_PrintAsHex(out, i, m, level);
if (tmp.data)
- PORT_Free(tmp.data);
+ PORT_Free(tmp.data);
}
static void
secu_PrintUniversal(FILE *out, const SECItem *i, const char *m, int level)
{
- switch (i->data[0] & SEC_ASN1_TAGNUM_MASK) {
- case SEC_ASN1_ENUMERATED:
- case SEC_ASN1_INTEGER:
- SECU_PrintEncodedInteger(out, i, m, level);
- break;
- case SEC_ASN1_OBJECT_ID:
- SECU_PrintEncodedObjectID(out, i, m, level);
- break;
- case SEC_ASN1_BOOLEAN:
- SECU_PrintEncodedBoolean(out, i, m, level);
- break;
- case SEC_ASN1_UTF8_STRING:
- case SEC_ASN1_PRINTABLE_STRING:
- case SEC_ASN1_VISIBLE_STRING:
- case SEC_ASN1_IA5_STRING:
- case SEC_ASN1_T61_STRING:
- SECU_PrintString(out, i, m, level);
- break;
- case SEC_ASN1_GENERALIZED_TIME:
- SECU_PrintGeneralizedTime(out, i, m, level);
- break;
- case SEC_ASN1_UTC_TIME:
- SECU_PrintUTCTime(out, i, m, level);
- break;
- case SEC_ASN1_NULL:
- SECU_Indent(out, level);
- if (m && m[0])
- fprintf(out, "%s: NULL\n", m);
- else
- fprintf(out, "NULL\n");
- break;
- case SEC_ASN1_SET:
- case SEC_ASN1_SEQUENCE:
- SECU_PrintSet(out, i, m, level);
- break;
- case SEC_ASN1_OCTET_STRING:
- secu_PrintOctetString(out, i, m, level);
- break;
- case SEC_ASN1_BIT_STRING:
- secu_PrintBitString(out, i, m, level);
- break;
- case SEC_ASN1_BMP_STRING:
- secu_PrintBMPString(out, i, m, level);
- break;
- case SEC_ASN1_UNIVERSAL_STRING:
- secu_PrintUniversalString(out, i, m, level);
- break;
- default:
- SECU_PrintAsHex(out, i, m, level);
- break;
- }
+ switch (i->data[0] & SEC_ASN1_TAGNUM_MASK) {
+ case SEC_ASN1_ENUMERATED:
+ case SEC_ASN1_INTEGER:
+ SECU_PrintEncodedInteger(out, i, m, level);
+ break;
+ case SEC_ASN1_OBJECT_ID:
+ SECU_PrintEncodedObjectID(out, i, m, level);
+ break;
+ case SEC_ASN1_BOOLEAN:
+ SECU_PrintEncodedBoolean(out, i, m, level);
+ break;
+ case SEC_ASN1_UTF8_STRING:
+ case SEC_ASN1_PRINTABLE_STRING:
+ case SEC_ASN1_VISIBLE_STRING:
+ case SEC_ASN1_IA5_STRING:
+ case SEC_ASN1_T61_STRING:
+ SECU_PrintString(out, i, m, level);
+ break;
+ case SEC_ASN1_GENERALIZED_TIME:
+ SECU_PrintGeneralizedTime(out, i, m, level);
+ break;
+ case SEC_ASN1_UTC_TIME:
+ SECU_PrintUTCTime(out, i, m, level);
+ break;
+ case SEC_ASN1_NULL:
+ SECU_Indent(out, level);
+ if (m && m[0])
+ fprintf(out, "%s: NULL\n", m);
+ else
+ fprintf(out, "NULL\n");
+ break;
+ case SEC_ASN1_SET:
+ case SEC_ASN1_SEQUENCE:
+ SECU_PrintSet(out, i, m, level);
+ break;
+ case SEC_ASN1_OCTET_STRING:
+ secu_PrintOctetString(out, i, m, level);
+ break;
+ case SEC_ASN1_BIT_STRING:
+ secu_PrintBitString(out, i, m, level);
+ break;
+ case SEC_ASN1_BMP_STRING:
+ secu_PrintBMPString(out, i, m, level);
+ break;
+ case SEC_ASN1_UNIVERSAL_STRING:
+ secu_PrintUniversalString(out, i, m, level);
+ break;
+ default:
+ SECU_PrintAsHex(out, i, m, level);
+ break;
+ }
}
void
SECU_PrintAny(FILE *out, const SECItem *i, const char *m, int level)
{
- if ( i && i->len && i->data ) {
- switch (i->data[0] & SEC_ASN1_CLASS_MASK) {
- case SEC_ASN1_CONTEXT_SPECIFIC:
- secu_PrintContextSpecific(out, i, m, level);
- break;
- case SEC_ASN1_UNIVERSAL:
- secu_PrintUniversal(out, i, m, level);
- break;
- default:
- SECU_PrintAsHex(out, i, m, level);
- break;
- }
+ if (i && i->len && i->data) {
+ switch (i->data[0] & SEC_ASN1_CLASS_MASK) {
+ case SEC_ASN1_CONTEXT_SPECIFIC:
+ secu_PrintContextSpecific(out, i, m, level);
+ break;
+ case SEC_ASN1_UNIVERSAL:
+ secu_PrintUniversal(out, i, m, level);
+ break;
+ default:
+ SECU_PrintAsHex(out, i, m, level);
+ break;
+ }
}
}
static int
secu_PrintValidity(FILE *out, CERTValidity *v, char *m, int level)
{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintTimeChoice(out, &v->notBefore, "Not Before", level+1);
- SECU_PrintTimeChoice(out, &v->notAfter, "Not After ", level+1);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ SECU_PrintTimeChoice(out, &v->notBefore, "Not Before", level + 1);
+ SECU_PrintTimeChoice(out, &v->notAfter, "Not After ", level + 1);
return 0;
}
@@ -1102,25 +1102,25 @@ SECOidTag
SECU_PrintObjectID(FILE *out, const SECItem *oid, const char *m, int level)
{
SECOidData *oiddata;
- char * oidString = NULL;
-
+ char *oidString = NULL;
+
oiddata = SECOID_FindOID(oid);
if (oiddata != NULL) {
- const char *name = oiddata->desc;
- SECU_Indent(out, level);
- if (m != NULL)
- fprintf(out, "%s: ", m);
- fprintf(out, "%s\n", name);
- return oiddata->offset;
- }
+ const char *name = oiddata->desc;
+ SECU_Indent(out, level);
+ if (m != NULL)
+ fprintf(out, "%s: ", m);
+ fprintf(out, "%s\n", name);
+ return oiddata->offset;
+ }
oidString = CERT_GetOidString(oid);
if (oidString) {
- SECU_Indent(out, level);
- if (m != NULL)
- fprintf(out, "%s: ", m);
- fprintf(out, "%s\n", oidString);
- PR_smprintf_free(oidString);
- return SEC_OID_UNKNOWN;
+ SECU_Indent(out, level);
+ if (m != NULL)
+ fprintf(out, "%s: ", m);
+ fprintf(out, "%s\n", oidString);
+ PR_smprintf_free(oidString);
+ return SEC_OID_UNKNOWN;
}
SECU_PrintAsHex(out, oid, m, level);
return SEC_OID_UNKNOWN;
@@ -1138,35 +1138,35 @@ SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
/* SECOID_PKCS5_PBKDF2 */
const SEC_ASN1Template secuKDF2Params[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
- { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
- { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
- { SEC_ASN1_INTEGER, offsetof(secuPBEParams, keyLength) },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
+ {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
+ { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
+ { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
+ { SEC_ASN1_INTEGER, offsetof(secuPBEParams, keyLength) },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { 0 }
-};
+ { 0 }
+ };
/* PKCS5v1 & PKCS12 */
const SEC_ASN1Template secuPBEParamsTemp[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
- { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
- { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
- { 0 }
-};
+ {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
+ { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
+ { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
+ { 0 }
+ };
/* SEC_OID_PKCS5_PBES2, SEC_OID_PKCS5_PBMAC1 */
const SEC_ASN1Template secuPBEV2Params[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams)},
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
+ {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, cipherAlg),
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, cipherAlg),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { 0 }
-};
+ { 0 }
+ };
void
secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
@@ -1177,57 +1177,57 @@ secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
SECAlgorithmID maskHashAlg;
if (m) {
- SECU_Indent(out, level);
- fprintf (out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
}
if (!pool) {
- SECU_Indent(out, level);
- fprintf(out, "Out of memory\n");
- return;
+ SECU_Indent(out, level);
+ fprintf(out, "Out of memory\n");
+ return;
}
PORT_Memset(&param, 0, sizeof param);
rv = SEC_QuickDERDecodeItem(pool, &param,
- SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate),
- value);
+ SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate),
+ value);
if (rv == SECSuccess) {
- if (!param.hashAlg) {
- SECU_Indent(out, level+1);
- fprintf(out, "Hash algorithm: default, SHA-1\n");
- } else {
- SECU_PrintObjectID(out, &param.hashAlg->algorithm,
- "Hash algorithm", level+1);
- }
- if (!param.maskAlg) {
- SECU_Indent(out, level+1);
- fprintf(out, "Mask algorithm: default, MGF1\n");
- SECU_Indent(out, level+1);
- fprintf(out, "Mask hash algorithm: default, SHA-1\n");
- } else {
- SECU_PrintObjectID(out, &param.maskAlg->algorithm,
- "Mask algorithm", level+1);
- rv = SEC_QuickDERDecodeItem(pool, &maskHashAlg,
- SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
- &param.maskAlg->parameters);
- if (rv == SECSuccess) {
- SECU_PrintObjectID(out, &maskHashAlg.algorithm,
- "Mask hash algorithm", level+1);
- } else {
- SECU_Indent(out, level+1);
- fprintf(out, "Invalid mask generation algorithm parameters\n");
- }
- }
- if (!param.saltLength.data) {
- SECU_Indent(out, level+1);
- fprintf(out, "Salt length: default, %i (0x%2X)\n", 20, 20);
- } else {
- SECU_PrintInteger(out, &param.saltLength, "Salt Length", level+1);
- }
+ if (!param.hashAlg) {
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Hash algorithm: default, SHA-1\n");
+ } else {
+ SECU_PrintObjectID(out, &param.hashAlg->algorithm,
+ "Hash algorithm", level + 1);
+ }
+ if (!param.maskAlg) {
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Mask algorithm: default, MGF1\n");
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Mask hash algorithm: default, SHA-1\n");
+ } else {
+ SECU_PrintObjectID(out, &param.maskAlg->algorithm,
+ "Mask algorithm", level + 1);
+ rv = SEC_QuickDERDecodeItem(pool, &maskHashAlg,
+ SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
+ &param.maskAlg->parameters);
+ if (rv == SECSuccess) {
+ SECU_PrintObjectID(out, &maskHashAlg.algorithm,
+ "Mask hash algorithm", level + 1);
+ } else {
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Invalid mask generation algorithm parameters\n");
+ }
+ }
+ if (!param.saltLength.data) {
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Salt length: default, %i (0x%2X)\n", 20, 20);
+ } else {
+ SECU_PrintInteger(out, &param.saltLength, "Salt Length", level + 1);
+ }
} else {
- SECU_Indent(out, level+1);
- fprintf(out, "Invalid RSA-PSS parameters\n");
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Invalid RSA-PSS parameters\n");
}
PORT_FreeArena(pool, PR_FALSE);
}
@@ -1240,24 +1240,24 @@ secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
secuPBEParams param;
if (m) {
- SECU_Indent(out, level);
- fprintf (out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
}
if (!pool) {
- SECU_Indent(out, level);
- fprintf(out, "Out of memory\n");
- return;
+ SECU_Indent(out, level);
+ fprintf(out, "Out of memory\n");
+ return;
}
PORT_Memset(&param, 0, sizeof param);
rv = SEC_QuickDERDecodeItem(pool, &param, secuKDF2Params, value);
if (rv == SECSuccess) {
- SECU_PrintAsHex(out, &param.salt, "Salt", level+1);
- SECU_PrintInteger(out, &param.iterationCount, "Iteration Count",
- level+1);
- SECU_PrintInteger(out, &param.keyLength, "Key Length", level+1);
- SECU_PrintAlgorithmID(out, &param.kdfAlg, "KDF algorithm", level+1);
+ SECU_PrintAsHex(out, &param.salt, "Salt", level + 1);
+ SECU_PrintInteger(out, &param.iterationCount, "Iteration Count",
+ level + 1);
+ SECU_PrintInteger(out, &param.keyLength, "Key Length", level + 1);
+ SECU_PrintAlgorithmID(out, &param.kdfAlg, "KDF algorithm", level + 1);
}
PORT_FreeArena(pool, PR_FALSE);
}
@@ -1270,21 +1270,21 @@ secu_PrintPKCS5V2Params(FILE *out, SECItem *value, char *m, int level)
secuPBEParams param;
if (m) {
- SECU_Indent(out, level);
- fprintf (out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
}
if (!pool) {
- SECU_Indent(out, level);
- fprintf(out, "Out of memory\n");
- return;
+ SECU_Indent(out, level);
+ fprintf(out, "Out of memory\n");
+ return;
}
PORT_Memset(&param, 0, sizeof param);
rv = SEC_QuickDERDecodeItem(pool, &param, secuPBEV2Params, value);
if (rv == SECSuccess) {
- SECU_PrintAlgorithmID(out, &param.kdfAlg, "KDF", level+1);
- SECU_PrintAlgorithmID(out, &param.cipherAlg, "Cipher", level+1);
+ SECU_PrintAlgorithmID(out, &param.kdfAlg, "KDF", level + 1);
+ SECU_PrintAlgorithmID(out, &param.cipherAlg, "Cipher", level + 1);
}
PORT_FreeArena(pool, PR_FALSE);
}
@@ -1297,22 +1297,22 @@ secu_PrintPBEParams(FILE *out, SECItem *value, char *m, int level)
secuPBEParams param;
if (m) {
- SECU_Indent(out, level);
- fprintf (out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
}
if (!pool) {
- SECU_Indent(out, level);
- fprintf(out, "Out of memory\n");
- return;
+ SECU_Indent(out, level);
+ fprintf(out, "Out of memory\n");
+ return;
}
PORT_Memset(&param, 0, sizeof(secuPBEParams));
rv = SEC_QuickDERDecodeItem(pool, &param, secuPBEParamsTemp, value);
if (rv == SECSuccess) {
- SECU_PrintAsHex(out, &param.salt, "Salt", level+1);
- SECU_PrintInteger(out, &param.iterationCount, "Iteration Count",
- level+1);
+ SECU_PrintAsHex(out, &param.salt, "Salt", level + 1);
+ SECU_PrintInteger(out, &param.iterationCount, "Iteration Count",
+ level + 1);
}
PORT_FreeArena(pool, PR_FALSE);
}
@@ -1326,35 +1326,35 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level)
algtag = SECOID_GetAlgorithmTag(a);
if (SEC_PKCS5IsAlgorithmPBEAlgTag(algtag)) {
- switch (algtag) {
- case SEC_OID_PKCS5_PBKDF2:
- secu_PrintKDF2Params(out, &a->parameters, "Parameters", level+1);
- break;
- case SEC_OID_PKCS5_PBES2:
- secu_PrintPKCS5V2Params(out, &a->parameters, "Encryption", level+1);
- break;
- case SEC_OID_PKCS5_PBMAC1:
- secu_PrintPKCS5V2Params(out, &a->parameters, "MAC", level+1);
- break;
- default:
- secu_PrintPBEParams(out, &a->parameters, "Parameters", level+1);
- break;
- }
- return;
+ switch (algtag) {
+ case SEC_OID_PKCS5_PBKDF2:
+ secu_PrintKDF2Params(out, &a->parameters, "Parameters", level + 1);
+ break;
+ case SEC_OID_PKCS5_PBES2:
+ secu_PrintPKCS5V2Params(out, &a->parameters, "Encryption", level + 1);
+ break;
+ case SEC_OID_PKCS5_PBMAC1:
+ secu_PrintPKCS5V2Params(out, &a->parameters, "MAC", level + 1);
+ break;
+ default:
+ secu_PrintPBEParams(out, &a->parameters, "Parameters", level + 1);
+ break;
+ }
+ return;
}
if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
- secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1);
- return;
+ secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level + 1);
+ return;
}
- if (a->parameters.len == 0
- || (a->parameters.len == 2
- && PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) {
- /* No arguments or NULL argument */
+ if (a->parameters.len == 0 ||
+ (a->parameters.len == 2 &&
+ PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) {
+ /* No arguments or NULL argument */
} else {
- /* Print args to algorithm */
- SECU_PrintAsHex(out, &a->parameters, "Args", level+1);
+ /* Print args to algorithm */
+ SECU_PrintAsHex(out, &a->parameters, "Args", level + 1);
}
}
@@ -1366,34 +1366,35 @@ secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
char om[100];
if (m) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
}
/*
* Should make this smarter; look at the type field and then decode
* and print the value(s) appropriately!
*/
- SECU_PrintObjectID(out, &(attr->type), "Type", level+1);
+ SECU_PrintObjectID(out, &(attr->type), "Type", level + 1);
if (attr->values != NULL) {
- i = 0;
- while ((value = attr->values[i++]) != NULL) {
- sprintf(om, "Value (%d)%s", i, attr->encoded ? " (encoded)" : "");
- if (attr->encoded || attr->typeTag == NULL) {
- SECU_PrintAny(out, value, om, level+1);
- } else {
- switch (attr->typeTag->offset) {
- default:
- SECU_PrintAsHex(out, value, om, level+1);
- break;
- case SEC_OID_PKCS9_CONTENT_TYPE:
- SECU_PrintObjectID(out, value, om, level+1);
- break;
- case SEC_OID_PKCS9_SIGNING_TIME:
- SECU_PrintTimeChoice(out, value, om, level+1);
- break;
- }
- }
- }
+ i = 0;
+ while ((value = attr->values[i++]) != NULL) {
+ sprintf(om, "Value (%d)%s", i, attr->encoded ? " (encoded)" : "");
+ if (attr->encoded || attr->typeTag == NULL) {
+ SECU_PrintAny(out, value, om, level + 1);
+ } else {
+ switch (attr->typeTag->offset) {
+ default:
+ SECU_PrintAsHex(out, value, om, level + 1);
+ break;
+ case SEC_OID_PKCS9_CONTENT_TYPE:
+ SECU_PrintObjectID(out, value, om, level + 1);
+ break;
+ case SEC_OID_PKCS9_SIGNING_TIME:
+ SECU_PrintTimeChoice(out, value, om, level + 1);
+ break;
+ }
+ }
+ }
}
}
@@ -1401,18 +1402,19 @@ secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
static void
secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
{
- SECItem curveOID = { siBuffer, NULL, 0};
+ SECItem curveOID = { siBuffer, NULL, 0 };
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level + 1);
/* For named curves, the DEREncodedParams field contains an
* ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
*/
if ((pk->u.ec.DEREncodedParams.len > 2) &&
- (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
+ (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
curveOID.len = pk->u.ec.DEREncodedParams.data[1];
- curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
- SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
+ curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
+ SECU_PrintObjectID(out, &curveOID, "Curve", level + 1);
}
}
#endif /* NSS_DISABLE_ECC */
@@ -1420,69 +1422,73 @@ secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
void
SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1);
- SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level + 1);
+ SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level + 1);
if (pk->u.rsa.publicExponent.len == 1 &&
pk->u.rsa.publicExponent.data[0] == 1) {
- SECU_Indent(out, level +1); fprintf(out, "Error: INVALID RSA KEY!\n");
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Error: INVALID RSA KEY!\n");
}
}
void
SECU_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
- SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
- SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
- SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level + 1);
+ SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level + 1);
+ SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level + 1);
+ SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level + 1);
}
static void
secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
- CERTSubjectPublicKeyInfo *i, char *msg, int level)
+ CERTSubjectPublicKeyInfo *i, char *msg, int level)
{
SECKEYPublicKey *pk;
- SECU_Indent(out, level); fprintf(out, "%s:\n", msg);
- SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level+1);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", msg);
+ SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level + 1);
pk = SECKEY_ExtractPublicKey(i);
if (pk) {
- switch (pk->keyType) {
- case rsaKey:
- SECU_PrintRSAPublicKey(out, pk, "RSA Public Key", level +1);
- break;
+ switch (pk->keyType) {
+ case rsaKey:
+ SECU_PrintRSAPublicKey(out, pk, "RSA Public Key", level + 1);
+ break;
- case dsaKey:
- SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
- break;
+ case dsaKey:
+ SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level + 1);
+ break;
#ifndef NSS_DISABLE_ECC
- case ecKey:
- secu_PrintECPublicKey(out, pk, "EC Public Key", level +1);
- break;
+ case ecKey:
+ secu_PrintECPublicKey(out, pk, "EC Public Key", level + 1);
+ break;
#endif
- case dhKey:
- case fortezzaKey:
- case keaKey:
- SECU_Indent(out, level);
- fprintf(out, "unable to format this SPKI algorithm type\n");
- goto loser;
- default:
- SECU_Indent(out, level);
- fprintf(out, "unknown SPKI algorithm type\n");
- goto loser;
- }
- PORT_FreeArena(pk->arena, PR_FALSE);
+ case dhKey:
+ case fortezzaKey:
+ case keaKey:
+ SECU_Indent(out, level);
+ fprintf(out, "unable to format this SPKI algorithm type\n");
+ goto loser;
+ default:
+ SECU_Indent(out, level);
+ fprintf(out, "unknown SPKI algorithm type\n");
+ goto loser;
+ }
+ PORT_FreeArena(pk->arena, PR_FALSE);
} else {
- SECU_PrintErrMsg(out, level, "Error", "Parsing public key");
-loser:
- if (i->subjectPublicKey.data) {
- SECU_PrintAny(out, &i->subjectPublicKey, "Raw", level);
- }
+ SECU_PrintErrMsg(out, level, "Error", "Parsing public key");
+ loser:
+ if (i->subjectPublicKey.data) {
+ SECU_PrintAny(out, &i->subjectPublicKey, "Raw", level);
+ }
}
}
@@ -1491,10 +1497,10 @@ printStringWithoutCRLF(FILE *out, const char *str)
{
const char *c = str;
while (*c) {
- if (*c != '\r' && *c != '\n') {
- fputc(*c, out);
- }
- ++c;
+ if (*c != '\r' && *c != '\n') {
+ fputc(*c, out);
+ }
+ ++c;
}
}
@@ -1507,7 +1513,7 @@ SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m,
int rv = SEC_ERROR_NO_MEMORY;
char *derIssuerB64;
char *derSerialB64;
-
+
if (!arena)
return rv;
@@ -1516,7 +1522,7 @@ SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m,
if (!c)
goto loser;
c->arena = arena;
- rv = SEC_ASN1DecodeItem(arena, c,
+ rv = SEC_ASN1DecodeItem(arena, c,
SEC_ASN1_GET(CERT_CertificateTemplate), der);
if (rv) {
SECU_PrintErrMsg(out, 0, "Error", "Parsing extension");
@@ -1525,45 +1531,45 @@ SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m,
SECU_PrintName(out, &c->subject, "Subject", 0);
if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
- SECU_Newline(out);
+ SECU_Newline(out);
SECU_PrintName(out, &c->issuer, "Issuer", 0);
if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
- SECU_Newline(out);
+ SECU_Newline(out);
SECU_PrintInteger(out, &c->serialNumber, "Serial Number", 0);
-
+
derIssuerB64 = BTOA_ConvertItemToAscii(&c->derIssuer);
derSerialB64 = BTOA_ConvertItemToAscii(&c->serialNumber);
fprintf(out, "Issuer DER Base64:\n");
if (SECU_GetWrapEnabled()) {
- fprintf(out, "%s\n", derIssuerB64);
+ fprintf(out, "%s\n", derIssuerB64);
} else {
- printStringWithoutCRLF(out, derIssuerB64);
- fputs("\n", out);
+ printStringWithoutCRLF(out, derIssuerB64);
+ fputs("\n", out);
}
fprintf(out, "Serial DER Base64:\n");
if (SECU_GetWrapEnabled()) {
- fprintf(out, "%s\n", derSerialB64);
+ fprintf(out, "%s\n", derSerialB64);
} else {
- printStringWithoutCRLF(out, derSerialB64);
- fputs("\n", out);
+ printStringWithoutCRLF(out, derSerialB64);
+ fputs("\n", out);
}
PORT_Free(derIssuerB64);
PORT_Free(derSerialB64);
-
+
fprintf(out, "Serial DER as C source: \n{ %d, \"", c->serialNumber.len);
{
- unsigned int i;
- for (i=0; i < c->serialNumber.len; ++i) {
- unsigned char *chardata = (unsigned char*)(c->serialNumber.data);
- unsigned char c = *(chardata + i);
-
- fprintf(out, "\\x%02x", c);
- }
- fprintf(out, "\" }\n");
+ unsigned int i;
+ for (i = 0; i < c->serialNumber.len; ++i) {
+ unsigned char *chardata = (unsigned char *)(c->serialNumber.data);
+ unsigned char c = *(chardata + i);
+
+ fprintf(out, "\\x%02x", c);
+ }
+ fprintf(out, "\" }\n");
}
loser:
@@ -1580,65 +1586,65 @@ secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level)
char *formattedTime = NULL;
decodedValue.data = NULL;
- rv = SEC_ASN1DecodeItem (NULL, &decodedValue,
- SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
- value);
+ rv = SEC_ASN1DecodeItem(NULL, &decodedValue,
+ SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
+ value);
if (rv == SECSuccess) {
- rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
- if (rv == SECSuccess) {
- formattedTime = CERT_GenTime2FormattedAscii
- (invalidTime, "%a %b %d %H:%M:%S %Y");
- SECU_Indent(out, level +1);
- fprintf (out, "%s: %s\n", msg, formattedTime);
- PORT_Free (formattedTime);
- }
- }
- PORT_Free (decodedValue.data);
+ rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
+ if (rv == SECSuccess) {
+ formattedTime = CERT_GenTime2FormattedAscii(invalidTime, "%a %b %d %H:%M:%S %Y");
+ SECU_Indent(out, level + 1);
+ fprintf(out, "%s: %s\n", msg, formattedTime);
+ PORT_Free(formattedTime);
+ }
+ }
+ PORT_Free(decodedValue.data);
return (rv);
}
static SECStatus
-PrintExtKeyUsageExtension (FILE *out, SECItem *value, char *msg, int level)
+PrintExtKeyUsageExtension(FILE *out, SECItem *value, char *msg, int level)
{
CERTOidSequence *os;
SECItem **op;
os = CERT_DecodeOidSequence(value);
- if( (CERTOidSequence *)NULL == os ) {
- return SECFailure;
+ if ((CERTOidSequence *)NULL == os) {
+ return SECFailure;
}
- for( op = os->oids; *op; op++ ) {
- SECU_PrintObjectID(out, *op, msg, level + 1);
+ for (op = os->oids; *op; op++) {
+ SECU_PrintObjectID(out, *op, msg, level + 1);
}
CERT_DestroyOidSequence(os);
return SECSuccess;
}
static SECStatus
-secu_PrintBasicConstraints(FILE *out, SECItem *value, char *msg, int level) {
+secu_PrintBasicConstraints(FILE *out, SECItem *value, char *msg, int level)
+{
CERTBasicConstraints constraints;
SECStatus rv;
SECU_Indent(out, level);
if (msg) {
- fprintf(out,"%s: ",msg);
- }
- rv = CERT_DecodeBasicConstraintValue(&constraints,value);
+ fprintf(out, "%s: ", msg);
+ }
+ rv = CERT_DecodeBasicConstraintValue(&constraints, value);
if (rv == SECSuccess && constraints.isCA) {
- if (constraints.pathLenConstraint >= 0) {
- fprintf(out,"Is a CA with a maximum path length of %d.\n",
- constraints.pathLenConstraint);
- } else {
- fprintf(out,"Is a CA with no maximum path length.\n");
- }
- } else {
- fprintf(out,"Is not a CA.\n");
+ if (constraints.pathLenConstraint >= 0) {
+ fprintf(out, "Is a CA with a maximum path length of %d.\n",
+ constraints.pathLenConstraint);
+ } else {
+ fprintf(out, "Is a CA with no maximum path length.\n");
+ }
+ } else {
+ fprintf(out, "Is not a CA.\n");
}
return SECSuccess;
}
-static const char * const nsTypeBits[] = {
+static const char *const nsTypeBits[] = {
"SSL Client",
"SSL Server",
"S/MIME",
@@ -1646,46 +1652,45 @@ static const char * const nsTypeBits[] = {
"Reserved",
"SSL CA",
"S/MIME CA",
- "ObjectSigning CA"
+ "ObjectSigning CA"
};
/* NSCertType is merely a bit string whose bits are displayed symbolically */
static SECStatus
-secu_PrintNSCertType(FILE *out, SECItem *value, char *msg, int level)
+secu_PrintNSCertType(FILE *out, SECItem *value, char *msg, int level)
{
- int unused;
- int NS_Type;
- int i;
- int found = 0;
- SECItem my = *value;
+ int unused;
+ int NS_Type;
+ int i;
+ int found = 0;
+ SECItem my = *value;
- if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
+ if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
SECSuccess != SECU_StripTagAndLength(&my)) {
- SECU_PrintAny(out, value, "Data", level);
- return SECSuccess;
+ SECU_PrintAny(out, value, "Data", level);
+ return SECSuccess;
}
- unused = (my.len == 2) ? (my.data[0] & 0x0f) : 0;
+ unused = (my.len == 2) ? (my.data[0] & 0x0f) : 0;
NS_Type = my.data[1] & (0xff << unused);
-
SECU_Indent(out, level);
if (msg) {
- fprintf(out,"%s: ",msg);
+ fprintf(out, "%s: ", msg);
} else {
- fprintf(out,"Netscape Certificate Type: ");
+ fprintf(out, "Netscape Certificate Type: ");
}
- for (i=0; i < 8; i++) {
- if ( (0x80 >> i) & NS_Type) {
- fprintf(out, "%c%s", (found ? ',' : '<'), nsTypeBits[i]);
- found = 1;
- }
+ for (i = 0; i < 8; i++) {
+ if ((0x80 >> i) & NS_Type) {
+ fprintf(out, "%c%s", (found ? ',' : '<'), nsTypeBits[i]);
+ found = 1;
+ }
}
fprintf(out, (found ? ">\n" : "none\n"));
return SECSuccess;
}
-static const char * const usageBits[] = {
+static const char *const usageBits[] = {
"Digital Signature", /* 0x80 */
"Non-Repudiation", /* 0x40 */
"Key Encipherment", /* 0x20 */
@@ -1694,192 +1699,190 @@ static const char * const usageBits[] = {
"Certificate Signing", /* 0x04 */
"CRL Signing", /* 0x02 */
"Encipher Only", /* 0x01 */
- "Decipher Only", /* 0x0080 */
+ "Decipher Only", /* 0x0080 */
NULL
};
/* X509KeyUsage is merely a bit string whose bits are displayed symbolically */
static void
-secu_PrintX509KeyUsage(FILE *out, SECItem *value, char *msg, int level)
+secu_PrintX509KeyUsage(FILE *out, SECItem *value, char *msg, int level)
{
- int unused;
- int usage;
- int i;
- int found = 0;
- SECItem my = *value;
+ int unused;
+ int usage;
+ int i;
+ int found = 0;
+ SECItem my = *value;
- if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
+ if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
SECSuccess != SECU_StripTagAndLength(&my)) {
- SECU_PrintAny(out, value, "Data", level);
- return;
+ SECU_PrintAny(out, value, "Data", level);
+ return;
}
- unused = (my.len >= 2) ? (my.data[0] & 0x0f) : 0;
- usage = (my.len == 2) ? (my.data[1] & (0xff << unused)) << 8
- : (my.data[1] << 8) |
- (my.data[2] & (0xff << unused));
+ unused = (my.len >= 2) ? (my.data[0] & 0x0f) : 0;
+ usage = (my.len == 2) ? (my.data[1] & (0xff << unused)) << 8
+ : (my.data[1] << 8) |
+ (my.data[2] & (0xff << unused));
SECU_Indent(out, level);
fprintf(out, "Usages: ");
- for (i=0; usageBits[i]; i++) {
- if ( (0x8000 >> i) & usage) {
- if (found)
- SECU_Indent(out, level + 2);
- fprintf(out, "%s\n", usageBits[i]);
- found = 1;
- }
+ for (i = 0; usageBits[i]; i++) {
+ if ((0x8000 >> i) & usage) {
+ if (found)
+ SECU_Indent(out, level + 2);
+ fprintf(out, "%s\n", usageBits[i]);
+ found = 1;
+ }
}
if (!found) {
- fprintf(out, "(none)\n");
+ fprintf(out, "(none)\n");
}
}
static void
secu_PrintIPAddress(FILE *out, SECItem *value, char *msg, int level)
{
- PRStatus st;
- PRNetAddr addr;
- char addrBuf[80];
+ PRStatus st;
+ PRNetAddr addr;
+ char addrBuf[80];
memset(&addr, 0, sizeof addr);
if (value->len == 4) {
- addr.inet.family = PR_AF_INET;
- memcpy(&addr.inet.ip, value->data, value->len);
+ addr.inet.family = PR_AF_INET;
+ memcpy(&addr.inet.ip, value->data, value->len);
} else if (value->len == 16) {
- addr.ipv6.family = PR_AF_INET6;
- memcpy(addr.ipv6.ip.pr_s6_addr, value->data, value->len);
- if (PR_IsNetAddrType(&addr, PR_IpAddrV4Mapped)) {
- /* convert to IPv4. */
- addr.inet.family = PR_AF_INET;
- memcpy(&addr.inet.ip, &addr.ipv6.ip.pr_s6_addr[12], 4);
- memset(&addr.inet.pad[0], 0, sizeof addr.inet.pad);
- }
+ addr.ipv6.family = PR_AF_INET6;
+ memcpy(addr.ipv6.ip.pr_s6_addr, value->data, value->len);
+ if (PR_IsNetAddrType(&addr, PR_IpAddrV4Mapped)) {
+ /* convert to IPv4. */
+ addr.inet.family = PR_AF_INET;
+ memcpy(&addr.inet.ip, &addr.ipv6.ip.pr_s6_addr[12], 4);
+ memset(&addr.inet.pad[0], 0, sizeof addr.inet.pad);
+ }
} else {
- goto loser;
+ goto loser;
}
st = PR_NetAddrToString(&addr, addrBuf, sizeof addrBuf);
if (st == PR_SUCCESS) {
- SECU_Indent(out, level);
- fprintf(out, "%s: %s\n", msg, addrBuf);
+ SECU_Indent(out, level);
+ fprintf(out, "%s: %s\n", msg, addrBuf);
} else {
-loser:
- SECU_PrintAsHex(out, value, msg, level);
+ loser:
+ SECU_PrintAsHex(out, value, msg, level);
}
}
-
static void
-secu_PrintGeneralName(FILE *out, CERTGeneralName *gname, char *msg, int level)
+secu_PrintGeneralName(FILE *out, CERTGeneralName *gname, char *msg, int level)
{
char label[40];
if (msg && msg[0]) {
- SECU_Indent(out, level++); fprintf(out, "%s: \n", msg);
+ SECU_Indent(out, level++);
+ fprintf(out, "%s: \n", msg);
}
switch (gname->type) {
- case certOtherName :
- SECU_PrintAny( out, &gname->name.OthName.name, "Other Name", level);
- SECU_PrintObjectID(out, &gname->name.OthName.oid, "OID", level+1);
- break;
- case certDirectoryName :
- SECU_PrintName(out, &gname->name.directoryName, "Directory Name", level);
- break;
- case certRFC822Name :
- secu_PrintRawString( out, &gname->name.other, "RFC822 Name", level);
- break;
- case certDNSName :
- secu_PrintRawString( out, &gname->name.other, "DNS name", level);
- break;
- case certURI :
- secu_PrintRawString( out, &gname->name.other, "URI", level);
- break;
- case certIPAddress :
- secu_PrintIPAddress(out, &gname->name.other, "IP Address", level);
- break;
- case certRegisterID :
- SECU_PrintObjectID( out, &gname->name.other, "Registered ID", level);
- break;
- case certX400Address :
- SECU_PrintAny( out, &gname->name.other, "X400 Address", level);
- break;
- case certEDIPartyName :
- SECU_PrintAny( out, &gname->name.other, "EDI Party", level);
- break;
- default:
- PR_snprintf(label, sizeof label, "unknown type [%d]",
- (int)gname->type - 1);
- SECU_PrintAsHex(out, &gname->name.other, label, level);
- break;
+ case certOtherName:
+ SECU_PrintAny(out, &gname->name.OthName.name, "Other Name", level);
+ SECU_PrintObjectID(out, &gname->name.OthName.oid, "OID", level + 1);
+ break;
+ case certDirectoryName:
+ SECU_PrintName(out, &gname->name.directoryName, "Directory Name", level);
+ break;
+ case certRFC822Name:
+ secu_PrintRawString(out, &gname->name.other, "RFC822 Name", level);
+ break;
+ case certDNSName:
+ secu_PrintRawString(out, &gname->name.other, "DNS name", level);
+ break;
+ case certURI:
+ secu_PrintRawString(out, &gname->name.other, "URI", level);
+ break;
+ case certIPAddress:
+ secu_PrintIPAddress(out, &gname->name.other, "IP Address", level);
+ break;
+ case certRegisterID:
+ SECU_PrintObjectID(out, &gname->name.other, "Registered ID", level);
+ break;
+ case certX400Address:
+ SECU_PrintAny(out, &gname->name.other, "X400 Address", level);
+ break;
+ case certEDIPartyName:
+ SECU_PrintAny(out, &gname->name.other, "EDI Party", level);
+ break;
+ default:
+ PR_snprintf(label, sizeof label, "unknown type [%d]",
+ (int)gname->type - 1);
+ SECU_PrintAsHex(out, &gname->name.other, label, level);
+ break;
}
}
static void
-secu_PrintGeneralNames(FILE *out, CERTGeneralName *gname, char *msg, int level)
+secu_PrintGeneralNames(FILE *out, CERTGeneralName *gname, char *msg, int level)
{
CERTGeneralName *name = gname;
- do {
- secu_PrintGeneralName(out, name, msg, level);
- name = CERT_GetNextGeneralName(name);
+ do {
+ secu_PrintGeneralName(out, name, msg, level);
+ name = CERT_GetNextGeneralName(name);
} while (name && name != gname);
}
-
static void
-secu_PrintAuthKeyIDExtension(FILE *out, SECItem *value, char *msg, int level)
+secu_PrintAuthKeyIDExtension(FILE *out, SECItem *value, char *msg, int level)
{
- CERTAuthKeyID *kid = NULL;
- PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ CERTAuthKeyID *kid = NULL;
+ PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!pool) {
- SECU_PrintError("Error", "Allocating new ArenaPool");
- return;
+ SECU_PrintError("Error", "Allocating new ArenaPool");
+ return;
}
kid = CERT_DecodeAuthKeyID(pool, value);
if (!kid) {
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, value, "Data", level);
+ SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+ SECU_PrintAny(out, value, "Data", level);
} else {
- int keyIDPresent = (kid->keyID.data && kid->keyID.len);
- int issuerPresent = kid->authCertIssuer != NULL;
- int snPresent = (kid->authCertSerialNumber.data &&
- kid->authCertSerialNumber.len);
-
- if (keyIDPresent)
- SECU_PrintAsHex(out, &kid->keyID, "Key ID", level);
- if (issuerPresent)
- secu_PrintGeneralName(out, kid->authCertIssuer, "Issuer", level);
- if (snPresent)
- SECU_PrintInteger(out, &kid->authCertSerialNumber,
- "Serial Number", level);
+ int keyIDPresent = (kid->keyID.data && kid->keyID.len);
+ int issuerPresent = kid->authCertIssuer != NULL;
+ int snPresent = (kid->authCertSerialNumber.data &&
+ kid->authCertSerialNumber.len);
+
+ if (keyIDPresent)
+ SECU_PrintAsHex(out, &kid->keyID, "Key ID", level);
+ if (issuerPresent)
+ secu_PrintGeneralName(out, kid->authCertIssuer, "Issuer", level);
+ if (snPresent)
+ SECU_PrintInteger(out, &kid->authCertSerialNumber,
+ "Serial Number", level);
}
PORT_FreeArena(pool, PR_FALSE);
}
-
static void
secu_PrintAltNameExtension(FILE *out, SECItem *value, char *msg, int level)
{
- CERTGeneralName * nameList;
- CERTGeneralName * current;
- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ CERTGeneralName *nameList;
+ CERTGeneralName *current;
+ PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!pool) {
- SECU_PrintError("Error", "Allocating new ArenaPool");
- return;
+ SECU_PrintError("Error", "Allocating new ArenaPool");
+ return;
}
nameList = current = CERT_DecodeAltNameExtension(pool, value);
if (!current) {
- if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
- /* Decoder found empty sequence, which is invalid. */
- PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
- }
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, value, "Data", level);
+ if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
+ /* Decoder found empty sequence, which is invalid. */
+ PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+ }
+ SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+ SECU_PrintAny(out, value, "Data", level);
} else {
- do {
- secu_PrintGeneralName(out, current, msg, level);
- current = CERT_GetNextGeneralName(current);
- } while (current != nameList);
+ do {
+ secu_PrintGeneralName(out, current, msg, level);
+ current = CERT_GetNextGeneralName(current);
+ } while (current != nameList);
}
PORT_FreeArena(pool, PR_FALSE);
}
@@ -1887,251 +1890,250 @@ secu_PrintAltNameExtension(FILE *out, SECItem *value, char *msg, int level)
static void
secu_PrintCRLDistPtsExtension(FILE *out, SECItem *value, char *msg, int level)
{
- CERTCrlDistributionPoints * dPoints;
- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ CERTCrlDistributionPoints *dPoints;
+ PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!pool) {
- SECU_PrintError("Error", "Allocating new ArenaPool");
- return;
+ SECU_PrintError("Error", "Allocating new ArenaPool");
+ return;
}
dPoints = CERT_DecodeCRLDistributionPoints(pool, value);
if (dPoints && dPoints->distPoints && dPoints->distPoints[0]) {
- CRLDistributionPoint ** pPoints = dPoints->distPoints;
- CRLDistributionPoint * pPoint;
- while (NULL != (pPoint = *pPoints++)) {
- SECU_Indent(out, level); fputs("Distribution point:\n", out);
- if (pPoint->distPointType == generalName &&
- pPoint->distPoint.fullName != NULL) {
- secu_PrintGeneralNames(out, pPoint->distPoint.fullName, NULL,
- level + 1);
- } else if (pPoint->distPointType == relativeDistinguishedName &&
- pPoint->distPoint.relativeName.avas) {
- SECU_PrintRDN(out, &pPoint->distPoint.relativeName, "RDN",
- level + 1);
- } else if (pPoint->derDistPoint.data) {
- SECU_PrintAny(out, &pPoint->derDistPoint, "Point", level + 1);
- }
- if (pPoint->reasons.data) {
- secu_PrintDecodedBitString(out, &pPoint->reasons, "Reasons",
- level + 1);
- }
- if (pPoint->crlIssuer) {
- secu_PrintGeneralName(out, pPoint->crlIssuer, "CRL issuer",
- level + 1);
- }
- }
+ CRLDistributionPoint **pPoints = dPoints->distPoints;
+ CRLDistributionPoint *pPoint;
+ while (NULL != (pPoint = *pPoints++)) {
+ SECU_Indent(out, level);
+ fputs("Distribution point:\n", out);
+ if (pPoint->distPointType == generalName &&
+ pPoint->distPoint.fullName != NULL) {
+ secu_PrintGeneralNames(out, pPoint->distPoint.fullName, NULL,
+ level + 1);
+ } else if (pPoint->distPointType == relativeDistinguishedName &&
+ pPoint->distPoint.relativeName.avas) {
+ SECU_PrintRDN(out, &pPoint->distPoint.relativeName, "RDN",
+ level + 1);
+ } else if (pPoint->derDistPoint.data) {
+ SECU_PrintAny(out, &pPoint->derDistPoint, "Point", level + 1);
+ }
+ if (pPoint->reasons.data) {
+ secu_PrintDecodedBitString(out, &pPoint->reasons, "Reasons",
+ level + 1);
+ }
+ if (pPoint->crlIssuer) {
+ secu_PrintGeneralName(out, pPoint->crlIssuer, "CRL issuer",
+ level + 1);
+ }
+ }
} else {
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, value, "Data", level);
+ SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+ SECU_PrintAny(out, value, "Data", level);
}
PORT_FreeArena(pool, PR_FALSE);
}
-
static void
-secu_PrintNameConstraintSubtree(FILE *out, CERTNameConstraint *value,
+secu_PrintNameConstraintSubtree(FILE *out, CERTNameConstraint *value,
char *msg, int level)
{
CERTNameConstraint *head = value;
- SECU_Indent(out, level); fprintf(out, "%s Subtree:\n", msg);
+ SECU_Indent(out, level);
+ fprintf(out, "%s Subtree:\n", msg);
level++;
do {
- secu_PrintGeneralName(out, &value->name, NULL, level);
- if (value->min.data)
- SECU_PrintInteger(out, &value->min, "Minimum", level+1);
- if (value->max.data)
- SECU_PrintInteger(out, &value->max, "Maximum", level+1);
- value = CERT_GetNextNameConstraint(value);
+ secu_PrintGeneralName(out, &value->name, NULL, level);
+ if (value->min.data)
+ SECU_PrintInteger(out, &value->min, "Minimum", level + 1);
+ if (value->max.data)
+ SECU_PrintInteger(out, &value->max, "Maximum", level + 1);
+ value = CERT_GetNextNameConstraint(value);
} while (value != head);
}
static void
secu_PrintNameConstraintsExtension(FILE *out, SECItem *value, char *msg, int level)
{
- CERTNameConstraints * cnstrnts;
- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ CERTNameConstraints *cnstrnts;
+ PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!pool) {
- SECU_PrintError("Error", "Allocating new ArenaPool");
- return;
+ SECU_PrintError("Error", "Allocating new ArenaPool");
+ return;
}
cnstrnts = CERT_DecodeNameConstraintsExtension(pool, value);
if (!cnstrnts) {
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, value, "Raw", level);
+ SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+ SECU_PrintAny(out, value, "Raw", level);
} else {
- if (cnstrnts->permited)
- secu_PrintNameConstraintSubtree(out, cnstrnts->permited,
- "Permitted", level);
- if (cnstrnts->excluded)
- secu_PrintNameConstraintSubtree(out, cnstrnts->excluded,
- "Excluded", level);
+ if (cnstrnts->permited)
+ secu_PrintNameConstraintSubtree(out, cnstrnts->permited,
+ "Permitted", level);
+ if (cnstrnts->excluded)
+ secu_PrintNameConstraintSubtree(out, cnstrnts->excluded,
+ "Excluded", level);
}
PORT_FreeArena(pool, PR_FALSE);
}
-
static void
secu_PrintAuthorityInfoAcess(FILE *out, SECItem *value, char *msg, int level)
{
CERTAuthInfoAccess **infos = NULL;
- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!pool) {
- SECU_PrintError("Error", "Allocating new ArenaPool");
- return;
+ SECU_PrintError("Error", "Allocating new ArenaPool");
+ return;
}
infos = CERT_DecodeAuthInfoAccessExtension(pool, value);
if (!infos) {
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, value, "Raw", level);
+ SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+ SECU_PrintAny(out, value, "Raw", level);
} else {
- CERTAuthInfoAccess *info;
- while (NULL != (info = *infos++)) {
- if (info->method.data) {
- SECU_PrintObjectID(out, &info->method, "Method", level);
- } else {
- SECU_Indent(out,level);
- fprintf(out, "Error: missing method\n");
- }
- if (info->location) {
- secu_PrintGeneralName(out, info->location, "Location", level);
- } else {
- SECU_PrintAny(out, &info->derLocation, "Location", level);
- }
- }
+ CERTAuthInfoAccess *info;
+ while (NULL != (info = *infos++)) {
+ if (info->method.data) {
+ SECU_PrintObjectID(out, &info->method, "Method", level);
+ } else {
+ SECU_Indent(out, level);
+ fprintf(out, "Error: missing method\n");
+ }
+ if (info->location) {
+ secu_PrintGeneralName(out, info->location, "Location", level);
+ } else {
+ SECU_PrintAny(out, &info->derLocation, "Location", level);
+ }
+ }
}
PORT_FreeArena(pool, PR_FALSE);
}
-
void
SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
- char *msg, int level)
+ char *msg, int level)
{
SECOidTag oidTag;
-
- if ( extensions ) {
- if (msg && *msg) {
- SECU_Indent(out, level++); fprintf(out, "%s:\n", msg);
- }
-
- while ( *extensions ) {
- SECItem *tmpitem;
-
- tmpitem = &(*extensions)->id;
- SECU_PrintObjectID(out, tmpitem, "Name", level);
-
- tmpitem = &(*extensions)->critical;
- if ( tmpitem->len ) {
- secu_PrintBoolean(out, tmpitem, "Critical", level);
- }
-
- oidTag = SECOID_FindOIDTag (&((*extensions)->id));
- tmpitem = &((*extensions)->value);
-
- switch (oidTag) {
- case SEC_OID_X509_INVALID_DATE:
- case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME:
- secu_PrintX509InvalidDate(out, tmpitem, "Date", level );
- break;
- case SEC_OID_X509_CERTIFICATE_POLICIES:
- SECU_PrintPolicy(out, tmpitem, "Data", level );
- break;
- case SEC_OID_NS_CERT_EXT_BASE_URL:
- case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
- case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
- case SEC_OID_NS_CERT_EXT_CA_CRL_URL:
- case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
- case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
- case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
- case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
- case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
- case SEC_OID_OCSP_RESPONDER:
- SECU_PrintString(out,tmpitem, "URL", level);
- break;
- case SEC_OID_NS_CERT_EXT_COMMENT:
- SECU_PrintString(out,tmpitem, "Comment", level);
- break;
- case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
- SECU_PrintString(out,tmpitem, "ServerName", level);
- break;
- case SEC_OID_NS_CERT_EXT_CERT_TYPE:
- secu_PrintNSCertType(out,tmpitem,"Data",level);
- break;
- case SEC_OID_X509_BASIC_CONSTRAINTS:
- secu_PrintBasicConstraints(out,tmpitem,"Data",level);
- break;
- case SEC_OID_X509_EXT_KEY_USAGE:
- PrintExtKeyUsageExtension(out, tmpitem, NULL, level);
- break;
- case SEC_OID_X509_KEY_USAGE:
- secu_PrintX509KeyUsage(out, tmpitem, NULL, level );
- break;
- case SEC_OID_X509_AUTH_KEY_ID:
- secu_PrintAuthKeyIDExtension(out, tmpitem, NULL, level );
- break;
- case SEC_OID_X509_SUBJECT_ALT_NAME:
- case SEC_OID_X509_ISSUER_ALT_NAME:
- secu_PrintAltNameExtension(out, tmpitem, NULL, level );
- break;
- case SEC_OID_X509_CRL_DIST_POINTS:
- secu_PrintCRLDistPtsExtension(out, tmpitem, NULL, level );
- break;
- case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD:
- SECU_PrintPrivKeyUsagePeriodExtension(out, tmpitem, NULL,
- level );
- break;
- case SEC_OID_X509_NAME_CONSTRAINTS:
- secu_PrintNameConstraintsExtension(out, tmpitem, NULL, level);
- break;
- case SEC_OID_X509_AUTH_INFO_ACCESS:
- secu_PrintAuthorityInfoAcess(out, tmpitem, NULL, level);
- break;
-
- case SEC_OID_X509_CRL_NUMBER:
- case SEC_OID_X509_REASON_CODE:
-
- /* PKIX OIDs */
- case SEC_OID_PKIX_OCSP:
- case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
- case SEC_OID_PKIX_OCSP_NONCE:
- case SEC_OID_PKIX_OCSP_CRL:
- case SEC_OID_PKIX_OCSP_RESPONSE:
- case SEC_OID_PKIX_OCSP_NO_CHECK:
- case SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF:
- case SEC_OID_PKIX_OCSP_SERVICE_LOCATOR:
- case SEC_OID_PKIX_REGCTRL_REGTOKEN:
- case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
- case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
- case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
- case SEC_OID_PKIX_REGINFO_UTF8_PAIRS:
- case SEC_OID_PKIX_REGINFO_CERT_REQUEST:
-
- /* Netscape extension OIDs. */
- case SEC_OID_NS_CERT_EXT_NETSCAPE_OK:
- case SEC_OID_NS_CERT_EXT_ISSUER_LOGO:
- case SEC_OID_NS_CERT_EXT_SUBJECT_LOGO:
- case SEC_OID_NS_CERT_EXT_ENTITY_LOGO:
- case SEC_OID_NS_CERT_EXT_USER_PICTURE:
-
- /* x.509 v3 Extensions */
- case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR:
- case SEC_OID_X509_SUBJECT_KEY_ID:
- case SEC_OID_X509_POLICY_MAPPINGS:
- case SEC_OID_X509_POLICY_CONSTRAINTS:
-
-
- default:
- SECU_PrintAny(out, tmpitem, "Data", level);
- break;
- }
-
- SECU_Newline(out);
- extensions++;
- }
+
+ if (extensions) {
+ if (msg && *msg) {
+ SECU_Indent(out, level++);
+ fprintf(out, "%s:\n", msg);
+ }
+
+ while (*extensions) {
+ SECItem *tmpitem;
+
+ tmpitem = &(*extensions)->id;
+ SECU_PrintObjectID(out, tmpitem, "Name", level);
+
+ tmpitem = &(*extensions)->critical;
+ if (tmpitem->len) {
+ secu_PrintBoolean(out, tmpitem, "Critical", level);
+ }
+
+ oidTag = SECOID_FindOIDTag(&((*extensions)->id));
+ tmpitem = &((*extensions)->value);
+
+ switch (oidTag) {
+ case SEC_OID_X509_INVALID_DATE:
+ case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME:
+ secu_PrintX509InvalidDate(out, tmpitem, "Date", level);
+ break;
+ case SEC_OID_X509_CERTIFICATE_POLICIES:
+ SECU_PrintPolicy(out, tmpitem, "Data", level);
+ break;
+ case SEC_OID_NS_CERT_EXT_BASE_URL:
+ case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
+ case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
+ case SEC_OID_NS_CERT_EXT_CA_CRL_URL:
+ case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
+ case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
+ case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
+ case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
+ case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
+ case SEC_OID_OCSP_RESPONDER:
+ SECU_PrintString(out, tmpitem, "URL", level);
+ break;
+ case SEC_OID_NS_CERT_EXT_COMMENT:
+ SECU_PrintString(out, tmpitem, "Comment", level);
+ break;
+ case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
+ SECU_PrintString(out, tmpitem, "ServerName", level);
+ break;
+ case SEC_OID_NS_CERT_EXT_CERT_TYPE:
+ secu_PrintNSCertType(out, tmpitem, "Data", level);
+ break;
+ case SEC_OID_X509_BASIC_CONSTRAINTS:
+ secu_PrintBasicConstraints(out, tmpitem, "Data", level);
+ break;
+ case SEC_OID_X509_EXT_KEY_USAGE:
+ PrintExtKeyUsageExtension(out, tmpitem, NULL, level);
+ break;
+ case SEC_OID_X509_KEY_USAGE:
+ secu_PrintX509KeyUsage(out, tmpitem, NULL, level);
+ break;
+ case SEC_OID_X509_AUTH_KEY_ID:
+ secu_PrintAuthKeyIDExtension(out, tmpitem, NULL, level);
+ break;
+ case SEC_OID_X509_SUBJECT_ALT_NAME:
+ case SEC_OID_X509_ISSUER_ALT_NAME:
+ secu_PrintAltNameExtension(out, tmpitem, NULL, level);
+ break;
+ case SEC_OID_X509_CRL_DIST_POINTS:
+ secu_PrintCRLDistPtsExtension(out, tmpitem, NULL, level);
+ break;
+ case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD:
+ SECU_PrintPrivKeyUsagePeriodExtension(out, tmpitem, NULL,
+ level);
+ break;
+ case SEC_OID_X509_NAME_CONSTRAINTS:
+ secu_PrintNameConstraintsExtension(out, tmpitem, NULL, level);
+ break;
+ case SEC_OID_X509_AUTH_INFO_ACCESS:
+ secu_PrintAuthorityInfoAcess(out, tmpitem, NULL, level);
+ break;
+
+ case SEC_OID_X509_CRL_NUMBER:
+ case SEC_OID_X509_REASON_CODE:
+
+ /* PKIX OIDs */
+ case SEC_OID_PKIX_OCSP:
+ case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
+ case SEC_OID_PKIX_OCSP_NONCE:
+ case SEC_OID_PKIX_OCSP_CRL:
+ case SEC_OID_PKIX_OCSP_RESPONSE:
+ case SEC_OID_PKIX_OCSP_NO_CHECK:
+ case SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF:
+ case SEC_OID_PKIX_OCSP_SERVICE_LOCATOR:
+ case SEC_OID_PKIX_REGCTRL_REGTOKEN:
+ case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
+ case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
+ case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+ case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
+ case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
+ case SEC_OID_PKIX_REGINFO_UTF8_PAIRS:
+ case SEC_OID_PKIX_REGINFO_CERT_REQUEST:
+
+ /* Netscape extension OIDs. */
+ case SEC_OID_NS_CERT_EXT_NETSCAPE_OK:
+ case SEC_OID_NS_CERT_EXT_ISSUER_LOGO:
+ case SEC_OID_NS_CERT_EXT_SUBJECT_LOGO:
+ case SEC_OID_NS_CERT_EXT_ENTITY_LOGO:
+ case SEC_OID_NS_CERT_EXT_USER_PICTURE:
+
+ /* x.509 v3 Extensions */
+ case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR:
+ case SEC_OID_X509_SUBJECT_KEY_ID:
+ case SEC_OID_X509_POLICY_MAPPINGS:
+ case SEC_OID_X509_POLICY_CONSTRAINTS:
+
+ default:
+ SECU_PrintAny(out, tmpitem, "Data", level);
+ break;
+ }
+
+ SECU_Newline(out);
+ extensions++;
+ }
}
}
@@ -2145,38 +2147,39 @@ SECU_PrintRDN(FILE *out, CERTRDN *rdn, const char *msg, int level)
CERTRDN *rdns[2];
name.arena = NULL;
- name.rdns = rdns;
+ name.rdns = rdns;
rdns[0] = rdn;
rdns[1] = NULL;
SECU_PrintName(out, &name, msg, level);
}
void
-SECU_PrintNameQuotesOptional(FILE *out, CERTName *name, const char *msg,
- int level, PRBool quotes)
+SECU_PrintNameQuotesOptional(FILE *out, CERTName *name, const char *msg,
+ int level, PRBool quotes)
{
char *nameStr = NULL;
char *str;
SECItem my;
if (!name) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return;
}
if (!name->rdns || !name->rdns[0]) {
- str = "(empty)";
+ str = "(empty)";
} else {
- str = nameStr = CERT_NameToAscii(name);
+ str = nameStr = CERT_NameToAscii(name);
}
if (!str) {
- str = "!Invalid AVA!";
+ str = "!Invalid AVA!";
}
my.data = (unsigned char *)str;
- my.len = PORT_Strlen(str);
+ my.len = PORT_Strlen(str);
#if 1
secu_PrintRawStringQuotesOptional(out, &my, msg, level, quotes);
#else
- SECU_Indent(out, level); fprintf(out, "%s: ", msg);
+ SECU_Indent(out, level);
+ fprintf(out, "%s: ", msg);
fprintf(out, str);
SECU_Newline(out);
#endif
@@ -2193,26 +2196,26 @@ void
printflags(char *trusts, unsigned int flags)
{
if (flags & CERTDB_VALID_CA)
- if (!(flags & CERTDB_TRUSTED_CA) &&
- !(flags & CERTDB_TRUSTED_CLIENT_CA))
- PORT_Strcat(trusts, "c");
+ if (!(flags & CERTDB_TRUSTED_CA) &&
+ !(flags & CERTDB_TRUSTED_CLIENT_CA))
+ PORT_Strcat(trusts, "c");
if (flags & CERTDB_TERMINAL_RECORD)
- if (!(flags & CERTDB_TRUSTED))
- PORT_Strcat(trusts, "p");
+ if (!(flags & CERTDB_TRUSTED))
+ PORT_Strcat(trusts, "p");
if (flags & CERTDB_TRUSTED_CA)
- PORT_Strcat(trusts, "C");
+ PORT_Strcat(trusts, "C");
if (flags & CERTDB_TRUSTED_CLIENT_CA)
- PORT_Strcat(trusts, "T");
+ PORT_Strcat(trusts, "T");
if (flags & CERTDB_TRUSTED)
- PORT_Strcat(trusts, "P");
+ PORT_Strcat(trusts, "P");
if (flags & CERTDB_USER)
- PORT_Strcat(trusts, "u");
+ PORT_Strcat(trusts, "u");
if (flags & CERTDB_SEND_WARN)
- PORT_Strcat(trusts, "w");
+ PORT_Strcat(trusts, "w");
if (flags & CERTDB_INVISIBLE_CA)
- PORT_Strcat(trusts, "I");
+ PORT_Strcat(trusts, "I");
if (flags & CERTDB_GOVT_APPROVED_CA)
- PORT_Strcat(trusts, "G");
+ PORT_Strcat(trusts, "G");
return;
}
@@ -2221,16 +2224,16 @@ SECStatus
SECU_PrintCertNickname(CERTCertListNode *node, void *data)
{
CERTCertTrust trust;
- CERTCertificate* cert;
+ CERTCertificate *cert;
FILE *out;
char trusts[30];
char *name;
cert = node->cert;
- PORT_Memset (trusts, 0, sizeof (trusts));
+ PORT_Memset(trusts, 0, sizeof(trusts));
out = (FILE *)data;
-
+
name = node->appData;
if (!name || !name[0]) {
name = cert->nickname;
@@ -2249,7 +2252,7 @@ SECU_PrintCertNickname(CERTCertListNode *node, void *data)
PORT_Strcat(trusts, ",");
printflags(trusts, trust.objectSigningFlags);
} else {
- PORT_Memcpy(trusts,",,",3);
+ PORT_Memcpy(trusts, ",,", 3);
}
fprintf(out, "%-60s %-5s\n", name, trusts);
@@ -2263,15 +2266,15 @@ SECU_DecodeAndPrintExtensions(FILE *out, SECItem *any, char *m, int level)
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
int rv = 0;
- if (!arena)
- return SEC_ERROR_NO_MEMORY;
+ if (!arena)
+ return SEC_ERROR_NO_MEMORY;
- rv = SEC_QuickDERDecodeItem(arena, &extensions,
- SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), any);
+ rv = SEC_QuickDERDecodeItem(arena, &extensions,
+ SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), any);
if (!rv)
- SECU_PrintExtensions(out, extensions, m, level);
- else
- SECU_PrintAny(out, any, m, level);
+ SECU_PrintExtensions(out, extensions, m, level);
+ else
+ SECU_PrintAny(out, any, m, level);
PORT_FreeArena(arena, PR_FALSE);
return rv;
}
@@ -2282,11 +2285,12 @@ SECU_PrintSetOfExtensions(FILE *out, SECItem **any, char *m, int level)
{
int rv = 0;
if (m && *m) {
- SECU_Indent(out, level++); fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level++);
+ fprintf(out, "%s:\n", m);
}
while (any && any[0]) {
- rv |= SECU_DecodeAndPrintExtensions(out, any[0], "", level);
- any++;
+ rv |= SECU_DecodeAndPrintExtensions(out, any[0], "", level);
+ any++;
}
return rv;
}
@@ -2297,11 +2301,12 @@ SECU_PrintSetOfAny(FILE *out, SECItem **any, char *m, int level)
{
int rv = 0;
if (m && *m) {
- SECU_Indent(out, level++); fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level++);
+ fprintf(out, "%s:\n", m);
}
while (any && any[0]) {
- SECU_PrintAny(out, any[0], "", level);
- any++;
+ SECU_PrintAny(out, any[0], "", level);
+ any++;
}
return rv;
}
@@ -2313,9 +2318,9 @@ SECU_PrintCertAttribute(FILE *out, CERTAttribute *attr, char *m, int level)
SECOidTag tag;
tag = SECU_PrintObjectID(out, &attr->attrType, "Attribute Type", level);
if (tag == SEC_OID_PKCS9_EXTENSION_REQUEST) {
- rv = SECU_PrintSetOfExtensions(out, attr->attrValue, "Extensions", level);
+ rv = SECU_PrintSetOfExtensions(out, attr->attrValue, "Extensions", level);
} else {
- rv = SECU_PrintSetOfAny(out, attr->attrValue, "Attribute Values", level);
+ rv = SECU_PrintSetOfAny(out, attr->attrValue, "Attribute Values", level);
}
return rv;
}
@@ -2325,42 +2330,43 @@ SECU_PrintCertAttributes(FILE *out, CERTAttribute **attrs, char *m, int level)
{
int rv = 0;
while (attrs[0]) {
- rv |= SECU_PrintCertAttribute(out, attrs[0], m, level+1);
- attrs++;
+ rv |= SECU_PrintCertAttribute(out, attrs[0], m, level + 1);
+ attrs++;
}
return rv;
}
-int /* sometimes a PRErrorCode, other times a SECStatus. Sigh. */
-SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
+int /* sometimes a PRErrorCode, other times a SECStatus. Sigh. */
+ SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
{
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
CERTCertificateRequest *cr;
int rv = SEC_ERROR_NO_MEMORY;
- if (!arena)
- return rv;
+ if (!arena)
+ return rv;
/* Decode certificate request */
cr = PORT_ArenaZNew(arena, CERTCertificateRequest);
if (!cr)
- goto loser;
+ goto loser;
cr->arena = arena;
- rv = SEC_QuickDERDecodeItem(arena, cr,
- SEC_ASN1_GET(CERT_CertificateRequestTemplate), der);
- if (rv)
- goto loser;
+ rv = SEC_QuickDERDecodeItem(arena, cr,
+ SEC_ASN1_GET(CERT_CertificateRequestTemplate), der);
+ if (rv)
+ goto loser;
/* Pretty print it out */
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &cr->version, "Version", level+1);
- SECU_PrintName(out, &cr->subject, "Subject", level+1);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ SECU_PrintInteger(out, &cr->version, "Version", level + 1);
+ SECU_PrintName(out, &cr->subject, "Subject", level + 1);
if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
- SECU_Newline(out);
+ SECU_Newline(out);
secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo,
- "Subject Public Key Info", level+1);
+ "Subject Public Key Info", level + 1);
if (cr->attributes)
- SECU_PrintCertAttributes(out, cr->attributes, "Attributes", level+1);
+ SECU_PrintCertAttributes(out, cr->attributes, "Attributes", level + 1);
rv = 0;
loser:
PORT_FreeArena(arena, PR_FALSE);
@@ -2374,44 +2380,46 @@ SECU_PrintCertificate(FILE *out, const SECItem *der, const char *m, int level)
CERTCertificate *c;
int rv = SEC_ERROR_NO_MEMORY;
int iv;
-
+
if (!arena)
- return rv;
+ return rv;
/* Decode certificate */
c = PORT_ArenaZNew(arena, CERTCertificate);
if (!c)
- goto loser;
+ goto loser;
c->arena = arena;
- rv = SEC_ASN1DecodeItem(arena, c,
+ rv = SEC_ASN1DecodeItem(arena, c,
SEC_ASN1_GET(CERT_CertificateTemplate), der);
if (rv) {
- SECU_Indent(out, level);
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, der, "Raw", level);
- goto loser;
+ SECU_Indent(out, level);
+ SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+ SECU_PrintAny(out, der, "Raw", level);
+ goto loser;
}
/* Pretty print it out */
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- iv = c->version.len ? DER_GetInteger(&c->version) : 0; /* version is optional */
- SECU_Indent(out, level+1); fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ iv = c->version.len ? DER_GetInteger(&c->version) : 0; /* version is optional */
+ SECU_Indent(out, level + 1);
+ fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
- SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1);
- SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1);
- SECU_PrintName(out, &c->issuer, "Issuer", level+1);
+ SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level + 1);
+ SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level + 1);
+ SECU_PrintName(out, &c->issuer, "Issuer", level + 1);
if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
- SECU_Newline(out);
- secu_PrintValidity(out, &c->validity, "Validity", level+1);
- SECU_PrintName(out, &c->subject, "Subject", level+1);
+ SECU_Newline(out);
+ secu_PrintValidity(out, &c->validity, "Validity", level + 1);
+ SECU_PrintName(out, &c->subject, "Subject", level + 1);
if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
- SECU_Newline(out);
+ SECU_Newline(out);
secu_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo,
- "Subject Public Key Info", level+1);
- if (c->issuerID.data)
- secu_PrintDecodedBitString(out, &c->issuerID, "Issuer Unique ID", level+1);
- if (c->subjectID.data)
- secu_PrintDecodedBitString(out, &c->subjectID, "Subject Unique ID", level+1);
- SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level+1);
+ "Subject Public Key Info", level + 1);
+ if (c->issuerID.data)
+ secu_PrintDecodedBitString(out, &c->issuerID, "Issuer Unique ID", level + 1);
+ if (c->subjectID.data)
+ secu_PrintDecodedBitString(out, &c->subjectID, "Subject Unique ID", level + 1);
+ SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level + 1);
loser:
PORT_FreeArena(arena, PR_FALSE);
return rv;
@@ -2423,34 +2431,35 @@ SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, int
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
CERTCertificate *c;
int rv = SEC_ERROR_NO_MEMORY;
-
+
if (!arena)
- return rv;
+ return rv;
/* Decode certificate */
c = PORT_ArenaZNew(arena, CERTCertificate);
if (!c)
- goto loser;
+ goto loser;
c->arena = arena;
- rv = SEC_ASN1DecodeItem(arena, c,
+ rv = SEC_ASN1DecodeItem(arena, c,
SEC_ASN1_GET(CERT_CertificateTemplate), der);
if (rv) {
- SECU_Indent(out, level);
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, der, "Raw", level);
- goto loser;
+ SECU_Indent(out, level);
+ SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+ SECU_PrintAny(out, der, "Raw", level);
+ goto loser;
}
/* Pretty print it out */
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1);
- SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1);
- SECU_PrintName(out, &c->issuer, "Issuer", level+1);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level + 1);
+ SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level + 1);
+ SECU_PrintName(out, &c->issuer, "Issuer", level + 1);
if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
- SECU_Newline(out);
- secu_PrintValidity(out, &c->validity, "Validity", level+1);
- SECU_PrintName(out, &c->subject, "Subject", level+1);
+ SECU_Newline(out);
+ secu_PrintValidity(out, &c->validity, "Validity", level + 1);
+ SECU_PrintName(out, &c->subject, "Subject", level + 1);
if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
- SECU_Newline(out);
+ SECU_Newline(out);
loser:
PORT_FreeArena(arena, PR_FALSE);
return rv;
@@ -2460,22 +2469,23 @@ int
SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m, int level)
{
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- int rv = SEC_ERROR_NO_MEMORY;
+ int rv = SEC_ERROR_NO_MEMORY;
CERTSubjectPublicKeyInfo spki;
if (!arena)
- return rv;
+ return rv;
PORT_Memset(&spki, 0, sizeof spki);
- rv = SEC_ASN1DecodeItem(arena, &spki,
- SEC_ASN1_GET(CERT_SubjectPublicKeyInfoTemplate),
- der);
+ rv = SEC_ASN1DecodeItem(arena, &spki,
+ SEC_ASN1_GET(CERT_SubjectPublicKeyInfoTemplate),
+ der);
if (!rv) {
- if (m && *m) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- }
- secu_PrintSubjectPublicKeyInfo(out, arena, &spki,
- "Subject Public Key Info", level+1);
+ if (m && *m) {
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ }
+ secu_PrintSubjectPublicKeyInfo(out, arena, &spki,
+ "Subject Public Key Info", level + 1);
}
PORT_FreeArena(arena, PR_FALSE);
@@ -2491,19 +2501,20 @@ SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level)
int rv = SEC_ERROR_NO_MEMORY;
if (!arena)
- return rv;
+ return rv;
PORT_Memset(&key, 0, sizeof(key));
- rv = SEC_ASN1DecodeItem(arena, &key,
- SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), der);
+ rv = SEC_ASN1DecodeItem(arena, &key,
+ SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), der);
if (rv)
- goto loser;
+ goto loser;
/* Pretty print it out */
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintAlgorithmID(out, &key.algorithm, "Encryption Algorithm",
- level+1);
- SECU_PrintAsHex(out, &key.encryptedData, "Encrypted Data", level+1);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ SECU_PrintAlgorithmID(out, &key.algorithm, "Encryption Algorithm",
+ level + 1);
+ SECU_PrintAsHex(out, &key.encryptedData, "Encrypted Data", level + 1);
loser:
PORT_FreeArena(arena, PR_TRUE);
return rv;
@@ -2515,7 +2526,7 @@ SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level)
{
unsigned char fingerprint[SHA256_LENGTH];
char *fpStr = NULL;
- int err = PORT_GetError();
+ int err = PORT_GetError();
SECStatus rv;
SECItem fpItem;
@@ -2525,43 +2536,43 @@ SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level)
fpItem.data = fingerprint;
fpItem.len = SHA256_LENGTH;
fpStr = CERT_Hexify(&fpItem, 1);
- SECU_Indent(out, level); fprintf(out, "%s (SHA-256):", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s (SHA-256):", m);
if (SECU_GetWrapEnabled()) {
- fprintf(out, "\n");
- SECU_Indent(out, level+1);
- }
- else {
- fprintf(out, " ");
+ fprintf(out, "\n");
+ SECU_Indent(out, level + 1);
+ } else {
+ fprintf(out, " ");
}
fprintf(out, "%s\n", fpStr);
PORT_Free(fpStr);
fpStr = NULL;
if (rv != SECSuccess && !err)
- err = PORT_GetError();
+ err = PORT_GetError();
/* print SHA1 fingerprint */
memset(fingerprint, 0, sizeof fingerprint);
- rv = PK11_HashBuf(SEC_OID_SHA1,fingerprint, derCert->data, derCert->len);
+ rv = PK11_HashBuf(SEC_OID_SHA1, fingerprint, derCert->data, derCert->len);
fpItem.data = fingerprint;
fpItem.len = SHA1_LENGTH;
fpStr = CERT_Hexify(&fpItem, 1);
- SECU_Indent(out, level); fprintf(out, "%s (SHA1):", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s (SHA1):", m);
if (SECU_GetWrapEnabled()) {
- fprintf(out, "\n");
- SECU_Indent(out, level+1);
- }
- else {
- fprintf(out, " ");
+ fprintf(out, "\n");
+ SECU_Indent(out, level + 1);
+ } else {
+ fprintf(out, " ");
}
fprintf(out, "%s\n", fpStr);
PORT_Free(fpStr);
if (SECU_GetWrapEnabled())
- fprintf(out, "\n");
+ fprintf(out, "\n");
- if (err)
- PORT_SetError(err);
+ if (err)
+ PORT_SetError(err);
if (err || rv != SECSuccess)
- return SECFailure;
+ return SECFailure;
return 0;
}
@@ -2579,22 +2590,22 @@ secu_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *, int);
** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it)
*/
static void
-secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
- char *m, int level)
+secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
+ char *m, int level)
{
if (src->contentTypeTag == NULL)
- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
+ src->contentTypeTag = SECOID_FindOID(&(src->contentType));
SECU_Indent(out, level);
fprintf(out, "%s:\n", m);
- SECU_Indent(out, level + 1);
+ SECU_Indent(out, level + 1);
fprintf(out, "Content Type: %s\n",
- (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
- : "Unknown");
+ (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
+ : "Unknown");
SECU_PrintAlgorithmID(out, &(src->contentEncAlg),
- "Content Encryption Algorithm", level+1);
- SECU_PrintAsHex(out, &(src->encContent),
- "Encrypted Content", level+1);
+ "Content Encryption Algorithm", level + 1);
+ SECU_PrintAsHex(out, &(src->encContent),
+ "Encrypted Content", level + 1);
}
/*
@@ -2602,24 +2613,25 @@ secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
** Prints a PKCS7RecipientInfo type
*/
static void
-secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m,
- int level)
+secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m,
+ int level)
{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(info->version), "Version", level + 1);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ SECU_PrintInteger(out, &(info->version), "Version", level + 1);
- SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
- level + 1);
- SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
- "Serial Number", level + 1);
+ SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
+ level + 1);
+ SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
+ "Serial Number", level + 1);
/* Parse and display encrypted key */
- SECU_PrintAlgorithmID(out, &(info->keyEncAlg),
- "Key Encryption Algorithm", level + 1);
+ SECU_PrintAlgorithmID(out, &(info->keyEncAlg),
+ "Key Encryption Algorithm", level + 1);
SECU_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1);
}
-/*
+/*
** secu_PrintSignerInfo
** Prints a PKCS7SingerInfo type
*/
@@ -2629,41 +2641,42 @@ secu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m, int level)
SEC_PKCS7Attribute *attr;
int iv;
char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(info->version), "Version", level + 1);
-
- SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
- level + 1);
- SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
- "Serial Number", level + 1);
-
+
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ SECU_PrintInteger(out, &(info->version), "Version", level + 1);
+
+ SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
+ level + 1);
+ SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
+ "Serial Number", level + 1);
+
SECU_PrintAlgorithmID(out, &(info->digestAlg), "Digest Algorithm",
- level + 1);
-
+ level + 1);
+
if (info->authAttr != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Authenticated Attributes:\n");
- iv = 0;
- while ((attr = info->authAttr[iv++]) != NULL) {
- sprintf(om, "Attribute (%d)", iv);
- secu_PrintAttribute(out, attr, om, level + 2);
- }
- }
-
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Authenticated Attributes:\n");
+ iv = 0;
+ while ((attr = info->authAttr[iv++]) != NULL) {
+ sprintf(om, "Attribute (%d)", iv);
+ secu_PrintAttribute(out, attr, om, level + 2);
+ }
+ }
+
/* Parse and display signature */
- SECU_PrintAlgorithmID(out, &(info->digestEncAlg),
- "Digest Encryption Algorithm", level + 1);
+ SECU_PrintAlgorithmID(out, &(info->digestEncAlg),
+ "Digest Encryption Algorithm", level + 1);
SECU_PrintAsHex(out, &(info->encDigest), "Encrypted Digest", level + 1);
-
+
if (info->unAuthAttr != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Unauthenticated Attributes:\n");
- iv = 0;
- while ((attr = info->unAuthAttr[iv++]) != NULL) {
- sprintf(om, "Attribute (%x)", iv);
- secu_PrintAttribute(out, attr, om, level + 2);
- }
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Unauthenticated Attributes:\n");
+ iv = 0;
+ while ((attr = info->unAuthAttr[iv++]) != NULL) {
+ sprintf(om, "Attribute (%x)", iv);
+ secu_PrintAttribute(out, attr, om, level + 2);
+ }
}
}
@@ -2678,31 +2691,33 @@ SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level)
CERTCrlEntry *entry;
int iv;
char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
/* version is optional */
- iv = crl->version.len ? DER_GetInteger(&crl->version) : 0;
- SECU_Indent(out, level+1);
- fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
+ iv = crl->version.len ? DER_GetInteger(&crl->version) : 0;
+ SECU_Indent(out, level + 1);
+ fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
SECU_PrintAlgorithmID(out, &(crl->signatureAlg), "Signature Algorithm",
- level + 1);
+ level + 1);
SECU_PrintName(out, &(crl->name), "Issuer", level + 1);
SECU_PrintTimeChoice(out, &(crl->lastUpdate), "This Update", level + 1);
if (crl->nextUpdate.data && crl->nextUpdate.len) /* is optional */
- SECU_PrintTimeChoice(out, &(crl->nextUpdate), "Next Update", level + 1);
-
+ SECU_PrintTimeChoice(out, &(crl->nextUpdate), "Next Update", level + 1);
+
if (crl->entries != NULL) {
- iv = 0;
- while ((entry = crl->entries[iv++]) != NULL) {
- sprintf(om, "Entry %d (0x%x):\n", iv, iv);
- SECU_Indent(out, level + 1); fputs(om, out);
- SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number",
- level + 2);
- SECU_PrintTimeChoice(out, &(entry->revocationDate),
- "Revocation Date", level + 2);
- SECU_PrintExtensions(out, entry->extensions,
- "Entry Extensions", level + 2);
- }
+ iv = 0;
+ while ((entry = crl->entries[iv++]) != NULL) {
+ sprintf(om, "Entry %d (0x%x):\n", iv, iv);
+ SECU_Indent(out, level + 1);
+ fputs(om, out);
+ SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number",
+ level + 2);
+ SECU_PrintTimeChoice(out, &(entry->revocationDate),
+ "Revocation Date", level + 2);
+ SECU_PrintExtensions(out, entry->extensions,
+ "Entry Extensions", level + 2);
+ }
}
SECU_PrintExtensions(out, crl->extensions, "CRL Extensions", level + 1);
}
@@ -2713,75 +2728,79 @@ SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level)
*/
static int
secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src,
- const char *m, int level)
+ const char *m, int level)
{
- SECAlgorithmID *digAlg; /* digest algorithms */
- SECItem *aCert; /* certificate */
- CERTSignedCrl *aCrl; /* certificate revocation list */
- SEC_PKCS7SignerInfo *sigInfo; /* signer information */
+ SECAlgorithmID *digAlg; /* digest algorithms */
+ SECItem *aCert; /* certificate */
+ CERTSignedCrl *aCrl; /* certificate revocation list */
+ SEC_PKCS7SignerInfo *sigInfo; /* signer information */
int rv, iv;
char om[100];
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
SECU_PrintInteger(out, &(src->version), "Version", level + 1);
/* Parse and list digest algorithms (if any) */
if (src->digestAlgorithms != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
- iv = 0;
- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
- sprintf(om, "Digest Algorithm (%x)", iv);
- SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
- }
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Digest Algorithm List:\n");
+ iv = 0;
+ while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
+ sprintf(om, "Digest Algorithm (%x)", iv);
+ SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
+ }
}
/* Now for the content */
- rv = secu_PrintPKCS7ContentInfo(out, &(src->contentInfo),
- "Content Information", level + 1);
+ rv = secu_PrintPKCS7ContentInfo(out, &(src->contentInfo),
+ "Content Information", level + 1);
if (rv != 0)
- return rv;
+ return rv;
/* Parse and list certificates (if any) */
if (src->rawCerts != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
- iv = 0;
- while ((aCert = src->rawCerts[iv++]) != NULL) {
- sprintf(om, "Certificate (%x)", iv);
- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
- (SECU_PPFunc)SECU_PrintCertificate);
- if (rv)
- return rv;
- }
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Certificate List:\n");
+ iv = 0;
+ while ((aCert = src->rawCerts[iv++]) != NULL) {
+ sprintf(om, "Certificate (%x)", iv);
+ rv = SECU_PrintSignedData(out, aCert, om, level + 2,
+ (SECU_PPFunc)SECU_PrintCertificate);
+ if (rv)
+ return rv;
+ }
}
/* Parse and list CRL's (if any) */
if (src->crls != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signed Revocation Lists:\n");
- iv = 0;
- while ((aCrl = src->crls[iv++]) != NULL) {
- sprintf(om, "Signed Revocation List (%x)", iv);
- SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om);
- SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
- "Signature Algorithm", level+3);
- DER_ConvertBitString(&aCrl->signatureWrap.signature);
- SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
- level+3);
- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
- level + 3);
- }
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Signed Revocation Lists:\n");
+ iv = 0;
+ while ((aCrl = src->crls[iv++]) != NULL) {
+ sprintf(om, "Signed Revocation List (%x)", iv);
+ SECU_Indent(out, level + 2);
+ fprintf(out, "%s:\n", om);
+ SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
+ "Signature Algorithm", level + 3);
+ DER_ConvertBitString(&aCrl->signatureWrap.signature);
+ SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
+ level + 3);
+ SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
+ level + 3);
+ }
}
/* Parse and list signatures (if any) */
if (src->signerInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signer Information List:\n");
- iv = 0;
- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
- sprintf(om, "Signer Information (%x)", iv);
- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
- }
- }
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Signer Information List:\n");
+ iv = 0;
+ while ((sigInfo = src->signerInfos[iv++]) != NULL) {
+ sprintf(om, "Signer Information (%x)", iv);
+ secu_PrintSignerInfo(out, sigInfo, om, level + 2);
+ }
+ }
return 0;
}
@@ -2792,28 +2811,29 @@ secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src,
*/
static void
secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
- const char *m, int level)
+ const char *m, int level)
{
- SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */
+ SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */
int iv;
char om[100];
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
SECU_PrintInteger(out, &(src->version), "Version", level + 1);
/* Parse and list recipients (this is not optional) */
if (src->recipientInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Recipient Information List:\n");
- iv = 0;
- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
- sprintf(om, "Recipient Information (%x)", iv);
- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
- }
- }
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Recipient Information List:\n");
+ iv = 0;
+ while ((recInfo = src->recipientInfos[iv++]) != NULL) {
+ sprintf(om, "Recipient Information (%x)", iv);
+ secu_PrintRecipientInfo(out, recInfo, om, level + 2);
+ }
+ }
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
+ secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+ "Encrypted Content Information", level + 1);
}
/*
@@ -2822,127 +2842,131 @@ secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
*/
static int
secu_PrintPKCS7SignedAndEnveloped(FILE *out,
- SEC_PKCS7SignedAndEnvelopedData *src,
- const char *m, int level)
+ SEC_PKCS7SignedAndEnvelopedData *src,
+ const char *m, int level)
{
- SECAlgorithmID *digAlg; /* pointer for digest algorithms */
- SECItem *aCert; /* pointer for certificate */
- CERTSignedCrl *aCrl; /* pointer for certificate revocation list */
- SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */
+ SECAlgorithmID *digAlg; /* pointer for digest algorithms */
+ SECItem *aCert; /* pointer for certificate */
+ CERTSignedCrl *aCrl; /* pointer for certificate revocation list */
+ SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */
SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */
int rv, iv;
char om[100];
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
SECU_PrintInteger(out, &(src->version), "Version", level + 1);
/* Parse and list recipients (this is not optional) */
if (src->recipientInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Recipient Information List:\n");
- iv = 0;
- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
- sprintf(om, "Recipient Information (%x)", iv);
- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
- }
- }
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Recipient Information List:\n");
+ iv = 0;
+ while ((recInfo = src->recipientInfos[iv++]) != NULL) {
+ sprintf(om, "Recipient Information (%x)", iv);
+ secu_PrintRecipientInfo(out, recInfo, om, level + 2);
+ }
+ }
/* Parse and list digest algorithms (if any) */
if (src->digestAlgorithms != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
- iv = 0;
- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
- sprintf(om, "Digest Algorithm (%x)", iv);
- SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
- }
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Digest Algorithm List:\n");
+ iv = 0;
+ while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
+ sprintf(om, "Digest Algorithm (%x)", iv);
+ SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
+ }
}
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
+ secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+ "Encrypted Content Information", level + 1);
/* Parse and list certificates (if any) */
if (src->rawCerts != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
- iv = 0;
- while ((aCert = src->rawCerts[iv++]) != NULL) {
- sprintf(om, "Certificate (%x)", iv);
- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
- (SECU_PPFunc)SECU_PrintCertificate);
- if (rv)
- return rv;
- }
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Certificate List:\n");
+ iv = 0;
+ while ((aCert = src->rawCerts[iv++]) != NULL) {
+ sprintf(om, "Certificate (%x)", iv);
+ rv = SECU_PrintSignedData(out, aCert, om, level + 2,
+ (SECU_PPFunc)SECU_PrintCertificate);
+ if (rv)
+ return rv;
+ }
}
/* Parse and list CRL's (if any) */
if (src->crls != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signed Revocation Lists:\n");
- iv = 0;
- while ((aCrl = src->crls[iv++]) != NULL) {
- sprintf(om, "Signed Revocation List (%x)", iv);
- SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om);
- SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
- "Signature Algorithm", level+3);
- DER_ConvertBitString(&aCrl->signatureWrap.signature);
- SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
- level+3);
- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
- level + 3);
- }
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Signed Revocation Lists:\n");
+ iv = 0;
+ while ((aCrl = src->crls[iv++]) != NULL) {
+ sprintf(om, "Signed Revocation List (%x)", iv);
+ SECU_Indent(out, level + 2);
+ fprintf(out, "%s:\n", om);
+ SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
+ "Signature Algorithm", level + 3);
+ DER_ConvertBitString(&aCrl->signatureWrap.signature);
+ SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
+ level + 3);
+ SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
+ level + 3);
+ }
}
/* Parse and list signatures (if any) */
if (src->signerInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signer Information List:\n");
- iv = 0;
- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
- sprintf(om, "Signer Information (%x)", iv);
- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
- }
- }
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Signer Information List:\n");
+ iv = 0;
+ while ((sigInfo = src->signerInfos[iv++]) != NULL) {
+ sprintf(om, "Signer Information (%x)", iv);
+ secu_PrintSignerInfo(out, sigInfo, om, level + 2);
+ }
+ }
return 0;
}
int
-SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level)
+SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level)
{
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
CERTCrl *c = NULL;
int rv = SEC_ERROR_NO_MEMORY;
if (!arena)
- return rv;
+ return rv;
do {
- /* Decode CRL */
- c = PORT_ArenaZNew(arena, CERTCrl);
- if (!c)
- break;
-
- rv = SEC_QuickDERDecodeItem(arena, c, SEC_ASN1_GET(CERT_CrlTemplate), der);
- if (rv != SECSuccess)
- break;
- SECU_PrintCRLInfo (out, c, m, level);
+ /* Decode CRL */
+ c = PORT_ArenaZNew(arena, CERTCrl);
+ if (!c)
+ break;
+
+ rv = SEC_QuickDERDecodeItem(arena, c, SEC_ASN1_GET(CERT_CrlTemplate), der);
+ if (rv != SECSuccess)
+ break;
+ SECU_PrintCRLInfo(out, c, m, level);
} while (0);
- PORT_FreeArena (arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
return rv;
}
-
/*
** secu_PrintPKCS7Encrypted
** Pretty print a PKCS7 encrypted data type (up to version 1).
*/
static void
secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src,
- const char *m, int level)
+ const char *m, int level)
{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
SECU_PrintInteger(out, &(src->version), "Version", level + 1);
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
+ secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+ "Encrypted Content Information", level + 1);
}
/*
@@ -2951,79 +2975,83 @@ secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src,
*/
static void
secu_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src,
- const char *m, int level)
+ const char *m, int level)
{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
SECU_PrintInteger(out, &(src->version), "Version", level + 1);
-
+
SECU_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm",
- level + 1);
+ level + 1);
secu_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information",
- level + 1);
- SECU_PrintAsHex(out, &src->digest, "Digest", level + 1);
+ level + 1);
+ SECU_PrintAsHex(out, &src->digest, "Digest", level + 1);
}
/*
** secu_PrintPKCS7ContentInfo
-** Takes a SEC_PKCS7ContentInfo type and sends the contents to the
+** Takes a SEC_PKCS7ContentInfo type and sends the contents to the
** appropriate function
*/
static int
secu_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src,
- char *m, int level)
+ char *m, int level)
{
const char *desc;
SECOidTag kind;
int rv;
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
level++;
if (src->contentTypeTag == NULL)
- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
+ src->contentTypeTag = SECOID_FindOID(&(src->contentType));
if (src->contentTypeTag == NULL) {
- desc = "Unknown";
- kind = SEC_OID_PKCS7_DATA;
+ desc = "Unknown";
+ kind = SEC_OID_PKCS7_DATA;
} else {
- desc = src->contentTypeTag->desc;
- kind = src->contentTypeTag->offset;
+ desc = src->contentTypeTag->desc;
+ kind = src->contentTypeTag->offset;
}
if (src->content.data == NULL) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", desc);
- level++;
- SECU_Indent(out, level); fprintf(out, "<no content>\n");
- return 0;
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", desc);
+ level++;
+ SECU_Indent(out, level);
+ fprintf(out, "<no content>\n");
+ return 0;
}
rv = 0;
switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */
- rv = secu_PrintPKCS7Signed(out, src->content.signedData, desc, level);
- break;
+ case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */
+ rv = secu_PrintPKCS7Signed(out, src->content.signedData, desc, level);
+ break;
- case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */
- secu_PrintPKCS7Enveloped(out, src->content.envelopedData, desc, level);
- break;
+ case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */
+ secu_PrintPKCS7Enveloped(out, src->content.envelopedData, desc, level);
+ break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */
- rv = secu_PrintPKCS7SignedAndEnveloped(out,
- src->content.signedAndEnvelopedData,
- desc, level);
- break;
+ case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */
+ rv = secu_PrintPKCS7SignedAndEnveloped(out,
+ src->content.signedAndEnvelopedData,
+ desc, level);
+ break;
- case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */
- secu_PrintPKCS7Digested(out, src->content.digestedData, desc, level);
- break;
+ case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */
+ secu_PrintPKCS7Digested(out, src->content.digestedData, desc, level);
+ break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */
- secu_PrintPKCS7Encrypted(out, src->content.encryptedData, desc, level);
- break;
+ case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */
+ secu_PrintPKCS7Encrypted(out, src->content.encryptedData, desc, level);
+ break;
- default:
- SECU_PrintAsHex(out, src->content.data, desc, level);
- break;
+ default:
+ SECU_PrintAsHex(out, src->content.data, desc, level);
+ break;
}
return rv;
@@ -3041,11 +3069,11 @@ SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, int level)
cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
if (cinfo != NULL) {
- /* Send it to recursive parsing and printing module */
- rv = secu_PrintPKCS7ContentInfo(out, cinfo, m, level);
- SEC_PKCS7DestroyContentInfo(cinfo);
+ /* Send it to recursive parsing and printing module */
+ rv = secu_PrintPKCS7ContentInfo(out, cinfo, m, level);
+ SEC_PKCS7DestroyContentInfo(cinfo);
} else {
- rv = -1;
+ rv = -1;
}
return rv;
@@ -3058,80 +3086,94 @@ SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, int level)
void
printFlags(FILE *out, unsigned int flags, int level)
{
- if ( flags & CERTDB_TERMINAL_RECORD ) {
- SECU_Indent(out, level); fprintf(out, "Terminal Record\n");
+ if (flags & CERTDB_TERMINAL_RECORD) {
+ SECU_Indent(out, level);
+ fprintf(out, "Terminal Record\n");
}
- if ( flags & CERTDB_TRUSTED ) {
- SECU_Indent(out, level); fprintf(out, "Trusted\n");
+ if (flags & CERTDB_TRUSTED) {
+ SECU_Indent(out, level);
+ fprintf(out, "Trusted\n");
}
- if ( flags & CERTDB_SEND_WARN ) {
- SECU_Indent(out, level); fprintf(out, "Warn When Sending\n");
+ if (flags & CERTDB_SEND_WARN) {
+ SECU_Indent(out, level);
+ fprintf(out, "Warn When Sending\n");
}
- if ( flags & CERTDB_VALID_CA ) {
- SECU_Indent(out, level); fprintf(out, "Valid CA\n");
+ if (flags & CERTDB_VALID_CA) {
+ SECU_Indent(out, level);
+ fprintf(out, "Valid CA\n");
}
- if ( flags & CERTDB_TRUSTED_CA ) {
- SECU_Indent(out, level); fprintf(out, "Trusted CA\n");
+ if (flags & CERTDB_TRUSTED_CA) {
+ SECU_Indent(out, level);
+ fprintf(out, "Trusted CA\n");
}
- if ( flags & CERTDB_NS_TRUSTED_CA ) {
- SECU_Indent(out, level); fprintf(out, "Netscape Trusted CA\n");
+ if (flags & CERTDB_NS_TRUSTED_CA) {
+ SECU_Indent(out, level);
+ fprintf(out, "Netscape Trusted CA\n");
}
- if ( flags & CERTDB_USER ) {
- SECU_Indent(out, level); fprintf(out, "User\n");
+ if (flags & CERTDB_USER) {
+ SECU_Indent(out, level);
+ fprintf(out, "User\n");
}
- if ( flags & CERTDB_TRUSTED_CLIENT_CA ) {
- SECU_Indent(out, level); fprintf(out, "Trusted Client CA\n");
+ if (flags & CERTDB_TRUSTED_CLIENT_CA) {
+ SECU_Indent(out, level);
+ fprintf(out, "Trusted Client CA\n");
}
- if ( flags & CERTDB_GOVT_APPROVED_CA ) {
- SECU_Indent(out, level); fprintf(out, "Step-up\n");
+ if (flags & CERTDB_GOVT_APPROVED_CA) {
+ SECU_Indent(out, level);
+ fprintf(out, "Step-up\n");
}
}
void
SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level)
{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_Indent(out, level+1); fprintf(out, "SSL Flags:\n");
- printFlags(out, trust->sslFlags, level+2);
- SECU_Indent(out, level+1); fprintf(out, "Email Flags:\n");
- printFlags(out, trust->emailFlags, level+2);
- SECU_Indent(out, level+1); fprintf(out, "Object Signing Flags:\n");
- printFlags(out, trust->objectSigningFlags, level+2);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level + 1);
+ fprintf(out, "SSL Flags:\n");
+ printFlags(out, trust->sslFlags, level + 2);
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Email Flags:\n");
+ printFlags(out, trust->emailFlags, level + 2);
+ SECU_Indent(out, level + 1);
+ fprintf(out, "Object Signing Flags:\n");
+ printFlags(out, trust->objectSigningFlags, level + 2);
}
-int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level)
+int
+SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level)
{
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
CERTName *name;
int rv = SEC_ERROR_NO_MEMORY;
if (!arena)
- return rv;
+ return rv;
name = PORT_ArenaZNew(arena, CERTName);
if (!name)
- goto loser;
+ goto loser;
rv = SEC_ASN1DecodeItem(arena, name, SEC_ASN1_GET(CERT_NameTemplate), der);
if (rv)
- goto loser;
+ goto loser;
SECU_PrintName(out, name, m, level);
if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
- SECU_Newline(out);
+ SECU_Newline(out);
loser:
PORT_FreeArena(arena, PR_FALSE);
return rv;
}
-typedef enum {
+typedef enum {
noSignature = 0,
withSignature = 1
} SignatureOptionType;
static int
secu_PrintSignedDataSigOpt(FILE *out, SECItem *der, const char *m,
- int level, SECU_PPFunc inner,
+ int level, SECU_PPFunc inner,
SignatureOptionType withSignature)
{
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -3139,48 +3181,51 @@ secu_PrintSignedDataSigOpt(FILE *out, SECItem *der, const char *m,
int rv = SEC_ERROR_NO_MEMORY;
if (!arena)
- return rv;
+ return rv;
/* Strip off the signature */
sd = PORT_ArenaZNew(arena, CERTSignedData);
if (!sd)
- goto loser;
+ goto loser;
- rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
+ rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
der);
if (rv)
- goto loser;
+ goto loser;
if (m) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level);
+ fprintf(out, "%s:\n", m);
} else {
level -= 1;
}
- rv = (*inner)(out, &sd->data, "Data", level+1);
+ rv = (*inner)(out, &sd->data, "Data", level + 1);
if (withSignature) {
SECU_PrintAlgorithmID(out, &sd->signatureAlgorithm, "Signature Algorithm",
- level+1);
+ level + 1);
DER_ConvertBitString(&sd->signature);
- SECU_PrintAsHex(out, &sd->signature, "Signature", level+1);
+ SECU_PrintAsHex(out, &sd->signature, "Signature", level + 1);
}
- SECU_PrintFingerprints(out, der, "Fingerprint", level+1);
+ SECU_PrintFingerprints(out, der, "Fingerprint", level + 1);
loser:
PORT_FreeArena(arena, PR_FALSE);
return rv;
}
-int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
- int level, SECU_PPFunc inner)
+int
+SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
+ int level, SECU_PPFunc inner)
{
- return secu_PrintSignedDataSigOpt(out, der, m, level, inner,
+ return secu_PrintSignedDataSigOpt(out, der, m, level, inner,
withSignature);
}
-int SECU_PrintSignedContent(FILE *out, SECItem *der, char *m,
- int level, SECU_PPFunc inner)
+int
+SECU_PrintSignedContent(FILE *out, SECItem *der, char *m,
+ int level, SECU_PPFunc inner)
{
- return secu_PrintSignedDataSigOpt(out, der, m, level, inner,
+ return secu_PrintSignedDataSigOpt(out, der, m, level, inner,
noSignature);
}
@@ -3192,50 +3237,50 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert,
SECStatus rv;
SECItem data;
CERTCertTrust certTrust;
-
+
data.data = cert->derCert.data;
data.len = cert->derCert.len;
rv = SECU_PrintSignedData(stdout, &data, label, 0,
- (SECU_PPFunc)SECU_PrintCertificate);
+ (SECU_PPFunc)SECU_PrintCertificate);
if (rv) {
- return(SECFailure);
+ return (SECFailure);
}
if (trust) {
- SECU_PrintTrustFlags(stdout, trust,
- "Certificate Trust Flags", 1);
+ SECU_PrintTrustFlags(stdout, trust,
+ "Certificate Trust Flags", 1);
} else if (CERT_GetCertTrust(cert, &certTrust) == SECSuccess) {
- SECU_PrintTrustFlags(stdout, &certTrust,
- "Certificate Trust Flags", 1);
+ SECU_PrintTrustFlags(stdout, &certTrust,
+ "Certificate Trust Flags", 1);
}
printf("\n");
- return(SECSuccess);
+ return (SECSuccess);
}
-
static char *
-bestCertName(CERTCertificate *cert) {
+bestCertName(CERTCertificate *cert)
+{
if (cert->nickname) {
- return cert->nickname;
+ return cert->nickname;
}
if (cert->emailAddr && cert->emailAddr[0]) {
- return cert->emailAddr;
+ return cert->emailAddr;
}
return cert->subjectName;
}
void
-SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
- CERTCertificate *cert, PRBool checksig,
- SECCertificateUsage certUsage, void *pinArg, PRBool verbose,
- PRTime datetime)
+SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
+ CERTCertificate *cert, PRBool checksig,
+ SECCertificateUsage certUsage, void *pinArg, PRBool verbose,
+ PRTime datetime)
{
- CERTVerifyLog log;
+ CERTVerifyLog log;
CERTVerifyLogNode *node;
- PRErrorCode err = PORT_GetError();
+ PRErrorCode err = PORT_GetError();
log.arena = PORT_NewArena(512);
log.head = log.tail = NULL;
@@ -3257,102 +3302,102 @@ void
SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
PRBool verbose)
{
- CERTVerifyLogNode *node = NULL;
- unsigned int depth = (unsigned int)-1;
- unsigned int flags = 0;
- char * errstr = NULL;
+ CERTVerifyLogNode *node = NULL;
+ unsigned int depth = (unsigned int)-1;
+ unsigned int flags = 0;
+ char *errstr = NULL;
if (log->count > 0) {
- fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n");
- for (node = log->head; node; node = node->next) {
- if (depth != node->depth) {
- depth = node->depth;
- fprintf(outfile,"CERT %d. %s %s:\n", depth,
- bestCertName(node->cert),
- depth ? "[Certificate Authority]": "");
- if (verbose) {
- const char * emailAddr;
- emailAddr = CERT_GetFirstEmailAddress(node->cert);
- if (emailAddr) {
- fprintf(outfile,"Email Address(es): ");
- do {
- fprintf(outfile, "%s\n", emailAddr);
- emailAddr = CERT_GetNextEmailAddress(node->cert,
- emailAddr);
- } while (emailAddr);
- }
- }
- }
- fprintf(outfile, " ERROR %ld: %s\n", node->error,
- SECU_Strerror(node->error));
- errstr = NULL;
- switch (node->error) {
- case SEC_ERROR_INADEQUATE_KEY_USAGE:
- flags = (unsigned int)((char *)node->arg - (char *)NULL);
- switch (flags) {
- case KU_DIGITAL_SIGNATURE:
- errstr = "Cert cannot sign.";
- break;
- case KU_KEY_ENCIPHERMENT:
- errstr = "Cert cannot encrypt.";
- break;
- case KU_KEY_CERT_SIGN:
- errstr = "Cert cannot sign other certs.";
- break;
- default:
- errstr = "[unknown usage].";
- break;
- }
- break;
- case SEC_ERROR_INADEQUATE_CERT_TYPE:
- flags = (unsigned int)((char *)node->arg - (char *)NULL);
- switch (flags) {
- case NS_CERT_TYPE_SSL_CLIENT:
- case NS_CERT_TYPE_SSL_SERVER:
- errstr = "Cert cannot be used for SSL.";
- break;
- case NS_CERT_TYPE_SSL_CA:
- errstr = "Cert cannot be used as an SSL CA.";
- break;
- case NS_CERT_TYPE_EMAIL:
- errstr = "Cert cannot be used for SMIME.";
- break;
- case NS_CERT_TYPE_EMAIL_CA:
- errstr = "Cert cannot be used as an SMIME CA.";
- break;
- case NS_CERT_TYPE_OBJECT_SIGNING:
- errstr = "Cert cannot be used for object signing.";
- break;
- case NS_CERT_TYPE_OBJECT_SIGNING_CA:
- errstr = "Cert cannot be used as an object signing CA.";
- break;
- default:
- errstr = "[unknown usage].";
- break;
- }
- break;
- case SEC_ERROR_UNKNOWN_ISSUER:
- case SEC_ERROR_UNTRUSTED_ISSUER:
- case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
- errstr = node->cert->issuerName;
- break;
- default:
- break;
- }
- if (errstr) {
- fprintf(stderr," %s\n",errstr);
- }
- }
+ fprintf(outfile, "PROBLEM WITH THE CERT CHAIN:\n");
+ for (node = log->head; node; node = node->next) {
+ if (depth != node->depth) {
+ depth = node->depth;
+ fprintf(outfile, "CERT %d. %s %s:\n", depth,
+ bestCertName(node->cert),
+ depth ? "[Certificate Authority]" : "");
+ if (verbose) {
+ const char *emailAddr;
+ emailAddr = CERT_GetFirstEmailAddress(node->cert);
+ if (emailAddr) {
+ fprintf(outfile, "Email Address(es): ");
+ do {
+ fprintf(outfile, "%s\n", emailAddr);
+ emailAddr = CERT_GetNextEmailAddress(node->cert,
+ emailAddr);
+ } while (emailAddr);
+ }
+ }
+ }
+ fprintf(outfile, " ERROR %ld: %s\n", node->error,
+ SECU_Strerror(node->error));
+ errstr = NULL;
+ switch (node->error) {
+ case SEC_ERROR_INADEQUATE_KEY_USAGE:
+ flags = (unsigned int)((char *)node->arg - (char *)NULL);
+ switch (flags) {
+ case KU_DIGITAL_SIGNATURE:
+ errstr = "Cert cannot sign.";
+ break;
+ case KU_KEY_ENCIPHERMENT:
+ errstr = "Cert cannot encrypt.";
+ break;
+ case KU_KEY_CERT_SIGN:
+ errstr = "Cert cannot sign other certs.";
+ break;
+ default:
+ errstr = "[unknown usage].";
+ break;
+ }
+ break;
+ case SEC_ERROR_INADEQUATE_CERT_TYPE:
+ flags = (unsigned int)((char *)node->arg - (char *)NULL);
+ switch (flags) {
+ case NS_CERT_TYPE_SSL_CLIENT:
+ case NS_CERT_TYPE_SSL_SERVER:
+ errstr = "Cert cannot be used for SSL.";
+ break;
+ case NS_CERT_TYPE_SSL_CA:
+ errstr = "Cert cannot be used as an SSL CA.";
+ break;
+ case NS_CERT_TYPE_EMAIL:
+ errstr = "Cert cannot be used for SMIME.";
+ break;
+ case NS_CERT_TYPE_EMAIL_CA:
+ errstr = "Cert cannot be used as an SMIME CA.";
+ break;
+ case NS_CERT_TYPE_OBJECT_SIGNING:
+ errstr = "Cert cannot be used for object signing.";
+ break;
+ case NS_CERT_TYPE_OBJECT_SIGNING_CA:
+ errstr = "Cert cannot be used as an object signing CA.";
+ break;
+ default:
+ errstr = "[unknown usage].";
+ break;
+ }
+ break;
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ case SEC_ERROR_UNTRUSTED_ISSUER:
+ case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+ errstr = node->cert->issuerName;
+ break;
+ default:
+ break;
+ }
+ if (errstr) {
+ fprintf(stderr, " %s\n", errstr);
+ }
+ }
}
}
void
-SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
- CERTCertificate *cert, PRBool checksig,
- SECCertificateUsage certUsage, void *pinArg, PRBool verbose)
+SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
+ CERTCertificate *cert, PRBool checksig,
+ SECCertificateUsage certUsage, void *pinArg, PRBool verbose)
{
- SECU_printCertProblemsOnDate(outfile, handle, cert, checksig,
- certUsage, pinArg, verbose, PR_Now());
+ SECU_printCertProblemsOnDate(outfile, handle, cert, checksig,
+ certUsage, pinArg, verbose, PR_Now());
}
SECStatus
@@ -3367,8 +3412,8 @@ SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl, PRFileDesc *outFile,
if (outFile != NULL) {
if (ascii) {
- PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CRL_HEADER,
- BTOA_DataToAscii(derCrl->data, derCrl->len),
+ PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CRL_HEADER,
+ BTOA_DataToAscii(derCrl->data, derCrl->len),
NS_CRL_TRAILER);
} else {
if (PR_Write(outFile, derCrl->data, derCrl->len) != derCrl->len) {
@@ -3397,7 +3442,7 @@ SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl,
SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode)
{
SECItem der;
- SECKEYPrivateKey *caPrivateKey = NULL;
+ SECKEYPrivateKey *caPrivateKey = NULL;
SECStatus rv;
PLArenaPool *arena;
SECOidTag algID;
@@ -3459,8 +3504,8 @@ SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl,
signCrl->derCrl->len = 0;
signCrl->derCrl->data = NULL;
- dummy = SEC_ASN1EncodeItem (arena, signCrl->derCrl, signCrl,
- SEC_ASN1_GET(CERT_SignedCrlTemplate));
+ dummy = SEC_ASN1EncodeItem(arena, signCrl->derCrl, signCrl,
+ SEC_ASN1_GET(CERT_SignedCrlTemplate));
if (!dummy) {
*resCode = failToEncode;
rv = SECFailure;
@@ -3474,8 +3519,6 @@ done:
return rv;
}
-
-
SECStatus
SECU_CopyCRL(PLArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl)
{
@@ -3491,8 +3534,8 @@ SECU_CopyCRL(PLArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl)
der.len = 0;
der.data = NULL;
- dummy = SEC_ASN1EncodeItem (destArena, &der, srcCrl,
- SEC_ASN1_GET(CERT_CrlTemplate));
+ dummy = SEC_ASN1EncodeItem(destArena, &der, srcCrl,
+ SEC_ASN1_GET(CERT_CrlTemplate));
if (!dummy) {
return SECFailure;
}
@@ -3502,7 +3545,7 @@ SECU_CopyCRL(PLArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl)
if (rv != SECSuccess) {
return SECFailure;
}
-
+
destCrl->arena = destArena;
return rv;
@@ -3524,20 +3567,22 @@ SECU_DerSignDataCRL(PLArenaPool *arena, CERTSignedData *sd,
/* Sign input buffer */
rv = SEC_SignData(&it, buf, len, pk, algID);
- if (rv) goto loser;
+ if (rv)
+ goto loser;
/* Fill out SignedData object */
PORT_Memset(sd, 0, sizeof(*sd));
sd->data.data = buf;
sd->data.len = len;
sd->signature.data = it.data;
- sd->signature.len = it.len << 3; /* convert to bit string */
+ sd->signature.len = it.len << 3; /* convert to bit string */
rv = SECOID_SetAlgorithmID(arena, &sd->signatureAlgorithm, algID, 0);
- if (rv) goto loser;
+ if (rv)
+ goto loser;
return rv;
- loser:
+loser:
PORT_Free(it.data);
return rv;
}
@@ -3560,21 +3605,21 @@ SECU_FindCRLAuthKeyIDExten (PLArenaPool *arena, CERTSignedCrl *scrl)
}
crl = &scrl->crl;
-
+
encodedExtenValue.data = NULL;
encodedExtenValue.len = 0;
rv = cert_FindExtension(crl->extensions, SEC_OID_X509_AUTH_KEY_ID,
- &encodedExtenValue);
+ &encodedExtenValue);
if ( rv != SECSuccess ) {
- return (NULL);
+ return (NULL);
}
ret = CERT_DecodeAuthKeyID (arena, &encodedExtenValue);
PORT_Free(encodedExtenValue.data);
encodedExtenValue.data = NULL;
-
+
return(ret);
}
@@ -3584,8 +3629,8 @@ SECU_FindCRLAuthKeyIDExten (PLArenaPool *arena, CERTSignedCrl *scrl)
* Find the issuer of a Crl. Use the authorityKeyID if it exists.
*/
CERTCertificate *
-SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem* subject,
- CERTAuthKeyID* authorityKeyID, PRTime validTime)
+SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem *subject,
+ CERTAuthKeyID *authorityKeyID, PRTime validTime)
{
CERTCertificate *issuerCert = NULL;
CERTCertList *certList = NULL;
@@ -3601,9 +3646,9 @@ SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem* subject,
validTime, PR_TRUE);
if (certList) {
CERTCertListNode *node = CERT_LIST_HEAD(certList);
-
+
/* XXX and authoritykeyid in the future */
- while ( ! CERT_LIST_END(node, certList) ) {
+ while (!CERT_LIST_END(node, certList)) {
CERTCertificate *cert = node->cert;
/* check cert CERTCertTrust data is allocated, check cert
usage extension, check that cert has pkey in db. Select
@@ -3611,22 +3656,21 @@ SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem* subject,
if (CERT_GetCertTrust(cert, &trust) == SECSuccess &&
CERT_CheckCertUsage(cert, KU_CRL_SIGN) == SECSuccess &&
CERT_IsUserCert(cert)) {
-
+
issuerCert = CERT_DupCertificate(cert);
break;
}
- node = CERT_LIST_NEXT(node);
+ node = CERT_LIST_NEXT(node);
}
CERT_DestroyCertList(certList);
}
- return(issuerCert);
+ return (issuerCert);
}
-
/* Encodes and adds extensions to the CRL or CRL entries. */
-SECStatus
-SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle,
- void *value, PRBool criticality, int extenType,
+SECStatus
+SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle,
+ void *value, PRBool criticality, int extenType,
EXTEN_EXT_VALUE_ENCODER EncodeValueFn)
{
SECItem encodedValue;
@@ -3648,7 +3692,7 @@ SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle,
return (rv);
}
-CERTCertificate*
+CERTCertificate *
SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle,
char *name, PRBool ascii,
void *pwarg)
@@ -3663,8 +3707,8 @@ SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle,
/* Don't have a cert with name "name" in the DB. Try to
* open a file with such name and get the cert from there.*/
SECStatus rv;
- SECItem item = {0, NULL, 0};
- PRFileDesc* fd = PR_Open(name, PR_RDONLY, 0777);
+ SECItem item = { 0, NULL, 0 };
+ PRFileDesc *fd = PR_Open(name, PR_RDONLY, 0777);
if (!fd) {
return NULL;
}
@@ -3674,10 +3718,10 @@ SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle,
PORT_Free(item.data);
return NULL;
}
- the_cert = CERT_NewTempCertificate(handle, &item,
- NULL /* nickname */,
- PR_FALSE /* isPerm */,
- PR_TRUE /* copyDER */);
+ the_cert = CERT_NewTempCertificate(handle, &item,
+ NULL /* nickname */,
+ PR_FALSE /* isPerm */,
+ PR_TRUE /* copyDER */);
PORT_Free(item.data);
}
return the_cert;
@@ -3778,8 +3822,8 @@ SECU_ParseSSLVersionRangeString(const char *input,
} else {
PRUint16 version;
/* if max version is empty, then maxStr points to the string terminator */
- if (SECU_GetSSLVersionFromName(maxStr, strlen(maxStr), &version)
- != SECSuccess) {
+ if (SECU_GetSSLVersionFromName(maxStr, strlen(maxStr), &version) !=
+ SECSuccess) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
diff --git a/cmd/lib/secutil.h b/cmd/lib/secutil.h
index 6e7583ca2..41a915396 100644
--- a/cmd/lib/secutil.h
+++ b/cmd/lib/secutil.h
@@ -19,15 +19,14 @@
#include "sslerr.h"
#include "sslt.h"
-
-#define SEC_CT_PRIVATE_KEY "private-key"
-#define SEC_CT_PUBLIC_KEY "public-key"
-#define SEC_CT_CERTIFICATE "certificate"
-#define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
-#define SEC_CT_CERTIFICATE_ID "certificate-identity"
-#define SEC_CT_PKCS7 "pkcs7"
-#define SEC_CT_CRL "crl"
-#define SEC_CT_NAME "name"
+#define SEC_CT_PRIVATE_KEY "private-key"
+#define SEC_CT_PUBLIC_KEY "public-key"
+#define SEC_CT_CERTIFICATE "certificate"
+#define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
+#define SEC_CT_CERTIFICATE_ID "certificate-identity"
+#define SEC_CT_PKCS7 "pkcs7"
+#define SEC_CT_CRL "crl"
+#define SEC_CT_NAME "name"
#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----"
#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----"
@@ -35,18 +34,17 @@
#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----"
#define NS_CERT_TRAILER "-----END CERTIFICATE-----"
-#define NS_CRL_HEADER "-----BEGIN CRL-----"
+#define NS_CRL_HEADER "-----BEGIN CRL-----"
#define NS_CRL_TRAILER "-----END CRL-----"
#define SECU_Strerror PORT_ErrorToString
-
typedef struct {
enum {
- PW_NONE = 0,
- PW_FROMFILE = 1,
- PW_PLAINTEXT = 2,
- PW_EXTERNAL = 3
+ PW_NONE = 0,
+ PW_FROMFILE = 1,
+ PW_PLAINTEXT = 2,
+ PW_EXTERNAL = 3
} source;
char *data;
} secuPWData;
@@ -67,7 +65,7 @@ SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile);
** be prompted for
*/
SECStatus SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass,
- char *oldPwFile, char *newPwFile);
+ char *oldPwFile, char *newPwFile);
/* These were stolen from the old sec.h... */
/*
@@ -78,7 +76,7 @@ SECStatus SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass,
extern PRBool SEC_CheckPassword(char *password);
/*
-** Blind check of a password. Complement to SEC_CheckPassword which
+** Blind check of a password. Complement to SEC_CheckPassword which
** ignores length and content type, just retuning DSTrue is the password
** exists, DSFalse if NULL
*/
@@ -90,7 +88,7 @@ extern PRBool SEC_BlindCheckPassword(char *password);
** The password is then checked using "chkpw".
*/
extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg,
- PRBool (*chkpw)(char *));
+ PRBool (*chkpw)(char *));
char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg);
@@ -110,7 +108,6 @@ extern SECStatus SEC_WriteDongleFile(int fd, char *pw);
*/
extern char *SEC_ReadDongleFile(int fd);
-
/* End stolen headers */
/* Just sticks the two strings together with a / if needed */
@@ -120,21 +117,21 @@ char *SECU_AppendFilenameToDir(char *dir, char *filename);
extern char *SECU_DefaultSSLDir(void);
/*
-** Should be called once during initialization to set the default
+** Should be called once during initialization to set the default
** directory for looking for cert.db, key.db, and cert-nameidx.db files
-** Removes trailing '/' in 'base'
+** Removes trailing '/' in 'base'
** If 'base' is NULL, defaults to set to .netscape in home directory.
*/
-extern char *SECU_ConfigDirectory(const char* base);
+extern char *SECU_ConfigDirectory(const char *base);
-/*
+/*
** Basic callback function for SSL_GetClientAuthDataHook
*/
extern int
SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
- struct CERTDistNamesStr *caNames,
- struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey);
+ struct CERTDistNamesStr *caNames,
+ struct CERTCertificateStr **pRetCert,
+ struct SECKEYPrivateKeyStr **pRetKey);
extern PRBool SECU_GetWrapEnabled(void);
extern void SECU_EnableWrap(PRBool enable);
@@ -145,16 +142,16 @@ extern void SECU_EnableUtf8Display(PRBool enable);
/* revalidate the cert and print information about cert verification
* failure at time == now */
extern void
-SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
- CERTCertificate *cert, PRBool checksig,
- SECCertificateUsage certUsage, void *pinArg, PRBool verbose);
+SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
+ CERTCertificate *cert, PRBool checksig,
+ SECCertificateUsage certUsage, void *pinArg, PRBool verbose);
/* revalidate the cert and print information about cert verification
* failure at specified time */
extern void
-SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
- CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage,
- void *pinArg, PRBool verbose, PRTime datetime);
+SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
+ CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage,
+ void *pinArg, PRBool verbose, PRTime datetime);
/* print out CERTVerifyLog info. */
extern void
@@ -162,9 +159,9 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
PRBool verbose);
/* Read in a DER from a file, may be ascii */
-extern SECStatus
+extern SECStatus
SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii,
- PRBool warnOnPrivateKeyInAsciiFile);
+ PRBool warnOnPrivateKeyInAsciiFile);
/* Print integer value and hex */
extern void SECU_PrintInteger(FILE *out, const SECItem *i, const char *m,
@@ -176,7 +173,7 @@ extern SECOidTag SECU_PrintObjectID(FILE *out, const SECItem *oid,
/* Print AlgorithmIdentifier symbolically */
extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
- int level);
+ int level);
/*
* Format and print the UTC Time "t". If the tag message "m" is not NULL,
@@ -203,11 +200,11 @@ extern void SECU_PrintTimeChoice(FILE *out, const SECItem *t, const char *m,
int level);
/* callback for listing certs through pkcs11 */
-extern SECStatus SECU_PrintCertNickname(CERTCertListNode* cert, void *data);
+extern SECStatus SECU_PrintCertNickname(CERTCertListNode *cert, void *data);
/* Dump all certificate nicknames in a database */
extern SECStatus
-SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out,
+SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc *out,
PRBool sortByName, PRBool sortByTrust);
/* See if nickname already in database. Return 1 true, 0 false, -1 error */
@@ -215,26 +212,26 @@ int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname);
/* Dump contents of cert req */
extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m,
- int level);
+ int level);
/* Dump contents of certificate */
extern int SECU_PrintCertificate(FILE *out, const SECItem *der, const char *m,
int level);
extern int SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m,
- int level);
+ int level);
extern int SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m,
- int level);
+ int level);
/* Dump contents of a DER certificate name (issuer or subject) */
extern int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level);
/* print trust flags on a cert */
-extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m,
+extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m,
int level);
-extern int SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m,
+extern int SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m,
int level);
#ifdef HAVE_EPV_TEMPLATE
@@ -253,14 +250,14 @@ extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m,
int level);
/* Pretty-print any PKCS7 thing */
-extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
- int level);
+extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
+ int level);
/* Init PKCS11 stuff */
extern SECStatus SECU_PKCS11Init(PRBool readOnly);
/* Dump contents of signed data */
-extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
+extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
int level, SECU_PPFunc inner);
/* Dump contents of signed data, excluding the signature */
@@ -283,14 +280,14 @@ extern void SECU_PrintAny(FILE *out, const SECItem *i, const char *m, int level)
extern void SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level);
extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
- char *msg, int level);
+ char *msg, int level);
extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
- char *msg, int level);
+ char *msg, int level);
-extern void SECU_PrintNameQuotesOptional(FILE *out, CERTName *name,
- const char *msg, int level,
- PRBool quotes);
+extern void SECU_PrintNameQuotesOptional(FILE *out, CERTName *name,
+ const char *msg, int level,
+ PRBool quotes);
extern void SECU_PrintName(FILE *out, CERTName *name, const char *msg,
int level);
extern void SECU_PrintRDN(FILE *out, CERTRDN *rdn, const char *msg, int level);
@@ -320,14 +317,13 @@ extern SECOidTag SECU_StringToSignatureAlgTag(const char *alg);
extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl,
PRFileDesc *outFile, PRBool ascii, char *url);
-
/*
** DER sign a single block of data using private key encryption and the
** MD5 hashing algorithm. This routine first computes a digital signature
** using SEC_SignData, then wraps it with an CERTSignedData and then der
** encodes the result.
** "arena" is the memory arena to use to allocate data from
-** "sd" returned CERTSignedData
+** "sd" returned CERTSignedData
** "result" the final der encoded data (memory is allocated)
** "buf" the input data to sign
** "len" the amount of data to sign
@@ -337,7 +333,7 @@ extern SECStatus SECU_DerSignDataCRL(PLArenaPool *arena, CERTSignedData *sd,
unsigned char *buf, int len,
SECKEYPrivateKey *pk, SECOidTag algID);
-typedef enum {
+typedef enum {
noKeyFound = 1,
noSignatureMatch = 2,
failToEncode = 3,
@@ -357,35 +353,34 @@ SECU_CopyCRL(PLArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl);
** was found.
*/
CERTAuthKeyID *
-SECU_FindCRLAuthKeyIDExten (PLArenaPool *arena, CERTSignedCrl *crl);
+SECU_FindCRLAuthKeyIDExten(PLArenaPool *arena, CERTSignedCrl *crl);
/*
* Find the issuer of a crl. Cert usage should be checked before signing a crl.
*/
CERTCertificate *
-SECU_FindCrlIssuer(CERTCertDBHandle *dbHandle, SECItem* subject,
- CERTAuthKeyID* id, PRTime validTime);
-
+SECU_FindCrlIssuer(CERTCertDBHandle *dbHandle, SECItem *subject,
+ CERTAuthKeyID *id, PRTime validTime);
/* call back function used in encoding of an extension. Called from
* SECU_EncodeAndAddExtensionValue */
-typedef SECStatus (* EXTEN_EXT_VALUE_ENCODER) (PLArenaPool *extHandleArena,
- void *value, SECItem *encodedValue);
+typedef SECStatus (*EXTEN_EXT_VALUE_ENCODER)(PLArenaPool *extHandleArena,
+ void *value, SECItem *encodedValue);
/* Encodes and adds extensions to the CRL or CRL entries. */
-SECStatus
-SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle,
- void *value, PRBool criticality, int extenType,
+SECStatus
+SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle,
+ void *value, PRBool criticality, int extenType,
EXTEN_EXT_VALUE_ENCODER EncodeValueFn);
/* Caller ensures that dst is at least item->len*2+1 bytes long */
void
-SECU_SECItemToHex(const SECItem * item, char * dst);
+SECU_SECItemToHex(const SECItem *item, char *dst);
/* Requires 0x prefix. Case-insensitive. Will do in-place replacement if
* successful */
SECStatus
-SECU_SECItemHexStringToBinary(SECItem* srcdest);
+SECU_SECItemHexStringToBinary(SECItem *srcdest);
/* Parse a version range string, with "min" and "max" version numbers,
* separated by colon (":"), and return the result in vr and v2.
@@ -422,7 +417,7 @@ extern int ffs(unsigned int i);
/* Finds certificate by searching it in the DB or by examinig file
* in the local directory. */
-CERTCertificate*
+CERTCertificate *
SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle,
char *name, PRBool ascii,
void *pwarg);
diff --git a/cmd/libpkix/perf/libpkix_buildthreads.c b/cmd/libpkix/perf/libpkix_buildthreads.c
index adb0a29bd..4b8d43811 100644
--- a/cmd/libpkix/perf/libpkix_buildthreads.c
+++ b/cmd/libpkix/perf/libpkix_buildthreads.c
@@ -36,23 +36,22 @@
static void *plContext = NULL;
#undef pkixTempResult
-#define PERF_DECREF(obj) \
- { \
- PKIX_Error *pkixTempResult = NULL; \
- if (obj){ \
- pkixTempResult = PKIX_PL_Object_DecRef \
- ((PKIX_PL_Object *)(obj), plContext); \
- obj = NULL; \
- } \
- }
+#define PERF_DECREF(obj) \
+ { \
+ PKIX_Error *pkixTempResult = NULL; \
+ if (obj) { \
+ pkixTempResult = PKIX_PL_Object_DecRef((PKIX_PL_Object *)(obj), plContext); \
+ obj = NULL; \
+ } \
+ }
-static void finish(char* message, int code);
+static void finish(char *message, int code);
typedef struct ThreadDataStr tData;
struct ThreadDataStr {
- CERTCertificate* anchor;
- char* eecertName;
+ CERTCertificate *anchor;
+ char *eecertName;
PRIntervalTime duration;
CERTCertDBHandle *handle;
PRUint32 iterations;
@@ -63,78 +62,80 @@ struct ThreadDataStr {
#ifdef PKIX_LOGGER_ON
char *logLevels[] = {
- "None",
- "Fatal Error",
- "Error",
- "Warning",
- "Debug",
- "Trace"
+ "None",
+ "Fatal Error",
+ "Error",
+ "Warning",
+ "Debug",
+ "Trace"
};
-static PKIX_Error *loggerCallback(
- PKIX_Logger *logger,
- PKIX_PL_String *message,
- PKIX_UInt32 logLevel,
- PKIX_ERRORCLASS logComponent,
- void *plContext)
+static PKIX_Error *
+loggerCallback(
+ PKIX_Logger *logger,
+ PKIX_PL_String *message,
+ PKIX_UInt32 logLevel,
+ PKIX_ERRORCLASS logComponent,
+ void *plContext)
{
- char *msg = NULL;
- static int callCount = 0;
+ char *msg = NULL;
+ static int callCount = 0;
- msg = PKIX_String2ASCII(message, plContext);
- printf("Logging %s (%s): %s\n",
- logLevels[logLevel],
- PKIX_ERRORCLASSNAMES[logComponent],
- msg);
- PR_Free((void *)msg);
+ msg = PKIX_String2ASCII(message, plContext);
+ printf("Logging %s (%s): %s\n",
+ logLevels[logLevel],
+ PKIX_ERRORCLASSNAMES[logComponent],
+ msg);
+ PR_Free((void *)msg);
- return(NULL);
+ return (NULL);
}
#endif /* PKIX_LOGGER_ON */
-static void ThreadEntry(void* data)
+static void
+ThreadEntry(void *data)
{
- tData* tdata = (tData*) data;
- PRIntervalTime duration = tdata->duration;
- PRIntervalTime start = PR_IntervalNow();
-
- PKIX_List *anchors = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_BuildResult *buildResult = NULL;
- CERTCertificate* nsseecert;
- PKIX_PL_Cert *eeCert = NULL;
- PKIX_CertStore *certStore = NULL;
- PKIX_List *certStores = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_PL_Date *nowDate = NULL;
- void *state = NULL; /* only relevant with non-blocking I/O */
- void *nbioContext = NULL; /* only relevant with non-blocking I/O */
-
- PR_ASSERT(duration);
- if (!duration){
- return;
- }
+ tData *tdata = (tData *)data;
+ PRIntervalTime duration = tdata->duration;
+ PRIntervalTime start = PR_IntervalNow();
+
+ PKIX_List *anchors = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_BuildResult *buildResult = NULL;
+ CERTCertificate *nsseecert;
+ PKIX_PL_Cert *eeCert = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_List *certStores = NULL;
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_PL_Date *nowDate = NULL;
+ void *state = NULL; /* only relevant with non-blocking I/O */
+ void *nbioContext = NULL; /* only relevant with non-blocking I/O */
+
+ PR_ASSERT(duration);
+ if (!duration) {
+ return;
+ }
- do {
+ do {
- /* libpkix code */
+ /* libpkix code */
- /* keep more update time, testing cache */
- PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext);
+ /* keep more update time, testing cache */
+ PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext);
- /* CertUsage is 0x10 and no NSS arena */
- /* We haven't determined how we obtain the value of wincx */
+ /* CertUsage is 0x10 and no NSS arena */
+ /* We haven't determined how we obtain the value of wincx */
- nsseecert = CERT_FindCertByNicknameOrEmailAddr(tdata->handle,
- tdata->eecertName);
- if (!nsseecert) finish("Unable to find eecert.\n", 1);
+ nsseecert = CERT_FindCertByNicknameOrEmailAddr(tdata->handle,
+ tdata->eecertName);
+ if (!nsseecert)
+ finish("Unable to find eecert.\n", 1);
- pkix_pl_Cert_CreateWithNSSCert
- (nsseecert, &eeCert, plContext);
+ pkix_pl_Cert_CreateWithNSSCert(nsseecert, &eeCert, plContext);
- PKIX_List_Create(&anchors, plContext);
+ PKIX_List_Create(&anchors, plContext);
/*
* This code is retired.
@@ -144,206 +145,193 @@ static void ThreadEntry(void* data)
* PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, NULL);
*/
- PKIX_ProcessingParams_Create(anchors, &procParams, plContext);
+ PKIX_ProcessingParams_Create(anchors, &procParams, plContext);
- PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_TRUE, plContext);
+ PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext);
- PKIX_ProcessingParams_SetDate
- (procParams, nowDate, plContext);
+ PKIX_ProcessingParams_SetDate(procParams, nowDate, plContext);
- /* create CertSelector with target certificate in params */
+ /* create CertSelector with target certificate in params */
- PKIX_ComCertSelParams_Create(&certSelParams, plContext);
+ PKIX_ComCertSelParams_Create(&certSelParams, plContext);
- PKIX_ComCertSelParams_SetCertificate
- (certSelParams, eeCert, plContext);
+ PKIX_ComCertSelParams_SetCertificate(certSelParams, eeCert, plContext);
- PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext);
+ PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext);
- PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext);
+ PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext);
- PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext);
+ PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext);
- PKIX_PL_Pk11CertStore_Create(&certStore, plContext);
+ PKIX_PL_Pk11CertStore_Create(&certStore, plContext);
- PKIX_List_Create(&certStores, plContext);
- PKIX_List_AppendItem
- (certStores, (PKIX_PL_Object *)certStore, plContext);
- PKIX_ProcessingParams_SetCertStores
- (procParams, certStores, plContext);
+ PKIX_List_Create(&certStores, plContext);
+ PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext);
+ PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext);
- PKIX_BuildChain
- (procParams,
+ PKIX_BuildChain(procParams,
&nbioContext,
&state,
&buildResult,
NULL,
plContext);
- /*
+ /*
* As long as we use only CertStores with blocking I/O, we
* know we must be done at this point.
*/
- if (!buildResult){
- (void) fprintf(stderr, "libpkix BuildChain failed.\n");
- PORT_Assert(0);
- return;
- }
-
- tdata->iterations ++;
-
- PERF_DECREF(nowDate);
- PERF_DECREF(anchors);
- PERF_DECREF(procParams);
- PERF_DECREF(buildResult);
- PERF_DECREF(certStore);
- PERF_DECREF(certStores);
- PERF_DECREF(certSelParams);
- PERF_DECREF(certSelector);
- PERF_DECREF(eeCert);
+ if (!buildResult) {
+ (void)fprintf(stderr, "libpkix BuildChain failed.\n");
+ PORT_Assert(0);
+ return;
+ }
- } while ((PR_IntervalNow() - start) < duration);
+ tdata->iterations++;
+ PERF_DECREF(nowDate);
+ PERF_DECREF(anchors);
+ PERF_DECREF(procParams);
+ PERF_DECREF(buildResult);
+ PERF_DECREF(certStore);
+ PERF_DECREF(certStores);
+ PERF_DECREF(certSelParams);
+ PERF_DECREF(certSelector);
+ PERF_DECREF(eeCert);
+ } while ((PR_IntervalNow() - start) < duration);
}
static void
Test(
- CERTCertificate* anchor,
- char* eecertName,
- PRIntervalTime duration,
- CERTCertDBHandle *handle,
- PRUint32 threads)
+ CERTCertificate *anchor,
+ char *eecertName,
+ PRIntervalTime duration,
+ CERTCertDBHandle *handle,
+ PRUint32 threads)
{
- tData data;
- tData** alldata;
- PRIntervalTime starttime, endtime, elapsed;
- PRUint32 msecs;
- float total = 0;
- PRThread** pthreads = NULL;
- PRUint32 i = 0;
-
- data.duration = duration;
- data.anchor = anchor;
- data.eecertName = eecertName;
- data.handle = handle;
-
- data.iterations = 0;
-
- starttime = PR_IntervalNow();
- pthreads = (PRThread**)PR_Malloc(threads*sizeof (PRThread*));
- alldata = (tData**)PR_Malloc(threads*sizeof (tData*));
- for (i = 0; i < threads; i++){
- alldata[i] = (tData*)PR_Malloc(sizeof (tData));
- *alldata[i] = data;
- pthreads[i] =
- PR_CreateThread(PR_USER_THREAD,
- ThreadEntry,
- (void*) alldata[i],
- PR_PRIORITY_NORMAL,
- PR_GLOBAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
- }
-
- for (i = 0; i < threads; i++) {
- tData* args = alldata[i];
- PR_JoinThread(pthreads[i]);
- total += args->iterations;
- PR_Free((void*)args);
- }
-
- PR_Free((void*) pthreads);
- PR_Free((void*) alldata);
- endtime = PR_IntervalNow();
-
- endtime = PR_IntervalNow();
- elapsed = endtime - starttime;
- msecs = PR_IntervalToMilliseconds(elapsed);
- total /= msecs;
- total *= 1000;
- (void) fprintf(stdout, "%f operations per second.\n", total);
+ tData data;
+ tData **alldata;
+ PRIntervalTime starttime, endtime, elapsed;
+ PRUint32 msecs;
+ float total = 0;
+ PRThread **pthreads = NULL;
+ PRUint32 i = 0;
+
+ data.duration = duration;
+ data.anchor = anchor;
+ data.eecertName = eecertName;
+ data.handle = handle;
+
+ data.iterations = 0;
+
+ starttime = PR_IntervalNow();
+ pthreads = (PRThread **)PR_Malloc(threads * sizeof(PRThread *));
+ alldata = (tData **)PR_Malloc(threads * sizeof(tData *));
+ for (i = 0; i < threads; i++) {
+ alldata[i] = (tData *)PR_Malloc(sizeof(tData));
+ *alldata[i] = data;
+ pthreads[i] =
+ PR_CreateThread(PR_USER_THREAD,
+ ThreadEntry,
+ (void *)alldata[i],
+ PR_PRIORITY_NORMAL,
+ PR_GLOBAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+ }
+
+ for (i = 0; i < threads; i++) {
+ tData *args = alldata[i];
+ PR_JoinThread(pthreads[i]);
+ total += args->iterations;
+ PR_Free((void *)args);
+ }
+
+ PR_Free((void *)pthreads);
+ PR_Free((void *)alldata);
+ endtime = PR_IntervalNow();
+
+ endtime = PR_IntervalNow();
+ elapsed = endtime - starttime;
+ msecs = PR_IntervalToMilliseconds(elapsed);
+ total /= msecs;
+ total *= 1000;
+ (void)fprintf(stdout, "%f operations per second.\n", total);
}
-
-static void finish(char* message, int code)
+static void
+finish(char *message, int code)
{
- (void) printf(message);
- exit(code);
+ (void)printf(message);
+ exit(code);
}
-static void usage(char* progname)
+static void
+usage(char *progname)
{
- (void) printf("Usage : %s <-d certStoreDirectory> <duration> <threads> "
- "<anchorNickname> <eecertNickname>\n\n", progname);
- finish("", 0);
+ (void)printf("Usage : %s <-d certStoreDirectory> <duration> <threads> "
+ "<anchorNickname> <eecertNickname>\n\n",
+ progname);
+ finish("", 0);
}
int
-libpkix_buildthreads(int argc, char** argv)
+libpkix_buildthreads(int argc, char **argv)
{
- CERTCertDBHandle *handle = NULL;
- CERTCertificate* eecert = NULL;
- PRIntervalTime duration = PR_SecondsToInterval(1);
- PRUint32 threads = 1;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- PKIX_Logger *logger = NULL;
- void *wincx = NULL;
-
- /* if (argc != 5) -- when TrustAnchor used to be on command line */
- if (argc != 4)
- {
- usage(argv[0]);
- }
- if (atoi(argv[1]) > 0)
- {
- duration = PR_SecondsToInterval(atoi(argv[1]));
- }
- if (atoi(argv[2]) > 0)
- {
- threads = atoi(argv[2]);
- }
-
- PKIX_PL_NssContext_Create(certificateUsageEmailSigner, PKIX_FALSE,
- NULL, &plContext);
-
- handle = CERT_GetDefaultCertDB();
- PR_ASSERT(handle);
+ CERTCertDBHandle *handle = NULL;
+ CERTCertificate *eecert = NULL;
+ PRIntervalTime duration = PR_SecondsToInterval(1);
+ PRUint32 threads = 1;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ PKIX_Logger *logger = NULL;
+ void *wincx = NULL;
+
+ /* if (argc != 5) -- when TrustAnchor used to be on command line */
+ if (argc != 4) {
+ usage(argv[0]);
+ }
+ if (atoi(argv[1]) > 0) {
+ duration = PR_SecondsToInterval(atoi(argv[1]));
+ }
+ if (atoi(argv[2]) > 0) {
+ threads = atoi(argv[2]);
+ }
+
+ PKIX_PL_NssContext_Create(certificateUsageEmailSigner, PKIX_FALSE,
+ NULL, &plContext);
+
+ handle = CERT_GetDefaultCertDB();
+ PR_ASSERT(handle);
#ifdef PKIX_LOGGER_ON
- /* set logger to log trace and up */
- PKIX_SetLoggers(NULL, plContext);
- PKIX_Logger_Create(loggerCallback, NULL, &logger, plContext);
- PKIX_Logger_SetMaxLoggingLevel
- (logger, PKIX_LOGGER_LEVEL_WARNING, plContext);
- PKIX_AddLogger(logger, plContext);
+ /* set logger to log trace and up */
+ PKIX_SetLoggers(NULL, plContext);
+ PKIX_Logger_Create(loggerCallback, NULL, &logger, plContext);
+ PKIX_Logger_SetMaxLoggingLevel(logger, PKIX_LOGGER_LEVEL_WARNING, plContext);
+ PKIX_AddLogger(logger, plContext);
#endif /* PKIX_LOGGER_ON */
- /*
+ /*
* This code is retired
* anchor = CERT_FindCertByNicknameOrEmailAddr(handle, argv[3]);
* if (!anchor) finish("Unable to find anchor.\n", 1);
*
* eecert = CERT_FindCertByNicknameOrEmailAddr(handle, argv[4]);
-
+
* if (!eecert) finish("Unable to find eecert.\n", 1);
*
* Test(anchor, eecert, duration, threads);
*/
- Test(NULL, argv[3], duration, handle, threads);
+ Test(NULL, argv[3], duration, handle, threads);
- PERF_DECREF(logger);
+ PERF_DECREF(logger);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/perf/nss_threads.c b/cmd/libpkix/perf/nss_threads.c
index eadf5f0ec..202f128b6 100644
--- a/cmd/libpkix/perf/nss_threads.c
+++ b/cmd/libpkix/perf/nss_threads.c
@@ -34,131 +34,125 @@ struct ThreadDataStr {
PRUint32 iterations;
};
-static void ThreadEntry(void* data)
+static void
+ThreadEntry(void* data)
{
- tData* tdata = (tData*) data;
- PRIntervalTime duration = tdata->duration;
- PRTime now = PR_Now();
- PRIntervalTime start = PR_IntervalNow();
-
- PR_ASSERT(duration);
- if (!duration)
- {
- return;
- }
- do {
- SECStatus rv = CERT_VerifyCertificate
- (CERT_GetDefaultCertDB(),
- tdata->cert,
- PR_TRUE,
- certificateUsageEmailSigner,
- now,
- NULL,
- NULL,
- NULL);
- if (rv != SECSuccess)
- {
- (void) fprintf(stderr, "Validation failed.\n");
- PORT_Assert(0);
- return;
- }
- tdata->iterations ++;
- } while ((PR_IntervalNow() - start) < duration);
+ tData* tdata = (tData*)data;
+ PRIntervalTime duration = tdata->duration;
+ PRTime now = PR_Now();
+ PRIntervalTime start = PR_IntervalNow();
+
+ PR_ASSERT(duration);
+ if (!duration) {
+ return;
+ }
+ do {
+ SECStatus rv = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
+ tdata->cert,
+ PR_TRUE,
+ certificateUsageEmailSigner,
+ now,
+ NULL,
+ NULL,
+ NULL);
+ if (rv != SECSuccess) {
+ (void)fprintf(stderr, "Validation failed.\n");
+ PORT_Assert(0);
+ return;
+ }
+ tdata->iterations++;
+ } while ((PR_IntervalNow() - start) < duration);
}
-static void Test(CERTCertificate* cert, PRIntervalTime duration, PRUint32 threads)
+static void
+Test(CERTCertificate* cert, PRIntervalTime duration, PRUint32 threads)
{
- tData data;
- tData** alldata;
- PRIntervalTime starttime, endtime, elapsed;
- PRUint32 msecs;
- float total = 0;
- PRThread** pthreads = NULL;
- PRUint32 i = 0;
-
- data.duration = duration;
- data.cert = cert;
- data.iterations = 0;
-
- starttime = PR_IntervalNow();
- pthreads = (PRThread**)PR_Malloc(threads*sizeof (PRThread*));
- alldata = (tData**)PR_Malloc(threads*sizeof (tData*));
- for (i = 0; i < threads; i++)
- {
- alldata[i] = (tData*)PR_Malloc(sizeof (tData));
- *alldata[i] = data;
- pthreads[i] =
- PR_CreateThread(PR_USER_THREAD,
- ThreadEntry,
- (void*) alldata[i],
- PR_PRIORITY_NORMAL,
- PR_GLOBAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
-
- }
- for (i = 0; i < threads; i++)
- {
- tData* args = alldata[i];
- PR_JoinThread(pthreads[i]);
- total += args->iterations;
- PR_Free((void*)args);
- }
- PR_Free((void*) pthreads);
- PR_Free((void*) alldata);
- endtime = PR_IntervalNow();
-
- endtime = PR_IntervalNow();
- elapsed = endtime - starttime;
- msecs = PR_IntervalToMilliseconds(elapsed);
- total /= msecs;
- total *= 1000;
- (void) fprintf(stdout, "%f operations per second.\n", total);
+ tData data;
+ tData** alldata;
+ PRIntervalTime starttime, endtime, elapsed;
+ PRUint32 msecs;
+ float total = 0;
+ PRThread** pthreads = NULL;
+ PRUint32 i = 0;
+
+ data.duration = duration;
+ data.cert = cert;
+ data.iterations = 0;
+
+ starttime = PR_IntervalNow();
+ pthreads = (PRThread**)PR_Malloc(threads * sizeof(PRThread*));
+ alldata = (tData**)PR_Malloc(threads * sizeof(tData*));
+ for (i = 0; i < threads; i++) {
+ alldata[i] = (tData*)PR_Malloc(sizeof(tData));
+ *alldata[i] = data;
+ pthreads[i] =
+ PR_CreateThread(PR_USER_THREAD,
+ ThreadEntry,
+ (void*)alldata[i],
+ PR_PRIORITY_NORMAL,
+ PR_GLOBAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+ }
+ for (i = 0; i < threads; i++) {
+ tData* args = alldata[i];
+ PR_JoinThread(pthreads[i]);
+ total += args->iterations;
+ PR_Free((void*)args);
+ }
+ PR_Free((void*)pthreads);
+ PR_Free((void*)alldata);
+ endtime = PR_IntervalNow();
+
+ endtime = PR_IntervalNow();
+ elapsed = endtime - starttime;
+ msecs = PR_IntervalToMilliseconds(elapsed);
+ total /= msecs;
+ total *= 1000;
+ (void)fprintf(stdout, "%f operations per second.\n", total);
}
-
-static void finish(char* message, int code)
+static void
+finish(char* message, int code)
{
- (void) printf(message);
- exit(code);
+ (void)printf(message);
+ exit(code);
}
-static void usage(char* progname)
+static void
+usage(char* progname)
{
- (void) printf("Usage : %s <duration> <threads> <certnickname>\n\n",
- progname);
- finish("", 0);
+ (void)printf("Usage : %s <duration> <threads> <certnickname>\n\n",
+ progname);
+ finish("", 0);
}
-int nss_threads(int argc, char** argv)
+int
+nss_threads(int argc, char** argv)
{
- SECStatus rv = SECSuccess;
- CERTCertDBHandle *handle = NULL;
- CERTCertificate* cert = NULL;
- PRIntervalTime duration = PR_SecondsToInterval(1);
- PRUint32 threads = 1;
- if (argc != 4)
- {
- usage(argv[0]);
- }
- if (atoi(argv[1]) > 0)
- {
- duration = PR_SecondsToInterval(atoi(argv[1]));
- }
- if (atoi(argv[2]) > 0)
- {
- threads = atoi(argv[2]);
- }
-
- handle = CERT_GetDefaultCertDB();
- PR_ASSERT(handle);
- cert = CERT_FindCertByNicknameOrEmailAddr(handle, argv[3]);
- if (!cert)
- {
- finish("Unable to find certificate.\n", 1);
- }
- Test(cert, duration, threads);
-
- CERT_DestroyCertificate(cert);
- return (0);
+ SECStatus rv = SECSuccess;
+ CERTCertDBHandle* handle = NULL;
+ CERTCertificate* cert = NULL;
+ PRIntervalTime duration = PR_SecondsToInterval(1);
+ PRUint32 threads = 1;
+ if (argc != 4) {
+ usage(argv[0]);
+ }
+ if (atoi(argv[1]) > 0) {
+ duration = PR_SecondsToInterval(atoi(argv[1]));
+ }
+ if (atoi(argv[2]) > 0) {
+ threads = atoi(argv[2]);
+ }
+
+ handle = CERT_GetDefaultCertDB();
+ PR_ASSERT(handle);
+ cert = CERT_FindCertByNicknameOrEmailAddr(handle, argv[3]);
+ if (!cert) {
+ finish("Unable to find certificate.\n", 1);
+ }
+ Test(cert, duration, threads);
+
+ CERT_DestroyCertificate(cert);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/certsel/test_certselector.c b/cmd/libpkix/pkix/certsel/test_certselector.c
index 70b10593a..cbe773779 100644
--- a/cmd/libpkix/pkix/certsel/test_certselector.c
+++ b/cmd/libpkix/pkix/certsel/test_certselector.c
@@ -25,23 +25,23 @@ static void *plContext = NULL;
*/
static char *certList[] = {
#define POLICY1CERT 0
- "GoodCACert.crt",
+ "GoodCACert.crt",
#define ANYPOLICYCERT 1
- "anyPolicyCACert.crt",
+ "anyPolicyCACert.crt",
#define POLICY2CERT 2
- "PoliciesP12CACert.crt",
+ "PoliciesP12CACert.crt",
#define SUBJECTCERT 3
- "PoliciesP3CACert.crt",
- "PoliciesP1234CACert.crt",
- "pathLenConstraint0CACert.crt",
- "pathLenConstraint1CACert.crt",
- "pathLenConstraint6CACert.crt",
- "TrustAnchorRootCertificate.crt",
- "GoodsubCACert.crt",
- "AnyPolicyTest14EE.crt",
- "UserNoticeQualifierTest16EE.crt"
- };
-#define NUMCERTS (sizeof (certList)/sizeof (certList[0]))
+ "PoliciesP3CACert.crt",
+ "PoliciesP1234CACert.crt",
+ "pathLenConstraint0CACert.crt",
+ "pathLenConstraint1CACert.crt",
+ "pathLenConstraint6CACert.crt",
+ "TrustAnchorRootCertificate.crt",
+ "GoodsubCACert.crt",
+ "AnyPolicyTest14EE.crt",
+ "UserNoticeQualifierTest16EE.crt"
+};
+#define NUMCERTS (sizeof(certList) / sizeof(certList[0]))
/*
* Following are Certs values for NameConstraints tests
@@ -81,21 +81,21 @@ static char *certList[] = {
*
*/
static char *ncCertList[] = {
- "nameConstraintsDN1subCA1Cert.crt",
- "nameConstraintsDN3subCA2Cert.crt",
- "nameConstraintsDN2CACert.crt",
- "nameConstraintsDN3subCA1Cert.crt",
- "nameConstraintsDN4CACert.crt",
- "nameConstraintsDN5CACert.crt",
- "ValidDNnameConstraintsTest1EE.crt"
+ "nameConstraintsDN1subCA1Cert.crt",
+ "nameConstraintsDN3subCA2Cert.crt",
+ "nameConstraintsDN2CACert.crt",
+ "nameConstraintsDN3subCA1Cert.crt",
+ "nameConstraintsDN4CACert.crt",
+ "nameConstraintsDN5CACert.crt",
+ "ValidDNnameConstraintsTest1EE.crt"
};
-#define NUMNCCERTS (sizeof (ncCertList)/sizeof (ncCertList[0]))
+#define NUMNCCERTS (sizeof(ncCertList) / sizeof(ncCertList[0]))
static char *sanCertList[] = {
- "InvalidDNnameConstraintsTest3EE.crt",
- "InvalidDNSnameConstraintsTest38EE.crt"
+ "InvalidDNnameConstraintsTest3EE.crt",
+ "InvalidDNSnameConstraintsTest38EE.crt"
};
-#define NUMSANCERTS (sizeof (sanCertList)/sizeof (sanCertList[0]))
+#define NUMSANCERTS (sizeof(sanCertList) / sizeof(sanCertList[0]))
/*
* This function calls the CertSelector pointed to by "selector" for each
@@ -108,58 +108,55 @@ static char *sanCertList[] = {
* (For example, if you expect every cert to pass, "expectedResult" can be
* set to 0xFFFFFFFF, even if the chain has fewer than 32 certs.)
*/
-static
-void testSelector(
- PKIX_CertSelector *selector,
- PKIX_List *certs,
- PKIX_UInt32 expectedResults)
+static void
+testSelector(
+ PKIX_CertSelector *selector,
+ PKIX_List *certs,
+ PKIX_UInt32 expectedResults)
{
- PKIX_UInt32 i = 0;
- PKIX_UInt32 numCerts = 0;
- PKIX_PL_Cert *cert = NULL;
- PKIX_CertSelector_MatchCallback callback = NULL;
- PKIX_Error *errReturn = NULL;
- PKIX_Boolean result = PKIX_TRUE;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback
- (selector, &callback, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certs, &numCerts, plContext));
- if (numCerts > 32) {
- numCerts = 32;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 numCerts = 0;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_CertSelector_MatchCallback callback = NULL;
+ PKIX_Error *errReturn = NULL;
+ PKIX_Boolean result = PKIX_TRUE;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(selector, &callback, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+ if (numCerts > 32) {
+ numCerts = 32;
+ }
+
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext));
+ errReturn = callback(selector, cert, &result, plContext);
+
+ if (errReturn || result == PKIX_FALSE) {
+ if ((expectedResults & 1) == 1) {
+ testError("selector unexpectedly failed");
+ (void)printf(" processing cert:\t%d\n", i);
+ }
+ } else {
+ if ((expectedResults & 1) == 0) {
+ testError("selector unexpectedly passed");
+ (void)printf(" processing cert:\t%d\n", i);
+ }
}
- for (i = 0; i < numCerts; i++) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certs, i, (PKIX_PL_Object **)&cert, plContext));
- errReturn = callback(selector, cert, &result, plContext);
-
- if (errReturn || result == PKIX_FALSE) {
- if ((expectedResults & 1) == 1) {
- testError("selector unexpectedly failed");
- (void) printf(" processing cert:\t%d\n", i);
- }
- } else {
- if ((expectedResults & 1) == 0) {
- testError("selector unexpectedly passed");
- (void) printf(" processing cert:\t%d\n", i);
- }
- }
-
- expectedResults = expectedResults >> 1;
- PKIX_TEST_DECREF_BC(cert);
- PKIX_TEST_DECREF_BC(errReturn);
- }
+ expectedResults = expectedResults >> 1;
+ PKIX_TEST_DECREF_BC(cert);
+ PKIX_TEST_DECREF_BC(errReturn);
+ }
cleanup:
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(errReturn);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(errReturn);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/*
@@ -167,46 +164,43 @@ cleanup:
* to the index provided by "index", creates an immutable List containing the
* OID of that policy, and stores the result at "pPolicyList".
*/
-static void testGetPolicyFromCert(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 index,
- PKIX_List **pPolicyList)
+static void
+testGetPolicyFromCert(
+ PKIX_PL_Cert *cert,
+ PKIX_UInt32 index,
+ PKIX_List **pPolicyList)
{
- PKIX_List *policyInfo = NULL;
- PKIX_PL_CertPolicyInfo *firstPolicy = NULL;
- PKIX_PL_OID *policyOID = NULL;
- PKIX_List *list = NULL;
+ PKIX_List *policyInfo = NULL;
+ PKIX_PL_CertPolicyInfo *firstPolicy = NULL;
+ PKIX_PL_OID *policyOID = NULL;
+ PKIX_List *list = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (cert, &policyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &policyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (policyInfo,
- index,
- (PKIX_PL_Object **)&firstPolicy,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(policyInfo,
+ index,
+ (PKIX_PL_Object **)&firstPolicy,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId
- (firstPolicy, &policyOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(firstPolicy, &policyOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (list, (PKIX_PL_Object *)policyOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)policyOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(list, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(list, plContext));
- *pPolicyList = list;
+ *pPolicyList = list;
cleanup:
- PKIX_TEST_DECREF_AC(policyInfo);
- PKIX_TEST_DECREF_AC(firstPolicy);
- PKIX_TEST_DECREF_AC(policyOID);
+ PKIX_TEST_DECREF_AC(policyInfo);
+ PKIX_TEST_DECREF_AC(firstPolicy);
+ PKIX_TEST_DECREF_AC(policyOID);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/*
@@ -216,63 +210,56 @@ cleanup:
*/
static PKIX_Error *
custom_CertSelector_MatchCallback(
- PKIX_CertSelector *selector,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
+ PKIX_CertSelector *selector,
+ PKIX_PL_Cert *cert,
+ PKIX_Boolean *pResult,
+ void *plContext)
{
- PKIX_UInt32 i = 0;
- PKIX_UInt32 numPolicies = 0;
- PKIX_List *certPolicies = NULL;
- PKIX_List *quals = NULL;
- PKIX_PL_CertPolicyInfo *policy = NULL;
- PKIX_Error *error = NULL;
-
- PKIX_TEST_STD_VARS();
-
- *pResult = PKIX_TRUE;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (cert, &certPolicies, plContext));
-
- if (certPolicies) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certPolicies, &numPolicies, plContext));
-
- for (i = 0; i < numPolicies; i++) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certPolicies,
- i,
- (PKIX_PL_Object **)&policy,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (policy, &quals, plContext));
- if (quals) {
- goto cleanup;
- }
- PKIX_TEST_DECREF_BC(policy);
- }
- PKIX_TEST_DECREF_BC(certPolicies);
- *pResult = PKIX_FALSE;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
- (PKIX_CERTSELECTOR_ERROR,
- NULL,
- NULL,
- PKIX_TESTPOLICYEXTWITHNOPOLICYQUALIFIERS,
- &error,
- plContext));
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 numPolicies = 0;
+ PKIX_List *certPolicies = NULL;
+ PKIX_List *quals = NULL;
+ PKIX_PL_CertPolicyInfo *policy = NULL;
+ PKIX_Error *error = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ *pResult = PKIX_TRUE;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &certPolicies, plContext));
+
+ if (certPolicies) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicies, &numPolicies, plContext));
+ for (i = 0; i < numPolicies; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicies,
+ i,
+ (PKIX_PL_Object **)&policy,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(policy, &quals, plContext));
+ if (quals) {
+ goto cleanup;
+ }
+ PKIX_TEST_DECREF_BC(policy);
}
+ PKIX_TEST_DECREF_BC(certPolicies);
+ *pResult = PKIX_FALSE;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_CERTSELECTOR_ERROR,
+ NULL,
+ NULL,
+ PKIX_TESTPOLICYEXTWITHNOPOLICYQUALIFIERS,
+ &error,
+ plContext));
+ }
cleanup:
- PKIX_TEST_DECREF_AC(certPolicies);
- PKIX_TEST_DECREF_AC(policy);
- PKIX_TEST_DECREF_AC(quals);
+ PKIX_TEST_DECREF_AC(certPolicies);
+ PKIX_TEST_DECREF_AC(policy);
+ PKIX_TEST_DECREF_AC(quals);
- return(error);
+ return (error);
}
/*
@@ -282,1678 +269,1415 @@ cleanup:
*/
static PKIX_Error *
custom_CertSelector_MatchOIDCallback(
- PKIX_CertSelector *selector,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
+ PKIX_CertSelector *selector,
+ PKIX_PL_Cert *cert,
+ PKIX_Boolean *pResult,
+ void *plContext)
{
- PKIX_UInt32 i = 0;
- PKIX_UInt32 numPolicies = 0;
- PKIX_Boolean match = PKIX_FALSE;
- PKIX_PL_Object *certSelectorContext = NULL;
- PKIX_PL_OID *constraintOID = NULL;
- PKIX_List *certPolicies = NULL;
- PKIX_PL_CertPolicyInfo *policy = NULL;
- PKIX_PL_OID *policyOID = NULL;
- PKIX_PL_String *errorDesc = NULL;
- PKIX_Error *error = NULL;
-
- PKIX_TEST_STD_VARS();
-
- *pResult = PKIX_TRUE;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCertSelectorContext
- (selector, &certSelectorContext, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType
- (certSelectorContext, PKIX_OID_TYPE, plContext));
-
- constraintOID = (PKIX_PL_OID *)certSelectorContext;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (cert, &certPolicies, plContext));
-
- if (certPolicies) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certPolicies, &numPolicies, plContext));
-
- for (i = 0; i < numPolicies; i++) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certPolicies,
- i,
- (PKIX_PL_Object **)&policy,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_CertPolicyInfo_GetPolicyId
- (policy, &policyOID, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)policyOID,
- (PKIX_PL_Object *)constraintOID,
- &match,
- plContext));
-
- if (match) {
- goto cleanup;
- }
- PKIX_TEST_DECREF_BC(policy);
- PKIX_TEST_DECREF_BC(policyOID);
- }
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 numPolicies = 0;
+ PKIX_Boolean match = PKIX_FALSE;
+ PKIX_PL_Object *certSelectorContext = NULL;
+ PKIX_PL_OID *constraintOID = NULL;
+ PKIX_List *certPolicies = NULL;
+ PKIX_PL_CertPolicyInfo *policy = NULL;
+ PKIX_PL_OID *policyOID = NULL;
+ PKIX_PL_String *errorDesc = NULL;
+ PKIX_Error *error = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ *pResult = PKIX_TRUE;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCertSelectorContext(selector, &certSelectorContext, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType(certSelectorContext, PKIX_OID_TYPE, plContext));
+
+ constraintOID = (PKIX_PL_OID *)certSelectorContext;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &certPolicies, plContext));
+
+ if (certPolicies) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicies, &numPolicies, plContext));
+
+ for (i = 0; i < numPolicies; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicies,
+ i,
+ (PKIX_PL_Object **)&policy,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(policy, &policyOID, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)policyOID,
+ (PKIX_PL_Object *)constraintOID,
+ &match,
+ plContext));
+
+ if (match) {
+ goto cleanup;
+ }
+ PKIX_TEST_DECREF_BC(policy);
+ PKIX_TEST_DECREF_BC(policyOID);
}
+ }
- PKIX_TEST_DECREF_BC(certSelectorContext);
- PKIX_TEST_DECREF_BC(certPolicies);
+ PKIX_TEST_DECREF_BC(certSelectorContext);
+ PKIX_TEST_DECREF_BC(certPolicies);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
- (PKIX_CERTSELECTOR_ERROR,
- NULL,
- NULL,
- PKIX_TESTNOMATCHINGPOLICY,
- &error,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_CERTSELECTOR_ERROR,
+ NULL,
+ NULL,
+ PKIX_TESTNOMATCHINGPOLICY,
+ &error,
+ plContext));
cleanup:
- PKIX_TEST_DECREF_AC(certSelectorContext);
- PKIX_TEST_DECREF_AC(certPolicies);
- PKIX_TEST_DECREF_AC(policy);
- PKIX_TEST_DECREF_AC(policyOID);
- PKIX_TEST_DECREF_AC(errorDesc);
+ PKIX_TEST_DECREF_AC(certSelectorContext);
+ PKIX_TEST_DECREF_AC(certPolicies);
+ PKIX_TEST_DECREF_AC(policy);
+ PKIX_TEST_DECREF_AC(policyOID);
+ PKIX_TEST_DECREF_AC(errorDesc);
- return(error);
+ return (error);
}
-static
-void testSubjectMatch(
- PKIX_List *certs,
- PKIX_PL_Cert *certNameToMatch)
+static void
+testSubjectMatch(
+ PKIX_List *certs,
+ PKIX_PL_Cert *certNameToMatch)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *subjParams = NULL;
- PKIX_PL_X500Name *subjectName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("Subject name match");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&subjParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject
- (certNameToMatch, &subjectName, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject
- (subjParams, subjectName, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, subjParams, plContext));
- testSelector(selector, certs, 0x008);
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *subjParams = NULL;
+ PKIX_PL_X500Name *subjectName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("Subject name match");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&subjParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(certNameToMatch, &subjectName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(subjParams, subjectName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, subjParams, plContext));
+ testSelector(selector, certs, 0x008);
cleanup:
- PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_DECREF_AC(subjParams);
- PKIX_TEST_DECREF_AC(subjectName);
+ PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(subjParams);
+ PKIX_TEST_DECREF_AC(subjectName);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testBasicConstraintsMatch(
- PKIX_List *certs)
+static void
+testBasicConstraintsMatch(
+ PKIX_List *certs)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *bcParams = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("Basic Constraints match");
- subTest(" pathLenContraint = -2: pass only EE's");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&bcParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetBasicConstraints
- (bcParams, -2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, bcParams, plContext));
- testSelector(selector, certs, 0xC00);
-
- subTest(" pathLenContraint = -1: pass all certs");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetBasicConstraints
- (bcParams, -1, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, bcParams, plContext));
- testSelector(selector, certs, 0xFFF);
-
- subTest(" pathLenContraint = 1: pass only certs with pathLen >= 1");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetBasicConstraints
- (bcParams, 1, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, bcParams, plContext));
- testSelector(selector, certs, 0x3DF);
-
- subTest(" pathLenContraint = 2: pass only certs with pathLen >= 2");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetBasicConstraints
- (bcParams, 2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, bcParams, plContext));
- testSelector(selector, certs, 0x39F);
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *bcParams = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("Basic Constraints match");
+ subTest(" pathLenContraint = -2: pass only EE's");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&bcParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, -2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext));
+ testSelector(selector, certs, 0xC00);
+
+ subTest(" pathLenContraint = -1: pass all certs");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, -1, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext));
+ testSelector(selector, certs, 0xFFF);
+
+ subTest(" pathLenContraint = 1: pass only certs with pathLen >= 1");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, 1, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext));
+ testSelector(selector, certs, 0x3DF);
+
+ subTest(" pathLenContraint = 2: pass only certs with pathLen >= 2");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, 2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext));
+ testSelector(selector, certs, 0x39F);
cleanup:
- PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_DECREF_AC(bcParams);
+ PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(bcParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testPolicyMatch(
- PKIX_List *certs,
- PKIX_PL_Cert *NIST1Cert, /* a source for policy NIST1 */
- PKIX_PL_Cert *NIST2Cert, /* a source for policy NIST2 */
- PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */
+static void testPolicyMatch(
+ PKIX_List *certs,
+ PKIX_PL_Cert *NIST1Cert, /* a source for policy NIST1 */
+ PKIX_PL_Cert *NIST2Cert, /* a source for policy NIST2 */
+ PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */
{
- PKIX_CertSelector *selector = NULL;
- PKIX_List *emptyList = NULL; /* no members */
- PKIX_List *policy1List = NULL; /* OIDs */
- PKIX_List *policy2List = NULL; /* OIDs */
- PKIX_List *anyPolicyList = NULL; /* OIDs */
- PKIX_ComCertSelParams *polParams = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("Policy match");
- testGetPolicyFromCert(NIST1Cert, 0, &policy1List);
- testGetPolicyFromCert(NIST2Cert, 1, &policy2List);
- testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList);
-
- subTest(" Pass certs with any CertificatePolicies extension");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&polParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetPolicy
- (polParams, emptyList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, polParams, plContext));
- testSelector(selector, certs, 0xEFF);
- PKIX_TEST_DECREF_BC(polParams);
-
- subTest(" Pass only certs with policy NIST1");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&polParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetPolicy
- (polParams, policy1List, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, polParams, plContext));
- testSelector(selector, certs, 0xEF5);
- PKIX_TEST_DECREF_BC(polParams);
-
- subTest(" Pass only certs with policy NIST2");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&polParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetPolicy
- (polParams, policy2List, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, polParams, plContext));
- testSelector(selector, certs, 0x814);
- PKIX_TEST_DECREF_BC(polParams);
-
- subTest(" Pass only certs with policy anyPolicy");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&polParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetPolicy
- (polParams, anyPolicyList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, polParams, plContext));
- testSelector(selector, certs, 0x002);
+ PKIX_CertSelector *selector = NULL;
+ PKIX_List *emptyList = NULL; /* no members */
+ PKIX_List *policy1List = NULL; /* OIDs */
+ PKIX_List *policy2List = NULL; /* OIDs */
+ PKIX_List *anyPolicyList = NULL; /* OIDs */
+ PKIX_ComCertSelParams *polParams = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("Policy match");
+ testGetPolicyFromCert(NIST1Cert, 0, &policy1List);
+ testGetPolicyFromCert(NIST2Cert, 1, &policy2List);
+ testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList);
+
+ subTest(" Pass certs with any CertificatePolicies extension");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, emptyList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext));
+ testSelector(selector, certs, 0xEFF);
+ PKIX_TEST_DECREF_BC(polParams);
+
+ subTest(" Pass only certs with policy NIST1");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, policy1List, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext));
+ testSelector(selector, certs, 0xEF5);
+ PKIX_TEST_DECREF_BC(polParams);
+
+ subTest(" Pass only certs with policy NIST2");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, policy2List, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext));
+ testSelector(selector, certs, 0x814);
+ PKIX_TEST_DECREF_BC(polParams);
+
+ subTest(" Pass only certs with policy anyPolicy");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, anyPolicyList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext));
+ testSelector(selector, certs, 0x002);
cleanup:
- PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_DECREF_AC(emptyList);
- PKIX_TEST_DECREF_AC(policy1List);
- PKIX_TEST_DECREF_AC(policy2List);
- PKIX_TEST_DECREF_AC(anyPolicyList);
- PKIX_TEST_DECREF_AC(polParams);
+ PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(emptyList);
+ PKIX_TEST_DECREF_AC(policy1List);
+ PKIX_TEST_DECREF_AC(policy2List);
+ PKIX_TEST_DECREF_AC(anyPolicyList);
+ PKIX_TEST_DECREF_AC(polParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testCertificateMatch(
- PKIX_List *certs,
- PKIX_PL_Cert *certToMatch)
+static void
+testCertificateMatch(
+ PKIX_List *certs,
+ PKIX_PL_Cert *certToMatch)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *params = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("Certificate match");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&params, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate
- (params, certToMatch, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
- testSelector(selector, certs, 0x008);
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *params = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("Certificate match");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(params, certToMatch, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+ testSelector(selector, certs, 0x008);
cleanup:
- PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_DECREF_AC(params);
+ PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(params);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testNameConstraintsMatch(PKIX_List *certs)
+static void
+testNameConstraintsMatch(PKIX_List *certs)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *params = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_CertNameConstraints *permitNameConstraints1 = NULL;
- PKIX_PL_CertNameConstraints *permitNameConstraints2 = NULL;
- PKIX_PL_CertNameConstraints *permitNameConstraints3 = NULL;
- PKIX_PL_CertNameConstraints *excludeNameConstraints1 = NULL;
- PKIX_PL_CertNameConstraints *excludeNameConstraints2 = NULL;
- PKIX_PL_CertNameConstraints *excludeNameConstraints3 = NULL;
- PKIX_UInt32 numCerts = 0;
-
- PKIX_TEST_STD_VARS();
-
- subTest("test NameConstraints Cert Selector");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certs, &numCerts, plContext));
-
- subTest(" PKIX_PL_Cert_GetNameConstraints <cert0-permitted>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certs, 0, (PKIX_PL_Object **)&cert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (cert, &permitNameConstraints1, plContext));
- PKIX_TEST_DECREF_BC(cert);
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *params = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_CertNameConstraints *permitNameConstraints1 = NULL;
+ PKIX_PL_CertNameConstraints *permitNameConstraints2 = NULL;
+ PKIX_PL_CertNameConstraints *permitNameConstraints3 = NULL;
+ PKIX_PL_CertNameConstraints *excludeNameConstraints1 = NULL;
+ PKIX_PL_CertNameConstraints *excludeNameConstraints2 = NULL;
+ PKIX_PL_CertNameConstraints *excludeNameConstraints3 = NULL;
+ PKIX_UInt32 numCerts = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("test NameConstraints Cert Selector");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+ subTest(" PKIX_PL_Cert_GetNameConstraints <cert0-permitted>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 0, (PKIX_PL_Object **)&cert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints1, plContext));
+ PKIX_TEST_DECREF_BC(cert);
+
+ subTest(" PKIX_PL_Cert_GetNameConstraints <cert1-permitted>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 1, (PKIX_PL_Object **)&cert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints2, plContext));
+ PKIX_TEST_DECREF_BC(cert);
+
+ subTest(" PKIX_PL_Cert_GetNameConstraints <cert2-permitted>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 2, (PKIX_PL_Object **)&cert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints3, plContext));
+ PKIX_TEST_DECREF_BC(cert);
+
+ subTest(" PKIX_PL_Cert_GetNameConstraints <cert3-excluded>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 3, (PKIX_PL_Object **)&cert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints1, plContext));
+ PKIX_TEST_DECREF_BC(cert);
+
+ subTest(" PKIX_PL_Cert_GetNameConstraints <cert4-excluded>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 4, (PKIX_PL_Object **)&cert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints2, plContext));
+ PKIX_TEST_DECREF_BC(cert);
+
+ subTest(" PKIX_PL_Cert_GetNameConstraints <cert5-excluded>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 5, (PKIX_PL_Object **)&cert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints3, plContext));
+ PKIX_TEST_DECREF_BC(cert);
+
+ subTest(" Create Selector and ComCertSelParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+ subTest(" CertNameConstraints testing permitted NONE");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints1, plContext));
+ testSelector(selector, certs, 0x0);
+
+ subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, NULL, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+ subTest(" CertNameConstraints testing permitted ALL");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints2, plContext));
+ testSelector(selector, certs, 0x07F);
+
+ subTest(" CertNameConstraints testing permitted TWO");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints3, plContext));
+ testSelector(selector, certs, 0x0041);
+
+ subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, NULL, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+ subTest(" CertNameConstraints testing excluded");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints1, plContext));
+ testSelector(selector, certs, 0x07F);
+
+ subTest(" CertNameConstraints testing excluded");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints2, plContext));
+ testSelector(selector, certs, 0x07F);
+
+ subTest(" CertNameConstraints testing excluded");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints3, plContext));
+ testSelector(selector, certs, 0x41);
- subTest(" PKIX_PL_Cert_GetNameConstraints <cert1-permitted>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certs, 1, (PKIX_PL_Object **)&cert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (cert, &permitNameConstraints2, plContext));
- PKIX_TEST_DECREF_BC(cert);
+cleanup:
- subTest(" PKIX_PL_Cert_GetNameConstraints <cert2-permitted>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certs, 2, (PKIX_PL_Object **)&cert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (cert, &permitNameConstraints3, plContext));
- PKIX_TEST_DECREF_BC(cert);
+ PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(params);
+ PKIX_TEST_DECREF_AC(permitNameConstraints1);
+ PKIX_TEST_DECREF_AC(permitNameConstraints2);
+ PKIX_TEST_DECREF_AC(permitNameConstraints3);
+ PKIX_TEST_DECREF_AC(excludeNameConstraints1);
+ PKIX_TEST_DECREF_AC(excludeNameConstraints2);
+ PKIX_TEST_DECREF_AC(excludeNameConstraints3);
- subTest(" PKIX_PL_Cert_GetNameConstraints <cert3-excluded>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certs, 3, (PKIX_PL_Object **)&cert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (cert, &excludeNameConstraints1, plContext));
- PKIX_TEST_DECREF_BC(cert);
+ PKIX_TEST_RETURN();
+}
- subTest(" PKIX_PL_Cert_GetNameConstraints <cert4-excluded>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certs, 4, (PKIX_PL_Object **)&cert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (cert, &excludeNameConstraints2, plContext));
- PKIX_TEST_DECREF_BC(cert);
+static void
+testPathToNamesMatch(PKIX_List *certs)
+{
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *params = NULL;
+ PKIX_List *nameList = NULL;
+ PKIX_PL_GeneralName *name = NULL;
- subTest(" PKIX_PL_Cert_GetNameConstraints <cert5-excluded>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certs, 5, (PKIX_PL_Object **)&cert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (cert, &excludeNameConstraints3, plContext));
- PKIX_TEST_DECREF_BC(cert);
+ PKIX_TEST_STD_VARS();
- subTest(" Create Selector and ComCertSelParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&params, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
-
- subTest(" CertNameConstraints testing permitted NONE");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints
- (params, permitNameConstraints1, plContext));
- testSelector(selector, certs, 0x0);
-
- subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints
- (params, NULL, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
-
- subTest(" CertNameConstraints testing permitted ALL");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints
- (params, permitNameConstraints2, plContext));
- testSelector(selector, certs, 0x07F);
-
- subTest(" CertNameConstraints testing permitted TWO");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints
- (params, permitNameConstraints3, plContext));
- testSelector(selector, certs, 0x0041);
-
- subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints
- (params, NULL, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
-
- subTest(" CertNameConstraints testing excluded");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints
- (params, excludeNameConstraints1, plContext));
- testSelector(selector, certs, 0x07F);
-
- subTest(" CertNameConstraints testing excluded");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints
- (params, excludeNameConstraints2, plContext));
- testSelector(selector, certs, 0x07F);
-
- subTest(" CertNameConstraints testing excluded");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints
- (params, excludeNameConstraints3, plContext));
- testSelector(selector, certs, 0x41);
+ subTest("test PathToName Cert Selector");
-cleanup:
+ subTest(" PKIX_PL_GeneralName List create");
- PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_DECREF_AC(params);
- PKIX_TEST_DECREF_AC(permitNameConstraints1);
- PKIX_TEST_DECREF_AC(permitNameConstraints2);
- PKIX_TEST_DECREF_AC(permitNameConstraints3);
- PKIX_TEST_DECREF_AC(excludeNameConstraints1);
- PKIX_TEST_DECREF_AC(excludeNameConstraints2);
- PKIX_TEST_DECREF_AC(excludeNameConstraints3);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext));
- PKIX_TEST_RETURN();
-}
+ subTest(" Add directory name <O=NotATest Certificates,C=US>");
+ name = createGeneralName(PKIX_DIRECTORY_NAME,
+ "O=NotATest Certificates,C=US",
+ plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
-static
-void testPathToNamesMatch(PKIX_List *certs)
-{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *params = NULL;
- PKIX_List *nameList = NULL;
- PKIX_PL_GeneralName *name = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("test PathToName Cert Selector");
-
- subTest(" PKIX_PL_GeneralName List create");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext));
-
- subTest(" Add directory name <O=NotATest Certificates,C=US>");
- name = createGeneralName
- (PKIX_DIRECTORY_NAME,
- "O=NotATest Certificates,C=US",
- plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (nameList, (PKIX_PL_Object *)name, plContext));
-
- subTest(" Create Selector and ComCertSelParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&params, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
-
- subTest(" PKIX_ComCertSelParams_SetPathToNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames
- (params, nameList, plContext));
-
- subTest(" Permitting THREE");
- testSelector(selector, certs, 0x58);
-
- subTest(" Remove directory name <O=NotATest Certificates,C=US...>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem
- (nameList, 0, plContext));
- PKIX_TEST_DECREF_BC(name);
-
- subTest(" PKIX_ComCertSelParams_SetPathToNames Reset");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames
- (params, NULL, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
-
- subTest(" Add directory name <OU=permittedSubtree1,O=Test...>");
- name = createGeneralName
- (PKIX_DIRECTORY_NAME,
- "OU=permittedSubtree1,O=Test Certificates,C=US",
- plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (nameList, (PKIX_PL_Object *)name, plContext));
-
- subTest(" PKIX_ComCertSelParams_SetPathToNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames
- (params, nameList, plContext));
-
- subTest(" Permitting SIX");
- testSelector(selector, certs, 0x5F);
-
- subTest(" Remove directory name <OU=permittedSubtree1,O=Test...>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem
- (nameList, 0, plContext));
- PKIX_TEST_DECREF_BC(name);
-
- subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames
- (params, NULL, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
-
- subTest(" Add directory name <O=Test Certificates,C=US...>");
- name = createGeneralName
- (PKIX_DIRECTORY_NAME,
- "O=Test Certificates,C=US",
- plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (nameList, (PKIX_PL_Object *)name, plContext));
- PKIX_TEST_DECREF_BC(name);
-
- subTest(" PKIX_ComCertSelParams_SetPathToNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames
- (params, nameList, plContext));
-
- subTest(" Permitting FOUR");
- testSelector(selector, certs, 0x47);
-
- subTest(" Only directory name <OU=permittedSubtree1,O=Test ...>");
- name = createGeneralName
- (PKIX_DIRECTORY_NAME,
- "OU=permittedSubtree1,O=Test Certificates,C=US",
- plContext);
-
- subTest(" PKIX_ComCertSelParams_AddPathToName");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName
- (params, name, plContext));
- PKIX_TEST_DECREF_BC(name);
-
- subTest(" Permitting FOUR");
- testSelector(selector, certs, 0x47);
-
- subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames
- (params, NULL, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
- PKIX_TEST_DECREF_BC(nameList);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext));
-
- subTest(" Add directory name <CN=Valid DN nameConstraints EE...>");
- name = createGeneralName
- (PKIX_DIRECTORY_NAME, "CN=Valid DN nameConstraints EE "
- "Certificate Test1,OU=permittedSubtree1,"
- "O=Test Certificates,C=US",
- plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (nameList, (PKIX_PL_Object *)name, plContext));
- PKIX_TEST_DECREF_BC(name);
-
- subTest(" PKIX_ComCertSelParams_SetPathToNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames
- (params, nameList, plContext));
-
- subTest(" Permitting SIX");
- testSelector(selector, certs, 0x7e);
-
- subTest(" Add directory name <OU=permittedSubtree1,O=Test>");
- name = createGeneralName
- (PKIX_DIRECTORY_NAME,
- "OU=permittedSubtree1,O=Test",
- plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (nameList, (PKIX_PL_Object *)name, plContext));
- PKIX_TEST_DECREF_BC(name);
-
- subTest(" PKIX_ComCertSelParams_SetPathToNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames
- (params, nameList, plContext));
-
- subTest(" Permitting SIX");
- testSelector(selector, certs, 0x58);
-
- subTest(" Add directory name <O=Test Certificates,C=US>");
- name = createGeneralName
- (PKIX_DIRECTORY_NAME, "O=Test Certificates,C=US", plContext);
-
- subTest(" PKIX_ComCertSelParams_SetPathToNames Reset");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames
- (params, NULL, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName
- (params, name, plContext));
- PKIX_TEST_DECREF_BC(name);
-
- subTest(" Permitting FOUR");
- testSelector(selector, certs, 0x47);
+ subTest(" Create Selector and ComCertSelParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+ subTest(" PKIX_ComCertSelParams_SetPathToNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext));
+
+ subTest(" Permitting THREE");
+ testSelector(selector, certs, 0x58);
+
+ subTest(" Remove directory name <O=NotATest Certificates,C=US...>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(nameList, 0, plContext));
+ PKIX_TEST_DECREF_BC(name);
+
+ subTest(" PKIX_ComCertSelParams_SetPathToNames Reset");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+ subTest(" Add directory name <OU=permittedSubtree1,O=Test...>");
+ name = createGeneralName(PKIX_DIRECTORY_NAME,
+ "OU=permittedSubtree1,O=Test Certificates,C=US",
+ plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
+
+ subTest(" PKIX_ComCertSelParams_SetPathToNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext));
+
+ subTest(" Permitting SIX");
+ testSelector(selector, certs, 0x5F);
+
+ subTest(" Remove directory name <OU=permittedSubtree1,O=Test...>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(nameList, 0, plContext));
+ PKIX_TEST_DECREF_BC(name);
+
+ subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+ subTest(" Add directory name <O=Test Certificates,C=US...>");
+ name = createGeneralName(PKIX_DIRECTORY_NAME,
+ "O=Test Certificates,C=US",
+ plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
+ PKIX_TEST_DECREF_BC(name);
+
+ subTest(" PKIX_ComCertSelParams_SetPathToNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext));
+
+ subTest(" Permitting FOUR");
+ testSelector(selector, certs, 0x47);
+
+ subTest(" Only directory name <OU=permittedSubtree1,O=Test ...>");
+ name = createGeneralName(PKIX_DIRECTORY_NAME,
+ "OU=permittedSubtree1,O=Test Certificates,C=US",
+ plContext);
+
+ subTest(" PKIX_ComCertSelParams_AddPathToName");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(params, name, plContext));
+ PKIX_TEST_DECREF_BC(name);
+
+ subTest(" Permitting FOUR");
+ testSelector(selector, certs, 0x47);
+
+ subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+ PKIX_TEST_DECREF_BC(nameList);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext));
+
+ subTest(" Add directory name <CN=Valid DN nameConstraints EE...>");
+ name = createGeneralName(PKIX_DIRECTORY_NAME, "CN=Valid DN nameConstraints EE "
+ "Certificate Test1,OU=permittedSubtree1,"
+ "O=Test Certificates,C=US",
+ plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
+ PKIX_TEST_DECREF_BC(name);
+
+ subTest(" PKIX_ComCertSelParams_SetPathToNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext));
+
+ subTest(" Permitting SIX");
+ testSelector(selector, certs, 0x7e);
+
+ subTest(" Add directory name <OU=permittedSubtree1,O=Test>");
+ name = createGeneralName(PKIX_DIRECTORY_NAME,
+ "OU=permittedSubtree1,O=Test",
+ plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
+ PKIX_TEST_DECREF_BC(name);
+
+ subTest(" PKIX_ComCertSelParams_SetPathToNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext));
+
+ subTest(" Permitting SIX");
+ testSelector(selector, certs, 0x58);
+
+ subTest(" Add directory name <O=Test Certificates,C=US>");
+ name = createGeneralName(PKIX_DIRECTORY_NAME, "O=Test Certificates,C=US", plContext);
+
+ subTest(" PKIX_ComCertSelParams_SetPathToNames Reset");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(params, name, plContext));
+ PKIX_TEST_DECREF_BC(name);
+
+ subTest(" Permitting FOUR");
+ testSelector(selector, certs, 0x47);
cleanup:
- PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_DECREF_AC(params);
- PKIX_TEST_DECREF_AC(nameList);
+ PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(params);
+ PKIX_TEST_DECREF_AC(nameList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testSubjAltNamesMatch(PKIX_List *certs)
+static void
+testSubjAltNamesMatch(PKIX_List *certs)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *params = NULL;
- PKIX_List *nameList = NULL;
- PKIX_PL_GeneralName *name = NULL;
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *params = NULL;
+ PKIX_List *nameList = NULL;
+ PKIX_PL_GeneralName *name = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("test SubjAltNames Cert Selector");
+ subTest("test SubjAltNames Cert Selector");
- subTest(" PKIX_PL_GeneralName List create");
+ subTest(" PKIX_PL_GeneralName List create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext));
- subTest(" Create Selector and ComCertSelParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&params, plContext));
+ subTest(" Create Selector and ComCertSelParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
- subTest(" Add directory name <CN=Invalid DN nameConstraints EE...>");
- name = createGeneralName
- (PKIX_DIRECTORY_NAME,
- "CN=Invalid DN nameConstraints EE Certificate Test3,"
- "OU=excludedSubtree1,O=Test Certificates,C=US",
- plContext);
+ subTest(" Add directory name <CN=Invalid DN nameConstraints EE...>");
+ name = createGeneralName(PKIX_DIRECTORY_NAME,
+ "CN=Invalid DN nameConstraints EE Certificate Test3,"
+ "OU=excludedSubtree1,O=Test Certificates,C=US",
+ plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (nameList, (PKIX_PL_Object *)name, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
- subTest(" PKIX_ComCertSelParams_SetSubjAltNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames
- (params, nameList, plContext));
+ subTest(" PKIX_ComCertSelParams_SetSubjAltNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(params, nameList, plContext));
- PKIX_TEST_DECREF_BC(name);
- PKIX_TEST_DECREF_BC(nameList);
+ PKIX_TEST_DECREF_BC(name);
+ PKIX_TEST_DECREF_BC(nameList);
- subTest(" Permitting ONE");
- testSelector(selector, certs, 0x1);
+ subTest(" Permitting ONE");
+ testSelector(selector, certs, 0x1);
- subTest(" Add DNS name <mytestcertificates.gov>");
- name = createGeneralName
- (PKIX_DNS_NAME,
- "mytestcertificates.gov",
- plContext);
+ subTest(" Add DNS name <mytestcertificates.gov>");
+ name = createGeneralName(PKIX_DNS_NAME,
+ "mytestcertificates.gov",
+ plContext);
- subTest(" PKIX_ComCertSelParams_AddSubjAltName");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName
- (params, name, plContext));
- PKIX_TEST_DECREF_BC(name);
+ subTest(" PKIX_ComCertSelParams_AddSubjAltName");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(params, name, plContext));
+ PKIX_TEST_DECREF_BC(name);
- subTest(" Permitting NONE");
- testSelector(selector, certs, 0x0);
+ subTest(" Permitting NONE");
+ testSelector(selector, certs, 0x0);
- subTest(" PKIX_ComCertSelParams_SetMatchAllSubjAltNames to FALSE");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames
- (params, PKIX_FALSE, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
+ subTest(" PKIX_ComCertSelParams_SetMatchAllSubjAltNames to FALSE");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(params, PKIX_FALSE, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
- subTest(" Permitting TWO");
- testSelector(selector, certs, 0x3);
+ subTest(" Permitting TWO");
+ testSelector(selector, certs, 0x3);
cleanup:
- PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_DECREF_AC(params);
- PKIX_TEST_DECREF_AC(name);
- PKIX_TEST_DECREF_AC(nameList);
+ PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(params);
+ PKIX_TEST_DECREF_AC(name);
+ PKIX_TEST_DECREF_AC(nameList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testCertificateValidMatch(
- PKIX_List *certs)
+static void
+testCertificateValidMatch(
+ PKIX_List *certs)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *params = NULL;
- PKIX_PL_String *stringRep = NULL;
- PKIX_PL_Date *testDate = NULL;
- char *asciiRep = "050501000000Z";
-
- PKIX_TEST_STD_VARS();
-
- subTest("CertificateValid match");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&params, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid
- (params, testDate, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
- testSelector(selector, certs, 0xFFFFFFFF);
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *params = NULL;
+ PKIX_PL_String *stringRep = NULL;
+ PKIX_PL_Date *testDate = NULL;
+ char *asciiRep = "050501000000Z";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("CertificateValid match");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(params, testDate, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+ testSelector(selector, certs, 0xFFFFFFFF);
cleanup:
- PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_DECREF_AC(params);
- PKIX_TEST_DECREF_AC(stringRep);
- PKIX_TEST_DECREF_AC(testDate);
+ PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(params);
+ PKIX_TEST_DECREF_AC(stringRep);
+ PKIX_TEST_DECREF_AC(testDate);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void test_customCallback1(PKIX_List *certs)
+static void
+test_customCallback1(PKIX_List *certs)
{
- PKIX_CertSelector *selector = NULL;
+ PKIX_CertSelector *selector = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("custom matchCallback");
+ subTest("custom matchCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (custom_CertSelector_MatchCallback,
- NULL,
- &selector,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(custom_CertSelector_MatchCallback,
+ NULL,
+ &selector,
+ plContext));
- testSelector(selector, certs, 0x900);
+ testSelector(selector, certs, 0x900);
cleanup:
- PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void test_customCallback2
- (PKIX_List *certs,
- PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */
+static void test_customCallback2(PKIX_List *certs,
+ PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */
{
- PKIX_CertSelector *selector = NULL;
- PKIX_List *anyPolicyList = NULL; /* OIDs */
- PKIX_PL_OID *policyOID = NULL;
+ PKIX_CertSelector *selector = NULL;
+ PKIX_List *anyPolicyList = NULL; /* OIDs */
+ PKIX_PL_OID *policyOID = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("custom matchCallback with CertSelectorContext");
+ subTest("custom matchCallback with CertSelectorContext");
- testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList);
+ testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (anyPolicyList, 0, (PKIX_PL_Object **)&policyOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(anyPolicyList, 0, (PKIX_PL_Object **)&policyOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (custom_CertSelector_MatchOIDCallback,
- (PKIX_PL_Object *)policyOID,
- &selector,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(custom_CertSelector_MatchOIDCallback,
+ (PKIX_PL_Object *)policyOID,
+ &selector,
+ plContext));
- testSelector(selector, certs, (1 << ANYPOLICYCERT));
+ testSelector(selector, certs, (1 << ANYPOLICYCERT));
cleanup:
- PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_DECREF_AC(anyPolicyList);
- PKIX_TEST_DECREF_AC(policyOID);
+ PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(anyPolicyList);
+ PKIX_TEST_DECREF_AC(policyOID);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testExtendedKeyUsageMatch(char *certDir)
+static void
+testExtendedKeyUsageMatch(char *certDir)
{
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_PL_OID *ekuOid = NULL;
- PKIX_List *ekuOidList = NULL;
- PKIX_PL_String *dirString = NULL;
- PKIX_CertStore_CertCallback certCallback;
- PKIX_CertStore *certStore = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_List *certList = NULL;
- PKIX_UInt32 numCert = 0;
- void *nbioContext = NULL;
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_PL_OID *ekuOid = NULL;
+ PKIX_List *ekuOidList = NULL;
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore_CertCallback certCallback;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certList = NULL;
+ PKIX_UInt32 numCert = 0;
+ void *nbioContext = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("test Extended KeyUsage Cert Selector");
+ subTest("test Extended KeyUsage Cert Selector");
- subTest(" PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
+ subTest(" PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
- subTest(" Create Extended Key Usage OID List");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuOidList, plContext));
+ subTest(" Create Extended Key Usage OID List");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuOidList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- ("1.3.6.1.5.5.7.3.2", &ekuOid, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.2", &ekuOid, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (ekuOidList, (PKIX_PL_Object *)ekuOid, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuOidList, (PKIX_PL_Object *)ekuOid, plContext));
- PKIX_TEST_DECREF_BC(ekuOid);
+ PKIX_TEST_DECREF_BC(ekuOid);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- ("1.3.6.1.5.5.7.3.3", &ekuOid, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.3", &ekuOid, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (ekuOidList, (PKIX_PL_Object *)ekuOid, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuOidList, (PKIX_PL_Object *)ekuOid, plContext));
- PKIX_TEST_DECREF_BC(ekuOid);
+ PKIX_TEST_DECREF_BC(ekuOid);
- subTest(" PKIX_ComCertSelParams_SetExtendedKeyUsage");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage
- (goodParams, ekuOidList, plContext));
+ subTest(" PKIX_ComCertSelParams_SetExtendedKeyUsage");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, ekuOidList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, certDir, 0, &dirString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext));
- subTest(" PKIX_PL_CollectionCertStoreContext_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirString, &certStore, plContext));
+ subTest(" PKIX_PL_CollectionCertStoreContext_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
- subTest(" PKIX_CertSelector_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ subTest(" PKIX_CertSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, goodParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext));
- subTest(" PKIX_CertStore_GetCertCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
- (certStore, &certCallback, NULL));
+ subTest(" PKIX_CertStore_GetCertCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
- subTest(" Getting data from Cert Callback");
- PKIX_TEST_EXPECT_NO_ERROR(certCallback
- (certStore, certSelector, &nbioContext, &certList, plContext));
+ subTest(" Getting data from Cert Callback");
+ PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certList, &numCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
- if (numCert != PKIX_TEST_CERTSELECTOR_EXTKEYUSAGE_NUM_CERTS) {
- pkixTestErrorMsg = "unexpected Cert number mismatch";
- }
+ if (numCert != PKIX_TEST_CERTSELECTOR_EXTKEYUSAGE_NUM_CERTS) {
+ pkixTestErrorMsg = "unexpected Cert number mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(ekuOid);
- PKIX_TEST_DECREF_AC(ekuOidList);
- PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_DECREF_AC(dirString);
- PKIX_TEST_DECREF_AC(certList);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(ekuOid);
+ PKIX_TEST_DECREF_AC(ekuOidList);
+ PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(certList);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testKeyUsageMatch(char *certDir)
+static void
+testKeyUsageMatch(char *certDir)
{
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_PL_String *dirString = NULL;
- PKIX_CertStore_CertCallback certCallback;
- PKIX_CertStore *certStore = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_List *certList = NULL;
- PKIX_UInt32 numCert = 0;
- void *nbioContext = NULL;
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore_CertCallback certCallback;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certList = NULL;
+ PKIX_UInt32 numCert = 0;
+ void *nbioContext = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("test KeyUsage Cert Selector");
+ subTest("test KeyUsage Cert Selector");
- subTest(" PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
+ subTest(" PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
- subTest(" PKIX_ComCertSelParams_SetKeyUsage");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage
- (goodParams, PKIX_CRL_SIGN, plContext));
+ subTest(" PKIX_ComCertSelParams_SetKeyUsage");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, PKIX_CRL_SIGN, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, certDir, 0, &dirString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext));
- subTest(" PKIX_PL_CollectionCertStoreContext_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirString, &certStore, plContext));
+ subTest(" PKIX_PL_CollectionCertStoreContext_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
- subTest(" PKIX_CertSelector_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ subTest(" PKIX_CertSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, goodParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext));
- subTest(" PKIX_CertStore_GetCertCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
- (certStore, &certCallback, NULL));
+ subTest(" PKIX_CertStore_GetCertCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
- subTest(" Getting data from Cert Callback");
- PKIX_TEST_EXPECT_NO_ERROR(certCallback
- (certStore, certSelector, &nbioContext, &certList, plContext));
+ subTest(" Getting data from Cert Callback");
+ PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certList, &numCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
- if (numCert != PKIX_TEST_CERTSELECTOR_KEYUSAGE_NUM_CERTS) {
- pkixTestErrorMsg = "unexpected Cert number mismatch";
- }
+ if (numCert != PKIX_TEST_CERTSELECTOR_KEYUSAGE_NUM_CERTS) {
+ pkixTestErrorMsg = "unexpected Cert number mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_DECREF_AC(dirString);
- PKIX_TEST_DECREF_AC(certList);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(certList);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testCertValidMatch(char *certDir)
+static void
+testCertValidMatch(char *certDir)
{
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_PL_Date *validDate = NULL;
- PKIX_PL_String *dirString = NULL;
- PKIX_CertStore_CertCallback certCallback;
- PKIX_CertStore *certStore = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_List *certList = NULL;
- PKIX_UInt32 numCert = 0;
- void *nbioContext = NULL;
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_PL_Date *validDate = NULL;
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore_CertCallback certCallback;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certList = NULL;
+ PKIX_UInt32 numCert = 0;
+ void *nbioContext = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("test CertValid Cert Selector");
+ subTest("test CertValid Cert Selector");
- subTest(" PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
+ subTest(" PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
- validDate = createDate("050601000000Z", plContext);
+ validDate = createDate("050601000000Z", plContext);
- subTest(" PKIX_ComCertSelParams_SetCertificateValid");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid
- (goodParams, validDate, plContext));
+ subTest(" PKIX_ComCertSelParams_SetCertificateValid");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, validDate, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, certDir, 0, &dirString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext));
- subTest(" PKIX_PL_CollectionCertStoreContext_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirString, &certStore, plContext));
+ subTest(" PKIX_PL_CollectionCertStoreContext_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
- subTest(" PKIX_CertSelector_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ subTest(" PKIX_CertSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, goodParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext));
- subTest(" PKIX_CertStore_GetCertCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
- (certStore, &certCallback, NULL));
+ subTest(" PKIX_CertStore_GetCertCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
- subTest(" Getting data from Cert Callback");
- PKIX_TEST_EXPECT_NO_ERROR(certCallback
- (certStore, certSelector, &nbioContext, &certList, plContext));
+ subTest(" Getting data from Cert Callback");
+ PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certList, &numCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
- if (numCert != PKIX_TEST_CERTSELECTOR_CERTVALID_NUM_CERTS) {
- pkixTestErrorMsg = "unexpected Cert number mismatch";
- }
+ if (numCert != PKIX_TEST_CERTSELECTOR_CERTVALID_NUM_CERTS) {
+ pkixTestErrorMsg = "unexpected Cert number mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_DECREF_AC(validDate);
- PKIX_TEST_DECREF_AC(dirString);
- PKIX_TEST_DECREF_AC(certList);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(validDate);
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(certList);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testIssuerMatch(char *certDir)
+static void
+testIssuerMatch(char *certDir)
{
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_PL_X500Name *issuer = NULL;
- PKIX_PL_String *issuerStr = NULL;
- PKIX_PL_String *dirString = NULL;
- PKIX_CertStore_CertCallback certCallback;
- PKIX_CertStore *certStore = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_List *certList = NULL;
- char *issuerName = "CN=science,O=mit,C=US";
- PKIX_UInt32 numCert = 0;
- void *nbioContext = NULL;
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_PL_X500Name *issuer = NULL;
+ PKIX_PL_String *issuerStr = NULL;
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore_CertCallback certCallback;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certList = NULL;
+ char *issuerName = "CN=science,O=mit,C=US";
+ PKIX_UInt32 numCert = 0;
+ void *nbioContext = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("test Issuer Cert Selector");
+ subTest("test Issuer Cert Selector");
- subTest(" PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
+ subTest(" PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, issuerName, 0, &issuerStr, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, issuerName, 0, &issuerStr, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create
- (issuerStr, &issuer, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerStr, &issuer, plContext));
- subTest(" PKIX_ComCertSelParams_SetIssuer");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer
- (goodParams, issuer, plContext));
+ subTest(" PKIX_ComCertSelParams_SetIssuer");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, issuer, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, certDir, 0, &dirString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext));
- subTest(" PKIX_PL_CollectionCertStoreContext_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirString, &certStore, plContext));
+ subTest(" PKIX_PL_CollectionCertStoreContext_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
- subTest(" PKIX_CertSelector_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ subTest(" PKIX_CertSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, goodParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext));
- subTest(" PKIX_CertStore_GetCertCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
- (certStore, &certCallback, NULL));
+ subTest(" PKIX_CertStore_GetCertCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
- subTest(" Getting data from Cert Callback");
- PKIX_TEST_EXPECT_NO_ERROR(certCallback
- (certStore, certSelector, &nbioContext, &certList, plContext));
+ subTest(" Getting data from Cert Callback");
+ PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certList, &numCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
- if (numCert != PKIX_TEST_CERTSELECTOR_ISSUER_NUM_CERTS) {
- pkixTestErrorMsg = "unexpected Cert number mismatch";
- }
+ if (numCert != PKIX_TEST_CERTSELECTOR_ISSUER_NUM_CERTS) {
+ pkixTestErrorMsg = "unexpected Cert number mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_DECREF_AC(issuer);
- PKIX_TEST_DECREF_AC(issuerStr);
- PKIX_TEST_DECREF_AC(dirString);
- PKIX_TEST_DECREF_AC(certList);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(issuer);
+ PKIX_TEST_DECREF_AC(issuerStr);
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(certList);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testSerialNumberVersionMatch(char *certDir)
+static void
+testSerialNumberVersionMatch(char *certDir)
{
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_PL_BigInt *serialNumber = NULL;
- PKIX_PL_String *serialNumberStr = NULL;
- PKIX_PL_String *dirString = NULL;
- PKIX_CertStore_CertCallback certCallback;
- PKIX_CertStore *certStore = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_List *certList = NULL;
- PKIX_UInt32 numCert = 0;
- void *nbioContext = NULL;
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_PL_BigInt *serialNumber = NULL;
+ PKIX_PL_String *serialNumberStr = NULL;
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore_CertCallback certCallback;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certList = NULL;
+ PKIX_UInt32 numCert = 0;
+ void *nbioContext = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("test Serial Number Cert Selector");
+ subTest("test Serial Number Cert Selector");
- subTest(" PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
+ subTest(" PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, "01", 0, &serialNumberStr, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "01", 0, &serialNumberStr, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create
- (serialNumberStr, &serialNumber, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(serialNumberStr, &serialNumber, plContext));
- subTest(" PKIX_ComCertSelParams_SetSerialNumber");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber
- (goodParams, serialNumber, plContext));
+ subTest(" PKIX_ComCertSelParams_SetSerialNumber");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, serialNumber, plContext));
- subTest(" PKIX_ComCertSelParams_SetVersion");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion
- (goodParams, 0, plContext));
+ subTest(" PKIX_ComCertSelParams_SetVersion");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 0, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, certDir, 0, &dirString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext));
- subTest(" PKIX_PL_CollectionCertStoreContext_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirString, &certStore, plContext));
+ subTest(" PKIX_PL_CollectionCertStoreContext_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
- subTest(" PKIX_CertSelector_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ subTest(" PKIX_CertSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, goodParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext));
- subTest(" PKIX_CertStore_GetCertCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
- (certStore, &certCallback, NULL));
+ subTest(" PKIX_CertStore_GetCertCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
- subTest(" Getting data from Cert Callback");
- PKIX_TEST_EXPECT_NO_ERROR(certCallback
- (certStore, certSelector, &nbioContext, &certList, plContext));
+ subTest(" Getting data from Cert Callback");
+ PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certList, &numCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
- PKIX_TEST_DECREF_BC(certList);
+ PKIX_TEST_DECREF_BC(certList);
- if (numCert != 0) {
- pkixTestErrorMsg = "unexpected Version mismatch";
- }
+ if (numCert != 0) {
+ pkixTestErrorMsg = "unexpected Version mismatch";
+ }
- subTest(" PKIX_ComCertSelParams_SetVersion");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion
- (goodParams, 2, plContext));
+ subTest(" PKIX_ComCertSelParams_SetVersion");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext));
- subTest(" Getting data from Cert Callback");
- PKIX_TEST_EXPECT_NO_ERROR(certCallback
- (certStore, certSelector, &nbioContext, &certList, plContext));
+ subTest(" Getting data from Cert Callback");
+ PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certList, &numCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
- if (numCert != PKIX_TEST_CERTSELECTOR_SERIALNUMBER_NUM_CERTS) {
- pkixTestErrorMsg = "unexpected Serial Number mismatch";
- }
+ if (numCert != PKIX_TEST_CERTSELECTOR_SERIALNUMBER_NUM_CERTS) {
+ pkixTestErrorMsg = "unexpected Serial Number mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_DECREF_AC(serialNumber);
- PKIX_TEST_DECREF_AC(serialNumberStr);
- PKIX_TEST_DECREF_AC(dirString);
- PKIX_TEST_DECREF_AC(certList);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(serialNumber);
+ PKIX_TEST_DECREF_AC(serialNumberStr);
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(certList);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testSubjKeyIdMatch(PKIX_List *certs)
+static void
+testSubjKeyIdMatch(PKIX_List *certs)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *params = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_ByteArray *selSubjKeyId = NULL;
- PKIX_UInt32 item = 0;
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *params = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_ByteArray *selSubjKeyId = NULL;
+ PKIX_UInt32 item = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("test Subject Key Id Cert Selector");
+ subTest("test Subject Key Id Cert Selector");
- item = 2;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certs, item, (PKIX_PL_Object **)&cert, plContext));
+ item = 2;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext));
- subTest(" PKIX_PL_Cert_GetSubjectKeyIdentifier");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier
- (cert, &selSubjKeyId, plContext));
+ subTest(" PKIX_PL_Cert_GetSubjectKeyIdentifier");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &selSubjKeyId, plContext));
- subTest(" Create Selector and ComCertSelParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&params, plContext));
+ subTest(" Create Selector and ComCertSelParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
- subTest(" PKIX_ComCertSelParams_SetSubjKeyIdentifier");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier
- (params, selSubjKeyId, plContext));
+ subTest(" PKIX_ComCertSelParams_SetSubjKeyIdentifier");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(params, selSubjKeyId, plContext));
- subTest(" Select One");
- testSelector(selector, certs, 1<<item);
+ subTest(" Select One");
+ testSelector(selector, certs, 1 << item);
cleanup:
- PKIX_TEST_DECREF_AC(selSubjKeyId);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(params);
- PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(selSubjKeyId);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(params);
+ PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testAuthKeyIdMatch(PKIX_List *certs)
+static void
+testAuthKeyIdMatch(PKIX_List *certs)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *params = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_ByteArray *selAuthKeyId = NULL;
- PKIX_UInt32 item = 0;
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *params = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_ByteArray *selAuthKeyId = NULL;
+ PKIX_UInt32 item = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("test Auth Key Id Cert Selector");
+ subTest("test Auth Key Id Cert Selector");
- item = 3;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certs, item, (PKIX_PL_Object **)&cert, plContext));
+ item = 3;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext));
- subTest(" PKIX_PL_Cert_GetAuthorityKeyIdentifier");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier
- (cert, &selAuthKeyId, plContext));
+ subTest(" PKIX_PL_Cert_GetAuthorityKeyIdentifier");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &selAuthKeyId, plContext));
- subTest(" Create Selector and ComCertSelParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&params, plContext));
+ subTest(" Create Selector and ComCertSelParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
- subTest(" PKIX_ComCertSelParams_SetAuthorityKeyIdentifier");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetAuthorityKeyIdentifier
- (params, selAuthKeyId, plContext));
+ subTest(" PKIX_ComCertSelParams_SetAuthorityKeyIdentifier");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(params, selAuthKeyId, plContext));
- subTest(" Select TWO");
- testSelector(selector, certs, (1<<item)|(1<<1));
+ subTest(" Select TWO");
+ testSelector(selector, certs, (1 << item) | (1 << 1));
cleanup:
- PKIX_TEST_DECREF_AC(selAuthKeyId);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(params);
- PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(selAuthKeyId);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(params);
+ PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testSubjPKAlgIdMatch(PKIX_List *certs)
+static void
+testSubjPKAlgIdMatch(PKIX_List *certs)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *params = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_OID *selAlgId = NULL;
- PKIX_UInt32 item = 0;
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *params = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_OID *selAlgId = NULL;
+ PKIX_UInt32 item = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("test Subject Public Key Algorithm Id Cert Selector");
+ subTest("test Subject Public Key Algorithm Id Cert Selector");
- item = 0;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certs, item, (PKIX_PL_Object **)&cert, plContext));
+ item = 0;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext));
- subTest(" PKIX_PL_Cert_GetSubjectPublicKeyAlgId");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId
- (cert, &selAlgId, plContext));
+ subTest(" PKIX_PL_Cert_GetSubjectPublicKeyAlgId");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(cert, &selAlgId, plContext));
- subTest(" Create Selector and ComCertSelParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&params, plContext));
+ subTest(" Create Selector and ComCertSelParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
- subTest(" PKIX_ComCertSelParams_SetSubjPKAlgId");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId
- (params, selAlgId, plContext));
+ subTest(" PKIX_ComCertSelParams_SetSubjPKAlgId");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(params, selAlgId, plContext));
- subTest(" Select All");
- testSelector(selector, certs, 0x7F);
+ subTest(" Select All");
+ testSelector(selector, certs, 0x7F);
cleanup:
- PKIX_TEST_DECREF_AC(selAlgId);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(params);
- PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(selAlgId);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(params);
+ PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testSubjPublicKeyMatch(PKIX_List *certs)
+static void
+testSubjPublicKeyMatch(PKIX_List *certs)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *params = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_PublicKey *selPublicKey = NULL;
- PKIX_UInt32 item = 0;
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *params = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_PublicKey *selPublicKey = NULL;
+ PKIX_UInt32 item = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("test Subject Public Key Cert Selector");
+ subTest("test Subject Public Key Cert Selector");
- item = 5;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certs, item, (PKIX_PL_Object **)&cert, plContext));
+ item = 5;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext));
- subTest(" PKIX_PL_Cert_GetSubjectPublicKey");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (cert, &selPublicKey, plContext));
+ subTest(" PKIX_PL_Cert_GetSubjectPublicKey");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &selPublicKey, plContext));
- subTest(" Create Selector and ComCertSelParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&params, plContext));
+ subTest(" Create Selector and ComCertSelParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, params, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
- subTest(" PKIX_ComCertSelParams_SetSubjPubKey");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey
- (params, selPublicKey, plContext));
+ subTest(" PKIX_ComCertSelParams_SetSubjPubKey");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(params, selPublicKey, plContext));
- subTest(" Select ONE");
- testSelector(selector, certs, 1<<item);
+ subTest(" Select ONE");
+ testSelector(selector, certs, 1 << item);
cleanup:
- PKIX_TEST_DECREF_AC(selPublicKey);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(params);
- PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(selPublicKey);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(params);
+ PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void test_CertSelector_Duplicate(PKIX_CertSelector *selector)
+static void
+test_CertSelector_Duplicate(PKIX_CertSelector *selector)
{
- PKIX_Int32 goodBasicConstraints = 0;
- PKIX_Int32 equalBasicConstraints = 0;
- PKIX_CertSelector *dupSelector = NULL;
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_ComCertSelParams *equalParams = NULL;
- PKIX_CertSelector_MatchCallback goodCallback = NULL;
- PKIX_CertSelector_MatchCallback equalCallback = NULL;
- PKIX_PL_X500Name *goodSubject = NULL;
- PKIX_PL_X500Name *equalSubject = NULL;
- PKIX_List *goodPolicy = NULL;
- PKIX_List *equalPolicy = NULL;
- PKIX_PL_Cert *goodCert = NULL;
- PKIX_PL_Cert *equalCert = NULL;
- PKIX_PL_Date *goodDate = NULL;
- PKIX_PL_Date *equalDate = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("test_CertSelector_Duplicate");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)selector,
- (PKIX_PL_Object **)&dupSelector,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams
- (selector, &goodParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams
- (dupSelector, &equalParams, plContext));
- /* There is no equals function, so look at components separately. */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject
- (goodParams, &goodSubject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject
- (equalParams, &equalSubject, plContext));
- if (goodSubject && equalSubject) {
- testEqualsHelper
- ((PKIX_PL_Object *)goodSubject,
- (PKIX_PL_Object *)equalSubject,
- PKIX_TRUE,
- plContext);
- } else {
- if PKIX_EXACTLY_ONE_NULL(goodSubject, equalSubject) {
- pkixTestErrorMsg = "Subject Names are not equal!";
- goto cleanup;
- }
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy
- (goodParams, &goodPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy
- (equalParams, &equalPolicy, plContext));
- if (goodPolicy && equalPolicy) {
- testEqualsHelper
- ((PKIX_PL_Object *)goodPolicy,
- (PKIX_PL_Object *)equalPolicy,
- PKIX_TRUE,
- plContext);
- } else {
- if PKIX_EXACTLY_ONE_NULL(goodPolicy, equalPolicy) {
- pkixTestErrorMsg = "Policy Lists are not equal!";
- goto cleanup;
- }
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate
- (goodParams, &goodCert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate
- (equalParams, &equalCert, plContext));
- if (goodCert && equalCert) {
- testEqualsHelper
- ((PKIX_PL_Object *)goodCert,
- (PKIX_PL_Object *)equalCert,
- PKIX_TRUE,
- plContext);
- } else {
- if PKIX_EXACTLY_ONE_NULL(goodCert, equalCert) {
- pkixTestErrorMsg = "Cert Lists are not equal!";
- goto cleanup;
- }
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid
- (goodParams, &goodDate, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid
- (equalParams, &equalDate, plContext));
- if (goodCert && equalCert) {
- testEqualsHelper
- ((PKIX_PL_Object *)goodDate,
- (PKIX_PL_Object *)equalDate,
- PKIX_TRUE,
- plContext);
- } else {
- if PKIX_EXACTLY_ONE_NULL(goodDate, equalDate) {
- pkixTestErrorMsg = "Date Lists are not equal!";
- goto cleanup;
- }
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints
- (goodParams, &goodBasicConstraints, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints
- (equalParams, &equalBasicConstraints, plContext));
- if (goodBasicConstraints != equalBasicConstraints) {
- pkixTestErrorMsg = "BasicConstraints are not equal!";
+ PKIX_Int32 goodBasicConstraints = 0;
+ PKIX_Int32 equalBasicConstraints = 0;
+ PKIX_CertSelector *dupSelector = NULL;
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_ComCertSelParams *equalParams = NULL;
+ PKIX_CertSelector_MatchCallback goodCallback = NULL;
+ PKIX_CertSelector_MatchCallback equalCallback = NULL;
+ PKIX_PL_X500Name *goodSubject = NULL;
+ PKIX_PL_X500Name *equalSubject = NULL;
+ PKIX_List *goodPolicy = NULL;
+ PKIX_List *equalPolicy = NULL;
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Date *goodDate = NULL;
+ PKIX_PL_Date *equalDate = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("test_CertSelector_Duplicate");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)selector,
+ (PKIX_PL_Object **)&dupSelector,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams(selector, &goodParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams(dupSelector, &equalParams, plContext));
+ /* There is no equals function, so look at components separately. */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext));
+ if (goodSubject && equalSubject) {
+ testEqualsHelper((PKIX_PL_Object *)goodSubject,
+ (PKIX_PL_Object *)equalSubject,
+ PKIX_TRUE,
+ plContext);
+ } else {
+ if
+ PKIX_EXACTLY_ONE_NULL(goodSubject, equalSubject)
+ {
+ pkixTestErrorMsg = "Subject Names are not equal!";
goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback
- (selector, &goodCallback, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback
- (dupSelector, &equalCallback, plContext));
- if (goodCallback != equalCallback) {
- pkixTestErrorMsg = "MatchCallbacks are not equal!";
- }
+ }
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicy, plContext));
+ if (goodPolicy && equalPolicy) {
+ testEqualsHelper((PKIX_PL_Object *)goodPolicy,
+ (PKIX_PL_Object *)equalPolicy,
+ PKIX_TRUE,
+ plContext);
+ } else {
+ if
+ PKIX_EXACTLY_ONE_NULL(goodPolicy, equalPolicy)
+ {
+ pkixTestErrorMsg = "Policy Lists are not equal!";
+ goto cleanup;
+ }
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext));
+ if (goodCert && equalCert) {
+ testEqualsHelper((PKIX_PL_Object *)goodCert,
+ (PKIX_PL_Object *)equalCert,
+ PKIX_TRUE,
+ plContext);
+ } else {
+ if
+ PKIX_EXACTLY_ONE_NULL(goodCert, equalCert)
+ {
+ pkixTestErrorMsg = "Cert Lists are not equal!";
+ goto cleanup;
+ }
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext));
+ if (goodCert && equalCert) {
+ testEqualsHelper((PKIX_PL_Object *)goodDate,
+ (PKIX_PL_Object *)equalDate,
+ PKIX_TRUE,
+ plContext);
+ } else {
+ if
+ PKIX_EXACTLY_ONE_NULL(goodDate, equalDate)
+ {
+ pkixTestErrorMsg = "Date Lists are not equal!";
+ goto cleanup;
+ }
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodBasicConstraints, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalBasicConstraints, plContext));
+ if (goodBasicConstraints != equalBasicConstraints) {
+ pkixTestErrorMsg = "BasicConstraints are not equal!";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(selector, &goodCallback, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(dupSelector, &equalCallback, plContext));
+ if (goodCallback != equalCallback) {
+ pkixTestErrorMsg = "MatchCallbacks are not equal!";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(dupSelector);
- PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_DECREF_AC(equalParams);
- PKIX_TEST_DECREF_AC(goodSubject);
- PKIX_TEST_DECREF_AC(equalSubject);
- PKIX_TEST_DECREF_AC(goodPolicy);
- PKIX_TEST_DECREF_AC(equalPolicy);
- PKIX_TEST_DECREF_AC(goodCert);
- PKIX_TEST_DECREF_AC(equalCert);
- PKIX_TEST_DECREF_AC(goodDate);
- PKIX_TEST_DECREF_AC(equalDate);
-
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(dupSelector);
+ PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(equalParams);
+ PKIX_TEST_DECREF_AC(goodSubject);
+ PKIX_TEST_DECREF_AC(equalSubject);
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(goodDate);
+ PKIX_TEST_DECREF_AC(equalDate);
+
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(void) {
- (void) printf("\nUSAGE:\ttest_certselector <NIST_FILES_DIR> <cert-dir>\n\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_certselector <NIST_FILES_DIR> <cert-dir>\n\n");
}
-int test_certselector(int argc, char *argv[]) {
-
- PKIX_UInt32 i = 0;
- PKIX_UInt32 j = 0;
- PKIX_UInt32 actualMinorVersion;
+int
+test_certselector(int argc, char *argv[])
+{
- PKIX_CertSelector *emptySelector = NULL;
- PKIX_List *certs = NULL;
- PKIX_List *nameConstraintsCerts = NULL;
- PKIX_List *subjAltNamesCerts = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_Cert *policy1Cert = NULL;
- PKIX_PL_Cert *policy2Cert = NULL;
- PKIX_PL_Cert *anyPolicyCert = NULL;
- PKIX_PL_Cert *subjectCert = NULL;
- PKIX_ComCertSelParams *selParams = NULL;
- char *certDir = NULL;
- char *dirName = NULL;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 actualMinorVersion;
- PKIX_TEST_STD_VARS();
+ PKIX_CertSelector *emptySelector = NULL;
+ PKIX_List *certs = NULL;
+ PKIX_List *nameConstraintsCerts = NULL;
+ PKIX_List *subjAltNamesCerts = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_Cert *policy1Cert = NULL;
+ PKIX_PL_Cert *policy2Cert = NULL;
+ PKIX_PL_Cert *anyPolicyCert = NULL;
+ PKIX_PL_Cert *subjectCert = NULL;
+ PKIX_ComCertSelParams *selParams = NULL;
+ char *certDir = NULL;
+ char *dirName = NULL;
- startTests("CertSelector");
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ startTests("CertSelector");
- if (argc < 3) {
- printUsage();
- return (0);
- }
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- dirName = argv[j+1];
- certDir = argv[j+3];
-
- /* Create a List of certs to use in testing the selector */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));
-
- for (i = 0; i < NUMCERTS; i++) {
-
- cert = createCert(dirName, certList[i], plContext);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (certs, (PKIX_PL_Object *)cert, plContext));
- if (i == POLICY1CERT) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)cert, plContext));
- policy1Cert = cert;
- }
- if (i == ANYPOLICYCERT) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)cert, plContext));
- anyPolicyCert = cert;
- }
- if (i == POLICY2CERT) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)cert, plContext));
- policy2Cert = cert;
- }
- if (i == SUBJECTCERT) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)cert, plContext));
- subjectCert = cert;
- }
- PKIX_TEST_DECREF_BC(cert);
- }
+ if (argc < 3) {
+ printUsage();
+ return (0);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
- (&nameConstraintsCerts, plContext));
+ dirName = argv[j + 1];
+ certDir = argv[j + 3];
- for (i = 0; i < NUMNCCERTS; i++) {
+ /* Create a List of certs to use in testing the selector */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));
- cert = createCert(dirName, ncCertList[i], plContext);
+ for (i = 0; i < NUMCERTS; i++) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (nameConstraintsCerts,
- (PKIX_PL_Object *)cert,
- plContext));
+ cert = createCert(dirName, certList[i], plContext);
- PKIX_TEST_DECREF_BC(cert);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs, (PKIX_PL_Object *)cert, plContext));
+ if (i == POLICY1CERT) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext));
+ policy1Cert = cert;
+ }
+ if (i == ANYPOLICYCERT) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext));
+ anyPolicyCert = cert;
}
+ if (i == POLICY2CERT) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext));
+ policy2Cert = cert;
+ }
+ if (i == SUBJECTCERT) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext));
+ subjectCert = cert;
+ }
+ PKIX_TEST_DECREF_BC(cert);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
- (&subjAltNamesCerts, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameConstraintsCerts, plContext));
- for (i = 0; i < NUMSANCERTS; i++) {
+ for (i = 0; i < NUMNCCERTS; i++) {
- cert = createCert(dirName, sanCertList[i], plContext);
+ cert = createCert(dirName, ncCertList[i], plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (subjAltNamesCerts,
- (PKIX_PL_Object *)cert,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameConstraintsCerts,
+ (PKIX_PL_Object *)cert,
+ plContext));
- PKIX_TEST_DECREF_BC(cert);
- }
+ PKIX_TEST_DECREF_BC(cert);
+ }
- subTest("test_CertSelector_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &emptySelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&subjAltNamesCerts, plContext));
- subTest("Default Match, no parameters set");
- testSelector(emptySelector, certs, 0xFFFFFFFF);
+ for (i = 0; i < NUMSANCERTS; i++) {
- testSubjectMatch(certs, subjectCert);
+ cert = createCert(dirName, sanCertList[i], plContext);
- testBasicConstraintsMatch(certs);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(subjAltNamesCerts,
+ (PKIX_PL_Object *)cert,
+ plContext));
+
+ PKIX_TEST_DECREF_BC(cert);
+ }
- testPolicyMatch(certs, policy1Cert, policy2Cert, anyPolicyCert);
+ subTest("test_CertSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &emptySelector, plContext));
- testCertificateMatch(certs, subjectCert);
+ subTest("Default Match, no parameters set");
+ testSelector(emptySelector, certs, 0xFFFFFFFF);
- testCertificateValidMatch(certs);
+ testSubjectMatch(certs, subjectCert);
- subTest("Combination: pass only EE certs that assert some policy");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&selParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetBasicConstraints
- (selParams, -2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (emptySelector, selParams, plContext));
- testSelector(emptySelector, certs, 0xC00);
+ testBasicConstraintsMatch(certs);
- testNameConstraintsMatch(nameConstraintsCerts);
+ testPolicyMatch(certs, policy1Cert, policy2Cert, anyPolicyCert);
- testPathToNamesMatch(nameConstraintsCerts);
+ testCertificateMatch(certs, subjectCert);
- testSubjAltNamesMatch(subjAltNamesCerts);
+ testCertificateValidMatch(certs);
- testExtendedKeyUsageMatch(certDir);
+ subTest("Combination: pass only EE certs that assert some policy");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(selParams, -2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(emptySelector, selParams, plContext));
+ testSelector(emptySelector, certs, 0xC00);
- testKeyUsageMatch(certDir);
+ testNameConstraintsMatch(nameConstraintsCerts);
- testIssuerMatch(certDir);
+ testPathToNamesMatch(nameConstraintsCerts);
- testSerialNumberVersionMatch(certDir);
+ testSubjAltNamesMatch(subjAltNamesCerts);
- testCertValidMatch(certDir);
+ testExtendedKeyUsageMatch(certDir);
- testSubjKeyIdMatch(nameConstraintsCerts);
+ testKeyUsageMatch(certDir);
- testAuthKeyIdMatch(nameConstraintsCerts);
+ testIssuerMatch(certDir);
- testSubjPKAlgIdMatch(nameConstraintsCerts);
+ testSerialNumberVersionMatch(certDir);
- testSubjPublicKeyMatch(nameConstraintsCerts);
+ testCertValidMatch(certDir);
- test_CertSelector_Duplicate(emptySelector);
+ testSubjKeyIdMatch(nameConstraintsCerts);
- test_customCallback1(certs);
+ testAuthKeyIdMatch(nameConstraintsCerts);
- test_customCallback2(certs, anyPolicyCert);
+ testSubjPKAlgIdMatch(nameConstraintsCerts);
- subTest("test_CertSelector_Destroy");
+ testSubjPublicKeyMatch(nameConstraintsCerts);
- PKIX_TEST_DECREF_BC(emptySelector);
+ test_CertSelector_Duplicate(emptySelector);
+ test_customCallback1(certs);
+ test_customCallback2(certs, anyPolicyCert);
+
+ subTest("test_CertSelector_Destroy");
+
+ PKIX_TEST_DECREF_BC(emptySelector);
cleanup:
- PKIX_TEST_DECREF_AC(emptySelector);
- PKIX_TEST_DECREF_AC(certs);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(policy1Cert);
- PKIX_TEST_DECREF_AC(policy2Cert);
- PKIX_TEST_DECREF_AC(anyPolicyCert);
- PKIX_TEST_DECREF_AC(subjectCert);
- PKIX_TEST_DECREF_AC(selParams);
- PKIX_TEST_DECREF_AC(nameConstraintsCerts);
- PKIX_TEST_DECREF_AC(subjAltNamesCerts);
+ PKIX_TEST_DECREF_AC(emptySelector);
+ PKIX_TEST_DECREF_AC(certs);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(policy1Cert);
+ PKIX_TEST_DECREF_AC(policy2Cert);
+ PKIX_TEST_DECREF_AC(anyPolicyCert);
+ PKIX_TEST_DECREF_AC(subjectCert);
+ PKIX_TEST_DECREF_AC(selParams);
+ PKIX_TEST_DECREF_AC(nameConstraintsCerts);
+ PKIX_TEST_DECREF_AC(subjAltNamesCerts);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("CertSelector");
+ endTests("CertSelector");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/certsel/test_comcertselparams.c b/cmd/libpkix/pkix/certsel/test_comcertselparams.c
index b0c0dca49..57f192a42 100644
--- a/cmd/libpkix/pkix/certsel/test_comcertselparams.c
+++ b/cmd/libpkix/pkix/certsel/test_comcertselparams.c
@@ -13,908 +13,788 @@
static void *plContext = NULL;
-static
-void test_CreateOIDList(PKIX_List *certPolicyInfos, PKIX_List **pPolicyOIDs)
+static void
+test_CreateOIDList(PKIX_List *certPolicyInfos, PKIX_List **pPolicyOIDs)
{
- PKIX_UInt32 i = 0;
- PKIX_UInt32 numInfos = 0;
- PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL;
- PKIX_PL_OID *policyOID = NULL;
- PKIX_List *certPolicies = NULL;
-
- PKIX_TEST_STD_VARS();
-
- /* Convert from List of CertPolicyInfos to List of OIDs */
- if (certPolicyInfos) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certPolicyInfos, &numInfos, plContext));
- }
-
- if (numInfos > 0) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
- (&certPolicies, plContext));
- }
- for (i = 0; i < numInfos; i++) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (certPolicyInfos,
- i,
- (PKIX_PL_Object **)&certPolicyInfo,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId
- (certPolicyInfo, &policyOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (certPolicies, (PKIX_PL_Object *)policyOID, plContext));
- PKIX_TEST_DECREF_BC(certPolicyInfo);
- PKIX_TEST_DECREF_BC(policyOID);
- }
-
- *pPolicyOIDs = certPolicies;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 numInfos = 0;
+ PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL;
+ PKIX_PL_OID *policyOID = NULL;
+ PKIX_List *certPolicies = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ /* Convert from List of CertPolicyInfos to List of OIDs */
+ if (certPolicyInfos) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicyInfos, &numInfos, plContext));
+ }
+
+ if (numInfos > 0) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certPolicies, plContext));
+ }
+ for (i = 0; i < numInfos; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicyInfos,
+ i,
+ (PKIX_PL_Object **)&certPolicyInfo,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(certPolicyInfo, &policyOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certPolicies, (PKIX_PL_Object *)policyOID, plContext));
+ PKIX_TEST_DECREF_BC(certPolicyInfo);
+ PKIX_TEST_DECREF_BC(policyOID);
+ }
+
+ *pPolicyOIDs = certPolicies;
cleanup:
- PKIX_TEST_DECREF_AC(certPolicyInfo);
- PKIX_TEST_DECREF_AC(policyOID);
+ PKIX_TEST_DECREF_AC(certPolicyInfo);
+ PKIX_TEST_DECREF_AC(policyOID);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void test_NameConstraints(char *dirName)
+static void
+test_NameConstraints(char *dirName)
{
- PKIX_PL_Cert *goodCert = NULL;
- PKIX_PL_CertNameConstraints *getNameConstraints = NULL;
- PKIX_PL_CertNameConstraints *setNameConstraints = NULL;
- PKIX_ComCertSelParams *goodParams = NULL;
- char *expectedAscii =
- "[\n"
- "\t\tPermitted Name: (OU=permittedSubtree1,"
- "O=Test Certificates,C=US, OU=permittedSubtree2,"
- "O=Test Certificates,C=US)\n"
- "\t\tExcluded Name: (EMPTY)\n"
- "\t]\n";
-
- PKIX_TEST_STD_VARS();
-
- subTest("Create Cert for NameConstraints test");
-
- goodCert = createCert
- (dirName, "nameConstraintsDN2CACert.crt", plContext);
-
- subTest("PKIX_PL_Cert_GetNameConstraints");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (goodCert, &setNameConstraints, plContext));
-
- subTest("PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
-
- subTest("PKIX_ComCertSelParams_SetNameConstraints");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints
- (goodParams, setNameConstraints, plContext));
-
- subTest("PKIX_ComCertSelParams_GetNameConstraints");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetNameConstraints
- (goodParams, &getNameConstraints, plContext));
-
- subTest("Compare NameConstraints");
- testEqualsHelper((PKIX_PL_Object *)setNameConstraints,
- (PKIX_PL_Object *)getNameConstraints,
- PKIX_TRUE,
- plContext);
-
- subTest("Compare NameConstraints with canned string");
- testToStringHelper
- ((PKIX_PL_Object *)getNameConstraints,
- expectedAscii,
- plContext);
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_CertNameConstraints *getNameConstraints = NULL;
+ PKIX_PL_CertNameConstraints *setNameConstraints = NULL;
+ PKIX_ComCertSelParams *goodParams = NULL;
+ char *expectedAscii =
+ "[\n"
+ "\t\tPermitted Name: (OU=permittedSubtree1,"
+ "O=Test Certificates,C=US, OU=permittedSubtree2,"
+ "O=Test Certificates,C=US)\n"
+ "\t\tExcluded Name: (EMPTY)\n"
+ "\t]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("Create Cert for NameConstraints test");
+
+ goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext);
+
+ subTest("PKIX_PL_Cert_GetNameConstraints");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(goodCert, &setNameConstraints, plContext));
+
+ subTest("PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+ subTest("PKIX_ComCertSelParams_SetNameConstraints");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(goodParams, setNameConstraints, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetNameConstraints");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetNameConstraints(goodParams, &getNameConstraints, plContext));
+
+ subTest("Compare NameConstraints");
+ testEqualsHelper((PKIX_PL_Object *)setNameConstraints,
+ (PKIX_PL_Object *)getNameConstraints,
+ PKIX_TRUE,
+ plContext);
+
+ subTest("Compare NameConstraints with canned string");
+ testToStringHelper((PKIX_PL_Object *)getNameConstraints,
+ expectedAscii,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(goodCert);
- PKIX_TEST_DECREF_AC(getNameConstraints);
- PKIX_TEST_DECREF_AC(setNameConstraints);
- PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(getNameConstraints);
+ PKIX_TEST_DECREF_AC(setNameConstraints);
+ PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void test_PathToNames(void)
+static void
+test_PathToNames(void)
{
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_List *setGenNames = NULL;
- PKIX_List *getGenNames = NULL;
- PKIX_PL_GeneralName *rfc822GenName = NULL;
- PKIX_PL_GeneralName *dnsGenName = NULL;
- PKIX_PL_GeneralName *dirGenName = NULL;
- PKIX_PL_GeneralName *uriGenName = NULL;
- PKIX_PL_GeneralName *oidGenName = NULL;
- char *rfc822Name = "john.doe@labs.com";
- char *dnsName = "comcast.net";
- char *dirName = "cn=john, ou=labs, o=sun, c=us";
- char *uriName = "http://comcast.net";
- char *oidName = "1.2.840.11";
- char *expectedAscii =
- "(john.doe@labs.com, "
- "comcast.net, "
- "CN=john,OU=labs,O=sun,C=us, "
- "http://comcast.net)";
- char *expectedAsciiAll =
- "(john.doe@labs.com, "
- "comcast.net, "
- "CN=john,OU=labs,O=sun,C=us, "
- "http://comcast.net, "
- "1.2.840.11)";
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_GeneralName_Create");
- dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext);
- uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext);
- oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext);
- dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext);
- rfc822GenName = createGeneralName
- (PKIX_RFC822_NAME,
- rfc822Name,
- plContext);
-
- subTest("PKIX_PL_GeneralName List create and append");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setGenNames, (PKIX_PL_Object *)dnsGenName, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setGenNames, (PKIX_PL_Object *)dirGenName, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setGenNames, (PKIX_PL_Object *)uriGenName, plContext));
-
- subTest("PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
-
- subTest("PKIX_ComCertSelParams_SetPathToNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames
- (goodParams, setGenNames, plContext));
-
- subTest("PKIX_ComCertSelParams_GetPathToNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames
- (goodParams, &getGenNames, plContext));
-
- subTest("Compare GeneralName List");
- testEqualsHelper((PKIX_PL_Object *)setGenNames,
- (PKIX_PL_Object *)getGenNames,
- PKIX_TRUE,
- plContext);
-
- subTest("Compare GeneralName List with canned string");
- testToStringHelper
- ((PKIX_PL_Object *)getGenNames,
- expectedAscii,
- plContext);
-
- subTest("PKIX_ComCertSelParams_AddPathToName");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName
- (goodParams, oidGenName, plContext));
-
- PKIX_TEST_DECREF_BC(getGenNames);
-
- subTest("PKIX_ComCertSelParams_GetPathToNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames
- (goodParams, &getGenNames, plContext));
-
- subTest("Compare GeneralName List with canned string");
- testToStringHelper
- ((PKIX_PL_Object *)getGenNames,
- expectedAsciiAll,
- plContext);
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_List *setGenNames = NULL;
+ PKIX_List *getGenNames = NULL;
+ PKIX_PL_GeneralName *rfc822GenName = NULL;
+ PKIX_PL_GeneralName *dnsGenName = NULL;
+ PKIX_PL_GeneralName *dirGenName = NULL;
+ PKIX_PL_GeneralName *uriGenName = NULL;
+ PKIX_PL_GeneralName *oidGenName = NULL;
+ char *rfc822Name = "john.doe@labs.com";
+ char *dnsName = "comcast.net";
+ char *dirName = "cn=john, ou=labs, o=sun, c=us";
+ char *uriName = "http://comcast.net";
+ char *oidName = "1.2.840.11";
+ char *expectedAscii =
+ "(john.doe@labs.com, "
+ "comcast.net, "
+ "CN=john,OU=labs,O=sun,C=us, "
+ "http://comcast.net)";
+ char *expectedAsciiAll =
+ "(john.doe@labs.com, "
+ "comcast.net, "
+ "CN=john,OU=labs,O=sun,C=us, "
+ "http://comcast.net, "
+ "1.2.840.11)";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_GeneralName_Create");
+ dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext);
+ uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext);
+ oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext);
+ dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext);
+ rfc822GenName = createGeneralName(PKIX_RFC822_NAME,
+ rfc822Name,
+ plContext);
+
+ subTest("PKIX_PL_GeneralName List create and append");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext));
+
+ subTest("PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+ subTest("PKIX_ComCertSelParams_SetPathToNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(goodParams, setGenNames, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetPathToNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext));
+
+ subTest("Compare GeneralName List");
+ testEqualsHelper((PKIX_PL_Object *)setGenNames,
+ (PKIX_PL_Object *)getGenNames,
+ PKIX_TRUE,
+ plContext);
+
+ subTest("Compare GeneralName List with canned string");
+ testToStringHelper((PKIX_PL_Object *)getGenNames,
+ expectedAscii,
+ plContext);
+
+ subTest("PKIX_ComCertSelParams_AddPathToName");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(goodParams, oidGenName, plContext));
+
+ PKIX_TEST_DECREF_BC(getGenNames);
+
+ subTest("PKIX_ComCertSelParams_GetPathToNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext));
+
+ subTest("Compare GeneralName List with canned string");
+ testToStringHelper((PKIX_PL_Object *)getGenNames,
+ expectedAsciiAll,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_DECREF_AC(setGenNames);
- PKIX_TEST_DECREF_AC(getGenNames);
- PKIX_TEST_DECREF_AC(rfc822GenName);
- PKIX_TEST_DECREF_AC(dnsGenName);
- PKIX_TEST_DECREF_AC(dirGenName);
- PKIX_TEST_DECREF_AC(uriGenName);
- PKIX_TEST_DECREF_AC(oidGenName);
+ PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(setGenNames);
+ PKIX_TEST_DECREF_AC(getGenNames);
+ PKIX_TEST_DECREF_AC(rfc822GenName);
+ PKIX_TEST_DECREF_AC(dnsGenName);
+ PKIX_TEST_DECREF_AC(dirGenName);
+ PKIX_TEST_DECREF_AC(uriGenName);
+ PKIX_TEST_DECREF_AC(oidGenName);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void test_SubjAltNames(void)
+static void
+test_SubjAltNames(void)
{
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_List *setGenNames = NULL;
- PKIX_List *getGenNames = NULL;
- PKIX_PL_GeneralName *rfc822GenName = NULL;
- PKIX_PL_GeneralName *dnsGenName = NULL;
- PKIX_PL_GeneralName *dirGenName = NULL;
- PKIX_PL_GeneralName *uriGenName = NULL;
- PKIX_PL_GeneralName *oidGenName = NULL;
- PKIX_Boolean matchAll = PKIX_TRUE;
- char *rfc822Name = "john.doe@labs.com";
- char *dnsName = "comcast.net";
- char *dirName = "cn=john, ou=labs, o=sun, c=us";
- char *uriName = "http://comcast.net";
- char *oidName = "1.2.840.11";
- char *expectedAscii =
- "(john.doe@labs.com, "
- "comcast.net, "
- "CN=john,OU=labs,O=sun,C=us, "
- "http://comcast.net)";
- char *expectedAsciiAll =
- "(john.doe@labs.com, "
- "comcast.net, "
- "CN=john,OU=labs,O=sun,C=us, "
- "http://comcast.net, "
- "1.2.840.11)";
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_GeneralName_Create");
- dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext);
- uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext);
- oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext);
- dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext);
- rfc822GenName = createGeneralName
- (PKIX_RFC822_NAME,
- rfc822Name,
- plContext);
-
- subTest("PKIX_PL_GeneralName List create and append");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setGenNames, (PKIX_PL_Object *)dnsGenName, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setGenNames, (PKIX_PL_Object *)dirGenName, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setGenNames, (PKIX_PL_Object *)uriGenName, plContext));
-
- subTest("PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
-
- subTest("PKIX_ComCertSelParams_SetSubjAltNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames
- (goodParams, setGenNames, plContext));
-
- subTest("PKIX_ComCertSelParams_GetSubjAltNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames
- (goodParams, &getGenNames, plContext));
-
- subTest("Compare GeneralName List");
- testEqualsHelper((PKIX_PL_Object *)setGenNames,
- (PKIX_PL_Object *)getGenNames,
- PKIX_TRUE,
- plContext);
-
- subTest("Compare GeneralName List with canned string");
- testToStringHelper
- ((PKIX_PL_Object *)getGenNames,
- expectedAscii,
- plContext);
-
-
- subTest("PKIX_ComCertSelParams_AddSubjAltName");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName
- (goodParams, oidGenName, plContext));
-
- PKIX_TEST_DECREF_BC(getGenNames);
-
- subTest("PKIX_ComCertSelParams_GetSubjAltNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames
- (goodParams, &getGenNames, plContext));
-
- subTest("Compare GeneralName List with canned string");
- testToStringHelper
- ((PKIX_PL_Object *)getGenNames,
- expectedAsciiAll,
- plContext);
-
- subTest("PKIX_ComCertSelParams_GetMatchAllSubjAltNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames
- (goodParams, &matchAll, plContext));
- if (matchAll != PKIX_TRUE) {
- testError("unexpected mismatch <expect TRUE>");
- }
-
- subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames
- (goodParams, PKIX_FALSE, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames
- (goodParams, &matchAll, plContext));
- if (matchAll != PKIX_FALSE) {
- testError("unexpected mismatch <expect FALSE>");
- }
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_List *setGenNames = NULL;
+ PKIX_List *getGenNames = NULL;
+ PKIX_PL_GeneralName *rfc822GenName = NULL;
+ PKIX_PL_GeneralName *dnsGenName = NULL;
+ PKIX_PL_GeneralName *dirGenName = NULL;
+ PKIX_PL_GeneralName *uriGenName = NULL;
+ PKIX_PL_GeneralName *oidGenName = NULL;
+ PKIX_Boolean matchAll = PKIX_TRUE;
+ char *rfc822Name = "john.doe@labs.com";
+ char *dnsName = "comcast.net";
+ char *dirName = "cn=john, ou=labs, o=sun, c=us";
+ char *uriName = "http://comcast.net";
+ char *oidName = "1.2.840.11";
+ char *expectedAscii =
+ "(john.doe@labs.com, "
+ "comcast.net, "
+ "CN=john,OU=labs,O=sun,C=us, "
+ "http://comcast.net)";
+ char *expectedAsciiAll =
+ "(john.doe@labs.com, "
+ "comcast.net, "
+ "CN=john,OU=labs,O=sun,C=us, "
+ "http://comcast.net, "
+ "1.2.840.11)";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_GeneralName_Create");
+ dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext);
+ uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext);
+ oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext);
+ dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext);
+ rfc822GenName = createGeneralName(PKIX_RFC822_NAME,
+ rfc822Name,
+ plContext);
+
+ subTest("PKIX_PL_GeneralName List create and append");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext));
+
+ subTest("PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+ subTest("PKIX_ComCertSelParams_SetSubjAltNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(goodParams, setGenNames, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetSubjAltNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext));
+
+ subTest("Compare GeneralName List");
+ testEqualsHelper((PKIX_PL_Object *)setGenNames,
+ (PKIX_PL_Object *)getGenNames,
+ PKIX_TRUE,
+ plContext);
+
+ subTest("Compare GeneralName List with canned string");
+ testToStringHelper((PKIX_PL_Object *)getGenNames,
+ expectedAscii,
+ plContext);
+
+ subTest("PKIX_ComCertSelParams_AddSubjAltName");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(goodParams, oidGenName, plContext));
+
+ PKIX_TEST_DECREF_BC(getGenNames);
+
+ subTest("PKIX_ComCertSelParams_GetSubjAltNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext));
+
+ subTest("Compare GeneralName List with canned string");
+ testToStringHelper((PKIX_PL_Object *)getGenNames,
+ expectedAsciiAll,
+ plContext);
+
+ subTest("PKIX_ComCertSelParams_GetMatchAllSubjAltNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext));
+ if (matchAll != PKIX_TRUE) {
+ testError("unexpected mismatch <expect TRUE>");
+ }
+
+ subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(goodParams, PKIX_FALSE, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext));
+ if (matchAll != PKIX_FALSE) {
+ testError("unexpected mismatch <expect FALSE>");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_DECREF_AC(setGenNames);
- PKIX_TEST_DECREF_AC(getGenNames);
- PKIX_TEST_DECREF_AC(rfc822GenName);
- PKIX_TEST_DECREF_AC(dnsGenName);
- PKIX_TEST_DECREF_AC(dirGenName);
- PKIX_TEST_DECREF_AC(uriGenName);
- PKIX_TEST_DECREF_AC(oidGenName);
+ PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(setGenNames);
+ PKIX_TEST_DECREF_AC(getGenNames);
+ PKIX_TEST_DECREF_AC(rfc822GenName);
+ PKIX_TEST_DECREF_AC(dnsGenName);
+ PKIX_TEST_DECREF_AC(dirGenName);
+ PKIX_TEST_DECREF_AC(uriGenName);
+ PKIX_TEST_DECREF_AC(oidGenName);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void test_KeyUsages(void)
+static void
+test_KeyUsages(void)
{
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_PL_OID *ekuOid = NULL;
- PKIX_List *setExtKeyUsage = NULL;
- PKIX_List *getExtKeyUsage = NULL;
- PKIX_UInt32 getKeyUsage = 0;
- PKIX_UInt32 setKeyUsage = 0x1FF;
- PKIX_Boolean isEqual = PKIX_FALSE;
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
-
- subTest("PKIX_ComCertSelParams_SetKeyUsage");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage
- (goodParams, setKeyUsage, plContext));
-
- subTest("PKIX_ComCertSelParams_GetKeyUsage");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetKeyUsage
- (goodParams, &getKeyUsage, plContext));
-
- if (setKeyUsage != getKeyUsage) {
- testError("unexpected KeyUsage mismatch <expect equal>");
- }
-
- subTest("PKIX_PL_OID List create and append");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setExtKeyUsage, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- ("1.3.6.1.5.5.7.3.1", &ekuOid, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext));
- PKIX_TEST_DECREF_BC(ekuOid);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- ("1.3.6.1.5.5.7.3.8", &ekuOid, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext));
- PKIX_TEST_DECREF_BC(ekuOid);
-
- subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage
- (goodParams, setExtKeyUsage, plContext));
-
- subTest("PKIX_ComCertSelParams_GetExtendedKeyUsage");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetExtendedKeyUsage
- (goodParams, &getExtKeyUsage, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setExtKeyUsage,
- (PKIX_PL_Object *)getExtKeyUsage,
- &isEqual,
- plContext));
-
- if (isEqual == PKIX_FALSE) {
- testError("unexpected ExtKeyUsage mismatch <expect equal>");
- }
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_PL_OID *ekuOid = NULL;
+ PKIX_List *setExtKeyUsage = NULL;
+ PKIX_List *getExtKeyUsage = NULL;
+ PKIX_UInt32 getKeyUsage = 0;
+ PKIX_UInt32 setKeyUsage = 0x1FF;
+ PKIX_Boolean isEqual = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+ subTest("PKIX_ComCertSelParams_SetKeyUsage");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, setKeyUsage, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetKeyUsage");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetKeyUsage(goodParams, &getKeyUsage, plContext));
+
+ if (setKeyUsage != getKeyUsage) {
+ testError("unexpected KeyUsage mismatch <expect equal>");
+ }
+
+ subTest("PKIX_PL_OID List create and append");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setExtKeyUsage, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.1", &ekuOid, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext));
+ PKIX_TEST_DECREF_BC(ekuOid);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.8", &ekuOid, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext));
+ PKIX_TEST_DECREF_BC(ekuOid);
+
+ subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, setExtKeyUsage, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetExtendedKeyUsage");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetExtendedKeyUsage(goodParams, &getExtKeyUsage, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setExtKeyUsage,
+ (PKIX_PL_Object *)getExtKeyUsage,
+ &isEqual,
+ plContext));
+
+ if (isEqual == PKIX_FALSE) {
+ testError("unexpected ExtKeyUsage mismatch <expect equal>");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(ekuOid);
- PKIX_TEST_DECREF_AC(setExtKeyUsage);
- PKIX_TEST_DECREF_AC(getExtKeyUsage);
- PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(ekuOid);
+ PKIX_TEST_DECREF_AC(setExtKeyUsage);
+ PKIX_TEST_DECREF_AC(getExtKeyUsage);
+ PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void test_Version_Issuer_SerialNumber(void)
+static void
+test_Version_Issuer_SerialNumber(void)
{
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_UInt32 version = 0;
- PKIX_PL_X500Name *setIssuer = NULL;
- PKIX_PL_X500Name *getIssuer = NULL;
- PKIX_PL_String *str = NULL;
- PKIX_PL_BigInt *setSerialNumber = NULL;
- PKIX_PL_BigInt *getSerialNumber = NULL;
- PKIX_Boolean isEqual = PKIX_FALSE;
- char *bigInt = "999999999999999999";
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
-
- /* Version */
- subTest("PKIX_ComCertSelParams_SetVersion");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion
- (goodParams, 2, plContext));
-
- subTest("PKIX_ComCertSelParams_GetVersion");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetVersion
- (goodParams, &version, plContext));
-
- if (version != 2) {
- testError("unexpected Version mismatch <expect 2>");
- }
-
- /* Issuer */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, "CN=Test,O=Sun,C=US", 0, &str, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create
- (str, &setIssuer, plContext));
-
- PKIX_TEST_DECREF_BC(str);
-
- subTest("PKIX_ComCertSelParams_SetIssuer");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer
- (goodParams, setIssuer, plContext));
-
- subTest("PKIX_ComCertSelParams_GetIssuer");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetIssuer
- (goodParams, &getIssuer, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setIssuer,
- (PKIX_PL_Object *)getIssuer,
- &isEqual,
- plContext));
-
- if (isEqual == PKIX_FALSE) {
- testError("unexpected Issuer mismatch <expect equal>");
- }
-
- /* Serial Number */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, bigInt, PL_strlen(bigInt), &str, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create
- (str, &setSerialNumber, plContext));
-
- subTest("PKIX_ComCertSelParams_SetSerialNumber");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber
- (goodParams, setSerialNumber, plContext));
-
- subTest("PKIX_ComCertSelParams_GetSerialNumber");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSerialNumber
- (goodParams, &getSerialNumber, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setSerialNumber,
- (PKIX_PL_Object *)getSerialNumber,
- &isEqual,
- plContext));
-
- if (isEqual == PKIX_FALSE) {
- testError("unexpected Serial Number mismatch <expect equal>");
- }
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_UInt32 version = 0;
+ PKIX_PL_X500Name *setIssuer = NULL;
+ PKIX_PL_X500Name *getIssuer = NULL;
+ PKIX_PL_String *str = NULL;
+ PKIX_PL_BigInt *setSerialNumber = NULL;
+ PKIX_PL_BigInt *getSerialNumber = NULL;
+ PKIX_Boolean isEqual = PKIX_FALSE;
+ char *bigInt = "999999999999999999";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+ /* Version */
+ subTest("PKIX_ComCertSelParams_SetVersion");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetVersion");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetVersion(goodParams, &version, plContext));
+
+ if (version != 2) {
+ testError("unexpected Version mismatch <expect 2>");
+ }
+
+ /* Issuer */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "CN=Test,O=Sun,C=US", 0, &str, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(str, &setIssuer, plContext));
+
+ PKIX_TEST_DECREF_BC(str);
+
+ subTest("PKIX_ComCertSelParams_SetIssuer");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, setIssuer, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetIssuer");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetIssuer(goodParams, &getIssuer, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuer,
+ (PKIX_PL_Object *)getIssuer,
+ &isEqual,
+ plContext));
+
+ if (isEqual == PKIX_FALSE) {
+ testError("unexpected Issuer mismatch <expect equal>");
+ }
+
+ /* Serial Number */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, bigInt, PL_strlen(bigInt), &str, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(str, &setSerialNumber, plContext));
+
+ subTest("PKIX_ComCertSelParams_SetSerialNumber");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, setSerialNumber, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetSerialNumber");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSerialNumber(goodParams, &getSerialNumber, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setSerialNumber,
+ (PKIX_PL_Object *)getSerialNumber,
+ &isEqual,
+ plContext));
+
+ if (isEqual == PKIX_FALSE) {
+ testError("unexpected Serial Number mismatch <expect equal>");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(str);
- PKIX_TEST_DECREF_AC(setIssuer);
- PKIX_TEST_DECREF_AC(getIssuer);
- PKIX_TEST_DECREF_AC(setSerialNumber);
- PKIX_TEST_DECREF_AC(getSerialNumber);
- PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(str);
+ PKIX_TEST_DECREF_AC(setIssuer);
+ PKIX_TEST_DECREF_AC(getIssuer);
+ PKIX_TEST_DECREF_AC(setSerialNumber);
+ PKIX_TEST_DECREF_AC(getSerialNumber);
+ PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void test_SubjKeyId_AuthKeyId(void)
+static void
+test_SubjKeyId_AuthKeyId(void)
{
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_PL_ByteArray *setKeyId = NULL;
- PKIX_PL_ByteArray *getKeyId = NULL;
- PKIX_Boolean isEqual = PKIX_FALSE;
-
- PKIX_TEST_STD_VARS();
-
- /* Subject Key Identifier */
- subTest("PKIX_PL_ByteArray_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create
- ((void*)"66099", 1, &setKeyId, plContext));
-
- subTest("PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
-
- subTest("PKIX_ComCertSelParams_SetSubjectKeyIdentifier");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier
- (goodParams, setKeyId, plContext));
-
- subTest("PKIX_ComCertSelParams_GetSubjectKeyIdentifier");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjKeyIdentifier
- (goodParams, &getKeyId, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setKeyId,
- (PKIX_PL_Object *)getKeyId,
- &isEqual,
- plContext));
-
- if (isEqual == PKIX_FALSE) {
- testError("unexpected Subject Key Id mismatch <expect equal>");
- }
-
- PKIX_TEST_DECREF_BC(setKeyId);
- PKIX_TEST_DECREF_BC(getKeyId);
-
- /* Authority Key Identifier */
- subTest("PKIX_PL_ByteArray_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create
- ((void*)"11022", 1, &setKeyId, plContext));
-
- subTest("PKIX_ComCertSelParams_SetAuthorityKeyIdentifier");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetAuthorityKeyIdentifier
- (goodParams, setKeyId, plContext));
-
- subTest("PKIX_ComCertSelParams_GetAuthorityKeyIdentifier");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_GetAuthorityKeyIdentifier
- (goodParams, &getKeyId, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setKeyId,
- (PKIX_PL_Object *)getKeyId,
- &isEqual,
- plContext));
-
- if (isEqual == PKIX_FALSE) {
- testError("unexpected Auth Key Id mismatch <expect equal>");
- }
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_PL_ByteArray *setKeyId = NULL;
+ PKIX_PL_ByteArray *getKeyId = NULL;
+ PKIX_Boolean isEqual = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+
+ /* Subject Key Identifier */
+ subTest("PKIX_PL_ByteArray_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"66099", 1, &setKeyId, plContext));
+
+ subTest("PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+ subTest("PKIX_ComCertSelParams_SetSubjectKeyIdentifier");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(goodParams, setKeyId, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetSubjectKeyIdentifier");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjKeyIdentifier(goodParams, &getKeyId, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId,
+ (PKIX_PL_Object *)getKeyId,
+ &isEqual,
+ plContext));
+
+ if (isEqual == PKIX_FALSE) {
+ testError("unexpected Subject Key Id mismatch <expect equal>");
+ }
+
+ PKIX_TEST_DECREF_BC(setKeyId);
+ PKIX_TEST_DECREF_BC(getKeyId);
+
+ /* Authority Key Identifier */
+ subTest("PKIX_PL_ByteArray_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"11022", 1, &setKeyId, plContext));
+
+ subTest("PKIX_ComCertSelParams_SetAuthorityKeyIdentifier");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(goodParams, setKeyId, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetAuthorityKeyIdentifier");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(goodParams, &getKeyId, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId,
+ (PKIX_PL_Object *)getKeyId,
+ &isEqual,
+ plContext));
+
+ if (isEqual == PKIX_FALSE) {
+ testError("unexpected Auth Key Id mismatch <expect equal>");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(setKeyId);
- PKIX_TEST_DECREF_AC(getKeyId);
- PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(setKeyId);
+ PKIX_TEST_DECREF_AC(getKeyId);
+ PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void test_SubjAlgId_SubjPublicKey(char *dirName)
+static void
+test_SubjAlgId_SubjPublicKey(char *dirName)
{
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_PL_OID *setAlgId = NULL;
- PKIX_PL_OID *getAlgId = NULL;
- PKIX_PL_Cert *goodCert = NULL;
- PKIX_PL_PublicKey *setPublicKey = NULL;
- PKIX_PL_PublicKey *getPublicKey = NULL;
- PKIX_Boolean isEqual = PKIX_FALSE;
-
- PKIX_TEST_STD_VARS();
-
- /* Subject Algorithm Identifier */
- subTest("PKIX_PL_OID_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- ("1.1.2.3", &setAlgId, plContext));
-
- subTest("PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
-
- subTest("PKIX_ComCertSelParams_SetSubjPKAlgId");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId
- (goodParams, setAlgId, plContext));
-
- subTest("PKIX_ComCertSelParams_GetSubjPKAlgId");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPKAlgId
- (goodParams, &getAlgId, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setAlgId,
- (PKIX_PL_Object *)getAlgId,
- &isEqual,
- plContext));
-
- if (isEqual == PKIX_FALSE) {
- testError("unexpected Subject Public Key Alg mismatch "
- "<expect equal>");
- }
-
- /* Subject Public Key */
- subTest("Getting Cert for Subject Public Key");
-
- goodCert = createCert
- (dirName, "nameConstraintsDN2CACert.crt", plContext);
-
- subTest("PKIX_PL_Cert_GetSubjectPublicKey");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (goodCert, &setPublicKey, plContext));
-
- subTest("PKIX_ComCertSelParams_SetSubjPubKey");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey
- (goodParams, setPublicKey, plContext));
-
- subTest("PKIX_ComCertSelParams_GetSubjPubKey");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPubKey
- (goodParams, &getPublicKey, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setPublicKey,
- (PKIX_PL_Object *)getPublicKey,
- &isEqual,
- plContext));
-
- if (isEqual == PKIX_FALSE) {
- testError("unexpected Subject Public Key mismatch "
- "<expect equal>");
- }
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_PL_OID *setAlgId = NULL;
+ PKIX_PL_OID *getAlgId = NULL;
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_PublicKey *setPublicKey = NULL;
+ PKIX_PL_PublicKey *getPublicKey = NULL;
+ PKIX_Boolean isEqual = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+
+ /* Subject Algorithm Identifier */
+ subTest("PKIX_PL_OID_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.1.2.3", &setAlgId, plContext));
+
+ subTest("PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+ subTest("PKIX_ComCertSelParams_SetSubjPKAlgId");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(goodParams, setAlgId, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetSubjPKAlgId");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPKAlgId(goodParams, &getAlgId, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setAlgId,
+ (PKIX_PL_Object *)getAlgId,
+ &isEqual,
+ plContext));
+
+ if (isEqual == PKIX_FALSE) {
+ testError("unexpected Subject Public Key Alg mismatch "
+ "<expect equal>");
+ }
+
+ /* Subject Public Key */
+ subTest("Getting Cert for Subject Public Key");
+
+ goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext);
+
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodCert, &setPublicKey, plContext));
+
+ subTest("PKIX_ComCertSelParams_SetSubjPubKey");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(goodParams, setPublicKey, plContext));
+
+ subTest("PKIX_ComCertSelParams_GetSubjPubKey");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPubKey(goodParams, &getPublicKey, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setPublicKey,
+ (PKIX_PL_Object *)getPublicKey,
+ &isEqual,
+ plContext));
+
+ if (isEqual == PKIX_FALSE) {
+ testError("unexpected Subject Public Key mismatch "
+ "<expect equal>");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(setAlgId);
- PKIX_TEST_DECREF_AC(getAlgId);
- PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_DECREF_AC(goodCert);
- PKIX_TEST_DECREF_AC(setPublicKey);
- PKIX_TEST_DECREF_AC(getPublicKey);
+ PKIX_TEST_DECREF_AC(setAlgId);
+ PKIX_TEST_DECREF_AC(getAlgId);
+ PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(setPublicKey);
+ PKIX_TEST_DECREF_AC(getPublicKey);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(void) {
- (void) printf("\nUSAGE:\ttest_comcertselparams <NIST_FILES_DIR> \n\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_comcertselparams <NIST_FILES_DIR> \n\n");
}
-int test_comcertselparams(int argc, char *argv[]) {
-
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- PKIX_PL_Cert *testCert = NULL;
- PKIX_PL_Cert *goodCert = NULL;
- PKIX_PL_Cert *equalCert = NULL;
- PKIX_PL_Cert *diffCert = NULL;
- PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
- PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
- PKIX_List *testPolicyInfos = NULL; /* CertPolicyInfos */
- PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */
-
- PKIX_ComCertSelParams *goodParams = NULL;
- PKIX_ComCertSelParams *equalParams = NULL;
- PKIX_PL_X500Name *goodSubject = NULL;
- PKIX_PL_X500Name *equalSubject = NULL;
- PKIX_PL_X500Name *diffSubject = NULL;
- PKIX_PL_X500Name *testSubject = NULL;
- PKIX_Int32 goodMinPathLength = 0;
- PKIX_Int32 equalMinPathLength = 0;
- PKIX_Int32 diffMinPathLength = 0;
- PKIX_Int32 testMinPathLength = 0;
- PKIX_List *goodPolicies = NULL; /* OIDs */
- PKIX_List *equalPolicies = NULL; /* OIDs */
- PKIX_List *testPolicies = NULL; /* OIDs */
- PKIX_List *cert2Policies = NULL; /* OIDs */
-
- PKIX_PL_Date *testDate = NULL;
- PKIX_PL_Date *goodDate = NULL;
- PKIX_PL_Date *equalDate = NULL;
- PKIX_PL_String *stringRep = NULL;
- char *asciiRep = NULL;
- char *dirName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 2) {
- printUsage();
- return (0);
- }
-
- startTests("ComCertSelParams");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- dirName = argv[j+1];
-
- asciiRep = "050501000000Z";
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext));
-
- testCert = createCert
- (dirName, "PoliciesP1234CACert.crt", plContext);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject
- (testCert, &testSubject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints
- (testCert, &goodBasicConstraints, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint
- (goodBasicConstraints, &testMinPathLength, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (testCert, &testPolicyInfos, plContext));
-
- /* Convert from List of CertPolicyInfos to List of OIDs */
- test_CreateOIDList(testPolicyInfos, &testPolicies);
-
- subTest("Create goodParams and set its fields");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&goodParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject
- (goodParams, testSubject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints
- (goodParams, testMinPathLength, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid
- (goodParams, testDate, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy
- (goodParams, testPolicies, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate
- (goodParams, testCert, plContext));
-
- subTest("Duplicate goodParams and verify copy");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)goodParams,
- (PKIX_PL_Object **)&equalParams,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject
- (goodParams, &goodSubject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints
- (goodParams, &goodMinPathLength, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_GetCertificate
- (goodParams, &goodCert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid
- (goodParams, &goodDate, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy
- (goodParams, &goodPolicies, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject
- (equalParams, &equalSubject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints
- (equalParams, &equalMinPathLength, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy
- (equalParams, &equalPolicies, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate
- (equalParams, &equalCert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid
- (equalParams, &equalDate, plContext));
-
- testEqualsHelper
- ((PKIX_PL_Object *)goodSubject,
- (PKIX_PL_Object *)equalSubject,
- PKIX_TRUE,
- plContext);
-
- if (goodMinPathLength != equalMinPathLength) {
- testError("unexpected mismatch");
- (void) printf("goodMinPathLength:\t%d\n", goodMinPathLength);
- (void) printf("equalMinPathLength:\t%d\n", equalMinPathLength);
- }
-
- testEqualsHelper((PKIX_PL_Object *)goodPolicies,
- (PKIX_PL_Object *)equalPolicies,
- PKIX_TRUE,
- plContext);
-
- testEqualsHelper((PKIX_PL_Object *)goodCert,
- (PKIX_PL_Object *)equalCert,
- PKIX_TRUE,
- plContext);
-
- testEqualsHelper((PKIX_PL_Object *)goodDate,
- (PKIX_PL_Object *)equalDate,
- PKIX_TRUE,
- plContext);
-
- PKIX_TEST_DECREF_BC(equalSubject);
- PKIX_TEST_DECREF_BC(equalPolicies);
- PKIX_TEST_DECREF_BC(equalCert);
- PKIX_TEST_DECREF_AC(equalDate);
-
- subTest("Set different values and verify differences");
-
- diffCert = createCert
- (dirName, "pathLenConstraint6CACert.crt", plContext);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject
- (diffCert, &diffSubject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints
- (diffCert, &diffBasicConstraints, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint
- (diffBasicConstraints, &diffMinPathLength, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (diffCert, &cert2PolicyInfos, plContext));
- test_CreateOIDList(cert2PolicyInfos, &cert2Policies);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(
- equalParams, diffSubject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints
- (equalParams, diffMinPathLength, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy
- (equalParams, cert2Policies, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject
- (equalParams, &equalSubject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints
- (equalParams, &equalMinPathLength, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy
- (equalParams, &equalPolicies, plContext));
-
- testEqualsHelper
- ((PKIX_PL_Object *)goodSubject,
- (PKIX_PL_Object *)equalSubject,
- PKIX_FALSE,
- plContext);
-
- if (goodMinPathLength == equalMinPathLength) {
- testError("unexpected match");
- (void) printf("goodMinPathLength:\t%d\n", goodMinPathLength);
- (void) printf("equalMinPathLength:\t%d\n", equalMinPathLength);
- }
-
- testEqualsHelper
- ((PKIX_PL_Object *)goodPolicies,
- (PKIX_PL_Object *)equalPolicies,
- PKIX_FALSE,
- plContext);
-
- test_NameConstraints(dirName);
- test_PathToNames();
- test_SubjAltNames();
- test_KeyUsages();
- test_Version_Issuer_SerialNumber();
- test_SubjKeyId_AuthKeyId();
- test_SubjAlgId_SubjPublicKey(dirName);
+int
+test_comcertselparams(int argc, char *argv[])
+{
+
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_PL_Cert *testCert = NULL;
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
+ PKIX_List *testPolicyInfos = NULL; /* CertPolicyInfos */
+ PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */
+
+ PKIX_ComCertSelParams *goodParams = NULL;
+ PKIX_ComCertSelParams *equalParams = NULL;
+ PKIX_PL_X500Name *goodSubject = NULL;
+ PKIX_PL_X500Name *equalSubject = NULL;
+ PKIX_PL_X500Name *diffSubject = NULL;
+ PKIX_PL_X500Name *testSubject = NULL;
+ PKIX_Int32 goodMinPathLength = 0;
+ PKIX_Int32 equalMinPathLength = 0;
+ PKIX_Int32 diffMinPathLength = 0;
+ PKIX_Int32 testMinPathLength = 0;
+ PKIX_List *goodPolicies = NULL; /* OIDs */
+ PKIX_List *equalPolicies = NULL; /* OIDs */
+ PKIX_List *testPolicies = NULL; /* OIDs */
+ PKIX_List *cert2Policies = NULL; /* OIDs */
+
+ PKIX_PL_Date *testDate = NULL;
+ PKIX_PL_Date *goodDate = NULL;
+ PKIX_PL_Date *equalDate = NULL;
+ PKIX_PL_String *stringRep = NULL;
+ char *asciiRep = NULL;
+ char *dirName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 2) {
+ printUsage();
+ return (0);
+ }
+
+ startTests("ComCertSelParams");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ dirName = argv[j + 1];
+
+ asciiRep = "050501000000Z";
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext));
+
+ testCert = createCert(dirName, "PoliciesP1234CACert.crt", plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(testCert, &testSubject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(testCert, &goodBasicConstraints, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &testMinPathLength, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(testCert, &testPolicyInfos, plContext));
+
+ /* Convert from List of CertPolicyInfos to List of OIDs */
+ test_CreateOIDList(testPolicyInfos, &testPolicies);
+
+ subTest("Create goodParams and set its fields");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(goodParams, testSubject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(goodParams, testMinPathLength, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, testDate, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(goodParams, testPolicies, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(goodParams, testCert, plContext));
+
+ subTest("Duplicate goodParams and verify copy");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodParams,
+ (PKIX_PL_Object **)&equalParams,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodMinPathLength, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicies, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext));
+
+ testEqualsHelper((PKIX_PL_Object *)goodSubject,
+ (PKIX_PL_Object *)equalSubject,
+ PKIX_TRUE,
+ plContext);
+
+ if (goodMinPathLength != equalMinPathLength) {
+ testError("unexpected mismatch");
+ (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength);
+ (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength);
+ }
+
+ testEqualsHelper((PKIX_PL_Object *)goodPolicies,
+ (PKIX_PL_Object *)equalPolicies,
+ PKIX_TRUE,
+ plContext);
+
+ testEqualsHelper((PKIX_PL_Object *)goodCert,
+ (PKIX_PL_Object *)equalCert,
+ PKIX_TRUE,
+ plContext);
+
+ testEqualsHelper((PKIX_PL_Object *)goodDate,
+ (PKIX_PL_Object *)equalDate,
+ PKIX_TRUE,
+ plContext);
+
+ PKIX_TEST_DECREF_BC(equalSubject);
+ PKIX_TEST_DECREF_BC(equalPolicies);
+ PKIX_TEST_DECREF_BC(equalCert);
+ PKIX_TEST_DECREF_AC(equalDate);
+
+ subTest("Set different values and verify differences");
+
+ diffCert = createCert(dirName, "pathLenConstraint6CACert.crt", plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffSubject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, &diffBasicConstraints, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffMinPathLength, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &cert2PolicyInfos, plContext));
+ test_CreateOIDList(cert2PolicyInfos, &cert2Policies);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(
+ equalParams, diffSubject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(equalParams, diffMinPathLength, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(equalParams, cert2Policies, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext));
+
+ testEqualsHelper((PKIX_PL_Object *)goodSubject,
+ (PKIX_PL_Object *)equalSubject,
+ PKIX_FALSE,
+ plContext);
+
+ if (goodMinPathLength == equalMinPathLength) {
+ testError("unexpected match");
+ (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength);
+ (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength);
+ }
+
+ testEqualsHelper((PKIX_PL_Object *)goodPolicies,
+ (PKIX_PL_Object *)equalPolicies,
+ PKIX_FALSE,
+ plContext);
+
+ test_NameConstraints(dirName);
+ test_PathToNames();
+ test_SubjAltNames();
+ test_KeyUsages();
+ test_Version_Issuer_SerialNumber();
+ test_SubjKeyId_AuthKeyId();
+ test_SubjAlgId_SubjPublicKey(dirName);
cleanup:
- PKIX_TEST_DECREF_AC(testSubject);
- PKIX_TEST_DECREF_AC(goodSubject);
- PKIX_TEST_DECREF_AC(equalSubject);
- PKIX_TEST_DECREF_AC(diffSubject);
- PKIX_TEST_DECREF_AC(testSubject);
- PKIX_TEST_DECREF_AC(goodPolicies);
- PKIX_TEST_DECREF_AC(equalPolicies);
- PKIX_TEST_DECREF_AC(testPolicies);
- PKIX_TEST_DECREF_AC(cert2Policies);
- PKIX_TEST_DECREF_AC(goodParams);
- PKIX_TEST_DECREF_AC(equalParams);
- PKIX_TEST_DECREF_AC(goodCert);
- PKIX_TEST_DECREF_AC(diffCert);
- PKIX_TEST_DECREF_AC(testCert);
- PKIX_TEST_DECREF_AC(goodBasicConstraints);
- PKIX_TEST_DECREF_AC(diffBasicConstraints);
- PKIX_TEST_DECREF_AC(testPolicyInfos);
- PKIX_TEST_DECREF_AC(cert2PolicyInfos);
- PKIX_TEST_DECREF_AC(stringRep);
- PKIX_TEST_DECREF_AC(testDate);
- PKIX_TEST_DECREF_AC(goodDate);
-
-
- PKIX_Shutdown(plContext);
-
- PKIX_TEST_RETURN();
-
- endTests("ComCertSelParams");
-
- return (0);
+ PKIX_TEST_DECREF_AC(testSubject);
+ PKIX_TEST_DECREF_AC(goodSubject);
+ PKIX_TEST_DECREF_AC(equalSubject);
+ PKIX_TEST_DECREF_AC(diffSubject);
+ PKIX_TEST_DECREF_AC(testSubject);
+ PKIX_TEST_DECREF_AC(goodPolicies);
+ PKIX_TEST_DECREF_AC(equalPolicies);
+ PKIX_TEST_DECREF_AC(testPolicies);
+ PKIX_TEST_DECREF_AC(cert2Policies);
+ PKIX_TEST_DECREF_AC(goodParams);
+ PKIX_TEST_DECREF_AC(equalParams);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_DECREF_AC(testCert);
+ PKIX_TEST_DECREF_AC(goodBasicConstraints);
+ PKIX_TEST_DECREF_AC(diffBasicConstraints);
+ PKIX_TEST_DECREF_AC(testPolicyInfos);
+ PKIX_TEST_DECREF_AC(cert2PolicyInfos);
+ PKIX_TEST_DECREF_AC(stringRep);
+ PKIX_TEST_DECREF_AC(testDate);
+ PKIX_TEST_DECREF_AC(goodDate);
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("ComCertSelParams");
+
+ return (0);
}
diff --git a/cmd/libpkix/pkix/checker/test_certchainchecker.c b/cmd/libpkix/pkix/checker/test_certchainchecker.c
index f3cedb23a..5fab3a692 100755..100644
--- a/cmd/libpkix/pkix/checker/test_certchainchecker.c
+++ b/cmd/libpkix/pkix/checker/test_certchainchecker.c
@@ -13,210 +13,173 @@
static void *plContext = NULL;
-
-static
-PKIX_Error *dummyChecker_Check(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticalExtensions,
- void **pNBIOContext,
- void *plContext)
+static PKIX_Error *
+dummyChecker_Check(
+ PKIX_CertChainChecker *checker,
+ PKIX_PL_Cert *cert,
+ PKIX_List *unresolvedCriticalExtensions,
+ void **pNBIOContext,
+ void *plContext)
{
- goto cleanup;
+ goto cleanup;
cleanup:
- return(NULL);
+ return (NULL);
}
-
-static
-void test_CertChainChecker_Duplicate(PKIX_CertChainChecker *original)
+static void
+test_CertChainChecker_Duplicate(PKIX_CertChainChecker *original)
{
- PKIX_Boolean originalForward = PKIX_FALSE;
- PKIX_Boolean copyForward = PKIX_FALSE;
- PKIX_Boolean originalForwardDir = PKIX_FALSE;
- PKIX_Boolean copyForwardDir = PKIX_FALSE;
- PKIX_CertChainChecker *copy = NULL;
- PKIX_CertChainChecker_CheckCallback originalCallback = NULL;
- PKIX_CertChainChecker_CheckCallback copyCallback = NULL;
- PKIX_PL_Object *originalState = NULL;
- PKIX_PL_Object *copyState = NULL;
- PKIX_List *originalList = NULL;
- PKIX_List *copyList = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("CertChainChecker_Duplicate");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)original,
- (PKIX_PL_Object **)&copy,
- plContext));
-
- subTest("CertChainChecker_GetCheckCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback
- (original, &originalCallback, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback
- (copy, &copyCallback, plContext));
- if (originalCallback != copyCallback) {
- pkixTestErrorMsg = "CheckCallback functions are not equal!";
- goto cleanup;
- }
-
- subTest("CertChainChecker_IsForwardCheckingSupported");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertChainChecker_IsForwardCheckingSupported
- (original, &originalForward, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertChainChecker_IsForwardCheckingSupported
- (copy, &copyForward, plContext));
- if (originalForward != copyForward) {
- pkixTestErrorMsg = "ForwardChecking booleans are not equal!";
- goto cleanup;
- }
-
- subTest("CertChainChecker_IsForwardDirectionExpected");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertChainChecker_IsForwardDirectionExpected
- (original, &originalForwardDir, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertChainChecker_IsForwardDirectionExpected
- (copy, &copyForwardDir, plContext));
- if (originalForwardDir != copyForwardDir) {
- pkixTestErrorMsg = "ForwardDirection booleans are not equal!";
- goto cleanup;
- }
-
- subTest("CertChainChecker_GetCertChainCheckerState");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertChainChecker_GetCertChainCheckerState
- (original, &originalState, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertChainChecker_GetCertChainCheckerState
- (copy, &copyState, plContext));
- testEqualsHelper(originalState, copyState, PKIX_TRUE, plContext);
-
- subTest("CertChainChecker_GetSupportedExtensions");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertChainChecker_GetSupportedExtensions
- (original, &originalList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertChainChecker_GetSupportedExtensions
- (copy, &copyList, plContext));
- testEqualsHelper
- ((PKIX_PL_Object *)originalList,
- (PKIX_PL_Object *)copyList,
- PKIX_TRUE,
- plContext);
+ PKIX_Boolean originalForward = PKIX_FALSE;
+ PKIX_Boolean copyForward = PKIX_FALSE;
+ PKIX_Boolean originalForwardDir = PKIX_FALSE;
+ PKIX_Boolean copyForwardDir = PKIX_FALSE;
+ PKIX_CertChainChecker *copy = NULL;
+ PKIX_CertChainChecker_CheckCallback originalCallback = NULL;
+ PKIX_CertChainChecker_CheckCallback copyCallback = NULL;
+ PKIX_PL_Object *originalState = NULL;
+ PKIX_PL_Object *copyState = NULL;
+ PKIX_List *originalList = NULL;
+ PKIX_List *copyList = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("CertChainChecker_Duplicate");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)original,
+ (PKIX_PL_Object **)&copy,
+ plContext));
+
+ subTest("CertChainChecker_GetCheckCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback(original, &originalCallback, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback(copy, &copyCallback, plContext));
+ if (originalCallback != copyCallback) {
+ pkixTestErrorMsg = "CheckCallback functions are not equal!";
+ goto cleanup;
+ }
+
+ subTest("CertChainChecker_IsForwardCheckingSupported");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardCheckingSupported(original, &originalForward, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardCheckingSupported(copy, &copyForward, plContext));
+ if (originalForward != copyForward) {
+ pkixTestErrorMsg = "ForwardChecking booleans are not equal!";
+ goto cleanup;
+ }
+
+ subTest("CertChainChecker_IsForwardDirectionExpected");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardDirectionExpected(original, &originalForwardDir, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardDirectionExpected(copy, &copyForwardDir, plContext));
+ if (originalForwardDir != copyForwardDir) {
+ pkixTestErrorMsg = "ForwardDirection booleans are not equal!";
+ goto cleanup;
+ }
+
+ subTest("CertChainChecker_GetCertChainCheckerState");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCertChainCheckerState(original, &originalState, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCertChainCheckerState(copy, &copyState, plContext));
+ testEqualsHelper(originalState, copyState, PKIX_TRUE, plContext);
+
+ subTest("CertChainChecker_GetSupportedExtensions");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetSupportedExtensions(original, &originalList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetSupportedExtensions(copy, &copyList, plContext));
+ testEqualsHelper((PKIX_PL_Object *)originalList,
+ (PKIX_PL_Object *)copyList,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(copy);
- PKIX_TEST_DECREF_AC(originalState);
- PKIX_TEST_DECREF_AC(copyState);
- PKIX_TEST_DECREF_AC(originalList);
- PKIX_TEST_DECREF_AC(copyList);
+ PKIX_TEST_DECREF_AC(copy);
+ PKIX_TEST_DECREF_AC(originalState);
+ PKIX_TEST_DECREF_AC(copyState);
+ PKIX_TEST_DECREF_AC(originalList);
+ PKIX_TEST_DECREF_AC(copyList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_certchainchecker(int argc, char *argv[]) {
-
- PKIX_UInt32 actualMinorVersion;
- PKIX_PL_OID *bcOID = NULL;
- PKIX_PL_OID *ncOID = NULL;
- PKIX_PL_OID *cpOID = NULL;
- PKIX_PL_OID *pmOID = NULL;
- PKIX_PL_OID *pcOID = NULL;
- PKIX_PL_OID *iaOID = NULL;
- PKIX_CertChainChecker *dummyChecker = NULL;
- PKIX_List *supportedExtensions = NULL;
- PKIX_PL_Object *initialState = NULL;
- PKIX_UInt32 j = 0;
-
- PKIX_TEST_STD_VARS();
-
- startTests("CertChainChecker");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
- (&supportedExtensions, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (PKIX_BASICCONSTRAINTS_OID, &bcOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (supportedExtensions, (PKIX_PL_Object *)bcOID, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (PKIX_NAMECONSTRAINTS_OID, &ncOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (supportedExtensions, (PKIX_PL_Object *)ncOID, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (PKIX_CERTIFICATEPOLICIES_OID, &cpOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (supportedExtensions, (PKIX_PL_Object *)cpOID, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (PKIX_POLICYMAPPINGS_OID, &pmOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (supportedExtensions, (PKIX_PL_Object *)pmOID, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (PKIX_POLICYCONSTRAINTS_OID, &pcOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (supportedExtensions, (PKIX_PL_Object *)pcOID, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (PKIX_INHIBITANYPOLICY_OID, &iaOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (supportedExtensions, (PKIX_PL_Object *)iaOID, plContext));
-
- PKIX_TEST_DECREF_BC(bcOID);
- PKIX_TEST_DECREF_BC(ncOID);
- PKIX_TEST_DECREF_BC(cpOID);
- PKIX_TEST_DECREF_BC(pmOID);
- PKIX_TEST_DECREF_BC(pcOID);
- PKIX_TEST_DECREF_BC(iaOID);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)supportedExtensions, plContext));
-
- initialState = (PKIX_PL_Object *)supportedExtensions;
-
- subTest("CertChainChecker_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
- (dummyChecker_Check, /* PKIX_CertChainChecker_CheckCallback */
- PKIX_FALSE, /* forwardCheckingSupported */
- PKIX_FALSE, /* forwardDirectionExpected */
- supportedExtensions,
- NULL, /* PKIX_PL_Object *initialState */
- &dummyChecker,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertChainChecker_SetCertChainCheckerState
- (dummyChecker, initialState, plContext));
-
- test_CertChainChecker_Duplicate(dummyChecker);
-
- subTest("CertChainChecker_Destroy");
- PKIX_TEST_DECREF_BC(dummyChecker);
+int
+test_certchainchecker(int argc, char *argv[])
+{
+
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_PL_OID *bcOID = NULL;
+ PKIX_PL_OID *ncOID = NULL;
+ PKIX_PL_OID *cpOID = NULL;
+ PKIX_PL_OID *pmOID = NULL;
+ PKIX_PL_OID *pcOID = NULL;
+ PKIX_PL_OID *iaOID = NULL;
+ PKIX_CertChainChecker *dummyChecker = NULL;
+ PKIX_List *supportedExtensions = NULL;
+ PKIX_PL_Object *initialState = NULL;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("CertChainChecker");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&supportedExtensions, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_BASICCONSTRAINTS_OID, &bcOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)bcOID, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_NAMECONSTRAINTS_OID, &ncOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)ncOID, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_CERTIFICATEPOLICIES_OID, &cpOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)cpOID, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_POLICYMAPPINGS_OID, &pmOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)pmOID, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_POLICYCONSTRAINTS_OID, &pcOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)pcOID, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_INHIBITANYPOLICY_OID, &iaOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)iaOID, plContext));
+
+ PKIX_TEST_DECREF_BC(bcOID);
+ PKIX_TEST_DECREF_BC(ncOID);
+ PKIX_TEST_DECREF_BC(cpOID);
+ PKIX_TEST_DECREF_BC(pmOID);
+ PKIX_TEST_DECREF_BC(pcOID);
+ PKIX_TEST_DECREF_BC(iaOID);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)supportedExtensions, plContext));
+
+ initialState = (PKIX_PL_Object *)supportedExtensions;
+
+ subTest("CertChainChecker_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(dummyChecker_Check, /* PKIX_CertChainChecker_CheckCallback */
+ PKIX_FALSE, /* forwardCheckingSupported */
+ PKIX_FALSE, /* forwardDirectionExpected */
+ supportedExtensions,
+ NULL, /* PKIX_PL_Object *initialState */
+ &dummyChecker,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_SetCertChainCheckerState(dummyChecker, initialState, plContext));
+
+ test_CertChainChecker_Duplicate(dummyChecker);
+
+ subTest("CertChainChecker_Destroy");
+ PKIX_TEST_DECREF_BC(dummyChecker);
cleanup:
- PKIX_TEST_DECREF_AC(dummyChecker);
- PKIX_TEST_DECREF_AC(initialState);
- PKIX_TEST_DECREF_AC(supportedExtensions);
+ PKIX_TEST_DECREF_AC(dummyChecker);
+ PKIX_TEST_DECREF_AC(initialState);
+ PKIX_TEST_DECREF_AC(supportedExtensions);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("CertChainChecker");
+ endTests("CertChainChecker");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c b/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c
index b2420f4c9..fcc5ef5a3 100644
--- a/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c
+++ b/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c
@@ -16,426 +16,391 @@ static void *plContext = NULL;
static void
testIssuer(PKIX_ComCRLSelParams *goodObject)
{
- PKIX_PL_String *issuer1String = NULL;
- PKIX_PL_String *issuer2String = NULL;
- PKIX_PL_String *issuer3String = NULL;
- PKIX_PL_X500Name *issuerName1 = NULL;
- PKIX_PL_X500Name *issuerName2 = NULL;
- PKIX_PL_X500Name *issuerName3 = NULL;
- PKIX_List *setIssuerList = NULL;
- PKIX_List *getIssuerList = NULL;
- PKIX_PL_String *issuerListString = NULL;
- char *name1 = "CN=yassir,OU=bcn,OU=east,O=sun,C=us";
- char *name2 = "CN=richard,OU=bcn,OU=east,O=sun,C=us";
- char *name3 = "CN=hanfei,OU=bcn,OU=east,O=sun,C=us";
- PKIX_Int32 length;
- PKIX_Boolean result = PKIX_FALSE;
- char *expectedAscii =
- "(CN=yassir,OU=bcn,OU=east,O=sun,"
- "C=us, CN=richard,OU=bcn,OU=east,O=sun,C=us, "
- "CN=hanfei,OU=bcn,OU=east,O=sun,C=us)";
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_ComCRLSelParams Create Issuers");
-
- length = PL_strlen(name1);
+ PKIX_PL_String *issuer1String = NULL;
+ PKIX_PL_String *issuer2String = NULL;
+ PKIX_PL_String *issuer3String = NULL;
+ PKIX_PL_X500Name *issuerName1 = NULL;
+ PKIX_PL_X500Name *issuerName2 = NULL;
+ PKIX_PL_X500Name *issuerName3 = NULL;
+ PKIX_List *setIssuerList = NULL;
+ PKIX_List *getIssuerList = NULL;
+ PKIX_PL_String *issuerListString = NULL;
+ char *name1 = "CN=yassir,OU=bcn,OU=east,O=sun,C=us";
+ char *name2 = "CN=richard,OU=bcn,OU=east,O=sun,C=us";
+ char *name3 = "CN=hanfei,OU=bcn,OU=east,O=sun,C=us";
+ PKIX_Int32 length;
+ PKIX_Boolean result = PKIX_FALSE;
+ char *expectedAscii =
+ "(CN=yassir,OU=bcn,OU=east,O=sun,"
+ "C=us, CN=richard,OU=bcn,OU=east,O=sun,C=us, "
+ "CN=hanfei,OU=bcn,OU=east,O=sun,C=us)";
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_UTF8,
- name1,
- length,
- &issuer1String,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer1String,
- &issuerName1,
- plContext));
+ PKIX_TEST_STD_VARS();
- length = PL_strlen(name2);
+ subTest("PKIX_ComCRLSelParams Create Issuers");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_UTF8,
- name2,
- length,
- &issuer2String,
- plContext));
+ length = PL_strlen(name1);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer2String,
- &issuerName2,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8,
+ name1,
+ length,
+ &issuer1String,
+ plContext));
- length = PL_strlen(name3);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer1String,
+ &issuerName1,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_UTF8,
- name3,
- length,
- &issuer3String,
- plContext));
+ length = PL_strlen(name2);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create
- (issuer3String,
- &issuerName3,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8,
+ name2,
+ length,
+ &issuer2String,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setIssuerList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer2String,
+ &issuerName2,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setIssuerList,
- (PKIX_PL_Object *)issuerName1,
- plContext));
+ length = PL_strlen(name3);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setIssuerList,
- (PKIX_PL_Object *)issuerName2,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8,
+ name3,
+ length,
+ &issuer3String,
+ plContext));
- subTest("PKIX_ComCRLSelParams_AddIssuerName");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer3String,
+ &issuerName3,
+ plContext));
- /* Test adding an issuer to an empty list */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName
- (goodObject, issuerName3, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setIssuerList, plContext));
- subTest("PKIX_ComCRLSelParams_GetIssuerNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setIssuerList,
+ (PKIX_PL_Object *)issuerName1,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames
- (goodObject, &getIssuerList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setIssuerList,
+ (PKIX_PL_Object *)issuerName2,
+ plContext));
- /* DECREF for GetIssuerNames */
- PKIX_TEST_DECREF_BC(getIssuerList);
- /* DECREF for AddIssuerName so next SetIssuerName start clean */
- PKIX_TEST_DECREF_BC(getIssuerList);
+ subTest("PKIX_ComCRLSelParams_AddIssuerName");
- /* Test setting issuer names on the list */
- subTest("PKIX_ComCRLSelParams_SetIssuerNames");
+ /* Test adding an issuer to an empty list */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(goodObject, issuerName3, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames
- (goodObject, setIssuerList, plContext));
+ subTest("PKIX_ComCRLSelParams_GetIssuerNames");
- subTest("PKIX_ComCRLSelParams_GetIssuerNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames
- (goodObject, &getIssuerList, plContext));
+ /* DECREF for GetIssuerNames */
+ PKIX_TEST_DECREF_BC(getIssuerList);
+ /* DECREF for AddIssuerName so next SetIssuerName start clean */
+ PKIX_TEST_DECREF_BC(getIssuerList);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setIssuerList,
- (PKIX_PL_Object *)getIssuerList,
- &result,
- plContext));
+ /* Test setting issuer names on the list */
+ subTest("PKIX_ComCRLSelParams_SetIssuerNames");
- if (result != PKIX_TRUE) {
- pkixTestErrorMsg = "unexpected Issuers mismatch";
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames(goodObject, setIssuerList, plContext));
- /* Test adding an issuer to existing list */
- subTest("PKIX_ComCRLSelParams_AddIssuerName");
+ subTest("PKIX_ComCRLSelParams_GetIssuerNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName
- (goodObject, issuerName3, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext));
- subTest("PKIX_ComCRLSelParams_GetIssuerNames");
- PKIX_TEST_DECREF_BC(getIssuerList);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuerList,
+ (PKIX_PL_Object *)getIssuerList,
+ &result,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames
- (goodObject, &getIssuerList, plContext));
+ if (result != PKIX_TRUE) {
+ pkixTestErrorMsg = "unexpected Issuers mismatch";
+ }
+ /* Test adding an issuer to existing list */
+ subTest("PKIX_ComCRLSelParams_AddIssuerName");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)getIssuerList,
- &issuerListString,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(goodObject, issuerName3, plContext));
- testToStringHelper((PKIX_PL_Object *)getIssuerList,
- expectedAscii, plContext);
+ subTest("PKIX_ComCRLSelParams_GetIssuerNames");
+ PKIX_TEST_DECREF_BC(getIssuerList);
-cleanup:
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)getIssuerList,
+ &issuerListString,
+ plContext));
- PKIX_TEST_DECREF_AC(issuer1String);
- PKIX_TEST_DECREF_AC(issuer2String);
- PKIX_TEST_DECREF_AC(issuer3String);
- PKIX_TEST_DECREF_AC(issuerListString);
- PKIX_TEST_DECREF_AC(issuerName1);
- PKIX_TEST_DECREF_AC(issuerName2);
- PKIX_TEST_DECREF_AC(issuerName3);
- PKIX_TEST_DECREF_AC(setIssuerList);
- PKIX_TEST_DECREF_AC(getIssuerList);
+ testToStringHelper((PKIX_PL_Object *)getIssuerList,
+ expectedAscii, plContext);
- PKIX_TEST_RETURN();
+cleanup:
+ PKIX_TEST_DECREF_AC(issuer1String);
+ PKIX_TEST_DECREF_AC(issuer2String);
+ PKIX_TEST_DECREF_AC(issuer3String);
+ PKIX_TEST_DECREF_AC(issuerListString);
+ PKIX_TEST_DECREF_AC(issuerName1);
+ PKIX_TEST_DECREF_AC(issuerName2);
+ PKIX_TEST_DECREF_AC(issuerName3);
+ PKIX_TEST_DECREF_AC(setIssuerList);
+ PKIX_TEST_DECREF_AC(getIssuerList);
+
+ PKIX_TEST_RETURN();
}
-static
-void testCertificateChecking(
- char *dataCentralDir,
- char *goodInput,
- PKIX_ComCRLSelParams *goodObject)
+static void
+testCertificateChecking(
+ char *dataCentralDir,
+ char *goodInput,
+ PKIX_ComCRLSelParams *goodObject)
{
- PKIX_PL_Cert *setCert = NULL;
- PKIX_PL_Cert *getCert = NULL;
- PKIX_Boolean result = PKIX_FALSE;
+ PKIX_PL_Cert *setCert = NULL;
+ PKIX_PL_Cert *getCert = NULL;
+ PKIX_Boolean result = PKIX_FALSE;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("Test CertificateChecking Cert Create");
- setCert = createCert(dataCentralDir, goodInput, plContext);
- if (setCert == NULL) {
- pkixTestErrorMsg = "create certificate failed";
- goto cleanup;
- }
+ subTest("Test CertificateChecking Cert Create");
+ setCert = createCert(dataCentralDir, goodInput, plContext);
+ if (setCert == NULL) {
+ pkixTestErrorMsg = "create certificate failed";
+ goto cleanup;
+ }
- subTest("PKIX_ComCRLSelParams_SetCertificateChecking");
+ subTest("PKIX_ComCRLSelParams_SetCertificateChecking");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetCertificateChecking
- (goodObject, setCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetCertificateChecking(goodObject, setCert, plContext));
- subTest("PKIX_ComCRLSelParams_GetCertificateChecking");
+ subTest("PKIX_ComCRLSelParams_GetCertificateChecking");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetCertificateChecking
- (goodObject, &getCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetCertificateChecking(goodObject, &getCert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setCert,
- (PKIX_PL_Object *)getCert,
- &result, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setCert,
+ (PKIX_PL_Object *)getCert,
+ &result, plContext));
- if (result != PKIX_TRUE) {
- pkixTestErrorMsg = "unexpected Cert mismatch";
- }
+ if (result != PKIX_TRUE) {
+ pkixTestErrorMsg = "unexpected Cert mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(setCert);
- PKIX_TEST_DECREF_AC(getCert);
+ PKIX_TEST_DECREF_AC(setCert);
+ PKIX_TEST_DECREF_AC(getCert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testDateAndTime(PKIX_ComCRLSelParams *goodObject){
+static void
+testDateAndTime(PKIX_ComCRLSelParams *goodObject)
+{
- PKIX_PL_Date *setDate = NULL;
- PKIX_PL_Date *getDate = NULL;
- char *asciiDate = "040329134847Z";
- PKIX_Boolean result = PKIX_FALSE;
+ PKIX_PL_Date *setDate = NULL;
+ PKIX_PL_Date *getDate = NULL;
+ char *asciiDate = "040329134847Z";
+ PKIX_Boolean result = PKIX_FALSE;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_ComCRLSelParams_Date Create");
- setDate = createDate(asciiDate, plContext);
+ subTest("PKIX_ComCRLSelParams_Date Create");
+ setDate = createDate(asciiDate, plContext);
- subTest("PKIX_ComCRLSelParams_SetDateAndTime");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCRLSelParams_SetDateAndTime
- (goodObject, setDate, plContext));
+ subTest("PKIX_ComCRLSelParams_SetDateAndTime");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(goodObject, setDate, plContext));
- subTest("PKIX_ComCRLSelParams_GetDateAndTime");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCRLSelParams_GetDateAndTime
- (goodObject, &getDate, plContext));
+ subTest("PKIX_ComCRLSelParams_GetDateAndTime");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetDateAndTime(goodObject, &getDate, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setDate,
- (PKIX_PL_Object *)getDate,
- &result, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setDate,
+ (PKIX_PL_Object *)getDate,
+ &result, plContext));
- if (result != PKIX_TRUE) {
- pkixTestErrorMsg = "unexpected DateAndTime mismatch";
- }
+ if (result != PKIX_TRUE) {
+ pkixTestErrorMsg = "unexpected DateAndTime mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(setDate);
- PKIX_TEST_DECREF_AC(getDate);
+ PKIX_TEST_DECREF_AC(setDate);
+ PKIX_TEST_DECREF_AC(getDate);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testMaxMinCRLNumbers(PKIX_ComCRLSelParams *goodObject){
- PKIX_PL_BigInt *setMaxCrlNumber = NULL;
- PKIX_PL_BigInt *getMaxCrlNumber = NULL;
- PKIX_PL_BigInt *setMinCrlNumber = NULL;
- PKIX_PL_BigInt *getMinCrlNumber = NULL;
- char *asciiCrlNumber1 = "01";
- char *asciiCrlNumber99999 = "0909090909";
- PKIX_PL_String *crlNumber1String = NULL;
- PKIX_PL_String *crlNumber99999String = NULL;
+static void
+testMaxMinCRLNumbers(PKIX_ComCRLSelParams *goodObject)
+{
+ PKIX_PL_BigInt *setMaxCrlNumber = NULL;
+ PKIX_PL_BigInt *getMaxCrlNumber = NULL;
+ PKIX_PL_BigInt *setMinCrlNumber = NULL;
+ PKIX_PL_BigInt *getMinCrlNumber = NULL;
+ char *asciiCrlNumber1 = "01";
+ char *asciiCrlNumber99999 = "0909090909";
+ PKIX_PL_String *crlNumber1String = NULL;
+ PKIX_PL_String *crlNumber99999String = NULL;
- PKIX_Boolean result = PKIX_FALSE;
+ PKIX_Boolean result = PKIX_FALSE;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_ComCRLSelParams_SetMinCRLNumber");
+ subTest("PKIX_ComCRLSelParams_SetMinCRLNumber");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiCrlNumber1,
- PL_strlen(asciiCrlNumber1),
- &crlNumber1String,
- NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ asciiCrlNumber1,
+ PL_strlen(asciiCrlNumber1),
+ &crlNumber1String,
+ NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create
- (crlNumber1String, &setMinCrlNumber, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(crlNumber1String, &setMinCrlNumber, NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetMinCRLNumber
- (goodObject, setMinCrlNumber, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetMinCRLNumber(goodObject, setMinCrlNumber, NULL));
- subTest("PKIX_ComCRLSelParams_GetMinCRLNumber");
+ subTest("PKIX_ComCRLSelParams_GetMinCRLNumber");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCRLSelParams_GetMinCRLNumber
- (goodObject, &getMinCrlNumber, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetMinCRLNumber(goodObject, &getMinCrlNumber, NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setMinCrlNumber,
- (PKIX_PL_Object *)getMinCrlNumber,
- &result, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setMinCrlNumber,
+ (PKIX_PL_Object *)getMinCrlNumber,
+ &result, NULL));
- if (result != PKIX_TRUE) {
- pkixTestErrorMsg = "unexpected Minimum CRL Number mismatch";
- }
+ if (result != PKIX_TRUE) {
+ pkixTestErrorMsg = "unexpected Minimum CRL Number mismatch";
+ }
- subTest("PKIX_ComCRLSelParams_SetMaxCRLNumber");
+ subTest("PKIX_ComCRLSelParams_SetMaxCRLNumber");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiCrlNumber99999,
- PL_strlen(asciiCrlNumber99999),
- &crlNumber99999String,
- NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ asciiCrlNumber99999,
+ PL_strlen(asciiCrlNumber99999),
+ &crlNumber99999String,
+ NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create
- (crlNumber99999String, &setMaxCrlNumber, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(crlNumber99999String, &setMaxCrlNumber, NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetMaxCRLNumber
- (goodObject, setMaxCrlNumber, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetMaxCRLNumber(goodObject, setMaxCrlNumber, NULL));
- subTest("PKIX_ComCRLSelParams_GetMaxCRLNumber");
+ subTest("PKIX_ComCRLSelParams_GetMaxCRLNumber");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCRLSelParams_GetMaxCRLNumber
- (goodObject, &getMaxCrlNumber, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetMaxCRLNumber(goodObject, &getMaxCrlNumber, NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)setMaxCrlNumber,
- (PKIX_PL_Object *)getMaxCrlNumber,
- &result, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setMaxCrlNumber,
+ (PKIX_PL_Object *)getMaxCrlNumber,
+ &result, NULL));
- if (result != PKIX_TRUE) {
- pkixTestErrorMsg = "unexpected Maximum CRL Number mismatch";
- }
+ if (result != PKIX_TRUE) {
+ pkixTestErrorMsg = "unexpected Maximum CRL Number mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(setMaxCrlNumber);
- PKIX_TEST_DECREF_AC(getMaxCrlNumber);
- PKIX_TEST_DECREF_AC(setMinCrlNumber);
- PKIX_TEST_DECREF_AC(getMinCrlNumber);
- PKIX_TEST_DECREF_AC(crlNumber1String);
- PKIX_TEST_DECREF_AC(crlNumber99999String);
+ PKIX_TEST_DECREF_AC(setMaxCrlNumber);
+ PKIX_TEST_DECREF_AC(getMaxCrlNumber);
+ PKIX_TEST_DECREF_AC(setMinCrlNumber);
+ PKIX_TEST_DECREF_AC(getMinCrlNumber);
+ PKIX_TEST_DECREF_AC(crlNumber1String);
+ PKIX_TEST_DECREF_AC(crlNumber99999String);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testDuplicate(PKIX_ComCRLSelParams *goodObject){
+static void
+testDuplicate(PKIX_ComCRLSelParams *goodObject)
+{
- PKIX_ComCRLSelParams *dupObject = NULL;
- PKIX_Boolean result = PKIX_FALSE;
+ PKIX_ComCRLSelParams *dupObject = NULL;
+ PKIX_Boolean result = PKIX_FALSE;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_ComCRLSelParams_Duplicate");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)goodObject,
- (PKIX_PL_Object **)&dupObject,
- plContext));
+ subTest("PKIX_ComCRLSelParams_Duplicate");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodObject,
+ (PKIX_PL_Object **)&dupObject,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)goodObject,
- (PKIX_PL_Object *)dupObject,
- &result, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)goodObject,
+ (PKIX_PL_Object *)dupObject,
+ &result, plContext));
- if (result != PKIX_TRUE) {
- pkixTestErrorMsg =
- "unexpected Duplicate ComCRLSelParams mismatch";
- }
+ if (result != PKIX_TRUE) {
+ pkixTestErrorMsg =
+ "unexpected Duplicate ComCRLSelParams mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(dupObject);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(dupObject);
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(char *pName){
- printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+static void
+printUsage(char *pName)
+{
+ printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
}
/* Functional tests for ComCRLSelParams public functions */
-int test_comcrlselparams(int argc, char *argv[]){
+int
+test_comcrlselparams(int argc, char *argv[])
+{
- char *dataCentralDir = NULL;
- char *goodInput = "yassir2yassir";
- PKIX_ComCRLSelParams *goodObject = NULL;
- PKIX_ComCRLSelParams *diffObject = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ char *dataCentralDir = NULL;
+ char *goodInput = "yassir2yassir";
+ PKIX_ComCRLSelParams *goodObject = NULL;
+ PKIX_ComCRLSelParams *diffObject = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("ComCRLSelParams");
+ startTests("ComCRLSelParams");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- if (argc < 2){
- printUsage(argv[0]);
- return (0);
- }
+ if (argc < 2) {
+ printUsage(argv[0]);
+ return (0);
+ }
- dataCentralDir = argv[j+1];
+ dataCentralDir = argv[j + 1];
- subTest("PKIX_ComCRLSelParams_Create");
+ subTest("PKIX_ComCRLSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create
- (&goodObject,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&goodObject,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create
- (&diffObject,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&diffObject,
+ plContext));
- testIssuer(goodObject);
+ testIssuer(goodObject);
- testCertificateChecking(dataCentralDir, goodInput, goodObject);
+ testCertificateChecking(dataCentralDir, goodInput, goodObject);
- testDateAndTime(goodObject);
+ testDateAndTime(goodObject);
- testMaxMinCRLNumbers(goodObject);
+ testMaxMinCRLNumbers(goodObject);
- testDuplicate(goodObject);
+ testDuplicate(goodObject);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- goodObject,
- diffObject,
- NULL,
- ComCRLSelParams,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ goodObject,
+ diffObject,
+ NULL,
+ ComCRLSelParams,
+ PKIX_TRUE);
cleanup:
- PKIX_TEST_DECREF_AC(goodObject);
- PKIX_TEST_DECREF_AC(diffObject);
+ PKIX_TEST_DECREF_AC(goodObject);
+ PKIX_TEST_DECREF_AC(diffObject);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("ComCRLSelParams");
+ endTests("ComCRLSelParams");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/crlsel/test_crlselector.c b/cmd/libpkix/pkix/crlsel/test_crlselector.c
index d614e1170..f17406be5 100644
--- a/cmd/libpkix/pkix/crlsel/test_crlselector.c
+++ b/cmd/libpkix/pkix/crlsel/test_crlselector.c
@@ -16,158 +16,153 @@ static void *plContext = NULL;
static void
testGetMatchCallback(PKIX_CRLSelector *goodObject)
{
- PKIX_CRLSelector_MatchCallback mCallback = NULL;
+ PKIX_CRLSelector_MatchCallback mCallback = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("testGetMatchCallback");
+ subTest("testGetMatchCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetMatchCallback
- (goodObject, &mCallback, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetMatchCallback(goodObject, &mCallback, plContext));
- if (mCallback == NULL) {
- pkixTestErrorMsg = "MatchCallback is NULL";
- }
+ if (mCallback == NULL) {
+ pkixTestErrorMsg = "MatchCallback is NULL";
+ }
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
-static
-void testGetCRLSelectorContext(PKIX_CRLSelector *goodObject)
+static void
+testGetCRLSelectorContext(PKIX_CRLSelector *goodObject)
{
- PKIX_PL_Object *context = NULL;
+ PKIX_PL_Object *context = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("testGetCRLSelectorContext");
+ subTest("testGetCRLSelectorContext");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCRLSelectorContext
- (goodObject, (void *)&context, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCRLSelectorContext(goodObject, (void *)&context, plContext));
- if (context == NULL) {
- pkixTestErrorMsg = "CRLSelectorContext is NULL";
- }
+ if (context == NULL) {
+ pkixTestErrorMsg = "CRLSelectorContext is NULL";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(context);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(context);
+ PKIX_TEST_RETURN();
}
-static
-void testCommonCRLSelectorParams(PKIX_CRLSelector *goodObject){
- PKIX_ComCRLSelParams *setParams = NULL;
- PKIX_ComCRLSelParams *getParams = NULL;
- PKIX_PL_Date *setDate = NULL;
- char *asciiDate = "040329134847Z";
+static void
+testCommonCRLSelectorParams(PKIX_CRLSelector *goodObject)
+{
+ PKIX_ComCRLSelParams *setParams = NULL;
+ PKIX_ComCRLSelParams *getParams = NULL;
+ PKIX_PL_Date *setDate = NULL;
+ char *asciiDate = "040329134847Z";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_ComCRLSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create
- (&setParams,
- plContext));
+ subTest("PKIX_ComCRLSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&setParams,
+ plContext));
- subTest("PKIX_ComCRLSelParams_Date Create");
+ subTest("PKIX_ComCRLSelParams_Date Create");
- setDate = createDate(asciiDate, plContext);
+ setDate = createDate(asciiDate, plContext);
- subTest("PKIX_ComCRLSelParams_SetDateAndTime");
+ subTest("PKIX_ComCRLSelParams_SetDateAndTime");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime
- (setParams, setDate, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(setParams, setDate, plContext));
- subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams");
+ subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(
- goodObject, setParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(
+ goodObject, setParams, plContext));
- subTest("PKIX_CRLSelector_GetCommonCRLSelectorParams");
+ subTest("PKIX_CRLSelector_GetCommonCRLSelectorParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCommonCRLSelectorParams(
- goodObject, &getParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCommonCRLSelectorParams(
+ goodObject, &getParams, plContext));
- testEqualsHelper((PKIX_PL_Object *)setParams,
- (PKIX_PL_Object *)getParams,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)setParams,
+ (PKIX_PL_Object *)getParams,
+ PKIX_TRUE,
+ plContext);
- testHashcodeHelper((PKIX_PL_Object *)setParams,
- (PKIX_PL_Object *)getParams,
- PKIX_TRUE,
- plContext);
+ testHashcodeHelper((PKIX_PL_Object *)setParams,
+ (PKIX_PL_Object *)getParams,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(setDate);
- PKIX_TEST_DECREF_AC(setParams);
- PKIX_TEST_DECREF_AC(getParams);
+ PKIX_TEST_DECREF_AC(setDate);
+ PKIX_TEST_DECREF_AC(setParams);
+ PKIX_TEST_DECREF_AC(getParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/* Functional tests for CRLSelector public functions */
-int test_crlselector(int argc, char *argv[]){
+int
+test_crlselector(int argc, char *argv[])
+{
- PKIX_PL_Date *context = NULL;
- PKIX_CRLSelector *goodObject = NULL;
- PKIX_CRLSelector *diffObject = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- char *asciiDate = "040329134847Z";
+ PKIX_PL_Date *context = NULL;
+ PKIX_CRLSelector *goodObject = NULL;
+ PKIX_CRLSelector *diffObject = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ char *asciiDate = "040329134847Z";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("CRLSelector");
+ startTests("CRLSelector");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- context = createDate(asciiDate, plContext);
+ context = createDate(asciiDate, plContext);
- subTest("PKIX_CRLSelector_Create");
+ subTest("PKIX_CRLSelector_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create
- (NULL,
- (PKIX_PL_Object *)context,
- &goodObject,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL,
+ (PKIX_PL_Object *)context,
+ &goodObject,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create
- (NULL,
- (PKIX_PL_Object *)context,
- &diffObject,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL,
+ (PKIX_PL_Object *)context,
+ &diffObject,
+ plContext));
- testGetMatchCallback(goodObject);
+ testGetMatchCallback(goodObject);
- testGetCRLSelectorContext(goodObject);
+ testGetCRLSelectorContext(goodObject);
- testCommonCRLSelectorParams(goodObject);
+ testCommonCRLSelectorParams(goodObject);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- goodObject,
- diffObject,
- NULL,
- CRLSelector,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ goodObject,
+ diffObject,
+ NULL,
+ CRLSelector,
+ PKIX_TRUE);
cleanup:
- PKIX_TEST_DECREF_AC(goodObject);
- PKIX_TEST_DECREF_AC(diffObject);
- PKIX_TEST_DECREF_AC(context);
+ PKIX_TEST_DECREF_AC(goodObject);
+ PKIX_TEST_DECREF_AC(diffObject);
+ PKIX_TEST_DECREF_AC(context);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("CRLSelector");
+ endTests("CRLSelector");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/params/test_procparams.c b/cmd/libpkix/pkix/params/test_procparams.c
index 19cf7f962..419322a1e 100644
--- a/cmd/libpkix/pkix/params/test_procparams.c
+++ b/cmd/libpkix/pkix/params/test_procparams.c
@@ -16,504 +16,463 @@ static void *plContext = NULL;
static void
testDestroy(void *goodObject, void *equalObject, void *diffObject)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_ProcessingParams_Destroy");
+ subTest("PKIX_ProcessingParams_Destroy");
- PKIX_TEST_DECREF_BC(goodObject);
- PKIX_TEST_DECREF_BC(equalObject);
- PKIX_TEST_DECREF_BC(diffObject);
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
-static
-void testGetAnchors(
- PKIX_ProcessingParams *goodObject,
- PKIX_ProcessingParams *equalObject){
+static void
+testGetAnchors(
+ PKIX_ProcessingParams *goodObject,
+ PKIX_ProcessingParams *equalObject)
+{
- PKIX_List *goodAnchors = NULL;
- PKIX_List *equalAnchors = NULL;
+ PKIX_List *goodAnchors = NULL;
+ PKIX_List *equalAnchors = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ProcessingParams_GetTrustAnchors");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ProcessingParams_GetTrustAnchors");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors
- (goodObject, &goodAnchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors(goodObject, &goodAnchors, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors
- (equalObject, &equalAnchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors(equalObject, &equalAnchors, plContext));
- testEqualsHelper((PKIX_PL_Object *)goodAnchors,
- (PKIX_PL_Object *)equalAnchors,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)goodAnchors,
+ (PKIX_PL_Object *)equalAnchors,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(goodAnchors);
- PKIX_TEST_DECREF_AC(equalAnchors);
+ PKIX_TEST_DECREF_AC(goodAnchors);
+ PKIX_TEST_DECREF_AC(equalAnchors);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetSetDate(
- PKIX_ProcessingParams *goodObject,
- PKIX_ProcessingParams *equalObject){
+static void
+testGetSetDate(
+ PKIX_ProcessingParams *goodObject,
+ PKIX_ProcessingParams *equalObject)
+{
- PKIX_PL_Date *setDate = NULL;
- PKIX_PL_Date *getDate = NULL;
- char *asciiDate = "040329134847Z";
+ PKIX_PL_Date *setDate = NULL;
+ PKIX_PL_Date *getDate = NULL;
+ char *asciiDate = "040329134847Z";
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ProcessingParams_Get/SetDate");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ProcessingParams_Get/SetDate");
- setDate = createDate(asciiDate, plContext);
+ setDate = createDate(asciiDate, plContext);
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetDate(goodObject, setDate, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(goodObject, setDate, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_GetDate
- (goodObject, &getDate, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetDate(goodObject, &getDate, plContext));
- testEqualsHelper((PKIX_PL_Object *)setDate,
- (PKIX_PL_Object *)getDate,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)setDate,
+ (PKIX_PL_Object *)getDate,
+ PKIX_TRUE,
+ plContext);
- /* we want to make sure that goodObject and equalObject are "equal" */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetDate
- (equalObject, setDate, plContext));
+ /* we want to make sure that goodObject and equalObject are "equal" */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(equalObject, setDate, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(setDate);
- PKIX_TEST_DECREF_AC(getDate);
+ PKIX_TEST_DECREF_AC(setDate);
+ PKIX_TEST_DECREF_AC(getDate);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-PKIX_Error *userChecker1cb(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */
- void **pNBIOContext,
- void *plContext)
+static PKIX_Error *
+userChecker1cb(
+ PKIX_CertChainChecker *checker,
+ PKIX_PL_Cert *cert,
+ PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */
+ void **pNBIOContext,
+ void *plContext)
{
- return(NULL);
+ return (NULL);
}
-static
-void testGetSetCertChainCheckers(
- PKIX_ProcessingParams *goodObject,
- PKIX_ProcessingParams *equalObject){
+static void
+testGetSetCertChainCheckers(
+ PKIX_ProcessingParams *goodObject,
+ PKIX_ProcessingParams *equalObject)
+{
- PKIX_CertChainChecker *checker = NULL;
- PKIX_List *setCheckersList = NULL;
- PKIX_List *getCheckersList = NULL;
- PKIX_PL_Date *date = NULL;
- char *asciiDate = "040329134847Z";
+ PKIX_CertChainChecker *checker = NULL;
+ PKIX_List *setCheckersList = NULL;
+ PKIX_List *getCheckersList = NULL;
+ PKIX_PL_Date *date = NULL;
+ char *asciiDate = "040329134847Z";
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ProcessingParams_Get/SetCertChainCheckers");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ProcessingParams_Get/SetCertChainCheckers");
- date = createDate(asciiDate, plContext);
+ date = createDate(asciiDate, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
- (userChecker1cb,
- PKIX_FALSE,
- PKIX_FALSE,
- NULL,
- (PKIX_PL_Object *) date,
- &checker,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(userChecker1cb,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ NULL,
+ (PKIX_PL_Object *)date,
+ &checker,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
- (&setCheckersList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setCheckersList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setCheckersList, (PKIX_PL_Object *) checker, plContext));
- PKIX_TEST_DECREF_BC(checker);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setCheckersList, (PKIX_PL_Object *)checker, plContext));
+ PKIX_TEST_DECREF_BC(checker);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertChainCheckers
- (goodObject, setCheckersList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertChainCheckers(goodObject, setCheckersList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
- (userChecker1cb,
- PKIX_FALSE,
- PKIX_FALSE,
- NULL,
- (PKIX_PL_Object *) date,
- &checker,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(userChecker1cb,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ NULL,
+ (PKIX_PL_Object *)date,
+ &checker,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker
- (goodObject, checker, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker(goodObject, checker, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetCertChainCheckers
- (goodObject, &getCheckersList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetCertChainCheckers(goodObject, &getCheckersList, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(setCheckersList);
- PKIX_TEST_DECREF_AC(getCheckersList);
- PKIX_TEST_DECREF_AC(date);
- PKIX_TEST_DECREF_BC(checker);
+ PKIX_TEST_DECREF_AC(setCheckersList);
+ PKIX_TEST_DECREF_AC(getCheckersList);
+ PKIX_TEST_DECREF_AC(date);
+ PKIX_TEST_DECREF_BC(checker);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-PKIX_Error *userChecker2cb(
- PKIX_RevocationChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_UInt32 *pResult,
- void *plContext)
+static PKIX_Error *
+userChecker2cb(
+ PKIX_RevocationChecker *checker,
+ PKIX_PL_Cert *cert,
+ PKIX_UInt32 *pResult,
+ void *plContext)
{
- return(NULL);
+ return (NULL);
}
-static
-void testGetSetRevocationCheckers(
- PKIX_ProcessingParams *goodObject,
- PKIX_ProcessingParams *equalObject){
+static void
+testGetSetRevocationCheckers(
+ PKIX_ProcessingParams *goodObject,
+ PKIX_ProcessingParams *equalObject)
+{
- PKIX_RevocationChecker *checker = NULL;
- PKIX_List *setCheckersList = NULL;
- PKIX_List *getCheckersList = NULL;
- PKIX_PL_Date *date = NULL;
- char *asciiDate = "040329134847Z";
+ PKIX_RevocationChecker *checker = NULL;
+ PKIX_List *setCheckersList = NULL;
+ PKIX_List *getCheckersList = NULL;
+ PKIX_PL_Date *date = NULL;
+ char *asciiDate = "040329134847Z";
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ProcessingParams_Get/SetRevocationCheckers");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ProcessingParams_Get/SetRevocationCheckers");
- date = createDate(asciiDate, plContext);
+ date = createDate(asciiDate, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create
- (userChecker2cb,
- (PKIX_PL_Object *) date,
- &checker,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create(userChecker2cb,
+ (PKIX_PL_Object *)date,
+ &checker,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
- (&setCheckersList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setCheckersList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setCheckersList,
- (PKIX_PL_Object *) checker,
- plContext));
- PKIX_TEST_DECREF_BC(checker);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setCheckersList,
+ (PKIX_PL_Object *)checker,
+ plContext));
+ PKIX_TEST_DECREF_BC(checker);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
- (goodObject, setCheckersList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(goodObject, setCheckersList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create
- (userChecker2cb,
- (PKIX_PL_Object *) date,
- &checker,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create(userChecker2cb,
+ (PKIX_PL_Object *)date,
+ &checker,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddRevocationChecker
- (goodObject, checker, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddRevocationChecker(goodObject, checker, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetRevocationCheckers
- (goodObject, &getCheckersList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetRevocationCheckers(goodObject, &getCheckersList, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(setCheckersList);
- PKIX_TEST_DECREF_AC(getCheckersList);
- PKIX_TEST_DECREF_AC(date);
- PKIX_TEST_DECREF_BC(checker);
+ PKIX_TEST_DECREF_AC(setCheckersList);
+ PKIX_TEST_DECREF_AC(getCheckersList);
+ PKIX_TEST_DECREF_AC(date);
+ PKIX_TEST_DECREF_BC(checker);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetSetResourceLimits(
- PKIX_ProcessingParams *goodObject,
- PKIX_ProcessingParams *equalObject)
+static void
+testGetSetResourceLimits(
+ PKIX_ProcessingParams *goodObject,
+ PKIX_ProcessingParams *equalObject)
{
- PKIX_ResourceLimits *resourceLimits1 = NULL;
- PKIX_ResourceLimits *resourceLimits2 = NULL;
+ PKIX_ResourceLimits *resourceLimits1 = NULL;
+ PKIX_ResourceLimits *resourceLimits2 = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ProcessingParams_Get/SetResourceLimits");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ProcessingParams_Get/SetResourceLimits");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create
- (&resourceLimits1, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits1, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create
- (&resourceLimits2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
- (resourceLimits1, 3, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits1, 3, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth
- (resourceLimits1, 3, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits1, 3, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime
- (resourceLimits1, 2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits1, 2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits
- (goodObject, resourceLimits1, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(goodObject, resourceLimits1, plContext));
- PKIX_TEST_DECREF_BC(resourceLimits2);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetResourceLimits
- (goodObject, &resourceLimits2, plContext));
+ PKIX_TEST_DECREF_BC(resourceLimits2);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetResourceLimits(goodObject, &resourceLimits2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits
- (equalObject, resourceLimits2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(equalObject, resourceLimits2, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(resourceLimits1);
- PKIX_TEST_DECREF_AC(resourceLimits2);
+ PKIX_TEST_DECREF_AC(resourceLimits1);
+ PKIX_TEST_DECREF_AC(resourceLimits2);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetSetConstraints(PKIX_ProcessingParams *goodObject){
+static void
+testGetSetConstraints(PKIX_ProcessingParams *goodObject)
+{
- PKIX_CertSelector *setConstraints = NULL;
- PKIX_CertSelector *getConstraints = NULL;
+ PKIX_CertSelector *setConstraints = NULL;
+ PKIX_CertSelector *getConstraints = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ProcessingParams_Get/SetTargetCertConstraints");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ProcessingParams_Get/SetTargetCertConstraints");
- /*
+ /*
* After createConstraints is implemented
* setConstraints = createConstraints();
*/
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetTargetCertConstraints
- (goodObject, setConstraints, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(goodObject, setConstraints, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_GetTargetCertConstraints
- (goodObject, &getConstraints, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTargetCertConstraints(goodObject, &getConstraints, plContext));
- testEqualsHelper((PKIX_PL_Object *)setConstraints,
- (PKIX_PL_Object *)getConstraints,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)setConstraints,
+ (PKIX_PL_Object *)getConstraints,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(setConstraints);
- PKIX_TEST_DECREF_AC(getConstraints);
+ PKIX_TEST_DECREF_AC(setConstraints);
+ PKIX_TEST_DECREF_AC(getConstraints);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetSetInitialPolicies(
- PKIX_ProcessingParams *goodObject,
- char *asciiPolicyOID)
+static void
+testGetSetInitialPolicies(
+ PKIX_ProcessingParams *goodObject,
+ char *asciiPolicyOID)
{
- PKIX_PL_OID *policyOID = NULL;
- PKIX_List* setPolicyList = NULL;
- PKIX_List* getPolicyList = NULL;
+ PKIX_PL_OID *policyOID = NULL;
+ PKIX_List *setPolicyList = NULL;
+ PKIX_List *getPolicyList = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ProcessingParams_Get/SetInitialPolicies");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ProcessingParams_Get/SetInitialPolicies");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (asciiPolicyOID, &policyOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiPolicyOID, &policyOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setPolicyList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setPolicyList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (setPolicyList, (PKIX_PL_Object *)policyOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setPolicyList, (PKIX_PL_Object *)policyOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_SetImmutable(setPolicyList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(setPolicyList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies
- (goodObject, setPolicyList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(goodObject, setPolicyList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetInitialPolicies
- (goodObject, &getPolicyList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetInitialPolicies(goodObject, &getPolicyList, plContext));
- testEqualsHelper
- ((PKIX_PL_Object *)setPolicyList,
- (PKIX_PL_Object *)getPolicyList,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)setPolicyList,
+ (PKIX_PL_Object *)getPolicyList,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(policyOID);
- PKIX_TEST_DECREF_AC(setPolicyList);
- PKIX_TEST_DECREF_AC(getPolicyList);
+ PKIX_TEST_DECREF_AC(policyOID);
+ PKIX_TEST_DECREF_AC(setPolicyList);
+ PKIX_TEST_DECREF_AC(getPolicyList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetSetPolicyQualifiersRejected(
- PKIX_ProcessingParams *goodObject,
- PKIX_Boolean rejected)
+static void
+testGetSetPolicyQualifiersRejected(
+ PKIX_ProcessingParams *goodObject,
+ PKIX_Boolean rejected)
{
- PKIX_Boolean getRejected = PKIX_FALSE;
+ PKIX_Boolean getRejected = PKIX_FALSE;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ProcessingParams_Get/SetPolicyQualifiersRejected");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ProcessingParams_Get/SetPolicyQualifiersRejected");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetPolicyQualifiersRejected
- (goodObject, rejected, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetPolicyQualifiersRejected(goodObject, rejected, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_GetPolicyQualifiersRejected
- (goodObject, &getRejected, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetPolicyQualifiersRejected(goodObject, &getRejected, plContext));
- if (rejected != getRejected) {
- testError
- ("GetPolicyQualifiersRejected returned unexpected value");
- }
+ if (rejected != getRejected) {
+ testError("GetPolicyQualifiersRejected returned unexpected value");
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(char *pName){
- printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+static void
+printUsage(char *pName)
+{
+ printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
}
-int test_procparams(int argc, char *argv[]) {
-
- PKIX_ProcessingParams *goodObject = NULL;
- PKIX_ProcessingParams *equalObject = NULL;
- PKIX_ProcessingParams *diffObject = NULL;
- PKIX_UInt32 actualMinorVersion;
- char *dataCentralDir = NULL;
- PKIX_UInt32 j = 0;
-
- char *oidAnyPolicy = PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID;
- char *oidNist1Policy = "2.16.840.1.101.3.2.1.48.2";
-
- char *goodInput = "yassir2yassir";
- char *diffInput = "yassir2bcn";
-
- char *expectedAscii =
- "[\n"
- "\tTrust Anchors: \n"
- "\t********BEGIN LIST OF TRUST ANCHORS********\n"
- "\t\t"
- "([\n"
- "\tTrusted CA Name: "
- "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
- "\tInitial Name Constraints:(null)\n"
- "]\n"
- ", [\n"
- "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n"
- "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
- "\tInitial Name Constraints:(null)\n"
- "]\n"
- ")\n"
- "\t********END LIST OF TRUST ANCHORS********\n"
- "\tDate: \t\tMon Mar 29 08:48:47 2004\n"
- "\tTarget Constraints: (null)\n"
- "\tInitial Policies: (2.5.29.32.0)\n"
- "\tQualifiers Rejected: FALSE\n"
- "\tCert Stores: (EMPTY)\n"
- "\tResource Limits: [\n"
- "\tMaxTime: 2\n"
- "\tMaxFanout: 3\n"
- "\tMaxDepth: 3\n"
- "]\n\n"
- "\tCRL Checking Enabled: 0\n"
- "]\n";
-
- PKIX_TEST_STD_VARS();
-
- startTests("ProcessingParams");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- if (argc < 2){
- printUsage(argv[0]);
- return (0);
- }
-
- dataCentralDir = argv[j+1];
-
- subTest("PKIX_ProcessingParams_Create");
- goodObject = createProcessingParams
- (dataCentralDir,
- goodInput,
- diffInput,
- NULL,
- NULL,
- PKIX_FALSE,
- plContext);
-
- equalObject = createProcessingParams
- (dataCentralDir,
- goodInput,
- diffInput,
- NULL,
- NULL,
- PKIX_FALSE,
- plContext);
-
- diffObject = createProcessingParams
- (dataCentralDir,
- diffInput,
- goodInput,
- NULL,
- NULL,
- PKIX_FALSE,
- plContext);
-
- testGetAnchors(goodObject, equalObject);
- testGetSetDate(goodObject, equalObject);
- testGetSetCertChainCheckers(goodObject, equalObject);
- testGetSetRevocationCheckers(goodObject, equalObject);
- testGetSetResourceLimits(goodObject, equalObject);
-
- /*
+int
+test_procparams(int argc, char *argv[])
+{
+
+ PKIX_ProcessingParams *goodObject = NULL;
+ PKIX_ProcessingParams *equalObject = NULL;
+ PKIX_ProcessingParams *diffObject = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ char *dataCentralDir = NULL;
+ PKIX_UInt32 j = 0;
+
+ char *oidAnyPolicy = PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID;
+ char *oidNist1Policy = "2.16.840.1.101.3.2.1.48.2";
+
+ char *goodInput = "yassir2yassir";
+ char *diffInput = "yassir2bcn";
+
+ char *expectedAscii =
+ "[\n"
+ "\tTrust Anchors: \n"
+ "\t********BEGIN LIST OF TRUST ANCHORS********\n"
+ "\t\t"
+ "([\n"
+ "\tTrusted CA Name: "
+ "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
+ "\tInitial Name Constraints:(null)\n"
+ "]\n"
+ ", [\n"
+ "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n"
+ "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
+ "\tInitial Name Constraints:(null)\n"
+ "]\n"
+ ")\n"
+ "\t********END LIST OF TRUST ANCHORS********\n"
+ "\tDate: \t\tMon Mar 29 08:48:47 2004\n"
+ "\tTarget Constraints: (null)\n"
+ "\tInitial Policies: (2.5.29.32.0)\n"
+ "\tQualifiers Rejected: FALSE\n"
+ "\tCert Stores: (EMPTY)\n"
+ "\tResource Limits: [\n"
+ "\tMaxTime: 2\n"
+ "\tMaxFanout: 3\n"
+ "\tMaxDepth: 3\n"
+ "]\n\n"
+ "\tCRL Checking Enabled: 0\n"
+ "]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("ProcessingParams");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 2) {
+ printUsage(argv[0]);
+ return (0);
+ }
+
+ dataCentralDir = argv[j + 1];
+
+ subTest("PKIX_ProcessingParams_Create");
+ goodObject = createProcessingParams(dataCentralDir,
+ goodInput,
+ diffInput,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ plContext);
+
+ equalObject = createProcessingParams(dataCentralDir,
+ goodInput,
+ diffInput,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ plContext);
+
+ diffObject = createProcessingParams(dataCentralDir,
+ diffInput,
+ goodInput,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ plContext);
+
+ testGetAnchors(goodObject, equalObject);
+ testGetSetDate(goodObject, equalObject);
+ testGetSetCertChainCheckers(goodObject, equalObject);
+ testGetSetRevocationCheckers(goodObject, equalObject);
+ testGetSetResourceLimits(goodObject, equalObject);
+
+ /*
* XXX testGetSetConstraints(goodObject);
*/
- testGetSetInitialPolicies(goodObject, oidAnyPolicy);
- testGetSetInitialPolicies(equalObject, oidAnyPolicy);
- testGetSetInitialPolicies(diffObject, oidNist1Policy);
- testGetSetPolicyQualifiersRejected(goodObject, PKIX_FALSE);
- testGetSetPolicyQualifiersRejected(equalObject, PKIX_FALSE);
- testGetSetPolicyQualifiersRejected(diffObject, PKIX_TRUE);
+ testGetSetInitialPolicies(goodObject, oidAnyPolicy);
+ testGetSetInitialPolicies(equalObject, oidAnyPolicy);
+ testGetSetInitialPolicies(diffObject, oidNist1Policy);
+ testGetSetPolicyQualifiersRejected(goodObject, PKIX_FALSE);
+ testGetSetPolicyQualifiersRejected(equalObject, PKIX_FALSE);
+ testGetSetPolicyQualifiersRejected(diffObject, PKIX_TRUE);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- equalObject,
- diffObject,
- NULL, /* expectedAscii, */
- ProcessingParams,
- PKIX_FALSE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ NULL, /* expectedAscii, */
+ ProcessingParams,
+ PKIX_FALSE);
- testDestroy(goodObject, equalObject, diffObject);
+ testDestroy(goodObject, equalObject, diffObject);
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("ProcessingParams");
+ endTests("ProcessingParams");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/params/test_resourcelimits.c b/cmd/libpkix/pkix/params/test_resourcelimits.c
index 54cdb32e3..f52c3ef87 100644
--- a/cmd/libpkix/pkix/params/test_resourcelimits.c
+++ b/cmd/libpkix/pkix/params/test_resourcelimits.c
@@ -16,99 +16,84 @@ static void *plContext = NULL;
static void
testDestroy(void *goodObject, void *equalObject, void *diffObject)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_ResourceLimits_Destroy");
+ subTest("PKIX_ResourceLimits_Destroy");
- PKIX_TEST_DECREF_BC(goodObject);
- PKIX_TEST_DECREF_BC(equalObject);
- PKIX_TEST_DECREF_BC(diffObject);
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
-int test_resourcelimits(int argc, char *argv[]) {
-
- PKIX_ResourceLimits *goodObject = NULL;
- PKIX_ResourceLimits *equalObject = NULL;
- PKIX_ResourceLimits *diffObject = NULL;
- PKIX_UInt32 maxTime = 0;
- PKIX_UInt32 maxFanout = 0;
- PKIX_UInt32 maxDepth = 0;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- char *expectedAscii =
- "[\n"
- "\tMaxTime: 10\n"
- "\tMaxFanout: 5\n"
- "\tMaxDepth: 5\n"
- "]\n";
-
- PKIX_TEST_STD_VARS();
-
- startTests("ResourceLimits");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- subTest("PKIX_ResourceLimits_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create
- (&goodObject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create
- (&diffObject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create
- (&equalObject, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime
- (goodObject, 10, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxTime
- (goodObject, &maxTime, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime
- (equalObject, maxTime, plContext));
- maxTime++;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime
- (diffObject, maxTime, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
- (goodObject, 5, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxFanout
- (goodObject, &maxFanout, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
- (equalObject, maxFanout, plContext));
- maxFanout++;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
- (diffObject, maxFanout, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth
- (goodObject, 5, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxDepth
- (goodObject, &maxDepth, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth
- (equalObject, maxDepth, plContext));
- maxDepth++;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth
- (diffObject, maxDepth, plContext));
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- equalObject,
- diffObject,
- expectedAscii,
- ResourceLimits,
- PKIX_FALSE);
-
- testDestroy(goodObject, equalObject, diffObject);
+int
+test_resourcelimits(int argc, char *argv[])
+{
+
+ PKIX_ResourceLimits *goodObject = NULL;
+ PKIX_ResourceLimits *equalObject = NULL;
+ PKIX_ResourceLimits *diffObject = NULL;
+ PKIX_UInt32 maxTime = 0;
+ PKIX_UInt32 maxFanout = 0;
+ PKIX_UInt32 maxDepth = 0;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ char *expectedAscii =
+ "[\n"
+ "\tMaxTime: 10\n"
+ "\tMaxFanout: 5\n"
+ "\tMaxDepth: 5\n"
+ "]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("ResourceLimits");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("PKIX_ResourceLimits_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&goodObject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&diffObject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&equalObject, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(goodObject, 10, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxTime(goodObject, &maxTime, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(equalObject, maxTime, plContext));
+ maxTime++;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(diffObject, maxTime, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(goodObject, 5, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxFanout(goodObject, &maxFanout, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(equalObject, maxFanout, plContext));
+ maxFanout++;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(diffObject, maxFanout, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(goodObject, 5, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxDepth(goodObject, &maxDepth, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(equalObject, maxDepth, plContext));
+ maxDepth++;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(diffObject, maxDepth, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ expectedAscii,
+ ResourceLimits,
+ PKIX_FALSE);
+
+ testDestroy(goodObject, equalObject, diffObject);
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("ResourceLimits");
+ endTests("ResourceLimits");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/params/test_trustanchor.c b/cmd/libpkix/pkix/params/test_trustanchor.c
index b09ecb55c..4bd9d174c 100644
--- a/cmd/libpkix/pkix/params/test_trustanchor.c
+++ b/cmd/libpkix/pkix/params/test_trustanchor.c
@@ -13,250 +13,239 @@
static void *plContext = NULL;
-static
-void createTrustAnchors(
- char *dirName,
- char *goodInput,
- PKIX_TrustAnchor **goodObject,
- PKIX_TrustAnchor **equalObject,
- PKIX_TrustAnchor **diffObject)
+static void
+createTrustAnchors(
+ char *dirName,
+ char *goodInput,
+ PKIX_TrustAnchor **goodObject,
+ PKIX_TrustAnchor **equalObject,
+ PKIX_TrustAnchor **diffObject)
{
- subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <goodObject>");
- *goodObject = createTrustAnchor
- (dirName, goodInput, PKIX_FALSE, plContext);
+ subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <goodObject>");
+ *goodObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext);
- subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <equalObject>");
- *equalObject = createTrustAnchor
- (dirName, goodInput, PKIX_FALSE, plContext);
+ subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <equalObject>");
+ *equalObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext);
- subTest("PKIX_TrustAnchor_CreateWithCert <diffObject>");
- *diffObject = createTrustAnchor
- (dirName, goodInput, PKIX_TRUE, plContext);
+ subTest("PKIX_TrustAnchor_CreateWithCert <diffObject>");
+ *diffObject = createTrustAnchor(dirName, goodInput, PKIX_TRUE, plContext);
}
-static
-void testGetCAName(
- PKIX_PL_Cert *diffCert,
- PKIX_TrustAnchor *equalObject){
+static void
+testGetCAName(
+ PKIX_PL_Cert *diffCert,
+ PKIX_TrustAnchor *equalObject)
+{
- PKIX_PL_X500Name *diffCAName = NULL;
- PKIX_PL_X500Name *equalCAName = NULL;
+ PKIX_PL_X500Name *diffCAName = NULL;
+ PKIX_PL_X500Name *equalCAName = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_TrustAnchor_GetCAName");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_TrustAnchor_GetCAName");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject
- (diffCert, &diffCAName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffCAName, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAName
- (equalObject, &equalCAName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAName(equalObject, &equalCAName, plContext));
- testEqualsHelper((PKIX_PL_Object *)diffCAName,
- (PKIX_PL_Object *)equalCAName,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)diffCAName,
+ (PKIX_PL_Object *)equalCAName,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(diffCAName);
- PKIX_TEST_DECREF_AC(equalCAName);
+ PKIX_TEST_DECREF_AC(diffCAName);
+ PKIX_TEST_DECREF_AC(equalCAName);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetCAPublicKey(
- PKIX_PL_Cert *diffCert,
- PKIX_TrustAnchor *equalObject){
+static void
+testGetCAPublicKey(
+ PKIX_PL_Cert *diffCert,
+ PKIX_TrustAnchor *equalObject)
+{
- PKIX_PL_PublicKey *diffPubKey = NULL;
- PKIX_PL_PublicKey *equalPubKey = NULL;
+ PKIX_PL_PublicKey *diffPubKey = NULL;
+ PKIX_PL_PublicKey *equalPubKey = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_TrustAnchor_GetCAPublicKey");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_TrustAnchor_GetCAPublicKey");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (diffCert, &diffPubKey, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffCert, &diffPubKey, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAPublicKey
- (equalObject, &equalPubKey, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAPublicKey(equalObject, &equalPubKey, plContext));
- testEqualsHelper((PKIX_PL_Object *)diffPubKey,
- (PKIX_PL_Object *)equalPubKey,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)diffPubKey,
+ (PKIX_PL_Object *)equalPubKey,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(diffPubKey);
- PKIX_TEST_DECREF_AC(equalPubKey);
+ PKIX_TEST_DECREF_AC(diffPubKey);
+ PKIX_TEST_DECREF_AC(equalPubKey);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetNameConstraints(char *dirName)
+static void
+testGetNameConstraints(char *dirName)
{
- PKIX_TrustAnchor *goodObject = NULL;
- PKIX_TrustAnchor *equalObject = NULL;
- PKIX_TrustAnchor *diffObject = NULL;
- PKIX_PL_Cert *diffCert;
- PKIX_PL_CertNameConstraints *diffNC = NULL;
- PKIX_PL_CertNameConstraints *equalNC = NULL;
- char *goodInput = "nameConstraintsDN5CACert.crt";
- char *expectedAscii =
- "[\n"
- "\tTrusted CA Name: CN=nameConstraints DN5 CA,"
- "O=Test Certificates,C=US\n"
- "\tTrusted CA PublicKey: PKCS #1 RSA Encryption\n"
- "\tInitial Name Constraints:[\n"
- "\t\tPermitted Name: (OU=permittedSubtree1,"
- "O=Test Certificates,C=US)\n"
- "\t\tExcluded Name: (OU=excludedSubtree1,"
- "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
- "\t]\n"
- "\n"
- "]\n";
-
- PKIX_TEST_STD_VARS();
-
- subTest("Create TrustAnchors and compare");
-
- createTrustAnchors
- (dirName, goodInput, &goodObject, &equalObject, &diffObject);
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- equalObject,
- diffObject,
- expectedAscii,
- TrustAnchor,
- PKIX_TRUE);
-
- subTest("PKIX_TrustAnchor_GetTrustedCert");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert
- (diffObject, &diffCert, plContext));
-
- subTest("PKIX_PL_Cert_GetNameConstraints");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (diffCert, &diffNC, plContext));
-
- subTest("PKIX_TrustAnchor_GetNameConstraints");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetNameConstraints
- (equalObject, &equalNC, plContext));
-
- testEqualsHelper((PKIX_PL_Object *)diffNC,
- (PKIX_PL_Object *)equalNC,
- PKIX_TRUE,
- plContext);
+ PKIX_TrustAnchor *goodObject = NULL;
+ PKIX_TrustAnchor *equalObject = NULL;
+ PKIX_TrustAnchor *diffObject = NULL;
+ PKIX_PL_Cert *diffCert;
+ PKIX_PL_CertNameConstraints *diffNC = NULL;
+ PKIX_PL_CertNameConstraints *equalNC = NULL;
+ char *goodInput = "nameConstraintsDN5CACert.crt";
+ char *expectedAscii =
+ "[\n"
+ "\tTrusted CA Name: CN=nameConstraints DN5 CA,"
+ "O=Test Certificates,C=US\n"
+ "\tTrusted CA PublicKey: PKCS #1 RSA Encryption\n"
+ "\tInitial Name Constraints:[\n"
+ "\t\tPermitted Name: (OU=permittedSubtree1,"
+ "O=Test Certificates,C=US)\n"
+ "\t\tExcluded Name: (OU=excludedSubtree1,"
+ "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
+ "\t]\n"
+ "\n"
+ "]\n";
-cleanup:
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_AC(diffNC);
- PKIX_TEST_DECREF_AC(equalNC);
- PKIX_TEST_DECREF_BC(diffCert);
- PKIX_TEST_DECREF_BC(goodObject);
- PKIX_TEST_DECREF_BC(equalObject);
- PKIX_TEST_DECREF_BC(diffObject);
+ subTest("Create TrustAnchors and compare");
- PKIX_TEST_RETURN();
-}
+ createTrustAnchors(dirName, goodInput, &goodObject, &equalObject, &diffObject);
-static void
-testDestroy(void *goodObject, void *equalObject, void *diffObject)
-{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ expectedAscii,
+ TrustAnchor,
+ PKIX_TRUE);
+
+ subTest("PKIX_TrustAnchor_GetTrustedCert");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext));
+
+ subTest("PKIX_PL_Cert_GetNameConstraints");
- subTest("PKIX_TrustAnchor_Destroy");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(diffCert, &diffNC, plContext));
- PKIX_TEST_DECREF_BC(goodObject);
- PKIX_TEST_DECREF_BC(equalObject);
- PKIX_TEST_DECREF_BC(diffObject);
+ subTest("PKIX_TrustAnchor_GetNameConstraints");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetNameConstraints(equalObject, &equalNC, plContext));
+
+ testEqualsHelper((PKIX_PL_Object *)diffNC,
+ (PKIX_PL_Object *)equalNC,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(diffNC);
+ PKIX_TEST_DECREF_AC(equalNC);
+ PKIX_TEST_DECREF_BC(diffCert);
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(void) {
- (void) printf("\nUSAGE:\ttest_trustanchor <NIST_FILES_DIR> <central-data-dir>\n\n");
-}
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+ PKIX_TEST_STD_VARS();
-int test_trustanchor(int argc, char *argv[]) {
+ subTest("PKIX_TrustAnchor_Destroy");
- PKIX_TrustAnchor *goodObject = NULL;
- PKIX_TrustAnchor *equalObject = NULL;
- PKIX_TrustAnchor *diffObject = NULL;
- PKIX_PL_Cert *diffCert = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
- char *goodInput = "yassir2yassir";
- char *expectedAscii =
- "[\n"
- "\tTrusted CA Name: "
- "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
- "\tInitial Name Constraints:(null)\n"
- "]\n";
- char *dirName = NULL;
- char *dataCentralDir = NULL;
+cleanup:
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_RETURN();
+}
- startTests("TrustAnchor");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_trustanchor <NIST_FILES_DIR> <central-data-dir>\n\n");
+}
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+int
+test_trustanchor(int argc, char *argv[])
+{
- if (argc < 3) {
- printUsage();
- return (0);
- }
+ PKIX_TrustAnchor *goodObject = NULL;
+ PKIX_TrustAnchor *equalObject = NULL;
+ PKIX_TrustAnchor *diffObject = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ char *goodInput = "yassir2yassir";
+ char *expectedAscii =
+ "[\n"
+ "\tTrusted CA Name: "
+ "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
+ "\tInitial Name Constraints:(null)\n"
+ "]\n";
+ char *dirName = NULL;
+ char *dataCentralDir = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("TrustAnchor");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 3) {
+ printUsage();
+ return (0);
+ }
- dirName = argv[j+1];
- dataCentralDir = argv[j+2];
+ dirName = argv[j + 1];
+ dataCentralDir = argv[j + 2];
- createTrustAnchors
- (dataCentralDir,
- goodInput,
- &goodObject,
- &equalObject,
- &diffObject);
+ createTrustAnchors(dataCentralDir,
+ goodInput,
+ &goodObject,
+ &equalObject,
+ &diffObject);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- equalObject,
- diffObject,
- expectedAscii,
- TrustAnchor,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ expectedAscii,
+ TrustAnchor,
+ PKIX_TRUE);
- subTest("PKIX_TrustAnchor_GetTrustedCert");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert
- (diffObject, &diffCert, plContext));
+ subTest("PKIX_TrustAnchor_GetTrustedCert");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext));
- testGetCAName(diffCert, equalObject);
- testGetCAPublicKey(diffCert, equalObject);
+ testGetCAName(diffCert, equalObject);
+ testGetCAPublicKey(diffCert, equalObject);
- testGetNameConstraints(dirName);
+ testGetNameConstraints(dirName);
- testDestroy(goodObject, equalObject, diffObject);
+ testDestroy(goodObject, equalObject, diffObject);
cleanup:
- PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_DECREF_AC(diffCert);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("TrustAnchor");
+ endTests("TrustAnchor");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/params/test_valparams.c b/cmd/libpkix/pkix/params/test_valparams.c
index 454d8ae2f..6419062c4 100644
--- a/cmd/libpkix/pkix/params/test_valparams.c
+++ b/cmd/libpkix/pkix/params/test_valparams.c
@@ -16,253 +16,246 @@ static void *plContext = NULL;
static void
testDestroy(void *goodObject, void *equalObject, void *diffObject)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_ValidateParams_Destroy");
+ subTest("PKIX_ValidateParams_Destroy");
- PKIX_TEST_DECREF_BC(goodObject);
- PKIX_TEST_DECREF_BC(equalObject);
- PKIX_TEST_DECREF_BC(diffObject);
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
-static
-void testGetProcParams(
- PKIX_ValidateParams *goodObject,
- PKIX_ValidateParams *equalObject){
+static void
+testGetProcParams(
+ PKIX_ValidateParams *goodObject,
+ PKIX_ValidateParams *equalObject)
+{
- PKIX_ProcessingParams *goodProcParams = NULL;
- PKIX_ProcessingParams *equalProcParams = NULL;
+ PKIX_ProcessingParams *goodProcParams = NULL;
+ PKIX_ProcessingParams *equalProcParams = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ValidateParams_GetProcessingParams");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ValidateParams_GetProcessingParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
- (goodObject, &goodProcParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(goodObject, &goodProcParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
- (equalObject, &equalProcParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(equalObject, &equalProcParams, plContext));
- testEqualsHelper
- ((PKIX_PL_Object *)goodProcParams,
- (PKIX_PL_Object *)equalProcParams,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)goodProcParams,
+ (PKIX_PL_Object *)equalProcParams,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(goodProcParams);
- PKIX_TEST_DECREF_AC(equalProcParams);
+ PKIX_TEST_DECREF_AC(goodProcParams);
+ PKIX_TEST_DECREF_AC(equalProcParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
+static void
+testGetCertChain(
+ PKIX_ValidateParams *goodObject,
+ PKIX_ValidateParams *equalObject)
+{
-static
-void testGetCertChain(
- PKIX_ValidateParams *goodObject,
- PKIX_ValidateParams *equalObject){
-
- PKIX_List *goodChain = NULL;
- PKIX_List *equalChain = NULL;
+ PKIX_List *goodChain = NULL;
+ PKIX_List *equalChain = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ValidateParams_GetCertChain");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ValidateParams_GetCertChain");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain
- (goodObject, &goodChain, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain(goodObject, &goodChain, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain
- (equalObject, &equalChain, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain(equalObject, &equalChain, plContext));
- testEqualsHelper
- ((PKIX_PL_Object *)goodChain,
- (PKIX_PL_Object *)equalChain,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)goodChain,
+ (PKIX_PL_Object *)equalChain,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(goodChain);
- PKIX_TEST_DECREF_AC(equalChain);
+ PKIX_TEST_DECREF_AC(goodChain);
+ PKIX_TEST_DECREF_AC(equalChain);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(char *pName){
- printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+static void
+printUsage(char *pName)
+{
+ printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
}
-int test_valparams(int argc, char *argv[]) {
-
- PKIX_ValidateParams *goodObject = NULL;
- PKIX_ValidateParams *equalObject = NULL;
- PKIX_ValidateParams *diffObject = NULL;
- PKIX_List *chain = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- char *dirName = NULL;
-
- char *goodInput = "yassir2yassir";
- char *diffInput = "yassir2bcn";
-
- char *expectedAscii =
- "[\n"
- "\tProcessing Params: \n"
- "\t********BEGIN PROCESSING PARAMS********\n"
- "\t\t"
- "[\n"
- "\tTrust Anchors: \n"
- "\t********BEGIN LIST OF TRUST ANCHORS********\n"
- "\t\t"
-"([\n"
- "\tTrusted CA Name: "
- "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
- "\tInitial Name Constraints:(null)\n"
- "]\n"
- ", [\n"
- "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n"
- "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
- "\tInitial Name Constraints:(null)\n"
- "]\n"
- ")\n"
- "\t********END LIST OF TRUST ANCHORS********\n"
- "\tDate: \t\t(null)\n"
- "\tTarget Constraints: (null)\n"
- "\tInitial Policies: (null)\n"
- "\tQualifiers Rejected: FALSE\n"
- "\tCert Stores: (EMPTY)\n"
- "\tCRL Checking Enabled: 0\n"
- "]\n"
- "\n"
- "\t********END PROCESSING PARAMS********\n"
- "\tChain: \t\t"
- "([\n"
- "\tVersion: v3\n"
- "\tSerialNumber: 37bc66ec\n"
- "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tSubject: OU=bcn,OU=east,O=sun,C=us\n"
- "\tValidity: [From: Thu Aug 19 16:19:56 1999\n"
- "\t To: Fri Aug 18 16:19:56 2000]\n"
- "\tSubjectAltNames: (null)\n"
- "\tAuthorityKeyId: (null)\n"
- "\tSubjectKeyId: (null)\n"
- "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
- "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
- "\tExtKeyUsages: (null)\n"
- "\tBasicConstraint: CA(0)\n"
- "\tCertPolicyInfo: (null)\n"
- "\tPolicyMappings: (null)\n"
- "\tExplicitPolicy: -1\n"
- "\tInhibitMapping: -1\n"
- "\tInhibitAnyPolicy:-1\n"
- "\tNameConstraints: (null)\n"
- "]\n"
- ", [\n"
- "\tVersion: v3\n"
- "\tSerialNumber: 37bc65af\n"
- "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tSubject: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tValidity: [From: Thu Aug 19 16:14:39 1999\n"
- "\t To: Fri Aug 18 16:14:39 2000]\n"
- "\tSubjectAltNames: (null)\n"
- "\tAuthorityKeyId: (null)\n"
- "\tSubjectKeyId: (null)\n"
- "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
- "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
- "\tExtKeyUsages: (null)\n"
- "\tBasicConstraint: CA(0)\n"
- "\tCertPolicyInfo: (null)\n"
- "\tPolicyMappings: (null)\n"
- "\tExplicitPolicy: -1\n"
- "\tInhibitMapping: -1\n"
- "\tInhibitAnyPolicy:-1\n"
- "\tNameConstraints: (null)\n"
- "]\n"
- ")\n"
- "]\n";
-
- PKIX_TEST_STD_VARS();
-
- startTests("ValidateParams");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- if (argc < 2){
- printUsage(argv[0]);
- return (0);
- }
-
- dirName = argv[j+1];
-
- subTest("PKIX_ValidateParams_Create");
- chain = createCertChain(dirName, diffInput, goodInput, plContext);
- goodObject = createValidateParams
- (dirName,
- goodInput,
- diffInput,
- NULL,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
- equalObject = createValidateParams
- (dirName,
- goodInput,
- diffInput,
- NULL,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
- diffObject = createValidateParams
- (dirName,
- diffInput,
- goodInput,
- NULL,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
-
- testGetProcParams(goodObject, equalObject);
- testGetCertChain(goodObject, equalObject);
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- equalObject,
- diffObject,
- NULL, /* expectedAscii, */
- ValidateParams,
- PKIX_FALSE);
-
- testDestroy(goodObject, equalObject, diffObject);
+int
+test_valparams(int argc, char *argv[])
+{
+
+ PKIX_ValidateParams *goodObject = NULL;
+ PKIX_ValidateParams *equalObject = NULL;
+ PKIX_ValidateParams *diffObject = NULL;
+ PKIX_List *chain = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ char *dirName = NULL;
+
+ char *goodInput = "yassir2yassir";
+ char *diffInput = "yassir2bcn";
+
+ char *expectedAscii =
+ "[\n"
+ "\tProcessing Params: \n"
+ "\t********BEGIN PROCESSING PARAMS********\n"
+ "\t\t"
+ "[\n"
+ "\tTrust Anchors: \n"
+ "\t********BEGIN LIST OF TRUST ANCHORS********\n"
+ "\t\t"
+ "([\n"
+ "\tTrusted CA Name: "
+ "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
+ "\tInitial Name Constraints:(null)\n"
+ "]\n"
+ ", [\n"
+ "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n"
+ "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
+ "\tInitial Name Constraints:(null)\n"
+ "]\n"
+ ")\n"
+ "\t********END LIST OF TRUST ANCHORS********\n"
+ "\tDate: \t\t(null)\n"
+ "\tTarget Constraints: (null)\n"
+ "\tInitial Policies: (null)\n"
+ "\tQualifiers Rejected: FALSE\n"
+ "\tCert Stores: (EMPTY)\n"
+ "\tCRL Checking Enabled: 0\n"
+ "]\n"
+ "\n"
+ "\t********END PROCESSING PARAMS********\n"
+ "\tChain: \t\t"
+ "([\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 37bc66ec\n"
+ "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tSubject: OU=bcn,OU=east,O=sun,C=us\n"
+ "\tValidity: [From: Thu Aug 19 16:19:56 1999\n"
+ "\t To: Fri Aug 18 16:19:56 2000]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(0)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ", [\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 37bc65af\n"
+ "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tSubject: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tValidity: [From: Thu Aug 19 16:14:39 1999\n"
+ "\t To: Fri Aug 18 16:14:39 2000]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(0)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ")\n"
+ "]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("ValidateParams");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 2) {
+ printUsage(argv[0]);
+ return (0);
+ }
+
+ dirName = argv[j + 1];
+
+ subTest("PKIX_ValidateParams_Create");
+ chain = createCertChain(dirName, diffInput, goodInput, plContext);
+ goodObject = createValidateParams(dirName,
+ goodInput,
+ diffInput,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
+ equalObject = createValidateParams(dirName,
+ goodInput,
+ diffInput,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
+ diffObject = createValidateParams(dirName,
+ diffInput,
+ goodInput,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
+
+ testGetProcParams(goodObject, equalObject);
+ testGetCertChain(goodObject, equalObject);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ NULL, /* expectedAscii, */
+ ValidateParams,
+ PKIX_FALSE);
+
+ testDestroy(goodObject, equalObject, diffObject);
cleanup:
- PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(chain);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("ValidateParams");
+ endTests("ValidateParams");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/results/test_buildresult.c b/cmd/libpkix/pkix/results/test_buildresult.c
index 983af2977..8b13e8eea 100644
--- a/cmd/libpkix/pkix/results/test_buildresult.c
+++ b/cmd/libpkix/pkix/results/test_buildresult.c
@@ -16,203 +16,197 @@ static void *plContext = NULL;
static void
testDestroy(void *goodObject, void *equalObject, void *diffObject)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_BuildResult_Destroy");
+ subTest("PKIX_BuildResult_Destroy");
- PKIX_TEST_DECREF_BC(goodObject);
- PKIX_TEST_DECREF_BC(equalObject);
- PKIX_TEST_DECREF_BC(diffObject);
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
-static
-void testGetValidateResult(
- PKIX_BuildResult *goodObject,
- PKIX_BuildResult *equalObject){
+static void
+testGetValidateResult(
+ PKIX_BuildResult *goodObject,
+ PKIX_BuildResult *equalObject)
+{
- PKIX_ValidateResult *goodValResult = NULL;
- PKIX_ValidateResult *equalValResult = NULL;
+ PKIX_ValidateResult *goodValResult = NULL;
+ PKIX_ValidateResult *equalValResult = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_BuildResult_GetValidateResult");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_BuildResult_GetValidateResult");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetValidateResult
- (goodObject, &goodValResult, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetValidateResult(goodObject, &goodValResult, NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetValidateResult
- (equalObject, &equalValResult, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetValidateResult(equalObject, &equalValResult, NULL));
- testEqualsHelper
- ((PKIX_PL_Object *)goodValResult,
- (PKIX_PL_Object *)equalValResult,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)goodValResult,
+ (PKIX_PL_Object *)equalValResult,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(goodValResult);
- PKIX_TEST_DECREF_AC(equalValResult);
+ PKIX_TEST_DECREF_AC(goodValResult);
+ PKIX_TEST_DECREF_AC(equalValResult);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetCertChain(
- PKIX_BuildResult *goodObject,
- PKIX_BuildResult *equalObject){
+static void
+testGetCertChain(
+ PKIX_BuildResult *goodObject,
+ PKIX_BuildResult *equalObject)
+{
- PKIX_List *goodChain = NULL;
- PKIX_List *equalChain = NULL;
+ PKIX_List *goodChain = NULL;
+ PKIX_List *equalChain = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_BuildResult_GetCertChain");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_BuildResult_GetCertChain");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain
- (goodObject, &goodChain, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(goodObject, &goodChain, NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain
- (equalObject, &equalChain, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(equalObject, &equalChain, NULL));
- testEqualsHelper
- ((PKIX_PL_Object *)goodChain,
- (PKIX_PL_Object *)equalChain,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)goodChain,
+ (PKIX_PL_Object *)equalChain,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(goodChain);
- PKIX_TEST_DECREF_AC(equalChain);
+ PKIX_TEST_DECREF_AC(goodChain);
+ PKIX_TEST_DECREF_AC(equalChain);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(char *pName){
- printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+static void
+printUsage(char *pName)
+{
+ printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
}
-int test_buildresult(int argc, char *argv[]) {
-
- PKIX_BuildResult *goodObject = NULL;
- PKIX_BuildResult *equalObject = NULL;
- PKIX_BuildResult *diffObject = NULL;
- PKIX_UInt32 actualMinorVersion;
- char *dirName = NULL;
- PKIX_UInt32 j = 0;
-
- char *goodInput = "yassir2yassir";
- char *diffInput = "yassir2bcn";
-
- char *expectedAscii =
- "[\n"
- "\tValidateResult: \t\t"
- "[\n"
- "\tTrustAnchor: \t\t"
- "[\n"
- "\tTrusted CA Name: "
- "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
- "\tInitial Name Constraints:(null)\n"
- "]\n"
- "\tPubKey: \t\t"
- "ANSI X9.57 DSA Signature\n"
- "\tPolicyTree: \t\t(null)\n"
- "]\n"
- "\tCertChain: \t\t("
- "[\n"
- "\tVersion: v3\n"
- "\tSerialNumber: 37bc65af\n"
- "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tSubject: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tValidity: [From: Thu Aug 19 16:14:39 1999\n"
- "\t To: Fri Aug 18 16:14:39 2000]\n"
- "\tSubjectAltNames: (null)\n"
- "\tAuthorityKeyId: (null)\n"
- "\tSubjectKeyId: (null)\n"
- "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
- "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
- "\tExtKeyUsages: (null)\n"
- "\tBasicConstraint: CA(0)\n"
- "\tCertPolicyInfo: (null)\n"
- "\tPolicyMappings: (null)\n"
- "\tExplicitPolicy: -1\n"
- "\tInhibitMapping: -1\n"
- "\tInhibitAnyPolicy:-1\n"
- "\tNameConstraints: (null)\n"
- "]\n"
- ", [\n"
- "\tVersion: v3\n"
- "\tSerialNumber: 37bc66ec\n"
- "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tSubject: OU=bcn,OU=east,O=sun,C=us\n"
- "\tValidity: [From: Thu Aug 19 16:19:56 1999\n"
- "\t To: Fri Aug 18 16:19:56 2000]\n"
- "\tSubjectAltNames: (null)\n"
- "\tAuthorityKeyId: (null)\n"
- "\tSubjectKeyId: (null)\n"
- "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
- "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
- "\tExtKeyUsages: (null)\n"
- "\tBasicConstraint: CA(0)\n"
- "\tCertPolicyInfo: (null)\n"
- "\tPolicyMappings: (null)\n"
- "\tExplicitPolicy: -1\n"
- "\tInhibitMapping: -1\n"
- "\tInhibitAnyPolicy:-1\n"
- "\tNameConstraints: (null)\n"
- "]\n"
- ")\n"
- "]\n";
-
- PKIX_TEST_STD_VARS();
-
- startTests("BuildResult");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- if (argc < 2){
- printUsage(argv[0]);
- return (0);
- }
-
- dirName = argv[j+1];
-
- subTest("pkix_BuildResult_Create");
-
- goodObject = createBuildResult
- (dirName, goodInput, diffInput, goodInput, diffInput, plContext);
- equalObject = createBuildResult
- (dirName, goodInput, diffInput, goodInput, diffInput, plContext);
- diffObject = createBuildResult
- (dirName, diffInput, goodInput, diffInput, goodInput, plContext);
-
- testGetValidateResult(goodObject, equalObject);
- testGetCertChain(goodObject, equalObject);
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- equalObject,
- diffObject,
- NULL, /* expectedAscii, */
- BuildResult,
- PKIX_FALSE);
-
- testDestroy(goodObject, equalObject, diffObject);
+int
+test_buildresult(int argc, char *argv[])
+{
+
+ PKIX_BuildResult *goodObject = NULL;
+ PKIX_BuildResult *equalObject = NULL;
+ PKIX_BuildResult *diffObject = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ char *dirName = NULL;
+ PKIX_UInt32 j = 0;
+
+ char *goodInput = "yassir2yassir";
+ char *diffInput = "yassir2bcn";
+
+ char *expectedAscii =
+ "[\n"
+ "\tValidateResult: \t\t"
+ "[\n"
+ "\tTrustAnchor: \t\t"
+ "[\n"
+ "\tTrusted CA Name: "
+ "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
+ "\tInitial Name Constraints:(null)\n"
+ "]\n"
+ "\tPubKey: \t\t"
+ "ANSI X9.57 DSA Signature\n"
+ "\tPolicyTree: \t\t(null)\n"
+ "]\n"
+ "\tCertChain: \t\t("
+ "[\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 37bc65af\n"
+ "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tSubject: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tValidity: [From: Thu Aug 19 16:14:39 1999\n"
+ "\t To: Fri Aug 18 16:14:39 2000]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(0)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ", [\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 37bc66ec\n"
+ "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tSubject: OU=bcn,OU=east,O=sun,C=us\n"
+ "\tValidity: [From: Thu Aug 19 16:19:56 1999\n"
+ "\t To: Fri Aug 18 16:19:56 2000]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(0)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ")\n"
+ "]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("BuildResult");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 2) {
+ printUsage(argv[0]);
+ return (0);
+ }
+
+ dirName = argv[j + 1];
+
+ subTest("pkix_BuildResult_Create");
+
+ goodObject = createBuildResult(dirName, goodInput, diffInput, goodInput, diffInput, plContext);
+ equalObject = createBuildResult(dirName, goodInput, diffInput, goodInput, diffInput, plContext);
+ diffObject = createBuildResult(dirName, diffInput, goodInput, diffInput, goodInput, plContext);
+
+ testGetValidateResult(goodObject, equalObject);
+ testGetCertChain(goodObject, equalObject);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ NULL, /* expectedAscii, */
+ BuildResult,
+ PKIX_FALSE);
+
+ testDestroy(goodObject, equalObject, diffObject);
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("BuildResult");
+ endTests("BuildResult");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/results/test_policynode.c b/cmd/libpkix/pkix/results/test_policynode.c
index 6ec5a58d7..38ac1d95e 100644
--- a/cmd/libpkix/pkix/results/test_policynode.c
+++ b/cmd/libpkix/pkix/results/test_policynode.c
@@ -11,16 +11,16 @@
#include "testutil.h"
#include "testutil_nss.h"
-static void *plContext = NULL;
+static void *plContext = NULL;
static void
test_GetChildren(
- PKIX_PolicyNode *goodNode,
- PKIX_PolicyNode *equalNode,
- PKIX_PolicyNode *diffNode)
+ PKIX_PolicyNode *goodNode,
+ PKIX_PolicyNode *equalNode,
+ PKIX_PolicyNode *diffNode)
{
-/*
+ /*
* Caution: be careful where you insert this test. PKIX_PolicyNode_GetChildren
* is required by the API to return an immutable List, and it does it by setting
* the List immutable. We don't make a copy because the assumption is that
@@ -29,76 +29,67 @@ test_GetChildren(
* such as Prune, will fail if called after the execution of this test.
*/
- PKIX_Boolean isImmutable = PKIX_FALSE;
- PKIX_List *goodList = NULL;
- PKIX_List *equalList = NULL;
- PKIX_List *diffList = NULL;
+ PKIX_Boolean isImmutable = PKIX_FALSE;
+ PKIX_List *goodList = NULL;
+ PKIX_List *equalList = NULL;
+ PKIX_List *diffList = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PolicyNode_GetChildren");
+ subTest("PKIX_PolicyNode_GetChildren");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren
- (goodNode, &goodList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren
- (equalNode, &equalList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren
- (diffNode, &diffList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(goodNode, &goodList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(equalNode, &equalList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(diffNode, &diffList, plContext));
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodList, equalList, diffList, NULL, List, NULL);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, NULL, List, NULL);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable
- (goodList, &isImmutable, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext));
- if (isImmutable != PKIX_TRUE) {
- testError("PKIX_PolicyNode_GetChildren returned a mutable List");
- }
+ if (isImmutable != PKIX_TRUE) {
+ testError("PKIX_PolicyNode_GetChildren returned a mutable List");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodList);
- PKIX_TEST_DECREF_AC(equalList);
- PKIX_TEST_DECREF_AC(diffList);
+ PKIX_TEST_DECREF_AC(goodList);
+ PKIX_TEST_DECREF_AC(equalList);
+ PKIX_TEST_DECREF_AC(diffList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
test_GetParent(
- PKIX_PolicyNode *goodNode,
- PKIX_PolicyNode *equalNode,
- PKIX_PolicyNode *diffNode,
- char *expectedAscii)
+ PKIX_PolicyNode *goodNode,
+ PKIX_PolicyNode *equalNode,
+ PKIX_PolicyNode *diffNode,
+ char *expectedAscii)
{
- PKIX_PolicyNode *goodParent = NULL;
- PKIX_PolicyNode *equalParent = NULL;
- PKIX_PolicyNode *diffParent = NULL;
+ PKIX_PolicyNode *goodParent = NULL;
+ PKIX_PolicyNode *equalParent = NULL;
+ PKIX_PolicyNode *diffParent = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PolicyNode_GetParent");
+ subTest("PKIX_PolicyNode_GetParent");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent
- (goodNode, &goodParent, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent
- (equalNode, &equalParent, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent
- (diffNode, &diffParent, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(goodNode, &goodParent, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(equalNode, &equalParent, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(diffNode, &diffParent, plContext));
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodParent,
- equalParent,
- diffParent,
- expectedAscii,
- CertPolicyNode,
- NULL);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodParent,
+ equalParent,
+ diffParent,
+ expectedAscii,
+ CertPolicyNode,
+ NULL);
cleanup:
- PKIX_TEST_DECREF_AC(goodParent);
- PKIX_TEST_DECREF_AC(equalParent);
- PKIX_TEST_DECREF_AC(diffParent);
+ PKIX_TEST_DECREF_AC(goodParent);
+ PKIX_TEST_DECREF_AC(equalParent);
+ PKIX_TEST_DECREF_AC(diffParent);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/*
@@ -109,229 +100,207 @@ cleanup:
static void
test_DuplicateHelper(PKIX_PolicyNode *object, void *plContext)
{
- PKIX_PolicyNode *newObject = NULL;
- PKIX_Boolean cmpResult;
- PKIX_PL_String *original = NULL;
- PKIX_PL_String *copy = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("testing pkix_PolicyNode_Duplicate");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)object,
- (PKIX_PL_Object **)&newObject,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)object,
- (PKIX_PL_Object *)newObject,
- &cmpResult,
- plContext));
-
- if (!cmpResult){
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)object, &original, plContext));
- testError("unexpected mismatch");
- (void) printf
- ("original value:\t%s\n", original->escAsciiString);
-
- if (newObject) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)newObject, &copy, plContext));
- (void) printf
- ("copy value:\t%s\n", copy->escAsciiString);
- } else {
- (void) printf("copy value:\t(NULL)\n");
- }
+ PKIX_PolicyNode *newObject = NULL;
+ PKIX_Boolean cmpResult;
+ PKIX_PL_String *original = NULL;
+ PKIX_PL_String *copy = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("testing pkix_PolicyNode_Duplicate");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)object,
+ (PKIX_PL_Object **)&newObject,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)object,
+ (PKIX_PL_Object *)newObject,
+ &cmpResult,
+ plContext));
+
+ if (!cmpResult) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)object, &original, plContext));
+ testError("unexpected mismatch");
+ (void)printf("original value:\t%s\n", original->escAsciiString);
+
+ if (newObject) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)newObject, &copy, plContext));
+ (void)printf("copy value:\t%s\n", copy->escAsciiString);
+ } else {
+ (void)printf("copy value:\t(NULL)\n");
}
+ }
cleanup:
- PKIX_TEST_DECREF_AC(newObject);
- PKIX_TEST_DECREF_AC(original);
- PKIX_TEST_DECREF_AC(copy);
+ PKIX_TEST_DECREF_AC(newObject);
+ PKIX_TEST_DECREF_AC(original);
+ PKIX_TEST_DECREF_AC(copy);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
test_GetValidPolicy(
- PKIX_PolicyNode *goodNode,
- PKIX_PolicyNode *equalNode,
- PKIX_PolicyNode *diffNode,
- char *expectedAscii)
+ PKIX_PolicyNode *goodNode,
+ PKIX_PolicyNode *equalNode,
+ PKIX_PolicyNode *diffNode,
+ char *expectedAscii)
{
- PKIX_PL_OID *goodPolicy = NULL;
- PKIX_PL_OID *equalPolicy = NULL;
- PKIX_PL_OID *diffPolicy = NULL;
+ PKIX_PL_OID *goodPolicy = NULL;
+ PKIX_PL_OID *equalPolicy = NULL;
+ PKIX_PL_OID *diffPolicy = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PolicyNode_GetValidPolicy");
+ subTest("PKIX_PolicyNode_GetValidPolicy");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy
- (goodNode, &goodPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy
- (equalNode, &equalPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy
- (diffNode, &diffPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(goodNode, &goodPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(equalNode, &equalPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(diffNode, &diffPolicy, plContext));
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodPolicy, equalPolicy, diffPolicy, expectedAscii, OID, NULL);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPolicy, equalPolicy, diffPolicy, expectedAscii, OID, NULL);
cleanup:
- PKIX_TEST_DECREF_AC(goodPolicy);
- PKIX_TEST_DECREF_AC(equalPolicy);
- PKIX_TEST_DECREF_AC(diffPolicy);
-
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(diffPolicy);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void test_GetPolicyQualifiers(
- PKIX_PolicyNode *goodNode,
- PKIX_PolicyNode *equalNode,
- PKIX_PolicyNode *diffNode,
- char *expectedAscii)
+static void
+test_GetPolicyQualifiers(
+ PKIX_PolicyNode *goodNode,
+ PKIX_PolicyNode *equalNode,
+ PKIX_PolicyNode *diffNode,
+ char *expectedAscii)
{
- PKIX_Boolean isImmutable = PKIX_FALSE;
- PKIX_List *goodList = NULL;
- PKIX_List *equalList = NULL;
- PKIX_List *diffList = NULL;
+ PKIX_Boolean isImmutable = PKIX_FALSE;
+ PKIX_List *goodList = NULL;
+ PKIX_List *equalList = NULL;
+ PKIX_List *diffList = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PolicyNode_GetPolicyQualifiers");
+ subTest("PKIX_PolicyNode_GetPolicyQualifiers");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers
- (goodNode, &goodList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers
- (equalNode, &equalList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers
- (diffNode, &diffList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(goodNode, &goodList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(equalNode, &equalList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(diffNode, &diffList, plContext));
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodList, equalList, diffList, expectedAscii, List, plContext);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, expectedAscii, List, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable
- (goodList, &isImmutable, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext));
- if (isImmutable != PKIX_TRUE) {
- testError
- ("PKIX_PolicyNode_GetPolicyQualifiers returned a mutable List");
- }
+ if (isImmutable != PKIX_TRUE) {
+ testError("PKIX_PolicyNode_GetPolicyQualifiers returned a mutable List");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodList);
- PKIX_TEST_DECREF_AC(equalList);
- PKIX_TEST_DECREF_AC(diffList);
+ PKIX_TEST_DECREF_AC(goodList);
+ PKIX_TEST_DECREF_AC(equalList);
+ PKIX_TEST_DECREF_AC(diffList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void test_GetExpectedPolicies(
- PKIX_PolicyNode *goodNode,
- PKIX_PolicyNode *equalNode,
- PKIX_PolicyNode *diffNode,
- char *expectedAscii)
+static void
+test_GetExpectedPolicies(
+ PKIX_PolicyNode *goodNode,
+ PKIX_PolicyNode *equalNode,
+ PKIX_PolicyNode *diffNode,
+ char *expectedAscii)
{
- PKIX_Boolean isImmutable = PKIX_FALSE;
- PKIX_List *goodList = NULL;
- PKIX_List *equalList = NULL;
- PKIX_List *diffList = NULL;
+ PKIX_Boolean isImmutable = PKIX_FALSE;
+ PKIX_List *goodList = NULL;
+ PKIX_List *equalList = NULL;
+ PKIX_List *diffList = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PolicyNode_GetExpectedPolicies");
+ subTest("PKIX_PolicyNode_GetExpectedPolicies");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies
- (goodNode, &goodList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies
- (equalNode, &equalList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies
- (diffNode, &diffList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(goodNode, &goodList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(equalNode, &equalList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(diffNode, &diffList, plContext));
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodList, equalList, diffList, expectedAscii, List, plContext);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, expectedAscii, List, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable
- (goodList, &isImmutable, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext));
- if (isImmutable != PKIX_TRUE) {
- testError
- ("PKIX_PolicyNode_GetExpectedPolicies returned a mutable List");
- }
+ if (isImmutable != PKIX_TRUE) {
+ testError("PKIX_PolicyNode_GetExpectedPolicies returned a mutable List");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodList);
- PKIX_TEST_DECREF_AC(equalList);
- PKIX_TEST_DECREF_AC(diffList);
+ PKIX_TEST_DECREF_AC(goodList);
+ PKIX_TEST_DECREF_AC(equalList);
+ PKIX_TEST_DECREF_AC(diffList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void test_IsCritical(
- PKIX_PolicyNode *goodNode,
- PKIX_PolicyNode *equalNode,
- PKIX_PolicyNode *diffNode)
+static void
+test_IsCritical(
+ PKIX_PolicyNode *goodNode,
+ PKIX_PolicyNode *equalNode,
+ PKIX_PolicyNode *diffNode)
{
- PKIX_Boolean goodBool = PKIX_FALSE;
- PKIX_Boolean equalBool = PKIX_FALSE;
- PKIX_Boolean diffBool = PKIX_FALSE;
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PolicyNode_IsCritical");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical
- (goodNode, &goodBool, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical
- (equalNode, &equalBool, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical
- (diffNode, &diffBool, plContext));
-
- if ((!goodBool) || (!equalBool) || (diffBool)) {
- testError("IsCritical returned unexpected value");
- }
+ PKIX_Boolean goodBool = PKIX_FALSE;
+ PKIX_Boolean equalBool = PKIX_FALSE;
+ PKIX_Boolean diffBool = PKIX_FALSE;
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PolicyNode_IsCritical");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(goodNode, &goodBool, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(equalNode, &equalBool, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(diffNode, &diffBool, plContext));
+
+ if ((!goodBool) || (!equalBool) || (diffBool)) {
+ testError("IsCritical returned unexpected value");
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void test_GetDepth(
- PKIX_PolicyNode *depth1Node,
- PKIX_PolicyNode *depth2Node,
- PKIX_PolicyNode *depth3Node)
+static void
+test_GetDepth(
+ PKIX_PolicyNode *depth1Node,
+ PKIX_PolicyNode *depth2Node,
+ PKIX_PolicyNode *depth3Node)
{
- PKIX_UInt32 depth1 = 0;
- PKIX_UInt32 depth2 = 0;
- PKIX_UInt32 depth3 = 0;
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PolicyNode_GetDepth");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth
- (depth1Node, &depth1, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth
- (depth2Node, &depth2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth
- (depth3Node, &depth3, plContext));
-
- if ((depth1 != 1) || (depth2 != 2) || (depth3 != 3)) {
- testError("GetDepth returned unexpected value");
- }
+ PKIX_UInt32 depth1 = 0;
+ PKIX_UInt32 depth2 = 0;
+ PKIX_UInt32 depth3 = 0;
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PolicyNode_GetDepth");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth1Node, &depth1, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth2Node, &depth2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth3Node, &depth3, plContext));
+
+ if ((depth1 != 1) || (depth2 != 2) || (depth3 != 3)) {
+ testError("GetDepth returned unexpected value");
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(void) {
- (void) printf("\nUSAGE:\ttest_policynode <NIST_FILES_DIR> \n\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_policynode <NIST_FILES_DIR> \n\n");
}
-int test_policynode(int argc, char *argv[]) {
+int
+test_policynode(int argc, char *argv[])
+{
- /*
+ /*
* Create a tree with parent = anyPolicy,
* child1 with Nist1+Nist2, child2 with Nist1.
* Give each child another child, with policies Nist2
@@ -350,330 +319,294 @@ int test_policynode(int argc, char *argv[]) {
* child5(Nist1)
*
*/
- char *asciiAnyPolicy = "2.5.29.32.0";
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_CertPolicyInfo *nist1Policy = NULL;
- PKIX_PL_CertPolicyInfo *nist2Policy = NULL;
- PKIX_List *policyQualifierList = NULL;
- PKIX_PL_OID *oidAnyPolicy = NULL;
- PKIX_PL_OID *oidNist1Policy = NULL;
- PKIX_PL_OID *oidNist2Policy = NULL;
- PKIX_List *expectedAnyList = NULL;
- PKIX_List *expectedNist1List = NULL;
- PKIX_List *expectedNist2List = NULL;
- PKIX_List *expectedNist1Nist2List = NULL;
- PKIX_List *emptyList = NULL;
- PKIX_PolicyNode *parentNode = NULL;
- PKIX_PolicyNode *childNode1 = NULL;
- PKIX_PolicyNode *childNode2 = NULL;
- PKIX_PolicyNode *childNode3 = NULL;
- PKIX_PolicyNode *childNode4 = NULL;
- PKIX_PolicyNode *childNode5 = NULL;
- PKIX_PL_String *parentString = NULL;
- PKIX_Boolean pDelete = PKIX_FALSE;
- char *expectedParentAscii =
- "{2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5C "
- "1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 65"
- " 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D 2"
- "0 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 69 "
- "73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 66"
- " 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20 6"
- "F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1.3"
- ".6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69 7"
- "3 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 69 "
- "63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 20"
- " 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63 6"
- "1 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 75 "
- "72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101.3"
- ".2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A 20"
- " 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72 2"
- "0 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 "
- "66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 72"
- " 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F 7"
- "4 20 62 65 20 64 69 73 70 6C 61 79 65 64])]),1}\n"
- ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5"
- "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
- "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
- " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
- "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
- "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
- " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2),2}";
- char *expectedValidAscii =
- "2.16.840.1.101.3.2.1.48.2";
- char *expectedQualifiersAscii =
- /* "(1.3.6.1.5.5.7.2.2)"; */
- "(1.3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 "
- "69 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74"
- " 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 7"
- "2 20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 "
- "63 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70"
- " 75 72 70 6F 73 65 73 20 6F 6E 6C 79])";
- char *expectedPoliciesAscii =
- "(2.16.840.1.101.3.2.1.48.1)";
- char *expectedTree =
- "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n"
- ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5"
- "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
- "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
- " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
- "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
- "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
- " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1"
- ".3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69"
- " 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 6"
- "9 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 "
- "20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63"
- " 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 7"
- "5 72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101"
- ".3.2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A "
- "20 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72"
- " 20 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 6"
- "9 66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 "
- "72 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F"
- " 74 20 62 65 20 64 69 73 70 6C 61 79 65 64])]"
- "),1}\n"
- ". . {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30"
- " 5C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 6"
- "8 65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F "
- "6D 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68"
- " 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 2"
- "0 66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 "
- "20 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2)"
- ",2}\n"
- ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5"
- "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
- "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
- " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
- "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
- "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
- " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n"
- ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical,"
- "(2.16.840.1.101.3.2.1.48.1),2}\n"
- ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84"
- "0.1.101.3.2.1.48.1),3}";
- char *expectedPrunedTree =
- "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n"
- ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5"
- "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
- "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
- " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
- "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
- "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
- " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n"
- ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical,"
- "(2.16.840.1.101.3.2.1.48.1),2}\n"
- ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84"
- "0.1.101.3.2.1.48.1),3}";
-
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- char *dirName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 2) {
- printUsage();
- return (0);
- }
+ char *asciiAnyPolicy = "2.5.29.32.0";
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_CertPolicyInfo *nist1Policy = NULL;
+ PKIX_PL_CertPolicyInfo *nist2Policy = NULL;
+ PKIX_List *policyQualifierList = NULL;
+ PKIX_PL_OID *oidAnyPolicy = NULL;
+ PKIX_PL_OID *oidNist1Policy = NULL;
+ PKIX_PL_OID *oidNist2Policy = NULL;
+ PKIX_List *expectedAnyList = NULL;
+ PKIX_List *expectedNist1List = NULL;
+ PKIX_List *expectedNist2List = NULL;
+ PKIX_List *expectedNist1Nist2List = NULL;
+ PKIX_List *emptyList = NULL;
+ PKIX_PolicyNode *parentNode = NULL;
+ PKIX_PolicyNode *childNode1 = NULL;
+ PKIX_PolicyNode *childNode2 = NULL;
+ PKIX_PolicyNode *childNode3 = NULL;
+ PKIX_PolicyNode *childNode4 = NULL;
+ PKIX_PolicyNode *childNode5 = NULL;
+ PKIX_PL_String *parentString = NULL;
+ PKIX_Boolean pDelete = PKIX_FALSE;
+ char *expectedParentAscii =
+ "{2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5C "
+ "1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 65"
+ " 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D 2"
+ "0 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 69 "
+ "73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 66"
+ " 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20 6"
+ "F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1.3"
+ ".6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69 7"
+ "3 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 69 "
+ "63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 20"
+ " 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63 6"
+ "1 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 75 "
+ "72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101.3"
+ ".2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A 20"
+ " 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72 2"
+ "0 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 "
+ "66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 72"
+ " 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F 7"
+ "4 20 62 65 20 64 69 73 70 6C 61 79 65 64])]),1}\n"
+ ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5"
+ "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
+ "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
+ " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
+ "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
+ "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
+ " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2),2}";
+ char *expectedValidAscii =
+ "2.16.840.1.101.3.2.1.48.2";
+ char *expectedQualifiersAscii =
+ /* "(1.3.6.1.5.5.7.2.2)"; */
+ "(1.3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 "
+ "69 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74"
+ " 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 7"
+ "2 20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 "
+ "63 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70"
+ " 75 72 70 6F 73 65 73 20 6F 6E 6C 79])";
+ char *expectedPoliciesAscii =
+ "(2.16.840.1.101.3.2.1.48.1)";
+ char *expectedTree =
+ "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n"
+ ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5"
+ "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
+ "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
+ " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
+ "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
+ "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
+ " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1"
+ ".3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69"
+ " 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 6"
+ "9 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 "
+ "20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63"
+ " 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 7"
+ "5 72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101"
+ ".3.2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A "
+ "20 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72"
+ " 20 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 6"
+ "9 66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 "
+ "72 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F"
+ " 74 20 62 65 20 64 69 73 70 6C 61 79 65 64])]"
+ "),1}\n"
+ ". . {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30"
+ " 5C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 6"
+ "8 65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F "
+ "6D 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68"
+ " 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 2"
+ "0 66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 "
+ "20 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2)"
+ ",2}\n"
+ ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5"
+ "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
+ "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
+ " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
+ "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
+ "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
+ " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n"
+ ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical,"
+ "(2.16.840.1.101.3.2.1.48.1),2}\n"
+ ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84"
+ "0.1.101.3.2.1.48.1),3}";
+ char *expectedPrunedTree =
+ "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n"
+ ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5"
+ "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
+ "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
+ " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
+ "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
+ "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
+ " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n"
+ ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical,"
+ "(2.16.840.1.101.3.2.1.48.1),2}\n"
+ ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84"
+ "0.1.101.3.2.1.48.1),3}";
+
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ char *dirName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 2) {
+ printUsage();
+ return (0);
+ }
- startTests("PolicyNode");
+ startTests("PolicyNode");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- dirName = argv[j+1];
-
- subTest("Creating OID objects");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (asciiAnyPolicy, &oidAnyPolicy, plContext));
-
- /* Read certificates to get real policies, qualifiers */
-
- cert = createCert
- (dirName, "UserNoticeQualifierTest16EE.crt", plContext);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (cert, &expectedNist1Nist2List, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (expectedNist1Nist2List,
- 0,
- (PKIX_PL_Object **)&nist1Policy,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (expectedNist1Nist2List,
- 1,
- (PKIX_PL_Object **)&nist2Policy,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (nist1Policy, &policyQualifierList, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId
- (nist1Policy, &oidNist1Policy, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId
- (nist2Policy, &oidNist2Policy, plContext));
+ dirName = argv[j + 1];
- subTest("Creating expectedPolicy List objects");
+ subTest("Creating OID objects");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiAnyPolicy, &oidAnyPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_Create(&expectedAnyList, plContext));
+ /* Read certificates to get real policies, qualifiers */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_Create(&expectedNist1List, plContext));
+ cert = createCert(dirName, "UserNoticeQualifierTest16EE.crt", plContext);
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_Create(&expectedNist2List, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &expectedNist1Nist2List, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(expectedNist1Nist2List,
+ 0,
+ (PKIX_PL_Object **)&nist1Policy,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(expectedNist1Nist2List,
+ 1,
+ (PKIX_PL_Object **)&nist2Policy,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(nist1Policy, &policyQualifierList, plContext));
- subTest("Populating expectedPolicy List objects");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (expectedAnyList, (PKIX_PL_Object *)oidAnyPolicy, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (expectedNist1List,
- (PKIX_PL_Object *)oidNist1Policy,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(nist1Policy, &oidNist1Policy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (expectedNist2List,
- (PKIX_PL_Object *)oidNist2Policy,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(nist2Policy, &oidNist2Policy, plContext));
- subTest("Creating PolicyNode objects");
+ subTest("Creating expectedPolicy List objects");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedAnyList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
- (oidAnyPolicy,
- NULL,
- PKIX_TRUE,
- expectedAnyList,
- &parentNode,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedNist1List, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
- (oidNist2Policy,
- policyQualifierList,
- PKIX_TRUE,
- expectedNist1Nist2List,
- &childNode1,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedNist2List, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
- (oidNist1Policy,
- policyQualifierList,
- PKIX_TRUE,
- expectedNist1List,
- &childNode2,
- plContext));
+ subTest("Populating expectedPolicy List objects");
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
- (oidNist2Policy,
- policyQualifierList,
- PKIX_TRUE,
- expectedNist2List,
- &childNode3,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedAnyList, (PKIX_PL_Object *)oidAnyPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
- (oidNist1Policy,
- emptyList,
- PKIX_FALSE,
- expectedNist1List,
- &childNode4,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedNist1List,
+ (PKIX_PL_Object *)oidNist1Policy,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
- (oidNist1Policy,
- NULL,
- PKIX_TRUE,
- expectedNist1List,
- &childNode5,
- plContext));
-
- subTest("Creating the PolicyNode tree");
-
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent
- (parentNode, childNode1, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent
- (parentNode, childNode2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedNist2List,
+ (PKIX_PL_Object *)oidNist2Policy,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent
- (childNode1, childNode3, plContext));
+ subTest("Creating PolicyNode objects");
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent
- (childNode2, childNode4, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent
- (childNode4, childNode5, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidAnyPolicy,
+ NULL,
+ PKIX_TRUE,
+ expectedAnyList,
+ &parentNode,
+ plContext));
- subTest("Displaying PolicyNode objects");
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist2Policy,
+ policyQualifierList,
+ PKIX_TRUE,
+ expectedNist1Nist2List,
+ &childNode1,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)parentNode, &parentString, plContext));
- (void) printf("parentNode is\n\t%s\n", parentString->escAsciiString);
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy,
+ policyQualifierList,
+ PKIX_TRUE,
+ expectedNist1List,
+ &childNode2,
+ plContext));
- testToStringHelper
- ((PKIX_PL_Object*)parentNode, expectedTree, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist2Policy,
+ policyQualifierList,
+ PKIX_TRUE,
+ expectedNist2List,
+ &childNode3,
+ plContext));
- test_DuplicateHelper(parentNode, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy,
+ emptyList,
+ PKIX_FALSE,
+ expectedNist1List,
+ &childNode4,
+ plContext));
- test_GetParent(childNode3, childNode3, childNode4, expectedParentAscii);
- test_GetValidPolicy
- (childNode1, childNode3, parentNode, expectedValidAscii);
- test_GetPolicyQualifiers
- (childNode1, childNode3, childNode4, expectedQualifiersAscii);
- test_GetExpectedPolicies
- (childNode2, childNode4, childNode3, expectedPoliciesAscii);
- test_IsCritical(childNode1, childNode2, childNode4);
- test_GetDepth(childNode2, childNode4, childNode5);
-
- subTest("pkix_PolicyNode_Prune");
-
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune
- (parentNode, 2, &pDelete, plContext));
-
- testToStringHelper
- ((PKIX_PL_Object*)parentNode, expectedTree, plContext);
-
- PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune
- (parentNode, 3, &pDelete, plContext));
-
- testToStringHelper
- ((PKIX_PL_Object*)parentNode, expectedPrunedTree, plContext);
-
- test_GetChildren(parentNode, parentNode, childNode2);
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy,
+ NULL,
+ PKIX_TRUE,
+ expectedNist1List,
+ &childNode5,
+ plContext));
-cleanup:
+ subTest("Creating the PolicyNode tree");
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(nist1Policy);
- PKIX_TEST_DECREF_AC(nist2Policy);
- PKIX_TEST_DECREF_AC(policyQualifierList);
- PKIX_TEST_DECREF_AC(oidAnyPolicy);
- PKIX_TEST_DECREF_AC(oidNist1Policy);
- PKIX_TEST_DECREF_AC(oidNist2Policy);
- PKIX_TEST_DECREF_AC(expectedAnyList);
- PKIX_TEST_DECREF_AC(expectedNist1List);
- PKIX_TEST_DECREF_AC(expectedNist2List);
- PKIX_TEST_DECREF_AC(expectedNist1Nist2List);
- PKIX_TEST_DECREF_AC(emptyList);
- PKIX_TEST_DECREF_AC(parentNode);
- PKIX_TEST_DECREF_AC(childNode1);
- PKIX_TEST_DECREF_AC(childNode2);
- PKIX_TEST_DECREF_AC(childNode3);
- PKIX_TEST_DECREF_AC(childNode4);
- PKIX_TEST_DECREF_AC(childNode5);
- PKIX_TEST_DECREF_AC(parentString);
-
- PKIX_Shutdown(plContext);
-
- PKIX_TEST_RETURN();
-
- endTests("PolicyNode");
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(parentNode, childNode1, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(parentNode, childNode2, plContext));
- return (0);
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode1, childNode3, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode2, childNode4, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode4, childNode5, plContext));
+
+ subTest("Displaying PolicyNode objects");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parentNode, &parentString, plContext));
+ (void)printf("parentNode is\n\t%s\n", parentString->escAsciiString);
+
+ testToStringHelper((PKIX_PL_Object *)parentNode, expectedTree, plContext);
+
+ test_DuplicateHelper(parentNode, plContext);
+
+ test_GetParent(childNode3, childNode3, childNode4, expectedParentAscii);
+ test_GetValidPolicy(childNode1, childNode3, parentNode, expectedValidAscii);
+ test_GetPolicyQualifiers(childNode1, childNode3, childNode4, expectedQualifiersAscii);
+ test_GetExpectedPolicies(childNode2, childNode4, childNode3, expectedPoliciesAscii);
+ test_IsCritical(childNode1, childNode2, childNode4);
+ test_GetDepth(childNode2, childNode4, childNode5);
+
+ subTest("pkix_PolicyNode_Prune");
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune(parentNode, 2, &pDelete, plContext));
+
+ testToStringHelper((PKIX_PL_Object *)parentNode, expectedTree, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune(parentNode, 3, &pDelete, plContext));
+
+ testToStringHelper((PKIX_PL_Object *)parentNode, expectedPrunedTree, plContext);
+
+ test_GetChildren(parentNode, parentNode, childNode2);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(nist1Policy);
+ PKIX_TEST_DECREF_AC(nist2Policy);
+ PKIX_TEST_DECREF_AC(policyQualifierList);
+ PKIX_TEST_DECREF_AC(oidAnyPolicy);
+ PKIX_TEST_DECREF_AC(oidNist1Policy);
+ PKIX_TEST_DECREF_AC(oidNist2Policy);
+ PKIX_TEST_DECREF_AC(expectedAnyList);
+ PKIX_TEST_DECREF_AC(expectedNist1List);
+ PKIX_TEST_DECREF_AC(expectedNist2List);
+ PKIX_TEST_DECREF_AC(expectedNist1Nist2List);
+ PKIX_TEST_DECREF_AC(emptyList);
+ PKIX_TEST_DECREF_AC(parentNode);
+ PKIX_TEST_DECREF_AC(childNode1);
+ PKIX_TEST_DECREF_AC(childNode2);
+ PKIX_TEST_DECREF_AC(childNode3);
+ PKIX_TEST_DECREF_AC(childNode4);
+ PKIX_TEST_DECREF_AC(childNode5);
+ PKIX_TEST_DECREF_AC(parentString);
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("PolicyNode");
+
+ return (0);
}
diff --git a/cmd/libpkix/pkix/results/test_valresult.c b/cmd/libpkix/pkix/results/test_valresult.c
index b914e4a81..7760a431e 100644
--- a/cmd/libpkix/pkix/results/test_valresult.c
+++ b/cmd/libpkix/pkix/results/test_valresult.c
@@ -16,192 +16,184 @@ static void *plContext = NULL;
static void
testDestroy(void *goodObject, void *equalObject, void *diffObject)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_ValidateResult_Destroy");
+ subTest("PKIX_ValidateResult_Destroy");
- PKIX_TEST_DECREF_BC(goodObject);
- PKIX_TEST_DECREF_BC(equalObject);
- PKIX_TEST_DECREF_BC(diffObject);
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
-static
-void testGetPublicKey(
- PKIX_ValidateResult *goodObject,
- PKIX_ValidateResult *equalObject){
+static void
+testGetPublicKey(
+ PKIX_ValidateResult *goodObject,
+ PKIX_ValidateResult *equalObject)
+{
- PKIX_PL_PublicKey *goodPubKey = NULL;
- PKIX_PL_PublicKey *equalPubKey = NULL;
+ PKIX_PL_PublicKey *goodPubKey = NULL;
+ PKIX_PL_PublicKey *equalPubKey = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ValidateResult_GetPublicKey");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ValidateResult_GetPublicKey");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPublicKey
- (goodObject, &goodPubKey, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPublicKey(goodObject, &goodPubKey, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPublicKey
- (equalObject, &equalPubKey, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPublicKey(equalObject, &equalPubKey, plContext));
- testEqualsHelper
- ((PKIX_PL_Object *)goodPubKey,
- (PKIX_PL_Object *)equalPubKey,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)goodPubKey,
+ (PKIX_PL_Object *)equalPubKey,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(goodPubKey);
- PKIX_TEST_DECREF_AC(equalPubKey);
+ PKIX_TEST_DECREF_AC(goodPubKey);
+ PKIX_TEST_DECREF_AC(equalPubKey);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetTrustAnchor(
- PKIX_ValidateResult *goodObject,
- PKIX_ValidateResult *equalObject){
+static void
+testGetTrustAnchor(
+ PKIX_ValidateResult *goodObject,
+ PKIX_ValidateResult *equalObject)
+{
- PKIX_TrustAnchor *goodAnchor = NULL;
- PKIX_TrustAnchor *equalAnchor = NULL;
+ PKIX_TrustAnchor *goodAnchor = NULL;
+ PKIX_TrustAnchor *equalAnchor = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ValidateResult_GetTrustAnchor");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ValidateResult_GetTrustAnchor");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetTrustAnchor
- (goodObject, &goodAnchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetTrustAnchor(goodObject, &goodAnchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetTrustAnchor
- (equalObject, &equalAnchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetTrustAnchor(equalObject, &equalAnchor, plContext));
- testEqualsHelper
- ((PKIX_PL_Object *)goodAnchor,
- (PKIX_PL_Object *)equalAnchor,
- PKIX_TRUE,
- plContext);
+ testEqualsHelper((PKIX_PL_Object *)goodAnchor,
+ (PKIX_PL_Object *)equalAnchor,
+ PKIX_TRUE,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(goodAnchor);
- PKIX_TEST_DECREF_AC(equalAnchor);
+ PKIX_TEST_DECREF_AC(goodAnchor);
+ PKIX_TEST_DECREF_AC(equalAnchor);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetPolicyTree(
- PKIX_ValidateResult *goodObject,
- PKIX_ValidateResult *equalObject){
+static void
+testGetPolicyTree(
+ PKIX_ValidateResult *goodObject,
+ PKIX_ValidateResult *equalObject)
+{
- PKIX_PolicyNode *goodTree = NULL;
- PKIX_PolicyNode *equalTree = NULL;
+ PKIX_PolicyNode *goodTree = NULL;
+ PKIX_PolicyNode *equalTree = NULL;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_ValidateResult_GetPolicyTree");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_ValidateResult_GetPolicyTree");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree
- (goodObject, &goodTree, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(goodObject, &goodTree, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree
- (equalObject, &equalTree, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(equalObject, &equalTree, plContext));
- if (goodTree) {
- testEqualsHelper
- ((PKIX_PL_Object *)goodTree,
- (PKIX_PL_Object *)equalTree,
- PKIX_TRUE,
- plContext);
- } else if (equalTree) {
- pkixTestErrorMsg = "Mismatch: NULL and non-NULL Policy Trees";
- }
+ if (goodTree) {
+ testEqualsHelper((PKIX_PL_Object *)goodTree,
+ (PKIX_PL_Object *)equalTree,
+ PKIX_TRUE,
+ plContext);
+ } else if (equalTree) {
+ pkixTestErrorMsg = "Mismatch: NULL and non-NULL Policy Trees";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodTree);
- PKIX_TEST_DECREF_AC(equalTree);
+ PKIX_TEST_DECREF_AC(goodTree);
+ PKIX_TEST_DECREF_AC(equalTree);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(char *pName){
- printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+static void
+printUsage(char *pName)
+{
+ printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
}
-int test_valresult(int argc, char *argv[]) {
-
- PKIX_ValidateResult *goodObject = NULL;
- PKIX_ValidateResult *equalObject = NULL;
- PKIX_ValidateResult *diffObject = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- char *goodInput = "yassir2yassir";
- char *diffInput = "yassir2bcn";
- char *dirName = NULL;
-
- char *expectedAscii =
- "[\n"
- "\tTrustAnchor: \t\t"
- "[\n"
- "\tTrusted CA Name: "
- "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
- "\tInitial Name Constraints:(null)\n"
- "]\n"
- "\tPubKey: \t\t"
- "ANSI X9.57 DSA Signature\n"
- "\tPolicyTree: \t\t(null)\n"
- "]\n";
-
- PKIX_TEST_STD_VARS();
-
- startTests("ValidateResult");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- if (argc < 2){
- printUsage(argv[0]);
- return (0);
- }
-
- dirName = argv[j+1];
-
- subTest("pkix_ValidateResult_Create");
-
- goodObject = createValidateResult
- (dirName, goodInput, diffInput, plContext);
- equalObject = createValidateResult
- (dirName, goodInput, diffInput, plContext);
- diffObject = createValidateResult
- (dirName, diffInput, goodInput, plContext);
-
- testGetPublicKey(goodObject, equalObject);
- testGetTrustAnchor(goodObject, equalObject);
- testGetPolicyTree(goodObject, equalObject);
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- equalObject,
- diffObject,
- expectedAscii,
- ValidateResult,
- PKIX_FALSE);
-
- testDestroy(goodObject, equalObject, diffObject);
+int
+test_valresult(int argc, char *argv[])
+{
+
+ PKIX_ValidateResult *goodObject = NULL;
+ PKIX_ValidateResult *equalObject = NULL;
+ PKIX_ValidateResult *diffObject = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ char *goodInput = "yassir2yassir";
+ char *diffInput = "yassir2bcn";
+ char *dirName = NULL;
+
+ char *expectedAscii =
+ "[\n"
+ "\tTrustAnchor: \t\t"
+ "[\n"
+ "\tTrusted CA Name: "
+ "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n"
+ "\tInitial Name Constraints:(null)\n"
+ "]\n"
+ "\tPubKey: \t\t"
+ "ANSI X9.57 DSA Signature\n"
+ "\tPolicyTree: \t\t(null)\n"
+ "]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("ValidateResult");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 2) {
+ printUsage(argv[0]);
+ return (0);
+ }
+
+ dirName = argv[j + 1];
+
+ subTest("pkix_ValidateResult_Create");
+
+ goodObject = createValidateResult(dirName, goodInput, diffInput, plContext);
+ equalObject = createValidateResult(dirName, goodInput, diffInput, plContext);
+ diffObject = createValidateResult(dirName, diffInput, goodInput, plContext);
+
+ testGetPublicKey(goodObject, equalObject);
+ testGetTrustAnchor(goodObject, equalObject);
+ testGetPolicyTree(goodObject, equalObject);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ expectedAscii,
+ ValidateResult,
+ PKIX_FALSE);
+
+ testDestroy(goodObject, equalObject, diffObject);
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("ValidateResult");
+ endTests("ValidateResult");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/results/test_verifynode.c b/cmd/libpkix/pkix/results/test_verifynode.c
index 2b8e1c3f7..21c61aa96 100644
--- a/cmd/libpkix/pkix/results/test_verifynode.c
+++ b/cmd/libpkix/pkix/results/test_verifynode.c
@@ -11,110 +11,102 @@
#include "testutil.h"
#include "testutil_nss.h"
-static void *plContext = NULL;
+static void *plContext = NULL;
-static
-void printUsage(void) {
- (void) printf("\nUSAGE:\ttest_verifynode path cert1 cert2 cert3\n\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_verifynode path cert1 cert2 cert3\n\n");
}
-int test_verifynode(int argc, char *argv[]) {
+int
+test_verifynode(int argc, char *argv[])
+{
- /*
+ /*
* Create a tree with parent = cert1, child=cert2, grandchild=cert3
*/
- PKIX_PL_Cert *cert1 = NULL;
- PKIX_PL_Cert *cert2 = NULL;
- PKIX_PL_Cert *cert3 = NULL;
- PKIX_VerifyNode *parentNode = NULL;
- PKIX_VerifyNode *childNode = NULL;
- PKIX_VerifyNode *grandChildNode = NULL;
- PKIX_PL_String *parentString = NULL;
-
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- char *dirName = NULL;
- char *twoNodeAscii = "CERT[Issuer:CN=Trust Anchor,O=Test Cert"
- "ificates,C=US, Subject:CN=Trust Anchor,O=Test Certif"
- "icates,C=US], depth=0, error=(null)\n. CERT[Issuer:C"
- "N=Trust Anchor,O=Test Certificates,C=US, Subject:CN="
- "Good CA,O=Test Certificates,C=US], depth=1, error=(null)";
- char *threeNodeAscii = "CERT[Issuer:CN=Trust Anchor,O=Test Ce"
- "rtificates,C=US, Subject:CN=Trust Anchor,O=Test Cert"
- "ificates,C=US], depth=0, error=(null)\n. CERT[Issuer"
- ":CN=Trust Anchor,O=Test Certificates,C=US, Subject:C"
- "N=Good CA,O=Test Certificates,C=US], depth=1, error="
- "(null)\n. . CERT[Issuer:CN=Good CA,O=Test Certificat"
- "es,C=US, Subject:CN=Valid EE Certificate Test1,O=Tes"
- "t Certificates,C=US], depth=2, error=(null)";
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 3) {
- printUsage();
- return (0);
- }
+ PKIX_PL_Cert *cert1 = NULL;
+ PKIX_PL_Cert *cert2 = NULL;
+ PKIX_PL_Cert *cert3 = NULL;
+ PKIX_VerifyNode *parentNode = NULL;
+ PKIX_VerifyNode *childNode = NULL;
+ PKIX_VerifyNode *grandChildNode = NULL;
+ PKIX_PL_String *parentString = NULL;
+
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ char *dirName = NULL;
+ char *twoNodeAscii = "CERT[Issuer:CN=Trust Anchor,O=Test Cert"
+ "ificates,C=US, Subject:CN=Trust Anchor,O=Test Certif"
+ "icates,C=US], depth=0, error=(null)\n. CERT[Issuer:C"
+ "N=Trust Anchor,O=Test Certificates,C=US, Subject:CN="
+ "Good CA,O=Test Certificates,C=US], depth=1, error=(null)";
+ char *threeNodeAscii = "CERT[Issuer:CN=Trust Anchor,O=Test Ce"
+ "rtificates,C=US, Subject:CN=Trust Anchor,O=Test Cert"
+ "ificates,C=US], depth=0, error=(null)\n. CERT[Issuer"
+ ":CN=Trust Anchor,O=Test Certificates,C=US, Subject:C"
+ "N=Good CA,O=Test Certificates,C=US], depth=1, error="
+ "(null)\n. . CERT[Issuer:CN=Good CA,O=Test Certificat"
+ "es,C=US, Subject:CN=Valid EE Certificate Test1,O=Tes"
+ "t Certificates,C=US], depth=2, error=(null)";
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 3) {
+ printUsage();
+ return (0);
+ }
- startTests("VerifyNode");
+ startTests("VerifyNode");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- dirName = argv[++j];
+ dirName = argv[++j];
- subTest("Creating Certs");
+ subTest("Creating Certs");
- cert1 = createCert
- (dirName, argv[++j], plContext);
+ cert1 = createCert(dirName, argv[++j], plContext);
- cert2 = createCert
- (dirName, argv[++j], plContext);
+ cert2 = createCert(dirName, argv[++j], plContext);
- cert3 = createCert
- (dirName, argv[++j], plContext);
+ cert3 = createCert(dirName, argv[++j], plContext);
- subTest("Creating VerifyNode objects");
+ subTest("Creating VerifyNode objects");
- PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create
- (cert1, 0, NULL, &parentNode, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert1, 0, NULL, &parentNode, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create
- (cert2, 1, NULL, &childNode, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert2, 1, NULL, &childNode, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create
- (cert3, 2, NULL, &grandChildNode, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert3, 2, NULL, &grandChildNode, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_AddToChain
- (parentNode, childNode, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_AddToChain(parentNode, childNode, plContext));
- subTest("Creating VerifyNode ToString objects");
+ subTest("Creating VerifyNode ToString objects");
- testToStringHelper
- ((PKIX_PL_Object *)parentNode, twoNodeAscii, plContext);
+ testToStringHelper((PKIX_PL_Object *)parentNode, twoNodeAscii, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_AddToChain
- (parentNode, grandChildNode, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_AddToChain(parentNode, grandChildNode, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)parentNode, &parentString, plContext));
- (void) printf("parentNode is\n\t%s\n", parentString->escAsciiString);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parentNode, &parentString, plContext));
+ (void)printf("parentNode is\n\t%s\n", parentString->escAsciiString);
- testToStringHelper
- ((PKIX_PL_Object *)parentNode, threeNodeAscii, plContext);
+ testToStringHelper((PKIX_PL_Object *)parentNode, threeNodeAscii, plContext);
cleanup:
- PKIX_TEST_DECREF_AC(cert1);
- PKIX_TEST_DECREF_AC(cert2);
- PKIX_TEST_DECREF_AC(parentNode);
- PKIX_TEST_DECREF_AC(childNode);
- PKIX_TEST_DECREF_AC(parentString);
+ PKIX_TEST_DECREF_AC(cert1);
+ PKIX_TEST_DECREF_AC(cert2);
+ PKIX_TEST_DECREF_AC(parentNode);
+ PKIX_TEST_DECREF_AC(childNode);
+ PKIX_TEST_DECREF_AC(parentString);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("VerifyNode");
+ endTests("VerifyNode");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/store/test_store.c b/cmd/libpkix/pkix/store/test_store.c
index 62a261919..59606b892 100755..100644
--- a/cmd/libpkix/pkix/store/test_store.c
+++ b/cmd/libpkix/pkix/store/test_store.c
@@ -13,184 +13,182 @@
static void *plContext = NULL;
-static
-PKIX_Error *testCRLCallback(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrls, /* list of PKIX_PL_Crl */
- void *plContext)
+static PKIX_Error *
+testCRLCallback(
+ PKIX_CertStore *store,
+ PKIX_CRLSelector *selector,
+ void **pNBIOContext,
+ PKIX_List **pCrls, /* list of PKIX_PL_Crl */
+ void *plContext)
{
- return (0);
+ return (0);
}
-static
-PKIX_Error *testCRLContinue(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrls, /* list of PKIX_PL_Crl */
- void *plContext)
+static PKIX_Error *
+testCRLContinue(
+ PKIX_CertStore *store,
+ PKIX_CRLSelector *selector,
+ void **pNBIOContext,
+ PKIX_List **pCrls, /* list of PKIX_PL_Crl */
+ void *plContext)
{
- return (0);
+ return (0);
}
-static
-PKIX_Error *testCertCallback(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCerts, /* list of PKIX_PL_Cert */
- void *plContext)
+static PKIX_Error *
+testCertCallback(
+ PKIX_CertStore *store,
+ PKIX_CertSelector *selector,
+ void **pNBIOContext,
+ PKIX_List **pCerts, /* list of PKIX_PL_Cert */
+ void *plContext)
{
- return (0);
+ return (0);
}
-static
-PKIX_Error *testCertContinue(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCerts, /* list of PKIX_PL_Cert */
- void *plContext)
+static PKIX_Error *
+testCertContinue(
+ PKIX_CertStore *store,
+ PKIX_CertSelector *selector,
+ void **pNBIOContext,
+ PKIX_List **pCerts, /* list of PKIX_PL_Cert */
+ void *plContext)
{
- return (0);
+ return (0);
}
-static char *catDirName(char *platform, char *dir, void *plContext)
+static char *
+catDirName(char *platform, char *dir, void *plContext)
{
- char *pathName = NULL;
- PKIX_UInt32 dirLen;
- PKIX_UInt32 platformLen;
+ char *pathName = NULL;
+ PKIX_UInt32 dirLen;
+ PKIX_UInt32 platformLen;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- dirLen = PL_strlen(dir);
- platformLen = PL_strlen(platform);
+ dirLen = PL_strlen(dir);
+ platformLen = PL_strlen(platform);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
- (platformLen + dirLen + 2, (void **)&pathName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen +
+ dirLen +
+ 2,
+ (void **)&pathName, plContext));
- PL_strcpy(pathName, platform);
- PL_strcat(pathName, "/");
- PL_strcat(pathName, dir);
+ PL_strcpy(pathName, platform);
+ PL_strcat(pathName, "/");
+ PL_strcat(pathName, dir);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (pathName);
+ return (pathName);
}
-static
-void testCertStore(char *crlDir)
+static void
+testCertStore(char *crlDir)
{
- PKIX_PL_String *dirString = NULL;
- PKIX_CertStore *certStore = NULL;
- PKIX_PL_Object *getCertStoreContext = NULL;
- PKIX_CertStore_CertCallback certCallback = NULL;
- PKIX_CertStore_CRLCallback crlCallback = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- crlDir,
- 0,
- &dirString,
- plContext));
-
- subTest("PKIX_CertStore_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create
- (testCertCallback,
- testCRLCallback,
- testCertContinue,
- testCRLContinue,
- NULL, /* trustCallback */
- (PKIX_PL_Object *) dirString,
- PKIX_TRUE, /* cacheFlag */
- PKIX_TRUE, /* local */
- &certStore,
- plContext));
-
- subTest("PKIX_CertStore_GetCertCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
- (certStore, &certCallback, plContext));
-
- if (certCallback != testCertCallback) {
- testError("PKIX_CertStore_GetCertCallback unexpected mismatch");
- }
-
- subTest("PKIX_CertStore_GetCRLCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback
- (certStore, &crlCallback, plContext));
-
- if (crlCallback != testCRLCallback) {
- testError("PKIX_CertStore_GetCRLCallback unexpected mismatch");
- }
-
- subTest("PKIX_CertStore_GetCertStoreContext");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertStore_GetCertStoreContext
- (certStore, &getCertStoreContext, plContext));
-
- if ((PKIX_PL_Object *)dirString != getCertStoreContext) {
- testError("PKIX_CertStore_GetCertStoreContext unexpected mismatch");
- }
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_PL_Object *getCertStoreContext = NULL;
+ PKIX_CertStore_CertCallback certCallback = NULL;
+ PKIX_CertStore_CRLCallback crlCallback = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ crlDir,
+ 0,
+ &dirString,
+ plContext));
+
+ subTest("PKIX_CertStore_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create(testCertCallback,
+ testCRLCallback,
+ testCertContinue,
+ testCRLContinue,
+ NULL, /* trustCallback */
+ (PKIX_PL_Object *)dirString,
+ PKIX_TRUE, /* cacheFlag */
+ PKIX_TRUE, /* local */
+ &certStore,
+ plContext));
+
+ subTest("PKIX_CertStore_GetCertCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, plContext));
+
+ if (certCallback != testCertCallback) {
+ testError("PKIX_CertStore_GetCertCallback unexpected mismatch");
+ }
+
+ subTest("PKIX_CertStore_GetCRLCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, &crlCallback, plContext));
+
+ if (crlCallback != testCRLCallback) {
+ testError("PKIX_CertStore_GetCRLCallback unexpected mismatch");
+ }
+
+ subTest("PKIX_CertStore_GetCertStoreContext");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertStoreContext(certStore, &getCertStoreContext, plContext));
+
+ if ((PKIX_PL_Object *)dirString != getCertStoreContext) {
+ testError("PKIX_CertStore_GetCertStoreContext unexpected mismatch");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(dirString);
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(getCertStoreContext);
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(getCertStoreContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-
-static
-void printUsage(char *pName){
- printf("\nUSAGE: %s testName <data-dir> <platform-dir>\n\n", pName);
+static void
+printUsage(char *pName)
+{
+ printf("\nUSAGE: %s testName <data-dir> <platform-dir>\n\n", pName);
}
/* Functional tests for CertStore public functions */
-int test_store(int argc, char *argv[]) {
-
- char *platformDir = NULL;
- char *dataDir = NULL;
- char *combinedDir = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+int
+test_store(int argc, char *argv[])
+{
- PKIX_TEST_STD_VARS();
+ char *platformDir = NULL;
+ char *dataDir = NULL;
+ char *combinedDir = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_STD_VARS();
- if (argc < (3 + j)) {
- printUsage(argv[0]);
- return (0);
- }
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- startTests(argv[1 + j]);
+ if (argc < (3 + j)) {
+ printUsage(argv[0]);
+ return (0);
+ }
- dataDir = argv[2 + j];
- platformDir = argv[3 + j];
- combinedDir = catDirName(platformDir, dataDir, plContext);
+ startTests(argv[1 + j]);
- testCertStore(combinedDir);
+ dataDir = argv[2 + j];
+ platformDir = argv[3 + j];
+ combinedDir = catDirName(platformDir, dataDir, plContext);
+ testCertStore(combinedDir);
cleanup:
- pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext);
+ pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("CertStore");
+ endTests("CertStore");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_basicchecker.c b/cmd/libpkix/pkix/top/test_basicchecker.c
index 74fb9aad1..658bf67be 100644
--- a/cmd/libpkix/pkix/top/test_basicchecker.c
+++ b/cmd/libpkix/pkix/top/test_basicchecker.c
@@ -13,231 +13,226 @@
static void *plContext = NULL;
-static
-void testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii){
+static void
+testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii)
+{
- PKIX_List *chain = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
+ PKIX_List *chain = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("Basic-Common-Fields <pass>");
- /*
+ subTest("Basic-Common-Fields <pass>");
+ /*
* Tests the Expiration, NameChaining, and Signature Checkers
*/
- chain = createCertChain(dirName, goodInput, diffInput, plContext);
+ chain = createCertChain(dirName, goodInput, diffInput, plContext);
- valParams = createValidateParams
- (dirName,
- goodInput,
- diffInput,
- dateAscii,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
+ valParams = createValidateParams(dirName,
+ goodInput,
+ diffInput,
+ dateAscii,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
- (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+ (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
cleanup:
- PKIX_TEST_DECREF_AC(verifyString);
- PKIX_TEST_DECREF_AC(verifyTree);
- PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(verifyString);
+ PKIX_TEST_DECREF_AC(verifyTree);
+ PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testNameChainingFail(
- char *dirName,
- char *goodInput,
- char *diffInput,
- char *dateAscii)
+static void
+testNameChainingFail(
+ char *dirName,
+ char *goodInput,
+ char *diffInput,
+ char *dateAscii)
{
- PKIX_List *chain = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("NameChaining <fail>");
-
- chain = createCertChain(dirName, diffInput, goodInput, plContext);
-
- valParams = createValidateParams
- (dirName,
- goodInput,
- diffInput,
- dateAscii,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
-
- PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
+ PKIX_List *chain = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("NameChaining <fail>");
+
+ chain = createCertChain(dirName, diffInput, goodInput, plContext);
+
+ valParams = createValidateParams(dirName,
+ goodInput,
+ diffInput,
+ dateAscii,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(verifyString);
- PKIX_TEST_DECREF_AC(verifyTree);
- PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(verifyString);
+ PKIX_TEST_DECREF_AC(verifyTree);
+ PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testDateFail(char *dirName, char *goodInput, char *diffInput){
+static void
+testDateFail(char *dirName, char *goodInput, char *diffInput)
+{
- PKIX_List *chain = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
+ PKIX_List *chain = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- chain = createCertChain(dirName, goodInput, diffInput, plContext);
+ chain = createCertChain(dirName, goodInput, diffInput, plContext);
- subTest("Expiration <fail>");
- valParams = createValidateParams
- (dirName,
- goodInput,
- diffInput,
- NULL,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
+ subTest("Expiration <fail>");
+ valParams = createValidateParams(dirName,
+ goodInput,
+ diffInput,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
- PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
- (valParams, &valResult, NULL, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testSignatureFail(
- char *dirName,
- char *goodInput,
- char *diffInput,
- char *dateAscii)
+static void
+testSignatureFail(
+ char *dirName,
+ char *goodInput,
+ char *diffInput,
+ char *dateAscii)
{
- PKIX_List *chain = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
+ PKIX_List *chain = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("Signature <fail>");
+ subTest("Signature <fail>");
- chain = createCertChain(dirName, diffInput, goodInput, plContext);
+ chain = createCertChain(dirName, diffInput, goodInput, plContext);
- valParams = createValidateParams
- (dirName,
- goodInput,
- diffInput,
- dateAscii,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
+ valParams = createValidateParams(dirName,
+ goodInput,
+ diffInput,
+ dateAscii,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
- PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
- (valParams, &valResult, NULL, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(char *pName){
- printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+static void
+printUsage(char *pName)
+{
+ printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
}
-int test_basicchecker(int argc, char *argv[]) {
+int
+test_basicchecker(int argc, char *argv[])
+{
- char *goodInput = "yassir2yassir";
- char *diffInput = "yassir2bcn";
- char *dateAscii = "991201000000Z";
- char *dirName = NULL;
- PKIX_UInt32 j = 0;
- PKIX_UInt32 actualMinorVersion;
+ char *goodInput = "yassir2yassir";
+ char *diffInput = "yassir2bcn";
+ char *dateAscii = "991201000000Z";
+ char *dirName = NULL;
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 actualMinorVersion;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("SignatureChecker");
+ startTests("SignatureChecker");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- if (argc < 2){
- printUsage(argv[0]);
- return (0);
- }
+ if (argc < 2) {
+ printUsage(argv[0]);
+ return (0);
+ }
- dirName = argv[j+1];
+ dirName = argv[j + 1];
- /* The NameChaining, Expiration, and Signature Checkers all pass */
- testPass(dirName, goodInput, diffInput, dateAscii);
+ /* The NameChaining, Expiration, and Signature Checkers all pass */
+ testPass(dirName, goodInput, diffInput, dateAscii);
- /* Individual Checkers fail */
- testNameChainingFail(dirName, goodInput, diffInput, dateAscii);
- testDateFail(dirName, goodInput, diffInput);
+ /* Individual Checkers fail */
+ testNameChainingFail(dirName, goodInput, diffInput, dateAscii);
+ testDateFail(dirName, goodInput, diffInput);
- /*
+/*
* XXX
* since the signature check is done last, we need to create
* certs whose name chaining passes, but their signatures fail;
* we currently don't have any such certs.
*/
- /* testSignatureFail(goodInput, diffInput, dateAscii); */
-
+/* testSignatureFail(goodInput, diffInput, dateAscii); */
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("SignatureChecker");
+ endTests("SignatureChecker");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_basicconstraintschecker.c b/cmd/libpkix/pkix/top/test_basicconstraintschecker.c
index 3d57b6463..eba5153ac 100644
--- a/cmd/libpkix/pkix/top/test_basicconstraintschecker.c
+++ b/cmd/libpkix/pkix/top/test_basicconstraintschecker.c
@@ -11,80 +11,83 @@
#include "testutil.h"
#include "testutil_nss.h"
-#define PKIX_TEST_MAX_CERTS 10
+#define PKIX_TEST_MAX_CERTS 10
static void *plContext = NULL;
-static
-void printUsage1(char *pName){
- printf("\nUSAGE: %s test-name [ENE|EE] ", pName);
- printf("cert [certs].\n");
+static void
+printUsage1(char *pName)
+{
+ printf("\nUSAGE: %s test-name [ENE|EE] ", pName);
+ printf("cert [certs].\n");
}
-static
-void printUsageMax(PKIX_UInt32 numCerts){
- printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
- numCerts, PKIX_TEST_MAX_CERTS);
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+ printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+ numCerts, PKIX_TEST_MAX_CERTS);
}
-int test_basicconstraintschecker(int argc, char *argv[]){
-
- PKIX_List *chain = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_UInt32 actualMinorVersion;
- char *certNames[PKIX_TEST_MAX_CERTS];
- PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
- PKIX_UInt32 chainLength = 0;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 j = 0;
- PKIX_Boolean testValid = PKIX_FALSE;
- char *dirName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 4){
- printUsage1(argv[0]);
- return (0);
- }
+int
+test_basicconstraintschecker(int argc, char *argv[])
+{
+
+ PKIX_List *chain = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ char *certNames[PKIX_TEST_MAX_CERTS];
+ PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+ PKIX_UInt32 chainLength = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_Boolean testValid = PKIX_FALSE;
+ char *dirName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 4) {
+ printUsage1(argv[0]);
+ return (0);
+ }
- startTests("BasicConstraintsChecker");
+ startTests("BasicConstraintsChecker");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
- testValid = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
- testValid = PKIX_FALSE;
- } else {
- printUsage1(argv[0]);
- return (0);
- }
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage1(argv[0]);
+ return (0);
+ }
- dirName = argv[3+j];
+ dirName = argv[3 + j];
- chainLength = (argc - j) - 4;
- if (chainLength > PKIX_TEST_MAX_CERTS) {
- printUsageMax(chainLength);
- }
+ chainLength = (argc - j) - 4;
+ if (chainLength > PKIX_TEST_MAX_CERTS) {
+ printUsageMax(chainLength);
+ }
- for (i = 0; i < chainLength; i++) {
- certNames[i] = argv[(4+j)+i];
- certs[i] = NULL;
- }
+ for (i = 0; i < chainLength; i++) {
+ certNames[i] = argv[(4 + j) + i];
+ certs[i] = NULL;
+ }
- subTest(argv[1+j]);
+ subTest(argv[1 + j]);
- subTest("Basic-Constraints - Create Cert Chain");
+ subTest("Basic-Constraints - Create Cert Chain");
- chain = createCertChainPlus
- (dirName, certNames, certs, chainLength, plContext);
+ chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
- /*
+ /*
* Error occurs when creating Cert, this is critical and test
* should not continue. Since we expect error, we assume this
* error is the one that is expected, so undo the error count.
@@ -96,49 +99,47 @@ int test_basicconstraintschecker(int argc, char *argv[]){
* calls such creating Cert Chain fails, the test can end and
* considered to be successful.
*/
- if (testValid == PKIX_FALSE && chain == NULL) {
- testErrorUndo("Cert Error - Create failed");
- goto cleanup;
- }
-
- subTest("Basic-Constraints - Create Params");
-
- valParams = createValidateParams
- (dirName,
- argv[4+j],
- NULL,
- NULL,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
-
- subTest("Basic-Constraints - Validate Chain");
-
- if (testValid == PKIX_TRUE) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
- } else {
- PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
- }
+ if (testValid == PKIX_FALSE && chain == NULL) {
+ testErrorUndo("Cert Error - Create failed");
+ goto cleanup;
+ }
+
+ subTest("Basic-Constraints - Create Params");
+
+ valParams = createValidateParams(dirName,
+ argv[4 +
+ j],
+ NULL,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
+
+ subTest("Basic-Constraints - Validate Chain");
+
+ if (testValid == PKIX_TRUE) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+ } else {
+ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+ }
cleanup:
- PKIX_TEST_DECREF_AC(verifyString);
- PKIX_TEST_DECREF_AC(verifyTree);
- PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(verifyString);
+ PKIX_TEST_DECREF_AC(verifyTree);
+ PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("BasicConstraintsChecker");
+ endTests("BasicConstraintsChecker");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_buildchain.c b/cmd/libpkix/pkix/top/test_buildchain.c
index 9aef730ee..5c9ec5968 100644
--- a/cmd/libpkix/pkix/top/test_buildchain.c
+++ b/cmd/libpkix/pkix/top/test_buildchain.c
@@ -26,123 +26,121 @@ static PRIntn hostenum = 0;
static PRStatus prstatus = PR_FAILURE;
static void *ipaddr = NULL;
-
static void *plContext = NULL;
-static void printUsage(void) {
- (void) printf("\nUSAGE:\ttest_buildchain [-arenas] [usebind] "
- "servername[:port] <testName> [ENE|EE]\n"
- "\t <certStoreDirectory> <targetCert>"
- " <intermediate Certs...> <trustedCert>\n\n");
- (void) printf
- ("Builds a chain of certificates from <targetCert> to <trustedCert>\n"
- "using the certs and CRLs in <certStoreDirectory>. "
- "servername[:port] gives\n"
- "the address of an LDAP server. If port is not"
- " specified, port 389 is used. \"-\" means no LDAP server.\n"
- "If ENE is specified, then an Error is Not Expected. "
- "EE indicates an Error is Expected.\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_buildchain [-arenas] [usebind] "
+ "servername[:port] <testName> [ENE|EE]\n"
+ "\t <certStoreDirectory> <targetCert>"
+ " <intermediate Certs...> <trustedCert>\n\n");
+ (void)printf("Builds a chain of certificates from <targetCert> to <trustedCert>\n"
+ "using the certs and CRLs in <certStoreDirectory>. "
+ "servername[:port] gives\n"
+ "the address of an LDAP server. If port is not"
+ " specified, port 389 is used. \"-\" means no LDAP server.\n"
+ "If ENE is specified, then an Error is Not Expected. "
+ "EE indicates an Error is Expected.\n");
}
static PKIX_Error *
createLdapCertStore(
- char *hostname,
- PRIntervalTime timeout,
- PKIX_CertStore **pLdapCertStore,
- void* plContext)
+ char *hostname,
+ PRIntervalTime timeout,
+ PKIX_CertStore **pLdapCertStore,
+ void *plContext)
{
- PRIntn backlog = 0;
+ PRIntn backlog = 0;
- char *bindname = "";
- char *auth = "";
+ char *bindname = "";
+ char *auth = "";
- LDAPBindAPI bindAPI;
- LDAPBindAPI *bindPtr = NULL;
- PKIX_PL_LdapDefaultClient *ldapClient = NULL;
- PKIX_CertStore *ldapCertStore = NULL;
+ LDAPBindAPI bindAPI;
+ LDAPBindAPI *bindPtr = NULL;
+ PKIX_PL_LdapDefaultClient *ldapClient = NULL;
+ PKIX_CertStore *ldapCertStore = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- if (usebind) {
- bindPtr = &bindAPI;
- bindAPI.selector = SIMPLE_AUTH;
- bindAPI.chooser.simple.bindName = bindname;
- bindAPI.chooser.simple.authentication = auth;
- }
+ if (usebind) {
+ bindPtr = &bindAPI;
+ bindAPI.selector = SIMPLE_AUTH;
+ bindAPI.chooser.simple.bindName = bindname;
+ bindAPI.chooser.simple.authentication = auth;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName
- (hostname, timeout, bindPtr, &ldapClient, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create
- ((PKIX_PL_LdapClient *)ldapClient,
- &ldapCertStore,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient,
+ &ldapCertStore,
+ plContext));
- *pLdapCertStore = ldapCertStore;
+ *pLdapCertStore = ldapCertStore;
cleanup:
- PKIX_TEST_DECREF_AC(ldapClient);
+ PKIX_TEST_DECREF_AC(ldapClient);
- PKIX_TEST_RETURN();
-
- return (pkixTestErrorResult);
+ PKIX_TEST_RETURN();
+ return (pkixTestErrorResult);
}
-int test_buildchain(int argc, char *argv[])
+int
+test_buildchain(int argc, char *argv[])
{
- PKIX_BuildResult *buildResult = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_PL_PublicKey *trustedPubKey = NULL;
- PKIX_List *anchors = NULL;
- PKIX_List *certs = NULL;
- PKIX_RevocationChecker *revChecker = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- char *dirName = NULL;
- PKIX_PL_String *dirNameString = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_PL_Cert *targetCert = NULL;
- PKIX_UInt32 actualMinorVersion = 0;
- PKIX_UInt32 numCerts = 0;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 j = 0;
- PKIX_UInt32 k = 0;
- PKIX_CertStore *ldapCertStore = NULL;
- PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */
- /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */
- PKIX_CertStore *certStore = NULL;
- PKIX_List *certStores = NULL;
- PKIX_List *revCheckers = NULL;
- char * asciiResult = NULL;
- PKIX_Boolean result = PKIX_FALSE;
- PKIX_Boolean testValid = PKIX_TRUE;
- PKIX_List *expectedCerts = NULL;
- PKIX_PL_Cert *dirCert = NULL;
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
- PKIX_PL_String *actualCertsString = NULL;
- PKIX_PL_String *expectedCertsString = NULL;
- void *state = NULL;
- char *actualCertsAscii = NULL;
- char *expectedCertsAscii = NULL;
- PRPollDesc *pollDesc = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 5) {
- printUsage();
- return (0);
- }
+ PKIX_BuildResult *buildResult = NULL;
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_PL_PublicKey *trustedPubKey = NULL;
+ PKIX_List *anchors = NULL;
+ PKIX_List *certs = NULL;
+ PKIX_RevocationChecker *revChecker = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ char *dirName = NULL;
+ PKIX_PL_String *dirNameString = NULL;
+ PKIX_PL_Cert *trustedCert = NULL;
+ PKIX_PL_Cert *targetCert = NULL;
+ PKIX_UInt32 actualMinorVersion = 0;
+ PKIX_UInt32 numCerts = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 k = 0;
+ PKIX_CertStore *ldapCertStore = NULL;
+ PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */
+ /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */
+ PKIX_CertStore *certStore = NULL;
+ PKIX_List *certStores = NULL;
+ PKIX_List *revCheckers = NULL;
+ char *asciiResult = NULL;
+ PKIX_Boolean result = PKIX_FALSE;
+ PKIX_Boolean testValid = PKIX_TRUE;
+ PKIX_List *expectedCerts = NULL;
+ PKIX_PL_Cert *dirCert = NULL;
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+ PKIX_PL_String *actualCertsString = NULL;
+ PKIX_PL_String *expectedCertsString = NULL;
+ void *state = NULL;
+ char *actualCertsAscii = NULL;
+ char *expectedCertsAscii = NULL;
+ PRPollDesc *pollDesc = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 5) {
+ printUsage();
+ return (0);
+ }
- startTests("BuildChain");
+ startTests("BuildChain");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- /*
+ /*
* arguments:
* [optional] -arenas
* [optional] usebind
@@ -155,317 +153,266 @@ int test_buildchain(int argc, char *argv[])
* trust anchor
*/
- /* optional argument "usebind" for Ldap CertStore */
- if (argv[j + 1]) {
- if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
- usebind = PKIX_TRUE;
- j++;
- }
+ /* optional argument "usebind" for Ldap CertStore */
+ if (argv[j + 1]) {
+ if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
+ usebind = PKIX_TRUE;
+ j++;
}
+ }
+
+ if (PORT_Strcmp(argv[++j], "-") == 0) {
+ useLDAP = PKIX_FALSE;
+ } else {
+ serverName = argv[j];
+ useLDAP = PKIX_TRUE;
+ }
+
+ subTest(argv[++j]);
+
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[++j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage();
+ return (0);
+ }
- if (PORT_Strcmp(argv[++j], "-") == 0) {
- useLDAP = PKIX_FALSE;
- } else {
- serverName = argv[j];
- useLDAP = PKIX_TRUE;
- }
+ dirName = argv[++j];
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
+
+ for (k = ++j; k < (PKIX_UInt32)argc; k++) {
- subTest(argv[++j]);
+ dirCert = createCert(dirName, argv[k], plContext);
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[++j], "ENE") == 0) {
- testValid = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[j], "EE") == 0) {
- testValid = PKIX_FALSE;
+ if (k == (PKIX_UInt32)(argc - 1)) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+ trustedCert = dirCert;
} else {
- printUsage();
- return (0);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts,
+ (PKIX_PL_Object *)dirCert,
+ plContext));
+
+ if (k == j) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+ targetCert = dirCert;
+ }
}
- dirName = argv[++j];
+ PKIX_TEST_DECREF_BC(dirCert);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
+ /* create processing params with list of trust anchors */
- for (k = ++j; k < (PKIX_UInt32)argc; k++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
- dirCert = createCert(dirName, argv[k], plContext);
+ /* create CertSelector with target certificate in params */
- if (k == (PKIX_UInt32)(argc - 1)) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)dirCert, plContext));
- trustedCert = dirCert;
- } else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (expectedCerts,
- (PKIX_PL_Object *)dirCert,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
- if (k == j) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)dirCert, plContext));
- targetCert = dirCert;
- }
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_DECREF_BC(dirCert);
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
- /* create processing params with list of trust anchors */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
- (trustedCert, &anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (anchors, (PKIX_PL_Object *)anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
- (anchors, &procParams, plContext));
+ /* create CertStores */
- /* create CertSelector with target certificate in params */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetCertificate
- (certSelParams, targetCert, plContext));
+ if (useLDAP == PKIX_TRUE) {
+ PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores,
+ (PKIX_PL_Object *)ldapCertStore,
+ plContext));
+ } else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
- /* create CertStores */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, dirName, 0, &dirNameString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(expectedCerts, &numCerts, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores,
+ NULL, /* testDate, may be NULL */
+ trustedPubKey,
+ numCerts,
+ &revChecker,
+ plContext));
- if (useLDAP == PKIX_TRUE) {
- PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore
- (serverName, timeout, &ldapCertStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (certStores,
- (PKIX_PL_Object *)ldapCertStore,
- plContext));
- } else {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_CollectionCertStore_Create
- (dirNameString, &certStore, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (certStores, (PKIX_PL_Object *)certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
+
+#ifdef debuggingWithoutRevocation
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
+#endif
+
+ /* build cert chain using processing params and return buildResult */
+
+ pkixTestErrorResult = PKIX_BuildChain(procParams,
+ (void **)&pollDesc,
+ &state,
+ &buildResult,
+ &verifyTree,
+ plContext);
+
+ while (pollDesc != NULL) {
+
+ if (PR_Poll(pollDesc, 1, 0) < 0) {
+ testError("PR_Poll failed");
}
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
- (procParams, certStores, plContext));
+ pkixTestErrorResult = PKIX_BuildChain(procParams,
+ (void **)&pollDesc,
+ &state,
+ &buildResult,
+ &verifyTree,
+ plContext);
+ }
+
+ if (pkixTestErrorResult) {
+ if (testValid == PKIX_FALSE) { /* EE */
+ (void)printf("EXPECTED ERROR RECEIVED!\n");
+ } else { /* ENE */
+ testError("UNEXPECTED ERROR RECEIVED");
+ }
+ } else {
+ if (testValid == PKIX_TRUE) { /* ENE */
+ (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+ } else { /* EE */
+ (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+ }
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+ subTest("Displaying VerifyNode objects");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (trustedCert, &trustedPubKey, plContext));
+ if (verifyTree == NULL) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, &verifyString, plContext));
+ } else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (expectedCerts, &numCerts, plContext));
+ (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
- PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize
- (certStores,
- NULL, /* testDate, may be NULL */
- trustedPubKey,
- numCerts,
- &revChecker,
- plContext));
+ if (pkixTestErrorResult) {
+ PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+ goto cleanup;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (revCheckers, (PKIX_PL_Object *)revChecker, plContext));
+ if (buildResult) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
- (procParams, revCheckers, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
-#ifdef debuggingWithoutRevocation
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_FALSE, plContext));
-#endif
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+ printf("\n");
+
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+ i,
+ (PKIX_PL_Object **)&cert,
+ plContext));
+
+ asciiResult = PKIX_Cert2ASCII(cert);
+
+ printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+ /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+ asciiResult = NULL;
- /* build cert chain using processing params and return buildResult */
-
- pkixTestErrorResult = PKIX_BuildChain
- (procParams,
- (void **)&pollDesc,
- &state,
- &buildResult,
- &verifyTree,
- plContext);
-
- while (pollDesc != NULL) {
-
- if (PR_Poll(pollDesc, 1, 0) < 0) {
- testError("PR_Poll failed");
- }
-
- pkixTestErrorResult = PKIX_BuildChain
- (procParams,
- (void **)&pollDesc,
- &state,
- &buildResult,
- &verifyTree,
- plContext);
+ PKIX_TEST_DECREF_BC(cert);
}
- if (pkixTestErrorResult) {
- if (testValid == PKIX_FALSE) { /* EE */
- (void) printf("EXPECTED ERROR RECEIVED!\n");
- } else { /* ENE */
- testError("UNEXPECTED ERROR RECEIVED");
- }
- } else {
- if (testValid == PKIX_TRUE) { /* ENE */
- (void) printf("EXPECTED NON-ERROR RECEIVED!\n");
- } else { /* EE */
- (void) printf("UNEXPECTED NON-ERROR RECEIVED!\n");
- }
- }
-
- subTest("Displaying VerifyNode objects");
-
- if (verifyTree == NULL) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, "(null)", 0, &verifyString, plContext));
- } else {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
- }
-
- (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
-
- if (pkixTestErrorResult) {
- PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
+ (PKIX_PL_Object *)expectedCerts,
+ &result,
+ plContext));
+
+ if (!result) {
+ testError("BUILT CERTCHAIN IS "
+ "NOT THE ONE THAT WAS EXPECTED");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
+ &actualCertsString,
+ plContext));
+
+ actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
+ if (actualCertsAscii == NULL) {
+ pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
- }
+ }
- if (buildResult) {
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_BuildResult_GetCertChain
- (buildResult, &certs, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(certs, &numCerts, plContext));
-
- printf("\n");
-
- for (i = 0; i < numCerts; i++) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (certs,
- i,
- (PKIX_PL_Object**)&cert,
- plContext));
-
- asciiResult = PKIX_Cert2ASCII(cert);
-
- printf("CERT[%d]:\n%s\n", i, asciiResult);
-
- /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Free(asciiResult, NULL));
- asciiResult = NULL;
-
- PKIX_TEST_DECREF_BC(cert);
- }
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Equals
- ((PKIX_PL_Object*)certs,
- (PKIX_PL_Object*)expectedCerts,
- &result,
- plContext));
-
- if (!result) {
- testError("BUILT CERTCHAIN IS "
- "NOT THE ONE THAT WAS EXPECTED");
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)certs,
- &actualCertsString,
- plContext));
-
- actualCertsAscii = PKIX_String2ASCII
- (actualCertsString, plContext);
- if (actualCertsAscii == NULL) {
- pkixTestErrorMsg = "PKIX_String2ASCII Failed";
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)expectedCerts,
- &expectedCertsString,
- plContext));
-
- expectedCertsAscii = PKIX_String2ASCII
- (expectedCertsString, plContext);
- if (expectedCertsAscii == NULL) {
- pkixTestErrorMsg = "PKIX_String2ASCII Failed";
- goto cleanup;
- }
-
- (void) printf("Actual value:\t%s\n", actualCertsAscii);
- (void) printf("Expected value:\t%s\n",
- expectedCertsAscii);
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
+ &expectedCertsString,
+ plContext));
+ expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
+ if (expectedCertsAscii == NULL) {
+ pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+ goto cleanup;
+ }
+
+ (void)printf("Actual value:\t%s\n", actualCertsAscii);
+ (void)printf("Expected value:\t%s\n",
+ expectedCertsAscii);
}
+ }
cleanup:
- PKIX_TEST_DECREF_AC(verifyString);
- PKIX_TEST_DECREF_AC(verifyTree);
-
- PKIX_PL_Free(asciiResult, NULL);
- PKIX_PL_Free(actualCertsAscii, plContext);
- PKIX_PL_Free(expectedCertsAscii, plContext);
-
- PKIX_TEST_DECREF_AC(state);
- PKIX_TEST_DECREF_AC(actualCertsString);
- PKIX_TEST_DECREF_AC(expectedCertsString);
- PKIX_TEST_DECREF_AC(expectedCerts);
- PKIX_TEST_DECREF_AC(buildResult);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(certStores);
- PKIX_TEST_DECREF_AC(revCheckers);
- PKIX_TEST_DECREF_AC(revChecker);
- PKIX_TEST_DECREF_AC(ldapCertStore);
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(dirNameString);
- PKIX_TEST_DECREF_AC(certSelParams);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(anchors);
- PKIX_TEST_DECREF_AC(anchor);
- PKIX_TEST_DECREF_AC(trustedCert);
- PKIX_TEST_DECREF_AC(trustedPubKey);
-
- PKIX_TEST_DECREF_AC(certs);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(targetCert);
-
- PKIX_TEST_RETURN();
-
- PKIX_Shutdown(plContext);
-
- endTests("BuildChain");
-
- return (0);
-
+ PKIX_TEST_DECREF_AC(verifyString);
+ PKIX_TEST_DECREF_AC(verifyTree);
+
+ PKIX_PL_Free(asciiResult, NULL);
+ PKIX_PL_Free(actualCertsAscii, plContext);
+ PKIX_PL_Free(expectedCertsAscii, plContext);
+
+ PKIX_TEST_DECREF_AC(state);
+ PKIX_TEST_DECREF_AC(actualCertsString);
+ PKIX_TEST_DECREF_AC(expectedCertsString);
+ PKIX_TEST_DECREF_AC(expectedCerts);
+ PKIX_TEST_DECREF_AC(buildResult);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(certStores);
+ PKIX_TEST_DECREF_AC(revCheckers);
+ PKIX_TEST_DECREF_AC(revChecker);
+ PKIX_TEST_DECREF_AC(ldapCertStore);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(dirNameString);
+ PKIX_TEST_DECREF_AC(certSelParams);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(anchors);
+ PKIX_TEST_DECREF_AC(anchor);
+ PKIX_TEST_DECREF_AC(trustedCert);
+ PKIX_TEST_DECREF_AC(trustedPubKey);
+
+ PKIX_TEST_DECREF_AC(certs);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(targetCert);
+
+ PKIX_TEST_RETURN();
+
+ PKIX_Shutdown(plContext);
+
+ endTests("BuildChain");
+
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_buildchain_partialchain.c b/cmd/libpkix/pkix/top/test_buildchain_partialchain.c
index 18ebcde59..4861a8e32 100644
--- a/cmd/libpkix/pkix/top/test_buildchain_partialchain.c
+++ b/cmd/libpkix/pkix/top/test_buildchain_partialchain.c
@@ -26,674 +26,594 @@ static PRIntn hostenum = 0;
static PRStatus prstatus = PR_FAILURE;
static void *ipaddr = NULL;
-
static void *plContext = NULL;
-static void printUsage(void) {
- (void) printf("\nUSAGE:\ttest_buildchain [-arenas] [usebind] "
- "servername[:port] <testName> [ENE|EE]\n"
- "\t <certStoreDirectory> <targetCert>"
- " <intermediate Certs...> <trustedCert>\n\n");
- (void) printf
- ("Builds a chain of certificates from <targetCert> to <trustedCert>\n"
- "using the certs and CRLs in <certStoreDirectory>. "
- "servername[:port] gives\n"
- "the address of an LDAP server. If port is not"
- " specified, port 389 is used. \"-\" means no LDAP server.\n"
- "If ENE is specified, then an Error is Not Expected. "
- "EE indicates an Error is Expected.\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_buildchain [-arenas] [usebind] "
+ "servername[:port] <testName> [ENE|EE]\n"
+ "\t <certStoreDirectory> <targetCert>"
+ " <intermediate Certs...> <trustedCert>\n\n");
+ (void)printf("Builds a chain of certificates from <targetCert> to <trustedCert>\n"
+ "using the certs and CRLs in <certStoreDirectory>. "
+ "servername[:port] gives\n"
+ "the address of an LDAP server. If port is not"
+ " specified, port 389 is used. \"-\" means no LDAP server.\n"
+ "If ENE is specified, then an Error is Not Expected. "
+ "EE indicates an Error is Expected.\n");
}
static PKIX_Error *
createLdapCertStore(
- char *hostname,
- PRIntervalTime timeout,
- PKIX_CertStore **pLdapCertStore,
- void* plContext)
+ char *hostname,
+ PRIntervalTime timeout,
+ PKIX_CertStore **pLdapCertStore,
+ void *plContext)
{
- PRIntn backlog = 0;
+ PRIntn backlog = 0;
- char *bindname = "";
- char *auth = "";
+ char *bindname = "";
+ char *auth = "";
- LDAPBindAPI bindAPI;
- LDAPBindAPI *bindPtr = NULL;
- PKIX_PL_LdapDefaultClient *ldapClient = NULL;
- PKIX_CertStore *ldapCertStore = NULL;
+ LDAPBindAPI bindAPI;
+ LDAPBindAPI *bindPtr = NULL;
+ PKIX_PL_LdapDefaultClient *ldapClient = NULL;
+ PKIX_CertStore *ldapCertStore = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- if (usebind) {
- bindPtr = &bindAPI;
- bindAPI.selector = SIMPLE_AUTH;
- bindAPI.chooser.simple.bindName = bindname;
- bindAPI.chooser.simple.authentication = auth;
- }
+ if (usebind) {
+ bindPtr = &bindAPI;
+ bindAPI.selector = SIMPLE_AUTH;
+ bindAPI.chooser.simple.bindName = bindname;
+ bindAPI.chooser.simple.authentication = auth;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName
- (hostname, timeout, bindPtr, &ldapClient, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create
- ((PKIX_PL_LdapClient *)ldapClient,
- &ldapCertStore,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient,
+ &ldapCertStore,
+ plContext));
- *pLdapCertStore = ldapCertStore;
+ *pLdapCertStore = ldapCertStore;
cleanup:
- PKIX_TEST_DECREF_AC(ldapClient);
+ PKIX_TEST_DECREF_AC(ldapClient);
- PKIX_TEST_RETURN();
-
- return (pkixTestErrorResult);
+ PKIX_TEST_RETURN();
+ return (pkixTestErrorResult);
}
/* Test with all Certs in the partial list, no leaf */
static PKIX_Error *
testWithNoLeaf(
- PKIX_PL_Cert *trustedCert,
- PKIX_List *listOfCerts,
- PKIX_PL_Cert *targetCert,
- PKIX_List *certStores,
- PKIX_Boolean testValid,
- void* plContext)
+ PKIX_PL_Cert *trustedCert,
+ PKIX_List *listOfCerts,
+ PKIX_PL_Cert *targetCert,
+ PKIX_List *certStores,
+ PKIX_Boolean testValid,
+ void *plContext)
{
- PKIX_UInt32 numCerts = 0;
- PKIX_UInt32 i = 0;
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_List *anchors = NULL;
- PKIX_List *hintCerts = NULL;
- PKIX_List *revCheckers = NULL;
- PKIX_List *certs = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_PL_PublicKey *trustedPubKey = NULL;
- PKIX_RevocationChecker *revChecker = NULL;
- PKIX_BuildResult *buildResult = NULL;
- PRPollDesc *pollDesc = NULL;
- void *state = NULL;
- char *asciiResult = NULL;
-
- PKIX_TEST_STD_VARS();
-
- /* create processing params with list of trust anchors */
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
- (trustedCert, &anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (anchors, (PKIX_PL_Object *)anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
- (anchors, &procParams, plContext));
-
- /* create CertSelector with no target certificate in params */
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&certSelParams, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext));
-
- /* create hintCerts */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)listOfCerts,
- (PKIX_PL_Object **)&hintCerts,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts
- (procParams, hintCerts, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
- (procParams, certStores, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (trustedCert, &trustedPubKey, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (listOfCerts, &numCerts, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize
- (certStores,
- NULL, /* testDate, may be NULL */
- trustedPubKey,
- numCerts,
- &revChecker,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (revCheckers, (PKIX_PL_Object *)revChecker, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
- (procParams, revCheckers, plContext));
+ PKIX_UInt32 numCerts = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_List *anchors = NULL;
+ PKIX_List *hintCerts = NULL;
+ PKIX_List *revCheckers = NULL;
+ PKIX_List *certs = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_PL_PublicKey *trustedPubKey = NULL;
+ PKIX_RevocationChecker *revChecker = NULL;
+ PKIX_BuildResult *buildResult = NULL;
+ PRPollDesc *pollDesc = NULL;
+ void *state = NULL;
+ char *asciiResult = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ /* create processing params with list of trust anchors */
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+ /* create CertSelector with no target certificate in params */
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+ /* create hintCerts */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts,
+ (PKIX_PL_Object **)&hintCerts,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores,
+ NULL, /* testDate, may be NULL */
+ trustedPubKey,
+ numCerts,
+ &revChecker,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
#ifdef debuggingWithoutRevocation
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_FALSE, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
#endif
- /* build cert chain using processing params and return buildResult */
-
- pkixTestErrorResult = PKIX_BuildChain
- (procParams,
- (void **)&pollDesc,
- &state,
- &buildResult,
- NULL,
- plContext);
-
- while (pollDesc != NULL) {
-
- if (PR_Poll(pollDesc, 1, 0) < 0) {
- testError("PR_Poll failed");
- }
-
- pkixTestErrorResult = PKIX_BuildChain
- (procParams,
- (void **)&pollDesc,
- &state,
- &buildResult,
- NULL,
- plContext);
- }
+ /* build cert chain using processing params and return buildResult */
+
+ pkixTestErrorResult = PKIX_BuildChain(procParams,
+ (void **)&pollDesc,
+ &state,
+ &buildResult,
+ NULL,
+ plContext);
- if (pkixTestErrorResult) {
- if (testValid == PKIX_FALSE) { /* EE */
- (void) printf("EXPECTED ERROR RECEIVED!\n");
- } else { /* ENE */
- testError("UNEXPECTED ERROR RECEIVED");
- }
- PKIX_TEST_DECREF_BC(pkixTestErrorResult);
- goto cleanup;
+ while (pollDesc != NULL) {
+
+ if (PR_Poll(pollDesc, 1, 0) < 0) {
+ testError("PR_Poll failed");
}
- if (testValid == PKIX_TRUE) { /* ENE */
- (void) printf("EXPECTED NON-ERROR RECEIVED!\n");
- } else { /* EE */
- (void) printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+ pkixTestErrorResult = PKIX_BuildChain(procParams,
+ (void **)&pollDesc,
+ &state,
+ &buildResult,
+ NULL,
+ plContext);
+ }
+
+ if (pkixTestErrorResult) {
+ if (testValid == PKIX_FALSE) { /* EE */
+ (void)printf("EXPECTED ERROR RECEIVED!\n");
+ } else { /* ENE */
+ testError("UNEXPECTED ERROR RECEIVED");
}
+ PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+ goto cleanup;
+ }
+
+ if (testValid == PKIX_TRUE) { /* ENE */
+ (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+ } else { /* EE */
+ (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+ }
- if (buildResult) {
+ if (buildResult) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_BuildResult_GetCertChain
- (buildResult, &certs, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(certs, &numCerts, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
- printf("\n");
+ printf("\n");
- for (i = 0; i < numCerts; i++) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (certs,
- i,
- (PKIX_PL_Object**)&cert,
- plContext));
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+ i,
+ (PKIX_PL_Object **)&cert,
+ plContext));
- asciiResult = PKIX_Cert2ASCII(cert);
+ asciiResult = PKIX_Cert2ASCII(cert);
- printf("CERT[%d]:\n%s\n", i, asciiResult);
+ printf("CERT[%d]:\n%s\n", i, asciiResult);
- /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Free(asciiResult, NULL));
- asciiResult = NULL;
+ /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+ asciiResult = NULL;
- PKIX_TEST_DECREF_BC(cert);
- }
+ PKIX_TEST_DECREF_BC(cert);
}
+ }
cleanup:
- PKIX_PL_Free(asciiResult, NULL);
-
- PKIX_TEST_DECREF_AC(state);
- PKIX_TEST_DECREF_AC(buildResult);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(revCheckers);
- PKIX_TEST_DECREF_AC(revChecker);
- PKIX_TEST_DECREF_AC(certSelParams);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(anchors);
- PKIX_TEST_DECREF_AC(anchor);
- PKIX_TEST_DECREF_AC(hintCerts);
- PKIX_TEST_DECREF_AC(trustedPubKey);
- PKIX_TEST_DECREF_AC(certs);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_RETURN();
-
- return (pkixTestErrorResult);
-
+ PKIX_PL_Free(asciiResult, NULL);
+
+ PKIX_TEST_DECREF_AC(state);
+ PKIX_TEST_DECREF_AC(buildResult);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(revCheckers);
+ PKIX_TEST_DECREF_AC(revChecker);
+ PKIX_TEST_DECREF_AC(certSelParams);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(anchors);
+ PKIX_TEST_DECREF_AC(anchor);
+ PKIX_TEST_DECREF_AC(hintCerts);
+ PKIX_TEST_DECREF_AC(trustedPubKey);
+ PKIX_TEST_DECREF_AC(certs);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_RETURN();
+
+ return (pkixTestErrorResult);
}
/* Test with all Certs in the partial list, leaf duplicates the first one */
static PKIX_Error *
testWithDuplicateLeaf(
- PKIX_PL_Cert *trustedCert,
- PKIX_List *listOfCerts,
- PKIX_PL_Cert *targetCert,
- PKIX_List *certStores,
- PKIX_Boolean testValid,
- void* plContext)
+ PKIX_PL_Cert *trustedCert,
+ PKIX_List *listOfCerts,
+ PKIX_PL_Cert *targetCert,
+ PKIX_List *certStores,
+ PKIX_Boolean testValid,
+ void *plContext)
{
- PKIX_UInt32 numCerts = 0;
- PKIX_UInt32 i = 0;
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_List *anchors = NULL;
- PKIX_List *hintCerts = NULL;
- PKIX_List *revCheckers = NULL;
- PKIX_List *certs = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_PL_PublicKey *trustedPubKey = NULL;
- PKIX_RevocationChecker *revChecker = NULL;
- PKIX_BuildResult *buildResult = NULL;
- PRPollDesc *pollDesc = NULL;
- void *state = NULL;
- char *asciiResult = NULL;
-
- PKIX_TEST_STD_VARS();
-
- /* create processing params with list of trust anchors */
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
- (trustedCert, &anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (anchors, (PKIX_PL_Object *)anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
- (anchors, &procParams, plContext));
-
- /* create CertSelector with target certificate in params */
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&certSelParams, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate
- (certSelParams, targetCert, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext));
-
- /* create hintCerts */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)listOfCerts,
- (PKIX_PL_Object **)&hintCerts,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts
- (procParams, hintCerts, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
- (procParams, certStores, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (trustedCert, &trustedPubKey, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (listOfCerts, &numCerts, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize
- (certStores,
- NULL, /* testDate, may be NULL */
- trustedPubKey,
- numCerts,
- &revChecker,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (revCheckers, (PKIX_PL_Object *)revChecker, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
- (procParams, revCheckers, plContext));
+ PKIX_UInt32 numCerts = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_List *anchors = NULL;
+ PKIX_List *hintCerts = NULL;
+ PKIX_List *revCheckers = NULL;
+ PKIX_List *certs = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_PL_PublicKey *trustedPubKey = NULL;
+ PKIX_RevocationChecker *revChecker = NULL;
+ PKIX_BuildResult *buildResult = NULL;
+ PRPollDesc *pollDesc = NULL;
+ void *state = NULL;
+ char *asciiResult = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ /* create processing params with list of trust anchors */
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+ /* create CertSelector with target certificate in params */
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+ /* create hintCerts */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts,
+ (PKIX_PL_Object **)&hintCerts,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores,
+ NULL, /* testDate, may be NULL */
+ trustedPubKey,
+ numCerts,
+ &revChecker,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
#ifdef debuggingWithoutRevocation
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_FALSE, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
#endif
- /* build cert chain using processing params and return buildResult */
-
- pkixTestErrorResult = PKIX_BuildChain
- (procParams,
- (void **)&pollDesc,
- &state,
- &buildResult,
- NULL,
- plContext);
-
- while (pollDesc != NULL) {
-
- if (PR_Poll(pollDesc, 1, 0) < 0) {
- testError("PR_Poll failed");
- }
-
- pkixTestErrorResult = PKIX_BuildChain
- (procParams,
- (void **)&pollDesc,
- &state,
- &buildResult,
- NULL,
- plContext);
- }
+ /* build cert chain using processing params and return buildResult */
+
+ pkixTestErrorResult = PKIX_BuildChain(procParams,
+ (void **)&pollDesc,
+ &state,
+ &buildResult,
+ NULL,
+ plContext);
- if (pkixTestErrorResult) {
- if (testValid == PKIX_FALSE) { /* EE */
- (void) printf("EXPECTED ERROR RECEIVED!\n");
- } else { /* ENE */
- testError("UNEXPECTED ERROR RECEIVED");
- }
- PKIX_TEST_DECREF_BC(pkixTestErrorResult);
- goto cleanup;
+ while (pollDesc != NULL) {
+
+ if (PR_Poll(pollDesc, 1, 0) < 0) {
+ testError("PR_Poll failed");
}
- if (testValid == PKIX_TRUE) { /* ENE */
- (void) printf("EXPECTED NON-ERROR RECEIVED!\n");
- } else { /* EE */
- (void) printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+ pkixTestErrorResult = PKIX_BuildChain(procParams,
+ (void **)&pollDesc,
+ &state,
+ &buildResult,
+ NULL,
+ plContext);
+ }
+
+ if (pkixTestErrorResult) {
+ if (testValid == PKIX_FALSE) { /* EE */
+ (void)printf("EXPECTED ERROR RECEIVED!\n");
+ } else { /* ENE */
+ testError("UNEXPECTED ERROR RECEIVED");
}
+ PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+ goto cleanup;
+ }
+
+ if (testValid == PKIX_TRUE) { /* ENE */
+ (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+ } else { /* EE */
+ (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+ }
- if (buildResult) {
+ if (buildResult) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_BuildResult_GetCertChain
- (buildResult, &certs, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(certs, &numCerts, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
- printf("\n");
+ printf("\n");
- for (i = 0; i < numCerts; i++) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (certs,
- i,
- (PKIX_PL_Object**)&cert,
- plContext));
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+ i,
+ (PKIX_PL_Object **)&cert,
+ plContext));
- asciiResult = PKIX_Cert2ASCII(cert);
+ asciiResult = PKIX_Cert2ASCII(cert);
- printf("CERT[%d]:\n%s\n", i, asciiResult);
+ printf("CERT[%d]:\n%s\n", i, asciiResult);
- /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Free(asciiResult, NULL));
- asciiResult = NULL;
+ /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+ asciiResult = NULL;
- PKIX_TEST_DECREF_BC(cert);
- }
+ PKIX_TEST_DECREF_BC(cert);
}
+ }
cleanup:
- PKIX_PL_Free(asciiResult, NULL);
-
- PKIX_TEST_DECREF_AC(state);
- PKIX_TEST_DECREF_AC(buildResult);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(revCheckers);
- PKIX_TEST_DECREF_AC(revChecker);
- PKIX_TEST_DECREF_AC(certSelParams);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(anchors);
- PKIX_TEST_DECREF_AC(anchor);
- PKIX_TEST_DECREF_AC(hintCerts);
- PKIX_TEST_DECREF_AC(trustedPubKey);
- PKIX_TEST_DECREF_AC(certs);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_RETURN();
-
- return (pkixTestErrorResult);
-
+ PKIX_PL_Free(asciiResult, NULL);
+
+ PKIX_TEST_DECREF_AC(state);
+ PKIX_TEST_DECREF_AC(buildResult);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(revCheckers);
+ PKIX_TEST_DECREF_AC(revChecker);
+ PKIX_TEST_DECREF_AC(certSelParams);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(anchors);
+ PKIX_TEST_DECREF_AC(anchor);
+ PKIX_TEST_DECREF_AC(hintCerts);
+ PKIX_TEST_DECREF_AC(trustedPubKey);
+ PKIX_TEST_DECREF_AC(certs);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_RETURN();
+
+ return (pkixTestErrorResult);
}
/* Test with all Certs except the leaf in the partial list */
static PKIX_Error *
testWithLeafAndChain(
- PKIX_PL_Cert *trustedCert,
- PKIX_List *listOfCerts,
- PKIX_PL_Cert *targetCert,
- PKIX_List *certStores,
- PKIX_Boolean testValid,
- void* plContext)
+ PKIX_PL_Cert *trustedCert,
+ PKIX_List *listOfCerts,
+ PKIX_PL_Cert *targetCert,
+ PKIX_List *certStores,
+ PKIX_Boolean testValid,
+ void *plContext)
{
- PKIX_UInt32 numCerts = 0;
- PKIX_UInt32 i = 0;
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_List *anchors = NULL;
- PKIX_List *hintCerts = NULL;
- PKIX_List *revCheckers = NULL;
- PKIX_List *certs = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_PL_PublicKey *trustedPubKey = NULL;
- PKIX_RevocationChecker *revChecker = NULL;
- PKIX_BuildResult *buildResult = NULL;
- PRPollDesc *pollDesc = NULL;
- void *state = NULL;
- char *asciiResult = NULL;
-
- PKIX_TEST_STD_VARS();
-
- /* create processing params with list of trust anchors */
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
- (trustedCert, &anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (anchors, (PKIX_PL_Object *)anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
- (anchors, &procParams, plContext));
-
- /* create CertSelector with target certificate in params */
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&certSelParams, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate
- (certSelParams, targetCert, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext));
-
- /* create hintCerts */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)listOfCerts,
- (PKIX_PL_Object **)&hintCerts,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem
- (hintCerts, 0, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts
- (procParams, hintCerts, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
- (procParams, certStores, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (trustedCert, &trustedPubKey, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (listOfCerts, &numCerts, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize
- (certStores,
- NULL, /* testDate, may be NULL */
- trustedPubKey,
- numCerts,
- &revChecker,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (revCheckers, (PKIX_PL_Object *)revChecker, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
- (procParams, revCheckers, plContext));
+ PKIX_UInt32 numCerts = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_List *anchors = NULL;
+ PKIX_List *hintCerts = NULL;
+ PKIX_List *revCheckers = NULL;
+ PKIX_List *certs = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_PL_PublicKey *trustedPubKey = NULL;
+ PKIX_RevocationChecker *revChecker = NULL;
+ PKIX_BuildResult *buildResult = NULL;
+ PRPollDesc *pollDesc = NULL;
+ void *state = NULL;
+ char *asciiResult = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ /* create processing params with list of trust anchors */
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+ /* create CertSelector with target certificate in params */
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+ /* create hintCerts */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts,
+ (PKIX_PL_Object **)&hintCerts,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(hintCerts, 0, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores,
+ NULL, /* testDate, may be NULL */
+ trustedPubKey,
+ numCerts,
+ &revChecker,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
#ifdef debuggingWithoutRevocation
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_FALSE, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
#endif
- /* build cert chain using processing params and return buildResult */
-
- pkixTestErrorResult = PKIX_BuildChain
- (procParams,
- (void **)&pollDesc,
- &state,
- &buildResult,
- NULL,
- plContext);
-
- while (pollDesc != NULL) {
-
- if (PR_Poll(pollDesc, 1, 0) < 0) {
- testError("PR_Poll failed");
- }
-
- pkixTestErrorResult = PKIX_BuildChain
- (procParams,
- (void **)&pollDesc,
- &state,
- &buildResult,
- NULL,
- plContext);
- }
+ /* build cert chain using processing params and return buildResult */
- if (pkixTestErrorResult) {
- if (testValid == PKIX_FALSE) { /* EE */
- (void) printf("EXPECTED ERROR RECEIVED!\n");
- } else { /* ENE */
- testError("UNEXPECTED ERROR RECEIVED");
- }
- PKIX_TEST_DECREF_BC(pkixTestErrorResult);
- goto cleanup;
+ pkixTestErrorResult = PKIX_BuildChain(procParams,
+ (void **)&pollDesc,
+ &state,
+ &buildResult,
+ NULL,
+ plContext);
+
+ while (pollDesc != NULL) {
+
+ if (PR_Poll(pollDesc, 1, 0) < 0) {
+ testError("PR_Poll failed");
}
- if (testValid == PKIX_TRUE) { /* ENE */
- (void) printf("EXPECTED NON-ERROR RECEIVED!\n");
- } else { /* EE */
- (void) printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+ pkixTestErrorResult = PKIX_BuildChain(procParams,
+ (void **)&pollDesc,
+ &state,
+ &buildResult,
+ NULL,
+ plContext);
+ }
+
+ if (pkixTestErrorResult) {
+ if (testValid == PKIX_FALSE) { /* EE */
+ (void)printf("EXPECTED ERROR RECEIVED!\n");
+ } else { /* ENE */
+ testError("UNEXPECTED ERROR RECEIVED");
}
+ PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+ goto cleanup;
+ }
+
+ if (testValid == PKIX_TRUE) { /* ENE */
+ (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+ } else { /* EE */
+ (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+ }
- if (buildResult) {
+ if (buildResult) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_BuildResult_GetCertChain
- (buildResult, &certs, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(certs, &numCerts, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
- printf("\n");
+ printf("\n");
- for (i = 0; i < numCerts; i++) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (certs,
- i,
- (PKIX_PL_Object**)&cert,
- plContext));
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+ i,
+ (PKIX_PL_Object **)&cert,
+ plContext));
- asciiResult = PKIX_Cert2ASCII(cert);
+ asciiResult = PKIX_Cert2ASCII(cert);
- printf("CERT[%d]:\n%s\n", i, asciiResult);
+ printf("CERT[%d]:\n%s\n", i, asciiResult);
- /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Free(asciiResult, NULL));
- asciiResult = NULL;
+ /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+ asciiResult = NULL;
- PKIX_TEST_DECREF_BC(cert);
- }
+ PKIX_TEST_DECREF_BC(cert);
}
+ }
cleanup:
- PKIX_TEST_DECREF_AC(state);
- PKIX_TEST_DECREF_AC(buildResult);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(revCheckers);
- PKIX_TEST_DECREF_AC(revChecker);
- PKIX_TEST_DECREF_AC(certSelParams);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(anchors);
- PKIX_TEST_DECREF_AC(anchor);
- PKIX_TEST_DECREF_AC(hintCerts);
- PKIX_TEST_DECREF_AC(trustedPubKey);
- PKIX_TEST_DECREF_AC(certs);
- PKIX_TEST_DECREF_AC(cert);
-
- PKIX_TEST_RETURN();
-
- return (pkixTestErrorResult);
-
+ PKIX_TEST_DECREF_AC(state);
+ PKIX_TEST_DECREF_AC(buildResult);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(revCheckers);
+ PKIX_TEST_DECREF_AC(revChecker);
+ PKIX_TEST_DECREF_AC(certSelParams);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(anchors);
+ PKIX_TEST_DECREF_AC(anchor);
+ PKIX_TEST_DECREF_AC(hintCerts);
+ PKIX_TEST_DECREF_AC(trustedPubKey);
+ PKIX_TEST_DECREF_AC(certs);
+ PKIX_TEST_DECREF_AC(cert);
+
+ PKIX_TEST_RETURN();
+
+ return (pkixTestErrorResult);
}
-int test_buildchain_partialchain(int argc, char *argv[])
+int
+test_buildchain_partialchain(int argc, char *argv[])
{
- PKIX_UInt32 actualMinorVersion = 0;
- PKIX_UInt32 j = 0;
- PKIX_UInt32 k = 0;
- PKIX_Boolean ene = PKIX_TRUE; /* expect no error */
- PKIX_List *listOfCerts = NULL;
- PKIX_List *certStores = NULL;
- PKIX_PL_Cert *dirCert = NULL;
- PKIX_PL_Cert *trusted = NULL;
- PKIX_PL_Cert *target = NULL;
- PKIX_CertStore *ldapCertStore = NULL;
- PKIX_CertStore *certStore = NULL;
- PKIX_PL_String *dirNameString = NULL;
- char *dirName = NULL;
-
- PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */
- /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 5) {
- printUsage();
- return (0);
- }
+ PKIX_UInt32 actualMinorVersion = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 k = 0;
+ PKIX_Boolean ene = PKIX_TRUE; /* expect no error */
+ PKIX_List *listOfCerts = NULL;
+ PKIX_List *certStores = NULL;
+ PKIX_PL_Cert *dirCert = NULL;
+ PKIX_PL_Cert *trusted = NULL;
+ PKIX_PL_Cert *target = NULL;
+ PKIX_CertStore *ldapCertStore = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_PL_String *dirNameString = NULL;
+ char *dirName = NULL;
+
+ PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */
+ /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 5) {
+ printUsage();
+ return (0);
+ }
- startTests("BuildChain");
+ startTests("BuildChain");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- /*
+ /*
* arguments:
* [optional] -arenas
* [optional] usebind
@@ -706,116 +626,100 @@ int test_buildchain_partialchain(int argc, char *argv[])
* trust anchor
*/
- /* optional argument "usebind" for Ldap CertStore */
- if (argv[j + 1]) {
- if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
- usebind = PKIX_TRUE;
- j++;
- }
- }
-
- if (PORT_Strcmp(argv[++j], "-") == 0) {
- useLDAP = PKIX_FALSE;
- } else {
- serverName = argv[j];
- useLDAP = PKIX_TRUE;
+ /* optional argument "usebind" for Ldap CertStore */
+ if (argv[j + 1]) {
+ if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
+ usebind = PKIX_TRUE;
+ j++;
}
+ }
+
+ if (PORT_Strcmp(argv[++j], "-") == 0) {
+ useLDAP = PKIX_FALSE;
+ } else {
+ serverName = argv[j];
+ useLDAP = PKIX_TRUE;
+ }
+
+ subTest(argv[++j]);
+
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[++j], "ENE") == 0) {
+ ene = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[j], "EE") == 0) {
+ ene = PKIX_FALSE;
+ } else {
+ printUsage();
+ return (0);
+ }
- subTest(argv[++j]);
-
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[++j], "ENE") == 0) {
- ene = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[j], "EE") == 0) {
- ene = PKIX_FALSE;
- } else {
- printUsage();
- return (0);
- }
-
- dirName = argv[++j];
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&listOfCerts, plContext));
+ dirName = argv[++j];
- for (k = ++j; k < ((PKIX_UInt32)argc); k++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&listOfCerts, plContext));
- dirCert = createCert(dirName, argv[k], plContext);
+ for (k = ++j; k < ((PKIX_UInt32)argc); k++) {
- if (k == ((PKIX_UInt32)(argc - 1))) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)dirCert, plContext));
- trusted = dirCert;
- } else {
+ dirCert = createCert(dirName, argv[k], plContext);
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (listOfCerts,
- (PKIX_PL_Object *)dirCert,
- plContext));
+ if (k == ((PKIX_UInt32)(argc - 1))) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+ trusted = dirCert;
+ } else {
- if (k == j) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)dirCert, plContext));
- target = dirCert;
- }
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(listOfCerts,
+ (PKIX_PL_Object *)dirCert,
+ plContext));
- PKIX_TEST_DECREF_BC(dirCert);
+ if (k == j) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+ target = dirCert;
+ }
}
- /* create CertStores */
+ PKIX_TEST_DECREF_BC(dirCert);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, dirName, 0, &dirNameString, plContext));
+ /* create CertStores */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext));
- if (useLDAP == PKIX_TRUE) {
- PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore
- (serverName, timeout, &ldapCertStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (certStores,
- (PKIX_PL_Object *)ldapCertStore,
- plContext));
- } else {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_CollectionCertStore_Create
- (dirNameString, &certStore, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (certStores, (PKIX_PL_Object *)certStore, plContext));
- }
+ if (useLDAP == PKIX_TRUE) {
+ PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext));
- subTest("testWithNoLeaf");
- PKIX_TEST_EXPECT_NO_ERROR(testWithNoLeaf
- (trusted, listOfCerts, target, certStores, ene, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores,
+ (PKIX_PL_Object *)ldapCertStore,
+ plContext));
+ } else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
+ }
- subTest("testWithDuplicateLeaf");
- PKIX_TEST_EXPECT_NO_ERROR(testWithDuplicateLeaf
- (trusted, listOfCerts, target, certStores, ene, plContext));
+ subTest("testWithNoLeaf");
+ PKIX_TEST_EXPECT_NO_ERROR(testWithNoLeaf(trusted, listOfCerts, target, certStores, ene, plContext));
- subTest("testWithLeafAndChain");
- PKIX_TEST_EXPECT_NO_ERROR(testWithLeafAndChain
- (trusted, listOfCerts, target, certStores, ene, plContext));
+ subTest("testWithDuplicateLeaf");
+ PKIX_TEST_EXPECT_NO_ERROR(testWithDuplicateLeaf(trusted, listOfCerts, target, certStores, ene, plContext));
-cleanup:
+ subTest("testWithLeafAndChain");
+ PKIX_TEST_EXPECT_NO_ERROR(testWithLeafAndChain(trusted, listOfCerts, target, certStores, ene, plContext));
- PKIX_TEST_DECREF_AC(listOfCerts);
- PKIX_TEST_DECREF_AC(certStores);
- PKIX_TEST_DECREF_AC(ldapCertStore);
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(dirNameString);
- PKIX_TEST_DECREF_AC(trusted);
- PKIX_TEST_DECREF_AC(target);
+cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(listOfCerts);
+ PKIX_TEST_DECREF_AC(certStores);
+ PKIX_TEST_DECREF_AC(ldapCertStore);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(dirNameString);
+ PKIX_TEST_DECREF_AC(trusted);
+ PKIX_TEST_DECREF_AC(target);
- PKIX_Shutdown(plContext);
+ PKIX_TEST_RETURN();
- endTests("BuildChain");
+ PKIX_Shutdown(plContext);
- return (0);
+ endTests("BuildChain");
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c b/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c
index 065a5f82f..1b28435b0 100644
--- a/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c
+++ b/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c
@@ -11,7 +11,7 @@
#include "testutil.h"
#include "testutil_nss.h"
-#define PKIX_TESTUSERCHECKER_TYPE (PKIX_NUMTYPES+30)
+#define PKIX_TESTUSERCHECKER_TYPE (PKIX_NUMTYPES + 30)
static void *plContext = NULL;
static PKIX_Boolean usebind = PKIX_FALSE;
@@ -19,255 +19,237 @@ static PKIX_Boolean useLDAP = PKIX_FALSE;
static char buf[PR_NETDB_BUF_SIZE];
static char *serverName = NULL;
-static void printUsage(void) {
- (void) printf("\nUSAGE:\ttest_buildchain_resourcelimits [-arenas] "
- "[usebind] servername[:port]\\\n\t\t<testName> [ENE|EE]"
- " <certStoreDirectory>\\\n\t\t<targetCert>"
- " <intermediate Certs...> <trustedCert>\n\n");
- (void) printf
- ("Builds a chain of certificates from <targetCert> to <trustedCert>\n"
- "using the certs and CRLs in <certStoreDirectory>. "
- "servername[:port] gives\n"
- "the address of an LDAP server. If port is not"
- " specified, port 389 is used.\n\"-\" means no LDAP server.\n\n"
- "If ENE is specified, then an Error is Not Expected.\n"
- "EE indicates an Error is Expected.\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_buildchain_resourcelimits [-arenas] "
+ "[usebind] servername[:port]\\\n\t\t<testName> [ENE|EE]"
+ " <certStoreDirectory>\\\n\t\t<targetCert>"
+ " <intermediate Certs...> <trustedCert>\n\n");
+ (void)printf("Builds a chain of certificates from <targetCert> to <trustedCert>\n"
+ "using the certs and CRLs in <certStoreDirectory>. "
+ "servername[:port] gives\n"
+ "the address of an LDAP server. If port is not"
+ " specified, port 389 is used.\n\"-\" means no LDAP server.\n\n"
+ "If ENE is specified, then an Error is Not Expected.\n"
+ "EE indicates an Error is Expected.\n");
}
static PKIX_Error *
createLdapCertStore(
- char *hostname,
- PRIntervalTime timeout,
- PKIX_CertStore **pLdapCertStore,
- void* plContext)
+ char *hostname,
+ PRIntervalTime timeout,
+ PKIX_CertStore **pLdapCertStore,
+ void *plContext)
{
- PRIntn backlog = 0;
+ PRIntn backlog = 0;
- char *bindname = "";
- char *auth = "";
+ char *bindname = "";
+ char *auth = "";
- LDAPBindAPI bindAPI;
- LDAPBindAPI *bindPtr = NULL;
- PKIX_PL_LdapDefaultClient *ldapClient = NULL;
- PKIX_CertStore *ldapCertStore = NULL;
+ LDAPBindAPI bindAPI;
+ LDAPBindAPI *bindPtr = NULL;
+ PKIX_PL_LdapDefaultClient *ldapClient = NULL;
+ PKIX_CertStore *ldapCertStore = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- if (usebind) {
- bindPtr = &bindAPI;
- bindAPI.selector = SIMPLE_AUTH;
- bindAPI.chooser.simple.bindName = bindname;
- bindAPI.chooser.simple.authentication = auth;
- }
+ if (usebind) {
+ bindPtr = &bindAPI;
+ bindAPI.selector = SIMPLE_AUTH;
+ bindAPI.chooser.simple.bindName = bindname;
+ bindAPI.chooser.simple.authentication = auth;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName
- (hostname, timeout, bindPtr, &ldapClient, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create
- ((PKIX_PL_LdapClient *)ldapClient, &ldapCertStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, &ldapCertStore, plContext));
- *pLdapCertStore = ldapCertStore;
+ *pLdapCertStore = ldapCertStore;
cleanup:
- PKIX_TEST_DECREF_AC(ldapClient);
-
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(ldapClient);
- return (pkixTestErrorResult);
+ PKIX_TEST_RETURN();
+ return (pkixTestErrorResult);
}
-static void Test_BuildResult(
- PKIX_ProcessingParams *procParams,
- PKIX_Boolean testValid,
- PKIX_List *expectedCerts,
- void *plContext)
+static void
+Test_BuildResult(
+ PKIX_ProcessingParams *procParams,
+ PKIX_Boolean testValid,
+ PKIX_List *expectedCerts,
+ void *plContext)
{
- PKIX_PL_Cert *cert = NULL;
- PKIX_List *certs = NULL;
- PKIX_PL_String *actualCertsString = NULL;
- PKIX_PL_String *expectedCertsString = NULL;
- PKIX_BuildResult *buildResult = NULL;
- PKIX_Boolean result;
- PKIX_Boolean supportForward = PKIX_FALSE;
- PKIX_UInt32 numCerts, i;
- char *asciiResult = NULL;
- char *actualCertsAscii = NULL;
- char *expectedCertsAscii = NULL;
- void *state = NULL;
- PRPollDesc *pollDesc = NULL;
-
- PKIX_TEST_STD_VARS();
-
- pkixTestErrorResult = PKIX_BuildChain
- (procParams,
- (void **)&pollDesc,
- &state,
- &buildResult,
- NULL,
- plContext);
-
- while (pollDesc != NULL) {
-
- if (PR_Poll(pollDesc, 1, 0) < 0) {
- testError("PR_Poll failed");
- }
-
- pkixTestErrorResult = PKIX_BuildChain
- (procParams,
- (void **)&pollDesc,
- &state,
- &buildResult,
- NULL,
- plContext);
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_List *certs = NULL;
+ PKIX_PL_String *actualCertsString = NULL;
+ PKIX_PL_String *expectedCertsString = NULL;
+ PKIX_BuildResult *buildResult = NULL;
+ PKIX_Boolean result;
+ PKIX_Boolean supportForward = PKIX_FALSE;
+ PKIX_UInt32 numCerts, i;
+ char *asciiResult = NULL;
+ char *actualCertsAscii = NULL;
+ char *expectedCertsAscii = NULL;
+ void *state = NULL;
+ PRPollDesc *pollDesc = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ pkixTestErrorResult = PKIX_BuildChain(procParams,
+ (void **)&pollDesc,
+ &state,
+ &buildResult,
+ NULL,
+ plContext);
+
+ while (pollDesc != NULL) {
+
+ if (PR_Poll(pollDesc, 1, 0) < 0) {
+ testError("PR_Poll failed");
}
- if (pkixTestErrorResult) {
- if (testValid == PKIX_FALSE) { /* EE */
- (void) printf("EXPECTED ERROR RECEIVED!\n");
- } else { /* ENE */
- testError("UNEXPECTED ERROR RECEIVED!\n");
- }
- PKIX_TEST_DECREF_BC(pkixTestErrorResult);
- goto cleanup;
+ pkixTestErrorResult = PKIX_BuildChain(procParams,
+ (void **)&pollDesc,
+ &state,
+ &buildResult,
+ NULL,
+ plContext);
+ }
+
+ if (pkixTestErrorResult) {
+ if (testValid == PKIX_FALSE) { /* EE */
+ (void)printf("EXPECTED ERROR RECEIVED!\n");
+ } else { /* ENE */
+ testError("UNEXPECTED ERROR RECEIVED!\n");
}
+ PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+ goto cleanup;
+ }
- if (testValid == PKIX_TRUE) { /* ENE */
- (void) printf("EXPECTED NON-ERROR RECEIVED!\n");
- } else { /* EE */
- testError("UNEXPECTED NON-ERROR RECEIVED!\n");
- }
+ if (testValid == PKIX_TRUE) { /* ENE */
+ (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+ } else { /* EE */
+ testError("UNEXPECTED NON-ERROR RECEIVED!\n");
+ }
+
+ if (buildResult) {
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+ printf("\n");
+
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+ i,
+ (PKIX_PL_Object **)&cert,
+ plContext));
+
+ asciiResult = PKIX_Cert2ASCII(cert);
- if (buildResult){
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_BuildResult_GetCertChain
- (buildResult, &certs, NULL));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(certs, &numCerts, plContext));
-
- printf("\n");
-
- for (i = 0; i < numCerts; i++){
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (certs,
- i,
- (PKIX_PL_Object**)&cert,
- plContext));
-
- asciiResult = PKIX_Cert2ASCII(cert);
-
- printf("CERT[%d]:\n%s\n", i, asciiResult);
-
- /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Free(asciiResult, NULL));
- asciiResult = NULL;
-
- PKIX_TEST_DECREF_BC(cert);
- }
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Equals
- ((PKIX_PL_Object*)certs,
- (PKIX_PL_Object*)expectedCerts,
- &result,
- plContext));
-
- if (!result){
- testError("BUILT CERTCHAIN IS "
- "NOT THE ONE THAT WAS EXPECTED");
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)certs,
- &actualCertsString,
- plContext));
-
- actualCertsAscii = PKIX_String2ASCII
- (actualCertsString, plContext);
- if (actualCertsAscii == NULL){
- pkixTestErrorMsg = "PKIX_String2ASCII Failed";
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)expectedCerts,
- &expectedCertsString,
- plContext));
-
- expectedCertsAscii = PKIX_String2ASCII
- (expectedCertsString, plContext);
- if (expectedCertsAscii == NULL){
- pkixTestErrorMsg = "PKIX_String2ASCII Failed";
- goto cleanup;
- }
-
- (void) printf("Actual value:\t%s\n", actualCertsAscii);
- (void) printf("Expected value:\t%s\n",
- expectedCertsAscii);
- }
+ printf("CERT[%d]:\n%s\n", i, asciiResult);
+ /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+ asciiResult = NULL;
+
+ PKIX_TEST_DECREF_BC(cert);
}
-cleanup:
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
+ (PKIX_PL_Object *)expectedCerts,
+ &result,
+ plContext));
+
+ if (!result) {
+ testError("BUILT CERTCHAIN IS "
+ "NOT THE ONE THAT WAS EXPECTED");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
+ &actualCertsString,
+ plContext));
+
+ actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
+ if (actualCertsAscii == NULL) {
+ pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+ goto cleanup;
+ }
- PKIX_PL_Free(asciiResult, NULL);
- PKIX_PL_Free(actualCertsAscii, plContext);
- PKIX_PL_Free(expectedCertsAscii, plContext);
- PKIX_TEST_DECREF_AC(state);
- PKIX_TEST_DECREF_AC(buildResult);
- PKIX_TEST_DECREF_AC(certs);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(actualCertsString);
- PKIX_TEST_DECREF_AC(expectedCertsString);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
+ &expectedCertsString,
+ plContext));
- PKIX_TEST_RETURN();
+ expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
+ if (expectedCertsAscii == NULL) {
+ pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+ goto cleanup;
+ }
+
+ (void)printf("Actual value:\t%s\n", actualCertsAscii);
+ (void)printf("Expected value:\t%s\n",
+ expectedCertsAscii);
+ }
+ }
+
+cleanup:
+ PKIX_PL_Free(asciiResult, NULL);
+ PKIX_PL_Free(actualCertsAscii, plContext);
+ PKIX_PL_Free(expectedCertsAscii, plContext);
+ PKIX_TEST_DECREF_AC(state);
+ PKIX_TEST_DECREF_AC(buildResult);
+ PKIX_TEST_DECREF_AC(certs);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(actualCertsString);
+ PKIX_TEST_DECREF_AC(expectedCertsString);
+
+ PKIX_TEST_RETURN();
}
-int test_buildchain_resourcelimits(int argc, char *argv[])
+int
+test_buildchain_resourcelimits(int argc, char *argv[])
{
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_List *anchors = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_CertChainChecker *checker = NULL;
- PKIX_ResourceLimits *resourceLimits = NULL;
- char *dirName = NULL;
- PKIX_PL_String *dirNameString = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_PL_Cert *targetCert = NULL;
- PKIX_PL_Cert *dirCert = NULL;
- PKIX_UInt32 actualMinorVersion = 0;
- PKIX_UInt32 j = 0;
- PKIX_UInt32 k = 0;
- PKIX_CertStore *ldapCertStore = NULL;
- PRIntervalTime timeout = 0; /* 0 for non-blocking */
- PKIX_CertStore *certStore = NULL;
- PKIX_List *certStores = NULL;
- PKIX_List *expectedCerts = NULL;
- PKIX_Boolean testValid = PKIX_FALSE;
- PKIX_Boolean usebind = PKIX_FALSE;
- PKIX_Boolean useLDAP = PKIX_FALSE;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 5){
- printUsage();
- return (0);
- }
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_List *anchors = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_CertChainChecker *checker = NULL;
+ PKIX_ResourceLimits *resourceLimits = NULL;
+ char *dirName = NULL;
+ PKIX_PL_String *dirNameString = NULL;
+ PKIX_PL_Cert *trustedCert = NULL;
+ PKIX_PL_Cert *targetCert = NULL;
+ PKIX_PL_Cert *dirCert = NULL;
+ PKIX_UInt32 actualMinorVersion = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 k = 0;
+ PKIX_CertStore *ldapCertStore = NULL;
+ PRIntervalTime timeout = 0; /* 0 for non-blocking */
+ PKIX_CertStore *certStore = NULL;
+ PKIX_List *certStores = NULL;
+ PKIX_List *expectedCerts = NULL;
+ PKIX_Boolean testValid = PKIX_FALSE;
+ PKIX_Boolean usebind = PKIX_FALSE;
+ PKIX_Boolean useLDAP = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 5) {
+ printUsage();
+ return (0);
+ }
- startTests("BuildChain_ResourceLimits");
+ startTests("BuildChain_ResourceLimits");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- /*
+ /*
* arguments:
* [optional] -arenas
* [optional] usebind
@@ -280,218 +262,177 @@ int test_buildchain_resourcelimits(int argc, char *argv[])
* trust anchor
*/
- /* optional argument "usebind" for Ldap CertStore */
- if (argv[j + 1]) {
- if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
- usebind = PKIX_TRUE;
- j++;
- }
- }
-
- if (PORT_Strcmp(argv[++j], "-") == 0) {
- useLDAP = PKIX_FALSE;
- } else {
- serverName = argv[j];
+ /* optional argument "usebind" for Ldap CertStore */
+ if (argv[j + 1]) {
+ if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
+ usebind = PKIX_TRUE;
+ j++;
}
+ }
+
+ if (PORT_Strcmp(argv[++j], "-") == 0) {
+ useLDAP = PKIX_FALSE;
+ } else {
+ serverName = argv[j];
+ }
+
+ subTest(argv[++j]);
+
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[++j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage();
+ return (0);
+ }
- subTest(argv[++j]);
-
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[++j], "ENE") == 0) {
- testValid = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[j], "EE") == 0) {
- testValid = PKIX_FALSE;
- } else {
- printUsage();
- return (0);
- }
-
- dirName = argv[++j];
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
+ dirName = argv[++j];
- for (k = ++j; k < argc; k++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
- dirCert = createCert(dirName, argv[k], plContext);
+ for (k = ++j; k < argc; k++) {
- if (k == (argc - 1)) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)dirCert, plContext));
- trustedCert = dirCert;
- } else {
+ dirCert = createCert(dirName, argv[k], plContext);
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (expectedCerts,
- (PKIX_PL_Object *)dirCert,
- plContext));
+ if (k == (argc - 1)) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+ trustedCert = dirCert;
+ } else {
- if (k == j) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)dirCert, plContext));
- targetCert = dirCert;
- }
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts,
+ (PKIX_PL_Object *)dirCert,
+ plContext));
- PKIX_TEST_DECREF_BC(dirCert);
+ if (k == j) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+ targetCert = dirCert;
+ }
}
- /* create processing params with list of trust anchors */
+ PKIX_TEST_DECREF_BC(dirCert);
+ }
+
+ /* create processing params with list of trust anchors */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
- (trustedCert, &anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (anchors, (PKIX_PL_Object *)anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
- (anchors, &procParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
- /* create CertSelector with target certificate in params */
+ /* create CertSelector with target certificate in params */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetCertificate
- (certSelParams, targetCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
- /* create CertStores */
+ /* create CertStores */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- dirName,
- 0,
- &dirNameString,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ dirName,
+ 0,
+ &dirNameString,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirNameString, &certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
#if 0
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
(&certStore, plContext));
#endif
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
+ if (useLDAP == PKIX_TRUE) {
+ PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext));
- if (useLDAP == PKIX_TRUE) {
- PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore
- (serverName, timeout, &ldapCertStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores,
+ (PKIX_PL_Object *)ldapCertStore,
+ plContext));
+ }
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (certStores,
- (PKIX_PL_Object *)ldapCertStore,
- plContext));
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (certStores, (PKIX_PL_Object *)certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
- (procParams, certStores, plContext));
+ /* set resource limits */
- /* set resource limits */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create
- (&resourceLimits, plContext));
+ /* need longer time when running dbx for memory leak checking */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 60, plContext));
- /* need longer time when running dbx for memory leak checking */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime
- (resourceLimits, 60, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
- (resourceLimits, 2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth
- (resourceLimits, 2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(procParams, resourceLimits, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits
- (procParams, resourceLimits, plContext));
+ /* build cert chain using processing params and return buildResult */
- /* build cert chain using processing params and return buildResult */
+ subTest("Testing ResourceLimits MaxFanout & MaxDepth - <pass>");
+ Test_BuildResult(procParams,
+ testValid,
+ expectedCerts,
+ plContext);
- subTest("Testing ResourceLimits MaxFanout & MaxDepth - <pass>");
- Test_BuildResult
- (procParams,
- testValid,
- expectedCerts,
- plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 1, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
- (resourceLimits, 1, plContext));
+ subTest("Testing ResourceLimits MaxFanout - <fail>");
+ Test_BuildResult(procParams,
+ PKIX_FALSE,
+ expectedCerts,
+ plContext);
- subTest("Testing ResourceLimits MaxFanout - <fail>");
- Test_BuildResult
- (procParams,
- PKIX_FALSE,
- expectedCerts,
- plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 1, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
- (resourceLimits, 2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth
- (resourceLimits, 1, plContext));
+ subTest("Testing ResourceLimits MaxDepth - <fail>");
+ Test_BuildResult(procParams,
+ PKIX_FALSE,
+ expectedCerts,
+ plContext);
- subTest("Testing ResourceLimits MaxDepth - <fail>");
- Test_BuildResult
- (procParams,
- PKIX_FALSE,
- expectedCerts,
- plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 0, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 0, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 0, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
- (resourceLimits, 0, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth
- (resourceLimits, 0, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime
- (resourceLimits, 0, plContext));
-
- subTest("Testing ResourceLimits No checking - <pass>");
- Test_BuildResult
- (procParams,
- testValid,
- expectedCerts,
- plContext);
+ subTest("Testing ResourceLimits No checking - <pass>");
+ Test_BuildResult(procParams,
+ testValid,
+ expectedCerts,
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(expectedCerts);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(certStores);
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(ldapCertStore);
- PKIX_TEST_DECREF_AC(dirNameString);
- PKIX_TEST_DECREF_AC(trustedCert);
- PKIX_TEST_DECREF_AC(targetCert);
- PKIX_TEST_DECREF_AC(anchors);
- PKIX_TEST_DECREF_AC(anchor);
- PKIX_TEST_DECREF_AC(certSelParams);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(checker);
- PKIX_TEST_DECREF_AC(resourceLimits);
-
- PKIX_TEST_RETURN();
-
- PKIX_Shutdown(plContext);
-
- endTests("BuildChain_UserChecker");
-
- return (0);
-
+ PKIX_TEST_DECREF_AC(expectedCerts);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(certStores);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(ldapCertStore);
+ PKIX_TEST_DECREF_AC(dirNameString);
+ PKIX_TEST_DECREF_AC(trustedCert);
+ PKIX_TEST_DECREF_AC(targetCert);
+ PKIX_TEST_DECREF_AC(anchors);
+ PKIX_TEST_DECREF_AC(anchor);
+ PKIX_TEST_DECREF_AC(certSelParams);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(checker);
+ PKIX_TEST_DECREF_AC(resourceLimits);
+
+ PKIX_TEST_RETURN();
+
+ PKIX_Shutdown(plContext);
+
+ endTests("BuildChain_UserChecker");
+
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_buildchain_uchecker.c b/cmd/libpkix/pkix/top/test_buildchain_uchecker.c
index c84881f8b..43f06ec2a 100644
--- a/cmd/libpkix/pkix/top/test_buildchain_uchecker.c
+++ b/cmd/libpkix/pkix/top/test_buildchain_uchecker.c
@@ -14,360 +14,314 @@
static void *plContext = NULL;
static PKIX_UInt32 numUserCheckerCalled = 0;
-static
-void printUsage(void){
- (void) printf("\nUSAGE:\ttest_buildchain_uchecker [ENE|EE] "
- "[-|[F]<userOID>] "
- "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
- (void) printf
- ("Builds a chain of certificates between "
- "<trustedCert> and <targetCert>\n"
- "using the certs and CRLs in <certStoreDirectory>.\n"
- "If <userOID> is not an empty string, its value is used as\n"
- "user defined checker's critical extension OID.\n"
- "A - for <userOID> is no OID and F is for supportingForward.\n"
- "If ENE is specified, then an Error is Not Expected.\n"
- "If EE is specified, an Error is Expected.\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_buildchain_uchecker [ENE|EE] "
+ "[-|[F]<userOID>] "
+ "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
+ (void)printf("Builds a chain of certificates between "
+ "<trustedCert> and <targetCert>\n"
+ "using the certs and CRLs in <certStoreDirectory>.\n"
+ "If <userOID> is not an empty string, its value is used as\n"
+ "user defined checker's critical extension OID.\n"
+ "A - for <userOID> is no OID and F is for supportingForward.\n"
+ "If ENE is specified, then an Error is Not Expected.\n"
+ "If EE is specified, an Error is Expected.\n");
}
static PKIX_Error *
testUserChecker(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresExtOIDs,
- void **pNBIOContext,
- void *plContext)
+ PKIX_CertChainChecker *checker,
+ PKIX_PL_Cert *cert,
+ PKIX_List *unresExtOIDs,
+ void **pNBIOContext,
+ void *plContext)
{
- numUserCheckerCalled++;
- return(0);
+ numUserCheckerCalled++;
+ return (0);
}
-int test_buildchain_uchecker(int argc, char *argv[])
+int
+test_buildchain_uchecker(int argc, char *argv[])
{
- PKIX_BuildResult *buildResult = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_List *anchors = NULL;
- PKIX_List *certs = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_CertChainChecker *checker = NULL;
- char *dirName = NULL;
- PKIX_PL_String *dirNameString = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_PL_Cert *targetCert = NULL;
- PKIX_UInt32 numCerts = 0;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 j = 0;
- PKIX_UInt32 k = 0;
- PKIX_UInt32 chainLength = 0;
- PKIX_CertStore *certStore = NULL;
- PKIX_List *certStores = NULL;
- char * asciiResult = NULL;
- PKIX_Boolean result;
- PKIX_Boolean testValid = PKIX_TRUE;
- PKIX_Boolean supportForward = PKIX_FALSE;
- PKIX_List *expectedCerts = NULL;
- PKIX_List *userOIDs = NULL;
- PKIX_PL_OID *oid = NULL;
- PKIX_PL_Cert *dirCert = NULL;
- PKIX_PL_String *actualCertsString = NULL;
- PKIX_PL_String *expectedCertsString = NULL;
- char *actualCertsAscii = NULL;
- char *expectedCertsAscii = NULL;
- char *oidString = NULL;
- void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
- void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 5){
- printUsage();
- return (0);
- }
+ PKIX_BuildResult *buildResult = NULL;
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_List *anchors = NULL;
+ PKIX_List *certs = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_CertChainChecker *checker = NULL;
+ char *dirName = NULL;
+ PKIX_PL_String *dirNameString = NULL;
+ PKIX_PL_Cert *trustedCert = NULL;
+ PKIX_PL_Cert *targetCert = NULL;
+ PKIX_UInt32 numCerts = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 k = 0;
+ PKIX_UInt32 chainLength = 0;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_List *certStores = NULL;
+ char *asciiResult = NULL;
+ PKIX_Boolean result;
+ PKIX_Boolean testValid = PKIX_TRUE;
+ PKIX_Boolean supportForward = PKIX_FALSE;
+ PKIX_List *expectedCerts = NULL;
+ PKIX_List *userOIDs = NULL;
+ PKIX_PL_OID *oid = NULL;
+ PKIX_PL_Cert *dirCert = NULL;
+ PKIX_PL_String *actualCertsString = NULL;
+ PKIX_PL_String *expectedCertsString = NULL;
+ char *actualCertsAscii = NULL;
+ char *expectedCertsAscii = NULL;
+ char *oidString = NULL;
+ void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
+ void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 5) {
+ printUsage();
+ return (0);
+ }
- startTests("BuildChain_UserChecker");
+ startTests("BuildChain_UserChecker");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
- testValid = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
- testValid = PKIX_FALSE;
- } else {
- printUsage();
- return (0);
- }
-
- /* OID specified at argv[3+j] */
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage();
+ return (0);
+ }
- if (*argv[3+j] != '-') {
+ /* OID specified at argv[3+j] */
- if (*argv[3+j] == 'F') {
- supportForward = PKIX_TRUE;
- oidString = argv[3+j]+1;
- } else {
- oidString = argv[3+j];
- }
+ if (*argv[3 + j] != '-') {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
- (&userOIDs, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (oidString, &oid, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (userOIDs, (PKIX_PL_Object *)oid, plContext));
- PKIX_TEST_DECREF_BC(oid);
+ if (*argv[3 + j] == 'F') {
+ supportForward = PKIX_TRUE;
+ oidString = argv[3 + j] + 1;
+ } else {
+ oidString = argv[3 + j];
}
- subTest(argv[1+j]);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&userOIDs, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(oidString, &oid, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(userOIDs, (PKIX_PL_Object *)oid, plContext));
+ PKIX_TEST_DECREF_BC(oid);
+ }
- dirName = argv[4+j];
+ subTest(argv[1 + j]);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
+ dirName = argv[4 + j];
- chainLength = argc - j - 5;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
- for (k = 0; k < chainLength; k++){
+ chainLength = argc - j - 5;
- dirCert = createCert(dirName, argv[5+k+j], plContext);
+ for (k = 0; k < chainLength; k++) {
- if (k == (chainLength - 1)){
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)dirCert, plContext));
- trustedCert = dirCert;
- } else {
+ dirCert = createCert(dirName, argv[5 + k + j], plContext);
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (expectedCerts,
- (PKIX_PL_Object *)dirCert,
- plContext));
+ if (k == (chainLength - 1)) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+ trustedCert = dirCert;
+ } else {
- if (k == 0){
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)dirCert,
- plContext));
- targetCert = dirCert;
- }
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts,
+ (PKIX_PL_Object *)dirCert,
+ plContext));
- PKIX_TEST_DECREF_BC(dirCert);
+ if (k == 0) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert,
+ plContext));
+ targetCert = dirCert;
+ }
}
- /* create processing params with list of trust anchors */
+ PKIX_TEST_DECREF_BC(dirCert);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
- (trustedCert, &anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (anchors, (PKIX_PL_Object *)anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
- (anchors, &procParams, plContext));
+ /* create processing params with list of trust anchors */
- /* create CertSelector with target certificate in params */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+ /* create CertSelector with target certificate in params */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetCertificate
- (certSelParams, targetCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
- (testUserChecker,
- supportForward,
- PKIX_FALSE,
- userOIDs,
- NULL,
- &checker,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker
- (procParams, checker, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(testUserChecker,
+ supportForward,
+ PKIX_FALSE,
+ userOIDs,
+ NULL,
+ &checker,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker(procParams, checker, plContext));
- /* create CertStores */
+ /* create CertStores */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- dirName,
- 0,
- &dirNameString,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ dirName,
+ 0,
+ &dirNameString,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirNameString, &certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
#if 0
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
(&certStore, plContext));
#endif
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (certStores, (PKIX_PL_Object *)certStore, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
- (procParams, certStores, plContext));
-
- /* build cert chain using processing params and return buildResult */
-
- pkixTestErrorResult = PKIX_BuildChain
- (procParams,
- &nbioContext,
- &buildState,
- &buildResult,
- NULL,
- plContext);
-
- if (testValid == PKIX_TRUE) { /* ENE */
- if (pkixTestErrorResult){
- (void) printf("UNEXPECTED RESULT RECEIVED!\n");
- } else {
- (void) printf("EXPECTED RESULT RECEIVED!\n");
- PKIX_TEST_DECREF_BC(pkixTestErrorResult);
- }
- } else { /* EE */
- if (pkixTestErrorResult){
- (void) printf("EXPECTED RESULT RECEIVED!\n");
- PKIX_TEST_DECREF_BC(pkixTestErrorResult);
- } else {
- testError("UNEXPECTED RESULT RECEIVED");
- }
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
- if (buildResult){
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_BuildResult_GetCertChain
- (buildResult, &certs, NULL));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(certs, &numCerts, plContext));
-
- printf("\n");
-
- for (i = 0; i < numCerts; i++){
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (certs,
- i,
- (PKIX_PL_Object**)&cert,
- plContext));
-
- asciiResult = PKIX_Cert2ASCII(cert);
-
- printf("CERT[%d]:\n%s\n", i, asciiResult);
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Free(asciiResult, plContext));
- asciiResult = NULL;
-
- PKIX_TEST_DECREF_BC(cert);
- }
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Equals
- ((PKIX_PL_Object*)certs,
- (PKIX_PL_Object*)expectedCerts,
- &result,
- plContext));
-
- if (!result){
- testError("BUILT CERTCHAIN IS "
- "NOT THE ONE THAT WAS EXPECTED");
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)certs,
- &actualCertsString,
- plContext));
-
- actualCertsAscii = PKIX_String2ASCII
- (actualCertsString, plContext);
- if (actualCertsAscii == NULL){
- pkixTestErrorMsg = "PKIX_String2ASCII Failed";
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)expectedCerts,
- &expectedCertsString,
- plContext));
-
- expectedCertsAscii = PKIX_String2ASCII
- (expectedCertsString, plContext);
- if (expectedCertsAscii == NULL){
- pkixTestErrorMsg = "PKIX_String2ASCII Failed";
- goto cleanup;
- }
-
- (void) printf("Actual value:\t%s\n", actualCertsAscii);
- (void) printf("Expected value:\t%s\n",
- expectedCertsAscii);
-
- if (chainLength - 1 != numUserCheckerCalled) {
- pkixTestErrorMsg =
- "PKIX user defined checker not called";
- }
-
- goto cleanup;
- }
+ /* build cert chain using processing params and return buildResult */
+ pkixTestErrorResult = PKIX_BuildChain(procParams,
+ &nbioContext,
+ &buildState,
+ &buildResult,
+ NULL,
+ plContext);
+
+ if (testValid == PKIX_TRUE) { /* ENE */
+ if (pkixTestErrorResult) {
+ (void)printf("UNEXPECTED RESULT RECEIVED!\n");
+ } else {
+ (void)printf("EXPECTED RESULT RECEIVED!\n");
+ PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+ }
+ } else { /* EE */
+ if (pkixTestErrorResult) {
+ (void)printf("EXPECTED RESULT RECEIVED!\n");
+ PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+ } else {
+ testError("UNEXPECTED RESULT RECEIVED");
}
+ }
-cleanup:
- PKIX_PL_Free(asciiResult, plContext);
- PKIX_PL_Free(actualCertsAscii, plContext);
- PKIX_PL_Free(expectedCertsAscii, plContext);
-
- PKIX_TEST_DECREF_AC(actualCertsString);
- PKIX_TEST_DECREF_AC(expectedCertsString);
- PKIX_TEST_DECREF_AC(expectedCerts);
- PKIX_TEST_DECREF_AC(certs);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(certStores);
- PKIX_TEST_DECREF_AC(dirNameString);
- PKIX_TEST_DECREF_AC(trustedCert);
- PKIX_TEST_DECREF_AC(targetCert);
- PKIX_TEST_DECREF_AC(anchor);
- PKIX_TEST_DECREF_AC(anchors);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(certSelParams);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(buildResult);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(userOIDs);
- PKIX_TEST_DECREF_AC(checker);
-
- PKIX_TEST_RETURN();
-
- PKIX_Shutdown(plContext);
-
- endTests("BuildChain_UserChecker");
+ if (buildResult) {
- return (0);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+ printf("\n");
+
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+ i,
+ (PKIX_PL_Object **)&cert,
+ plContext));
+
+ asciiResult = PKIX_Cert2ASCII(cert);
+ printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
+ asciiResult = NULL;
+
+ PKIX_TEST_DECREF_BC(cert);
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
+ (PKIX_PL_Object *)expectedCerts,
+ &result,
+ plContext));
+
+ if (!result) {
+ testError("BUILT CERTCHAIN IS "
+ "NOT THE ONE THAT WAS EXPECTED");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
+ &actualCertsString,
+ plContext));
+
+ actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
+ if (actualCertsAscii == NULL) {
+ pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
+ &expectedCertsString,
+ plContext));
+
+ expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
+ if (expectedCertsAscii == NULL) {
+ pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+ goto cleanup;
+ }
+
+ (void)printf("Actual value:\t%s\n", actualCertsAscii);
+ (void)printf("Expected value:\t%s\n",
+ expectedCertsAscii);
+
+ if (chainLength - 1 != numUserCheckerCalled) {
+ pkixTestErrorMsg =
+ "PKIX user defined checker not called";
+ }
+
+ goto cleanup;
+ }
+ }
+
+cleanup:
+ PKIX_PL_Free(asciiResult, plContext);
+ PKIX_PL_Free(actualCertsAscii, plContext);
+ PKIX_PL_Free(expectedCertsAscii, plContext);
+
+ PKIX_TEST_DECREF_AC(actualCertsString);
+ PKIX_TEST_DECREF_AC(expectedCertsString);
+ PKIX_TEST_DECREF_AC(expectedCerts);
+ PKIX_TEST_DECREF_AC(certs);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(certStores);
+ PKIX_TEST_DECREF_AC(dirNameString);
+ PKIX_TEST_DECREF_AC(trustedCert);
+ PKIX_TEST_DECREF_AC(targetCert);
+ PKIX_TEST_DECREF_AC(anchor);
+ PKIX_TEST_DECREF_AC(anchors);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(certSelParams);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(buildResult);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(userOIDs);
+ PKIX_TEST_DECREF_AC(checker);
+
+ PKIX_TEST_RETURN();
+
+ PKIX_Shutdown(plContext);
+
+ endTests("BuildChain_UserChecker");
+
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_customcrlchecker.c b/cmd/libpkix/pkix/top/test_customcrlchecker.c
index 9baeadd61..d2c667ae7 100644
--- a/cmd/libpkix/pkix/top/test_customcrlchecker.c
+++ b/cmd/libpkix/pkix/top/test_customcrlchecker.c
@@ -11,337 +11,310 @@
#include "testutil.h"
#include "testutil_nss.h"
-#define PKIX_TEST_MAX_CERTS 10
+#define PKIX_TEST_MAX_CERTS 10
#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS 5
static void *plContext = NULL;
char *dirName = NULL; /* also used in callback */
-static
-void printUsage1(char *pName){
- printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
- printf("cert [certs].\n");
+static void
+printUsage1(char *pName)
+{
+ printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
+ printf("cert [certs].\n");
}
-static
-void printUsageMax(PKIX_UInt32 numCerts){
- printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
- numCerts, PKIX_TEST_MAX_CERTS);
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+ printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+ numCerts, PKIX_TEST_MAX_CERTS);
}
static PKIX_Error *
getCRLCallback(
- PKIX_CertStore *store,
- PKIX_CRLSelector *crlSelector,
- void **pNBIOContext,
- PKIX_List **pCrlList,
- void *plContext)
+ PKIX_CertStore *store,
+ PKIX_CRLSelector *crlSelector,
+ void **pNBIOContext,
+ PKIX_List **pCrlList,
+ void *plContext)
{
- char *crlFileNames[] = {"chem.crl",
- "phys.crl",
- "prof.crl",
- "sci.crl",
- "test.crl",
- 0 };
- PKIX_PL_CRL *crl = NULL;
- PKIX_List *crlList = NULL;
- PKIX_UInt32 i = 0;
+ char *crlFileNames[] = { "chem.crl",
+ "phys.crl",
+ "prof.crl",
+ "sci.crl",
+ "test.crl",
+ 0 };
+ PKIX_PL_CRL *crl = NULL;
+ PKIX_List *crlList = NULL;
+ PKIX_UInt32 i = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&crlList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&crlList, plContext));
- while (crlFileNames[i]) {
+ while (crlFileNames[i]) {
- crl = createCRL(dirName, crlFileNames[i++], plContext);
+ crl = createCRL(dirName, crlFileNames[i++], plContext);
- if (crl != NULL) {
+ if (crl != NULL) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (crlList, (PKIX_PL_Object *)crl, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(crlList, (PKIX_PL_Object *)crl, plContext));
- PKIX_TEST_DECREF_BC(crl);
- }
+ PKIX_TEST_DECREF_BC(crl);
}
+ }
- *pCrlList = crlList;
+ *pCrlList = crlList;
cleanup:
- PKIX_TEST_RETURN();
-
- return (0); /* this function is called by libpkix */
+ PKIX_TEST_RETURN();
+ return (0); /* this function is called by libpkix */
}
static PKIX_Error *
getCRLContinue(
- PKIX_CertStore *store,
- PKIX_CRLSelector *crlSelector,
- void **pNBIOContext,
- PKIX_List **pCrlList,
- void *plContext)
+ PKIX_CertStore *store,
+ PKIX_CRLSelector *crlSelector,
+ void **pNBIOContext,
+ PKIX_List **pCrlList,
+ void *plContext)
{
- return (NULL);
+ return (NULL);
}
static PKIX_Error *
getCertCallback(
- PKIX_CertStore *store,
- PKIX_CertSelector *certSelector,
- void **pNBIOContext,
- PKIX_List **pCerts,
- void *plContext)
+ PKIX_CertStore *store,
+ PKIX_CertSelector *certSelector,
+ void **pNBIOContext,
+ PKIX_List **pCerts,
+ void *plContext)
{
- return (NULL);
+ return (NULL);
}
static PKIX_Error *
getCertContinue(
- PKIX_CertStore *store,
- PKIX_CertSelector *certSelector,
- void **pNBIOContext,
- PKIX_List **pCerts,
- void *plContext)
+ PKIX_CertStore *store,
+ PKIX_CertSelector *certSelector,
+ void **pNBIOContext,
+ PKIX_List **pCerts,
+ void *plContext)
{
- return (NULL);
+ return (NULL);
}
static PKIX_Error *
testCRLSelectorMatchCallback(
- PKIX_CRLSelector *selector,
- PKIX_PL_CRL *crl,
- void *plContext)
+ PKIX_CRLSelector *selector,
+ PKIX_PL_CRL *crl,
+ void *plContext)
{
- PKIX_ComCRLSelParams *comCrlSelParams = NULL;
- PKIX_List *issuerList = NULL;
- PKIX_PL_X500Name *issuer = NULL;
- PKIX_PL_X500Name *crlIssuer = NULL;
- PKIX_UInt32 numIssuers = 0;
- PKIX_UInt32 i = 0;
- PKIX_Boolean result = PKIX_FALSE;
- PKIX_Error *error = NULL;
- char *errorText = "Not an error, CRL Select mismatch";
-
- PKIX_TEST_STD_VARS();
-
- subTest("Custom_Selector_MatchCallback");
-
- if (selector != NULL) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CRLSelector_GetCommonCRLSelectorParams
- (selector, &comCrlSelParams, plContext));
- }
+ PKIX_ComCRLSelParams *comCrlSelParams = NULL;
+ PKIX_List *issuerList = NULL;
+ PKIX_PL_X500Name *issuer = NULL;
+ PKIX_PL_X500Name *crlIssuer = NULL;
+ PKIX_UInt32 numIssuers = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_Boolean result = PKIX_FALSE;
+ PKIX_Error *error = NULL;
+ char *errorText = "Not an error, CRL Select mismatch";
- if (crl != NULL) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer
- (crl, &crlIssuer, plContext));
- }
+ PKIX_TEST_STD_VARS();
- if (comCrlSelParams != NULL) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCRLSelParams_GetIssuerNames
- (comCrlSelParams, &issuerList, plContext));
- }
+ subTest("Custom_Selector_MatchCallback");
+
+ if (selector != NULL) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCommonCRLSelectorParams(selector, &comCrlSelParams, plContext));
+ }
- if (issuerList != NULL) {
+ if (crl != NULL) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer(crl, &crlIssuer, plContext));
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (issuerList, &numIssuers, plContext));
+ if (comCrlSelParams != NULL) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(comCrlSelParams, &issuerList, plContext));
+ }
- for (i = 0; i < numIssuers; i++){
+ if (issuerList != NULL) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (issuerList,
- i, (PKIX_PL_Object **)&issuer,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(issuerList, &numIssuers, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)crlIssuer,
- (PKIX_PL_Object *)issuer,
- &result,
- plContext));
+ for (i = 0; i < numIssuers; i++) {
- if (result != PKIX_TRUE) {
- break;
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(issuerList,
+ i, (PKIX_PL_Object **)&issuer,
+ plContext));
- if (i == numIssuers-1) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)crlIssuer,
+ (PKIX_PL_Object *)issuer,
+ &result,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_Error_Create
- (0,
- NULL,
- NULL,
- PKIX_TESTNOTANERRORCRLSELECTMISMATCH,
- &error,
- plContext));
+ if (result != PKIX_TRUE) {
+ break;
+ }
- PKIX_TEST_DECREF_AC(issuer);
- issuer = NULL;
- break;
- }
+ if (i == numIssuers - 1) {
- PKIX_TEST_DECREF_AC(issuer);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(0,
+ NULL,
+ NULL,
+ PKIX_TESTNOTANERRORCRLSELECTMISMATCH,
+ &error,
+ plContext));
- }
+ PKIX_TEST_DECREF_AC(issuer);
+ issuer = NULL;
+ break;
+ }
+
+ PKIX_TEST_DECREF_AC(issuer);
}
+ }
cleanup:
- PKIX_TEST_DECREF_AC(comCrlSelParams);
- PKIX_TEST_DECREF_AC(crlIssuer);
- PKIX_TEST_DECREF_AC(issuer);
- PKIX_TEST_DECREF_AC(issuerList);
-
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(comCrlSelParams);
+ PKIX_TEST_DECREF_AC(crlIssuer);
+ PKIX_TEST_DECREF_AC(issuer);
+ PKIX_TEST_DECREF_AC(issuerList);
- return (error);
+ PKIX_TEST_RETURN();
+ return (error);
}
static PKIX_Error *
testAddIssuerName(PKIX_ComCRLSelParams *comCrlSelParams, char *issuerName)
{
- PKIX_PL_String *issuerString = NULL;
- PKIX_PL_X500Name *issuer = NULL;
- PKIX_UInt32 length = 0;
+ PKIX_PL_String *issuerString = NULL;
+ PKIX_PL_X500Name *issuer = NULL;
+ PKIX_UInt32 length = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_ComCRLSelParams_AddIssuerName");
+ subTest("PKIX_ComCRLSelParams_AddIssuerName");
- length = PL_strlen(issuerName);
+ length = PL_strlen(issuerName);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_UTF8,
- issuerName,
- length,
- &issuerString,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8,
+ issuerName,
+ length,
+ &issuerString,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerString,
- &issuer,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerString,
+ &issuer,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName
- (comCrlSelParams, issuer, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(comCrlSelParams, issuer, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(issuerString);
- PKIX_TEST_DECREF_AC(issuer);
+ PKIX_TEST_DECREF_AC(issuerString);
+ PKIX_TEST_DECREF_AC(issuer);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (0);
+ return (0);
}
static PKIX_Error *
testCustomCertStore(PKIX_ValidateParams *valParams)
{
- PKIX_CertStore_CRLCallback crlCallback;
- PKIX_CertStore *certStore = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- char *issuerName1 = "cn=science,o=mit,c=us";
- char *issuerName2 = "cn=physics,o=mit,c=us";
- char *issuerName3 = "cn=prof noall,o=mit,c=us";
- char *issuerName4 = "cn=testing CRL,o=test,c=us";
- PKIX_ComCRLSelParams *comCrlSelParams = NULL;
- PKIX_CRLSelector *crlSelector = NULL;
- PKIX_List *crlList = NULL;
- PKIX_UInt32 numCrl = 0;
- void *nbioContext = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_CollectionCertStore_Create");
-
- /* Create CRLSelector, link in CollectionCertStore */
-
- subTest("PKIX_ComCRLSelParams_AddIssuerNames");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create
- (&comCrlSelParams, plContext));
-
-
- testAddIssuerName(comCrlSelParams, issuerName1);
- testAddIssuerName(comCrlSelParams, issuerName2);
- testAddIssuerName(comCrlSelParams, issuerName3);
- testAddIssuerName(comCrlSelParams, issuerName4);
-
-
- subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create
- (testCRLSelectorMatchCallback,
- NULL,
- &crlSelector,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams
- (crlSelector, comCrlSelParams, plContext));
-
- /* Create CertStore, link in CRLSelector */
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
- (valParams, &procParams, plContext));
-
- subTest("PKIX_CertStore_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create
- (getCertCallback,
- getCRLCallback,
- getCertContinue,
- getCRLContinue,
- NULL, /* trustCallback */
- (PKIX_PL_Object *)crlSelector, /* fake */
- PKIX_FALSE, /* cacheFlag */
- PKIX_TRUE, /* localFlag */
- &certStore,
- plContext));
-
-
- subTest("PKIX_ProcessingParams_AddCertStore");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
- (procParams, certStore, plContext));
-
- subTest("PKIX_ProcessingParams_SetRevocationEnabled");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_TRUE, plContext));
-
- subTest("PKIX_CertStore_GetCRLCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback
- (certStore,
- &crlCallback,
- NULL));
-
- subTest("Getting CRL by CRL Callback");
- PKIX_TEST_EXPECT_NO_ERROR(crlCallback
- (certStore,
- crlSelector,
- &nbioContext,
- &crlList,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (crlList,
- &numCrl,
- plContext));
-
- if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) {
- pkixTestErrorMsg = "unexpected CRL number mismatch";
- }
+ PKIX_CertStore_CRLCallback crlCallback;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ char *issuerName1 = "cn=science,o=mit,c=us";
+ char *issuerName2 = "cn=physics,o=mit,c=us";
+ char *issuerName3 = "cn=prof noall,o=mit,c=us";
+ char *issuerName4 = "cn=testing CRL,o=test,c=us";
+ PKIX_ComCRLSelParams *comCrlSelParams = NULL;
+ PKIX_CRLSelector *crlSelector = NULL;
+ PKIX_List *crlList = NULL;
+ PKIX_UInt32 numCrl = 0;
+ void *nbioContext = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_CollectionCertStore_Create");
+
+ /* Create CRLSelector, link in CollectionCertStore */
+
+ subTest("PKIX_ComCRLSelParams_AddIssuerNames");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&comCrlSelParams, plContext));
+
+ testAddIssuerName(comCrlSelParams, issuerName1);
+ testAddIssuerName(comCrlSelParams, issuerName2);
+ testAddIssuerName(comCrlSelParams, issuerName3);
+ testAddIssuerName(comCrlSelParams, issuerName4);
+
+ subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(testCRLSelectorMatchCallback,
+ NULL,
+ &crlSelector,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(crlSelector, comCrlSelParams, plContext));
+
+ /* Create CertStore, link in CRLSelector */
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+ subTest("PKIX_CertStore_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create(getCertCallback,
+ getCRLCallback,
+ getCertContinue,
+ getCRLContinue,
+ NULL, /* trustCallback */
+ (PKIX_PL_Object *)crlSelector, /* fake */
+ PKIX_FALSE, /* cacheFlag */
+ PKIX_TRUE, /* localFlag */
+ &certStore,
+ plContext));
+
+ subTest("PKIX_ProcessingParams_AddCertStore");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext));
+
+ subTest("PKIX_ProcessingParams_SetRevocationEnabled");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext));
+
+ subTest("PKIX_CertStore_GetCRLCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore,
+ &crlCallback,
+ NULL));
+
+ subTest("Getting CRL by CRL Callback");
+ PKIX_TEST_EXPECT_NO_ERROR(crlCallback(certStore,
+ crlSelector,
+ &nbioContext,
+ &crlList,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList,
+ &numCrl,
+ plContext));
+
+ if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) {
+ pkixTestErrorMsg = "unexpected CRL number mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(crlList);
- PKIX_TEST_DECREF_AC(comCrlSelParams);
- PKIX_TEST_DECREF_AC(crlSelector);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(crlList);
+ PKIX_TEST_DECREF_AC(comCrlSelParams);
+ PKIX_TEST_DECREF_AC(crlSelector);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (0);
+ return (0);
}
/*
@@ -357,108 +330,106 @@ cleanup:
* revocation check, CRL's are filtered based on the criteria set.
*/
-int test_customcrlchecker(int argc, char *argv[]){
-
- PKIX_List *chain = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_UInt32 actualMinorVersion;
- char *certNames[PKIX_TEST_MAX_CERTS];
- PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
- PKIX_UInt32 chainLength = 0;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 j = 0;
- PKIX_Boolean testValid = PKIX_TRUE;
- char *anchorName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 5) {
- printUsage1(argv[0]);
- return (0);
- }
+int
+test_customcrlchecker(int argc, char *argv[])
+{
- startTests("CRL Checker");
+ PKIX_List *chain = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ char *certNames[PKIX_TEST_MAX_CERTS];
+ PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+ PKIX_UInt32 chainLength = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_Boolean testValid = PKIX_TRUE;
+ char *anchorName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 5) {
+ printUsage1(argv[0]);
+ return (0);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ startTests("CRL Checker");
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
- testValid = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
- testValid = PKIX_FALSE;
- } else {
- printUsage1(argv[0]);
- return (0);
- }
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- chainLength = (argc - j) - 5;
- if (chainLength > PKIX_TEST_MAX_CERTS) {
- printUsageMax(chainLength);
- }
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage1(argv[0]);
+ return (0);
+ }
- for (i = 0; i < chainLength; i++) {
+ chainLength = (argc - j) - 5;
+ if (chainLength > PKIX_TEST_MAX_CERTS) {
+ printUsageMax(chainLength);
+ }
- certNames[i] = argv[(5 + j) +i];
- certs[i] = NULL;
- }
+ for (i = 0; i < chainLength; i++) {
- dirName = argv[3+j];
+ certNames[i] = argv[(5 + j) + i];
+ certs[i] = NULL;
+ }
- subTest(argv[1+j]);
+ dirName = argv[3 + j];
- subTest("Custom-CRL-Checker - Create Cert Chain");
+ subTest(argv[1 + j]);
- chain = createCertChainPlus
- (dirName, certNames, certs, chainLength, plContext);
+ subTest("Custom-CRL-Checker - Create Cert Chain");
- subTest("Custom-CRL-Checker - Create Params");
+ chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
- anchorName = argv[4+j];
+ subTest("Custom-CRL-Checker - Create Params");
- valParams = createValidateParams
- (dirName,
- anchorName,
- NULL,
- NULL,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
+ anchorName = argv[4 + j];
- subTest("Custom-CRL-Checker - Set Processing Params for CertStore");
+ valParams = createValidateParams(dirName,
+ anchorName,
+ NULL,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
- testCustomCertStore(valParams);
+ subTest("Custom-CRL-Checker - Set Processing Params for CertStore");
- subTest("Custom-CRL-Checker - Validate Chain");
+ testCustomCertStore(valParams);
- if (testValid == PKIX_TRUE) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
- } else {
- PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
- }
+ subTest("Custom-CRL-Checker - Validate Chain");
+
+ if (testValid == PKIX_TRUE) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+ } else {
+ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+ }
cleanup:
- PKIX_TEST_DECREF_AC(verifyString);
- PKIX_TEST_DECREF_AC(verifyTree);
- PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(verifyString);
+ PKIX_TEST_DECREF_AC(verifyTree);
+ PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("CRL Checker");
+ endTests("CRL Checker");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c b/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c
index 81690c244..3ce451317 100644
--- a/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c
+++ b/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c
@@ -11,106 +11,99 @@
#include "testutil.h"
#include "testutil_nss.h"
-#define PKIX_TEST_MAX_CERTS 10
+#define PKIX_TEST_MAX_CERTS 10
static void *plContext = NULL;
-static
-void printUsage1(char *pName){
- printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
- printf("crl-directory cert [certs].\n");
+static void
+printUsage1(char *pName)
+{
+ printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
+ printf("crl-directory cert [certs].\n");
}
-static
-void printUsageMax(PKIX_UInt32 numCerts){
- printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
- numCerts, PKIX_TEST_MAX_CERTS);
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+ printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+ numCerts, PKIX_TEST_MAX_CERTS);
}
static PKIX_Error *
getCertCallback(
- PKIX_CertStore *store,
- PKIX_CertSelector *certSelector,
- PKIX_List **pCerts,
- void *plContext)
+ PKIX_CertStore *store,
+ PKIX_CertSelector *certSelector,
+ PKIX_List **pCerts,
+ void *plContext)
{
- return (NULL);
+ return (NULL);
}
static PKIX_Error *
testDefaultMultipleCertStores(PKIX_ValidateParams *valParams,
- char *crlDir1,
- char *crlDir2)
+ char *crlDir1,
+ char *crlDir2)
{
- PKIX_PL_String *dirString1 = NULL;
- PKIX_PL_String *dirString2 = NULL;
- PKIX_CertStore *certStore1 = NULL;
- PKIX_CertStore *certStore2 = NULL;
- PKIX_List *certStoreList = NULL;
- PKIX_ProcessingParams *procParams = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_CollectionCertStore_Create");
-
- /* Create CollectionCertStore */
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- crlDir1,
- 0,
- &dirString1,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirString1,
- &certStore1,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- crlDir2,
- 0,
- &dirString2,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirString2,
- &certStore2,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
- (valParams, &procParams, plContext));
-
- /* Add multiple CollectionCertStores */
-
- subTest("PKIX_ProcessingParams_SetCertStores");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStoreList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (certStoreList, (PKIX_PL_Object *)certStore1, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
- (procParams, certStoreList, plContext));
-
- subTest("PKIX_ProcessingParams_AddCertStore");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
- (procParams, certStore2, plContext));
-
- subTest("PKIX_ProcessingParams_SetRevocationEnabled");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_TRUE, plContext));
+ PKIX_PL_String *dirString1 = NULL;
+ PKIX_PL_String *dirString2 = NULL;
+ PKIX_CertStore *certStore1 = NULL;
+ PKIX_CertStore *certStore2 = NULL;
+ PKIX_List *certStoreList = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_CollectionCertStore_Create");
+
+ /* Create CollectionCertStore */
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ crlDir1,
+ 0,
+ &dirString1,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString1,
+ &certStore1,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ crlDir2,
+ 0,
+ &dirString2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString2,
+ &certStore2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+ /* Add multiple CollectionCertStores */
+
+ subTest("PKIX_ProcessingParams_SetCertStores");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStoreList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStoreList, (PKIX_PL_Object *)certStore1, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStoreList, plContext));
+
+ subTest("PKIX_ProcessingParams_AddCertStore");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore2, plContext));
+
+ subTest("PKIX_ProcessingParams_SetRevocationEnabled");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(dirString1);
- PKIX_TEST_DECREF_AC(dirString2);
- PKIX_TEST_DECREF_AC(certStore1);
- PKIX_TEST_DECREF_AC(certStore2);
- PKIX_TEST_DECREF_AC(certStoreList);
- PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(dirString1);
+ PKIX_TEST_DECREF_AC(dirString2);
+ PKIX_TEST_DECREF_AC(certStore1);
+ PKIX_TEST_DECREF_AC(certStore2);
+ PKIX_TEST_DECREF_AC(certStoreList);
+ PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (0);
+ return (0);
}
/*
@@ -125,117 +118,113 @@ cleanup:
* required for revocation check to pass.
*/
-int test_defaultcrlchecker2stores(int argc, char *argv[]){
-
- PKIX_List *chain = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_UInt32 actualMinorVersion;
- char *certNames[PKIX_TEST_MAX_CERTS];
- PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
- PKIX_UInt32 chainLength = 0;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 j = 0;
- PKIX_Boolean testValid = PKIX_TRUE;
- char *dirName = NULL;
- char *anchorName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 6) {
- printUsage1(argv[0]);
- return (0);
- }
+int
+test_defaultcrlchecker2stores(int argc, char *argv[])
+{
- startTests("CRL Checker");
+ PKIX_List *chain = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ char *certNames[PKIX_TEST_MAX_CERTS];
+ PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+ PKIX_UInt32 chainLength = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_Boolean testValid = PKIX_TRUE;
+ char *dirName = NULL;
+ char *anchorName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 6) {
+ printUsage1(argv[0]);
+ return (0);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ startTests("CRL Checker");
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
- testValid = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
- testValid = PKIX_FALSE;
- } else {
- printUsage1(argv[0]);
- return (0);
- }
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- chainLength = (argc - j) - 7;
- if (chainLength > PKIX_TEST_MAX_CERTS) {
- printUsageMax(chainLength);
- }
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage1(argv[0]);
+ return (0);
+ }
- for (i = 0; i < chainLength; i++) {
+ chainLength = (argc - j) - 7;
+ if (chainLength > PKIX_TEST_MAX_CERTS) {
+ printUsageMax(chainLength);
+ }
- certNames[i] = argv[(7+j)+i];
- certs[i] = NULL;
- }
+ for (i = 0; i < chainLength; i++) {
+ certNames[i] = argv[(7 + j) + i];
+ certs[i] = NULL;
+ }
- subTest(argv[1+j]);
+ subTest(argv[1 + j]);
- subTest("Default-CRL-Checker");
+ subTest("Default-CRL-Checker");
- subTest("Default-CRL-Checker - Create Cert Chain");
+ subTest("Default-CRL-Checker - Create Cert Chain");
- dirName = argv[3+j];
+ dirName = argv[3 + j];
- chain = createCertChainPlus
- (dirName, certNames, certs, chainLength, plContext);
+ chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
- subTest("Default-CRL-Checker - Create Params");
+ subTest("Default-CRL-Checker - Create Params");
- anchorName = argv[6+j];
+ anchorName = argv[6 + j];
- valParams = createValidateParams
- (dirName,
- anchorName,
- NULL,
- NULL,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
+ valParams = createValidateParams(dirName,
+ anchorName,
+ NULL,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
- subTest("Multiple-CertStores");
+ subTest("Multiple-CertStores");
- testDefaultMultipleCertStores(valParams, argv[4+j], argv[5+j]);
+ testDefaultMultipleCertStores(valParams, argv[4 + j], argv[5 + j]);
- subTest("Default-CRL-Checker - Validate Chain");
+ subTest("Default-CRL-Checker - Validate Chain");
- if (testValid == PKIX_TRUE) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
- } else {
- PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
- }
+ if (testValid == PKIX_TRUE) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+ } else {
+ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
- (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+ (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
cleanup:
- PKIX_TEST_DECREF_AC(verifyString);
- PKIX_TEST_DECREF_AC(verifyTree);
+ PKIX_TEST_DECREF_AC(verifyString);
+ PKIX_TEST_DECREF_AC(verifyTree);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(chain);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("CRL Checker");
+ endTests("CRL Checker");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_ocsp.c b/cmd/libpkix/pkix/top/test_ocsp.c
index 98fd21e10..e97e57096 100644
--- a/cmd/libpkix/pkix/top/test_ocsp.c
+++ b/cmd/libpkix/pkix/top/test_ocsp.c
@@ -13,304 +13,276 @@
static void *plContext = NULL;
-static
-void printUsage(void){
- (void) printf("\nUSAGE:\nOcspChecker -d <certStoreDirectory> TestName "
- "[ENE|EE] <certLocationDirectory> <trustedCert> "
- "<targetCert>\n\n");
- (void) printf
- ("Validates a chain of certificates between "
- "<trustedCert> and <targetCert>\n"
- "using the certs and CRLs in <certLocationDirectory> and "
- "pkcs11 db from <certStoreDirectory>. "
- "If ENE is specified,\n"
- "then an Error is Not Expected. "
- "If EE is specified, an Error is Expected.\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\nOcspChecker -d <certStoreDirectory> TestName "
+ "[ENE|EE] <certLocationDirectory> <trustedCert> "
+ "<targetCert>\n\n");
+ (void)printf("Validates a chain of certificates between "
+ "<trustedCert> and <targetCert>\n"
+ "using the certs and CRLs in <certLocationDirectory> and "
+ "pkcs11 db from <certStoreDirectory>. "
+ "If ENE is specified,\n"
+ "then an Error is Not Expected. "
+ "If EE is specified, an Error is Expected.\n");
}
-static
-char *createFullPathName(
- char *dirName,
- char *certFile,
- void *plContext)
+static char *
+createFullPathName(
+ char *dirName,
+ char *certFile,
+ void *plContext)
{
- PKIX_UInt32 certFileLen;
- PKIX_UInt32 dirNameLen;
- char *certPathName = NULL;
+ PKIX_UInt32 certFileLen;
+ PKIX_UInt32 dirNameLen;
+ char *certPathName = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- certFileLen = PL_strlen(certFile);
- dirNameLen = PL_strlen(dirName);
+ certFileLen = PL_strlen(certFile);
+ dirNameLen = PL_strlen(dirName);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
- (dirNameLen + certFileLen + 2,
- (void **)&certPathName,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen +
+ certFileLen +
+ 2,
+ (void **)&certPathName,
+ plContext));
- PL_strcpy(certPathName, dirName);
- PL_strcat(certPathName, "/");
- PL_strcat(certPathName, certFile);
- printf("certPathName = %s\n", certPathName);
+ PL_strcpy(certPathName, dirName);
+ PL_strcat(certPathName, "/");
+ PL_strcat(certPathName, certFile);
+ printf("certPathName = %s\n", certPathName);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (certPathName);
+ return (certPathName);
}
static PKIX_Error *
testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
{
- PKIX_PL_String *dirString = NULL;
- PKIX_CertStore *certStore = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_PL_Date *validity = NULL;
- PKIX_List *revCheckers = NULL;
- PKIX_RevocationChecker *revChecker = NULL;
- PKIX_PL_Object *revCheckerContext = NULL;
- PKIX_OcspChecker *ocspChecker = NULL;
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_PL_Date *validity = NULL;
+ PKIX_List *revCheckers = NULL;
+ PKIX_RevocationChecker *revChecker = NULL;
+ PKIX_PL_Object *revCheckerContext = NULL;
+ PKIX_OcspChecker *ocspChecker = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_CollectionCertStoreContext_Create");
+ subTest("PKIX_PL_CollectionCertStoreContext_Create");
- /* Create CollectionCertStore */
+ /* Create CollectionCertStore */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirString, &certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
- /* Create CertStore */
+ /* Create CertStore */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
- (valParams, &procParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
- subTest("PKIX_ProcessingParams_AddCertStore");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
- (procParams, certStore, plContext));
+ subTest("PKIX_ProcessingParams_AddCertStore");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext));
- subTest("PKIX_ProcessingParams_SetRevocationEnabled");
+ subTest("PKIX_ProcessingParams_SetRevocationEnabled");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_FALSE, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
- /* create current Date */
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime
- (PR_Now(), &validity, plContext));
+ /* create current Date */
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validity, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
- /* create revChecker */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize
- (validity,
- NULL, /* pwArg */
- NULL, /* Use default responder */
- &revChecker,
- plContext));
+ /* create revChecker */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize(validity,
+ NULL, /* pwArg */
+ NULL, /* Use default responder */
+ &revChecker,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_GetRevCheckerContext
- (revChecker, &revCheckerContext, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_GetRevCheckerContext(revChecker, &revCheckerContext, plContext));
- /* Check that this object is a ocsp checker */
- PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType
- (revCheckerContext, PKIX_OCSPCHECKER_TYPE, plContext));
+ /* Check that this object is a ocsp checker */
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType(revCheckerContext, PKIX_OCSPCHECKER_TYPE, plContext));
- ocspChecker = (PKIX_OcspChecker *)revCheckerContext;
+ ocspChecker = (PKIX_OcspChecker *)revCheckerContext;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_SetVerifyFcn
- (ocspChecker,
- PKIX_PL_OcspResponse_UseBuildChain,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_SetVerifyFcn(ocspChecker,
+ PKIX_PL_OcspResponse_UseBuildChain,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (revCheckers, (PKIX_PL_Object *)revChecker, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
- (procParams, revCheckers, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(dirString);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(revCheckers);
- PKIX_TEST_DECREF_AC(revChecker);
- PKIX_TEST_DECREF_AC(ocspChecker);
- PKIX_TEST_DECREF_AC(validity);
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(revCheckers);
+ PKIX_TEST_DECREF_AC(revChecker);
+ PKIX_TEST_DECREF_AC(ocspChecker);
+ PKIX_TEST_DECREF_AC(validity);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (0);
+ return (0);
}
-int test_ocsp(int argc, char *argv[]){
-
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- PKIX_UInt32 k = 0;
- PKIX_UInt32 chainLength = 0;
- PKIX_Boolean testValid = PKIX_TRUE;
- PKIX_List *chainCerts = NULL;
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
- PKIX_PL_Cert *dirCert = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_PL_Cert *targetCert = NULL;
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_List *anchors = NULL;
- char *dirCertName = NULL;
- char *anchorCertName = NULL;
- char *dirName = NULL;
- char *databaseDir = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 5) {
- printUsage();
- return (0);
- }
-
- startTests("OcspChecker");
+int
+test_ocsp(int argc, char *argv[])
+{
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 k = 0;
+ PKIX_UInt32 chainLength = 0;
+ PKIX_Boolean testValid = PKIX_TRUE;
+ PKIX_List *chainCerts = NULL;
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+ PKIX_PL_Cert *dirCert = NULL;
+ PKIX_PL_Cert *trustedCert = NULL;
+ PKIX_PL_Cert *targetCert = NULL;
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_List *anchors = NULL;
+ char *dirCertName = NULL;
+ char *anchorCertName = NULL;
+ char *dirName = NULL;
+ char *databaseDir = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 5) {
+ printUsage();
+ return (0);
+ }
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
- testValid = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
- testValid = PKIX_FALSE;
- } else {
- printUsage();
- return (0);
- }
+ startTests("OcspChecker");
- subTest(argv[1+j]);
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- dirName = argv[3+j];
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage();
+ return (0);
+ }
- chainLength = argc - j - 5;
+ subTest(argv[1 + j]);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
+ dirName = argv[3 + j];
- for (k = 0; k < chainLength; k++) {
+ chainLength = argc - j - 5;
- dirCert = createCert(dirName, argv[5+k+j], plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
- if (k == 0) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object *)dirCert, plContext));
- targetCert = dirCert;
- }
+ for (k = 0; k < chainLength; k++) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (chainCerts, (PKIX_PL_Object *)dirCert, plContext));
+ dirCert = createCert(dirName, argv[5 + k + j], plContext);
- PKIX_TEST_DECREF_BC(dirCert);
+ if (k == 0) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+ targetCert = dirCert;
}
- /* create processing params with list of trust anchors */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext));
+
+ PKIX_TEST_DECREF_BC(dirCert);
+ }
- anchorCertName = argv[4+j];
- trustedCert = createCert(dirName, anchorCertName, plContext);
+ /* create processing params with list of trust anchors */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
- (trustedCert, &anchor, plContext));
+ anchorCertName = argv[4 + j];
+ trustedCert = createCert(dirName, anchorCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (anchors, (PKIX_PL_Object *)anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
- (anchors, &procParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
- /* create CertSelector with target certificate in params */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+ /* create CertSelector with target certificate in params */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetCertificate
- (certSelParams, targetCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create
- (procParams, chainCerts, &valParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
- testDefaultCertStore(valParams, dirName);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, chainCerts, &valParams, plContext));
- pkixTestErrorResult = PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext);
+ testDefaultCertStore(valParams, dirName);
+ pkixTestErrorResult = PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext);
- if (pkixTestErrorResult) {
- if (testValid == PKIX_FALSE) { /* EE */
- (void) printf("EXPECTED ERROR RECEIVED!\n");
- } else { /* ENE */
- testError("UNEXPECTED ERROR RECEIVED");
- }
- PKIX_TEST_DECREF_BC(pkixTestErrorResult);
- } else {
- if (testValid == PKIX_TRUE) { /* ENE */
- (void) printf("EXPECTED SUCCESSFUL VALIDATION!\n");
- } else { /* EE */
- (void) printf("UNEXPECTED SUCCESSFUL VALIDATION!\n");
- }
- }
+ if (pkixTestErrorResult) {
+ if (testValid == PKIX_FALSE) { /* EE */
+ (void)printf("EXPECTED ERROR RECEIVED!\n");
+ } else { /* ENE */
+ testError("UNEXPECTED ERROR RECEIVED");
+ }
+ PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+ } else {
+ if (testValid == PKIX_TRUE) { /* ENE */
+ (void)printf("EXPECTED SUCCESSFUL VALIDATION!\n");
+ } else { /* EE */
+ (void)printf("UNEXPECTED SUCCESSFUL VALIDATION!\n");
+ }
+ }
- subTest("Displaying VerifyTree");
+ subTest("Displaying VerifyTree");
- if (verifyTree == NULL) {
- (void) printf("VerifyTree is NULL\n");
- } else {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
- (void) printf("verifyTree is\n%s\n",
- verifyString->escAsciiString);
- PKIX_TEST_DECREF_BC(verifyString);
- PKIX_TEST_DECREF_BC(verifyTree);
- }
+ if (verifyTree == NULL) {
+ (void)printf("VerifyTree is NULL\n");
+ } else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+ (void)printf("verifyTree is\n%s\n",
+ verifyString->escAsciiString);
+ PKIX_TEST_DECREF_BC(verifyString);
+ PKIX_TEST_DECREF_BC(verifyTree);
+ }
cleanup:
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(certSelParams);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(chainCerts);
- PKIX_TEST_DECREF_AC(anchors);
- PKIX_TEST_DECREF_AC(anchor);
- PKIX_TEST_DECREF_AC(trustedCert);
- PKIX_TEST_DECREF_AC(targetCert);
- PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(certSelParams);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(chainCerts);
+ PKIX_TEST_DECREF_AC(anchors);
+ PKIX_TEST_DECREF_AC(anchor);
+ PKIX_TEST_DECREF_AC(trustedCert);
+ PKIX_TEST_DECREF_AC(targetCert);
+ PKIX_TEST_DECREF_AC(valResult);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("OcspChecker");
+ endTests("OcspChecker");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_policychecker.c b/cmd/libpkix/pkix/top/test_policychecker.c
index 2b59c69d7..1318f13ba 100644
--- a/cmd/libpkix/pkix/top/test_policychecker.c
+++ b/cmd/libpkix/pkix/top/test_policychecker.c
@@ -11,104 +11,101 @@
#include "testutil.h"
#include "testutil_nss.h"
-#define PKIX_TEST_MAX_CERTS 10
+#define PKIX_TEST_MAX_CERTS 10
static void *plContext = NULL;
-static
-void printUsage(char *testname) {
- char *fmt =
- "USAGE: %s testname"
- " [ENE|EE] \"{OID[:OID]*}\" [A|E|P] cert [cert]*\n"
- "(The quotes are needed around the OID argument for dbx.)\n"
- "(The optional arg A indicates initialAnyPolicyInhibit.)\n"
- "(The optional arg E indicates initialExplicitPolicy.)\n"
- "(The optional arg P indicates initialPolicyMappingInhibit.)\n";
- printf(fmt, testname);
+static void
+printUsage(char *testname)
+{
+ char *fmt =
+ "USAGE: %s testname"
+ " [ENE|EE] \"{OID[:OID]*}\" [A|E|P] cert [cert]*\n"
+ "(The quotes are needed around the OID argument for dbx.)\n"
+ "(The optional arg A indicates initialAnyPolicyInhibit.)\n"
+ "(The optional arg E indicates initialExplicitPolicy.)\n"
+ "(The optional arg P indicates initialPolicyMappingInhibit.)\n";
+ printf(fmt, testname);
}
-static
-void printUsageMax(PKIX_UInt32 numCerts)
+static void
+printUsageMax(PKIX_UInt32 numCerts)
{
- printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
- numCerts, PKIX_TEST_MAX_CERTS);
+ printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+ numCerts, PKIX_TEST_MAX_CERTS);
}
-static
-PKIX_List *policySetParse(char *policyString)
+static PKIX_List *
+policySetParse(char *policyString)
{
- char *p = NULL;
- char *oid = NULL;
- char c = '\0';
- PKIX_Boolean validString = PKIX_FALSE;
- PKIX_PL_OID *plOID = NULL;
- PKIX_List *policySet = NULL;
+ char *p = NULL;
+ char *oid = NULL;
+ char c = '\0';
+ PKIX_Boolean validString = PKIX_FALSE;
+ PKIX_PL_OID *plOID = NULL;
+ PKIX_List *policySet = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- p = policyString;
+ p = policyString;
- /*
+ /*
* There may or may not be quotes around the initial-policy-set
* string. If they are omitted, dbx will strip off the curly braces.
* If they are included, dbx will strip off the quotes, but if you
* are running directly from a script, without dbx, the quotes will
* not be stripped. We need to be able to handle both cases.
*/
- if (*p == '"') {
- p++;
+ if (*p == '"') {
+ p++;
+ }
+
+ if ('{' != *p++) {
+ return (NULL);
+ }
+ oid = p;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&policySet, plContext));
+
+ /* scan to the end of policyString */
+ while (!validString) {
+ /* scan to the end of the current OID string */
+ c = *oid;
+ while ((c != '\0') && (c != ':') && (c != '}')) {
+ c = *++oid;
}
- if ('{' != *p++) {
- return (NULL);
- }
- oid = p;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&policySet, plContext));
-
- /* scan to the end of policyString */
- while (!validString) {
- /* scan to the end of the current OID string */
- c = *oid;
- while ((c != '\0') && (c != ':') && (c != '}')) {
- c = *++oid;
- }
-
- if ((c != ':') || (c != '}')) {
- *oid = '\0'; /* store a null terminator */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (p, &plOID, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (policySet,
- (PKIX_PL_Object *)plOID,
- plContext));
-
- PKIX_TEST_DECREF_BC(plOID);
- plOID = NULL;
- if (c == '}') {
- /*
+ if ((c != ':') || (c != '}')) {
+ *oid = '\0'; /* store a null terminator */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(p, &plOID, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(policySet,
+ (PKIX_PL_Object *)plOID,
+ plContext));
+
+ PKIX_TEST_DECREF_BC(plOID);
+ plOID = NULL;
+ if (c == '}') {
+ /*
* Any exit but this one means
* we were given a badly-formed string.
*/
- validString = PKIX_TRUE;
- }
- p = ++oid;
- }
+ validString = PKIX_TRUE;
+ }
+ p = ++oid;
}
-
+ }
cleanup:
- if (!validString) {
- PKIX_TEST_DECREF_AC(plOID);
- PKIX_TEST_DECREF_AC(policySet);
- policySet = NULL;
- }
+ if (!validString) {
+ PKIX_TEST_DECREF_AC(plOID);
+ PKIX_TEST_DECREF_AC(policySet);
+ policySet = NULL;
+ }
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (policySet);
+ return (policySet);
}
/*
@@ -130,288 +127,270 @@ cleanup:
static void
treeToStringHelper(PKIX_PolicyNode *parent, char *expected)
{
- PKIX_PL_String *stringRep = NULL;
- char *actual = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_PL_String *stringRep = NULL;
+ char *actual = NULL;
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)parent, &stringRep, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parent, &stringRep, plContext));
- actual = PKIX_String2ASCII(stringRep, plContext);
- if (actual == NULL){
- pkixTestErrorMsg = "PKIX_String2ASCII Failed";
- goto cleanup;
- }
+ actual = PKIX_String2ASCII(stringRep, plContext);
+ if (actual == NULL) {
+ pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+ goto cleanup;
+ }
- if (PL_strcmp(actual, expected) != 0){
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%s\n", actual);
- (void) printf("Expected value:\t%s\n", expected);
- }
+ if (PL_strcmp(actual, expected) != 0) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%s\n", actual);
+ (void)printf("Expected value:\t%s\n", expected);
+ }
cleanup:
- PKIX_PL_Free(actual, plContext);
+ PKIX_PL_Free(actual, plContext);
- PKIX_TEST_DECREF_AC(stringRep);
+ PKIX_TEST_DECREF_AC(stringRep);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii){
+static void
+testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii)
+{
- PKIX_List *chain = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
+ PKIX_List *chain = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("Basic-Common-Fields <pass>");
- /*
+ subTest("Basic-Common-Fields <pass>");
+ /*
* Tests the Expiration, NameChaining, and Signature Checkers
*/
- chain = createCertChain(dirName, goodInput, diffInput, plContext);
+ chain = createCertChain(dirName, goodInput, diffInput, plContext);
- valParams = createValidateParams
- (dirName,
- goodInput,
- diffInput,
- dateAscii,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
+ valParams = createValidateParams(dirName,
+ goodInput,
+ diffInput,
+ dateAscii,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, NULL, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testNistTest1(char *dirName)
+static void
+testNistTest1(char *dirName)
{
-#define PKIX_TEST_NUM_CERTS 2
- char *trustAnchor =
- "TrustAnchorRootCertificate.crt";
- char *intermediateCert =
- "GoodCACert.crt";
- char *endEntityCert =
- "ValidCertificatePathTest1EE.crt";
- char *certNames[PKIX_TEST_NUM_CERTS];
- char *asciiAnyPolicy = "2.5.29.32.0";
- PKIX_PL_Cert *certs[PKIX_TEST_NUM_CERTS] = { NULL, NULL };
-
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_List *chain = NULL;
- PKIX_PL_OID *anyPolicyOID = NULL;
- PKIX_List *initialPolicies = NULL;
- char *anchorName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("testNistTest1: Creating the cert chain");
- /*
+#define PKIX_TEST_NUM_CERTS 2
+ char *trustAnchor =
+ "TrustAnchorRootCertificate.crt";
+ char *intermediateCert =
+ "GoodCACert.crt";
+ char *endEntityCert =
+ "ValidCertificatePathTest1EE.crt";
+ char *certNames[PKIX_TEST_NUM_CERTS];
+ char *asciiAnyPolicy = "2.5.29.32.0";
+ PKIX_PL_Cert *certs[PKIX_TEST_NUM_CERTS] = { NULL, NULL };
+
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_List *chain = NULL;
+ PKIX_PL_OID *anyPolicyOID = NULL;
+ PKIX_List *initialPolicies = NULL;
+ char *anchorName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("testNistTest1: Creating the cert chain");
+ /*
* Create a chain, but don't include the first certName.
* That's the anchor, and is supplied separately from
* the chain.
*/
- certNames[0] = intermediateCert;
- certNames[1] = endEntityCert;
- chain = createCertChainPlus
- (dirName, certNames, certs, PKIX_TEST_NUM_CERTS, plContext);
-
- subTest("testNistTest1: Creating the Validate Parameters");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (asciiAnyPolicy, &anyPolicyOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_Create(&initialPolicies, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (initialPolicies, (PKIX_PL_Object *)anyPolicyOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable
- (initialPolicies, plContext));
-
- valParams = createValidateParams
- (dirName,
- trustAnchor,
- NULL,
- NULL,
- initialPolicies,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
-
- subTest("testNistTest1: Validating the chain");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, NULL, plContext));
-
+ certNames[0] = intermediateCert;
+ certNames[1] = endEntityCert;
+ chain = createCertChainPlus(dirName, certNames, certs, PKIX_TEST_NUM_CERTS, plContext);
+
+ subTest("testNistTest1: Creating the Validate Parameters");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiAnyPolicy, &anyPolicyOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&initialPolicies, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(initialPolicies, (PKIX_PL_Object *)anyPolicyOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(initialPolicies, plContext));
+
+ valParams = createValidateParams(dirName,
+ trustAnchor,
+ NULL,
+ NULL,
+ initialPolicies,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
+
+ subTest("testNistTest1: Validating the chain");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
cleanup:
- PKIX_PL_Free(anchorName, plContext);
+ PKIX_PL_Free(anchorName, plContext);
- PKIX_TEST_DECREF_AC(anyPolicyOID);
- PKIX_TEST_DECREF_AC(initialPolicies);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(anyPolicyOID);
+ PKIX_TEST_DECREF_AC(initialPolicies);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testNistTest2(char *dirName)
+static void
+testNistTest2(char *dirName)
{
-#define PKIX_TEST_NUM_CERTS 2
- char *trustAnchor =
- "TrustAnchorRootCertificate.crt";
- char *intermediateCert =
- "GoodCACert.crt";
- char *endEntityCert =
- "ValidCertificatePathTest1EE.crt";
- char *certNames[PKIX_TEST_NUM_CERTS];
- char *asciiNist1Policy = "2.16.840.1.101.3.2.1.48.1";
- PKIX_PL_Cert *certs[PKIX_TEST_NUM_CERTS] = { NULL, NULL };
-
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_List *chain = NULL;
- PKIX_PL_OID *Nist1PolicyOID = NULL;
- PKIX_List *initialPolicies = NULL;
- char *anchorName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("testNistTest2: Creating the cert chain");
- /*
+#define PKIX_TEST_NUM_CERTS 2
+ char *trustAnchor =
+ "TrustAnchorRootCertificate.crt";
+ char *intermediateCert =
+ "GoodCACert.crt";
+ char *endEntityCert =
+ "ValidCertificatePathTest1EE.crt";
+ char *certNames[PKIX_TEST_NUM_CERTS];
+ char *asciiNist1Policy = "2.16.840.1.101.3.2.1.48.1";
+ PKIX_PL_Cert *certs[PKIX_TEST_NUM_CERTS] = { NULL, NULL };
+
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_List *chain = NULL;
+ PKIX_PL_OID *Nist1PolicyOID = NULL;
+ PKIX_List *initialPolicies = NULL;
+ char *anchorName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("testNistTest2: Creating the cert chain");
+ /*
* Create a chain, but don't include the first certName.
* That's the anchor, and is supplied separately from
* the chain.
*/
- certNames[0] = intermediateCert;
- certNames[1] = endEntityCert;
- chain = createCertChainPlus
- (dirName, certNames, certs, PKIX_TEST_NUM_CERTS, plContext);
-
- subTest("testNistTest2: Creating the Validate Parameters");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (asciiNist1Policy, &Nist1PolicyOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_Create(&initialPolicies, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (initialPolicies, (PKIX_PL_Object *)Nist1PolicyOID, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable
- (initialPolicies, plContext));
-
- valParams = createValidateParams
- (dirName,
- trustAnchor,
- NULL,
- NULL,
- initialPolicies,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
-
- subTest("testNistTest2: Validating the chain");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, NULL, plContext));
-
+ certNames[0] = intermediateCert;
+ certNames[1] = endEntityCert;
+ chain = createCertChainPlus(dirName, certNames, certs, PKIX_TEST_NUM_CERTS, plContext);
+
+ subTest("testNistTest2: Creating the Validate Parameters");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiNist1Policy, &Nist1PolicyOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&initialPolicies, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(initialPolicies, (PKIX_PL_Object *)Nist1PolicyOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(initialPolicies, plContext));
+
+ valParams = createValidateParams(dirName,
+ trustAnchor,
+ NULL,
+ NULL,
+ initialPolicies,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
+
+ subTest("testNistTest2: Validating the chain");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
cleanup:
- PKIX_PL_Free(anchorName, plContext);
+ PKIX_PL_Free(anchorName, plContext);
- PKIX_TEST_DECREF_AC(Nist1PolicyOID);
- PKIX_TEST_DECREF_AC(initialPolicies);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(Nist1PolicyOID);
+ PKIX_TEST_DECREF_AC(initialPolicies);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void printValidPolicyTree(PKIX_ValidateResult *valResult)
+static void
+printValidPolicyTree(PKIX_ValidateResult *valResult)
{
- PKIX_PolicyNode* validPolicyTree = NULL;
- PKIX_PL_String *treeString = NULL;
-
- PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree
- (valResult, &validPolicyTree, plContext));
- if (validPolicyTree) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)validPolicyTree,
- &treeString,
- plContext));
- (void) printf("validPolicyTree is\n\t%s\n",
- treeString->escAsciiString);
- } else {
- (void) printf("validPolicyTree is NULL\n");
- }
+ PKIX_PolicyNode *validPolicyTree = NULL;
+ PKIX_PL_String *treeString = NULL;
+
+ PKIX_TEST_STD_VARS();
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(valResult, &validPolicyTree, plContext));
+ if (validPolicyTree) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)validPolicyTree,
+ &treeString,
+ plContext));
+ (void)printf("validPolicyTree is\n\t%s\n",
+ treeString->escAsciiString);
+ } else {
+ (void)printf("validPolicyTree is NULL\n");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(validPolicyTree);
- PKIX_TEST_DECREF_AC(treeString);
+ PKIX_TEST_DECREF_AC(validPolicyTree);
+ PKIX_TEST_DECREF_AC(treeString);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_policychecker(int argc, char *argv[])
+int
+test_policychecker(int argc, char *argv[])
{
- PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE;
- PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE;
- PKIX_Boolean initialExplicitPolicy = PKIX_FALSE;
- PKIX_Boolean expectedResult = PKIX_FALSE;
- PKIX_UInt32 chainLength = 0;
- PKIX_UInt32 initArgs = 0;
- PKIX_UInt32 firstCert = 0;
- PKIX_UInt32 i = 0;
- PKIX_Int32 j = 0;
- PKIX_UInt32 actualMinorVersion;
- PKIX_ProcessingParams *procParams = NULL;
- char *firstTrustAnchor = "yassir2yassir";
- char *secondTrustAnchor = "yassir2bcn";
- char *dateAscii = "991201000000Z";
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_List *userInitialPolicySet = NULL; /* List of PKIX_PL_OID */
- char *certNames[PKIX_TEST_MAX_CERTS];
- PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
- PKIX_List *chain = NULL;
- PKIX_Error *validationError = NULL;
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
- char *dirName = NULL;
- char *dataCentralDir = NULL;
- char *anchorName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- /*
+ PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE;
+ PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE;
+ PKIX_Boolean initialExplicitPolicy = PKIX_FALSE;
+ PKIX_Boolean expectedResult = PKIX_FALSE;
+ PKIX_UInt32 chainLength = 0;
+ PKIX_UInt32 initArgs = 0;
+ PKIX_UInt32 firstCert = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_Int32 j = 0;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_ProcessingParams *procParams = NULL;
+ char *firstTrustAnchor = "yassir2yassir";
+ char *secondTrustAnchor = "yassir2bcn";
+ char *dateAscii = "991201000000Z";
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_List *userInitialPolicySet = NULL; /* List of PKIX_PL_OID */
+ char *certNames[PKIX_TEST_MAX_CERTS];
+ PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+ PKIX_List *chain = NULL;
+ PKIX_Error *validationError = NULL;
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+ char *dirName = NULL;
+ char *dataCentralDir = NULL;
+ char *anchorName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ /*
* Perform hard-coded tests if no command line args.
* If command line args are provided, they must be:
* arg[1]: test name
@@ -428,135 +407,129 @@ int test_policychecker(int argc, char *argv[])
* {2.5.29.32.0,2.5.29.32.3.6} Anchor CA EndEntity
*/
- dirName = argv[3+j];
- dataCentralDir = argv[4+j];
-
- if (argc <= 5 || ((6 == argc) && (j))) {
-
- testPass
- (dataCentralDir,
- firstTrustAnchor,
- secondTrustAnchor,
- dateAscii);
-
- testNistTest1(dirName);
-
- testNistTest2(dirName);
-
- goto cleanup;
- }
-
- if (argc < (7 + j)) {
- printUsage(argv[0]);
- pkixTestErrorMsg = "Invalid command line arguments.";
- goto cleanup;
- }
-
- if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
- expectedResult = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
- expectedResult = PKIX_FALSE;
+ dirName = argv[3 + j];
+ dataCentralDir = argv[4 + j];
+
+ if (argc <= 5 || ((6 == argc) && (j))) {
+
+ testPass(dataCentralDir,
+ firstTrustAnchor,
+ secondTrustAnchor,
+ dateAscii);
+
+ testNistTest1(dirName);
+
+ testNistTest2(dirName);
+
+ goto cleanup;
+ }
+
+ if (argc < (7 + j)) {
+ printUsage(argv[0]);
+ pkixTestErrorMsg = "Invalid command line arguments.";
+ goto cleanup;
+ }
+
+ if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+ expectedResult = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+ expectedResult = PKIX_FALSE;
+ } else {
+ printUsage(argv[0]);
+ pkixTestErrorMsg = "Invalid command line arguments.";
+ goto cleanup;
+ }
+
+ userInitialPolicySet = policySetParse(argv[5 + j]);
+ if (!userInitialPolicySet) {
+ printUsage(argv[0]);
+ pkixTestErrorMsg = "Invalid command line arguments.";
+ goto cleanup;
+ }
+
+ for (initArgs = 0; initArgs < 3; initArgs++) {
+ if (PORT_Strcmp(argv[6 + j + initArgs], "A") == 0) {
+ initialAnyPolicyInhibit = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[6 + j + initArgs], "E") == 0) {
+ initialExplicitPolicy = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[6 + j + initArgs], "P") == 0) {
+ initialPolicyMappingInhibit = PKIX_TRUE;
} else {
- printUsage(argv[0]);
- pkixTestErrorMsg = "Invalid command line arguments.";
- goto cleanup;
+ break;
}
+ }
- userInitialPolicySet = policySetParse(argv[5+j]);
- if (!userInitialPolicySet) {
- printUsage(argv[0]);
- pkixTestErrorMsg = "Invalid command line arguments.";
- goto cleanup;
- }
+ firstCert = initArgs + j + 6;
+ chainLength = argc - (firstCert + 1);
+ if (chainLength > PKIX_TEST_MAX_CERTS) {
+ printUsageMax(chainLength);
+ pkixTestErrorMsg = "Invalid command line arguments.";
+ goto cleanup;
+ }
- for (initArgs = 0; initArgs < 3; initArgs++) {
- if (PORT_Strcmp(argv[6+j+initArgs], "A") == 0) {
- initialAnyPolicyInhibit = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[6+j+initArgs], "E") == 0) {
- initialExplicitPolicy = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[6+j+initArgs], "P") == 0) {
- initialPolicyMappingInhibit = PKIX_TRUE;
- } else {
- break;
- }
- }
-
- firstCert = initArgs + j + 6;
- chainLength = argc - (firstCert + 1);
- if (chainLength > PKIX_TEST_MAX_CERTS) {
- printUsageMax(chainLength);
- pkixTestErrorMsg = "Invalid command line arguments.";
- goto cleanup;
- }
-
- /*
+ /*
* Create a chain, but don't include the first certName.
* That's the anchor, and is supplied separately from
* the chain.
*/
- for (i = 0; i < chainLength; i++) {
-
- certNames[i] = argv[i + (firstCert + 1)];
- certs[i] = NULL;
- }
- chain = createCertChainPlus
- (dirName, certNames, certs, chainLength, plContext);
-
- subTest(argv[1+j]);
-
- valParams = createValidateParams
- (dirName,
- argv[firstCert],
- NULL,
- NULL,
- userInitialPolicySet,
- initialPolicyMappingInhibit,
- initialAnyPolicyInhibit,
- initialExplicitPolicy,
- PKIX_FALSE,
- chain,
- plContext);
-
- if (expectedResult == PKIX_TRUE) {
- subTest(" (expecting successful validation)");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
-
- printValidPolicyTree(valResult);
-
- } else {
- subTest(" (expecting validation to fail)");
- validationError = PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext);
- if (!validationError) {
- printValidPolicyTree(valResult);
- pkixTestErrorMsg = "Should have thrown an error here.";
- }
- PKIX_TEST_DECREF_BC(validationError);
+ for (i = 0; i < chainLength; i++) {
+
+ certNames[i] = argv[i + (firstCert + 1)];
+ certs[i] = NULL;
+ }
+ chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
+
+ subTest(argv[1 + j]);
+
+ valParams = createValidateParams(dirName,
+ argv[firstCert],
+ NULL,
+ NULL,
+ userInitialPolicySet,
+ initialPolicyMappingInhibit,
+ initialAnyPolicyInhibit,
+ initialExplicitPolicy,
+ PKIX_FALSE,
+ chain,
+ plContext);
+
+ if (expectedResult == PKIX_TRUE) {
+ subTest(" (expecting successful validation)");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+
+ printValidPolicyTree(valResult);
+
+ } else {
+ subTest(" (expecting validation to fail)");
+ validationError = PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext);
+ if (!validationError) {
+ printValidPolicyTree(valResult);
+ pkixTestErrorMsg = "Should have thrown an error here.";
}
+ PKIX_TEST_DECREF_BC(validationError);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
- (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+ (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
cleanup:
- PKIX_PL_Free(anchorName, plContext);
+ PKIX_PL_Free(anchorName, plContext);
- PKIX_TEST_DECREF_AC(verifyString);
- PKIX_TEST_DECREF_AC(verifyTree);
- PKIX_TEST_DECREF_AC(userInitialPolicySet);
- PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_DECREF_AC(validationError);
+ PKIX_TEST_DECREF_AC(verifyString);
+ PKIX_TEST_DECREF_AC(verifyTree);
+ PKIX_TEST_DECREF_AC(userInitialPolicySet);
+ PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(validationError);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("PolicyChecker");
+ endTests("PolicyChecker");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_subjaltnamechecker.c b/cmd/libpkix/pkix/top/test_subjaltnamechecker.c
index 239e1e13c..3f9711e69 100644
--- a/cmd/libpkix/pkix/top/test_subjaltnamechecker.c
+++ b/cmd/libpkix/pkix/top/test_subjaltnamechecker.c
@@ -18,249 +18,244 @@
#include "testutil.h"
#include "testutil_nss.h"
-#define PKIX_TEST_MAX_CERTS 10
+#define PKIX_TEST_MAX_CERTS 10
static void *plContext = NULL;
-static
-void printUsage1(char *pName){
- printf("\nUSAGE: %s test-name [ENE|EE] ", pName);
- printf("cert [certs].\n");
+static void
+printUsage1(char *pName)
+{
+ printf("\nUSAGE: %s test-name [ENE|EE] ", pName);
+ printf("cert [certs].\n");
}
-static
-void printUsage2(char *name) {
- printf("\ninvalid test-name syntax - %s", name);
- printf("\ntest-name syntax: [01][DNORU]:<name>+...");
- printf("\n [01] 1 - match all; 0 - match one");
- printf("\n name - type can be specified as");
- printf("\n [DNORU] D-Directory name");
- printf("\n N-DNS name");
- printf("\n O-OID name");
- printf("\n R-RFC822 name");
- printf("\n U-URI name");
- printf("\n + separator for more names\n\n");
+static void
+printUsage2(char *name)
+{
+ printf("\ninvalid test-name syntax - %s", name);
+ printf("\ntest-name syntax: [01][DNORU]:<name>+...");
+ printf("\n [01] 1 - match all; 0 - match one");
+ printf("\n name - type can be specified as");
+ printf("\n [DNORU] D-Directory name");
+ printf("\n N-DNS name");
+ printf("\n O-OID name");
+ printf("\n R-RFC822 name");
+ printf("\n U-URI name");
+ printf("\n + separator for more names\n\n");
}
-static
-void printUsageMax(PKIX_UInt32 numCerts){
- printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
- numCerts, PKIX_TEST_MAX_CERTS);
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+ printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+ numCerts, PKIX_TEST_MAX_CERTS);
}
-static
-PKIX_UInt32 getNameType(char *name){
- PKIX_UInt32 nameType;
+static PKIX_UInt32
+getNameType(char *name)
+{
+ PKIX_UInt32 nameType;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- switch (*name) {
+ switch (*name) {
case 'D':
- nameType = PKIX_DIRECTORY_NAME;
- break;
+ nameType = PKIX_DIRECTORY_NAME;
+ break;
case 'N':
- nameType = PKIX_DNS_NAME;
- break;
+ nameType = PKIX_DNS_NAME;
+ break;
case 'O':
- nameType = PKIX_OID_NAME;
- break;
+ nameType = PKIX_OID_NAME;
+ break;
case 'R':
- nameType = PKIX_RFC822_NAME;
- break;
+ nameType = PKIX_RFC822_NAME;
+ break;
case 'U':
- nameType = PKIX_URI_NAME;
- break;
+ nameType = PKIX_URI_NAME;
+ break;
default:
- printUsage2(name);
- nameType = 0xFFFF;
- }
+ printUsage2(name);
+ nameType = 0xFFFF;
+ }
- goto cleanup;
+ goto cleanup;
cleanup:
- PKIX_TEST_RETURN();
- return (nameType);
+ PKIX_TEST_RETURN();
+ return (nameType);
}
-int test_subjaltnamechecker(int argc, char *argv[]){
-
- PKIX_List *chain = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *selParams = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_PL_GeneralName *name = NULL;
- PKIX_UInt32 actualMinorVersion;
- char *certNames[PKIX_TEST_MAX_CERTS];
- PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
- PKIX_UInt32 chainLength = 0;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 j = 0;
- char *nameStr;
- char *nameEnd;
- char *names[PKIX_TEST_MAX_CERTS];
- PKIX_UInt32 numNames = 0;
- PKIX_UInt32 nameType;
- PKIX_Boolean matchAll = PKIX_TRUE;
- PKIX_Boolean testValid = PKIX_TRUE;
- char *dirName = NULL;
- char *anchorName = NULL;
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 5) {
- printUsage1(argv[0]);
- return (0);
- }
+int
+test_subjaltnamechecker(int argc, char *argv[])
+{
+
+ PKIX_List *chain = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *selParams = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_PL_GeneralName *name = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ char *certNames[PKIX_TEST_MAX_CERTS];
+ PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+ PKIX_UInt32 chainLength = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ char *nameStr;
+ char *nameEnd;
+ char *names[PKIX_TEST_MAX_CERTS];
+ PKIX_UInt32 numNames = 0;
+ PKIX_UInt32 nameType;
+ PKIX_Boolean matchAll = PKIX_TRUE;
+ PKIX_Boolean testValid = PKIX_TRUE;
+ char *dirName = NULL;
+ char *anchorName = NULL;
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 5) {
+ printUsage1(argv[0]);
+ return (0);
+ }
- startTests("SubjAltNameConstraintChecker");
+ startTests("SubjAltNameConstraintChecker");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- j++; /* skip test-purpose string */
+ j++; /* skip test-purpose string */
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
- testValid = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
- testValid = PKIX_FALSE;
- } else {
- printUsage1(argv[0]);
- return (0);
- }
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage1(argv[0]);
+ return (0);
+ }
- /* taking out leading and trailing ", if any */
- nameStr = argv[1+j];
- subTest(nameStr);
- if (*nameStr == '"'){
- nameStr++;
- nameEnd = nameStr;
- while (*nameEnd != '"' && *nameEnd != '\0') {
- nameEnd++;
- }
- *nameEnd = '\0';
+ /* taking out leading and trailing ", if any */
+ nameStr = argv[1 + j];
+ subTest(nameStr);
+ if (*nameStr == '"') {
+ nameStr++;
+ nameEnd = nameStr;
+ while (*nameEnd != '"' && *nameEnd != '\0') {
+ nameEnd++;
+ }
+ *nameEnd = '\0';
+ }
+
+ /* extract first [0|1] inidcating matchAll or not */
+ matchAll = (*nameStr == '0') ? PKIX_FALSE : PKIX_TRUE;
+ nameStr++;
+
+ numNames = 0;
+ while (*nameStr != '\0') {
+ names[numNames++] = nameStr;
+ while (*nameStr != '+' && *nameStr != '\0') {
+ nameStr++;
}
+ if (*nameStr == '+') {
+ *nameStr = '\0';
+ nameStr++;
+ }
+ }
- /* extract first [0|1] inidcating matchAll or not */
- matchAll = (*nameStr == '0')?PKIX_FALSE:PKIX_TRUE;
- nameStr++;
+ chainLength = (argc - j) - 4;
+ if (chainLength > PKIX_TEST_MAX_CERTS) {
+ printUsageMax(chainLength);
+ }
- numNames = 0;
- while (*nameStr != '\0') {
- names[numNames++] = nameStr;
- while (*nameStr != '+' && *nameStr != '\0') {
- nameStr++;
- }
- if (*nameStr == '+') {
- *nameStr = '\0';
- nameStr++;
- }
- }
+ for (i = 0; i < chainLength; i++) {
+ certNames[i] = argv[(4 + j) + i];
+ certs[i] = NULL;
+ }
- chainLength = (argc - j) - 4;
- if (chainLength > PKIX_TEST_MAX_CERTS) {
- printUsageMax(chainLength);
- }
+ /* SubjAltName for validation */
- for (i = 0; i < chainLength; i++) {
- certNames[i] = argv[(4+j)+i];
- certs[i] = NULL;
- }
+ subTest("Add Subject Alt Name for NameConstraint checking");
+
+ subTest("Create Selector and ComCertSelParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, selParams, plContext));
- /* SubjAltName for validation */
-
- subTest("Add Subject Alt Name for NameConstraint checking");
-
- subTest("Create Selector and ComCertSelParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&selParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, selParams, plContext));
-
- subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames
- (selParams, matchAll, plContext));
-
- subTest("PKIX_ComCertSelParams_AddSubjAltName(s)");
- for (i = 0; i < numNames; i++) {
- nameType = getNameType(names[i]);
- if (nameType == 0xFFFF) {
- return (0);
- }
- nameStr = names[i] + 2;
- name = createGeneralName(nameType, nameStr, plContext);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName
- (selParams, name, plContext));
- PKIX_TEST_DECREF_BC(name);
+ subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(selParams, matchAll, plContext));
+
+ subTest("PKIX_ComCertSelParams_AddSubjAltName(s)");
+ for (i = 0; i < numNames; i++) {
+ nameType = getNameType(names[i]);
+ if (nameType == 0xFFFF) {
+ return (0);
}
+ nameStr = names[i] + 2;
+ name = createGeneralName(nameType, nameStr, plContext);
- subTest("SubjAltName-Constraints - Create Cert Chain");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(selParams, name, plContext));
+ PKIX_TEST_DECREF_BC(name);
+ }
- dirName = argv[3+j];
+ subTest("SubjAltName-Constraints - Create Cert Chain");
- chain = createCertChainPlus
- (dirName, certNames, certs, chainLength, plContext);
+ dirName = argv[3 + j];
- subTest("SubjAltName-Constraints - Create Params");
+ chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
- valParams = createValidateParams
- (dirName,
- argv[4+j],
- NULL,
- NULL,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
+ subTest("SubjAltName-Constraints - Create Params");
- subTest("PKIX_ValidateParams_getProcessingParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
- (valParams, &procParams, plContext));
+ valParams = createValidateParams(dirName,
+ argv[4 +
+ j],
+ NULL,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
- subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, selector, plContext));
+ subTest("PKIX_ValidateParams_getProcessingParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
- subTest("Subject Alt Name - Validate Chain");
+ subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, selector, plContext));
- if (testValid == PKIX_TRUE) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
- } else {
- PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
- }
+ subTest("Subject Alt Name - Validate Chain");
+
+ if (testValid == PKIX_TRUE) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+ } else {
+ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+ }
cleanup:
- PKIX_PL_Free(anchorName, plContext);
+ PKIX_PL_Free(anchorName, plContext);
- PKIX_TEST_DECREF_AC(verifyString);
- PKIX_TEST_DECREF_AC(verifyTree);
- PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_DECREF_AC(selector);
- PKIX_TEST_DECREF_AC(selParams);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(name);
+ PKIX_TEST_DECREF_AC(verifyString);
+ PKIX_TEST_DECREF_AC(verifyTree);
+ PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(selector);
+ PKIX_TEST_DECREF_AC(selParams);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(name);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("SubjAltNameConstraintsChecker");
+ endTests("SubjAltNameConstraintsChecker");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_validatechain.c b/cmd/libpkix/pkix/top/test_validatechain.c
index 33e4fa909..98cb7b018 100644
--- a/cmd/libpkix/pkix/top/test_validatechain.c
+++ b/cmd/libpkix/pkix/top/test_validatechain.c
@@ -13,220 +13,209 @@
static void *plContext = NULL;
-static
-void printUsage(void){
- (void) printf("\nUSAGE:\nvalidateChain TestName [ENE|EE] "
- "<certStoreDirectory> <trustedCert> <targetCert>\n\n");
- (void) printf
- ("Validates a chain of certificates between "
- "<trustedCert> and <targetCert>\n"
- "using the certs and CRLs in <certStoreDirectory>. "
- "If ENE is specified,\n"
- "then an Error is Not Expected. "
- "If EE is specified, an Error is Expected.\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\nvalidateChain TestName [ENE|EE] "
+ "<certStoreDirectory> <trustedCert> <targetCert>\n\n");
+ (void)printf("Validates a chain of certificates between "
+ "<trustedCert> and <targetCert>\n"
+ "using the certs and CRLs in <certStoreDirectory>. "
+ "If ENE is specified,\n"
+ "then an Error is Not Expected. "
+ "If EE is specified, an Error is Expected.\n");
}
-static
-char *createFullPathName(
- char *dirName,
- char *certFile,
- void *plContext)
+static char *
+createFullPathName(
+ char *dirName,
+ char *certFile,
+ void *plContext)
{
- PKIX_UInt32 certFileLen;
- PKIX_UInt32 dirNameLen;
- char *certPathName = NULL;
+ PKIX_UInt32 certFileLen;
+ PKIX_UInt32 dirNameLen;
+ char *certPathName = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- certFileLen = PL_strlen(certFile);
- dirNameLen = PL_strlen(dirName);
+ certFileLen = PL_strlen(certFile);
+ dirNameLen = PL_strlen(dirName);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
- (dirNameLen + certFileLen + 2,
- (void **)&certPathName,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen +
+ certFileLen +
+ 2,
+ (void **)&certPathName,
+ plContext));
- PL_strcpy(certPathName, dirName);
- PL_strcat(certPathName, "/");
- PL_strcat(certPathName, certFile);
- printf("certPathName = %s\n", certPathName);
+ PL_strcpy(certPathName, dirName);
+ PL_strcat(certPathName, "/");
+ PL_strcat(certPathName, certFile);
+ printf("certPathName = %s\n", certPathName);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (certPathName);
+ return (certPathName);
}
static PKIX_Error *
testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
{
- PKIX_PL_String *dirString = NULL;
- PKIX_CertStore *certStore = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_PL_Date *validity = NULL;
- PKIX_List *revCheckers = NULL;
- PKIX_RevocationChecker *ocspChecker = NULL;
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_PL_Date *validity = NULL;
+ PKIX_List *revCheckers = NULL;
+ PKIX_RevocationChecker *ocspChecker = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_CollectionCertStoreContext_Create");
+ subTest("PKIX_PL_CollectionCertStoreContext_Create");
- /* Create CollectionCertStore */
+ /* Create CollectionCertStore */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirString, &certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
- /* Create CertStore */
+ /* Create CertStore */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
- (valParams, &procParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
- subTest("PKIX_ProcessingParams_AddCertStore");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
- (procParams, certStore, plContext));
+ subTest("PKIX_ProcessingParams_AddCertStore");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext));
- subTest("PKIX_ProcessingParams_SetRevocationEnabled");
+ subTest("PKIX_ProcessingParams_SetRevocationEnabled");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_TRUE, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext));
- /* create current Date */
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime
- (PR_Now(), &validity, plContext));
+ /* create current Date */
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validity, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
- /* create revChecker */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize
- (validity,
- NULL, /* pwArg */
- NULL, /* Use default responder */
- &ocspChecker,
- plContext));
+ /* create revChecker */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize(validity,
+ NULL, /* pwArg */
+ NULL, /* Use default responder */
+ &ocspChecker,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (revCheckers, (PKIX_PL_Object *)ocspChecker, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)ocspChecker, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
- (procParams, revCheckers, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(dirString);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(revCheckers);
- PKIX_TEST_DECREF_AC(ocspChecker);
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(revCheckers);
+ PKIX_TEST_DECREF_AC(ocspChecker);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (0);
+ return (0);
}
-int test_validatechain(int argc, char *argv[]){
-
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- PKIX_UInt32 k = 0;
- PKIX_UInt32 chainLength = 0;
- PKIX_Boolean testValid = PKIX_TRUE;
- PKIX_List *chainCerts = NULL;
- PKIX_PL_Cert *dirCert = NULL;
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
- char *dirCertName = NULL;
- char *anchorCertName = NULL;
- char *dirName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 5) {
- printUsage();
- return (0);
- }
-
- startTests("ValidateChain");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
- testValid = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
- testValid = PKIX_FALSE;
- } else {
- printUsage();
- return (0);
- }
-
- subTest(argv[1+j]);
-
- dirName = argv[3+j];
-
- chainLength = argc - j - 5;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
-
- for (k = 0; k < chainLength; k++) {
-
- dirCert = createCert(dirName, argv[5+k+j], plContext);
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (chainCerts, (PKIX_PL_Object *)dirCert, plContext));
-
- PKIX_TEST_DECREF_BC(dirCert);
- }
-
- valParams = createValidateParams
- (dirName,
- argv[4+j],
- NULL,
- NULL,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chainCerts,
- plContext);
-
- testDefaultCertStore(valParams, dirName);
-
- if (testValid == PKIX_TRUE) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
- } else {
- PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
- }
-
- subTest("Displaying VerifyNode objects");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
- (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+int
+test_validatechain(int argc, char *argv[])
+{
+
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 k = 0;
+ PKIX_UInt32 chainLength = 0;
+ PKIX_Boolean testValid = PKIX_TRUE;
+ PKIX_List *chainCerts = NULL;
+ PKIX_PL_Cert *dirCert = NULL;
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+ char *dirCertName = NULL;
+ char *anchorCertName = NULL;
+ char *dirName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 5) {
+ printUsage();
+ return (0);
+ }
+
+ startTests("ValidateChain");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage();
+ return (0);
+ }
+
+ subTest(argv[1 + j]);
+
+ dirName = argv[3 + j];
+
+ chainLength = argc - j - 5;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
+
+ for (k = 0; k < chainLength; k++) {
+
+ dirCert = createCert(dirName, argv[5 + k + j], plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext));
+
+ PKIX_TEST_DECREF_BC(dirCert);
+ }
+
+ valParams = createValidateParams(dirName,
+ argv[4 +
+ j],
+ NULL,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chainCerts,
+ plContext);
+
+ testDefaultCertStore(valParams, dirName);
+
+ if (testValid == PKIX_TRUE) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+ } else {
+ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+ }
+
+ subTest("Displaying VerifyNode objects");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+ (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
cleanup:
- PKIX_TEST_DECREF_AC(verifyString);
- PKIX_TEST_DECREF_AC(verifyTree);
+ PKIX_TEST_DECREF_AC(verifyString);
+ PKIX_TEST_DECREF_AC(verifyTree);
- PKIX_TEST_DECREF_AC(chainCerts);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(chainCerts);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("ValidateChain");
+ endTests("ValidateChain");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_validatechain_NB.c b/cmd/libpkix/pkix/top/test_validatechain_NB.c
index e01930286..ad73a5df7 100644
--- a/cmd/libpkix/pkix/top/test_validatechain_NB.c
+++ b/cmd/libpkix/pkix/top/test_validatechain_NB.c
@@ -13,357 +13,339 @@
static void *plContext = NULL;
-static
-void printUsage(void){
- (void) printf("\nUSAGE:\ntest_validateChain_NB TestName [ENE|EE] "
- "<certStoreDirectory> <trustedCert> <targetCert>\n\n");
- (void) printf
- ("Validates a chain of certificates between "
- "<trustedCert> and <targetCert>\n"
- "using the certs and CRLs in <certStoreDirectory>. "
- "If ENE is specified,\n"
- "then an Error is Not Expected. "
- "If EE is specified, an Error is Expected.\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ntest_validateChain_NB TestName [ENE|EE] "
+ "<certStoreDirectory> <trustedCert> <targetCert>\n\n");
+ (void)printf("Validates a chain of certificates between "
+ "<trustedCert> and <targetCert>\n"
+ "using the certs and CRLs in <certStoreDirectory>. "
+ "If ENE is specified,\n"
+ "then an Error is Not Expected. "
+ "If EE is specified, an Error is Expected.\n");
}
-static
-char *createFullPathName(
- char *dirName,
- char *certFile,
- void *plContext)
+static char *
+createFullPathName(
+ char *dirName,
+ char *certFile,
+ void *plContext)
{
- PKIX_UInt32 certFileLen;
- PKIX_UInt32 dirNameLen;
- char *certPathName = NULL;
+ PKIX_UInt32 certFileLen;
+ PKIX_UInt32 dirNameLen;
+ char *certPathName = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- certFileLen = PL_strlen(certFile);
- dirNameLen = PL_strlen(dirName);
+ certFileLen = PL_strlen(certFile);
+ dirNameLen = PL_strlen(dirName);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
- (dirNameLen + certFileLen + 2,
- (void **)&certPathName,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen +
+ certFileLen +
+ 2,
+ (void **)&certPathName,
+ plContext));
- PL_strcpy(certPathName, dirName);
- PL_strcat(certPathName, "/");
- PL_strcat(certPathName, certFile);
- printf("certPathName = %s\n", certPathName);
+ PL_strcpy(certPathName, dirName);
+ PL_strcat(certPathName, "/");
+ PL_strcat(certPathName, certFile);
+ printf("certPathName = %s\n", certPathName);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (certPathName);
+ return (certPathName);
}
static PKIX_Error *
testSetupCertStore(PKIX_ValidateParams *valParams, char *ldapName)
{
- PKIX_PL_String *dirString = NULL;
- PKIX_CertStore *certStore = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_PL_LdapDefaultClient *ldapClient = NULL;
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_PL_LdapDefaultClient *ldapClient = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_CollectionCertStoreContext_Create");
+ subTest("PKIX_PL_CollectionCertStoreContext_Create");
- /* Create LDAPCertStore */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName
- (ldapName,
- 0, /* timeout */
- NULL, /* bindPtr */
- &ldapClient,
- plContext));
+ /* Create LDAPCertStore */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(ldapName,
+ 0, /* timeout */
+ NULL, /* bindPtr */
+ &ldapClient,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create
- ((PKIX_PL_LdapClient *)ldapClient,
- &certStore,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient,
+ &certStore,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
- (valParams, &procParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
- subTest("PKIX_ProcessingParams_AddCertStore");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
- (procParams, certStore, plContext));
+ subTest("PKIX_ProcessingParams_AddCertStore");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext));
- subTest("PKIX_ProcessingParams_SetRevocationEnabled");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_TRUE, plContext));
+ subTest("PKIX_ProcessingParams_SetRevocationEnabled");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(dirString);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(ldapClient);
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(ldapClient);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (0);
+ return (0);
}
static char *levels[] = {
- "None", "Fatal Error", "Error", "Warning", "Debug", "Trace"
+ "None", "Fatal Error", "Error", "Warning", "Debug", "Trace"
};
-static PKIX_Error *loggerCallback(
- PKIX_Logger *logger,
- PKIX_PL_String *message,
- PKIX_UInt32 logLevel,
- PKIX_ERRORCLASS logComponent,
- void *plContext)
+static PKIX_Error *
+loggerCallback(
+ PKIX_Logger *logger,
+ PKIX_PL_String *message,
+ PKIX_UInt32 logLevel,
+ PKIX_ERRORCLASS logComponent,
+ void *plContext)
{
#define resultSize 150
- char *msg = NULL;
- char result[resultSize];
+ char *msg = NULL;
+ char result[resultSize];
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- msg = PKIX_String2ASCII(message, plContext);
- PR_snprintf(result, resultSize,
- "Logging %s (%s): %s",
- levels[logLevel],
- PKIX_ERRORCLASSNAMES[logComponent],
- msg);
- subTest(result);
+ msg = PKIX_String2ASCII(message, plContext);
+ PR_snprintf(result, resultSize,
+ "Logging %s (%s): %s",
+ levels[logLevel],
+ PKIX_ERRORCLASSNAMES[logComponent],
+ msg);
+ subTest(result);
cleanup:
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext));
- PKIX_TEST_RETURN();
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext));
+ PKIX_TEST_RETURN();
}
-static
-void testLogErrors(
- PKIX_ERRORCLASS module,
- PKIX_UInt32 loggingLevel,
- PKIX_List *loggers,
- void *plContext)
+static void
+testLogErrors(
+ PKIX_ERRORCLASS module,
+ PKIX_UInt32 loggingLevel,
+ PKIX_List *loggers,
+ void *plContext)
{
- PKIX_Logger *logger = NULL;
- PKIX_PL_String *component = NULL;
+ PKIX_Logger *logger = NULL;
+ PKIX_PL_String *component = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_Create
- (loggerCallback, NULL, &logger, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent
- (logger, module, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel
- (logger, loggingLevel, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (loggers, (PKIX_PL_Object *) logger, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_Create(loggerCallback, NULL, &logger, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger, module, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger, loggingLevel, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(loggers, (PKIX_PL_Object *)logger, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(logger);
- PKIX_TEST_DECREF_AC(component);
+ PKIX_TEST_DECREF_AC(logger);
+ PKIX_TEST_DECREF_AC(component);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_validatechain_NB(int argc, char *argv[]){
-
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- PKIX_UInt32 k = 0;
- PKIX_UInt32 chainLength = 0;
- PKIX_Boolean testValid = PKIX_TRUE;
- PKIX_List *chainCerts = NULL;
- PKIX_PL_Cert *dirCert = NULL;
- char *dirCertName = NULL;
- char *anchorCertName = NULL;
- char *dirName = NULL;
- PKIX_UInt32 certIndex = 0;
- PKIX_UInt32 anchorIndex = 0;
- PKIX_UInt32 checkerIndex = 0;
- PKIX_Boolean revChecking = PKIX_FALSE;
- PKIX_List *checkers = NULL;
- PRPollDesc *pollDesc = NULL;
- PRErrorCode errorCode = 0;
- PKIX_PL_Socket *socket = NULL;
- char *ldapName = NULL;
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
-
- PKIX_List *loggers = NULL;
- PKIX_Logger *logger = NULL;
- char *logging = NULL;
- PKIX_PL_String *component = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 5) {
- printUsage();
- return (0);
- }
+int
+test_validatechain_NB(int argc, char *argv[])
+{
- startTests("ValidateChain_NB");
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 k = 0;
+ PKIX_UInt32 chainLength = 0;
+ PKIX_Boolean testValid = PKIX_TRUE;
+ PKIX_List *chainCerts = NULL;
+ PKIX_PL_Cert *dirCert = NULL;
+ char *dirCertName = NULL;
+ char *anchorCertName = NULL;
+ char *dirName = NULL;
+ PKIX_UInt32 certIndex = 0;
+ PKIX_UInt32 anchorIndex = 0;
+ PKIX_UInt32 checkerIndex = 0;
+ PKIX_Boolean revChecking = PKIX_FALSE;
+ PKIX_List *checkers = NULL;
+ PRPollDesc *pollDesc = NULL;
+ PRErrorCode errorCode = 0;
+ PKIX_PL_Socket *socket = NULL;
+ char *ldapName = NULL;
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+
+ PKIX_List *loggers = NULL;
+ PKIX_Logger *logger = NULL;
+ char *logging = NULL;
+ PKIX_PL_String *component = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 5) {
+ printUsage();
+ return (0);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ startTests("ValidateChain_NB");
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
- testValid = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
- testValid = PKIX_FALSE;
- } else {
- printUsage();
- return (0);
- }
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- subTest(argv[1+j]);
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage();
+ return (0);
+ }
- dirName = argv[3+j];
+ subTest(argv[1 + j]);
- chainLength = argc - j - 5;
+ dirName = argv[3 + j];
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
+ chainLength = argc - j - 5;
- for (k = 0; k < chainLength; k++){
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
- dirCert = createCert(dirName, argv[5+k+j], plContext);
+ for (k = 0; k < chainLength; k++) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (chainCerts, (PKIX_PL_Object *)dirCert, plContext));
+ dirCert = createCert(dirName, argv[5 + k + j], plContext);
- PKIX_TEST_DECREF_BC(dirCert);
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext));
- valParams = createValidateParams
- (dirName,
- argv[4+j],
- NULL,
- NULL,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chainCerts,
- plContext);
-
- ldapName = PR_GetEnvSecure("LDAP");
- /* Is LDAP set in the environment? */
- if ((ldapName == NULL) || (*ldapName == '\0')) {
- testError("LDAP not set in environment");
- goto cleanup;
- }
+ PKIX_TEST_DECREF_BC(dirCert);
+ }
- pkixTestErrorResult = pkix_pl_Socket_CreateByName
- (PKIX_FALSE, /* isServer */
- PR_SecondsToInterval(30), /* try 30 secs for connect */
- ldapName,
- &errorCode,
- &socket,
- plContext);
-
- if (pkixTestErrorResult != NULL) {
- PKIX_PL_Object_DecRef
- ((PKIX_PL_Object *)pkixTestErrorResult, plContext);
- pkixTestErrorResult = NULL;
- testError("Unable to connect to LDAP Server");
- goto cleanup;
- }
+ valParams = createValidateParams(dirName,
+ argv[4 +
+ j],
+ NULL,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chainCerts,
+ plContext);
+
+ ldapName = PR_GetEnvSecure("LDAP");
+ /* Is LDAP set in the environment? */
+ if ((ldapName == NULL) || (*ldapName == '\0')) {
+ testError("LDAP not set in environment");
+ goto cleanup;
+ }
+
+ pkixTestErrorResult = pkix_pl_Socket_CreateByName(PKIX_FALSE, /* isServer */
+ PR_SecondsToInterval(30), /* try 30 secs for connect */
+ ldapName,
+ &errorCode,
+ &socket,
+ plContext);
- PKIX_TEST_DECREF_BC(socket);
+ if (pkixTestErrorResult != NULL) {
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixTestErrorResult, plContext);
+ pkixTestErrorResult = NULL;
+ testError("Unable to connect to LDAP Server");
+ goto cleanup;
+ }
- testSetupCertStore(valParams, ldapName);
+ PKIX_TEST_DECREF_BC(socket);
- logging = PR_GetEnvSecure("LOGGING");
- /* Is LOGGING set in the environment? */
- if ((logging != NULL) && (*logging != '\0')) {
+ testSetupCertStore(valParams, ldapName);
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_Create(&loggers, plContext));
+ logging = PR_GetEnvSecure("LOGGING");
+ /* Is LOGGING set in the environment? */
+ if ((logging != NULL) && (*logging != '\0')) {
- testLogErrors
- (PKIX_VALIDATE_ERROR, 2, loggers, plContext);
- testLogErrors
- (PKIX_CERTCHAINCHECKER_ERROR, 2, loggers, plContext);
- testLogErrors
- (PKIX_LDAPDEFAULTCLIENT_ERROR, 2, loggers, plContext);
- testLogErrors
- (PKIX_CERTSTORE_ERROR, 2, loggers, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&loggers, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggers, plContext));
+ testLogErrors(PKIX_VALIDATE_ERROR, 2, loggers, plContext);
+ testLogErrors(PKIX_CERTCHAINCHECKER_ERROR, 2, loggers, plContext);
+ testLogErrors(PKIX_LDAPDEFAULTCLIENT_ERROR, 2, loggers, plContext);
+ testLogErrors(PKIX_CERTSTORE_ERROR, 2, loggers, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggers, plContext));
+ }
+
+ pkixTestErrorResult = PKIX_ValidateChain_NB(valParams,
+ &certIndex,
+ &anchorIndex,
+ &checkerIndex,
+ &revChecking,
+ &checkers,
+ (void **)&pollDesc,
+ &valResult,
+ &verifyTree,
+ plContext);
+
+ while (pollDesc != NULL) {
+
+ if (PR_Poll(pollDesc, 1, 0) < 0) {
+ testError("PR_Poll failed");
}
- pkixTestErrorResult = PKIX_ValidateChain_NB
- (valParams,
- &certIndex,
- &anchorIndex,
- &checkerIndex,
- &revChecking,
- &checkers,
- (void **)&pollDesc,
- &valResult,
- &verifyTree,
- plContext);
-
- while (pollDesc != NULL) {
-
- if (PR_Poll(pollDesc, 1, 0) < 0) {
- testError("PR_Poll failed");
- }
-
- pkixTestErrorResult = PKIX_ValidateChain_NB
- (valParams,
- &certIndex,
- &anchorIndex,
- &checkerIndex,
- &revChecking,
- &checkers,
- (void **)&pollDesc,
- &valResult,
- &verifyTree,
- plContext);
+ pkixTestErrorResult = PKIX_ValidateChain_NB(valParams,
+ &certIndex,
+ &anchorIndex,
+ &checkerIndex,
+ &revChecking,
+ &checkers,
+ (void **)&pollDesc,
+ &valResult,
+ &verifyTree,
+ plContext);
+ }
+
+ if (pkixTestErrorResult) {
+ if (testValid == PKIX_FALSE) { /* EE */
+ (void)printf("EXPECTED ERROR RECEIVED!\n");
+ } else { /* ENE */
+ testError("UNEXPECTED ERROR RECEIVED");
}
+ PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+ } else {
- if (pkixTestErrorResult) {
- if (testValid == PKIX_FALSE) { /* EE */
- (void) printf("EXPECTED ERROR RECEIVED!\n");
- } else { /* ENE */
- testError("UNEXPECTED ERROR RECEIVED");
- }
- PKIX_TEST_DECREF_BC(pkixTestErrorResult);
- } else {
-
- if (testValid == PKIX_TRUE) { /* ENE */
- (void) printf("EXPECTED NON-ERROR RECEIVED!\n");
- } else { /* EE */
- (void) printf("UNEXPECTED NON-ERROR RECEIVED!\n");
- }
+ if (testValid == PKIX_TRUE) { /* ENE */
+ (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+ } else { /* EE */
+ (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
}
+ }
cleanup:
- if (verifyTree) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
- (void) printf("verifyTree is\n%s\n",
- verifyString->escAsciiString);
- }
+ if (verifyTree) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+ (void)printf("verifyTree is\n%s\n",
+ verifyString->escAsciiString);
+ }
- PKIX_TEST_DECREF_AC(verifyString);
- PKIX_TEST_DECREF_AC(verifyTree);
- PKIX_TEST_DECREF_AC(checkers);
- PKIX_TEST_DECREF_AC(chainCerts);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(verifyString);
+ PKIX_TEST_DECREF_AC(verifyTree);
+ PKIX_TEST_DECREF_AC(checkers);
+ PKIX_TEST_DECREF_AC(chainCerts);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("ValidateChain_NB");
+ endTests("ValidateChain_NB");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/top/test_validatechain_bc.c b/cmd/libpkix/pkix/top/test_validatechain_bc.c
index cbbfd73a3..480ec2643 100644
--- a/cmd/libpkix/pkix/top/test_validatechain_bc.c
+++ b/cmd/libpkix/pkix/top/test_validatechain_bc.c
@@ -34,223 +34,200 @@
static void *plContext = NULL;
-static
-void printUsage(void){
- printf("\nUSAGE: incorrect.\n");
+static void
+printUsage(void)
+{
+ printf("\nUSAGE: incorrect.\n");
}
static PKIX_PL_Cert *
createCert(char *inFileName)
{
- PKIX_PL_ByteArray *byteArray = NULL;
- void *buf = NULL;
- PRFileDesc *inFile = NULL;
- PKIX_UInt32 len;
- SECItem certDER;
- SECStatus rv;
- /* default: NULL cert (failure case) */
- PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_ByteArray *byteArray = NULL;
+ void *buf = NULL;
+ PRFileDesc *inFile = NULL;
+ PKIX_UInt32 len;
+ SECItem certDER;
+ SECStatus rv;
+ /* default: NULL cert (failure case) */
+ PKIX_PL_Cert *cert = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ certDER.data = NULL;
+
+ inFile = PR_Open(inFileName, PR_RDONLY, 0);
- PKIX_TEST_STD_VARS();
+ if (!inFile) {
+ pkixTestErrorMsg = "Unable to open cert file";
+ goto cleanup;
+ } else {
+ rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
+ if (!rv) {
+ buf = (void *)certDER.data;
+ len = certDER.len;
- certDER.data = NULL;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext));
- inFile = PR_Open(inFileName, PR_RDONLY, 0);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext));
- if (!inFile){
- pkixTestErrorMsg = "Unable to open cert file";
- goto cleanup;
+ SECITEM_FreeItem(&certDER, PR_FALSE);
} else {
- rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
- if (!rv){
- buf = (void *)certDER.data;
- len = certDER.len;
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_ByteArray_Create
- (buf, len, &byteArray, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create
- (byteArray, &cert, plContext));
-
- SECITEM_FreeItem(&certDER, PR_FALSE);
- } else {
- pkixTestErrorMsg = "Unable to read DER from cert file";
- goto cleanup;
- }
+ pkixTestErrorMsg = "Unable to read DER from cert file";
+ goto cleanup;
}
+ }
cleanup:
- if (inFile){
- PR_Close(inFile);
- }
+ if (inFile) {
+ PR_Close(inFile);
+ }
- if (PKIX_TEST_ERROR_RECEIVED){
- SECITEM_FreeItem(&certDER, PR_FALSE);
- }
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ SECITEM_FreeItem(&certDER, PR_FALSE);
+ }
- PKIX_TEST_DECREF_AC(byteArray);
+ PKIX_TEST_DECREF_AC(byteArray);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (cert);
+ return (cert);
}
-int test_validatechain_bc(int argc, char *argv[])
+int
+test_validatechain_bc(int argc, char *argv[])
{
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_List *anchors = NULL;
- PKIX_List *certs = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_PL_X500Name *subject = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
-
- char *trustedCertFile = NULL;
- char *chainCertFile = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_PL_Cert *chainCert = NULL;
- PKIX_UInt32 chainLength = 0;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 j = 0;
- PKIX_UInt32 actualMinorVersion;
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 3){
- printUsage();
- return (0);
- }
-
- startTests("ValidateChainBasicConstraints");
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_List *anchors = NULL;
+ PKIX_List *certs = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_PL_X500Name *subject = NULL;
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+
+ char *trustedCertFile = NULL;
+ char *chainCertFile = NULL;
+ PKIX_PL_Cert *trustedCert = NULL;
+ PKIX_PL_Cert *chainCert = NULL;
+ PKIX_UInt32 chainLength = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 3) {
+ printUsage();
+ return (0);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ startTests("ValidateChainBasicConstraints");
- chainLength = (argc - j) - 2;
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- /* create processing params with list of trust anchors */
- trustedCertFile = argv[1+j];
- trustedCert = createCert(trustedCertFile);
+ chainLength = (argc - j) - 2;
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext));
+ /* create processing params with list of trust anchors */
+ trustedCertFile = argv[1 + j];
+ trustedCert = createCert(trustedCertFile);
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints
- (certSelParams, -1, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(certSelParams, -1, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_DECREF_BC(subject);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
- (trustedCert, &anchor, plContext));
+ PKIX_TEST_DECREF_BC(subject);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (anchors, (PKIX_PL_Object *)anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
- (anchors, &procParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_FALSE, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
- PKIX_TEST_DECREF_BC(certSelector);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
- /* create cert chain */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));
- for (i = 0; i < chainLength; i++){
- chainCertFile = argv[i + (2+j)];
- chainCert = createCert(chainCertFile);
+ PKIX_TEST_DECREF_BC(certSelector);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (certs, (PKIX_PL_Object *)chainCert, plContext));
+ /* create cert chain */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));
+ for (i = 0; i < chainLength; i++) {
+ chainCertFile = argv[i + (2 + j)];
+ chainCert = createCert(chainCertFile);
- PKIX_TEST_DECREF_BC(chainCert);
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs, (PKIX_PL_Object *)chainCert, plContext));
- /* create validate params with processing params and cert chain */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create
- (procParams, certs, &valParams, plContext));
+ PKIX_TEST_DECREF_BC(chainCert);
+ }
+ /* create validate params with processing params and cert chain */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, certs, &valParams, plContext));
- /* validate cert chain using processing params and return valResult */
+ /* validate cert chain using processing params and return valResult */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
- if (valResult != NULL){
- printf("SUCCESSFULLY VALIDATED with Basic Constraint ");
- printf("Cert Selector minimum path length to be -1\n");
- PKIX_TEST_DECREF_BC(valResult);
- }
+ if (valResult != NULL) {
+ printf("SUCCESSFULLY VALIDATED with Basic Constraint ");
+ printf("Cert Selector minimum path length to be -1\n");
+ PKIX_TEST_DECREF_BC(valResult);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
- (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
- PKIX_TEST_DECREF_BC(verifyString);
- PKIX_TEST_DECREF_BC(verifyTree);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+ (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+ PKIX_TEST_DECREF_BC(verifyString);
+ PKIX_TEST_DECREF_BC(verifyTree);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints
- (certSelParams, 6, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(certSelParams, 6, plContext));
- /* validate cert chain using processing params and return valResult */
+ /* validate cert chain using processing params and return valResult */
- PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
- (valParams, &valResult, &verifyTree, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
- if (valResult != NULL){
- printf("SUCCESSFULLY VALIDATED with Basic Constraint ");
- printf("Cert Selector minimum path length to be 6\n");
- }
+ if (valResult != NULL) {
+ printf("SUCCESSFULLY VALIDATED with Basic Constraint ");
+ printf("Cert Selector minimum path length to be 6\n");
+ }
- PKIX_TEST_DECREF_BC(trustedCert);
- PKIX_TEST_DECREF_BC(anchor);
- PKIX_TEST_DECREF_BC(anchors);
- PKIX_TEST_DECREF_BC(certs);
- PKIX_TEST_DECREF_BC(procParams);
+ PKIX_TEST_DECREF_BC(trustedCert);
+ PKIX_TEST_DECREF_BC(anchor);
+ PKIX_TEST_DECREF_BC(anchors);
+ PKIX_TEST_DECREF_BC(certs);
+ PKIX_TEST_DECREF_BC(procParams);
cleanup:
- if (PKIX_TEST_ERROR_RECEIVED){
- printf("FAILED TO VALIDATE\n");
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
- (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
- PKIX_TEST_DECREF_AC(verifyString);
- PKIX_TEST_DECREF_AC(verifyTree);
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ printf("FAILED TO VALIDATE\n");
+ }
- PKIX_TEST_DECREF_AC(certSelParams);
- PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+ (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+ PKIX_TEST_DECREF_AC(verifyString);
+ PKIX_TEST_DECREF_AC(verifyTree);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(certSelParams);
+ PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(valParams);
- PKIX_Shutdown(plContext);
+ PKIX_TEST_RETURN();
- endTests("ValidateChainBasicConstraints");
+ PKIX_Shutdown(plContext);
- return (0);
+ endTests("ValidateChainBasicConstraints");
+ return (0);
}
diff --git a/cmd/libpkix/pkix/util/test_error.c b/cmd/libpkix/pkix/util/test_error.c
index e35cf0f91..9cddecc82 100644
--- a/cmd/libpkix/pkix/util/test_error.c
+++ b/cmd/libpkix/pkix/util/test_error.c
@@ -13,405 +13,373 @@
static void *plContext = NULL;
-static
-void createErrors(
- PKIX_Error **error,
- PKIX_Error **error2,
- PKIX_Error **error3,
- PKIX_Error **error5,
- PKIX_Error **error6,
- PKIX_Error **error7,
- char *infoChar)
+static void
+createErrors(
+ PKIX_Error **error,
+ PKIX_Error **error2,
+ PKIX_Error **error3,
+ PKIX_Error **error5,
+ PKIX_Error **error6,
+ PKIX_Error **error7,
+ char *infoChar)
{
- PKIX_PL_String *infoString = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- infoChar,
- PL_strlen(infoChar),
- &infoString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
- (PKIX_MEM_ERROR,
- NULL,
- NULL,
- PKIX_TESTANOTHERERRORMESSAGE,
- error2,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
- (PKIX_OBJECT_ERROR,
- *error2,
- (PKIX_PL_Object*)infoString,
- PKIX_TESTERRORMESSAGE,
- error,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
- (PKIX_OBJECT_ERROR,
- *error2,
- (PKIX_PL_Object*)infoString,
- PKIX_TESTERRORMESSAGE,
- error3,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
- (PKIX_OBJECT_ERROR,
- NULL,
- (PKIX_PL_Object*)infoString,
- 0,
- error5,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
- (PKIX_MEM_ERROR,
- *error5,
- (PKIX_PL_Object*)infoString,
- 0,
- error6,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create
- (PKIX_OBJECT_ERROR,
- *error6,
- (PKIX_PL_Object*)infoString,
- 0,
- error7,
- plContext));
+ PKIX_PL_String *infoString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ infoChar,
+ PL_strlen(infoChar),
+ &infoString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_MEM_ERROR,
+ NULL,
+ NULL,
+ PKIX_TESTANOTHERERRORMESSAGE,
+ error2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR,
+ *error2,
+ (PKIX_PL_Object *)infoString,
+ PKIX_TESTERRORMESSAGE,
+ error,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR,
+ *error2,
+ (PKIX_PL_Object *)infoString,
+ PKIX_TESTERRORMESSAGE,
+ error3,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR,
+ NULL,
+ (PKIX_PL_Object *)infoString,
+ 0,
+ error5,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_MEM_ERROR,
+ *error5,
+ (PKIX_PL_Object *)infoString,
+ 0,
+ error6,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR,
+ *error6,
+ (PKIX_PL_Object *)infoString,
+ 0,
+ error7,
+ plContext));
cleanup:
- PKIX_TEST_DECREF_AC(infoString);
+ PKIX_TEST_DECREF_AC(infoString);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetErrorClass(PKIX_Error *error, PKIX_Error *error2)
+static void
+testGetErrorClass(PKIX_Error *error, PKIX_Error *error2)
{
- PKIX_ERRORCLASS errClass;
+ PKIX_ERRORCLASS errClass;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_Error_GetErrorClass(error, &errClass, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(error, &errClass, plContext));
- if (errClass != PKIX_OBJECT_ERROR) {
- testError("Incorrect Class Returned");
- }
+ if (errClass != PKIX_OBJECT_ERROR) {
+ testError("Incorrect Class Returned");
+ }
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_Error_GetErrorClass(error2, &errClass, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(error2, &errClass, plContext));
- if (errClass != PKIX_MEM_ERROR) {
- testError("Incorrect Class Returned");
- }
+ if (errClass != PKIX_MEM_ERROR) {
+ testError("Incorrect Class Returned");
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(PKIX_ALLOC_ERROR(),
- &errClass, plContext));
- if (errClass != PKIX_FATAL_ERROR) {
- testError("Incorrect Class Returned");
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(PKIX_ALLOC_ERROR(),
+ &errClass, plContext));
+ if (errClass != PKIX_FATAL_ERROR) {
+ testError("Incorrect Class Returned");
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetDescription(
- PKIX_Error *error,
- PKIX_Error *error2,
- PKIX_Error *error3,
- char *descChar,
- char *descChar2)
+static void
+testGetDescription(
+ PKIX_Error *error,
+ PKIX_Error *error2,
+ PKIX_Error *error3,
+ char *descChar,
+ char *descChar2)
{
- PKIX_PL_String *targetString = NULL;
- char *temp = NULL;
+ PKIX_PL_String *targetString = NULL;
+ char *temp = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription
- (error, &targetString, plContext));
- temp = PKIX_String2ASCII(targetString, plContext);
- PKIX_TEST_DECREF_BC(targetString);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error, &targetString, plContext));
+ temp = PKIX_String2ASCII(targetString, plContext);
+ PKIX_TEST_DECREF_BC(targetString);
- if (temp){
- if (PL_strcmp(temp, descChar) != 0) {
- testError("Incorrect description returned");
- }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ if (temp) {
+ if (PL_strcmp(temp, descChar) != 0) {
+ testError("Incorrect description returned");
}
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error2, &targetString, plContext));
+ temp = PKIX_String2ASCII(targetString, plContext);
+ PKIX_TEST_DECREF_BC(targetString);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription
- (error2, &targetString, plContext));
- temp = PKIX_String2ASCII(targetString, plContext);
- PKIX_TEST_DECREF_BC(targetString);
-
- if (temp){
- if (PL_strcmp(temp, descChar2) != 0) {
- testError("Incorrect description returned");
- }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ if (temp) {
+ if (PL_strcmp(temp, descChar2) != 0) {
+ testError("Incorrect description returned");
}
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error3, &targetString, plContext));
+ temp = PKIX_String2ASCII(targetString, plContext);
+ PKIX_TEST_DECREF_BC(targetString);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription
- (error3, &targetString, plContext));
- temp = PKIX_String2ASCII(targetString, plContext);
- PKIX_TEST_DECREF_BC(targetString);
-
- if (temp){
- if (PL_strcmp(temp, descChar) != 0) {
- testError("Incorrect description returned");
- }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ if (temp) {
+ if (PL_strcmp(temp, descChar) != 0) {
+ testError("Incorrect description returned");
}
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetCause(PKIX_Error *error, PKIX_Error *error2, PKIX_Error *error3)
+static void
+testGetCause(PKIX_Error *error, PKIX_Error *error2, PKIX_Error *error3)
{
- PKIX_Error *error4 = NULL;
- PKIX_PL_String *targetString = NULL;
- char *temp = NULL;
- PKIX_Boolean boolResult;
+ PKIX_Error *error4 = NULL;
+ PKIX_PL_String *targetString = NULL;
+ char *temp = NULL;
+ PKIX_Boolean boolResult;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_Error_GetCause(error, &error4, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(error, &error4, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object*)error2,
- (PKIX_PL_Object*)error4,
- &boolResult, plContext));
- if (!boolResult)
- testError("Incorrect Cause returned");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)error2,
+ (PKIX_PL_Object *)error4,
+ &boolResult, plContext));
+ if (!boolResult)
+ testError("Incorrect Cause returned");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString((PKIX_PL_Object*)error4,
- &targetString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)error4,
+ &targetString, plContext));
- temp = PKIX_String2ASCII(targetString, plContext);
- if (temp){
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
+ temp = PKIX_String2ASCII(targetString, plContext);
+ if (temp) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
- PKIX_TEST_DECREF_BC(targetString);
- PKIX_TEST_DECREF_BC(error4);
+ PKIX_TEST_DECREF_BC(targetString);
+ PKIX_TEST_DECREF_BC(error4);
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_Error_GetCause(error3, &error4, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object*)error2,
- (PKIX_PL_Object*)error4,
- &boolResult, plContext));
- if (!boolResult)
- testError("Incorrect Cause returned");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(error3, &error4, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)error2,
+ (PKIX_PL_Object *)error4,
+ &boolResult, plContext));
+ if (!boolResult)
+ testError("Incorrect Cause returned");
- PKIX_TEST_DECREF_BC(error4);
+ PKIX_TEST_DECREF_BC(error4);
cleanup:
- PKIX_TEST_RETURN();
-
-
+ PKIX_TEST_RETURN();
}
-static
-void testGetSupplementaryInfo(PKIX_Error *error, char *infoChar)
+static void
+testGetSupplementaryInfo(PKIX_Error *error, char *infoChar)
{
- PKIX_PL_Object *targetString = NULL;
- char *temp = NULL;
+ PKIX_PL_Object *targetString = NULL;
+ char *temp = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetSupplementaryInfo
- (error, &targetString, plContext));
- temp = PKIX_String2ASCII((PKIX_PL_String*)targetString, plContext);
- PKIX_TEST_DECREF_BC(targetString);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetSupplementaryInfo(error, &targetString, plContext));
+ temp = PKIX_String2ASCII((PKIX_PL_String *)targetString, plContext);
+ PKIX_TEST_DECREF_BC(targetString);
- if (temp){
- if (PL_strcmp(temp, infoChar) != 0) {
- testError("Incorrect info returned");
- }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ if (temp) {
+ if (PL_strcmp(temp, infoChar) != 0) {
+ testError("Incorrect info returned");
}
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
cleanup:
- PKIX_TEST_RETURN();
-
-
+ PKIX_TEST_RETURN();
}
static void
testPrimitiveError(void)
{
- PKIX_PL_String *targetString = NULL;
- PKIX_PL_String *targetStringCopy = NULL;
- char *temp = NULL;
+ PKIX_PL_String *targetString = NULL;
+ PKIX_PL_String *targetStringCopy = NULL;
+ char *temp = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)PKIX_ALLOC_ERROR(),
- &targetString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)PKIX_ALLOC_ERROR(),
+ &targetString, plContext));
- temp = PKIX_String2ASCII(targetString, plContext);
- if (temp){
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
+ temp = PKIX_String2ASCII(targetString, plContext);
+ if (temp) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
- targetStringCopy = targetString;
+ targetStringCopy = targetString;
- PKIX_TEST_DECREF_BC(targetString);
+ PKIX_TEST_DECREF_BC(targetString);
- /*
+ /*
* We need to DECREF twice, b/c the PKIX_ALLOC_ERROR object
* which holds a cached copy of the stringRep can never be DECREF'd
*/
- PKIX_TEST_DECREF_BC(targetStringCopy);
+ PKIX_TEST_DECREF_BC(targetStringCopy);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testChaining(PKIX_Error *error7)
{
- PKIX_PL_String *targetString = NULL;
- PKIX_Error *tempError = NULL;
- char *temp = NULL;
- PKIX_UInt32 i;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString((PKIX_PL_Object*)error7,
- &targetString, plContext));
-
- temp = PKIX_String2ASCII(targetString, plContext);
- if (temp){
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
-
-
- for (i = 0, tempError = error7; i < 2; i++) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_Error_GetCause(tempError, &tempError, plContext));
- if (tempError == NULL) {
- testError("Unexpected end to error chain");
- break;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_DecRef
- ((PKIX_PL_Object*)tempError, plContext));
+ PKIX_PL_String *targetString = NULL;
+ PKIX_Error *tempError = NULL;
+ char *temp = NULL;
+ PKIX_UInt32 i;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)error7,
+ &targetString, plContext));
+
+ temp = PKIX_String2ASCII(targetString, plContext);
+ if (temp) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+
+ for (i = 0, tempError = error7; i < 2; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(tempError, &tempError, plContext));
+ if (tempError == NULL) {
+ testError("Unexpected end to error chain");
+ break;
}
- PKIX_TEST_DECREF_BC(targetString);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_DecRef((PKIX_PL_Object *)tempError, plContext));
+ }
+ PKIX_TEST_DECREF_BC(targetString);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testDestroy(PKIX_Error *error)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(error);
+ PKIX_TEST_DECREF_BC(error);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_error(int argc, char *argv[])
+int
+test_error(int argc, char *argv[])
{
- PKIX_Error *error, *error2, *error3, *error5, *error6, *error7;
- char *descChar = "Error Message";
- char *descChar2 = "Another Error Message";
- char *infoChar = "Auxiliary Info";
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ PKIX_Error *error, *error2, *error3, *error5, *error6, *error7;
+ char *descChar = "Error Message";
+ char *descChar2 = "Another Error Message";
+ char *infoChar = "Auxiliary Info";
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("Errors");
+ startTests("Errors");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- subTest("PKIX_Error_Create");
- createErrors
- (&error,
- &error2,
- &error3,
- &error5,
- &error6,
- &error7,
- infoChar);
+ subTest("PKIX_Error_Create");
+ createErrors(&error,
+ &error2,
+ &error3,
+ &error5,
+ &error6,
+ &error7,
+ infoChar);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (error,
- error,
- error2,
- NULL,
- Error,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(error,
+ error,
+ error2,
+ NULL,
+ Error,
+ PKIX_TRUE);
- subTest("PKIX_Error_GetErrorClass");
- testGetErrorClass(error, error2);
+ subTest("PKIX_Error_GetErrorClass");
+ testGetErrorClass(error, error2);
- subTest("PKIX_Error_GetDescription");
- testGetDescription(error, error2, error3, descChar, descChar2);
+ subTest("PKIX_Error_GetDescription");
+ testGetDescription(error, error2, error3, descChar, descChar2);
- subTest("PKIX_Error_GetCause");
- testGetCause(error, error2, error3);
+ subTest("PKIX_Error_GetCause");
+ testGetCause(error, error2, error3);
- subTest("PKIX_Error_GetSupplementaryInfo");
- testGetSupplementaryInfo(error, infoChar);
+ subTest("PKIX_Error_GetSupplementaryInfo");
+ testGetSupplementaryInfo(error, infoChar);
- subTest("Primitive Error Type");
- testPrimitiveError();
+ subTest("Primitive Error Type");
+ testPrimitiveError();
- subTest("Error Chaining");
- testChaining(error7);
+ subTest("Error Chaining");
+ testChaining(error7);
- subTest("PKIX_Error_Destroy");
- testDestroy(error);
- testDestroy(error2);
- testDestroy(error3);
- testDestroy(error5);
- testDestroy(error6);
- testDestroy(error7);
+ subTest("PKIX_Error_Destroy");
+ testDestroy(error);
+ testDestroy(error2);
+ testDestroy(error3);
+ testDestroy(error5);
+ testDestroy(error6);
+ testDestroy(error7);
cleanup:
- PKIX_Shutdown(plContext);
-
- PKIX_TEST_RETURN();
+ PKIX_Shutdown(plContext);
- endTests("Errors");
+ PKIX_TEST_RETURN();
- return (0);
+ endTests("Errors");
+ return (0);
}
diff --git a/cmd/libpkix/pkix/util/test_list.c b/cmd/libpkix/pkix/util/test_list.c
index 4ef0490b7..e5e6e507b 100644
--- a/cmd/libpkix/pkix/util/test_list.c
+++ b/cmd/libpkix/pkix/util/test_list.c
@@ -16,612 +16,546 @@ static void *plContext = NULL;
static void
createLists(PKIX_List **list, PKIX_List **list2)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(list, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(list2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(list, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(list2, plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testReverseList(void)
{
- PKIX_List *firstList = NULL;
- PKIX_List *reverseList = NULL;
- PKIX_UInt32 length, i;
- char *testItemString = "one";
- char *testItemString2 = "two";
- PKIX_PL_String *testItem = NULL;
- PKIX_PL_String *testItem2 = NULL;
- PKIX_PL_Object *retrievedItem1 = NULL;
- PKIX_PL_Object *retrievedItem2 = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&firstList, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList
- (firstList, &reverseList, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (reverseList, &length, plContext));
- if (length != 0){
- testError("Incorrect Length returned");
- }
-
- PKIX_TEST_DECREF_BC(reverseList);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- testItemString,
- 0,
- &testItem,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- testItemString2,
- 0,
- &testItem2,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (firstList,
- (PKIX_PL_Object*)testItem,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList
- (firstList, &reverseList, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (reverseList, &length, plContext));
- if (length != 1){
- testError("Incorrect Length returned");
- }
-
- PKIX_TEST_DECREF_BC(reverseList);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (firstList,
- (PKIX_PL_Object*)testItem2,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (firstList,
- (PKIX_PL_Object*)testItem,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (firstList,
- (PKIX_PL_Object*)testItem2,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList
- (firstList, &reverseList, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (reverseList, &length, plContext));
- if (length != 4){
- testError("Incorrect Length returned");
- }
-
- for (i = 0; i < length; i++){
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (firstList,
- i,
- &retrievedItem1,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (reverseList,
- (length - 1) - i,
- &retrievedItem2,
- plContext));
-
- testEqualsHelper
- (retrievedItem1, retrievedItem2, PKIX_TRUE, plContext);
-
- PKIX_TEST_DECREF_BC(retrievedItem1);
- PKIX_TEST_DECREF_BC(retrievedItem2);
-
- }
+ PKIX_List *firstList = NULL;
+ PKIX_List *reverseList = NULL;
+ PKIX_UInt32 length, i;
+ char *testItemString = "one";
+ char *testItemString2 = "two";
+ PKIX_PL_String *testItem = NULL;
+ PKIX_PL_String *testItem2 = NULL;
+ PKIX_PL_Object *retrievedItem1 = NULL;
+ PKIX_PL_Object *retrievedItem2 = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&firstList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext));
+ if (length != 0) {
+ testError("Incorrect Length returned");
+ }
+
+ PKIX_TEST_DECREF_BC(reverseList);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ testItemString,
+ 0,
+ &testItem,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ testItemString2,
+ 0,
+ &testItem2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList,
+ (PKIX_PL_Object *)testItem,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext));
+ if (length != 1) {
+ testError("Incorrect Length returned");
+ }
+
+ PKIX_TEST_DECREF_BC(reverseList);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList,
+ (PKIX_PL_Object *)testItem2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList,
+ (PKIX_PL_Object *)testItem,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList,
+ (PKIX_PL_Object *)testItem2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext));
+ if (length != 4) {
+ testError("Incorrect Length returned");
+ }
+
+ for (i = 0; i < length; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(firstList,
+ i,
+ &retrievedItem1,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(reverseList,
+ (length - 1) - i,
+ &retrievedItem2,
+ plContext));
+
+ testEqualsHelper(retrievedItem1, retrievedItem2, PKIX_TRUE, plContext);
+
+ PKIX_TEST_DECREF_BC(retrievedItem1);
+ PKIX_TEST_DECREF_BC(retrievedItem2);
+ }
cleanup:
- PKIX_TEST_DECREF_AC(firstList);
- PKIX_TEST_DECREF_AC(reverseList);
+ PKIX_TEST_DECREF_AC(firstList);
+ PKIX_TEST_DECREF_AC(reverseList);
- PKIX_TEST_DECREF_AC(testItem);
- PKIX_TEST_DECREF_AC(testItem2);
+ PKIX_TEST_DECREF_AC(testItem);
+ PKIX_TEST_DECREF_AC(testItem2);
- PKIX_TEST_DECREF_AC(retrievedItem1);
- PKIX_TEST_DECREF_AC(retrievedItem2);
+ PKIX_TEST_DECREF_AC(retrievedItem1);
+ PKIX_TEST_DECREF_AC(retrievedItem2);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testZeroLengthList(PKIX_List *list)
{
- PKIX_UInt32 length;
- PKIX_Boolean empty;
- char *testItemString = "hello";
- PKIX_PL_String *testItem = NULL;
- PKIX_PL_String *retrievedItem = NULL;
- PKIX_List *diffList = NULL;
+ PKIX_UInt32 length;
+ PKIX_Boolean empty;
+ char *testItemString = "hello";
+ PKIX_PL_String *testItem = NULL;
+ PKIX_PL_String *retrievedItem = NULL;
+ PKIX_List *diffList = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&diffList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&diffList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(list, &length, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length, plContext));
- if (length != 0){
- testError("Incorrect Length returned");
- }
+ if (length != 0) {
+ testError("Incorrect Length returned");
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(list, &empty, plContext));
- if (!empty){
- testError("Incorrect result for PKIX_List_IsEmpty");
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(list, &empty, plContext));
+ if (!empty) {
+ testError("Incorrect result for PKIX_List_IsEmpty");
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- testItemString,
- 0,
- &testItem,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ testItemString,
+ 0,
+ &testItem,
+ plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem
- (list, 0, (PKIX_PL_Object *)testItem, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(list, 0, (PKIX_PL_Object *)testItem, plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem
- (list, 0, (PKIX_PL_Object *)testItem, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)testItem, plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem
- (list,
- 0,
- (PKIX_PL_Object **)&retrievedItem,
- plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list,
+ 0,
+ (PKIX_PL_Object **)&retrievedItem,
+ plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 0, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 0, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (diffList,
- (PKIX_PL_Object*)testItem,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(diffList,
+ (PKIX_PL_Object *)testItem,
+ plContext));
- testDuplicateHelper((PKIX_PL_Object *)diffList, plContext);
+ testDuplicateHelper((PKIX_PL_Object *)diffList, plContext);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (list, list, diffList, "(EMPTY)", List, PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(list, list, diffList, "(EMPTY)", List, PKIX_TRUE);
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(diffList, &length, plContext));
- if (length != 1){
- testError("Incorrect Length returned");
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(diffList, &length, plContext));
+ if (length != 1) {
+ testError("Incorrect Length returned");
+ }
- PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 1, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 1, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_DeleteItem(diffList, 0, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(diffList, 0, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(diffList, &length, plContext));
- if (length != 0){
- testError("Incorrect Length returned");
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(diffList, &length, plContext));
+ if (length != 0) {
+ testError("Incorrect Length returned");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(testItem);
- PKIX_TEST_DECREF_AC(diffList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(testItem);
+ PKIX_TEST_DECREF_AC(diffList);
+ PKIX_TEST_RETURN();
}
static void
testGetLength(PKIX_List *list)
{
- PKIX_UInt32 length;
- PKIX_TEST_STD_VARS();
+ PKIX_UInt32 length;
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(list, &length, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length, plContext));
- if (length != 3){
- testError("Incorrect Length returned");
- }
+ if (length != 3) {
+ testError("Incorrect Length returned");
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testGetSetItem(
- PKIX_List *list,
- char *testItemString,
- char *testItemString2,
- char *testItemString3,
- PKIX_PL_String **testItem,
- PKIX_PL_String **testItem2,
- PKIX_PL_String **testItem3)
+ PKIX_List *list,
+ char *testItemString,
+ char *testItemString2,
+ char *testItemString3,
+ PKIX_PL_String **testItem,
+ PKIX_PL_String **testItem2,
+ PKIX_PL_String **testItem3)
{
- PKIX_PL_Object *tempItem = NULL;
- char *temp = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- testItemString,
- PL_strlen(testItemString),
- testItem,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- testItemString2,
- PL_strlen(testItemString2),
- testItem2,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- testItemString3,
- PL_strlen(testItemString3),
- testItem3,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (list, (PKIX_PL_Object*)*testItem, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (list, (PKIX_PL_Object*)*testItem, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (list, (PKIX_PL_Object*)*testItem, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem
- (list, 0, (PKIX_PL_Object*)*testItem, plContext));
-
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem
- (list, 1, (PKIX_PL_Object*)*testItem2, plContext));
-
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem
- (list, 2, (PKIX_PL_Object*)*testItem3, plContext));
-
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem(list, 0, &tempItem, plContext));
-
- temp = PKIX_String2ASCII((PKIX_PL_String*)tempItem, plContext);
- if (temp){
- if (PL_strcmp(testItemString, temp) != 0)
- testError("GetItem from list is incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
-
- PKIX_TEST_DECREF_BC(tempItem);
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem(list, 1, &tempItem, plContext));
-
- temp = PKIX_String2ASCII((PKIX_PL_String*)tempItem, plContext);
- if (temp){
- if (PL_strcmp(testItemString2, temp) != 0)
- testError("GetItem from list is incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(tempItem);
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem(list, 2, &tempItem, plContext));
-
- temp = PKIX_String2ASCII((PKIX_PL_String*)tempItem, plContext);
- if (temp){
- if (PL_strcmp(testItemString3, temp) != 0)
- testError("GetItem from list is incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(tempItem);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem
- (list, 0, (PKIX_PL_Object*)*testItem3, plContext));
- temp = PKIX_String2ASCII(*testItem3, plContext);
- if (temp){
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem(list, 0, &tempItem, plContext));
-
- temp = PKIX_String2ASCII((PKIX_PL_String*)tempItem, plContext);
- if (temp){
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
-
- temp = PKIX_String2ASCII((PKIX_PL_String*)tempItem, plContext);
- if (temp){
- if (PL_strcmp(testItemString3, temp) != 0)
- testError("GetItem from list is incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(tempItem);
-
+ PKIX_PL_Object *tempItem = NULL;
+ char *temp = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ testItemString,
+ PL_strlen(testItemString),
+ testItem,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ testItemString2,
+ PL_strlen(testItemString2),
+ testItem2,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ testItemString3,
+ PL_strlen(testItemString3),
+ testItem3,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)*testItem, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 1, (PKIX_PL_Object *)*testItem2, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 2, (PKIX_PL_Object *)*testItem3, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext));
+
+ temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+ if (temp) {
+ if (PL_strcmp(testItemString, temp) != 0)
+ testError("GetItem from list is incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+
+ PKIX_TEST_DECREF_BC(tempItem);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 1, &tempItem, plContext));
+
+ temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+ if (temp) {
+ if (PL_strcmp(testItemString2, temp) != 0)
+ testError("GetItem from list is incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(tempItem);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 2, &tempItem, plContext));
+
+ temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+ if (temp) {
+ if (PL_strcmp(testItemString3, temp) != 0)
+ testError("GetItem from list is incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(tempItem);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)*testItem3, plContext));
+ temp = PKIX_String2ASCII(*testItem3, plContext);
+ if (temp) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext));
+
+ temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+ if (temp) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+
+ temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+ if (temp) {
+ if (PL_strcmp(testItemString3, temp) != 0)
+ testError("GetItem from list is incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(tempItem);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testInsertItem(
- PKIX_List *list,
- PKIX_PL_String *testItem,
- char *testItemString)
+ PKIX_List *list,
+ PKIX_PL_String *testItem,
+ char *testItemString)
{
- PKIX_PL_Object *tempItem = NULL;
- PKIX_PL_String *outputString = NULL;
- char *temp = NULL;
+ PKIX_PL_Object *tempItem = NULL;
+ PKIX_PL_String *outputString = NULL;
+ char *temp = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_InsertItem
- (list, 0, (PKIX_PL_Object*)testItem, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_InsertItem(list, 0, (PKIX_PL_Object *)testItem, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem(list, 0, &tempItem, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext));
- temp = PKIX_String2ASCII((PKIX_PL_String*)tempItem, plContext);
- if (temp){
- if (PL_strcmp(testItemString, temp) != 0)
- testError("GetItem from list is incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(tempItem);
+ temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+ if (temp) {
+ if (PL_strcmp(testItemString, temp) != 0)
+ testError("GetItem from list is incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(tempItem);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object*)list,
- &outputString,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+ &outputString,
+ plContext));
- temp = PKIX_String2ASCII(outputString, plContext);
- if (temp){
- if (PL_strcmp("(a, c, b, c)", temp) != 0)
- testError("List toString is Incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
+ temp = PKIX_String2ASCII(outputString, plContext);
+ if (temp) {
+ if (PL_strcmp("(a, c, b, c)", temp) != 0)
+ testError("List toString is Incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
- PKIX_TEST_DECREF_BC(outputString);
+ PKIX_TEST_DECREF_BC(outputString);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testAppendItem(PKIX_List *list, PKIX_PL_String *testItem)
{
- PKIX_UInt32 length2;
- PKIX_PL_String *outputString = NULL;
- char *temp = NULL;
+ PKIX_UInt32 length2;
+ PKIX_PL_String *outputString = NULL;
+ char *temp = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(list, &length2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list,
- (PKIX_PL_Object*)testItem,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object*)list,
- &outputString,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list,
+ (PKIX_PL_Object *)testItem,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+ &outputString,
+ plContext));
- temp = PKIX_String2ASCII(outputString, plContext);
- if (temp){
- if (PL_strcmp("(a, c, b, c, a)", temp) != 0)
- testError("List toString is Incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
+ temp = PKIX_String2ASCII(outputString, plContext);
+ if (temp) {
+ if (PL_strcmp("(a, c, b, c, a)", temp) != 0)
+ testError("List toString is Incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
- PKIX_TEST_DECREF_BC(outputString);
+ PKIX_TEST_DECREF_BC(outputString);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testNestedLists(
- PKIX_List *list,
- PKIX_List *list2,
- PKIX_PL_String *testItem,
- PKIX_PL_String *testItem2)
+ PKIX_List *list,
+ PKIX_List *list2,
+ PKIX_PL_String *testItem,
+ PKIX_PL_String *testItem2)
{
- PKIX_PL_String *outputString = NULL;
- char *temp = NULL;
-
- PKIX_TEST_STD_VARS();
+ PKIX_PL_String *outputString = NULL;
+ char *temp = NULL;
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (list2, (PKIX_PL_Object*)testItem, plContext));
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2,
- (PKIX_PL_Object*)NULL,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, (PKIX_PL_Object *)testItem, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2,
- (PKIX_PL_Object*)testItem,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2,
+ (PKIX_PL_Object *)NULL,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2,
+ (PKIX_PL_Object *)testItem,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString((PKIX_PL_Object*)list2,
- &outputString,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2,
+ &outputString,
+ plContext));
- temp = PKIX_String2ASCII(outputString, plContext);
- if (temp){
- if (PL_strcmp("(a, (null), a)", temp) != 0)
- testError("List toString is Incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(outputString);
+ temp = PKIX_String2ASCII(outputString, plContext);
+ if (temp) {
+ if (PL_strcmp("(a, (null), a)", temp) != 0)
+ testError("List toString is Incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(outputString);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_InsertItem(list, 1,
- (PKIX_PL_Object*)list2,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_InsertItem(list, 1,
+ (PKIX_PL_Object *)list2,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object*)list,
- &outputString,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+ &outputString,
+ plContext));
- temp = PKIX_String2ASCII(outputString, plContext);
- if (temp){
- if (PL_strcmp("(a, (a, (null), a), c, b, c, a)", temp) != 0)
- testError("List toString is Incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(outputString);
+ temp = PKIX_String2ASCII(outputString, plContext);
+ if (temp) {
+ if (PL_strcmp("(a, (a, (null), a), c, b, c, a)", temp) != 0)
+ testError("List toString is Incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(outputString);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testDeleteItem(
- PKIX_List *list,
- PKIX_List *list2,
- PKIX_PL_String *testItem2,
- PKIX_PL_String *testItem3)
+ PKIX_List *list,
+ PKIX_List *list2,
+ PKIX_PL_String *testItem2,
+ PKIX_PL_String *testItem3)
{
- PKIX_PL_String *outputString = NULL;
- char *temp = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 5, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)list,
- &outputString,
- plContext));
-
- temp = PKIX_String2ASCII(outputString, plContext);
- if (temp){
- if (PL_strcmp("(a, (a, (null), a), c, b, c)", temp) != 0)
- testError("List toString is Incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(outputString);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 1, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)list,
- &outputString,
- plContext));
-
- temp = PKIX_String2ASCII(outputString, plContext);
- if (temp){
- if (PL_strcmp("(a, c, b, c)", temp) != 0)
- testError("List toString is Incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(outputString);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 0, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object*)list,
- &outputString,
- plContext));
-
- temp = PKIX_String2ASCII(outputString, plContext);
- if (temp){
- if (PL_strcmp("(c, b, c)", temp) != 0)
- testError("List toString is Incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(outputString);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list2, 1, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString((PKIX_PL_Object*)list2,
- &outputString,
- plContext));
- temp = PKIX_String2ASCII(outputString, plContext);
- if (temp){
- if (PL_strcmp("(a, a)", temp) != 0)
- testError("List toString is Incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(outputString);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (list2,
- (PKIX_PL_Object*)testItem2,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString((PKIX_PL_Object*)list2,
- &outputString,
- plContext));
-
- temp = PKIX_String2ASCII(outputString, plContext);
- if (temp){
- if (PL_strcmp("(a, a, b)", temp) != 0)
- testError("List toString is Incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(outputString);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list2, 2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString((PKIX_PL_Object*)list2,
- &outputString,
- plContext));
-
- temp = PKIX_String2ASCII(outputString, plContext);
- if (temp){
- if (PL_strcmp("(a, a)", temp) != 0)
- testError("List toString is Incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(outputString);
-
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (list2,
- (PKIX_PL_Object*)testItem3,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_ToString((PKIX_PL_Object*)list2,
- &outputString,
- plContext));
- temp = PKIX_String2ASCII(outputString, plContext);
- if (temp){
- if (PL_strcmp("(a, a, c)", temp) != 0)
- testError("List toString is Incorrect");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(outputString);
-
-
- PKIX_TEST_DECREF_BC(list2);
+ PKIX_PL_String *outputString = NULL;
+ char *temp = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 5, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+ &outputString,
+ plContext));
+
+ temp = PKIX_String2ASCII(outputString, plContext);
+ if (temp) {
+ if (PL_strcmp("(a, (a, (null), a), c, b, c)", temp) != 0)
+ testError("List toString is Incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(outputString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 1, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+ &outputString,
+ plContext));
+
+ temp = PKIX_String2ASCII(outputString, plContext);
+ if (temp) {
+ if (PL_strcmp("(a, c, b, c)", temp) != 0)
+ testError("List toString is Incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(outputString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 0, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+ &outputString,
+ plContext));
+
+ temp = PKIX_String2ASCII(outputString, plContext);
+ if (temp) {
+ if (PL_strcmp("(c, b, c)", temp) != 0)
+ testError("List toString is Incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(outputString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list2, 1, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2,
+ &outputString,
+ plContext));
+ temp = PKIX_String2ASCII(outputString, plContext);
+ if (temp) {
+ if (PL_strcmp("(a, a)", temp) != 0)
+ testError("List toString is Incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(outputString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2,
+ (PKIX_PL_Object *)testItem2,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2,
+ &outputString,
+ plContext));
+
+ temp = PKIX_String2ASCII(outputString, plContext);
+ if (temp) {
+ if (PL_strcmp("(a, a, b)", temp) != 0)
+ testError("List toString is Incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(outputString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list2, 2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2,
+ &outputString,
+ plContext));
+
+ temp = PKIX_String2ASCII(outputString, plContext);
+ if (temp) {
+ if (PL_strcmp("(a, a)", temp) != 0)
+ testError("List toString is Incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(outputString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2,
+ (PKIX_PL_Object *)testItem3,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2,
+ &outputString,
+ plContext));
+ temp = PKIX_String2ASCII(outputString, plContext);
+ if (temp) {
+ if (PL_strcmp("(a, a, c)", temp) != 0)
+ testError("List toString is Incorrect");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(outputString);
+
+ PKIX_TEST_DECREF_BC(list2);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
#if testContainsFunction
@@ -630,216 +564,202 @@ static void
testContains(void)
{
- PKIX_List *list;
- PKIX_PL_String *testItem, *testItem2, *testItem3, *testItem4;
- char *testItemString = "a";
- char *testItemString2 = "b";
- char *testItemString3 = "c";
- char *testItemString4 = "d";
- PKIX_Boolean found = PKIX_FALSE;
-
- PKIX_TEST_STD_VARS();
- subTest("pkix_ListContains");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- testItemString,
- PL_strlen(testItemString),
- &testItem,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- testItemString2,
- PL_strlen(testItemString2),
- &testItem2,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- testItemString3,
- PL_strlen(testItemString3),
- &testItem3,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- testItemString4,
- PL_strlen(testItemString4),
- &testItem4,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (list, (PKIX_PL_Object*)testItem, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (list, (PKIX_PL_Object*)testItem2, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (list, (PKIX_PL_Object*)testItem3, plContext));
-
- subTest("pkix_List_Contains <object missing>");
-
- PKIX_TEST_EXPECT_NO_ERROR(pkix_List_Contains
- (list, (PKIX_PL_Object *)testItem4, &found, plContext));
-
- if (found){
- testError("Contains found item that wasn't there!");
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (list, (PKIX_PL_Object*)testItem4, plContext));
-
- subTest("pkix_List_Contains <object present>");
-
- PKIX_TEST_EXPECT_NO_ERROR(pkix_List_Contains
- (list, (PKIX_PL_Object *)testItem4, &found, plContext));
-
- if (!found){
- testError("Contains missed item that was present!");
- }
-
- PKIX_TEST_DECREF_BC(list);
- PKIX_TEST_DECREF_BC(testItem);
- PKIX_TEST_DECREF_BC(testItem2);
- PKIX_TEST_DECREF_BC(testItem3);
- PKIX_TEST_DECREF_BC(testItem4);
+ PKIX_List *list;
+ PKIX_PL_String *testItem, *testItem2, *testItem3, *testItem4;
+ char *testItemString = "a";
+ char *testItemString2 = "b";
+ char *testItemString3 = "c";
+ char *testItemString4 = "d";
+ PKIX_Boolean found = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+ subTest("pkix_ListContains");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ testItemString,
+ PL_strlen(testItemString),
+ &testItem,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ testItemString2,
+ PL_strlen(testItemString2),
+ &testItem2,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ testItemString3,
+ PL_strlen(testItemString3),
+ &testItem3,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ testItemString4,
+ PL_strlen(testItemString4),
+ &testItem4,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem2, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem3, plContext));
+
+ subTest("pkix_List_Contains <object missing>");
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_List_Contains(list, (PKIX_PL_Object *)testItem4, &found, plContext));
+
+ if (found) {
+ testError("Contains found item that wasn't there!");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem4, plContext));
+
+ subTest("pkix_List_Contains <object present>");
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_List_Contains(list, (PKIX_PL_Object *)testItem4, &found, plContext));
+
+ if (!found) {
+ testError("Contains missed item that was present!");
+ }
+
+ PKIX_TEST_DECREF_BC(list);
+ PKIX_TEST_DECREF_BC(testItem);
+ PKIX_TEST_DECREF_BC(testItem2);
+ PKIX_TEST_DECREF_BC(testItem3);
+ PKIX_TEST_DECREF_BC(testItem4);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
#endif
static void
testErrorHandling(void)
{
- PKIX_List *emptylist = NULL;
- PKIX_List *list = NULL;
- PKIX_PL_Object *tempItem = NULL;
+ PKIX_List *emptylist = NULL;
+ PKIX_List *list = NULL;
+ PKIX_PL_Object *tempItem = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
- PKIX_TEST_EXPECT_ERROR
- (PKIX_List_GetItem(list, 4, &tempItem, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list, 4, &tempItem, plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list, 1, NULL, plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(list, 4, tempItem, plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(NULL, 1, tempItem, plContext));
- PKIX_TEST_EXPECT_ERROR
- (PKIX_List_InsertItem(list, 4, tempItem, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list, 1, NULL, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(list, 4, tempItem, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(NULL, 1, tempItem, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(list, 4, tempItem, plContext));
- PKIX_TEST_EXPECT_ERROR
- (PKIX_List_InsertItem(NULL, 1, tempItem, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(NULL, 1, tempItem, plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_List_AppendItem(NULL, tempItem, plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 5, plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(NULL, 1, plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_List_GetLength(list, NULL, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_AppendItem(NULL, tempItem, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 5, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(NULL, 1, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_GetLength(list, NULL, plContext));
- PKIX_TEST_DECREF_BC(list);
- PKIX_TEST_DECREF_BC(emptylist);
+ PKIX_TEST_DECREF_BC(list);
+ PKIX_TEST_DECREF_BC(emptylist);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testDestroy(PKIX_List *list)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(list);
+ PKIX_TEST_DECREF_BC(list);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_list(int argc, char *argv[]) {
+int
+test_list(int argc, char *argv[])
+{
- PKIX_List *list, *list2;
- PKIX_PL_String *testItem, *testItem2, *testItem3;
- char *testItemString = "a";
- char *testItemString2 = "b";
- char *testItemString3 = "c";
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ PKIX_List *list, *list2;
+ PKIX_PL_String *testItem, *testItem2, *testItem3;
+ char *testItemString = "a";
+ char *testItemString2 = "b";
+ char *testItemString3 = "c";
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("Lists");
+ startTests("Lists");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- subTest("PKIX_List_Create");
- createLists(&list, &list2);
+ subTest("PKIX_List_Create");
+ createLists(&list, &list2);
- subTest("pkix_List_ReverseList");
- testReverseList();
+ subTest("pkix_List_ReverseList");
+ testReverseList();
- subTest("Zero-length List");
- testZeroLengthList(list);
+ subTest("Zero-length List");
+ testZeroLengthList(list);
- subTest("PKIX_List_Get/SetItem");
- testGetSetItem
- (list,
- testItemString,
- testItemString2,
- testItemString3,
- &testItem,
- &testItem2,
- &testItem3);
+ subTest("PKIX_List_Get/SetItem");
+ testGetSetItem(list,
+ testItemString,
+ testItemString2,
+ testItemString3,
+ &testItem,
+ &testItem2,
+ &testItem3);
- subTest("PKIX_List_GetLength");
- testGetLength(list);
+ subTest("PKIX_List_GetLength");
+ testGetLength(list);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (list,
- list,
- list2,
- "(c, b, c)",
- List,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(list,
+ list,
+ list2,
+ "(c, b, c)",
+ List,
+ PKIX_TRUE);
- subTest("PKIX_List_InsertItem");
- testInsertItem(list, testItem, testItemString);
+ subTest("PKIX_List_InsertItem");
+ testInsertItem(list, testItem, testItemString);
- subTest("PKIX_List_AppendItem");
- testAppendItem(list, testItem);
+ subTest("PKIX_List_AppendItem");
+ testAppendItem(list, testItem);
- subTest("Nested Lists");
- testNestedLists(list, list2, testItem, testItem2);
+ subTest("Nested Lists");
+ testNestedLists(list, list2, testItem, testItem2);
- subTest("PKIX_List_DeleteItem");
- testDeleteItem(list, list2, testItem2, testItem3);
+ subTest("PKIX_List_DeleteItem");
+ testDeleteItem(list, list2, testItem2, testItem3);
- PKIX_TEST_DECREF_BC(testItem);
- PKIX_TEST_DECREF_BC(testItem2);
- PKIX_TEST_DECREF_BC(testItem3);
+ PKIX_TEST_DECREF_BC(testItem);
+ PKIX_TEST_DECREF_BC(testItem2);
+ PKIX_TEST_DECREF_BC(testItem3);
#if testContainsFunction
-/* This test requires pkix_List_Contains to be in nss.def */
- testContains();
+ /* This test requires pkix_List_Contains to be in nss.def */
+ testContains();
#endif
- subTest("PKIX_List Error Handling");
- testErrorHandling();
+ subTest("PKIX_List Error Handling");
+ testErrorHandling();
- subTest("PKIX_List_Destroy");
- testDestroy(list);
+ subTest("PKIX_List_Destroy");
+ testDestroy(list);
cleanup:
- PKIX_Shutdown(plContext);
-
- PKIX_TEST_RETURN();
+ PKIX_Shutdown(plContext);
- endTests("Lists");
+ PKIX_TEST_RETURN();
- return (0);
+ endTests("Lists");
+ return (0);
}
diff --git a/cmd/libpkix/pkix/util/test_list2.c b/cmd/libpkix/pkix/util/test_list2.c
index d1ca87251..7e4114e52 100644
--- a/cmd/libpkix/pkix/util/test_list2.c
+++ b/cmd/libpkix/pkix/util/test_list2.c
@@ -13,109 +13,108 @@
static void *plContext = NULL;
-int test_list2(int argc, char *argv[]) {
-
- PKIX_List *list;
- char *temp;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 j = 0;
- PKIX_Int32 cmpResult;
- PKIX_PL_OID *testOID;
- PKIX_PL_String *testString;
- PKIX_PL_Object *obj, *obj2;
- PKIX_UInt32 size = 10;
- char *testOIDString[10] = {
- "2.9.999.1.20",
- "1.2.3.4.5.6.7",
- "0.1",
- "1.2.3.5",
- "0.39",
- "1.2.3.4.7",
- "1.2.3.4.6",
- "0.39.1",
- "1.2.3.4.5",
- "0.39.1.300"
- };
- PKIX_UInt32 actualMinorVersion;
-
- PKIX_TEST_STD_VARS();
-
- startTests("List Sorting");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- subTest("Creating Unsorted Lists");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
- for (i = 0; i < size; i++) {
- /* Create a new OID object */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(
- testOIDString[i],
- &testOID,
- plContext));
- /* Insert it into the list */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (list, (PKIX_PL_Object*)testOID, plContext));
- /* Decref the string object */
- PKIX_TEST_DECREF_BC(testOID);
+int
+test_list2(int argc, char *argv[])
+{
+
+ PKIX_List *list;
+ char *temp;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_Int32 cmpResult;
+ PKIX_PL_OID *testOID;
+ PKIX_PL_String *testString;
+ PKIX_PL_Object *obj, *obj2;
+ PKIX_UInt32 size = 10;
+ char *testOIDString[10] = {
+ "2.9.999.1.20",
+ "1.2.3.4.5.6.7",
+ "0.1",
+ "1.2.3.5",
+ "0.39",
+ "1.2.3.4.7",
+ "1.2.3.4.6",
+ "0.39.1",
+ "1.2.3.4.5",
+ "0.39.1.300"
+ };
+ PKIX_UInt32 actualMinorVersion;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("List Sorting");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("Creating Unsorted Lists");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
+ for (i = 0; i < size; i++) {
+ /* Create a new OID object */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(
+ testOIDString[i],
+ &testOID,
+ plContext));
+ /* Insert it into the list */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testOID, plContext));
+ /* Decref the string object */
+ PKIX_TEST_DECREF_BC(testOID);
+ }
+
+ subTest("Outputting Unsorted List");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+ &testString,
+ plContext));
+ temp = PKIX_String2ASCII(testString, plContext);
+ if (temp) {
+ (void)printf("%s \n", temp);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+ PKIX_TEST_DECREF_BC(testString);
+
+ subTest("Performing Bubble Sort");
+
+ for (i = 0; i < size; i++)
+ for (j = 9; j > i; j--) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j, &obj, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j -
+ 1,
+ &obj2, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj, obj2, &cmpResult, plContext));
+ if (cmpResult < 0) {
+ /* Exchange the items */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j, obj2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j -
+ 1,
+ obj, plContext));
+ }
+ /* DecRef objects */
+ PKIX_TEST_DECREF_BC(obj);
+ PKIX_TEST_DECREF_BC(obj2);
}
- subTest("Outputting Unsorted List");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object*)list,
- &testString,
- plContext));
- temp = PKIX_String2ASCII(testString, plContext);
- if (temp){
- (void) printf("%s \n", temp);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
- PKIX_TEST_DECREF_BC(testString);
-
- subTest("Performing Bubble Sort");
-
- for (i = 0; i < size; i++)
- for (j = 9; j > i; j--) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem(list, j, &obj, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (list, j-1, &obj2, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare
- (obj, obj2, &cmpResult, plContext));
- if (cmpResult < 0) {
- /* Exchange the items */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem
- (list, j, obj2, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem
- (list, j-1, obj, plContext));
- }
- /* DecRef objects */
- PKIX_TEST_DECREF_BC(obj);
- PKIX_TEST_DECREF_BC(obj2);
- }
-
- subTest("Outputting Sorted List");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object*)list,
- &testString,
- plContext));
- temp = PKIX_String2ASCII(testString, plContext);
- if (temp){
- (void) printf("%s \n", temp);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- }
+ subTest("Outputting Sorted List");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+ &testString,
+ plContext));
+ temp = PKIX_String2ASCII(testString, plContext);
+ if (temp) {
+ (void)printf("%s \n", temp);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
cleanup:
- PKIX_TEST_DECREF_AC(testString);
- PKIX_TEST_DECREF_AC(list);
+ PKIX_TEST_DECREF_AC(testString);
+ PKIX_TEST_DECREF_AC(list);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("List Sorting");
+ endTests("List Sorting");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix/util/test_logger.c b/cmd/libpkix/pkix/util/test_logger.c
index c1ce4f475..3b7e5160a 100644
--- a/cmd/libpkix/pkix/util/test_logger.c
+++ b/cmd/libpkix/pkix/util/test_logger.c
@@ -14,320 +14,301 @@
static void *plContext = NULL;
static char *levels[] = {
- "None",
- "Fatal Error",
- "Error",
- "Warning",
- "Debug",
- "Trace"
+ "None",
+ "Fatal Error",
+ "Error",
+ "Warning",
+ "Debug",
+ "Trace"
};
-static
-PKIX_Error *testLoggerCallback(
- PKIX_Logger *logger,
- PKIX_PL_String *message,
- PKIX_UInt32 logLevel,
- PKIX_ERRORCLASS logComponent,
- void *plContext)
+static PKIX_Error *
+testLoggerCallback(
+ PKIX_Logger *logger,
+ PKIX_PL_String *message,
+ PKIX_UInt32 logLevel,
+ PKIX_ERRORCLASS logComponent,
+ void *plContext)
{
- char *comp = NULL;
- char *msg = NULL;
- char result[100];
- static int callCount = 0;
+ char *comp = NULL;
+ char *msg = NULL;
+ char result[100];
+ static int callCount = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- msg = PKIX_String2ASCII(message, plContext);
- PR_snprintf(result, 100, "Logging %s (%s): %s",
+ msg = PKIX_String2ASCII(message, plContext);
+ PR_snprintf(result, 100, "Logging %s (%s): %s",
levels[logLevel], PKIX_ERRORCLASSNAMES[logComponent], msg);
- subTest(result);
+ subTest(result);
- callCount++;
- if (callCount > 1) {
- testError("Incorrect number of Logger Callback <expect 1>");
- }
+ callCount++;
+ if (callCount > 1) {
+ testError("Incorrect number of Logger Callback <expect 1>");
+ }
cleanup:
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext));
- PKIX_TEST_RETURN();
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext));
+ PKIX_TEST_RETURN();
}
-static
-PKIX_Error *testLoggerCallback2(
- PKIX_Logger *logger,
- PKIX_PL_String *message,
- PKIX_UInt32 logLevel,
- PKIX_ERRORCLASS logComponent,
- void *plContext)
+static PKIX_Error *
+testLoggerCallback2(
+ PKIX_Logger *logger,
+ PKIX_PL_String *message,
+ PKIX_UInt32 logLevel,
+ PKIX_ERRORCLASS logComponent,
+ void *plContext)
{
- char *comp = NULL;
- char *msg = NULL;
- char result[100];
+ char *comp = NULL;
+ char *msg = NULL;
+ char result[100];
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- msg = PKIX_String2ASCII(message, plContext);
- PR_snprintf(result, 100, "Logging %s (%s): %s",
+ msg = PKIX_String2ASCII(message, plContext);
+ PR_snprintf(result, 100, "Logging %s (%s): %s",
levels[logLevel], PKIX_ERRORCLASSNAMES[logComponent], msg);
- subTest(result);
+ subTest(result);
cleanup:
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext));
- PKIX_TEST_RETURN();
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext));
+ PKIX_TEST_RETURN();
}
static void
createLogger(PKIX_Logger **logger,
- PKIX_PL_Object *context,
- PKIX_Logger_LogCallback cb)
+ PKIX_PL_Object *context,
+ PKIX_Logger_LogCallback cb)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_Create
- (cb, context, logger, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_Create(cb, context, logger, plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testContextCallback(PKIX_Logger *logger, PKIX_Logger *logger2)
{
- PKIX_Logger_LogCallback cb = NULL;
- PKIX_PL_Object *context = NULL;
- PKIX_Boolean cmpResult = PKIX_FALSE;
- PKIX_UInt32 length;
+ PKIX_Logger_LogCallback cb = NULL;
+ PKIX_PL_Object *context = NULL;
+ PKIX_Boolean cmpResult = PKIX_FALSE;
+ PKIX_UInt32 length;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_Logger_GetLoggerContext");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggerContext
- (logger2, &context, plContext));
+ subTest("PKIX_Logger_GetLoggerContext");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggerContext(logger2, &context, plContext));
- testEqualsHelper
- ((PKIX_PL_Object *)logger, context, PKIX_TRUE, plContext);
+ testEqualsHelper((PKIX_PL_Object *)logger, context, PKIX_TRUE, plContext);
- subTest("PKIX_Logger_GetLogCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLogCallback
- (logger, &cb, plContext));
+ subTest("PKIX_Logger_GetLogCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLogCallback(logger, &cb, plContext));
- if (cb != testLoggerCallback) {
- testError("Incorrect Logger Callback returned");
- }
+ if (cb != testLoggerCallback) {
+ testError("Incorrect Logger Callback returned");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(context);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(context);
+ PKIX_TEST_RETURN();
}
static void
testComponent(PKIX_Logger *logger)
{
- PKIX_ERRORCLASS compName = (PKIX_ERRORCLASS)NULL;
- PKIX_ERRORCLASS compNameReturn = (PKIX_ERRORCLASS)NULL;
- PKIX_Boolean cmpResult = PKIX_FALSE;
- PKIX_TEST_STD_VARS();
+ PKIX_ERRORCLASS compName = (PKIX_ERRORCLASS)NULL;
+ PKIX_ERRORCLASS compNameReturn = (PKIX_ERRORCLASS)NULL;
+ PKIX_Boolean cmpResult = PKIX_FALSE;
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_Logger_GetLoggingComponent");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggingComponent
- (logger, &compName, plContext));
+ subTest("PKIX_Logger_GetLoggingComponent");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggingComponent(logger, &compName, plContext));
- if (compName != (PKIX_ERRORCLASS)NULL) {
- testError("Incorrect Logger Component returned. expect <NULL>");
- }
+ if (compName != (PKIX_ERRORCLASS)NULL) {
+ testError("Incorrect Logger Component returned. expect <NULL>");
+ }
- subTest("PKIX_Logger_SetLoggingComponent");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent
- (logger, PKIX_LIST_ERROR, plContext));
+ subTest("PKIX_Logger_SetLoggingComponent");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger, PKIX_LIST_ERROR, plContext));
- subTest("PKIX_Logger_GetLoggingComponent");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggingComponent
- (logger, &compNameReturn, plContext));
+ subTest("PKIX_Logger_GetLoggingComponent");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggingComponent(logger, &compNameReturn, plContext));
- if (compNameReturn != PKIX_LIST_ERROR) {
- testError("Incorrect Logger Component returned.");
- }
+ if (compNameReturn != PKIX_LIST_ERROR) {
+ testError("Incorrect Logger Component returned.");
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testMaxLoggingLevel(PKIX_Logger *logger)
{
- PKIX_UInt32 level = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_UInt32 level = 0;
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_Logger_GetMaxLoggingLevel");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetMaxLoggingLevel
- (logger, &level, plContext));
+ subTest("PKIX_Logger_GetMaxLoggingLevel");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetMaxLoggingLevel(logger, &level, plContext));
- if (level != 0) {
- testError("Incorrect Logger MaxLoggingLevel returned");
- }
+ if (level != 0) {
+ testError("Incorrect Logger MaxLoggingLevel returned");
+ }
- subTest("PKIX_Logger_SetMaxLoggingLevel");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel
- (logger, 3, plContext));
+ subTest("PKIX_Logger_SetMaxLoggingLevel");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger, 3, plContext));
- subTest("PKIX_Logger_GetMaxLoggingLevel");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetMaxLoggingLevel
- (logger, &level, plContext));
+ subTest("PKIX_Logger_GetMaxLoggingLevel");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetMaxLoggingLevel(logger, &level, plContext));
- if (level != 3) {
- testError("Incorrect Logger MaxLoggingLevel returned");
- }
+ if (level != 3) {
+ testError("Incorrect Logger MaxLoggingLevel returned");
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testLogger(PKIX_Logger *logger, PKIX_Logger *logger2)
{
- PKIX_List *loggerList = NULL;
- PKIX_List *checkList = NULL;
- PKIX_UInt32 length;
- PKIX_Boolean cmpResult = PKIX_FALSE;
- char *expectedAscii = "[\n"
- "\tLogger: \n"
- "\tContext: (null)\n"
- "\tMaximum Level: 3\n"
- "\tComponent Name: LIST\n"
- "]\n";
-
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_GetLoggers");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_GetLoggers(&loggerList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (loggerList, &length, plContext));
- if (length != 0){
- testError("Incorrect Logger List returned");
- }
- PKIX_TEST_DECREF_BC(loggerList);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&loggerList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (loggerList, (PKIX_PL_Object *) logger, plContext));
-
- subTest("PKIX_SetLoggers");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggerList, plContext));
-
- subTest("PKIX_Logger_SetLoggingComponent");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent
- (logger2, PKIX_MUTEX_ERROR, plContext));
-
- subTest("PKIX_Logger_SetMaxLoggingLevel");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel
- (logger2, 5, plContext));
-
- subTest("PKIX_AddLogger");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_AddLogger(logger2, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&checkList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (checkList, (PKIX_PL_Object *) logger, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (checkList, (PKIX_PL_Object *) logger2, plContext));
-
- PKIX_TEST_DECREF_BC(loggerList);
-
- subTest("PKIX_GetLoggers");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_GetLoggers(&loggerList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (loggerList, &length, plContext));
-
- subTest("pkix_Loggers_Equals");
- testEqualsHelper
- ((PKIX_PL_Object *) loggerList,
- (PKIX_PL_Object *) checkList,
- PKIX_TRUE,
- plContext);
-
- subTest("pkix_Loggers_Duplicate");
- testDuplicateHelper((PKIX_PL_Object *)logger, plContext);
-
- subTest("pkix_Loggers_Hashcode");
- testHashcodeHelper((PKIX_PL_Object *) logger,
- (PKIX_PL_Object *) logger,
- PKIX_TRUE,
- plContext);
-
- subTest("pkix_Loggers_ToString");
- testToStringHelper((PKIX_PL_Object *) logger, expectedAscii, plContext);
-
- subTest("PKIX Logger Callback");
- subTest("Expect to have ***Fatal Error (List): Null argument*** once");
- PKIX_TEST_EXPECT_ERROR(PKIX_List_AppendItem
- (NULL, (PKIX_PL_Object *) NULL, plContext));
+ PKIX_List *loggerList = NULL;
+ PKIX_List *checkList = NULL;
+ PKIX_UInt32 length;
+ PKIX_Boolean cmpResult = PKIX_FALSE;
+ char *expectedAscii = "[\n"
+ "\tLogger: \n"
+ "\tContext: (null)\n"
+ "\tMaximum Level: 3\n"
+ "\tComponent Name: LIST\n"
+ "]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_GetLoggers");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_GetLoggers(&loggerList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(loggerList, &length, plContext));
+ if (length != 0) {
+ testError("Incorrect Logger List returned");
+ }
+ PKIX_TEST_DECREF_BC(loggerList);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&loggerList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(loggerList, (PKIX_PL_Object *)logger, plContext));
+
+ subTest("PKIX_SetLoggers");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggerList, plContext));
+
+ subTest("PKIX_Logger_SetLoggingComponent");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger2, PKIX_MUTEX_ERROR, plContext));
+
+ subTest("PKIX_Logger_SetMaxLoggingLevel");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger2, 5, plContext));
+
+ subTest("PKIX_AddLogger");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_AddLogger(logger2, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&checkList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(checkList, (PKIX_PL_Object *)logger, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(checkList, (PKIX_PL_Object *)logger2, plContext));
+
+ PKIX_TEST_DECREF_BC(loggerList);
+
+ subTest("PKIX_GetLoggers");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_GetLoggers(&loggerList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(loggerList, &length, plContext));
+
+ subTest("pkix_Loggers_Equals");
+ testEqualsHelper((PKIX_PL_Object *)loggerList,
+ (PKIX_PL_Object *)checkList,
+ PKIX_TRUE,
+ plContext);
+
+ subTest("pkix_Loggers_Duplicate");
+ testDuplicateHelper((PKIX_PL_Object *)logger, plContext);
+
+ subTest("pkix_Loggers_Hashcode");
+ testHashcodeHelper((PKIX_PL_Object *)logger,
+ (PKIX_PL_Object *)logger,
+ PKIX_TRUE,
+ plContext);
+
+ subTest("pkix_Loggers_ToString");
+ testToStringHelper((PKIX_PL_Object *)logger, expectedAscii, plContext);
+
+ subTest("PKIX Logger Callback");
+ subTest("Expect to have ***Fatal Error (List): Null argument*** once");
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_AppendItem(NULL, (PKIX_PL_Object *)NULL, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(loggerList);
- PKIX_TEST_DECREF_AC(checkList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(loggerList);
+ PKIX_TEST_DECREF_AC(checkList);
+ PKIX_TEST_RETURN();
}
static void
testDestroy(PKIX_Logger *logger)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(logger);
+ PKIX_TEST_DECREF_BC(logger);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_logger(int argc, char *argv[]) {
+int
+test_logger(int argc, char *argv[])
+{
- PKIX_Logger *logger, *logger2;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ PKIX_Logger *logger, *logger2;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("Loggers");
+ startTests("Loggers");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- subTest("PKIX_Logger_Create");
- createLogger(&logger, NULL, testLoggerCallback);
- createLogger(&logger2, (PKIX_PL_Object *)logger, testLoggerCallback2);
+ subTest("PKIX_Logger_Create");
+ createLogger(&logger, NULL, testLoggerCallback);
+ createLogger(&logger2, (PKIX_PL_Object *)logger, testLoggerCallback2);
- subTest("Logger Context and Callback");
- testContextCallback(logger, logger2);
+ subTest("Logger Context and Callback");
+ testContextCallback(logger, logger2);
- subTest("Logger Component");
- testComponent(logger);
+ subTest("Logger Component");
+ testComponent(logger);
- subTest("Logger MaxLoggingLevel");
- testMaxLoggingLevel(logger);
+ subTest("Logger MaxLoggingLevel");
+ testMaxLoggingLevel(logger);
- subTest("Logger List operations");
- testLogger(logger, logger2);
+ subTest("Logger List operations");
+ testLogger(logger, logger2);
- subTest("PKIX_Logger_Destroy");
- testDestroy(logger);
- testDestroy(logger2);
+ subTest("PKIX_Logger_Destroy");
+ testDestroy(logger);
+ testDestroy(logger2);
cleanup:
- PKIX_Shutdown(plContext);
-
- PKIX_TEST_RETURN();
+ PKIX_Shutdown(plContext);
- endTests("Loggers");
+ PKIX_TEST_RETURN();
- return (0);
+ endTests("Loggers");
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/module/test_colcertstore.c b/cmd/libpkix/pkix_pl/module/test_colcertstore.c
index b6cb4b460..37169d6ff 100644
--- a/cmd/libpkix/pkix_pl/module/test_colcertstore.c
+++ b/cmd/libpkix/pkix_pl/module/test_colcertstore.c
@@ -20,233 +20,228 @@ static void *plContext = NULL;
static PKIX_Error *
testCRLSelectorMatchCallback(
- PKIX_CRLSelector *selector,
- PKIX_PL_CRL *crl,
- PKIX_Boolean *pMatch,
- void *plContext)
+ PKIX_CRLSelector *selector,
+ PKIX_PL_CRL *crl,
+ PKIX_Boolean *pMatch,
+ void *plContext)
{
- *pMatch = PKIX_TRUE;
+ *pMatch = PKIX_TRUE;
- return (0);
+ return (0);
}
static PKIX_Error *
testCertSelectorMatchCallback(
- PKIX_CertSelector *selector,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
+ PKIX_CertSelector *selector,
+ PKIX_PL_Cert *cert,
+ PKIX_Boolean *pResult,
+ void *plContext)
{
- *pResult = PKIX_TRUE;
+ *pResult = PKIX_TRUE;
- return (0);
+ return (0);
}
static PKIX_Error *
getCertCallback(
- PKIX_CertStore *store,
- PKIX_CertSelector *certSelector,
- PKIX_List **pCerts,
- void *plContext)
+ PKIX_CertStore *store,
+ PKIX_CertSelector *certSelector,
+ PKIX_List **pCerts,
+ void *plContext)
{
- return (0);
+ return (0);
}
-static char *catDirName(char *platform, char *dir, void *plContext)
+static char *
+catDirName(char *platform, char *dir, void *plContext)
{
- char *pathName = NULL;
- PKIX_UInt32 dirLen;
- PKIX_UInt32 platformLen;
+ char *pathName = NULL;
+ PKIX_UInt32 dirLen;
+ PKIX_UInt32 platformLen;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- dirLen = PL_strlen(dir);
- platformLen = PL_strlen(platform);
+ dirLen = PL_strlen(dir);
+ platformLen = PL_strlen(platform);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
- (platformLen + dirLen + 2, (void **)&pathName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen +
+ dirLen +
+ 2,
+ (void **)&pathName, plContext));
- PL_strcpy(pathName, platform);
- PL_strcat(pathName, "/");
- PL_strcat(pathName, dir);
+ PL_strcpy(pathName, platform);
+ PL_strcat(pathName, "/");
+ PL_strcat(pathName, dir);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (pathName);
+ return (pathName);
}
-static
-void testGetCRL(char *crlDir)
+static void
+testGetCRL(char *crlDir)
{
- PKIX_PL_String *dirString = NULL;
- PKIX_CertStore_CRLCallback crlCallback;
- PKIX_CertStore *certStore = NULL;
- PKIX_CRLSelector *crlSelector = NULL;
- PKIX_List *crlList = NULL;
- PKIX_UInt32 numCrl = 0;
- void *nbioContext = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- crlDir,
- 0,
- &dirString,
- plContext));
-
- subTest("PKIX_PL_CollectionCertStore_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirString,
- &certStore,
- plContext));
-
- subTest("PKIX_CRLSelector_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create
- (testCRLSelectorMatchCallback,
- NULL,
- &crlSelector,
- plContext));
-
- subTest("PKIX_CertStore_GetCRLCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback
- (certStore, &crlCallback, NULL));
-
- subTest("Getting data from CRL Callback");
- PKIX_TEST_EXPECT_NO_ERROR(crlCallback
- (certStore,
- crlSelector,
- &nbioContext,
- &crlList,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (crlList,
- &numCrl,
- plContext));
-
- if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) {
- pkixTestErrorMsg = "unexpected CRL number mismatch";
- }
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore_CRLCallback crlCallback;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CRLSelector *crlSelector = NULL;
+ PKIX_List *crlList = NULL;
+ PKIX_UInt32 numCrl = 0;
+ void *nbioContext = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ crlDir,
+ 0,
+ &dirString,
+ plContext));
+
+ subTest("PKIX_PL_CollectionCertStore_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString,
+ &certStore,
+ plContext));
+
+ subTest("PKIX_CRLSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(testCRLSelectorMatchCallback,
+ NULL,
+ &crlSelector,
+ plContext));
+
+ subTest("PKIX_CertStore_GetCRLCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, &crlCallback, NULL));
+
+ subTest("Getting data from CRL Callback");
+ PKIX_TEST_EXPECT_NO_ERROR(crlCallback(certStore,
+ crlSelector,
+ &nbioContext,
+ &crlList,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList,
+ &numCrl,
+ plContext));
+
+ if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) {
+ pkixTestErrorMsg = "unexpected CRL number mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(dirString);
- PKIX_TEST_DECREF_AC(crlList);
- PKIX_TEST_DECREF_AC(crlSelector);
- PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(crlList);
+ PKIX_TEST_DECREF_AC(crlSelector);
+ PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testGetCert(char *certDir)
+static void
+testGetCert(char *certDir)
{
- PKIX_PL_String *dirString = NULL;
- PKIX_CertStore_CertCallback certCallback;
- PKIX_CertStore *certStore = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_List *certList = NULL;
- PKIX_UInt32 numCert = 0;
- void *nbioContext = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- certDir,
- 0,
- &dirString,
- plContext));
-
- subTest("PKIX_PL_CollectionCertStore_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (dirString,
- &certStore,
- plContext));
-
- subTest("PKIX_CertSelector_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (testCertSelectorMatchCallback,
- NULL,
- &certSelector,
- plContext));
-
- subTest("PKIX_CertStore_GetCertCallback");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
- (certStore, &certCallback, NULL));
-
- subTest("Getting data from Cert Callback");
- PKIX_TEST_EXPECT_NO_ERROR(certCallback
- (certStore,
- certSelector,
- &nbioContext,
- &certList,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certList,
- &numCert,
- plContext));
-
- if (numCert != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CERTS) {
- pkixTestErrorMsg = "unexpected Cert number mismatch";
- }
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore_CertCallback certCallback;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certList = NULL;
+ PKIX_UInt32 numCert = 0;
+ void *nbioContext = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ certDir,
+ 0,
+ &dirString,
+ plContext));
+
+ subTest("PKIX_PL_CollectionCertStore_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString,
+ &certStore,
+ plContext));
+
+ subTest("PKIX_CertSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback,
+ NULL,
+ &certSelector,
+ plContext));
+
+ subTest("PKIX_CertStore_GetCertCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
+
+ subTest("Getting data from Cert Callback");
+ PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore,
+ certSelector,
+ &nbioContext,
+ &certList,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList,
+ &numCert,
+ plContext));
+
+ if (numCert != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CERTS) {
+ pkixTestErrorMsg = "unexpected Cert number mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(dirString);
- PKIX_TEST_DECREF_AC(certList);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(certList);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void printUsage(char *pName){
- printf("\nUSAGE: %s test-purpose <data-dir> <platform-dir>\n\n", pName);
+static void
+printUsage(char *pName)
+{
+ printf("\nUSAGE: %s test-purpose <data-dir> <platform-dir>\n\n", pName);
}
/* Functional tests for CollectionCertStore public functions */
-int test_colcertstore(int argc, char *argv[]) {
+int
+test_colcertstore(int argc, char *argv[])
+{
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- char *platformDir = NULL;
- char *dataDir = NULL;
- char *combinedDir = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ char *platformDir = NULL;
+ char *dataDir = NULL;
+ char *combinedDir = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("CollectionCertStore");
+ startTests("CollectionCertStore");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- if (argc < (3 + j)) {
- printUsage(argv[0]);
- return (0);
- }
+ if (argc < (3 + j)) {
+ printUsage(argv[0]);
+ return (0);
+ }
- dataDir = argv[2 + j];
- platformDir = argv[3 + j];
- combinedDir = catDirName(platformDir, dataDir, plContext);
+ dataDir = argv[2 + j];
+ platformDir = argv[3 + j];
+ combinedDir = catDirName(platformDir, dataDir, plContext);
- testGetCRL(combinedDir);
- testGetCert(combinedDir);
+ testGetCRL(combinedDir);
+ testGetCert(combinedDir);
cleanup:
- pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext);
+ pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("CollectionCertStore");
+ endTests("CollectionCertStore");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/module/test_ekuchecker.c b/cmd/libpkix/pkix_pl/module/test_ekuchecker.c
index df1d561d2..ccd05a5bf 100644
--- a/cmd/libpkix/pkix_pl/module/test_ekuchecker.c
+++ b/cmd/libpkix/pkix_pl/module/test_ekuchecker.c
@@ -11,278 +11,265 @@
#include "testutil.h"
#include "testutil_nss.h"
-#define PKIX_TEST_MAX_CERTS 10
+#define PKIX_TEST_MAX_CERTS 10
static void *plContext = NULL;
-static
-void printUsage1(char *pName){
- printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
- printf("[E]oid[,oid]* <data-dir> cert [certs].\n");
+static void
+printUsage1(char *pName)
+{
+ printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
+ printf("[E]oid[,oid]* <data-dir> cert [certs].\n");
}
-static void printUsageMax(PKIX_UInt32 numCerts){
- printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
- numCerts, PKIX_TEST_MAX_CERTS);
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+ printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+ numCerts, PKIX_TEST_MAX_CERTS);
}
static PKIX_Error *
testCertSelectorMatchCallback(
- PKIX_CertSelector *selector,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
+ PKIX_CertSelector *selector,
+ PKIX_PL_Cert *cert,
+ PKIX_Boolean *pResult,
+ void *plContext)
{
- *pResult = PKIX_TRUE;
+ *pResult = PKIX_TRUE;
- return (0);
+ return (0);
}
static PKIX_Error *
testEkuSetup(
- PKIX_ValidateParams *valParams,
- char *ekuOidString,
- PKIX_Boolean *only4EE)
+ PKIX_ValidateParams *valParams,
+ char *ekuOidString,
+ PKIX_Boolean *only4EE)
{
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_List *ekuList = NULL;
- PKIX_PL_OID *ekuOid = NULL;
- PKIX_ComCertSelParams *selParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_Boolean last_token = PKIX_FALSE;
- PKIX_UInt32 i, tokeni;
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_ValidateParams_GetProcessingParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
- (valParams, &procParams, plContext));
-
- /* Get extended key usage OID(s) from command line, separated by "," */
-
- if (ekuOidString[0] == '"') {
- /* erase doble quotes, if any */
- i = 1;
- while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') {
- ekuOidString[i-1] = ekuOidString[i];
- i++;
- }
- ekuOidString[i-1] = '\0';
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_List *ekuList = NULL;
+ PKIX_PL_OID *ekuOid = NULL;
+ PKIX_ComCertSelParams *selParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_Boolean last_token = PKIX_FALSE;
+ PKIX_UInt32 i, tokeni;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_ValidateParams_GetProcessingParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+ /* Get extended key usage OID(s) from command line, separated by "," */
+
+ if (ekuOidString[0] == '"') {
+ /* erase doble quotes, if any */
+ i = 1;
+ while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') {
+ ekuOidString[i - 1] = ekuOidString[i];
+ i++;
}
+ ekuOidString[i - 1] = '\0';
+ }
- if (ekuOidString[0] == '\0') {
- ekuList = NULL;
+ if (ekuOidString[0] == '\0') {
+ ekuList = NULL;
+ } else {
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuList, plContext));
+
+ /* if OID string start with E, only check for last cert */
+ if (ekuOidString[0] == 'E') {
+ *only4EE = PKIX_TRUE;
+ tokeni = 2;
+ i = 1;
} else {
+ *only4EE = PKIX_FALSE;
+ tokeni = 1;
+ i = 0;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
- (&ekuList, plContext));
-
- /* if OID string start with E, only check for last cert */
- if (ekuOidString[0] == 'E') {
- *only4EE = PKIX_TRUE;
- tokeni = 2;
- i = 1;
- } else {
- *only4EE = PKIX_FALSE;
- tokeni = 1;
- i = 0;
- }
-
- while (last_token != PKIX_TRUE) {
- while (ekuOidString[tokeni] != ',' &&
- ekuOidString[tokeni] != '\0') {
- tokeni++;
- }
- if (ekuOidString[tokeni] == '\0') {
- last_token = PKIX_TRUE;
- } else {
- ekuOidString[tokeni] = '\0';
- tokeni++;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
- (&ekuOidString[i], &ekuOid, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (ekuList, (PKIX_PL_Object *)ekuOid, plContext));
-
- PKIX_TEST_DECREF_BC(ekuOid);
- i = tokeni;
-
- }
+ while (last_token != PKIX_TRUE) {
+ while (ekuOidString[tokeni] != ',' &&
+ ekuOidString[tokeni] != '\0') {
+ tokeni++;
+ }
+ if (ekuOidString[tokeni] == '\0') {
+ last_token = PKIX_TRUE;
+ } else {
+ ekuOidString[tokeni] = '\0';
+ tokeni++;
+ }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(&ekuOidString[i], &ekuOid, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuList, (PKIX_PL_Object *)ekuOid, plContext));
+
+ PKIX_TEST_DECREF_BC(ekuOid);
+ i = tokeni;
}
+ }
- /* Set extended key usage link to processing params */
+ /* Set extended key usage link to processing params */
- subTest("PKIX_ComCertSelParams_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&selParams, plContext));
+ subTest("PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext));
- subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage
- (selParams, ekuList, plContext));
+ subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(selParams, ekuList, plContext));
- subTest("PKIX_CertSelector_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (testCertSelectorMatchCallback,
- NULL,
- &certSelector,
- plContext));
+ subTest("PKIX_CertSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback,
+ NULL,
+ &certSelector,
+ plContext));
- subTest("PKIX_CertSelector_SetCommonCertSelectorParams");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, selParams, plContext));
+ subTest("PKIX_CertSelector_SetCommonCertSelectorParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, selParams, plContext));
- subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext));
+ subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(selParams);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(ekuOid);
- PKIX_TEST_DECREF_AC(ekuList);
+ PKIX_TEST_DECREF_AC(selParams);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(ekuOid);
+ PKIX_TEST_DECREF_AC(ekuList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (0);
+ return (0);
}
static PKIX_Error *
testEkuChecker(
- PKIX_ValidateParams *valParams,
- PKIX_Boolean only4EE)
+ PKIX_ValidateParams *valParams,
+ PKIX_Boolean only4EE)
{
- PKIX_ProcessingParams *procParams = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
- (valParams, &procParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
- subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, PKIX_FALSE, plContext));
+ subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
- if (only4EE == PKIX_FALSE) {
- subTest("PKIX_PL_EkuChecker_Create");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create
- (procParams, plContext));
- }
+ if (only4EE == PKIX_FALSE) {
+ subTest("PKIX_PL_EkuChecker_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create(procParams, plContext));
+ }
cleanup:
- PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (0);
+ return (0);
}
-int test_ekuchecker(int argc, char *argv[]){
- PKIX_List *chain = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_UInt32 actualMinorVersion;
- char *certNames[PKIX_TEST_MAX_CERTS];
- char *dirName = NULL;
- PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
- PKIX_UInt32 chainLength = 0;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 j = 0;
- PKIX_Boolean testValid = PKIX_FALSE;
- PKIX_Boolean only4EE = PKIX_FALSE;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 5) {
- printUsage1(argv[0]);
- return (0);
- }
+int
+test_ekuchecker(int argc, char *argv[])
+{
+ PKIX_List *chain = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ char *certNames[PKIX_TEST_MAX_CERTS];
+ char *dirName = NULL;
+ PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+ PKIX_UInt32 chainLength = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_Boolean testValid = PKIX_FALSE;
+ PKIX_Boolean only4EE = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 5) {
+ printUsage1(argv[0]);
+ return (0);
+ }
- startTests("EKU Checker");
+ startTests("EKU Checker");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- /* ENE = expect no error; EE = expect error */
- if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
- testValid = PKIX_TRUE;
- } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
- testValid = PKIX_FALSE;
- } else {
- printUsage1(argv[0]);
- return (0);
- }
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage1(argv[0]);
+ return (0);
+ }
- dirName = argv[4+j];
+ dirName = argv[4 + j];
- chainLength = (argc - j) - 6;
- if (chainLength > PKIX_TEST_MAX_CERTS) {
- printUsageMax(chainLength);
- }
+ chainLength = (argc - j) - 6;
+ if (chainLength > PKIX_TEST_MAX_CERTS) {
+ printUsageMax(chainLength);
+ }
- for (i = 0; i < chainLength; i++) {
+ for (i = 0; i < chainLength; i++) {
- certNames[i] = argv[6+i+j];
- certs[i] = NULL;
- }
+ certNames[i] = argv[6 + i + j];
+ certs[i] = NULL;
+ }
- subTest(argv[1+j]);
+ subTest(argv[1 + j]);
- subTest("Extended-Key-Usage-Checker");
+ subTest("Extended-Key-Usage-Checker");
- subTest("Extended-Key-Usage-Checker - Create Cert Chain");
+ subTest("Extended-Key-Usage-Checker - Create Cert Chain");
- chain = createCertChainPlus
- (dirName, certNames, certs, chainLength, plContext);
+ chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
- subTest("Extended-Key-Usage-Checker - Create Params");
+ subTest("Extended-Key-Usage-Checker - Create Params");
- valParams = createValidateParams
- (dirName,
- argv[5+j],
- NULL,
- NULL,
- NULL,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- PKIX_FALSE,
- chain,
- plContext);
+ valParams = createValidateParams(dirName,
+ argv[5 +
+ j],
+ NULL,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
- subTest("Default CertStore");
+ subTest("Default CertStore");
- testEkuSetup(valParams, argv[3+j], &only4EE);
+ testEkuSetup(valParams, argv[3 + j], &only4EE);
- testEkuChecker(valParams, only4EE);
+ testEkuChecker(valParams, only4EE);
- subTest("Extended-Key-Usage-Checker - Validate Chain");
-
- if (testValid == PKIX_TRUE) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
- (valParams, &valResult, NULL, plContext));
- } else {
- PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
- (valParams, &valResult, NULL, plContext));
- }
+ subTest("Extended-Key-Usage-Checker - Validate Chain");
+ if (testValid == PKIX_TRUE) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
+ } else {
+ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
+ }
cleanup:
- PKIX_TEST_DECREF_AC(chain);
- PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("EKU Checker");
+ endTests("EKU Checker");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/module/test_httpcertstore.c b/cmd/libpkix/pkix_pl/module/test_httpcertstore.c
index 6a45c4776..62f86300a 100644
--- a/cmd/libpkix/pkix_pl/module/test_httpcertstore.c
+++ b/cmd/libpkix/pkix_pl/module/test_httpcertstore.c
@@ -41,284 +41,260 @@
static void *plContext = NULL;
-static
-void printUsage(char *testname)
+static void
+printUsage(char *testname)
{
- char *fmt =
- "USAGE: %s [-arenas] certDir certName\n";
- printf(fmt, "test_httpcertstore");
+ char *fmt =
+ "USAGE: %s [-arenas] certDir certName\n";
+ printf(fmt, "test_httpcertstore");
}
/* Functional tests for Socket public functions */
-static
-void do_other_work(void) { /* while waiting for nonblocking I/O to complete */
- (void) PR_Sleep(2*60);
+static void
+do_other_work(void)
+{ /* while waiting for nonblocking I/O to complete */
+ (void)PR_Sleep(2 * 60);
}
PKIX_Error *
PKIX_PL_HttpCertStore_Create(
- PKIX_PL_HttpClient *client, /* if NULL, use default Client */
- PKIX_PL_GeneralName *location,
- PKIX_CertStore **pCertStore,
- void *plContext);
+ PKIX_PL_HttpClient *client, /* if NULL, use default Client */
+ PKIX_PL_GeneralName *location,
+ PKIX_CertStore **pCertStore,
+ void *plContext);
PKIX_Error *
pkix_pl_HttpCertStore_CreateWithAsciiName(
- PKIX_PL_HttpClient *client, /* if NULL, use default Client */
- char *location,
- PKIX_CertStore **pCertStore,
- void *plContext);
+ PKIX_PL_HttpClient *client, /* if NULL, use default Client */
+ char *location,
+ PKIX_CertStore **pCertStore,
+ void *plContext);
static PKIX_Error *
getLocation(
- PKIX_PL_Cert *certWithAia,
- PKIX_PL_GeneralName **pLocation,
- void *plContext)
+ PKIX_PL_Cert *certWithAia,
+ PKIX_PL_GeneralName **pLocation,
+ void *plContext)
{
- PKIX_List *aiaList = NULL;
- PKIX_UInt32 size = 0;
- PKIX_PL_InfoAccess *aia = NULL;
- PKIX_UInt32 iaType = PKIX_INFOACCESS_LOCATION_UNKNOWN;
- PKIX_PL_GeneralName *location = NULL;
+ PKIX_List *aiaList = NULL;
+ PKIX_UInt32 size = 0;
+ PKIX_PL_InfoAccess *aia = NULL;
+ PKIX_UInt32 iaType = PKIX_INFOACCESS_LOCATION_UNKNOWN;
+ PKIX_PL_GeneralName *location = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("Getting Authority Info Access");
+ subTest("Getting Authority Info Access");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess
- (certWithAia, &aiaList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(certWithAia, &aiaList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (aiaList, &size, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext));
- if (size != 1) {
- pkixTestErrorMsg = "unexpected number of AIA";
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (aiaList, 0, (PKIX_PL_Object **) &aia, plContext));
+ if (size != 1) {
+ pkixTestErrorMsg = "unexpected number of AIA";
+ goto cleanup;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocationType
- (aia, &iaType, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aia, plContext));
- if (iaType != PKIX_INFOACCESS_LOCATION_HTTP) {
- pkixTestErrorMsg = "unexpected location type in AIA";
- goto cleanup;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocationType(aia, &iaType, plContext));
- }
+ if (iaType != PKIX_INFOACCESS_LOCATION_HTTP) {
+ pkixTestErrorMsg = "unexpected location type in AIA";
+ goto cleanup;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation
- (aia, &location, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation(aia, &location, plContext));
- *pLocation = location;
+ *pLocation = location;
cleanup:
- PKIX_TEST_DECREF_AC(aiaList);
- PKIX_TEST_DECREF_AC(aia);
+ PKIX_TEST_DECREF_AC(aiaList);
+ PKIX_TEST_DECREF_AC(aia);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (NULL);
+ return (NULL);
}
-int test_httpcertstore(int argc, char *argv[])
+int
+test_httpcertstore(int argc, char *argv[])
{
- PKIX_UInt32 i = 0;
- PKIX_UInt32 numCerts = 0;
- PKIX_UInt32 numCrls = 0;
- int j = 0;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 length = 0;
-
- char *certName = NULL;
- char *certDir = NULL;
- PKIX_PL_Cert *cmdLineCert = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_CertStore *certStore = NULL;
- PKIX_CertStore *crlStore = NULL;
- PKIX_PL_GeneralName *location = NULL;
- PKIX_CertStore_CertCallback getCerts = NULL;
- PKIX_List *certs = NULL;
- char *asciiResult = NULL;
- void *nbio = NULL;
-
- PKIX_PL_CRL *crl = NULL;
- PKIX_CRLSelector *crlSelector = NULL;
- char *crlLocation = "http://betty.nist.gov/pathdiscoverytestsuite/CRL"
- "files/BasicHTTPURIPeer2CACRL.crl";
- PKIX_CertStore_CRLCallback getCrls = NULL;
- PKIX_List *crls = NULL;
- PKIX_PL_String *crlString = NULL;
-
- PKIX_TEST_STD_VARS();
-
- startTests("HttpCertStore");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- if (argc != (j + 3)) {
- printUsage(argv[0]);
- pkixTestErrorMsg = "Missing command line argument.";
- goto cleanup;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 numCerts = 0;
+ PKIX_UInt32 numCrls = 0;
+ int j = 0;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 length = 0;
+
+ char *certName = NULL;
+ char *certDir = NULL;
+ PKIX_PL_Cert *cmdLineCert = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertStore *crlStore = NULL;
+ PKIX_PL_GeneralName *location = NULL;
+ PKIX_CertStore_CertCallback getCerts = NULL;
+ PKIX_List *certs = NULL;
+ char *asciiResult = NULL;
+ void *nbio = NULL;
+
+ PKIX_PL_CRL *crl = NULL;
+ PKIX_CRLSelector *crlSelector = NULL;
+ char *crlLocation = "http://betty.nist.gov/pathdiscoverytestsuite/CRL"
+ "files/BasicHTTPURIPeer2CACRL.crl";
+ PKIX_CertStore_CRLCallback getCrls = NULL;
+ PKIX_List *crls = NULL;
+ PKIX_PL_String *crlString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("HttpCertStore");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc != (j + 3)) {
+ printUsage(argv[0]);
+ pkixTestErrorMsg = "Missing command line argument.";
+ goto cleanup;
+ }
+
+ certDir = argv[++j];
+ certName = argv[++j];
+
+ cmdLineCert = createCert(certDir, certName, plContext);
+ if (cmdLineCert == NULL) {
+ pkixTestErrorMsg = "Unable to create Cert";
+ goto cleanup;
+ }
+
+ /* muster arguments to create HttpCertStore */
+ PKIX_TEST_EXPECT_NO_ERROR(getLocation(cmdLineCert, &location, plContext));
+
+ if (location == NULL) {
+ pkixTestErrorMsg = "Give me a cert with an HTTP URI!";
+ goto cleanup;
+ }
+
+ /* create HttpCertStore */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HttpCertStore_Create(NULL, location, &certStore, plContext));
+
+ /* get the GetCerts callback */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCerts, plContext));
+
+ /* create a CertSelector */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+ /* Get the certs */
+ PKIX_TEST_EXPECT_NO_ERROR(getCerts(certStore, certSelector, &nbio, &certs, plContext));
+
+ while (nbio != NULL) {
+ /* poll for a completion */
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CertContinue(certStore, certSelector, &nbio, &certs, plContext));
+ }
+
+ if (certs) {
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+ if (numCerts == 0) {
+ printf("HttpCertStore returned an empty Cert list\n");
+ goto cleanup;
}
- certDir = argv[++j];
- certName = argv[++j];
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+ i,
+ (PKIX_PL_Object **)&cert,
+ plContext));
+
+ asciiResult = PKIX_Cert2ASCII(cert);
+
+ printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+ /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+ asciiResult = NULL;
+
+ PKIX_TEST_DECREF_BC(cert);
+ }
+ } else {
+ printf("HttpCertStore returned a NULL Cert list\n");
+ }
+
+ /* create HttpCertStore */
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_HttpCertStore_CreateWithAsciiName(NULL, crlLocation, &crlStore, plContext));
+
+ /* get the GetCrls callback */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrls, plContext));
- cmdLineCert = createCert(certDir, certName, plContext);
- if (cmdLineCert == NULL) {
- pkixTestErrorMsg = "Unable to create Cert";
- goto cleanup;
- }
+ /* create a CrlSelector */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &crlSelector, plContext));
- /* muster arguments to create HttpCertStore */
- PKIX_TEST_EXPECT_NO_ERROR(getLocation
- (cmdLineCert, &location, plContext));
+ /* Get the crls */
+ PKIX_TEST_EXPECT_NO_ERROR(getCrls(crlStore, crlSelector, &nbio, &crls, plContext));
- if (location == NULL) {
- pkixTestErrorMsg = "Give me a cert with an HTTP URI!";
- goto cleanup;
- }
+ while (nbio != NULL) {
+ /* poll for a completion */
- /* create HttpCertStore */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HttpCertStore_Create
- (NULL, location, &certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CrlContinue(crlStore, crlSelector, &nbio, &crls, plContext));
+ }
- /* get the GetCerts callback */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
- (certStore, &getCerts, plContext));
-
- /* create a CertSelector */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ if (crls) {
- /* Get the certs */
- PKIX_TEST_EXPECT_NO_ERROR(getCerts
- (certStore, certSelector, &nbio, &certs, plContext));
-
- while (nbio != NULL) {
- /* poll for a completion */
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CertContinue
- (certStore, certSelector, &nbio, &certs, plContext));
- }
-
- if (certs) {
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(certs, &numCerts, plContext));
-
- if (numCerts == 0) {
- printf("HttpCertStore returned an empty Cert list\n");
- goto cleanup;
- }
-
- for (i = 0; i < numCerts; i++) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (certs,
- i,
- (PKIX_PL_Object**)&cert,
- plContext));
-
- asciiResult = PKIX_Cert2ASCII(cert);
-
- printf("CERT[%d]:\n%s\n", i, asciiResult);
-
- /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Free(asciiResult, NULL));
- asciiResult = NULL;
-
- PKIX_TEST_DECREF_BC(cert);
- }
- } else {
- printf("HttpCertStore returned a NULL Cert list\n");
- }
-
- /* create HttpCertStore */
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_HttpCertStore_CreateWithAsciiName
- (NULL, crlLocation, &crlStore, plContext));
-
- /* get the GetCrls callback */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback
- (crlStore, &getCrls, plContext));
-
- /* create a CrlSelector */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create
- (NULL, NULL, &crlSelector, plContext));
-
- /* Get the crls */
- PKIX_TEST_EXPECT_NO_ERROR(getCrls
- (crlStore, crlSelector, &nbio, &crls, plContext));
-
- while (nbio != NULL) {
- /* poll for a completion */
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CrlContinue
- (crlStore, crlSelector, &nbio, &crls, plContext));
- }
-
- if (crls) {
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(crls, &numCrls, plContext));
-
- if (numCrls == 0) {
- printf("HttpCertStore returned an empty CRL list\n");
- goto cleanup;
- }
-
- for (i = 0; i < numCrls; i++) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (crls,
- i,
- (PKIX_PL_Object**)&crl,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(
- (PKIX_PL_Object *)crl,
- &crlString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded
- (crlString,
- PKIX_ESCASCII,
- (void **)&asciiResult,
- &length,
- plContext));
-
- printf("CRL[%d]:\n%s\n", i, asciiResult);
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Free(asciiResult, plContext));
- PKIX_TEST_DECREF_BC(crlString);
- PKIX_TEST_DECREF_BC(crl);
- }
- } else {
- printf("HttpCertStore returned a NULL CRL list\n");
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crls, &numCrls, plContext));
+
+ if (numCrls == 0) {
+ printf("HttpCertStore returned an empty CRL list\n");
+ goto cleanup;
+ }
+
+ for (i = 0; i < numCrls; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(crls,
+ i,
+ (PKIX_PL_Object **)&crl,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(
+ (PKIX_PL_Object *)crl,
+ &crlString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(crlString,
+ PKIX_ESCASCII,
+ (void **)&asciiResult,
+ &length,
+ plContext));
+
+ printf("CRL[%d]:\n%s\n", i, asciiResult);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
+ PKIX_TEST_DECREF_BC(crlString);
+ PKIX_TEST_DECREF_BC(crl);
+ }
+ } else {
+ printf("HttpCertStore returned a NULL CRL list\n");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(cmdLineCert);
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(crlStore);
- PKIX_TEST_DECREF_AC(location);
- PKIX_TEST_DECREF_AC(certs);
- PKIX_TEST_DECREF_AC(crl);
- PKIX_TEST_DECREF_AC(crlString);
- PKIX_TEST_DECREF_AC(crls);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(cmdLineCert);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(crlStore);
+ PKIX_TEST_DECREF_AC(location);
+ PKIX_TEST_DECREF_AC(certs);
+ PKIX_TEST_DECREF_AC(crl);
+ PKIX_TEST_DECREF_AC(crlString);
+ PKIX_TEST_DECREF_AC(crls);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("HttpDefaultClient");
+ endTests("HttpDefaultClient");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/module/test_pk11certstore.c b/cmd/libpkix/pkix_pl/module/test_pk11certstore.c
index bc27313c1..58fceb14f 100644
--- a/cmd/libpkix/pkix_pl/module/test_pk11certstore.c
+++ b/cmd/libpkix/pkix_pl/module/test_pk11certstore.c
@@ -11,7 +11,6 @@
#include "testutil.h"
#include "testutil_nss.h"
-
static void *plContext = NULL;
/*
@@ -19,40 +18,33 @@ static void *plContext = NULL;
* select entries whose Subject Name matches that in the given Cert and
* whose validity window includes the Date specified by "validityDate".
*/
-static
-void test_makeSubjectCertSelector(
- PKIX_PL_Cert *certNameToMatch,
- PKIX_PL_Date *validityDate,
- PKIX_CertSelector **pSelector,
- void *plContext)
+static void
+test_makeSubjectCertSelector(
+ PKIX_PL_Cert *certNameToMatch,
+ PKIX_PL_Date *validityDate,
+ PKIX_CertSelector **pSelector,
+ void *plContext)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *subjParams = NULL;
- PKIX_PL_X500Name *subjectName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&subjParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject
- (certNameToMatch, &subjectName, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject
- (subjParams, subjectName, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid
- (subjParams, validityDate, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, subjParams, plContext));
- *pSelector = selector;
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *subjParams = NULL;
+ PKIX_PL_X500Name *subjectName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&subjParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(certNameToMatch, &subjectName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(subjParams, subjectName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(subjParams, validityDate, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, subjParams, plContext));
+ *pSelector = selector;
cleanup:
- PKIX_TEST_DECREF_AC(subjParams);
- PKIX_TEST_DECREF_AC(subjectName);
+ PKIX_TEST_DECREF_AC(subjParams);
+ PKIX_TEST_DECREF_AC(subjectName);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/*
@@ -60,34 +52,29 @@ cleanup:
* select entries containing a Basic Constraints extension with a path
* length of at least the specified "minPathLength".
*/
-static
-void test_makePathCertSelector(
- PKIX_Int32 minPathLength,
- PKIX_CertSelector **pSelector,
- void *plContext)
+static void
+test_makePathCertSelector(
+ PKIX_Int32 minPathLength,
+ PKIX_CertSelector **pSelector,
+ void *plContext)
{
- PKIX_CertSelector *selector = NULL;
- PKIX_ComCertSelParams *pathParams = NULL;
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *pathParams = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
- (&pathParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints
- (pathParams, minPathLength, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&pathParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(pathParams, minPathLength, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_SetCommonCertSelectorParams
- (selector, pathParams, plContext));
- *pSelector = selector;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, pathParams, plContext));
+ *pSelector = selector;
cleanup:
- PKIX_TEST_DECREF_AC(pathParams);
+ PKIX_TEST_DECREF_AC(pathParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/*
@@ -96,68 +83,60 @@ cleanup:
* for a Subject Name match, and then queries the database for matching entries.
* It is intended to test a "smart" database query.
*/
-static
-void testMatchCertSubject(
- char *crlDir,
- char *desiredSubjectCert,
- char *expectedAscii,
- PKIX_PL_Date *validityDate,
- void *plContext)
+static void
+testMatchCertSubject(
+ char *crlDir,
+ char *desiredSubjectCert,
+ char *expectedAscii,
+ PKIX_PL_Date *validityDate,
+ void *plContext)
{
- PKIX_UInt32 numCert = 0;
- PKIX_PL_Cert *certWithDesiredSubject = NULL;
- PKIX_CertStore *certStore = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_List *certList = NULL;
- PKIX_CertStore_CertCallback getCert = NULL;
- void *nbioContext = NULL;
-
- PKIX_TEST_STD_VARS();
-
- certWithDesiredSubject = createCert
- (crlDir, desiredSubjectCert, plContext);
-
- test_makeSubjectCertSelector
- (certWithDesiredSubject,
- validityDate,
- &certSelector,
- plContext);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
- (&certStore, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
- (certStore, &getCert, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(getCert
- (certStore,
- certSelector,
- &nbioContext,
- &certList,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (certList, &numCert, plContext));
-
- if (numCert > 0) {
- /* List should be immutable */
- PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem
- (certList, 0, plContext));
- }
-
- if (expectedAscii) {
- testToStringHelper
- ((PKIX_PL_Object *)certList, expectedAscii, plContext);
- }
+ PKIX_UInt32 numCert = 0;
+ PKIX_PL_Cert *certWithDesiredSubject = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certList = NULL;
+ PKIX_CertStore_CertCallback getCert = NULL;
+ void *nbioContext = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ certWithDesiredSubject = createCert(crlDir, desiredSubjectCert, plContext);
+
+ test_makeSubjectCertSelector(certWithDesiredSubject,
+ validityDate,
+ &certSelector,
+ plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&certStore, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCert, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(getCert(certStore,
+ certSelector,
+ &nbioContext,
+ &certList,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
+
+ if (numCert > 0) {
+ /* List should be immutable */
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(certList, 0, plContext));
+ }
+
+ if (expectedAscii) {
+ testToStringHelper((PKIX_PL_Object *)certList, expectedAscii, plContext);
+ }
cleanup:
- PKIX_TEST_DECREF_AC(certWithDesiredSubject);
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(certList);
+ PKIX_TEST_DECREF_AC(certWithDesiredSubject);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(certList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/*
@@ -168,93 +147,81 @@ cleanup:
* available certs and the filtering will be done by the interaction of the
* certstore and the selector.
*/
-static
-void testMatchCertMinPath(
- PKIX_Int32 minPath,
- char *expectedAscii,
- void *plContext)
+static void
+testMatchCertMinPath(
+ PKIX_Int32 minPath,
+ char *expectedAscii,
+ void *plContext)
{
- PKIX_CertStore *certStore = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_List *certList = NULL;
- PKIX_CertStore_CertCallback getCert = NULL;
- void *nbioContext = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certList = NULL;
+ PKIX_CertStore_CertCallback getCert = NULL;
+ void *nbioContext = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("Searching Certs for minPath");
+ subTest("Searching Certs for minPath");
- test_makePathCertSelector
- (minPath, &certSelector, plContext);
+ test_makePathCertSelector(minPath, &certSelector, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
- (&certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&certStore, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
- (certStore, &getCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(getCert
- (certStore,
- certSelector,
- &nbioContext,
- &certList,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(getCert(certStore,
+ certSelector,
+ &nbioContext,
+ &certList,
+ plContext));
- if (expectedAscii) {
- testToStringHelper
- ((PKIX_PL_Object *)certList, expectedAscii, plContext);
- }
+ if (expectedAscii) {
+ testToStringHelper((PKIX_PL_Object *)certList, expectedAscii, plContext);
+ }
cleanup:
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(certList);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(certList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/*
* This function creates a crlSelector with ComCrlSelParams set up to
* select entries whose Issuer Name matches that in the given Crl.
*/
-static
-void test_makeIssuerCRLSelector(
- PKIX_PL_CRL *crlNameToMatch,
- PKIX_CRLSelector **pSelector,
- void *plContext)
+static void
+test_makeIssuerCRLSelector(
+ PKIX_PL_CRL *crlNameToMatch,
+ PKIX_CRLSelector **pSelector,
+ void *plContext)
{
- PKIX_CRLSelector *selector = NULL;
- PKIX_ComCRLSelParams *issuerParams = NULL;
- PKIX_PL_X500Name *issuerName = NULL;
- PKIX_List *names = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create
- (&issuerParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer
- (crlNameToMatch, &issuerName, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&names, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (names, (PKIX_PL_Object *)issuerName, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames
- (issuerParams, names, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CRLSelector_SetCommonCRLSelectorParams
- (selector, issuerParams, plContext));
- *pSelector = selector;
+ PKIX_CRLSelector *selector = NULL;
+ PKIX_ComCRLSelParams *issuerParams = NULL;
+ PKIX_PL_X500Name *issuerName = NULL;
+ PKIX_List *names = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&issuerParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer(crlNameToMatch, &issuerName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&names, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(names, (PKIX_PL_Object *)issuerName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames(issuerParams, names, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(selector, issuerParams, plContext));
+ *pSelector = selector;
cleanup:
- PKIX_TEST_DECREF_AC(issuerParams);
- PKIX_TEST_DECREF_AC(issuerName);
- PKIX_TEST_DECREF_AC(names);
+ PKIX_TEST_DECREF_AC(issuerParams);
+ PKIX_TEST_DECREF_AC(issuerName);
+ PKIX_TEST_DECREF_AC(names);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/*
@@ -262,32 +229,27 @@ cleanup:
* select entries that would be valid at the Date specified by the Date
* criterion.
*/
-static
-void test_makeDateCRLSelector(
- PKIX_PL_Date *dateToMatch,
- PKIX_CRLSelector **pSelector,
- void *plContext)
+static void
+test_makeDateCRLSelector(
+ PKIX_PL_Date *dateToMatch,
+ PKIX_CRLSelector **pSelector,
+ void *plContext)
{
- PKIX_CRLSelector *selector = NULL;
- PKIX_ComCRLSelParams *dateParams = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create
- (NULL, NULL, &selector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create
- (&dateParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime
- (dateParams, dateToMatch, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CRLSelector_SetCommonCRLSelectorParams
- (selector, dateParams, plContext));
- *pSelector = selector;
+ PKIX_CRLSelector *selector = NULL;
+ PKIX_ComCRLSelParams *dateParams = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&dateParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(dateParams, dateToMatch, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(selector, dateParams, plContext));
+ *pSelector = selector;
cleanup:
- PKIX_TEST_DECREF_AC(dateParams);
+ PKIX_TEST_DECREF_AC(dateParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/*
@@ -296,65 +258,58 @@ cleanup:
* for a Issuer Name match, and then queries the database for matching entries.
* It is intended to test the case of a "smart" database query.
*/
-static
-void testMatchCrlIssuer(
- char *crlDir,
- char *desiredIssuerCrl,
- char *expectedAscii,
- void *plContext)
+static void
+testMatchCrlIssuer(
+ char *crlDir,
+ char *desiredIssuerCrl,
+ char *expectedAscii,
+ void *plContext)
{
- PKIX_UInt32 numCrl = 0;
- PKIX_PL_CRL *crlWithDesiredIssuer = NULL;
- PKIX_CertStore *crlStore = NULL;
- PKIX_CRLSelector *crlSelector = NULL;
- PKIX_List *crlList = NULL;
- PKIX_CertStore_CRLCallback getCrl = NULL;
- void *nbioContext = NULL;
+ PKIX_UInt32 numCrl = 0;
+ PKIX_PL_CRL *crlWithDesiredIssuer = NULL;
+ PKIX_CertStore *crlStore = NULL;
+ PKIX_CRLSelector *crlSelector = NULL;
+ PKIX_List *crlList = NULL;
+ PKIX_CertStore_CRLCallback getCrl = NULL;
+ void *nbioContext = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("Searching CRLs for matching Issuer");
+ subTest("Searching CRLs for matching Issuer");
- crlWithDesiredIssuer = createCRL(crlDir, desiredIssuerCrl, plContext);
+ crlWithDesiredIssuer = createCRL(crlDir, desiredIssuerCrl, plContext);
- test_makeIssuerCRLSelector
- (crlWithDesiredIssuer, &crlSelector, plContext);
+ test_makeIssuerCRLSelector(crlWithDesiredIssuer, &crlSelector, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
- (&crlStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&crlStore, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback
- (crlStore, &getCrl, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrl, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(getCrl
- (crlStore,
- crlSelector,
- &nbioContext,
- &crlList,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(getCrl(crlStore,
+ crlSelector,
+ &nbioContext,
+ &crlList,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (crlList, &numCrl, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList, &numCrl, plContext));
- if (numCrl > 0) {
- /* List should be immutable */
- PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem
- (crlList, 0, plContext));
- }
+ if (numCrl > 0) {
+ /* List should be immutable */
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(crlList, 0, plContext));
+ }
- if (expectedAscii) {
- testToStringHelper
- ((PKIX_PL_Object *)crlList, expectedAscii, plContext);
- }
+ if (expectedAscii) {
+ testToStringHelper((PKIX_PL_Object *)crlList, expectedAscii, plContext);
+ }
cleanup:
- PKIX_TEST_DECREF_AC(crlWithDesiredIssuer);
- PKIX_TEST_DECREF_AC(crlStore);
- PKIX_TEST_DECREF_AC(crlSelector);
- PKIX_TEST_DECREF_AC(crlList);
+ PKIX_TEST_DECREF_AC(crlWithDesiredIssuer);
+ PKIX_TEST_DECREF_AC(crlStore);
+ PKIX_TEST_DECREF_AC(crlSelector);
+ PKIX_TEST_DECREF_AC(crlList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/*
@@ -364,268 +319,262 @@ cleanup:
* rather than ask the database for all available CRLs and then filter the
* results using the selector.
*/
-static
-void testMatchCrlDate(
- char *dateMatch,
- char *expectedAscii,
- void *plContext)
+static void
+testMatchCrlDate(
+ char *dateMatch,
+ char *expectedAscii,
+ void *plContext)
{
- PKIX_PL_Date *dateCriterion = NULL;
- PKIX_CertStore *crlStore = NULL;
- PKIX_CRLSelector *crlSelector = NULL;
- PKIX_List *crlList = NULL;
- PKIX_CertStore_CRLCallback getCrl = NULL;
+ PKIX_PL_Date *dateCriterion = NULL;
+ PKIX_CertStore *crlStore = NULL;
+ PKIX_CRLSelector *crlSelector = NULL;
+ PKIX_List *crlList = NULL;
+ PKIX_CertStore_CRLCallback getCrl = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("Searching CRLs for matching Date");
+ subTest("Searching CRLs for matching Date");
- dateCriterion = createDate(dateMatch, plContext);
- test_makeDateCRLSelector(dateCriterion, &crlSelector, plContext);
+ dateCriterion = createDate(dateMatch, plContext);
+ test_makeDateCRLSelector(dateCriterion, &crlSelector, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
- (&crlStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&crlStore, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback
- (crlStore, &getCrl, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrl, plContext));
- PKIX_TEST_EXPECT_ERROR(getCrl
- (crlStore, crlSelector, NULL, &crlList, plContext));
+ PKIX_TEST_EXPECT_ERROR(getCrl(crlStore, crlSelector, NULL, &crlList, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(dateCriterion);
- PKIX_TEST_DECREF_AC(crlStore);
- PKIX_TEST_DECREF_AC(crlSelector);
- PKIX_TEST_DECREF_AC(crlList);
+ PKIX_TEST_DECREF_AC(dateCriterion);
+ PKIX_TEST_DECREF_AC(crlStore);
+ PKIX_TEST_DECREF_AC(crlSelector);
+ PKIX_TEST_DECREF_AC(crlList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(char *pName){
- printf("\nUSAGE: %s <-d data-dir> <database-dir>\n\n", pName);
+static void
+printUsage(char *pName)
+{
+ printf("\nUSAGE: %s <-d data-dir> <database-dir>\n\n", pName);
}
/* Functional tests for Pk11CertStore public functions */
-int test_pk11certstore(int argc, char *argv[]) {
-
- PKIX_UInt32 j = 0;
- PKIX_UInt32 actualMinorVersion;
- PKIX_PL_Date *validityDate = NULL;
- PKIX_PL_Date *betweenDate = NULL;
- char *crlDir = NULL;
- char *expectedProfAscii = "([\n"
- "\tVersion: v3\n"
- "\tSerialNumber: 00ca\n"
- "\tIssuer: CN=chemistry,O=mit,C=us\n"
- "\tSubject: CN=prof noall,O=mit,C=us\n"
- "\tValidity: [From: Fri Feb 11 14:14:06 2005\n"
- "\t To: Mon Jan 18, 2105]\n"
- "\tSubjectAltNames: (null)\n"
- "\tAuthorityKeyId: (null)\n"
- "\tSubjectKeyId: (null)\n"
- "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
- "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
- "\tExtKeyUsages: (null)\n"
- "\tBasicConstraint: CA(6)\n"
- "\tCertPolicyInfo: (null)\n"
- "\tPolicyMappings: (null)\n"
- "\tExplicitPolicy: -1\n"
- "\tInhibitMapping: -1\n"
- "\tInhibitAnyPolicy:-1\n"
- "\tNameConstraints: (null)\n"
- "]\n"
- ", [\n"
- "\tVersion: v3\n"
- "\tSerialNumber: 03\n"
- "\tIssuer: CN=physics,O=mit,C=us\n"
- "\tSubject: CN=prof noall,O=mit,C=us\n"
- "\tValidity: [From: Fri Feb 11 12:52:26 2005\n"
- "\t To: Mon Jan 18, 2105]\n"
- "\tSubjectAltNames: (null)\n"
- "\tAuthorityKeyId: (null)\n"
- "\tSubjectKeyId: (null)\n"
- "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
- "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
- "\tExtKeyUsages: (null)\n"
- "\tBasicConstraint: CA(0)\n"
- "\tCertPolicyInfo: (null)\n"
- "\tPolicyMappings: (null)\n"
- "\tExplicitPolicy: -1\n"
- "\tInhibitMapping: -1\n"
- "\tInhibitAnyPolicy:-1\n"
- "\tNameConstraints: (null)\n"
- "]\n"
- ")";
- char *expectedValidityAscii = "([\n"
- "\tVersion: v3\n"
- "\tSerialNumber: 03\n"
- "\tIssuer: CN=physics,O=mit,C=us\n"
- "\tSubject: CN=prof noall,O=mit,C=us\n"
- "\tValidity: [From: Fri Feb 11 12:52:26 2005\n"
- "\t To: Mon Jan 18, 2105]\n"
- "\tSubjectAltNames: (null)\n"
- "\tAuthorityKeyId: (null)\n"
- "\tSubjectKeyId: (null)\n"
- "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
- "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
- "\tExtKeyUsages: (null)\n"
- "\tBasicConstraint: CA(0)\n"
- "\tCertPolicyInfo: (null)\n"
- "\tPolicyMappings: (null)\n"
- "\tExplicitPolicy: -1\n"
- "\tInhibitMapping: -1\n"
- "\tInhibitAnyPolicy:-1\n"
- "\tNameConstraints: (null)\n"
- "]\n"
- ")";
- char *expectedMinPathAscii = "([\n"
- "\tVersion: v3\n"
- "\tSerialNumber: 01\n"
- "\tIssuer: CN=science,O=mit,C=us\n"
- "\tSubject: CN=science,O=mit,C=us\n"
- "\tValidity: [From: Fri Feb 11 12:47:58 2005\n"
- "\t To: Mon Jan 18, 2105]\n"
- "\tSubjectAltNames: (null)\n"
- "\tAuthorityKeyId: (null)\n"
- "\tSubjectKeyId: (null)\n"
- "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
- "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
- "\tExtKeyUsages: (null)\n"
- "\tBasicConstraint: CA(10)\n"
- "\tCertPolicyInfo: (null)\n"
- "\tPolicyMappings: (null)\n"
- "\tExplicitPolicy: -1\n"
- "\tInhibitMapping: -1\n"
- "\tInhibitAnyPolicy:-1\n"
- "\tNameConstraints: (null)\n"
- "]\n"
- ")";
- char *expectedIssuerAscii = "([\n"
- "\tVersion: v2\n"
- "\tIssuer: CN=physics,O=mit,C=us\n"
- "\tUpdate: [Last: Fri Feb 11 13:51:38 2005\n"
- "\t Next: Mon Jan 18, 2105]\n"
- "\tSignatureAlgId: 1.2.840.10040.4.3\n"
- "\tCRL Number : (null)\n"
- "\n"
- "\tEntry List: (\n"
- "\t[\n"
- "\tSerialNumber: 67\n"
- "\tReasonCode: 257\n"
- "\tRevocationDate: Fri Feb 11 13:51:38 2005\n"
- "\tCritExtOIDs: (EMPTY)\n"
- "\t]\n"
- "\t)\n"
- "\n"
- "\tCritExtOIDs: (EMPTY)\n"
- "]\n"
- ")";
- char *expectedDateAscii = "([\n"
- "\tVersion: v2\n"
- "\tIssuer: CN=science,O=mit,C=us\n"
- "\tUpdate: [Last: Fri Feb 11 13:34:40 2005\n"
- "\t Next: Mon Jan 18, 2105]\n"
- "\tSignatureAlgId: 1.2.840.10040.4.3\n"
- "\tCRL Number : (null)\n"
- "\n"
- "\tEntry List: (\n"
- "\t[\n"
- "\tSerialNumber: 65\n"
- "\tReasonCode: 260\n"
- "\tRevocationDate: Fri Feb 11 13:34:40 2005\n"
- "\tCritExtOIDs: (EMPTY)\n"
- "\t]\n"
- "\t)\n"
- "\n"
- "\tCritExtOIDs: (EMPTY)\n"
- "]\n"
- ", [\n"
- "\tVersion: v2\n"
- "\tIssuer: CN=testing CRL,O=test,C=us\n"
- "\tUpdate: [Last: Fri Feb 11 13:14:38 2005\n"
- "\t Next: Mon Jan 18, 2105]\n"
- "\tSignatureAlgId: 1.2.840.10040.4.3\n"
- "\tCRL Number : (null)\n"
- "\n"
- "\tEntry List: (\n"
- "\t[\n"
- "\tSerialNumber: 67\n"
- "\tReasonCode: 258\n"
- "\tRevocationDate: Fri Feb 11 13:14:38 2005\n"
- "\tCritExtOIDs: (EMPTY)\n"
- "\t]\n"
- "\t)\n"
- "\n"
- "\tCritExtOIDs: (EMPTY)\n"
- "]\n"
- ")";
-
- PKIX_TEST_STD_VARS();
-
- startTests("Pk11CertStore");
-
- if (argc < 3) {
- printUsage(argv[0]);
- return (0);
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- crlDir = argv[j+2];
-
- /* Two certs for prof should be valid now */
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime
- (PR_Now(), &validityDate, plContext));
-
- subTest("Searching Certs for Subject");
-
- testMatchCertSubject
- (crlDir,
- "phy2prof.crt",
- NULL, /* expectedProfAscii, */
- validityDate,
- plContext);
-
- /* One of the certs was not yet valid at this time. */
- betweenDate = createDate("050210184000Z", plContext);
-
- subTest("Searching Certs for Subject and Validity");
-
- testMatchCertSubject
- (crlDir,
- "phy2prof.crt",
- NULL, /* expectedValidityAscii, */
- betweenDate,
- plContext);
-
- testMatchCertMinPath
- (9,
- NULL, /* expectedMinPathAscii, */
- plContext);
-
- testMatchCrlIssuer
- (crlDir,
- "phys.crl",
- NULL, /* expectedIssuerAscii, */
- plContext);
-
- testMatchCrlDate
- ("050211184000Z",
- NULL, /* expectedDateAscii, */
- plContext);
+int
+test_pk11certstore(int argc, char *argv[])
+{
+
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_PL_Date *validityDate = NULL;
+ PKIX_PL_Date *betweenDate = NULL;
+ char *crlDir = NULL;
+ char *expectedProfAscii = "([\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 00ca\n"
+ "\tIssuer: CN=chemistry,O=mit,C=us\n"
+ "\tSubject: CN=prof noall,O=mit,C=us\n"
+ "\tValidity: [From: Fri Feb 11 14:14:06 2005\n"
+ "\t To: Mon Jan 18, 2105]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(6)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ", [\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 03\n"
+ "\tIssuer: CN=physics,O=mit,C=us\n"
+ "\tSubject: CN=prof noall,O=mit,C=us\n"
+ "\tValidity: [From: Fri Feb 11 12:52:26 2005\n"
+ "\t To: Mon Jan 18, 2105]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(0)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ")";
+ char *expectedValidityAscii = "([\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 03\n"
+ "\tIssuer: CN=physics,O=mit,C=us\n"
+ "\tSubject: CN=prof noall,O=mit,C=us\n"
+ "\tValidity: [From: Fri Feb 11 12:52:26 2005\n"
+ "\t To: Mon Jan 18, 2105]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(0)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ")";
+ char *expectedMinPathAscii = "([\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 01\n"
+ "\tIssuer: CN=science,O=mit,C=us\n"
+ "\tSubject: CN=science,O=mit,C=us\n"
+ "\tValidity: [From: Fri Feb 11 12:47:58 2005\n"
+ "\t To: Mon Jan 18, 2105]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(10)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ")";
+ char *expectedIssuerAscii = "([\n"
+ "\tVersion: v2\n"
+ "\tIssuer: CN=physics,O=mit,C=us\n"
+ "\tUpdate: [Last: Fri Feb 11 13:51:38 2005\n"
+ "\t Next: Mon Jan 18, 2105]\n"
+ "\tSignatureAlgId: 1.2.840.10040.4.3\n"
+ "\tCRL Number : (null)\n"
+ "\n"
+ "\tEntry List: (\n"
+ "\t[\n"
+ "\tSerialNumber: 67\n"
+ "\tReasonCode: 257\n"
+ "\tRevocationDate: Fri Feb 11 13:51:38 2005\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n"
+ "\t)\n"
+ "\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "]\n"
+ ")";
+ char *expectedDateAscii = "([\n"
+ "\tVersion: v2\n"
+ "\tIssuer: CN=science,O=mit,C=us\n"
+ "\tUpdate: [Last: Fri Feb 11 13:34:40 2005\n"
+ "\t Next: Mon Jan 18, 2105]\n"
+ "\tSignatureAlgId: 1.2.840.10040.4.3\n"
+ "\tCRL Number : (null)\n"
+ "\n"
+ "\tEntry List: (\n"
+ "\t[\n"
+ "\tSerialNumber: 65\n"
+ "\tReasonCode: 260\n"
+ "\tRevocationDate: Fri Feb 11 13:34:40 2005\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n"
+ "\t)\n"
+ "\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "]\n"
+ ", [\n"
+ "\tVersion: v2\n"
+ "\tIssuer: CN=testing CRL,O=test,C=us\n"
+ "\tUpdate: [Last: Fri Feb 11 13:14:38 2005\n"
+ "\t Next: Mon Jan 18, 2105]\n"
+ "\tSignatureAlgId: 1.2.840.10040.4.3\n"
+ "\tCRL Number : (null)\n"
+ "\n"
+ "\tEntry List: (\n"
+ "\t[\n"
+ "\tSerialNumber: 67\n"
+ "\tReasonCode: 258\n"
+ "\tRevocationDate: Fri Feb 11 13:14:38 2005\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n"
+ "\t)\n"
+ "\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "]\n"
+ ")";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Pk11CertStore");
+
+ if (argc < 3) {
+ printUsage(argv[0]);
+ return (0);
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ crlDir = argv[j + 2];
+
+ /* Two certs for prof should be valid now */
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validityDate, plContext));
+
+ subTest("Searching Certs for Subject");
+
+ testMatchCertSubject(crlDir,
+ "phy2prof.crt",
+ NULL, /* expectedProfAscii, */
+ validityDate,
+ plContext);
+
+ /* One of the certs was not yet valid at this time. */
+ betweenDate = createDate("050210184000Z", plContext);
+
+ subTest("Searching Certs for Subject and Validity");
+
+ testMatchCertSubject(crlDir,
+ "phy2prof.crt",
+ NULL, /* expectedValidityAscii, */
+ betweenDate,
+ plContext);
+
+ testMatchCertMinPath(9,
+ NULL, /* expectedMinPathAscii, */
+ plContext);
+
+ testMatchCrlIssuer(crlDir,
+ "phys.crl",
+ NULL, /* expectedIssuerAscii, */
+ plContext);
+
+ testMatchCrlDate("050211184000Z",
+ NULL, /* expectedDateAscii, */
+ plContext);
cleanup:
- PKIX_TEST_DECREF_AC(validityDate);
- PKIX_TEST_DECREF_AC(betweenDate);
+ PKIX_TEST_DECREF_AC(validityDate);
+ PKIX_TEST_DECREF_AC(betweenDate);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("Pk11CertStore");
+ endTests("Pk11CertStore");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/module/test_socket.c b/cmd/libpkix/pkix_pl/module/test_socket.c
index 8e25c144b..89400256d 100644
--- a/cmd/libpkix/pkix_pl/module/test_socket.c
+++ b/cmd/libpkix/pkix_pl/module/test_socket.c
@@ -44,31 +44,31 @@
static void *plContext = NULL;
typedef enum {
- SERVER_LISTENING,
- SERVER_RECV1,
- SERVER_POLL1,
- SERVER_SEND2,
- SERVER_POLL2,
- SERVER_RECV3,
- SERVER_POLL3,
- SERVER_SEND4,
- SERVER_POLL4,
- SERVER_DONE,
- SERVER_FAILED
+ SERVER_LISTENING,
+ SERVER_RECV1,
+ SERVER_POLL1,
+ SERVER_SEND2,
+ SERVER_POLL2,
+ SERVER_RECV3,
+ SERVER_POLL3,
+ SERVER_SEND4,
+ SERVER_POLL4,
+ SERVER_DONE,
+ SERVER_FAILED
} SERVER_STATE;
typedef enum {
- CLIENT_WAITFORCONNECT,
- CLIENT_SEND1,
- CLIENT_POLL1,
- CLIENT_RECV2,
- CLIENT_POLL2,
- CLIENT_SEND3,
- CLIENT_POLL3,
- CLIENT_RECV4,
- CLIENT_POLL4,
- CLIENT_DONE,
- CLIENT_FAILED
+ CLIENT_WAITFORCONNECT,
+ CLIENT_SEND1,
+ CLIENT_POLL1,
+ CLIENT_RECV2,
+ CLIENT_POLL2,
+ CLIENT_SEND3,
+ CLIENT_POLL3,
+ CLIENT_RECV4,
+ CLIENT_POLL4,
+ CLIENT_DONE,
+ CLIENT_FAILED
} CLIENT_STATE;
SERVER_STATE serverState;
@@ -90,511 +90,482 @@ char *sendBuf4 = "What do you mean, \"What do you mean, \'Ack\'?\"?";
char rcvBuf1[100];
char rcvBuf2[100];
-static
-void printUsage(char *testname)
+static void
+printUsage(char *testname)
{
- char *fmt = "USAGE: %s [-arenas] server:port\n";
- printf(fmt, testname);
+ char *fmt = "USAGE: %s [-arenas] server:port\n";
+ printf(fmt, testname);
}
/* Functional tests for Socket public functions */
-static
-void do_other_work(void)
+static void
+do_other_work(void)
{ /* while waiting for nonblocking I/O to complete */
- (void) PR_Sleep(2*60);
+ (void)PR_Sleep(2 * 60);
}
-static
-PKIX_Boolean server()
+static PKIX_Boolean
+server()
{
- PKIX_Int32 bytesRead = 0;
- PKIX_Int32 bytesWritten = 0;
- PKIX_Boolean keepGoing = PKIX_FALSE;
+ PKIX_Int32 bytesRead = 0;
+ PKIX_Int32 bytesWritten = 0;
+ PKIX_Boolean keepGoing = PKIX_FALSE;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- switch (serverState) {
+ switch (serverState) {
case SERVER_LISTENING:
- subTest("SERVER_LISTENING");
- PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->acceptCallback
- (sSock, &rendezvousSock, plContext));
- if (rendezvousSock) {
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList
- (rendezvousSock, &rvCallbackList, plContext));
-
- serverState = SERVER_RECV1;
- }
- break;
+ subTest("SERVER_LISTENING");
+ PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->acceptCallback(sSock, &rendezvousSock, plContext));
+ if (rendezvousSock) {
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(rendezvousSock, &rvCallbackList, plContext));
+
+ serverState = SERVER_RECV1;
+ }
+ break;
case SERVER_RECV1:
- subTest("SERVER_RECV1");
- PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback
- (rendezvousSock,
- rcvBuf1,
- sizeof(rcvBuf1),
- &bytesRead,
- plContext));
-
- if (bytesRead > 0) {
- /* confirm that rcvBuf1 = sendBuf1 */
- if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) ||
- (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) {
- testError("Receive buffer mismatch\n");
- }
-
- serverState = SERVER_SEND2;
- keepGoing = PKIX_TRUE;
- } else {
- serverState = SERVER_POLL1;
+ subTest("SERVER_RECV1");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback(rendezvousSock,
+ rcvBuf1,
+ sizeof(rcvBuf1),
+ &bytesRead,
+ plContext));
+
+ if (bytesRead > 0) {
+ /* confirm that rcvBuf1 = sendBuf1 */
+ if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) ||
+ (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) {
+ testError("Receive buffer mismatch\n");
}
- break;
+
+ serverState = SERVER_SEND2;
+ keepGoing = PKIX_TRUE;
+ } else {
+ serverState = SERVER_POLL1;
+ }
+ break;
case SERVER_POLL1:
- subTest("SERVER_POLL1");
- PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback
- (rendezvousSock, NULL, &bytesRead, plContext));
-
- if (bytesRead > 0) {
- /* confirm that rcvBuf1 = sendBuf1 */
- if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) ||
- (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) {
- testError("Receive buffer mismatch\n");
- }
-
- serverState = SERVER_SEND2;
- keepGoing = PKIX_TRUE;
+ subTest("SERVER_POLL1");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, NULL, &bytesRead, plContext));
+
+ if (bytesRead > 0) {
+ /* confirm that rcvBuf1 = sendBuf1 */
+ if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) ||
+ (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) {
+ testError("Receive buffer mismatch\n");
}
- break;
+
+ serverState = SERVER_SEND2;
+ keepGoing = PKIX_TRUE;
+ }
+ break;
case SERVER_SEND2:
- subTest("SERVER_SEND2");
- PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback
- (rendezvousSock,
- sendBuf2,
- strlen(sendBuf2) + 1,
- &bytesWritten,
- plContext));
- if (bytesWritten > 0) {
- serverState = SERVER_RECV3;
- } else {
- serverState = SERVER_POLL2;
- }
- break;
+ subTest("SERVER_SEND2");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback(rendezvousSock,
+ sendBuf2,
+ strlen(sendBuf2) +
+ 1,
+ &bytesWritten,
+ plContext));
+ if (bytesWritten > 0) {
+ serverState = SERVER_RECV3;
+ } else {
+ serverState = SERVER_POLL2;
+ }
+ break;
case SERVER_POLL2:
- subTest("SERVER_POLL2");
- PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback
- (rendezvousSock, &bytesWritten, NULL, plContext));
- if (bytesWritten > 0) {
- serverState = SERVER_RECV3;
- }
- break;
+ subTest("SERVER_POLL2");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, &bytesWritten, NULL, plContext));
+ if (bytesWritten > 0) {
+ serverState = SERVER_RECV3;
+ }
+ break;
case SERVER_RECV3:
- subTest("SERVER_RECV3");
- PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback
- (rendezvousSock,
- rcvBuf1,
- sizeof(rcvBuf1),
- &bytesRead,
- plContext));
-
- if (bytesRead > 0) {
- serverState = SERVER_SEND4;
- keepGoing = PKIX_TRUE;
- } else {
- serverState = SERVER_POLL3;
- }
- break;
+ subTest("SERVER_RECV3");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback(rendezvousSock,
+ rcvBuf1,
+ sizeof(rcvBuf1),
+ &bytesRead,
+ plContext));
+
+ if (bytesRead > 0) {
+ serverState = SERVER_SEND4;
+ keepGoing = PKIX_TRUE;
+ } else {
+ serverState = SERVER_POLL3;
+ }
+ break;
case SERVER_POLL3:
- subTest("SERVER_POLL3");
- PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback
- (rendezvousSock, NULL, &bytesRead, plContext));
- if (bytesRead > 0) {
- serverState = SERVER_SEND4;
- keepGoing = PKIX_TRUE;
- }
- break;
+ subTest("SERVER_POLL3");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, NULL, &bytesRead, plContext));
+ if (bytesRead > 0) {
+ serverState = SERVER_SEND4;
+ keepGoing = PKIX_TRUE;
+ }
+ break;
case SERVER_SEND4:
- subTest("SERVER_SEND4");
- PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback
- (rendezvousSock,
- sendBuf4,
- strlen(sendBuf4) + 1,
- &bytesWritten,
- plContext));
-
- if (bytesWritten > 0) {
- PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback
- (rendezvousSock, plContext));
- PKIX_TEST_DECREF_BC(sSock);
- PKIX_TEST_DECREF_BC(rendezvousSock);
- serverState = SERVER_DONE;
- } else {
- serverState = SERVER_POLL4;
- }
- break;
+ subTest("SERVER_SEND4");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback(rendezvousSock,
+ sendBuf4,
+ strlen(sendBuf4) +
+ 1,
+ &bytesWritten,
+ plContext));
+
+ if (bytesWritten > 0) {
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback(rendezvousSock, plContext));
+ PKIX_TEST_DECREF_BC(sSock);
+ PKIX_TEST_DECREF_BC(rendezvousSock);
+ serverState = SERVER_DONE;
+ } else {
+ serverState = SERVER_POLL4;
+ }
+ break;
case SERVER_POLL4:
- subTest("SERVER_POLL4");
- PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback
- (rendezvousSock, &bytesWritten, NULL, plContext));
- if (bytesWritten > 0) {
- PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback
- (rendezvousSock, plContext));
- PKIX_TEST_DECREF_BC(sSock);
- PKIX_TEST_DECREF_BC(rendezvousSock);
- serverState = SERVER_DONE;
- }
- break;
+ subTest("SERVER_POLL4");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, &bytesWritten, NULL, plContext));
+ if (bytesWritten > 0) {
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback(rendezvousSock, plContext));
+ PKIX_TEST_DECREF_BC(sSock);
+ PKIX_TEST_DECREF_BC(rendezvousSock);
+ serverState = SERVER_DONE;
+ }
+ break;
case SERVER_DONE:
default:
- subTest("SERVER_DONE");
- break;
- }
+ subTest("SERVER_DONE");
+ break;
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (keepGoing);
+ return (keepGoing);
}
-static
-PKIX_Boolean client()
+static PKIX_Boolean
+client()
{
- PKIX_Boolean keepGoing = PKIX_FALSE;
- PKIX_Int32 bytesRead = 0;
- PKIX_Int32 bytesWritten = 0;
- PRErrorCode cStat = 0;
+ PKIX_Boolean keepGoing = PKIX_FALSE;
+ PKIX_Int32 bytesRead = 0;
+ PKIX_Int32 bytesWritten = 0;
+ PRErrorCode cStat = 0;
- /* At 2 seconds each cycle, this should suffice! */
- PKIX_UInt32 giveUpCount = 10;
+ /* At 2 seconds each cycle, this should suffice! */
+ PKIX_UInt32 giveUpCount = 10;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- switch (clientState) {
+ switch (clientState) {
case CLIENT_WAITFORCONNECT:
- subTest("CLIENT_WAITFORCONNECT");
- clientState = CLIENT_FAILED;
- PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->connectcontinueCallback
- (cSock, &cStat, plContext));
- if (cStat == 0) {
- clientState = CLIENT_SEND1;
- keepGoing = PKIX_TRUE;
- } else {
- clientState = CLIENT_WAITFORCONNECT;
- if (--giveUpCount == 0) {
- testError("Client unable to connect");
- }
+ subTest("CLIENT_WAITFORCONNECT");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->connectcontinueCallback(cSock, &cStat, plContext));
+ if (cStat == 0) {
+ clientState = CLIENT_SEND1;
+ keepGoing = PKIX_TRUE;
+ } else {
+ clientState = CLIENT_WAITFORCONNECT;
+ if (--giveUpCount == 0) {
+ testError("Client unable to connect");
}
- break;
+ }
+ break;
case CLIENT_SEND1:
- subTest("CLIENT_SEND1");
- clientState = CLIENT_FAILED;
- PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback
- (cSock,
- sendBuf1,
- strlen(sendBuf1) + 1,
- &bytesWritten,
- plContext));
- if (bytesWritten > 0) {
- clientState = CLIENT_RECV2;
- } else {
- clientState = CLIENT_POLL1;
- }
- break;
+ subTest("CLIENT_SEND1");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback(cSock,
+ sendBuf1,
+ strlen(sendBuf1) +
+ 1,
+ &bytesWritten,
+ plContext));
+ if (bytesWritten > 0) {
+ clientState = CLIENT_RECV2;
+ } else {
+ clientState = CLIENT_POLL1;
+ }
+ break;
case CLIENT_POLL1:
- subTest("CLIENT_POLL1");
- clientState = CLIENT_FAILED;
- PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback
- (cSock, &bytesWritten, NULL, plContext));
- if (bytesWritten > 0) {
- clientState = CLIENT_RECV2;
- } else {
- clientState = CLIENT_POLL1;
- }
- break;
+ subTest("CLIENT_POLL1");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, &bytesWritten, NULL, plContext));
+ if (bytesWritten > 0) {
+ clientState = CLIENT_RECV2;
+ } else {
+ clientState = CLIENT_POLL1;
+ }
+ break;
case CLIENT_RECV2:
- subTest("CLIENT_RECV2");
- clientState = CLIENT_FAILED;
- PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback
- (cSock,
- rcvBuf2,
- sizeof(rcvBuf2),
- &bytesRead,
- plContext));
-
- if (bytesRead > 0) {
- /* confirm that rcvBuf2 = sendBuf2 */
- if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) ||
- (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) {
- testError("Receive buffer mismatch\n");
- }
- clientState = CLIENT_SEND3;
- keepGoing = PKIX_TRUE;
- } else {
- clientState = CLIENT_POLL2;
+ subTest("CLIENT_RECV2");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback(cSock,
+ rcvBuf2,
+ sizeof(rcvBuf2),
+ &bytesRead,
+ plContext));
+
+ if (bytesRead > 0) {
+ /* confirm that rcvBuf2 = sendBuf2 */
+ if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) ||
+ (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) {
+ testError("Receive buffer mismatch\n");
}
- break;
+ clientState = CLIENT_SEND3;
+ keepGoing = PKIX_TRUE;
+ } else {
+ clientState = CLIENT_POLL2;
+ }
+ break;
case CLIENT_POLL2:
- subTest("CLIENT_POLL2");
- clientState = CLIENT_FAILED;
- PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback
- (cSock, NULL, &bytesRead, plContext));
- if (bytesRead > 0) {
- /* confirm that rcvBuf2 = sendBuf2 */
- if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) ||
- (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) {
- testError("Receive buffer mismatch\n");
- }
- clientState = CLIENT_SEND3;
- } else {
- clientState = CLIENT_POLL2;
+ subTest("CLIENT_POLL2");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, NULL, &bytesRead, plContext));
+ if (bytesRead > 0) {
+ /* confirm that rcvBuf2 = sendBuf2 */
+ if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) ||
+ (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) {
+ testError("Receive buffer mismatch\n");
}
- break;
+ clientState = CLIENT_SEND3;
+ } else {
+ clientState = CLIENT_POLL2;
+ }
+ break;
case CLIENT_SEND3:
- subTest("CLIENT_SEND3");
- clientState = CLIENT_FAILED;
- PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback
- (cSock,
- sendBuf3,
- strlen(sendBuf3) + 1,
- &bytesWritten,
- plContext));
-
- if (bytesWritten > 0) {
- clientState = CLIENT_RECV4;
- } else {
- clientState = CLIENT_POLL3;
- }
- break;
+ subTest("CLIENT_SEND3");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback(cSock,
+ sendBuf3,
+ strlen(sendBuf3) +
+ 1,
+ &bytesWritten,
+ plContext));
+
+ if (bytesWritten > 0) {
+ clientState = CLIENT_RECV4;
+ } else {
+ clientState = CLIENT_POLL3;
+ }
+ break;
case CLIENT_POLL3:
- subTest("CLIENT_POLL3");
- clientState = CLIENT_FAILED;
- PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback
- (cSock, &bytesWritten, NULL, plContext));
- if (bytesWritten > 0) {
- clientState = CLIENT_RECV4;
- } else {
- clientState = CLIENT_POLL3;
- }
- break;
+ subTest("CLIENT_POLL3");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, &bytesWritten, NULL, plContext));
+ if (bytesWritten > 0) {
+ clientState = CLIENT_RECV4;
+ } else {
+ clientState = CLIENT_POLL3;
+ }
+ break;
case CLIENT_RECV4:
- subTest("CLIENT_RECV4");
- clientState = CLIENT_FAILED;
- PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback
- (cSock,
- rcvBuf2,
- sizeof(rcvBuf2),
- &bytesRead,
- plContext));
-
- if (bytesRead > 0) {
- PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback
- (cSock, plContext));
- PKIX_TEST_DECREF_BC(cSock);
- clientState = CLIENT_DONE;
- } else {
- clientState = CLIENT_POLL4;
- }
- break;
+ subTest("CLIENT_RECV4");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback(cSock,
+ rcvBuf2,
+ sizeof(rcvBuf2),
+ &bytesRead,
+ plContext));
+
+ if (bytesRead > 0) {
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback(cSock, plContext));
+ PKIX_TEST_DECREF_BC(cSock);
+ clientState = CLIENT_DONE;
+ } else {
+ clientState = CLIENT_POLL4;
+ }
+ break;
case CLIENT_POLL4:
- subTest("CLIENT_POLL4");
- clientState = CLIENT_FAILED;
- PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback
- (cSock, NULL, &bytesRead, plContext));
- if (bytesRead > 0) {
- PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback
- (cSock, plContext));
- PKIX_TEST_DECREF_BC(cSock);
- clientState = CLIENT_DONE;
- } else {
- clientState = CLIENT_POLL4;
- }
- break;
+ subTest("CLIENT_POLL4");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, NULL, &bytesRead, plContext));
+ if (bytesRead > 0) {
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback(cSock, plContext));
+ PKIX_TEST_DECREF_BC(cSock);
+ clientState = CLIENT_DONE;
+ } else {
+ clientState = CLIENT_POLL4;
+ }
+ break;
case CLIENT_DONE:
default:
- subTest("CLIENT_DONE");
- break;
- }
+ subTest("CLIENT_DONE");
+ break;
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (keepGoing);
+ return (keepGoing);
}
-static
-void dispatcher()
+static void
+dispatcher()
{
- PKIX_Boolean keepGoing = PKIX_FALSE;
+ PKIX_Boolean keepGoing = PKIX_FALSE;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- do {
- if (serverState < SERVER_DONE) {
- do {
- keepGoing = server();
- } while (keepGoing == PKIX_TRUE);
- }
- if (clientState < CLIENT_DONE) {
- do {
- keepGoing = client();
- } while (keepGoing == PKIX_TRUE);
- }
- do_other_work();
-
- } while ((serverState < SERVER_DONE) || (clientState < CLIENT_DONE));
+ do {
+ if (serverState < SERVER_DONE) {
+ do {
+ keepGoing = server();
+ } while (keepGoing == PKIX_TRUE);
+ }
+ if (clientState < CLIENT_DONE) {
+ do {
+ keepGoing = client();
+ } while (keepGoing == PKIX_TRUE);
+ }
+ do_other_work();
+
+ } while ((serverState < SERVER_DONE) || (clientState < CLIENT_DONE));
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_socket(int argc, char *argv[])
+int
+test_socket(int argc, char *argv[])
{
- int j = 0;
- PKIX_UInt32 actualMinorVersion;
- char buf[PR_NETDB_BUF_SIZE];
- char *serverName = NULL;
- char *sepPtr = NULL;
- PRHostEnt hostent;
- PRUint16 portNum = 0;
- PRStatus prstatus = PR_FAILURE;
- PRErrorCode cStat = 0;
- void *ipaddr = NULL;
- PKIX_Error *bindError = NULL;
- PRIntn hostenum;
-
- PKIX_TEST_STD_VARS();
-
- startTests("Socket");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- if (argc != (j + 2)) {
- printUsage(argv[0]);
- pkixTestErrorMsg = "Missing command line argument.";
- goto cleanup;
- }
+ int j = 0;
+ PKIX_UInt32 actualMinorVersion;
+ char buf[PR_NETDB_BUF_SIZE];
+ char *serverName = NULL;
+ char *sepPtr = NULL;
+ PRHostEnt hostent;
+ PRUint16 portNum = 0;
+ PRStatus prstatus = PR_FAILURE;
+ PRErrorCode cStat = 0;
+ void *ipaddr = NULL;
+ PKIX_Error *bindError = NULL;
+ PRIntn hostenum;
- serverName = argv[j + 1];
+ PKIX_TEST_STD_VARS();
- subTest("Using pkix_pl_Socket_CreateByName");
+ startTests("Socket");
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName
- (PKIX_TRUE, timeout, serverName, &cStat, &sSock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList
- (sSock, &sCallbackList, plContext));
+ if (argc != (j + 2)) {
+ printUsage(argv[0]);
+ pkixTestErrorMsg = "Missing command line argument.";
+ goto cleanup;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback
- (sSock, backlog, plContext));
+ serverName = argv[j + 1];
- serverState = SERVER_LISTENING;
+ subTest("Using pkix_pl_Socket_CreateByName");
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName
- (PKIX_FALSE, timeout, serverName, &cStat, &cSock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName(PKIX_TRUE, timeout, serverName, &cStat, &sSock, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList
- (cSock, &cCallbackList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(sSock, &sCallbackList, plContext));
- if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) {
- clientState = CLIENT_WAITFORCONNECT;
- } else {
- clientState = CLIENT_SEND1;
- }
+ PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback(sSock, backlog, plContext));
- dispatcher();
+ serverState = SERVER_LISTENING;
- subTest("Using pkix_pl_Socket_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName(PKIX_FALSE, timeout, serverName, &cStat, &cSock, plContext));
- sepPtr = strchr(serverName, ':');
- /* First strip off the portnum, if present, from the end of the name */
- if (sepPtr) {
- *sepPtr++ = '\0';
- portNum = (PRUint16)atoi(sepPtr);
- } else {
- portNum = (PRUint16)LDAP_PORT;
- }
- /*
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(cSock, &cCallbackList, plContext));
+
+ if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) {
+ clientState = CLIENT_WAITFORCONNECT;
+ } else {
+ clientState = CLIENT_SEND1;
+ }
+
+ dispatcher();
+
+ subTest("Using pkix_pl_Socket_Create");
+
+ sepPtr = strchr(serverName, ':');
+ /* First strip off the portnum, if present, from the end of the name */
+ if (sepPtr) {
+ *sepPtr++ = '\0';
+ portNum = (PRUint16)atoi(sepPtr);
+ } else {
+ portNum = (PRUint16)LDAP_PORT;
+ }
+ /*
* The hostname may be a fully-qualified name. Just
* use the leftmost component in our lookup.
*/
- sepPtr = strchr(serverName, '.');
- if (sepPtr) {
- *sepPtr++ = '\0';
- }
- prstatus = PR_GetHostByName(serverName, buf, sizeof(buf), &hostent);
+ sepPtr = strchr(serverName, '.');
+ if (sepPtr) {
+ *sepPtr++ = '\0';
+ }
+ prstatus = PR_GetHostByName(serverName, buf, sizeof(buf), &hostent);
- if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
- printUsage(argv[0]);
- pkixTestErrorMsg =
- "PR_GetHostByName rejects command line argument.";
- goto cleanup;
- }
+ if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
+ printUsage(argv[0]);
+ pkixTestErrorMsg =
+ "PR_GetHostByName rejects command line argument.";
+ goto cleanup;
+ }
- serverNetAddr.inet.family = PR_AF_INET;
- serverNetAddr.inet.port = PR_htons(portNum);
- serverNetAddr.inet.ip = PR_INADDR_ANY;
+ serverNetAddr.inet.family = PR_AF_INET;
+ serverNetAddr.inet.port = PR_htons(portNum);
+ serverNetAddr.inet.ip = PR_INADDR_ANY;
- hostenum = PR_EnumerateHostEnt(0, &hostent, portNum, &clientNetAddr);
- if (hostenum == -1) {
- pkixTestErrorMsg =
- "PR_EnumerateHostEnt failed.";
- goto cleanup;
- }
+ hostenum = PR_EnumerateHostEnt(0, &hostent, portNum, &clientNetAddr);
+ if (hostenum == -1) {
+ pkixTestErrorMsg =
+ "PR_EnumerateHostEnt failed.";
+ goto cleanup;
+ }
- backlog = 5;
+ backlog = 5;
- /* timeout = PR_INTERVAL_NO_TIMEOUT; */
- /* timeout = 0; nonblocking */
- timeout = 0;
+ /* timeout = PR_INTERVAL_NO_TIMEOUT; */
+ /* timeout = 0; nonblocking */
+ timeout = 0;
- bindError = pkix_pl_Socket_Create
- (PKIX_TRUE, timeout, &serverNetAddr, &cStat, &sSock, plContext);
+ bindError = pkix_pl_Socket_Create(PKIX_TRUE, timeout, &serverNetAddr, &cStat, &sSock, plContext);
- /* If PR_Bind can't handle INADDR_ANY, try it with the real name */
- if (bindError) {
- PKIX_TEST_DECREF_BC(bindError);
- serverNetAddr.inet.ip = PR_htonl(*(PRUint32 *)ipaddr);
+ /* If PR_Bind can't handle INADDR_ANY, try it with the real name */
+ if (bindError) {
+ PKIX_TEST_DECREF_BC(bindError);
+ serverNetAddr.inet.ip = PR_htonl(*(PRUint32 *)ipaddr);
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create
- (PKIX_TRUE,
- timeout,
- &serverNetAddr,
- &cStat,
- &sSock,
- plContext));
- }
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create(PKIX_TRUE,
+ timeout,
+ &serverNetAddr,
+ &cStat,
+ &sSock,
+ plContext));
+ }
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList
- (sSock, &sCallbackList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(sSock, &sCallbackList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback
- (sSock, backlog, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback(sSock, backlog, plContext));
- serverState = SERVER_LISTENING;
+ serverState = SERVER_LISTENING;
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create
- (PKIX_FALSE, timeout, &clientNetAddr, &cStat, &cSock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create(PKIX_FALSE, timeout, &clientNetAddr, &cStat, &cSock, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList
- (cSock, &cCallbackList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(cSock, &cCallbackList, plContext));
- if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) {
- clientState = CLIENT_WAITFORCONNECT;
- } else {
- clientState = CLIENT_SEND1;
- }
+ if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) {
+ clientState = CLIENT_WAITFORCONNECT;
+ } else {
+ clientState = CLIENT_SEND1;
+ }
- dispatcher();
+ dispatcher();
cleanup:
- PKIX_TEST_DECREF_AC(sSock);
- PKIX_TEST_DECREF_AC(cSock);
- PKIX_TEST_DECREF_AC(rendezvousSock);
+ PKIX_TEST_DECREF_AC(sSock);
+ PKIX_TEST_DECREF_AC(cSock);
+ PKIX_TEST_DECREF_AC(rendezvousSock);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("Socket");
+ endTests("Socket");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c b/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c
index 0db454143..156b440f9 100644
--- a/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c
+++ b/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c
@@ -8,108 +8,98 @@
*
*/
-
-
#include "testutil.h"
#include "testutil_nss.h"
static void *plContext = NULL;
-int test_authorityinfoaccess(int argc, char *argv[]) {
+int
+test_authorityinfoaccess(int argc, char *argv[])
+{
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_Cert *certDiff = NULL;
- PKIX_List *aiaList = NULL;
- PKIX_List *siaList = NULL;
- PKIX_PL_InfoAccess *aia = NULL;
- PKIX_PL_InfoAccess *aiaDup = NULL;
- PKIX_PL_InfoAccess *aiaDiff = NULL;
- char *certPathName = NULL;
- char *dirName = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 size, i;
- PKIX_UInt32 j = 0;
- char *expectedAscii = "[method:caIssuers, location:ldap:"
- "//betty.nist.gov/cn=CA,ou=Basic%20LDAP%20URI%20OU1,"
- "o=Test%20Certificates,c=US?cACertificate;binary,"
- "crossCertificatePair;binary]";
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_Cert *certDiff = NULL;
+ PKIX_List *aiaList = NULL;
+ PKIX_List *siaList = NULL;
+ PKIX_PL_InfoAccess *aia = NULL;
+ PKIX_PL_InfoAccess *aiaDup = NULL;
+ PKIX_PL_InfoAccess *aiaDiff = NULL;
+ char *certPathName = NULL;
+ char *dirName = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 size, i;
+ PKIX_UInt32 j = 0;
+ char *expectedAscii = "[method:caIssuers, location:ldap:"
+ "//betty.nist.gov/cn=CA,ou=Basic%20LDAP%20URI%20OU1,"
+ "o=Test%20Certificates,c=US?cACertificate;binary,"
+ "crossCertificatePair;binary]";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("AuthorityInfoAccess");
+ startTests("AuthorityInfoAccess");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- if (argc < 5+j) {
- printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]);
- }
+ if (argc < 5 + j) {
+ printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]);
+ }
- dirName = argv[2+j];
- certPathName = argv[3+j];
+ dirName = argv[2 + j];
+ certPathName = argv[3 + j];
- subTest("Creating Cert with Authority Info Access");
- cert = createCert(dirName, certPathName, plContext);
+ subTest("Creating Cert with Authority Info Access");
+ cert = createCert(dirName, certPathName, plContext);
- certPathName = argv[4+j];
+ certPathName = argv[4 + j];
- subTest("Creating Cert with Subject Info Access");
- certDiff = createCert(dirName, certPathName, plContext);
+ subTest("Creating Cert with Subject Info Access");
+ certDiff = createCert(dirName, certPathName, plContext);
- subTest("Getting Authority Info Access");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess
- (cert, &aiaList, plContext));
+ subTest("Getting Authority Info Access");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(cert, &aiaList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (aiaList, &size, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext));
- if (size != 1) {
- pkixTestErrorMsg = "unexpected number of AIA";
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (aiaList, 0, (PKIX_PL_Object **) &aia, plContext));
+ if (size != 1) {
+ pkixTestErrorMsg = "unexpected number of AIA";
+ goto cleanup;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (aiaList, 0, (PKIX_PL_Object **) &aiaDup, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aia, plContext));
- subTest("Getting Subject Info Access as difference comparison");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess
- (certDiff, &siaList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aiaDup, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (siaList, &size, plContext));
+ subTest("Getting Subject Info Access as difference comparison");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess(certDiff, &siaList, plContext));
- if (size != 1) {
- pkixTestErrorMsg = "unexpected number of AIA";
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (siaList, 0, (PKIX_PL_Object **) &aiaDiff, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(siaList, &size, plContext));
- subTest("Checking: Equal, Hash and ToString");
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (aia, aiaDup, aiaDiff, expectedAscii, InfoAccess, PKIX_FALSE);
+ if (size != 1) {
+ pkixTestErrorMsg = "unexpected number of AIA";
+ goto cleanup;
+ }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&aiaDiff, plContext));
+ subTest("Checking: Equal, Hash and ToString");
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(aia, aiaDup, aiaDiff, expectedAscii, InfoAccess, PKIX_FALSE);
cleanup:
- PKIX_TEST_DECREF_AC(aia);
- PKIX_TEST_DECREF_AC(aiaDup);
- PKIX_TEST_DECREF_AC(aiaDiff);
- PKIX_TEST_DECREF_AC(aiaList);
- PKIX_TEST_DECREF_AC(siaList);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(certDiff);
-
- PKIX_Shutdown(plContext);
+ PKIX_TEST_DECREF_AC(aia);
+ PKIX_TEST_DECREF_AC(aiaDup);
+ PKIX_TEST_DECREF_AC(aiaDiff);
+ PKIX_TEST_DECREF_AC(aiaList);
+ PKIX_TEST_DECREF_AC(siaList);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(certDiff);
+
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("Authorityinfoaccess");
+ endTests("Authorityinfoaccess");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/pki/test_cert.c b/cmd/libpkix/pkix_pl/pki/test_cert.c
index e68f2f0c3..274f818ab 100644
--- a/cmd/libpkix/pkix_pl/pki/test_cert.c
+++ b/cmd/libpkix/pkix_pl/pki/test_cert.c
@@ -34,986 +34,885 @@ static PKIX_PL_Cert *altNameMultipleCert = NULL;
static void *plContext = NULL;
-static void createCerts(
- char *dataCentralDir,
- char *goodInput,
- char *diffInput,
- PKIX_PL_Cert **goodObject,
- PKIX_PL_Cert **equalObject,
- PKIX_PL_Cert **diffObject)
+static void
+createCerts(
+ char *dataCentralDir,
+ char *goodInput,
+ char *diffInput,
+ PKIX_PL_Cert **goodObject,
+ PKIX_PL_Cert **equalObject,
+ PKIX_PL_Cert **diffObject)
{
- subTest("PKIX_PL_Cert_Create <goodObject>");
- *goodObject = createCert(dataCentralDir, goodInput, plContext);
+ subTest("PKIX_PL_Cert_Create <goodObject>");
+ *goodObject = createCert(dataCentralDir, goodInput, plContext);
- subTest("PKIX_PL_Cert_Create <equalObject>");
- *equalObject = createCert(dataCentralDir, goodInput, plContext);
+ subTest("PKIX_PL_Cert_Create <equalObject>");
+ *equalObject = createCert(dataCentralDir, goodInput, plContext);
- subTest("PKIX_PL_Cert_Create <diffObject>");
- *diffObject = createCert(dataCentralDir, diffInput, plContext);
+ subTest("PKIX_PL_Cert_Create <diffObject>");
+ *diffObject = createCert(dataCentralDir, diffInput, plContext);
}
-
static void
createCertsWithSubjectAltNames(char *dataCentralDir)
{
- subTest("PKIX_PL_Cert_Create <altNameDNS>");
- altNameDnsCert = createCert
- (dataCentralDir, "generalName/altNameDnsCert", plContext);
-
- subTest("PKIX_PL_Cert_Create <altNameDNS_diff>");
- altNameDnsCert_diff = createCert
- (dataCentralDir, "generalName/altNameDnsCert_diff", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameDNS>");
+ altNameDnsCert = createCert(dataCentralDir, "generalName/altNameDnsCert", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameDNS_diff>");
+ altNameDnsCert_diff = createCert(dataCentralDir, "generalName/altNameDnsCert_diff", plContext);
- subTest("PKIX_PL_Cert_Create <altNameRFC822>");
- altNameRfc822Cert = createCert
- (dataCentralDir, "generalName/altNameRfc822Cert", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameRFC822>");
+ altNameRfc822Cert = createCert(dataCentralDir, "generalName/altNameRfc822Cert", plContext);
- subTest("PKIX_PL_Cert_Create <altNameRFC822_diff>");
- altNameRfc822Cert_diff = createCert
- (dataCentralDir, "generalName/altNameRfc822Cert_diff", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameRFC822_diff>");
+ altNameRfc822Cert_diff = createCert(dataCentralDir, "generalName/altNameRfc822Cert_diff", plContext);
- subTest("PKIX_PL_Cert_Create <altNameX400Cert>");
- altNameX400Cert = createCert
- (dataCentralDir, "generalName/altNameX400Cert", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameX400Cert>");
+ altNameX400Cert = createCert(dataCentralDir, "generalName/altNameX400Cert", plContext);
- subTest("PKIX_PL_Cert_Create <altNameX400_diff>");
- altNameX400Cert_diff = createCert
- (dataCentralDir, "generalName/altNameX400Cert_diff", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameX400_diff>");
+ altNameX400Cert_diff = createCert(dataCentralDir, "generalName/altNameX400Cert_diff", plContext);
- subTest("PKIX_PL_Cert_Create <altNameDN>");
- altNameDnCert = createCert
- (dataCentralDir, "generalName/altNameDnCert", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameDN>");
+ altNameDnCert = createCert(dataCentralDir, "generalName/altNameDnCert", plContext);
- subTest("PKIX_PL_Cert_Create <altNameDN_diff>");
- altNameDnCert_diff = createCert
- (dataCentralDir, "generalName/altNameDnCert_diff", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameDN_diff>");
+ altNameDnCert_diff = createCert(dataCentralDir, "generalName/altNameDnCert_diff", plContext);
- subTest("PKIX_PL_Cert_Create <altNameEdiCert>");
- altNameEdiCert = createCert
- (dataCentralDir, "generalName/altNameEdiCert", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameEdiCert>");
+ altNameEdiCert = createCert(dataCentralDir, "generalName/altNameEdiCert", plContext);
- subTest("PKIX_PL_Cert_Create <altNameEdi_diff>");
- altNameEdiCert_diff = createCert
- (dataCentralDir, "generalName/altNameEdiCert_diff", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameEdi_diff>");
+ altNameEdiCert_diff = createCert(dataCentralDir, "generalName/altNameEdiCert_diff", plContext);
- subTest("PKIX_PL_Cert_Create <altNameURI>");
- altNameUriCert = createCert
- (dataCentralDir, "generalName/altNameUriCert", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameURI>");
+ altNameUriCert = createCert(dataCentralDir, "generalName/altNameUriCert", plContext);
- subTest("PKIX_PL_Cert_Create <altNameURI_diff>");
- altNameUriCert_diff = createCert
- (dataCentralDir, "generalName/altNameUriCert_diff", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameURI_diff>");
+ altNameUriCert_diff = createCert(dataCentralDir, "generalName/altNameUriCert_diff", plContext);
- subTest("PKIX_PL_Cert_Create <altNameIP>");
- altNameIpCert = createCert
- (dataCentralDir, "generalName/altNameIpCert", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameIP>");
+ altNameIpCert = createCert(dataCentralDir, "generalName/altNameIpCert", plContext);
- subTest("PKIX_PL_Cert_Create <altNameIP_diff>");
- altNameIpCert_diff = createCert
- (dataCentralDir, "generalName/altNameIpCert_diff", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameIP_diff>");
+ altNameIpCert_diff = createCert(dataCentralDir, "generalName/altNameIpCert_diff", plContext);
- subTest("PKIX_PL_Cert_Create <altNameOID>");
- altNameOidCert = createCert
- (dataCentralDir, "generalName/altNameOidCert", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameOID>");
+ altNameOidCert = createCert(dataCentralDir, "generalName/altNameOidCert", plContext);
- subTest("PKIX_PL_Cert_Create <altNameOID_diff>");
- altNameOidCert_diff = createCert
- (dataCentralDir, "generalName/altNameOidCert_diff", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameOID_diff>");
+ altNameOidCert_diff = createCert(dataCentralDir, "generalName/altNameOidCert_diff", plContext);
- subTest("PKIX_PL_Cert_Create <altNameOther>");
- altNameOtherCert = createCert
- (dataCentralDir, "generalName/altNameOtherCert", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameOther>");
+ altNameOtherCert = createCert(dataCentralDir, "generalName/altNameOtherCert", plContext);
- subTest("PKIX_PL_Cert_Create <altNameOther_diff>");
- altNameOtherCert_diff = createCert
- (dataCentralDir, "generalName/altNameOtherCert_diff", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameOther_diff>");
+ altNameOtherCert_diff = createCert(dataCentralDir, "generalName/altNameOtherCert_diff", plContext);
- subTest("PKIX_PL_Cert_Create <altNameNone>");
- altNameNoneCert = createCert
- (dataCentralDir, "generalName/altNameNoneCert", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameNone>");
+ altNameNoneCert = createCert(dataCentralDir, "generalName/altNameNoneCert", plContext);
- subTest("PKIX_PL_Cert_Create <altNameMultiple>");
- altNameMultipleCert = createCert
- (dataCentralDir, "generalName/altNameRfc822DnsCert", plContext);
+ subTest("PKIX_PL_Cert_Create <altNameMultiple>");
+ altNameMultipleCert = createCert(dataCentralDir, "generalName/altNameRfc822DnsCert", plContext);
}
-static void testGetVersion(
- PKIX_PL_Cert *goodObject)
+static void
+testGetVersion(
+ PKIX_PL_Cert *goodObject)
{
- PKIX_UInt32 goodVersion;
+ PKIX_UInt32 goodVersion;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_GetVersion");
+ subTest("PKIX_PL_Cert_GetVersion");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetVersion
- (goodObject, &goodVersion, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetVersion(goodObject, &goodVersion, plContext));
- if (goodVersion != 2){
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%d\n", goodVersion);
- (void) printf("Expected value:\t2\n");
- goto cleanup;
- }
+ if (goodVersion != 2) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", goodVersion);
+ (void)printf("Expected value:\t2\n");
+ goto cleanup;
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void testGetSerialNumber(
- PKIX_PL_Cert *goodObject,
- PKIX_PL_Cert *equalObject,
- PKIX_PL_Cert *diffObject)
+static void
+testGetSerialNumber(
+ PKIX_PL_Cert *goodObject,
+ PKIX_PL_Cert *equalObject,
+ PKIX_PL_Cert *diffObject)
{
- PKIX_PL_BigInt *goodSN = NULL;
- PKIX_PL_BigInt *equalSN = NULL;
- PKIX_PL_BigInt *diffSN = NULL;
- char *expectedAscii = "37bc66ec";
+ PKIX_PL_BigInt *goodSN = NULL;
+ PKIX_PL_BigInt *equalSN = NULL;
+ PKIX_PL_BigInt *diffSN = NULL;
+ char *expectedAscii = "37bc66ec";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_GetSerialNumber");
+ subTest("PKIX_PL_Cert_GetSerialNumber");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber
- (goodObject, &goodSN, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(goodObject, &goodSN, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber
- (equalObject, &equalSN, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(equalObject, &equalSN, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber
- (diffObject, &diffSN, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(diffObject, &diffSN, plContext));
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodSN, equalSN, diffSN, expectedAscii, BigInt, PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSN, equalSN, diffSN, expectedAscii, BigInt, PKIX_TRUE);
cleanup:
- PKIX_TEST_DECREF_AC(goodSN);
- PKIX_TEST_DECREF_AC(equalSN);
- PKIX_TEST_DECREF_AC(diffSN);
+ PKIX_TEST_DECREF_AC(goodSN);
+ PKIX_TEST_DECREF_AC(equalSN);
+ PKIX_TEST_DECREF_AC(diffSN);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-
-static void testGetSubject(
- PKIX_PL_Cert *goodObject,
- PKIX_PL_Cert *equalObject,
- PKIX_PL_Cert *diffObject)
+static void
+testGetSubject(
+ PKIX_PL_Cert *goodObject,
+ PKIX_PL_Cert *equalObject,
+ PKIX_PL_Cert *diffObject)
{
- PKIX_PL_X500Name *goodSubject = NULL;
- PKIX_PL_X500Name *equalSubject = NULL;
- PKIX_PL_X500Name *diffSubject = NULL;
- char *expectedAscii = "OU=bcn,OU=east,O=sun,C=us";
+ PKIX_PL_X500Name *goodSubject = NULL;
+ PKIX_PL_X500Name *equalSubject = NULL;
+ PKIX_PL_X500Name *diffSubject = NULL;
+ char *expectedAscii = "OU=bcn,OU=east,O=sun,C=us";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_GetSubject");
+ subTest("PKIX_PL_Cert_GetSubject");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject
- (goodObject, &goodSubject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(goodObject, &goodSubject, plContext));
- if (!goodSubject){
- testError("Certificate Subject should not be NULL");
- goto cleanup;
- }
+ if (!goodSubject) {
+ testError("Certificate Subject should not be NULL");
+ goto cleanup;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject
- (equalObject, &equalSubject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(equalObject, &equalSubject, plContext));
- if (!equalSubject){
- testError("Certificate Subject should not be NULL");
- goto cleanup;
- }
+ if (!equalSubject) {
+ testError("Certificate Subject should not be NULL");
+ goto cleanup;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject
- (diffObject, &diffSubject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffObject, &diffSubject, plContext));
- if (!diffSubject){
- testError("Certificate Subject should not be NULL");
- goto cleanup;
- }
+ if (!diffSubject) {
+ testError("Certificate Subject should not be NULL");
+ goto cleanup;
+ }
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodSubject,
- equalSubject,
- diffSubject,
- expectedAscii,
- X500Name,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSubject,
+ equalSubject,
+ diffSubject,
+ expectedAscii,
+ X500Name,
+ PKIX_TRUE);
cleanup:
- PKIX_TEST_DECREF_AC(goodSubject);
- PKIX_TEST_DECREF_AC(equalSubject);
- PKIX_TEST_DECREF_AC(diffSubject);
+ PKIX_TEST_DECREF_AC(goodSubject);
+ PKIX_TEST_DECREF_AC(equalSubject);
+ PKIX_TEST_DECREF_AC(diffSubject);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void testGetIssuer(
- PKIX_PL_Cert *goodObject,
- PKIX_PL_Cert *equalObject,
- PKIX_PL_Cert *diffObject)
+static void
+testGetIssuer(
+ PKIX_PL_Cert *goodObject,
+ PKIX_PL_Cert *equalObject,
+ PKIX_PL_Cert *diffObject)
{
- PKIX_PL_X500Name *goodIssuer = NULL;
- PKIX_PL_X500Name *equalIssuer = NULL;
- PKIX_PL_X500Name *diffIssuer = NULL;
- char *expectedAscii = "CN=yassir,OU=bcn,OU=east,O=sun,C=us";
+ PKIX_PL_X500Name *goodIssuer = NULL;
+ PKIX_PL_X500Name *equalIssuer = NULL;
+ PKIX_PL_X500Name *diffIssuer = NULL;
+ char *expectedAscii = "CN=yassir,OU=bcn,OU=east,O=sun,C=us";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_GetIssuer");
+ subTest("PKIX_PL_Cert_GetIssuer");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer
- (goodObject, &goodIssuer, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(goodObject, &goodIssuer, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer
- (equalObject, &equalIssuer, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(equalObject, &equalIssuer, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer
- (diffObject, &diffIssuer, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(diffObject, &diffIssuer, plContext));
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodIssuer,
- equalIssuer,
- diffIssuer,
- expectedAscii,
- X500Name,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer,
+ equalIssuer,
+ diffIssuer,
+ expectedAscii,
+ X500Name,
+ PKIX_TRUE);
cleanup:
- PKIX_TEST_DECREF_AC(goodIssuer);
- PKIX_TEST_DECREF_AC(equalIssuer);
- PKIX_TEST_DECREF_AC(diffIssuer);
+ PKIX_TEST_DECREF_AC(goodIssuer);
+ PKIX_TEST_DECREF_AC(equalIssuer);
+ PKIX_TEST_DECREF_AC(diffIssuer);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void testAltNames(
- PKIX_PL_Cert *goodCert,
- PKIX_PL_Cert *diffCert,
- char *expectedAscii)
+static void
+testAltNames(
+ PKIX_PL_Cert *goodCert,
+ PKIX_PL_Cert *diffCert,
+ char *expectedAscii)
{
- PKIX_List *goodAltNames = NULL;
- PKIX_List *diffAltNames = NULL;
- PKIX_PL_GeneralName *goodAltName = NULL;
- PKIX_PL_GeneralName *diffAltName = NULL;
+ PKIX_List *goodAltNames = NULL;
+ PKIX_List *diffAltNames = NULL;
+ PKIX_PL_GeneralName *goodAltName = NULL;
+ PKIX_PL_GeneralName *diffAltName = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames
- (goodCert, &goodAltNames, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(goodCert, &goodAltNames, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (goodAltNames,
- 0,
- (PKIX_PL_Object **)&goodAltName,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodAltNames,
+ 0,
+ (PKIX_PL_Object **)&goodAltName,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames
- (diffCert, &diffAltNames, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(diffCert, &diffAltNames, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (diffAltNames,
- 0,
- (PKIX_PL_Object **)&diffAltName,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffAltNames,
+ 0,
+ (PKIX_PL_Object **)&diffAltName,
+ plContext));
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodAltName, goodAltName, diffAltName,
- expectedAscii, GeneralName, PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodAltName, goodAltName, diffAltName,
+ expectedAscii, GeneralName, PKIX_TRUE);
cleanup:
- PKIX_TEST_DECREF_AC(goodAltNames);
- PKIX_TEST_DECREF_AC(goodAltName);
- PKIX_TEST_DECREF_AC(diffAltNames);
- PKIX_TEST_DECREF_AC(diffAltName);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(goodAltNames);
+ PKIX_TEST_DECREF_AC(goodAltName);
+ PKIX_TEST_DECREF_AC(diffAltNames);
+ PKIX_TEST_DECREF_AC(diffAltName);
+ PKIX_TEST_RETURN();
}
-static void testAltNamesNone(PKIX_PL_Cert *cert){
+static void
+testAltNamesNone(PKIX_PL_Cert *cert)
+{
- PKIX_List *altNames = NULL;
+ PKIX_List *altNames = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames
- (cert, &altNames, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(cert, &altNames, plContext));
- if (altNames != NULL){
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%p\n", (void *)altNames);
- (void) printf("Expected value:\tNULL\n");
- goto cleanup;
- }
+ if (altNames != NULL) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%p\n", (void *)altNames);
+ (void)printf("Expected value:\tNULL\n");
+ goto cleanup;
+ }
cleanup:
- PKIX_TEST_DECREF_AC(altNames);
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_DECREF_AC(altNames);
+ PKIX_TEST_RETURN();
}
-static void testAltNamesMultiple(){
- PKIX_List *altNames = NULL;
- PKIX_PL_GeneralName *firstAltName = NULL;
- PKIX_Int32 firstExpectedType = PKIX_RFC822_NAME;
- PKIX_PL_GeneralName *secondAltName = NULL;
- PKIX_Int32 secondExpectedType = PKIX_DNS_NAME;
-
-
- char *expectedAscii =
- "[\n"
- "\tVersion: v3\n"
- "\tSerialNumber: 2d\n"
- "\tIssuer: OU=labs,O=sun,C=us\n"
- "\tSubject: CN=yassir,OU=labs,O=sun,C=us\n"
- "\tValidity: [From: Mon Feb 09, 2004\n"
+static void
+testAltNamesMultiple()
+{
+ PKIX_List *altNames = NULL;
+ PKIX_PL_GeneralName *firstAltName = NULL;
+ PKIX_Int32 firstExpectedType = PKIX_RFC822_NAME;
+ PKIX_PL_GeneralName *secondAltName = NULL;
+ PKIX_Int32 secondExpectedType = PKIX_DNS_NAME;
+
+ char *expectedAscii =
+ "[\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 2d\n"
+ "\tIssuer: OU=labs,O=sun,C=us\n"
+ "\tSubject: CN=yassir,OU=labs,O=sun,C=us\n"
+ "\tValidity: [From: Mon Feb 09, 2004\n"
/* "\tValidity: [From: Mon Feb 09 14:43:52 2004\n" */
- "\t To: Mon Feb 09, 2004]\n"
+ "\t To: Mon Feb 09, 2004]\n"
/* "\t To: Mon Feb 09 14:43:52 2004]\n" */
- "\tSubjectAltNames: (yassir@sun.com, sunray.sun.com)\n"
- "\tAuthorityKeyId: (null)\n"
- "\tSubjectKeyId: (null)\n"
- "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
- "\tCritExtOIDs: (EMPTY)\n"
- "\tExtKeyUsages: (null)\n"
- "\tBasicConstraint: (null)\n"
- "\tCertPolicyInfo: (null)\n"
- "\tPolicyMappings: (null)\n"
- "\tExplicitPolicy: -1\n"
- "\tInhibitMapping: -1\n"
- "\tInhibitAnyPolicy:-1\n"
- "\tNameConstraints: (null)\n"
- "\tAuthorityInfoAccess: (null)\n"
- "\tSubjectInfoAccess: (null)\n"
- "\tCacheFlag: 0\n"
- "]\n";
-
- PKIX_TEST_STD_VARS();
-
- testToStringHelper
- ((PKIX_PL_Object *)altNameMultipleCert,
- expectedAscii,
- plContext);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames
- (altNameMultipleCert, &altNames, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (altNames, 0, (PKIX_PL_Object **)&firstAltName, plContext));
-
- if (firstAltName->type != firstExpectedType){
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%d\n", firstAltName->type);
- (void) printf("Expected value:\t%d\n", firstExpectedType);
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (altNames, 1, (PKIX_PL_Object **)&secondAltName, plContext));
-
- if (secondAltName->type != secondExpectedType){
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%d\n", secondAltName->type);
- (void) printf("Expected value:\t%d\n", secondExpectedType);
- goto cleanup;
- }
+ "\tSubjectAltNames: (yassir@sun.com, sunray.sun.com)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: (null)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "\tAuthorityInfoAccess: (null)\n"
+ "\tSubjectInfoAccess: (null)\n"
+ "\tCacheFlag: 0\n"
+ "]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ testToStringHelper((PKIX_PL_Object *)altNameMultipleCert,
+ expectedAscii,
+ plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(altNameMultipleCert, &altNames, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 0, (PKIX_PL_Object **)&firstAltName, plContext));
+
+ if (firstAltName->type != firstExpectedType) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", firstAltName->type);
+ (void)printf("Expected value:\t%d\n", firstExpectedType);
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 1, (PKIX_PL_Object **)&secondAltName, plContext));
+
+ if (secondAltName->type != secondExpectedType) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", secondAltName->type);
+ (void)printf("Expected value:\t%d\n", secondExpectedType);
+ goto cleanup;
+ }
cleanup:
- PKIX_TEST_DECREF_AC(altNames);
- PKIX_TEST_DECREF_AC(firstAltName);
- PKIX_TEST_DECREF_AC(secondAltName);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(altNames);
+ PKIX_TEST_DECREF_AC(firstAltName);
+ PKIX_TEST_DECREF_AC(secondAltName);
+ PKIX_TEST_RETURN();
}
-static void testGetSubjectAltNames(char *dataCentralDir){
+static void
+testGetSubjectAltNames(char *dataCentralDir)
+{
- char *expectedAscii = NULL;
+ char *expectedAscii = NULL;
- createCertsWithSubjectAltNames(dataCentralDir);
+ createCertsWithSubjectAltNames(dataCentralDir);
- subTest("PKIX_PL_Cert_GetSubjectAltNames <DNS>");
- expectedAscii = "east.sun.com";
- testAltNames(altNameDnsCert, altNameDnsCert_diff, expectedAscii);
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <DNS>");
+ expectedAscii = "east.sun.com";
+ testAltNames(altNameDnsCert, altNameDnsCert_diff, expectedAscii);
- subTest("PKIX_PL_Cert_GetSubjectAltNames <RFC822>");
- expectedAscii = "alice.barnes@bcn.east.sun.com";
- testAltNames(altNameRfc822Cert, altNameRfc822Cert_diff, expectedAscii);
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <RFC822>");
+ expectedAscii = "alice.barnes@bcn.east.sun.com";
+ testAltNames(altNameRfc822Cert, altNameRfc822Cert_diff, expectedAscii);
- /*
+ /*
*this should work once bugzilla bug #233586 is fixed.
*subTest("PKIX_PL_Cert_GetSubjectAltNames <X400Address>");
*expectedAscii = "X400Address: <DER-encoded value>";
*testAltNames(altNameX400Cert, altNameX400Cert_diff, expectedAscii);
*/
- subTest("PKIX_PL_Cert_GetSubjectAltNames <DN>");
- expectedAscii = "CN=elley,OU=labs,O=sun,C=us";
- testAltNames(altNameDnCert, altNameDnCert_diff, expectedAscii);
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <DN>");
+ expectedAscii = "CN=elley,OU=labs,O=sun,C=us";
+ testAltNames(altNameDnCert, altNameDnCert_diff, expectedAscii);
- /*
+ /*
* this should work once bugzilla bug #233586 is fixed.
* subTest("PKIX_PL_Cert_GetSubjectAltNames <EdiPartyName>");
* expectedAscii = "EDIPartyName: <DER-encoded value>";
* testAltNames(altNameEdiCert, altNameEdiCert_diff, expectedAscii);
*/
- subTest("PKIX_PL_Cert_GetSubjectAltNames <URI>");
- expectedAscii = "http://www.sun.com";
- testAltNames(altNameUriCert, altNameUriCert_diff, expectedAscii);
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <URI>");
+ expectedAscii = "http://www.sun.com";
+ testAltNames(altNameUriCert, altNameUriCert_diff, expectedAscii);
- subTest("PKIX_PL_Cert_GetSubjectAltNames <IP>");
- expectedAscii = "1.2.3.4";
- testAltNames(altNameIpCert, altNameIpCert_diff, expectedAscii);
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <IP>");
+ expectedAscii = "1.2.3.4";
+ testAltNames(altNameIpCert, altNameIpCert_diff, expectedAscii);
- subTest("PKIX_PL_Cert_GetSubjectAltNames <OID>");
- expectedAscii = "1.2.39";
- testAltNames(altNameOidCert, altNameOidCert_diff, expectedAscii);
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <OID>");
+ expectedAscii = "1.2.39";
+ testAltNames(altNameOidCert, altNameOidCert_diff, expectedAscii);
- subTest("PKIX_PL_Cert_GetSubjectAltNames <Other>");
- expectedAscii = "1.7.26.97";
- testAltNames(altNameOtherCert, altNameOtherCert_diff, expectedAscii);
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <Other>");
+ expectedAscii = "1.7.26.97";
+ testAltNames(altNameOtherCert, altNameOtherCert_diff, expectedAscii);
- subTest("PKIX_PL_Cert_GetSubjectAltNames <none>");
- testAltNamesNone(altNameNoneCert);
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <none>");
+ testAltNamesNone(altNameNoneCert);
- subTest("PKIX_PL_Cert_GetSubjectAltNames <Multiple>");
- testAltNamesMultiple();
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <Multiple>");
+ testAltNamesMultiple();
}
-static void testGetSubjectPublicKey(
- PKIX_PL_Cert *goodObject,
- PKIX_PL_Cert *equalObject,
- PKIX_PL_Cert *diffObject)
+static void
+testGetSubjectPublicKey(
+ PKIX_PL_Cert *goodObject,
+ PKIX_PL_Cert *equalObject,
+ PKIX_PL_Cert *diffObject)
{
- PKIX_PL_PublicKey *goodPubKey = NULL;
- PKIX_PL_PublicKey *equalPubKey = NULL;
- PKIX_PL_PublicKey *diffPubKey = NULL;
- char *expectedAscii = "ANSI X9.57 DSA Signature";
+ PKIX_PL_PublicKey *goodPubKey = NULL;
+ PKIX_PL_PublicKey *equalPubKey = NULL;
+ PKIX_PL_PublicKey *diffPubKey = NULL;
+ char *expectedAscii = "ANSI X9.57 DSA Signature";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_GetSubjectPublicKey");
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (goodObject, &goodPubKey, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodObject, &goodPubKey, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (equalObject, &equalPubKey, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(equalObject, &equalPubKey, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (diffObject, &diffPubKey, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffObject, &diffPubKey, plContext));
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodPubKey, equalPubKey, diffPubKey,
- expectedAscii, PublicKey, PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPubKey, equalPubKey, diffPubKey,
+ expectedAscii, PublicKey, PKIX_TRUE);
cleanup:
- PKIX_TEST_DECREF_AC(goodPubKey);
- PKIX_TEST_DECREF_AC(equalPubKey);
- PKIX_TEST_DECREF_AC(diffPubKey);
+ PKIX_TEST_DECREF_AC(goodPubKey);
+ PKIX_TEST_DECREF_AC(equalPubKey);
+ PKIX_TEST_DECREF_AC(diffPubKey);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void testGetSubjectPublicKeyAlgId(PKIX_PL_Cert *goodObject){
- PKIX_PL_OID *pkixPubKeyOID = NULL;
- char *expectedAscii = "1.2.840.10040.4.1";
+static void
+testGetSubjectPublicKeyAlgId(PKIX_PL_Cert *goodObject)
+{
+ PKIX_PL_OID *pkixPubKeyOID = NULL;
+ char *expectedAscii = "1.2.840.10040.4.1";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_GetSubjectPublicKeyAlgId");
+ subTest("PKIX_PL_Cert_GetSubjectPublicKeyAlgId");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_GetSubjectPublicKeyAlgId
- (goodObject, &pkixPubKeyOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(goodObject, &pkixPubKeyOID, plContext));
- testToStringHelper
- ((PKIX_PL_Object *)pkixPubKeyOID, expectedAscii, plContext);
+ testToStringHelper((PKIX_PL_Object *)pkixPubKeyOID, expectedAscii, plContext);
cleanup:
- PKIX_TEST_DECREF_AC(pkixPubKeyOID);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(pkixPubKeyOID);
+ PKIX_TEST_RETURN();
}
static void
testCritExtensionsPresent(PKIX_PL_Cert *cert)
{
- PKIX_List *critOIDList = NULL;
- char *firstOIDAscii = "2.5.29.15";
- PKIX_PL_OID *firstOID = NULL;
- char *secondOIDAscii = "2.5.29.19";
- PKIX_PL_OID *secondOID = NULL;
-
- PKIX_TEST_STD_VARS();
+ PKIX_List *critOIDList = NULL;
+ char *firstOIDAscii = "2.5.29.15";
+ PKIX_PL_OID *firstOID = NULL;
+ char *secondOIDAscii = "2.5.29.19";
+ PKIX_PL_OID *secondOID = NULL;
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs
- (cert, &critOIDList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &critOIDList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (critOIDList, 0, (PKIX_PL_Object **)&firstOID, plContext));
- testToStringHelper
- ((PKIX_PL_Object *)firstOID, firstOIDAscii, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 0, (PKIX_PL_Object **)&firstOID, plContext));
+ testToStringHelper((PKIX_PL_Object *)firstOID, firstOIDAscii, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (critOIDList, 1, (PKIX_PL_Object **)&secondOID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 1, (PKIX_PL_Object **)&secondOID, plContext));
- testToStringHelper
- ((PKIX_PL_Object *)secondOID, secondOIDAscii, plContext);
+ testToStringHelper((PKIX_PL_Object *)secondOID, secondOIDAscii, plContext);
cleanup:
- PKIX_TEST_DECREF_AC(critOIDList);
- PKIX_TEST_DECREF_AC(firstOID);
- PKIX_TEST_DECREF_AC(secondOID);
+ PKIX_TEST_DECREF_AC(critOIDList);
+ PKIX_TEST_DECREF_AC(firstOID);
+ PKIX_TEST_DECREF_AC(secondOID);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testCritExtensionsAbsent(PKIX_PL_Cert *cert)
{
- PKIX_List *oidList = NULL;
- PKIX_Boolean empty;
+ PKIX_List *oidList = NULL;
+ PKIX_Boolean empty;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs
- (cert, &oidList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_IsEmpty(oidList, &empty, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext));
- if (!empty){
- pkixTestErrorMsg = "unexpected mismatch";
- }
+ if (!empty) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(oidList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(oidList);
+ PKIX_TEST_RETURN();
}
-
static void
testAllExtensionsAbsent(char *dataCentralDir)
{
- PKIX_List *oidList = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_Boolean empty;
+ PKIX_List *oidList = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_Boolean empty;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_Create <noExtensionsCert>");
- cert = createCert(dataCentralDir, "noExtensionsCert", plContext);
+ subTest("PKIX_PL_Cert_Create <noExtensionsCert>");
+ cert = createCert(dataCentralDir, "noExtensionsCert", plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs
- (cert, &oidList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_IsEmpty(oidList, &empty, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext));
- if (!empty){
- pkixTestErrorMsg = "unexpected mismatch";
- }
+ if (!empty) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(oidList);
- PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(oidList);
+ PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testGetCriticalExtensionOIDs(char *dataCentralDir, PKIX_PL_Cert *goodObject)
{
- subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
- "<CritExtensionsPresent>");
- testCritExtensionsPresent(goodObject);
-
-
- subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
- "<CritExtensionsAbsent>");
- testCritExtensionsAbsent(altNameOidCert);
+ subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
+ "<CritExtensionsPresent>");
+ testCritExtensionsPresent(goodObject);
+ subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
+ "<CritExtensionsAbsent>");
+ testCritExtensionsAbsent(altNameOidCert);
- subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
- "<AllExtensionsAbsent>");
- testAllExtensionsAbsent(dataCentralDir);
+ subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
+ "<AllExtensionsAbsent>");
+ testAllExtensionsAbsent(dataCentralDir);
}
static void
testKeyIdentifiersMatching(char *dataCentralDir)
{
- PKIX_PL_Cert *subjKeyIDCert = NULL;
- PKIX_PL_Cert *authKeyIDCert = NULL;
- PKIX_PL_ByteArray *subjKeyID = NULL;
- PKIX_PL_ByteArray *authKeyID = NULL;
- PKIX_PL_ByteArray *subjKeyID_diff = NULL;
-
- char *expectedAscii =
- "[116, 021, 213, 036, 028, 189, 094, 101, 136, 031, 225,"
- " 139, 009, 126, 127, 234, 025, 072, 078, 097]";
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_Cert_Create <subjKeyIDCert>");
- subjKeyIDCert = createCert
- (dataCentralDir, "keyIdentifier/subjKeyIDCert", plContext);
-
- subTest("PKIX_PL_Cert_Create <authKeyIDCert>");
- authKeyIDCert = createCert
- (dataCentralDir, "keyIdentifier/authKeyIDCert", plContext);
-
- subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <good>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier
- (subjKeyIDCert, &subjKeyID, plContext));
-
- subTest("PKIX_PL_Cert_GetAuthorityKeyIdentifier <equal>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier
- (authKeyIDCert, &authKeyID, plContext));
-
- subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <diff>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_GetSubjectKeyIdentifier
- (authKeyIDCert, &subjKeyID_diff, plContext));
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (subjKeyID,
- authKeyID,
- subjKeyID_diff,
- expectedAscii,
- ByteArray,
- PKIX_TRUE);
+ PKIX_PL_Cert *subjKeyIDCert = NULL;
+ PKIX_PL_Cert *authKeyIDCert = NULL;
+ PKIX_PL_ByteArray *subjKeyID = NULL;
+ PKIX_PL_ByteArray *authKeyID = NULL;
+ PKIX_PL_ByteArray *subjKeyID_diff = NULL;
+
+ char *expectedAscii =
+ "[116, 021, 213, 036, 028, 189, 094, 101, 136, 031, 225,"
+ " 139, 009, 126, 127, 234, 025, 072, 078, 097]";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Create <subjKeyIDCert>");
+ subjKeyIDCert = createCert(dataCentralDir, "keyIdentifier/subjKeyIDCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <authKeyIDCert>");
+ authKeyIDCert = createCert(dataCentralDir, "keyIdentifier/authKeyIDCert", plContext);
+
+ subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <good>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(subjKeyIDCert, &subjKeyID, plContext));
+
+ subTest("PKIX_PL_Cert_GetAuthorityKeyIdentifier <equal>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(authKeyIDCert, &authKeyID, plContext));
+
+ subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <diff>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(authKeyIDCert, &subjKeyID_diff, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(subjKeyID,
+ authKeyID,
+ subjKeyID_diff,
+ expectedAscii,
+ ByteArray,
+ PKIX_TRUE);
cleanup:
- PKIX_TEST_DECREF_AC(subjKeyIDCert);
- PKIX_TEST_DECREF_AC(authKeyIDCert);
- PKIX_TEST_DECREF_AC(subjKeyID);
- PKIX_TEST_DECREF_AC(authKeyID);
- PKIX_TEST_DECREF_AC(subjKeyID_diff);
+ PKIX_TEST_DECREF_AC(subjKeyIDCert);
+ PKIX_TEST_DECREF_AC(authKeyIDCert);
+ PKIX_TEST_DECREF_AC(subjKeyID);
+ PKIX_TEST_DECREF_AC(authKeyID);
+ PKIX_TEST_DECREF_AC(subjKeyID_diff);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testKeyIdentifierAbsent(PKIX_PL_Cert *cert)
{
- PKIX_PL_ByteArray *subjKeyID = NULL;
- PKIX_PL_ByteArray *authKeyID = NULL;
+ PKIX_PL_ByteArray *subjKeyID = NULL;
+ PKIX_PL_ByteArray *authKeyID = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier
- (cert, &subjKeyID, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &subjKeyID, plContext));
- if (subjKeyID != NULL){
- pkixTestErrorMsg = "unexpected mismatch";
- }
+ if (subjKeyID != NULL) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier
- (cert, &authKeyID, plContext));
-
- if (authKeyID != NULL){
- pkixTestErrorMsg = "unexpected mismatch";
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &authKeyID, plContext));
+ if (authKeyID != NULL) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(subjKeyID);
- PKIX_TEST_DECREF_AC(authKeyID);
+ PKIX_TEST_DECREF_AC(subjKeyID);
+ PKIX_TEST_DECREF_AC(authKeyID);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testGetKeyIdentifiers(char *dataCentralDir, PKIX_PL_Cert *goodObject)
{
- testKeyIdentifiersMatching(dataCentralDir);
- testKeyIdentifierAbsent(goodObject);
+ testKeyIdentifiersMatching(dataCentralDir);
+ testKeyIdentifierAbsent(goodObject);
}
static void
testVerifyKeyUsage(
- char *dataCentralDir,
- char *dataDir,
- PKIX_PL_Cert *multiKeyUsagesCert)
+ char *dataCentralDir,
+ char *dataDir,
+ PKIX_PL_Cert *multiKeyUsagesCert)
{
- PKIX_PL_Cert *encipherOnlyCert = NULL;
- PKIX_PL_Cert *decipherOnlyCert = NULL;
- PKIX_PL_Cert *noKeyUsagesCert = NULL;
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_Cert_Create <encipherOnlyCert>");
- encipherOnlyCert = createCert
- (dataCentralDir, "keyUsage/encipherOnlyCert", plContext);
-
- subTest("PKIX_PL_Cert_Create <decipherOnlyCert>");
- decipherOnlyCert = createCert
- (dataCentralDir, "keyUsage/decipherOnlyCert", plContext);
-
- subTest("PKIX_PL_Cert_Create <noKeyUsagesCert>");
- noKeyUsagesCert = createCert
- (dataCentralDir, "keyUsage/noKeyUsagesCert", plContext);
-
- subTest("PKIX_PL_Cert_VerifyKeyUsage <key_cert_sign>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_VerifyKeyUsage
- (multiKeyUsagesCert, PKIX_KEY_CERT_SIGN, plContext));
-
- subTest("PKIX_PL_Cert_VerifyKeyUsage <multiKeyUsages>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage
- (multiKeyUsagesCert,
- PKIX_KEY_CERT_SIGN | PKIX_DIGITAL_SIGNATURE,
- plContext));
-
- subTest("PKIX_PL_Cert_VerifyKeyUsage <encipher_only>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_VerifyKeyUsage
- (encipherOnlyCert, PKIX_ENCIPHER_ONLY, plContext));
-
- subTest("PKIX_PL_Cert_VerifyKeyUsage <noKeyUsages>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_VerifyKeyUsage
- (noKeyUsagesCert, PKIX_ENCIPHER_ONLY, plContext));
-
- subTest("PKIX_PL_Cert_VerifyKeyUsage <decipher_only>");
- PKIX_TEST_EXPECT_ERROR
- (PKIX_PL_Cert_VerifyKeyUsage
- (decipherOnlyCert, PKIX_DECIPHER_ONLY, plContext));
+ PKIX_PL_Cert *encipherOnlyCert = NULL;
+ PKIX_PL_Cert *decipherOnlyCert = NULL;
+ PKIX_PL_Cert *noKeyUsagesCert = NULL;
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Create <encipherOnlyCert>");
+ encipherOnlyCert = createCert(dataCentralDir, "keyUsage/encipherOnlyCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <decipherOnlyCert>");
+ decipherOnlyCert = createCert(dataCentralDir, "keyUsage/decipherOnlyCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <noKeyUsagesCert>");
+ noKeyUsagesCert = createCert(dataCentralDir, "keyUsage/noKeyUsagesCert", plContext);
+
+ subTest("PKIX_PL_Cert_VerifyKeyUsage <key_cert_sign>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert, PKIX_KEY_CERT_SIGN, plContext));
+
+ subTest("PKIX_PL_Cert_VerifyKeyUsage <multiKeyUsages>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert,
+ PKIX_KEY_CERT_SIGN |
+ PKIX_DIGITAL_SIGNATURE,
+ plContext));
+
+ subTest("PKIX_PL_Cert_VerifyKeyUsage <encipher_only>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(encipherOnlyCert, PKIX_ENCIPHER_ONLY, plContext));
+
+ subTest("PKIX_PL_Cert_VerifyKeyUsage <noKeyUsages>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(noKeyUsagesCert, PKIX_ENCIPHER_ONLY, plContext));
+
+ subTest("PKIX_PL_Cert_VerifyKeyUsage <decipher_only>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifyKeyUsage(decipherOnlyCert, PKIX_DECIPHER_ONLY, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(encipherOnlyCert);
- PKIX_TEST_DECREF_AC(decipherOnlyCert);
- PKIX_TEST_DECREF_AC(noKeyUsagesCert);
+ PKIX_TEST_DECREF_AC(encipherOnlyCert);
+ PKIX_TEST_DECREF_AC(decipherOnlyCert);
+ PKIX_TEST_DECREF_AC(noKeyUsagesCert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testGetExtendedKeyUsage(char *dataCentralDir)
{
- PKIX_PL_Cert *codeSigningEKUCert = NULL;
- PKIX_PL_Cert *multiEKUCert = NULL;
- PKIX_PL_Cert *noEKUCert = NULL;
- PKIX_List *firstExtKeyUsage = NULL;
- PKIX_List *secondExtKeyUsage = NULL;
- PKIX_List *thirdExtKeyUsage = NULL;
- PKIX_PL_OID *firstOID = NULL;
- char *oidAscii = "1.3.6.1.5.5.7.3.3";
- PKIX_PL_OID *secondOID = NULL;
- char *secondOIDAscii = "1.3.6.1.5.5.7.3.1";
- PKIX_PL_OID *thirdOID = NULL;
- char *thirdOIDAscii = "1.3.6.1.5.5.7.3.2";
- PKIX_PL_OID *fourthOID = NULL;
- PKIX_UInt32 length = 0;
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_Cert_Create <codeSigningEKUCert>");
- codeSigningEKUCert = createCert
- (dataCentralDir, "extKeyUsage/codeSigningEKUCert", plContext);
-
- subTest("PKIX_PL_Cert_Create <multiEKUCert>");
- multiEKUCert = createCert
- (dataCentralDir, "extKeyUsage/multiEKUCert", plContext);
-
- subTest("PKIX_PL_Cert_Create <noEKUCert>");
- noEKUCert = createCert
- (dataCentralDir, "extKeyUsage/noEKUCert", plContext);
-
- subTest("PKIX_PL_Cert_ExtendedKeyUsage <codeSigningEKU>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage
- (codeSigningEKUCert, &firstExtKeyUsage, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (firstExtKeyUsage, 0, (PKIX_PL_Object **)&firstOID, plContext));
- testToStringHelper((PKIX_PL_Object *)firstOID, oidAscii, plContext);
-
- subTest("PKIX_PL_Cert_ExtendedKeyUsage <multiEKU>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage
- (multiEKUCert, &secondExtKeyUsage, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (secondExtKeyUsage, &length, plContext));
-
- if (length != 3){
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%d\n", length);
- (void) printf("Expected value:\t3\n");
- goto cleanup;
- }
+ PKIX_PL_Cert *codeSigningEKUCert = NULL;
+ PKIX_PL_Cert *multiEKUCert = NULL;
+ PKIX_PL_Cert *noEKUCert = NULL;
+ PKIX_List *firstExtKeyUsage = NULL;
+ PKIX_List *secondExtKeyUsage = NULL;
+ PKIX_List *thirdExtKeyUsage = NULL;
+ PKIX_PL_OID *firstOID = NULL;
+ char *oidAscii = "1.3.6.1.5.5.7.3.3";
+ PKIX_PL_OID *secondOID = NULL;
+ char *secondOIDAscii = "1.3.6.1.5.5.7.3.1";
+ PKIX_PL_OID *thirdOID = NULL;
+ char *thirdOIDAscii = "1.3.6.1.5.5.7.3.2";
+ PKIX_PL_OID *fourthOID = NULL;
+ PKIX_UInt32 length = 0;
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (secondExtKeyUsage,
- 0,
- (PKIX_PL_Object **)&secondOID,
- plContext));
-
- testToStringHelper((PKIX_PL_Object *)secondOID, oidAscii, plContext);
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (secondExtKeyUsage,
- 1,
- (PKIX_PL_Object **)&thirdOID,
- plContext));
-
- testToStringHelper
- ((PKIX_PL_Object *)thirdOID, secondOIDAscii, plContext);
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (secondExtKeyUsage,
- 2,
- (PKIX_PL_Object **)&fourthOID,
- plContext));
-
- testToStringHelper
- ((PKIX_PL_Object *)fourthOID, thirdOIDAscii, plContext);
-
- subTest("PKIX_PL_Cert_ExtendedKeyUsage <noEKU>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage
- (noEKUCert, &thirdExtKeyUsage, plContext));
-
- if (thirdExtKeyUsage != NULL){
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%p\n", (void *)thirdExtKeyUsage);
- (void) printf("Expected value:\tNULL\n");
- goto cleanup;
- }
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Create <codeSigningEKUCert>");
+ codeSigningEKUCert = createCert(dataCentralDir, "extKeyUsage/codeSigningEKUCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <multiEKUCert>");
+ multiEKUCert = createCert(dataCentralDir, "extKeyUsage/multiEKUCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <noEKUCert>");
+ noEKUCert = createCert(dataCentralDir, "extKeyUsage/noEKUCert", plContext);
+
+ subTest("PKIX_PL_Cert_ExtendedKeyUsage <codeSigningEKU>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(codeSigningEKUCert, &firstExtKeyUsage, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(firstExtKeyUsage, 0, (PKIX_PL_Object **)&firstOID, plContext));
+ testToStringHelper((PKIX_PL_Object *)firstOID, oidAscii, plContext);
+
+ subTest("PKIX_PL_Cert_ExtendedKeyUsage <multiEKU>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(multiEKUCert, &secondExtKeyUsage, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(secondExtKeyUsage, &length, plContext));
+
+ if (length != 3) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", length);
+ (void)printf("Expected value:\t3\n");
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
+ 0,
+ (PKIX_PL_Object **)&secondOID,
+ plContext));
+
+ testToStringHelper((PKIX_PL_Object *)secondOID, oidAscii, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
+ 1,
+ (PKIX_PL_Object **)&thirdOID,
+ plContext));
+
+ testToStringHelper((PKIX_PL_Object *)thirdOID, secondOIDAscii, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
+ 2,
+ (PKIX_PL_Object **)&fourthOID,
+ plContext));
+
+ testToStringHelper((PKIX_PL_Object *)fourthOID, thirdOIDAscii, plContext);
+
+ subTest("PKIX_PL_Cert_ExtendedKeyUsage <noEKU>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(noEKUCert, &thirdExtKeyUsage, plContext));
+
+ if (thirdExtKeyUsage != NULL) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%p\n", (void *)thirdExtKeyUsage);
+ (void)printf("Expected value:\tNULL\n");
+ goto cleanup;
+ }
cleanup:
- PKIX_TEST_DECREF_AC(firstOID);
- PKIX_TEST_DECREF_AC(secondOID);
- PKIX_TEST_DECREF_AC(thirdOID);
- PKIX_TEST_DECREF_AC(fourthOID);
+ PKIX_TEST_DECREF_AC(firstOID);
+ PKIX_TEST_DECREF_AC(secondOID);
+ PKIX_TEST_DECREF_AC(thirdOID);
+ PKIX_TEST_DECREF_AC(fourthOID);
- PKIX_TEST_DECREF_AC(firstExtKeyUsage);
- PKIX_TEST_DECREF_AC(secondExtKeyUsage);
- PKIX_TEST_DECREF_AC(thirdExtKeyUsage);
+ PKIX_TEST_DECREF_AC(firstExtKeyUsage);
+ PKIX_TEST_DECREF_AC(secondExtKeyUsage);
+ PKIX_TEST_DECREF_AC(thirdExtKeyUsage);
- PKIX_TEST_DECREF_AC(codeSigningEKUCert);
- PKIX_TEST_DECREF_AC(multiEKUCert);
- PKIX_TEST_DECREF_AC(noEKUCert);
+ PKIX_TEST_DECREF_AC(codeSigningEKUCert);
+ PKIX_TEST_DECREF_AC(multiEKUCert);
+ PKIX_TEST_DECREF_AC(noEKUCert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void testMakeInheritedDSAPublicKey(char *dataCentralDir){
- PKIX_PL_PublicKey *firstKey = NULL;
- PKIX_PL_PublicKey *secondKey = NULL;
- PKIX_PL_PublicKey *resultKeyPositive = NULL;
- PKIX_PL_PublicKey *resultKeyNegative = NULL;
- PKIX_PL_Cert *firstCert = NULL;
- PKIX_PL_Cert *secondCert = NULL;
+static void
+testMakeInheritedDSAPublicKey(char *dataCentralDir)
+{
+ PKIX_PL_PublicKey *firstKey = NULL;
+ PKIX_PL_PublicKey *secondKey = NULL;
+ PKIX_PL_PublicKey *resultKeyPositive = NULL;
+ PKIX_PL_PublicKey *resultKeyNegative = NULL;
+ PKIX_PL_Cert *firstCert = NULL;
+ PKIX_PL_Cert *secondCert = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_Create <dsaWithoutParams>");
- firstCert = createCert
- (dataCentralDir, "publicKey/dsaWithoutParams", plContext);
+ subTest("PKIX_PL_Cert_Create <dsaWithoutParams>");
+ firstCert = createCert(dataCentralDir, "publicKey/dsaWithoutParams", plContext);
- subTest("PKIX_PL_Cert_Create <dsaWithParams>");
- secondCert = createCert
- (dataCentralDir, "publicKey/dsaWithParams", plContext);
+ subTest("PKIX_PL_Cert_Create <dsaWithParams>");
+ secondCert = createCert(dataCentralDir, "publicKey/dsaWithParams", plContext);
- subTest("PKIX_PL_Cert_GetSubjectPublicKey <firstKey>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_GetSubjectPublicKey
- (firstCert, &firstKey, plContext));
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <firstKey>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstKey, plContext));
- subTest("PKIX_PL_Cert_GetSubjectPublicKey <secondKey>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (secondCert, &secondKey, plContext));
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <secondKey>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondKey, plContext));
- subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <positive>");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
- (firstKey, secondKey, &resultKeyPositive, plContext));
+ subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, secondKey, &resultKeyPositive, plContext));
- if (resultKeyPositive == NULL){
- testError("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed");
- }
+ if (resultKeyPositive == NULL) {
+ testError("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed");
+ }
- subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <negative>");
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
- (firstKey, firstKey, &resultKeyNegative, plContext));
+ subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, firstKey, &resultKeyNegative, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(firstCert);
- PKIX_TEST_DECREF_AC(secondCert);
+ PKIX_TEST_DECREF_AC(firstCert);
+ PKIX_TEST_DECREF_AC(secondCert);
- PKIX_TEST_DECREF_AC(firstKey);
- PKIX_TEST_DECREF_AC(secondKey);
- PKIX_TEST_DECREF_AC(resultKeyPositive);
- PKIX_TEST_DECREF_AC(resultKeyNegative);
+ PKIX_TEST_DECREF_AC(firstKey);
+ PKIX_TEST_DECREF_AC(secondKey);
+ PKIX_TEST_DECREF_AC(resultKeyPositive);
+ PKIX_TEST_DECREF_AC(resultKeyNegative);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void testVerifySignature(char *dataCentralDir){
- PKIX_PL_Cert *firstCert = NULL;
- PKIX_PL_Cert *secondCert = NULL;
- PKIX_PL_PublicKey *firstPubKey = NULL;
- PKIX_PL_PublicKey *secondPubKey = NULL;
+static void
+testVerifySignature(char *dataCentralDir)
+{
+ PKIX_PL_Cert *firstCert = NULL;
+ PKIX_PL_Cert *secondCert = NULL;
+ PKIX_PL_PublicKey *firstPubKey = NULL;
+ PKIX_PL_PublicKey *secondPubKey = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_Create <labs2yassir>");
- firstCert = createCert(dataCentralDir, "publicKey/labs2yassir", plContext);
+ subTest("PKIX_PL_Cert_Create <labs2yassir>");
+ firstCert = createCert(dataCentralDir, "publicKey/labs2yassir", plContext);
- subTest("PKIX_PL_Cert_Create <yassir2labs>");
- secondCert = createCert(dataCentralDir, "publicKey/yassir2labs", plContext);
+ subTest("PKIX_PL_Cert_Create <yassir2labs>");
+ secondCert = createCert(dataCentralDir, "publicKey/yassir2labs", plContext);
- subTest("PKIX_PL_Cert_GetSubjectPublicKey <labs2yassir>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_GetSubjectPublicKey
- (firstCert, &firstPubKey, plContext));
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <labs2yassir>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext));
- subTest("PKIX_PL_Cert_GetSubjectPublicKey <yassir2labs>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_GetSubjectPublicKey
- (secondCert, &secondPubKey, plContext));
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <yassir2labs>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext));
- subTest("PKIX_PL_Cert_VerifySignature <positive>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_VerifySignature
- (secondCert, firstPubKey, plContext));
+ subTest("PKIX_PL_Cert_VerifySignature <positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, firstPubKey, plContext));
- subTest("PKIX_PL_Cert_VerifySignature <negative>");
- PKIX_TEST_EXPECT_ERROR
- (PKIX_PL_Cert_VerifySignature
- (secondCert, secondPubKey, plContext));
+ subTest("PKIX_PL_Cert_VerifySignature <negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, secondPubKey, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(firstCert);
- PKIX_TEST_DECREF_AC(secondCert);
- PKIX_TEST_DECREF_AC(firstPubKey);
- PKIX_TEST_DECREF_AC(secondPubKey);
+ PKIX_TEST_DECREF_AC(firstCert);
+ PKIX_TEST_DECREF_AC(secondCert);
+ PKIX_TEST_DECREF_AC(firstPubKey);
+ PKIX_TEST_DECREF_AC(secondPubKey);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testCheckValidity(
- PKIX_PL_Cert *olderCert,
- PKIX_PL_Cert *newerCert)
+ PKIX_PL_Cert *olderCert,
+ PKIX_PL_Cert *newerCert)
{
- /*
+ /*
* olderCert has the following Validity:
* notBefore = August 19, 1999: 20:19:56 GMT
* notAfter = August 18, 2000: 20:19:56 GMT
@@ -1023,207 +922,184 @@ testCheckValidity(
* notAfter = February 13, 2009: 16:46:03 GMT
*/
- /* olderDateAscii = March 29, 2000: 13:48:47 GMT */
- char *olderAscii = "000329134847Z";
- PKIX_PL_String *olderString = NULL;
- PKIX_PL_Date *olderDate = NULL;
-
- /* newerDateAscii = March 29, 2004: 13:48:47 GMT */
- char *newerAscii = "040329134847Z";
- PKIX_PL_String *newerString = NULL;
- PKIX_PL_Date *newerDate = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_Cert_CheckValidity <creating Dates>");
-
- /* create newer date when newer cert is valid but older cert is not */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, newerAscii, 0, &newerString, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Date_Create_UTCTime
- (newerString, &newerDate, plContext));
-
- /* create older date when older cert is valid but newer cert is not */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, olderAscii, 0, &olderString, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Date_Create_UTCTime
- (olderString, &olderDate, plContext));
-
- /* check validity of both certificates using olderDate */
- subTest("PKIX_PL_Cert_CheckValidity <olderDate:positive>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_CheckValidity(olderCert, olderDate, plContext));
-
- subTest("PKIX_PL_Cert_CheckValidity <olderDate:negative>");
- PKIX_TEST_EXPECT_ERROR
- (PKIX_PL_Cert_CheckValidity(newerCert, olderDate, plContext));
-
- /* check validity of both certificates using newerDate */
- subTest("PKIX_PL_Cert_CheckValidity <newerDate:positive>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_CheckValidity(newerCert, newerDate, plContext));
-
- subTest("PKIX_PL_Cert_CheckValidity <newerDate:negative>");
- PKIX_TEST_EXPECT_ERROR
- (PKIX_PL_Cert_CheckValidity(olderCert, newerDate, plContext));
-
- /*
+ /* olderDateAscii = March 29, 2000: 13:48:47 GMT */
+ char *olderAscii = "000329134847Z";
+ PKIX_PL_String *olderString = NULL;
+ PKIX_PL_Date *olderDate = NULL;
+
+ /* newerDateAscii = March 29, 2004: 13:48:47 GMT */
+ char *newerAscii = "040329134847Z";
+ PKIX_PL_String *newerString = NULL;
+ PKIX_PL_Date *newerDate = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_CheckValidity <creating Dates>");
+
+ /* create newer date when newer cert is valid but older cert is not */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, newerAscii, 0, &newerString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(newerString, &newerDate, plContext));
+
+ /* create older date when older cert is valid but newer cert is not */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, olderAscii, 0, &olderString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(olderString, &olderDate, plContext));
+
+ /* check validity of both certificates using olderDate */
+ subTest("PKIX_PL_Cert_CheckValidity <olderDate:positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, olderDate, plContext));
+
+ subTest("PKIX_PL_Cert_CheckValidity <olderDate:negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, olderDate, plContext));
+
+ /* check validity of both certificates using newerDate */
+ subTest("PKIX_PL_Cert_CheckValidity <newerDate:positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, newerDate, plContext));
+
+ subTest("PKIX_PL_Cert_CheckValidity <newerDate:negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, newerDate, plContext));
+
+ /*
* check validity of both certificates using current time
* NOTE: these "now" tests will not work when the current
* time is after newerCert.notAfter (~ February 13, 2009)
*/
- subTest("PKIX_PL_Cert_CheckValidity <now:positive>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_CheckValidity(newerCert, NULL, plContext));
+ subTest("PKIX_PL_Cert_CheckValidity <now:positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, NULL, plContext));
- subTest("PKIX_PL_Cert_CheckValidity <now:negative>");
- PKIX_TEST_EXPECT_ERROR
- (PKIX_PL_Cert_CheckValidity(olderCert, NULL, plContext));
+ subTest("PKIX_PL_Cert_CheckValidity <now:negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, NULL, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(olderString);
- PKIX_TEST_DECREF_AC(newerString);
- PKIX_TEST_DECREF_AC(olderDate);
- PKIX_TEST_DECREF_AC(newerDate);
+ PKIX_TEST_DECREF_AC(olderString);
+ PKIX_TEST_DECREF_AC(newerString);
+ PKIX_TEST_DECREF_AC(olderDate);
+ PKIX_TEST_DECREF_AC(newerDate);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
readCertBasicConstraints(
- char *dataDir,
- char *goodCertName,
- char *diffCertName,
- PKIX_PL_CertBasicConstraints **goodBasicConstraints,
- PKIX_PL_CertBasicConstraints **equalBasicConstraints,
- PKIX_PL_CertBasicConstraints **diffBasicConstraints){
+ char *dataDir,
+ char *goodCertName,
+ char *diffCertName,
+ PKIX_PL_CertBasicConstraints **goodBasicConstraints,
+ PKIX_PL_CertBasicConstraints **equalBasicConstraints,
+ PKIX_PL_CertBasicConstraints **diffBasicConstraints)
+{
- PKIX_PL_Cert *goodCert = NULL;
- PKIX_PL_Cert *equalCert = NULL;
- PKIX_PL_Cert *diffCert = NULL;
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- createCerts(dataDir, goodCertName, diffCertName,
+ createCerts(dataDir, goodCertName, diffCertName,
&goodCert, &equalCert, &diffCert);
- /*
+ /*
* Warning: pointer will be NULL if BasicConstraints
* extension is not present in the certificate. */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints
- (goodCert, goodBasicConstraints, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints
- (equalCert, equalBasicConstraints, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints
- (diffCert, diffBasicConstraints, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(goodCert, goodBasicConstraints, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(equalCert, equalBasicConstraints, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, diffBasicConstraints, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(goodCert);
- PKIX_TEST_DECREF_AC(equalCert);
- PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(diffCert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testBasicConstraintsHelper(
- char *dataDir,
- char *goodCertName,
- char *diffCertName,
- char *expectedAscii)
+ char *dataDir,
+ char *goodCertName,
+ char *diffCertName,
+ char *expectedAscii)
{
- PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
- PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
- PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- readCertBasicConstraints
- (dataDir,
- goodCertName,
- diffCertName,
- &goodBasicConstraints,
- &equalBasicConstraints,
- &diffBasicConstraints);
+ readCertBasicConstraints(dataDir,
+ goodCertName,
+ diffCertName,
+ &goodBasicConstraints,
+ &equalBasicConstraints,
+ &diffBasicConstraints);
- /*
+ /*
* The standard test macro is applicable only
* if BasicConstraint extension is present
* in the certificate. Otherwise some
* pointers will be null.
*/
- if ((goodBasicConstraints) &&
- (equalBasicConstraints) &&
- (diffBasicConstraints)) {
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodBasicConstraints,
- equalBasicConstraints,
- diffBasicConstraints,
- expectedAscii,
- BasicConstraints,
- PKIX_TRUE);
- } else {
- /* Test what we can */
- if (goodBasicConstraints) {
- if (!equalBasicConstraints) {
- testError
- ("Unexpected NULL value of equalBasicConstraints");
- goto cleanup;
- }
- subTest("PKIX_PL_BasicConstraints_Equals <match>");
- testEqualsHelper
- ((PKIX_PL_Object *)(goodBasicConstraints),
- (PKIX_PL_Object *)(equalBasicConstraints),
- PKIX_TRUE,
- plContext);
- subTest("PKIX_PL_BasicConstraints_Hashcode <match>");
- testHashcodeHelper
- ((PKIX_PL_Object *)(goodBasicConstraints),
- (PKIX_PL_Object *)(equalBasicConstraints),
- PKIX_TRUE,
- plContext);
- if (diffBasicConstraints) {
- subTest("PKIX_PL_BasicConstraints_Equals <non-match>");
- testEqualsHelper
- ((PKIX_PL_Object *)(goodBasicConstraints),
- (PKIX_PL_Object *)(diffBasicConstraints),
- PKIX_FALSE,
- plContext);
- subTest("PKIX_PL_BasicConstraints_Hashcode <non-match>");
- testHashcodeHelper
- ((PKIX_PL_Object *)(goodBasicConstraints),
- (PKIX_PL_Object *)(diffBasicConstraints),
- PKIX_FALSE,
- plContext);
- }
- subTest("PKIX_PL_BasicConstraints_Duplicate");
- testDuplicateHelper
- ((PKIX_PL_Object *)goodBasicConstraints, plContext);
+ if ((goodBasicConstraints) &&
+ (equalBasicConstraints) &&
+ (diffBasicConstraints)) {
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodBasicConstraints,
+ equalBasicConstraints,
+ diffBasicConstraints,
+ expectedAscii,
+ BasicConstraints,
+ PKIX_TRUE);
+ } else {
+ /* Test what we can */
+ if (goodBasicConstraints) {
+ if (!equalBasicConstraints) {
+ testError("Unexpected NULL value of equalBasicConstraints");
+ goto cleanup;
}
- if (expectedAscii) {
- subTest("PKIX_PL_BasicConstraints_ToString");
- testToStringHelper
- ((PKIX_PL_Object *)(goodBasicConstraints),
- expectedAscii,
- plContext);
+ subTest("PKIX_PL_BasicConstraints_Equals <match>");
+ testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints),
+ (PKIX_PL_Object *)(equalBasicConstraints),
+ PKIX_TRUE,
+ plContext);
+ subTest("PKIX_PL_BasicConstraints_Hashcode <match>");
+ testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints),
+ (PKIX_PL_Object *)(equalBasicConstraints),
+ PKIX_TRUE,
+ plContext);
+ if (diffBasicConstraints) {
+ subTest("PKIX_PL_BasicConstraints_Equals <non-match>");
+ testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints),
+ (PKIX_PL_Object *)(diffBasicConstraints),
+ PKIX_FALSE,
+ plContext);
+ subTest("PKIX_PL_BasicConstraints_Hashcode <non-match>");
+ testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints),
+ (PKIX_PL_Object *)(diffBasicConstraints),
+ PKIX_FALSE,
+ plContext);
}
+ subTest("PKIX_PL_BasicConstraints_Duplicate");
+ testDuplicateHelper((PKIX_PL_Object *)goodBasicConstraints, plContext);
+ }
+ if (expectedAscii) {
+ subTest("PKIX_PL_BasicConstraints_ToString");
+ testToStringHelper((PKIX_PL_Object *)(goodBasicConstraints),
+ expectedAscii,
+ plContext);
}
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodBasicConstraints);
- PKIX_TEST_DECREF_AC(equalBasicConstraints);
- PKIX_TEST_DECREF_AC(diffBasicConstraints);
+ PKIX_TEST_DECREF_AC(goodBasicConstraints);
+ PKIX_TEST_DECREF_AC(equalBasicConstraints);
+ PKIX_TEST_DECREF_AC(diffBasicConstraints);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testBasicConstraints_GetCAFlag(char *dataCentralDir)
{
- /*
+ /*
* XXX When we have a certificate with a non-null Basic
* Constraints field and a value of FALSE for CAFlag,
* this test should be modified to use that
@@ -1231,425 +1107,382 @@ testBasicConstraints_GetCAFlag(char *dataCentralDir)
* GetCAFlag returns a FALSE value. But our certificates for
* non-CAs are created with no BasicConstraints extension.
*/
- PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
- PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
- PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
- char *goodCertName = "yassir2yassir";
- char *diffCertName = "nss2alice";
- PKIX_Boolean goodCAFlag = PKIX_FALSE;
- PKIX_Boolean diffCAFlag = PKIX_FALSE;
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_BasicConstraints_GetCAFlag");
-
- readCertBasicConstraints
- (dataCentralDir,
- goodCertName,
- diffCertName,
- &goodBasicConstraints,
- &equalBasicConstraints,
- &diffBasicConstraints);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag
- (goodBasicConstraints, &goodCAFlag, plContext));
- if (!goodCAFlag) {
- testError("BasicConstraint CAFlag unexpectedly FALSE");
- goto cleanup;
- }
-
- if (diffBasicConstraints) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag
- (diffBasicConstraints, &diffCAFlag, plContext));
- if (diffCAFlag) {
- testError("BasicConstraint CAFlag unexpectedly TRUE");
- goto cleanup;
- }
+ PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
+ char *goodCertName = "yassir2yassir";
+ char *diffCertName = "nss2alice";
+ PKIX_Boolean goodCAFlag = PKIX_FALSE;
+ PKIX_Boolean diffCAFlag = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_BasicConstraints_GetCAFlag");
+
+ readCertBasicConstraints(dataCentralDir,
+ goodCertName,
+ diffCertName,
+ &goodBasicConstraints,
+ &equalBasicConstraints,
+ &diffBasicConstraints);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(goodBasicConstraints, &goodCAFlag, plContext));
+ if (!goodCAFlag) {
+ testError("BasicConstraint CAFlag unexpectedly FALSE");
+ goto cleanup;
+ }
+
+ if (diffBasicConstraints) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(diffBasicConstraints, &diffCAFlag, plContext));
+ if (diffCAFlag) {
+ testError("BasicConstraint CAFlag unexpectedly TRUE");
+ goto cleanup;
}
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodBasicConstraints);
- PKIX_TEST_DECREF_AC(equalBasicConstraints);
- PKIX_TEST_DECREF_AC(diffBasicConstraints);
+ PKIX_TEST_DECREF_AC(goodBasicConstraints);
+ PKIX_TEST_DECREF_AC(equalBasicConstraints);
+ PKIX_TEST_DECREF_AC(diffBasicConstraints);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testBasicConstraints_GetPathLenConstraint(char *dataCentralDir)
{
- PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
- PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
- PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
- char *goodCertName = "yassir2yassir";
- char *diffCertName = "sun2sun";
- PKIX_Int32 goodPathLen = 0;
- PKIX_Int32 diffPathLen = 0;
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_BasicConstraints_GetPathLenConstraint");
-
- readCertBasicConstraints
- (dataCentralDir,
- goodCertName,
- diffCertName,
- &goodBasicConstraints,
- &equalBasicConstraints,
- &diffBasicConstraints);
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_BasicConstraints_GetPathLenConstraint
- (goodBasicConstraints, &goodPathLen, plContext));
- if (0 != goodPathLen) {
- testError("unexpected basicConstraint pathLen");
- (void) printf("Actual value:\t%d\n", goodPathLen);
- (void) printf("Expected value:\t0\n");
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_BasicConstraints_GetPathLenConstraint
- (diffBasicConstraints, &diffPathLen, plContext));
- if (1 != diffPathLen) {
- testError("unexpected basicConstraint pathLen");
- (void) printf("Actual value:\t%d\n", diffPathLen);
- (void) printf("Expected value:\t1\n");
- goto cleanup;
- }
+ PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
+ char *goodCertName = "yassir2yassir";
+ char *diffCertName = "sun2sun";
+ PKIX_Int32 goodPathLen = 0;
+ PKIX_Int32 diffPathLen = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_BasicConstraints_GetPathLenConstraint");
+
+ readCertBasicConstraints(dataCentralDir,
+ goodCertName,
+ diffCertName,
+ &goodBasicConstraints,
+ &equalBasicConstraints,
+ &diffBasicConstraints);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &goodPathLen, plContext));
+ if (0 != goodPathLen) {
+ testError("unexpected basicConstraint pathLen");
+ (void)printf("Actual value:\t%d\n", goodPathLen);
+ (void)printf("Expected value:\t0\n");
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffPathLen, plContext));
+ if (1 != diffPathLen) {
+ testError("unexpected basicConstraint pathLen");
+ (void)printf("Actual value:\t%d\n", diffPathLen);
+ (void)printf("Expected value:\t1\n");
+ goto cleanup;
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodBasicConstraints);
- PKIX_TEST_DECREF_AC(equalBasicConstraints);
- PKIX_TEST_DECREF_AC(diffBasicConstraints);
+ PKIX_TEST_DECREF_AC(goodBasicConstraints);
+ PKIX_TEST_DECREF_AC(equalBasicConstraints);
+ PKIX_TEST_DECREF_AC(diffBasicConstraints);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testGetBasicConstraints(char *dataCentralDir)
{
- char *goodCertName = NULL;
- char *diffCertName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and non-CA>");
- goodCertName = "yassir2yassir";
- diffCertName = "nss2alice";
- testBasicConstraintsHelper
- (dataCentralDir, goodCertName, diffCertName, "CA(0)");
-
- subTest("PKIX_PL_Cert_GetBasicConstraints <non-CA and CA(1)>");
- goodCertName = "nss2alice";
- diffCertName = "sun2sun";
- testBasicConstraintsHelper
- (dataCentralDir, goodCertName, diffCertName, NULL);
-
- subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and CA(1)>");
- goodCertName = "yassir2bcn";
- diffCertName = "sun2sun";
- testBasicConstraintsHelper
- (dataCentralDir, goodCertName, diffCertName, "CA(0)");
-
- subTest("PKIX_PL_Cert_GetBasicConstraints <CA(-1) and CA(1)>");
- goodCertName = "anchor2dsa";
- diffCertName = "sun2sun";
- testBasicConstraintsHelper
- (dataCentralDir, goodCertName, diffCertName, "CA(-1)");
-
- PKIX_TEST_RETURN();
+ char *goodCertName = NULL;
+ char *diffCertName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and non-CA>");
+ goodCertName = "yassir2yassir";
+ diffCertName = "nss2alice";
+ testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)");
+
+ subTest("PKIX_PL_Cert_GetBasicConstraints <non-CA and CA(1)>");
+ goodCertName = "nss2alice";
+ diffCertName = "sun2sun";
+ testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, NULL);
+
+ subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and CA(1)>");
+ goodCertName = "yassir2bcn";
+ diffCertName = "sun2sun";
+ testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)");
+
+ subTest("PKIX_PL_Cert_GetBasicConstraints <CA(-1) and CA(1)>");
+ goodCertName = "anchor2dsa";
+ diffCertName = "sun2sun";
+ testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(-1)");
+
+ PKIX_TEST_RETURN();
}
static void
testGetPolicyInformation(char *dataDir)
{
- char *goodCertName =
- "UserNoticeQualifierTest15EE.crt";
- char *equalCertName =
- "UserNoticeQualifierTest15EE.crt";
- char *diffCertName =
- "UserNoticeQualifierTest17EE.crt";
- PKIX_Boolean isImmutable = PKIX_FALSE;
- PKIX_PL_Cert *goodCert = NULL;
- PKIX_PL_Cert *equalCert = NULL;
- PKIX_PL_Cert *diffCert = NULL;
- PKIX_List* goodPolicyInfo = NULL;
- PKIX_List* equalPolicyInfo = NULL;
- PKIX_List* diffPolicyInfo = NULL;
- PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
- PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
- PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
-
- PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_GetPolicyInformation");
-
- /*
+ char *goodCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *equalCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *diffCertName =
+ "UserNoticeQualifierTest17EE.crt";
+ PKIX_Boolean isImmutable = PKIX_FALSE;
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_List *goodPolicyInfo = NULL;
+ PKIX_List *equalPolicyInfo = NULL;
+ PKIX_List *diffPolicyInfo = NULL;
+ PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_Cert_GetPolicyInformation");
+
+ /*
* Get the cert, then the list of policyInfos.
* Take the first policyInfo from the list.
*/
- /* Get the PolicyInfo objects */
- goodCert = createCert(dataDir, goodCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (goodCert, &goodPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
-
- equalCert = createCert(dataDir, equalCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (equalCert, &equalPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (equalPolicyInfo,
- 0,
- (PKIX_PL_Object **)&equalPolicy,
- plContext));
-
- diffCert = createCert(dataDir, diffCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (diffCert, &diffPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodPolicy,
- equalPolicy,
- diffPolicy,
- NULL,
- CertPolicyInfo,
- PKIX_FALSE);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable
- (goodPolicyInfo, &isImmutable, plContext));
-
- if (isImmutable != PKIX_TRUE) {
- testError("PolicyInfo List is not immutable");
- }
+ /* Get the PolicyInfo objects */
+ goodCert = createCert(dataDir, goodCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+
+ equalCert = createCert(dataDir, equalCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+ 0,
+ (PKIX_PL_Object **)&equalPolicy,
+ plContext));
+
+ diffCert = createCert(dataDir, diffCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPolicy,
+ equalPolicy,
+ diffPolicy,
+ NULL,
+ CertPolicyInfo,
+ PKIX_FALSE);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodPolicyInfo, &isImmutable, plContext));
+
+ if (isImmutable != PKIX_TRUE) {
+ testError("PolicyInfo List is not immutable");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodPolicy);
- PKIX_TEST_DECREF_AC(equalPolicy);
- PKIX_TEST_DECREF_AC(diffPolicy);
- PKIX_TEST_DECREF_AC(goodPolicyInfo);
- PKIX_TEST_DECREF_AC(equalPolicyInfo);
- PKIX_TEST_DECREF_AC(diffPolicyInfo);
- PKIX_TEST_DECREF_AC(goodCert);
- PKIX_TEST_DECREF_AC(equalCert);
- PKIX_TEST_DECREF_AC(diffCert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(diffPolicy);
+ PKIX_TEST_DECREF_AC(goodPolicyInfo);
+ PKIX_TEST_DECREF_AC(equalPolicyInfo);
+ PKIX_TEST_DECREF_AC(diffPolicyInfo);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_RETURN();
}
static void
testCertPolicy_GetPolicyId(char *dataDir)
{
- char *goodCertName =
- "UserNoticeQualifierTest15EE.crt";
- char *equalCertName =
- "UserNoticeQualifierTest16EE.crt";
- char *diffCertName =
- "UserNoticeQualifierTest17EE.crt";
- PKIX_PL_Cert *goodCert = NULL;
- PKIX_PL_Cert *equalCert = NULL;
- PKIX_PL_Cert *diffCert = NULL;
- PKIX_List* goodPolicyInfo = NULL;
- PKIX_List* equalPolicyInfo = NULL;
- PKIX_List* diffPolicyInfo = NULL;
- PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
- PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
- PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
- PKIX_PL_OID *goodID = NULL;
- PKIX_PL_OID *equalID = NULL;
- PKIX_PL_OID *diffID = NULL;
-
- PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_CertPolicyInfo_GetPolicyId");
-
- /*
+ char *goodCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *equalCertName =
+ "UserNoticeQualifierTest16EE.crt";
+ char *diffCertName =
+ "UserNoticeQualifierTest17EE.crt";
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_List *goodPolicyInfo = NULL;
+ PKIX_List *equalPolicyInfo = NULL;
+ PKIX_List *diffPolicyInfo = NULL;
+ PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+ PKIX_PL_OID *goodID = NULL;
+ PKIX_PL_OID *equalID = NULL;
+ PKIX_PL_OID *diffID = NULL;
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_CertPolicyInfo_GetPolicyId");
+
+ /*
* Get the cert, then the list of policyInfos.
* Take the first policyInfo from the list.
* Finally, get the policyInfo's ID.
*/
- /* Get the PolicyInfo objects */
- goodCert = createCert(dataDir, goodCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (goodCert, &goodPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId
- (goodPolicy, &goodID, plContext));
-
- equalCert = createCert(dataDir, equalCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (equalCert, &equalPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (equalPolicyInfo,
- 0,
- (PKIX_PL_Object **)&equalPolicy,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId
- (equalPolicy, &equalID, plContext));
-
- diffCert = createCert(dataDir, diffCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (diffCert, &diffPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId
- (diffPolicy, &diffID, plContext));
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodID, equalID, diffID, NULL, OID, PKIX_FALSE);
+ /* Get the PolicyInfo objects */
+ goodCert = createCert(dataDir, goodCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(goodPolicy, &goodID, plContext));
+
+ equalCert = createCert(dataDir, equalCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+ 0,
+ (PKIX_PL_Object **)&equalPolicy,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(equalPolicy, &equalID, plContext));
+
+ diffCert = createCert(dataDir, diffCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(diffPolicy, &diffID, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE);
cleanup:
- PKIX_TEST_DECREF_AC(goodID);
- PKIX_TEST_DECREF_AC(equalID);
- PKIX_TEST_DECREF_AC(diffID);
- PKIX_TEST_DECREF_AC(goodPolicy);
- PKIX_TEST_DECREF_AC(equalPolicy);
- PKIX_TEST_DECREF_AC(diffPolicy);
- PKIX_TEST_DECREF_AC(goodPolicyInfo);
- PKIX_TEST_DECREF_AC(equalPolicyInfo);
- PKIX_TEST_DECREF_AC(diffPolicyInfo);
- PKIX_TEST_DECREF_AC(goodCert);
- PKIX_TEST_DECREF_AC(equalCert);
- PKIX_TEST_DECREF_AC(diffCert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(goodID);
+ PKIX_TEST_DECREF_AC(equalID);
+ PKIX_TEST_DECREF_AC(diffID);
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(diffPolicy);
+ PKIX_TEST_DECREF_AC(goodPolicyInfo);
+ PKIX_TEST_DECREF_AC(equalPolicyInfo);
+ PKIX_TEST_DECREF_AC(diffPolicyInfo);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_RETURN();
}
static void
testCertPolicy_GetPolQualifiers(char *dataDir)
{
- char *goodCertName =
- "UserNoticeQualifierTest15EE.crt";
- char *equalCertName =
- "UserNoticeQualifierTest16EE.crt";
- char *diffCertName =
- "UserNoticeQualifierTest18EE.crt";
- PKIX_Boolean isImmutable = PKIX_FALSE;
- PKIX_PL_Cert *goodCert = NULL;
- PKIX_PL_Cert *equalCert = NULL;
- PKIX_PL_Cert *diffCert = NULL;
- PKIX_List* goodPolicyInfo = NULL;
- PKIX_List* equalPolicyInfo = NULL;
- PKIX_List* diffPolicyInfo = NULL;
- PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
- PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
- PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
- PKIX_List* goodQuals = NULL;
- PKIX_List* equalQuals = NULL;
- PKIX_List* diffQuals = NULL;
-
- PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_CertPolicyInfo_GetPolQualifiers");
-
- /*
+ char *goodCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *equalCertName =
+ "UserNoticeQualifierTest16EE.crt";
+ char *diffCertName =
+ "UserNoticeQualifierTest18EE.crt";
+ PKIX_Boolean isImmutable = PKIX_FALSE;
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_List *goodPolicyInfo = NULL;
+ PKIX_List *equalPolicyInfo = NULL;
+ PKIX_List *diffPolicyInfo = NULL;
+ PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+ PKIX_List *goodQuals = NULL;
+ PKIX_List *equalQuals = NULL;
+ PKIX_List *diffQuals = NULL;
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_CertPolicyInfo_GetPolQualifiers");
+
+ /*
* Get the cert, then the list of policyInfos.
* Take the first policyInfo from the list.
* Get its list of PolicyQualifiers.
*/
- /* Get the PolicyInfo objects */
- goodCert = createCert(dataDir, goodCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (goodCert, &goodPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (goodPolicy, &goodQuals, plContext));
-
- equalCert = createCert(dataDir, equalCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (equalCert, &equalPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (equalPolicyInfo,
- 0,
- (PKIX_PL_Object **)&equalPolicy,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (equalPolicy, &equalQuals, plContext));
-
- diffCert = createCert(dataDir, diffCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (diffCert, &diffPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (diffPolicy, &diffQuals, plContext));
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodQuals,
- equalQuals,
- diffQuals,
- NULL,
- List,
- PKIX_FALSE);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable
- (goodQuals, &isImmutable, plContext));
-
- if (isImmutable != PKIX_TRUE) {
- testError("PolicyQualifier List is not immutable");
- }
+ /* Get the PolicyInfo objects */
+ goodCert = createCert(dataDir, goodCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
+
+ equalCert = createCert(dataDir, equalCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+ 0,
+ (PKIX_PL_Object **)&equalPolicy,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
+
+ diffCert = createCert(dataDir, diffCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodQuals,
+ equalQuals,
+ diffQuals,
+ NULL,
+ List,
+ PKIX_FALSE);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodQuals, &isImmutable, plContext));
+
+ if (isImmutable != PKIX_TRUE) {
+ testError("PolicyQualifier List is not immutable");
+ }
cleanup:
- PKIX_TEST_DECREF_AC(goodCert);
- PKIX_TEST_DECREF_AC(goodPolicyInfo);
- PKIX_TEST_DECREF_AC(goodPolicy);
- PKIX_TEST_DECREF_AC(goodQuals);
- PKIX_TEST_DECREF_AC(equalCert);
- PKIX_TEST_DECREF_AC(equalPolicyInfo);
- PKIX_TEST_DECREF_AC(equalQuals);
- PKIX_TEST_DECREF_AC(equalPolicy);
- PKIX_TEST_DECREF_AC(diffCert);
- PKIX_TEST_DECREF_AC(diffPolicyInfo);
- PKIX_TEST_DECREF_AC(diffPolicy);
- PKIX_TEST_DECREF_AC(diffQuals);
-
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(goodPolicyInfo);
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(goodQuals);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(equalPolicyInfo);
+ PKIX_TEST_DECREF_AC(equalQuals);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_DECREF_AC(diffPolicyInfo);
+ PKIX_TEST_DECREF_AC(diffPolicy);
+ PKIX_TEST_DECREF_AC(diffQuals);
+
+ PKIX_TEST_RETURN();
}
static void
testPolicyQualifier_GetQualifier(char *dataDir)
{
- char *goodCertName =
- "UserNoticeQualifierTest15EE.crt";
- char *equalCertName =
- "UserNoticeQualifierTest16EE.crt";
- char *diffCertName =
- "UserNoticeQualifierTest18EE.crt";
- PKIX_PL_Cert *goodCert = NULL;
- PKIX_PL_Cert *equalCert = NULL;
- PKIX_PL_Cert *diffCert = NULL;
- PKIX_List* goodPolicyInfo = NULL;
- PKIX_List* equalPolicyInfo = NULL;
- PKIX_List* diffPolicyInfo = NULL;
- PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
- PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
- PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
- PKIX_List* goodQuals = NULL;
- PKIX_List* equalQuals = NULL;
- PKIX_List* diffQuals = NULL;
- PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL;
- PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL;
- PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL;
- PKIX_PL_ByteArray *goodArray = NULL;
- PKIX_PL_ByteArray *equalArray = NULL;
- PKIX_PL_ByteArray *diffArray = NULL;
-
- PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_PolicyQualifier_GetQualifier");
-
- /*
+ char *goodCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *equalCertName =
+ "UserNoticeQualifierTest16EE.crt";
+ char *diffCertName =
+ "UserNoticeQualifierTest18EE.crt";
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_List *goodPolicyInfo = NULL;
+ PKIX_List *equalPolicyInfo = NULL;
+ PKIX_List *diffPolicyInfo = NULL;
+ PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+ PKIX_List *goodQuals = NULL;
+ PKIX_List *equalQuals = NULL;
+ PKIX_List *diffQuals = NULL;
+ PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL;
+ PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL;
+ PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL;
+ PKIX_PL_ByteArray *goodArray = NULL;
+ PKIX_PL_ByteArray *equalArray = NULL;
+ PKIX_PL_ByteArray *diffArray = NULL;
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_PolicyQualifier_GetQualifier");
+
+ /*
* Get the cert, then the list of policyInfos.
* Take the first policyInfo from the list.
* Get its list of PolicyQualifiers.
@@ -1657,119 +1490,100 @@ testPolicyQualifier_GetQualifier(char *dataDir)
* Finally, get the policyQualifier's ByteArray.
*/
- /* Get the PolicyInfo objects */
- goodCert = createCert(dataDir, goodCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (goodCert, &goodPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (goodPolicy, &goodQuals, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (goodQuals,
- 0,
- (PKIX_PL_Object **)&goodPolQualifier,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier
- (goodPolQualifier, &goodArray, plContext));
-
- equalCert = createCert(dataDir, equalCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (equalCert, &equalPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (equalPolicyInfo,
- 0,
- (PKIX_PL_Object **)&equalPolicy,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (equalPolicy, &equalQuals, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (equalQuals,
- 0,
- (PKIX_PL_Object **)&equalPolQualifier,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier
- (equalPolQualifier, &equalArray, plContext));
-
- diffCert = createCert(dataDir, diffCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (diffCert, &diffPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (diffPolicy, &diffQuals, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (diffQuals,
- 0,
- (PKIX_PL_Object **)&diffPolQualifier,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier
- (diffPolQualifier, &diffArray, plContext));
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodArray, equalArray, diffArray, NULL, ByteArray, PKIX_FALSE);
+ /* Get the PolicyInfo objects */
+ goodCert = createCert(dataDir, goodCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals,
+ 0,
+ (PKIX_PL_Object **)&goodPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(goodPolQualifier, &goodArray, plContext));
+
+ equalCert = createCert(dataDir, equalCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+ 0,
+ (PKIX_PL_Object **)&equalPolicy,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals,
+ 0,
+ (PKIX_PL_Object **)&equalPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(equalPolQualifier, &equalArray, plContext));
+
+ diffCert = createCert(dataDir, diffCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals,
+ 0,
+ (PKIX_PL_Object **)&diffPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(diffPolQualifier, &diffArray, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodArray, equalArray, diffArray, NULL, ByteArray, PKIX_FALSE);
cleanup:
- PKIX_TEST_DECREF_AC(goodArray);
- PKIX_TEST_DECREF_AC(equalArray);
- PKIX_TEST_DECREF_AC(diffArray);
- PKIX_TEST_DECREF_AC(goodPolQualifier);
- PKIX_TEST_DECREF_AC(equalPolQualifier);
- PKIX_TEST_DECREF_AC(diffPolQualifier);
- PKIX_TEST_DECREF_AC(goodQuals);
- PKIX_TEST_DECREF_AC(equalQuals);
- PKIX_TEST_DECREF_AC(diffQuals);
- PKIX_TEST_DECREF_AC(goodPolicy);
- PKIX_TEST_DECREF_AC(equalPolicy);
- PKIX_TEST_DECREF_AC(diffPolicy);
- PKIX_TEST_DECREF_AC(goodPolicyInfo);
- PKIX_TEST_DECREF_AC(equalPolicyInfo);
- PKIX_TEST_DECREF_AC(diffPolicyInfo);
- PKIX_TEST_DECREF_AC(goodCert);
- PKIX_TEST_DECREF_AC(equalCert);
- PKIX_TEST_DECREF_AC(diffCert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(goodArray);
+ PKIX_TEST_DECREF_AC(equalArray);
+ PKIX_TEST_DECREF_AC(diffArray);
+ PKIX_TEST_DECREF_AC(goodPolQualifier);
+ PKIX_TEST_DECREF_AC(equalPolQualifier);
+ PKIX_TEST_DECREF_AC(diffPolQualifier);
+ PKIX_TEST_DECREF_AC(goodQuals);
+ PKIX_TEST_DECREF_AC(equalQuals);
+ PKIX_TEST_DECREF_AC(diffQuals);
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(diffPolicy);
+ PKIX_TEST_DECREF_AC(goodPolicyInfo);
+ PKIX_TEST_DECREF_AC(equalPolicyInfo);
+ PKIX_TEST_DECREF_AC(diffPolicyInfo);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_RETURN();
}
static void
testPolicyQualifier_GetPolicyQualifierId(char *dataDir)
{
- char *goodCertName =
- "UserNoticeQualifierTest15EE.crt";
- char *equalCertName =
- "UserNoticeQualifierTest16EE.crt";
- char *diffCertName =
- "CPSPointerQualifierTest20EE.crt";
- PKIX_PL_Cert *goodCert = NULL;
- PKIX_PL_Cert *equalCert = NULL;
- PKIX_PL_Cert *diffCert = NULL;
- PKIX_List* goodPolicyInfo = NULL;
- PKIX_List* equalPolicyInfo = NULL;
- PKIX_List* diffPolicyInfo = NULL;
- PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
- PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
- PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
- PKIX_List* goodQuals = NULL;
- PKIX_List* equalQuals = NULL;
- PKIX_List* diffQuals = NULL;
- PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL;
- PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL;
- PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL;
- PKIX_PL_OID *goodID = NULL;
- PKIX_PL_OID *equalID = NULL;
- PKIX_PL_OID *diffID = NULL;
-
- PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_PolicyQualifier_GetPolicyQualifierId");
-
- /*
+ char *goodCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *equalCertName =
+ "UserNoticeQualifierTest16EE.crt";
+ char *diffCertName =
+ "CPSPointerQualifierTest20EE.crt";
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_List *goodPolicyInfo = NULL;
+ PKIX_List *equalPolicyInfo = NULL;
+ PKIX_List *diffPolicyInfo = NULL;
+ PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+ PKIX_List *goodQuals = NULL;
+ PKIX_List *equalQuals = NULL;
+ PKIX_List *diffQuals = NULL;
+ PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL;
+ PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL;
+ PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL;
+ PKIX_PL_OID *goodID = NULL;
+ PKIX_PL_OID *equalID = NULL;
+ PKIX_PL_OID *diffID = NULL;
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_PolicyQualifier_GetPolicyQualifierId");
+
+ /*
* Get the cert, then the list of policyInfos.
* Take the first policyInfo from the list.
* Get its list of PolicyQualifiers.
@@ -1777,551 +1591,498 @@ testPolicyQualifier_GetPolicyQualifierId(char *dataDir)
* Finally, get the policyQualifier's ID.
*/
- /* Get the PolicyQualifier objects */
- goodCert = createCert(dataDir, goodCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (goodCert, &goodPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (goodPolicy, &goodQuals, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (goodQuals,
- 0,
- (PKIX_PL_Object **)&goodPolQualifier,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId
- (goodPolQualifier, &goodID, plContext));
-
- equalCert = createCert(dataDir, equalCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (equalCert, &equalPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (equalPolicyInfo,
- 0,
- (PKIX_PL_Object **)&equalPolicy,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (equalPolicy, &equalQuals, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (equalQuals,
- 0,
- (PKIX_PL_Object **)&equalPolQualifier,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId
- (equalPolQualifier, &equalID, plContext));
-
- diffCert = createCert(dataDir, diffCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
- (diffCert, &diffPolicyInfo, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (diffPolicy, &diffQuals, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (diffQuals,
- 0,
- (PKIX_PL_Object **)&diffPolQualifier,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId
- (diffPolQualifier, &diffID, plContext));
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodID, equalID, diffID, NULL, OID, PKIX_FALSE);
+ /* Get the PolicyQualifier objects */
+ goodCert = createCert(dataDir, goodCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals,
+ 0,
+ (PKIX_PL_Object **)&goodPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(goodPolQualifier, &goodID, plContext));
+
+ equalCert = createCert(dataDir, equalCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+ 0,
+ (PKIX_PL_Object **)&equalPolicy,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals,
+ 0,
+ (PKIX_PL_Object **)&equalPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(equalPolQualifier, &equalID, plContext));
+
+ diffCert = createCert(dataDir, diffCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals,
+ 0,
+ (PKIX_PL_Object **)&diffPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(diffPolQualifier, &diffID, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE);
cleanup:
- PKIX_TEST_DECREF_AC(goodID);
- PKIX_TEST_DECREF_AC(equalID);
- PKIX_TEST_DECREF_AC(diffID);
- PKIX_TEST_DECREF_AC(goodPolQualifier);
- PKIX_TEST_DECREF_AC(equalPolQualifier);
- PKIX_TEST_DECREF_AC(diffPolQualifier);
- PKIX_TEST_DECREF_AC(goodQuals);
- PKIX_TEST_DECREF_AC(equalQuals);
- PKIX_TEST_DECREF_AC(diffQuals);
- PKIX_TEST_DECREF_AC(goodPolicy);
- PKIX_TEST_DECREF_AC(equalPolicy);
- PKIX_TEST_DECREF_AC(diffPolicy);
- PKIX_TEST_DECREF_AC(goodPolicyInfo);
- PKIX_TEST_DECREF_AC(equalPolicyInfo);
- PKIX_TEST_DECREF_AC(diffPolicyInfo);
- PKIX_TEST_DECREF_AC(goodCert);
- PKIX_TEST_DECREF_AC(equalCert);
- PKIX_TEST_DECREF_AC(diffCert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(goodID);
+ PKIX_TEST_DECREF_AC(equalID);
+ PKIX_TEST_DECREF_AC(diffID);
+ PKIX_TEST_DECREF_AC(goodPolQualifier);
+ PKIX_TEST_DECREF_AC(equalPolQualifier);
+ PKIX_TEST_DECREF_AC(diffPolQualifier);
+ PKIX_TEST_DECREF_AC(goodQuals);
+ PKIX_TEST_DECREF_AC(equalQuals);
+ PKIX_TEST_DECREF_AC(diffQuals);
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(diffPolicy);
+ PKIX_TEST_DECREF_AC(goodPolicyInfo);
+ PKIX_TEST_DECREF_AC(equalPolicyInfo);
+ PKIX_TEST_DECREF_AC(diffPolicyInfo);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_RETURN();
}
static void
testAreCertPoliciesCritical(char *dataCentralDir, char *dataDir)
{
- char *trueCertName = "CertificatePoliciesCritical.crt";
- char *falseCertName = "UserNoticeQualifierTest15EE.crt";
- PKIX_PL_Cert *trueCert = NULL;
- PKIX_PL_Cert *falseCert = NULL;
- PKIX_Boolean trueVal = PKIX_FALSE;
- PKIX_Boolean falseVal = PKIX_FALSE;
+ char *trueCertName = "CertificatePoliciesCritical.crt";
+ char *falseCertName = "UserNoticeQualifierTest15EE.crt";
+ PKIX_PL_Cert *trueCert = NULL;
+ PKIX_PL_Cert *falseCert = NULL;
+ PKIX_Boolean trueVal = PKIX_FALSE;
+ PKIX_Boolean falseVal = PKIX_FALSE;
- PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <true>");
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <true>");
- trueCert = createCert(dataCentralDir, trueCertName, plContext);
+ trueCert = createCert(dataCentralDir, trueCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical
- (trueCert, &trueVal, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(trueCert, &trueVal, plContext));
- if (trueVal != PKIX_TRUE) {
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%d\n", trueVal);
- (void) printf("Expected value:\t1\n");
- goto cleanup;
- }
+ if (trueVal != PKIX_TRUE) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", trueVal);
+ (void)printf("Expected value:\t1\n");
+ goto cleanup;
+ }
- subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <false>");
+ subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <false>");
- falseCert = createCert(dataDir, falseCertName, plContext);
+ falseCert = createCert(dataDir, falseCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical
- (falseCert, &falseVal, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(falseCert, &falseVal, plContext));
- if (falseVal != PKIX_FALSE) {
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%d\n", falseVal);
- (void) printf("Expected value:\t0\n");
- goto cleanup;
- }
+ if (falseVal != PKIX_FALSE) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", falseVal);
+ (void)printf("Expected value:\t0\n");
+ goto cleanup;
+ }
cleanup:
- PKIX_TEST_DECREF_AC(trueCert);
- PKIX_TEST_DECREF_AC(falseCert);
+ PKIX_TEST_DECREF_AC(trueCert);
+ PKIX_TEST_DECREF_AC(falseCert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testCertPolicyConstraints(char *dataDir)
{
- char *requireExplicitPolicy2CertName =
- "requireExplicitPolicy2CACert.crt";
- char *inhibitPolicyMapping5CertName =
- "inhibitPolicyMapping5CACert.crt";
- char *inhibitAnyPolicy5CertName =
- "inhibitAnyPolicy5CACert.crt";
- char *inhibitAnyPolicy0CertName =
- "inhibitAnyPolicy0CACert.crt";
- PKIX_PL_Cert *requireExplicitPolicy2Cert = NULL;
- PKIX_PL_Cert *inhibitPolicyMapping5Cert = NULL;
- PKIX_PL_Cert *inhibitAnyPolicy5Cert = NULL;
- PKIX_PL_Cert *inhibitAnyPolicy0Cert = NULL;
- PKIX_Int32 skipCerts = 0;
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_Cert_GetRequireExplicitPolicy");
- requireExplicitPolicy2Cert = createCert
- (dataDir, requireExplicitPolicy2CertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetRequireExplicitPolicy
- (requireExplicitPolicy2Cert, &skipCerts, NULL));
- PR_ASSERT(skipCerts == 2);
-
- subTest("PKIX_PL_Cert_GetPolicyMappingInhibited");
- inhibitPolicyMapping5Cert = createCert
- (dataDir, inhibitPolicyMapping5CertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappingInhibited
- (inhibitPolicyMapping5Cert, &skipCerts, NULL));
- PR_ASSERT(skipCerts == 5);
-
- subTest("PKIX_PL_Cert_GetInhibitAnyPolicy");
- inhibitAnyPolicy5Cert = createCert
- (dataDir, inhibitAnyPolicy5CertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy
- (inhibitAnyPolicy5Cert, &skipCerts, NULL));
- PR_ASSERT(skipCerts == 5);
-
- inhibitAnyPolicy0Cert = createCert
- (dataDir, inhibitAnyPolicy0CertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy
- (inhibitAnyPolicy0Cert, &skipCerts, NULL));
- PR_ASSERT(skipCerts == 0);
+ char *requireExplicitPolicy2CertName =
+ "requireExplicitPolicy2CACert.crt";
+ char *inhibitPolicyMapping5CertName =
+ "inhibitPolicyMapping5CACert.crt";
+ char *inhibitAnyPolicy5CertName =
+ "inhibitAnyPolicy5CACert.crt";
+ char *inhibitAnyPolicy0CertName =
+ "inhibitAnyPolicy0CACert.crt";
+ PKIX_PL_Cert *requireExplicitPolicy2Cert = NULL;
+ PKIX_PL_Cert *inhibitPolicyMapping5Cert = NULL;
+ PKIX_PL_Cert *inhibitAnyPolicy5Cert = NULL;
+ PKIX_PL_Cert *inhibitAnyPolicy0Cert = NULL;
+ PKIX_Int32 skipCerts = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetRequireExplicitPolicy");
+ requireExplicitPolicy2Cert = createCert(dataDir, requireExplicitPolicy2CertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetRequireExplicitPolicy(requireExplicitPolicy2Cert, &skipCerts, NULL));
+ PR_ASSERT(skipCerts == 2);
+
+ subTest("PKIX_PL_Cert_GetPolicyMappingInhibited");
+ inhibitPolicyMapping5Cert = createCert(dataDir, inhibitPolicyMapping5CertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappingInhibited(inhibitPolicyMapping5Cert, &skipCerts, NULL));
+ PR_ASSERT(skipCerts == 5);
+
+ subTest("PKIX_PL_Cert_GetInhibitAnyPolicy");
+ inhibitAnyPolicy5Cert = createCert(dataDir, inhibitAnyPolicy5CertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy5Cert, &skipCerts, NULL));
+ PR_ASSERT(skipCerts == 5);
+
+ inhibitAnyPolicy0Cert = createCert(dataDir, inhibitAnyPolicy0CertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy0Cert, &skipCerts, NULL));
+ PR_ASSERT(skipCerts == 0);
cleanup:
- PKIX_TEST_DECREF_AC(requireExplicitPolicy2Cert);
- PKIX_TEST_DECREF_AC(inhibitPolicyMapping5Cert);
- PKIX_TEST_DECREF_AC(inhibitAnyPolicy5Cert);
- PKIX_TEST_DECREF_AC(inhibitAnyPolicy0Cert);
+ PKIX_TEST_DECREF_AC(requireExplicitPolicy2Cert);
+ PKIX_TEST_DECREF_AC(inhibitPolicyMapping5Cert);
+ PKIX_TEST_DECREF_AC(inhibitAnyPolicy5Cert);
+ PKIX_TEST_DECREF_AC(inhibitAnyPolicy0Cert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testCertPolicyMaps(char *dataDir)
{
- char *policyMappingsCertName =
- "P1Mapping1to234CACert.crt";
- char *expectedAscii =
- "2.16.840.1.101.3.2.1.48.1=>2.16.840.1.101.3.2.1.48.2";
-
- PKIX_PL_Cert *policyMappingsCert = NULL;
- PKIX_List *mappings = NULL;
- PKIX_PL_CertPolicyMap *goodMap = NULL;
- PKIX_PL_CertPolicyMap *equalMap = NULL;
- PKIX_PL_CertPolicyMap *diffMap = NULL;
- PKIX_PL_OID *goodOID = NULL;
- PKIX_PL_OID *equalOID = NULL;
- PKIX_PL_OID *diffOID = NULL;
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_Cert_GetPolicyMappings");
-
- policyMappingsCert = createCert
- (dataDir, policyMappingsCertName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappings
- (policyMappingsCert, &mappings, NULL));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (mappings, 0, (PKIX_PL_Object **)&goodMap, NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (mappings, 0, (PKIX_PL_Object **)&equalMap, NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (mappings, 2, (PKIX_PL_Object **)&diffMap, NULL));
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodMap,
- equalMap,
- diffMap,
- expectedAscii,
- CertPolicyMap,
- PKIX_TRUE);
-
- subTest("PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
- (goodMap, &goodOID, NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
- (diffMap, &equalOID, NULL));
- subTest("PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
- (diffMap, &diffOID, NULL));
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodOID,
- equalOID,
- diffOID,
- "2.16.840.1.101.3.2.1.48.1",
- OID,
- PKIX_FALSE);
-
- subTest("pkix_pl_CertPolicyMap_Destroy");
- PKIX_TEST_DECREF_BC(goodMap);
- PKIX_TEST_DECREF_BC(equalMap);
- PKIX_TEST_DECREF_BC(diffMap);
+ char *policyMappingsCertName =
+ "P1Mapping1to234CACert.crt";
+ char *expectedAscii =
+ "2.16.840.1.101.3.2.1.48.1=>2.16.840.1.101.3.2.1.48.2";
+
+ PKIX_PL_Cert *policyMappingsCert = NULL;
+ PKIX_List *mappings = NULL;
+ PKIX_PL_CertPolicyMap *goodMap = NULL;
+ PKIX_PL_CertPolicyMap *equalMap = NULL;
+ PKIX_PL_CertPolicyMap *diffMap = NULL;
+ PKIX_PL_OID *goodOID = NULL;
+ PKIX_PL_OID *equalOID = NULL;
+ PKIX_PL_OID *diffOID = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetPolicyMappings");
+
+ policyMappingsCert = createCert(dataDir, policyMappingsCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappings(policyMappingsCert, &mappings, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&goodMap, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&equalMap, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 2, (PKIX_PL_Object **)&diffMap, NULL));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodMap,
+ equalMap,
+ diffMap,
+ expectedAscii,
+ CertPolicyMap,
+ PKIX_TRUE);
+
+ subTest("PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(goodMap, &goodOID, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(diffMap, &equalOID, NULL));
+ subTest("PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(diffMap, &diffOID, NULL));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodOID,
+ equalOID,
+ diffOID,
+ "2.16.840.1.101.3.2.1.48.1",
+ OID,
+ PKIX_FALSE);
+
+ subTest("pkix_pl_CertPolicyMap_Destroy");
+ PKIX_TEST_DECREF_BC(goodMap);
+ PKIX_TEST_DECREF_BC(equalMap);
+ PKIX_TEST_DECREF_BC(diffMap);
cleanup:
- PKIX_TEST_DECREF_AC(policyMappingsCert);
- PKIX_TEST_DECREF_AC(mappings);
- PKIX_TEST_DECREF_AC(goodOID);
- PKIX_TEST_DECREF_AC(equalOID);
- PKIX_TEST_DECREF_AC(diffOID);
+ PKIX_TEST_DECREF_AC(policyMappingsCert);
+ PKIX_TEST_DECREF_AC(mappings);
+ PKIX_TEST_DECREF_AC(goodOID);
+ PKIX_TEST_DECREF_AC(equalOID);
+ PKIX_TEST_DECREF_AC(diffOID);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-
static void
testNameConstraints(char *dataDir)
{
- char *firstPname = "nameConstraintsDN3subCA2Cert.crt";
- char *secondPname = "nameConstraintsDN4CACert.crt";
- char *thirdPname = "nameConstraintsDN5CACert.crt";
- char *lastPname = "InvalidDNnameConstraintsTest3EE.crt";
- PKIX_PL_Cert *firstCert = NULL;
- PKIX_PL_Cert *secondCert = NULL;
- PKIX_PL_Cert *thirdCert = NULL;
- PKIX_PL_Cert *lastCert = NULL;
- PKIX_PL_CertNameConstraints *firstNC = NULL;
- PKIX_PL_CertNameConstraints *secondNC = NULL;
- PKIX_PL_CertNameConstraints *thirdNC = NULL;
- PKIX_PL_CertNameConstraints *firstMergedNC = NULL;
- PKIX_PL_CertNameConstraints *secondMergedNC = NULL;
- char *firstExpectedAscii =
- "[\n"
- "\t\tPermitted Name: (O=Test Certificates,C=US)\n"
- "\t\tExcluded Name: (OU=excludedSubtree1,O=Test Certificates,"
- "C=US, OU=excludedSubtree2,O=Test Certificates,C=US)\n"
- "\t]\n";
- char *secondExpectedAscii =
- "[\n"
- "\t\tPermitted Name: (O=Test Certificates,C=US, "
- "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
- "\t\tExcluded Name: (OU=excludedSubtree1,"
- "O=Test Certificates,"
- "C=US, OU=excludedSubtree2,O=Test Certificates,C=US, "
- "OU=excludedSubtree1,OU=permittedSubtree1,"
- "O=Test Certificates,C=US)\n"
- "\t]\n";
-
- PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_CertNameConstraints");
-
- firstCert = createCert(dataDir, firstPname, plContext);
- secondCert = createCert(dataDir, secondPname, plContext);
- thirdCert = createCert(dataDir, thirdPname, plContext);
- lastCert = createCert(dataDir, lastPname, plContext);
-
- subTest("PKIX_PL_Cert_GetNameConstraints <total=3>");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (firstCert, &firstNC, NULL));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (secondCert, &secondNC, NULL));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (thirdCert, &thirdNC, NULL));
-
- subTest("PKIX_PL_Cert_MergeNameConstraints <1st and 2nd>");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints
- (firstNC, secondNC, &firstMergedNC, NULL));
-
- subTest("PKIX_PL_Cert_MergeNameConstraints <1st+2nd and 3rd>");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints
- (firstMergedNC, thirdNC, &secondMergedNC, NULL));
-
- testToStringHelper
- ((PKIX_PL_Object *)firstMergedNC,
- firstExpectedAscii,
- plContext);
-
- testToStringHelper
- ((PKIX_PL_Object *)secondMergedNC,
- secondExpectedAscii,
- plContext);
-
- subTest("PKIX_PL_Cert_CheckNameConstraints <permitted>");
-
- /* Subject: CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckNameConstraints
- (firstCert, firstMergedNC, NULL));
-
- subTest("PKIX_PL_Cert_CheckNameConstraints <OU in excluded>");
-
- /*
+ char *firstPname = "nameConstraintsDN3subCA2Cert.crt";
+ char *secondPname = "nameConstraintsDN4CACert.crt";
+ char *thirdPname = "nameConstraintsDN5CACert.crt";
+ char *lastPname = "InvalidDNnameConstraintsTest3EE.crt";
+ PKIX_PL_Cert *firstCert = NULL;
+ PKIX_PL_Cert *secondCert = NULL;
+ PKIX_PL_Cert *thirdCert = NULL;
+ PKIX_PL_Cert *lastCert = NULL;
+ PKIX_PL_CertNameConstraints *firstNC = NULL;
+ PKIX_PL_CertNameConstraints *secondNC = NULL;
+ PKIX_PL_CertNameConstraints *thirdNC = NULL;
+ PKIX_PL_CertNameConstraints *firstMergedNC = NULL;
+ PKIX_PL_CertNameConstraints *secondMergedNC = NULL;
+ char *firstExpectedAscii =
+ "[\n"
+ "\t\tPermitted Name: (O=Test Certificates,C=US)\n"
+ "\t\tExcluded Name: (OU=excludedSubtree1,O=Test Certificates,"
+ "C=US, OU=excludedSubtree2,O=Test Certificates,C=US)\n"
+ "\t]\n";
+ char *secondExpectedAscii =
+ "[\n"
+ "\t\tPermitted Name: (O=Test Certificates,C=US, "
+ "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
+ "\t\tExcluded Name: (OU=excludedSubtree1,"
+ "O=Test Certificates,"
+ "C=US, OU=excludedSubtree2,O=Test Certificates,C=US, "
+ "OU=excludedSubtree1,OU=permittedSubtree1,"
+ "O=Test Certificates,C=US)\n"
+ "\t]\n";
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_CertNameConstraints");
+
+ firstCert = createCert(dataDir, firstPname, plContext);
+ secondCert = createCert(dataDir, secondPname, plContext);
+ thirdCert = createCert(dataDir, thirdPname, plContext);
+ lastCert = createCert(dataDir, lastPname, plContext);
+
+ subTest("PKIX_PL_Cert_GetNameConstraints <total=3>");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(firstCert, &firstNC, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(secondCert, &secondNC, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(thirdCert, &thirdNC, NULL));
+
+ subTest("PKIX_PL_Cert_MergeNameConstraints <1st and 2nd>");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstNC, secondNC, &firstMergedNC, NULL));
+
+ subTest("PKIX_PL_Cert_MergeNameConstraints <1st+2nd and 3rd>");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstMergedNC, thirdNC, &secondMergedNC, NULL));
+
+ testToStringHelper((PKIX_PL_Object *)firstMergedNC,
+ firstExpectedAscii,
+ plContext);
+
+ testToStringHelper((PKIX_PL_Object *)secondMergedNC,
+ secondExpectedAscii,
+ plContext);
+
+ subTest("PKIX_PL_Cert_CheckNameConstraints <permitted>");
+
+ /* Subject: CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, firstMergedNC, NULL));
+
+ subTest("PKIX_PL_Cert_CheckNameConstraints <OU in excluded>");
+
+ /*
* Subject: CN=Invalid DN nameConstraints EE Certificate Test3,
* OU=permittedSubtree1,O=Test Certificates,C=US
*/
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints
- (lastCert, secondMergedNC, NULL));
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, secondMergedNC, NULL));
- subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>");
+ subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>");
- /*
+ /*
* Subject: CN=Invalid DN nameConstraints EE Certificate Test3,
* OU=permittedSubtree1,O=Test Certificates,C=US
* SubjectAltNames: CN=Invalid DN nameConstraints EE Certificate
* Test3,OU=excludedSubtree1,O=Test Certificates,C=US
*/
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints
- (lastCert, firstMergedNC, NULL));
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, firstMergedNC, NULL));
- subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>");
+ subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>");
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints
- (firstCert, secondMergedNC, NULL));
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, secondMergedNC, NULL));
cleanup:
- PKIX_TEST_DECREF_AC(firstCert);
- PKIX_TEST_DECREF_AC(secondCert);
- PKIX_TEST_DECREF_AC(thirdCert);
- PKIX_TEST_DECREF_AC(lastCert);
- PKIX_TEST_DECREF_AC(firstNC);
- PKIX_TEST_DECREF_AC(secondNC);
- PKIX_TEST_DECREF_AC(thirdNC);
- PKIX_TEST_DECREF_AC(firstMergedNC);
- PKIX_TEST_DECREF_AC(secondMergedNC);
-
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(firstCert);
+ PKIX_TEST_DECREF_AC(secondCert);
+ PKIX_TEST_DECREF_AC(thirdCert);
+ PKIX_TEST_DECREF_AC(lastCert);
+ PKIX_TEST_DECREF_AC(firstNC);
+ PKIX_TEST_DECREF_AC(secondNC);
+ PKIX_TEST_DECREF_AC(thirdNC);
+ PKIX_TEST_DECREF_AC(firstMergedNC);
+ PKIX_TEST_DECREF_AC(secondMergedNC);
+
+ PKIX_TEST_RETURN();
}
static void
testDestroy(void *goodObject, void *equalObject, void *diffObject)
{
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_Cert_Destroy");
-
- PKIX_TEST_DECREF_BC(goodObject);
- PKIX_TEST_DECREF_BC(equalObject);
- PKIX_TEST_DECREF_BC(diffObject);
-
- PKIX_TEST_DECREF_BC(altNameNoneCert);
- PKIX_TEST_DECREF_BC(altNameOtherCert);
- PKIX_TEST_DECREF_BC(altNameOtherCert_diff);
- PKIX_TEST_DECREF_BC(altNameRfc822Cert);
- PKIX_TEST_DECREF_BC(altNameRfc822Cert_diff);
- PKIX_TEST_DECREF_BC(altNameDnsCert);
- PKIX_TEST_DECREF_BC(altNameDnsCert_diff);
- PKIX_TEST_DECREF_BC(altNameX400Cert);
- PKIX_TEST_DECREF_BC(altNameX400Cert_diff);
- PKIX_TEST_DECREF_BC(altNameDnCert);
- PKIX_TEST_DECREF_BC(altNameDnCert_diff);
- PKIX_TEST_DECREF_BC(altNameEdiCert);
- PKIX_TEST_DECREF_BC(altNameEdiCert_diff);
- PKIX_TEST_DECREF_BC(altNameUriCert);
- PKIX_TEST_DECREF_BC(altNameUriCert_diff);
- PKIX_TEST_DECREF_BC(altNameIpCert);
- PKIX_TEST_DECREF_BC(altNameIpCert_diff);
- PKIX_TEST_DECREF_BC(altNameOidCert);
- PKIX_TEST_DECREF_BC(altNameOidCert_diff);
- PKIX_TEST_DECREF_BC(altNameMultipleCert);
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Destroy");
+
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
+
+ PKIX_TEST_DECREF_BC(altNameNoneCert);
+ PKIX_TEST_DECREF_BC(altNameOtherCert);
+ PKIX_TEST_DECREF_BC(altNameOtherCert_diff);
+ PKIX_TEST_DECREF_BC(altNameRfc822Cert);
+ PKIX_TEST_DECREF_BC(altNameRfc822Cert_diff);
+ PKIX_TEST_DECREF_BC(altNameDnsCert);
+ PKIX_TEST_DECREF_BC(altNameDnsCert_diff);
+ PKIX_TEST_DECREF_BC(altNameX400Cert);
+ PKIX_TEST_DECREF_BC(altNameX400Cert_diff);
+ PKIX_TEST_DECREF_BC(altNameDnCert);
+ PKIX_TEST_DECREF_BC(altNameDnCert_diff);
+ PKIX_TEST_DECREF_BC(altNameEdiCert);
+ PKIX_TEST_DECREF_BC(altNameEdiCert_diff);
+ PKIX_TEST_DECREF_BC(altNameUriCert);
+ PKIX_TEST_DECREF_BC(altNameUriCert_diff);
+ PKIX_TEST_DECREF_BC(altNameIpCert);
+ PKIX_TEST_DECREF_BC(altNameIpCert_diff);
+ PKIX_TEST_DECREF_BC(altNameOidCert);
+ PKIX_TEST_DECREF_BC(altNameOidCert_diff);
+ PKIX_TEST_DECREF_BC(altNameMultipleCert);
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(void) {
- (void) printf("\nUSAGE:\ttest_cert <test-purpose> <data-central-dir> <data-dir>\n\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_cert <test-purpose> <data-central-dir> <data-dir>\n\n");
}
-int test_cert(int argc, char *argv[]) {
-
- PKIX_PL_Cert *goodObject = NULL;
- PKIX_PL_Cert *equalObject = NULL;
- PKIX_PL_Cert *diffObject = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- char *dataCentralDir = NULL;
- char *dataDir = NULL;
- char *goodInput = "yassir2bcn";
- char *diffInput = "nss2alice";
-
- char *expectedAscii =
- "[\n"
- "\tVersion: v3\n"
- "\tSerialNumber: 37bc66ec\n"
- "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
- "\tSubject: OU=bcn,OU=east,O=sun,C=us\n"
- "\tValidity: [From: Thu Aug 19, 1999\n"
+int
+test_cert(int argc, char *argv[])
+{
+
+ PKIX_PL_Cert *goodObject = NULL;
+ PKIX_PL_Cert *equalObject = NULL;
+ PKIX_PL_Cert *diffObject = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ char *dataCentralDir = NULL;
+ char *dataDir = NULL;
+ char *goodInput = "yassir2bcn";
+ char *diffInput = "nss2alice";
+
+ char *expectedAscii =
+ "[\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 37bc66ec\n"
+ "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tSubject: OU=bcn,OU=east,O=sun,C=us\n"
+ "\tValidity: [From: Thu Aug 19, 1999\n"
/* "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" */
- "\t To: Fri Aug 18, 2000]\n"
+ "\t To: Fri Aug 18, 2000]\n"
/* "\t To: Fri Aug 18 16:19:56 2000]\n" */
- "\tSubjectAltNames: (null)\n"
- "\tAuthorityKeyId: (null)\n"
- "\tSubjectKeyId: (null)\n"
- "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
- "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
- "\tExtKeyUsages: (null)\n"
- "\tBasicConstraint: CA(0)\n"
- "\tCertPolicyInfo: (null)\n"
- "\tPolicyMappings: (null)\n"
- "\tExplicitPolicy: -1\n"
- "\tInhibitMapping: -1\n"
- "\tInhibitAnyPolicy:-1\n"
- "\tNameConstraints: (null)\n"
- "\tAuthorityInfoAccess: (null)\n"
- "\tSubjectInfoAccess: (null)\n"
- "\tCacheFlag: 0\n"
- "]\n";
-
- PKIX_TEST_STD_VARS();
-
- startTests("Cert");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- if (argc < 3+j) {
- printUsage();
- return (0);
- }
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(0)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "\tAuthorityInfoAccess: (null)\n"
+ "\tSubjectInfoAccess: (null)\n"
+ "\tCacheFlag: 0\n"
+ "]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Cert");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 3 + j) {
+ printUsage();
+ return (0);
+ }
- dataCentralDir = argv[2+j];
- dataDir = argv[3+j];
+ dataCentralDir = argv[2 + j];
+ dataDir = argv[3 + j];
- createCerts
- (dataCentralDir,
+ createCerts(dataCentralDir,
goodInput,
diffInput,
&goodObject,
&equalObject,
&diffObject);
- testToStringHelper
- ((PKIX_PL_Object*)goodObject, expectedAscii, plContext);
+ testToStringHelper((PKIX_PL_Object *)goodObject, expectedAscii, plContext);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- equalObject,
- diffObject,
- expectedAscii,
- Cert,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ expectedAscii,
+ Cert,
+ PKIX_TRUE);
- testVerifyKeyUsage(dataCentralDir, dataDir, goodObject);
+ testVerifyKeyUsage(dataCentralDir, dataDir, goodObject);
+ testGetExtendedKeyUsage(dataCentralDir);
+ testGetKeyIdentifiers(dataCentralDir, goodObject);
- testGetExtendedKeyUsage(dataCentralDir);
- testGetKeyIdentifiers(dataCentralDir, goodObject);
+ testGetVersion(goodObject);
+ testGetSerialNumber(goodObject, equalObject, diffObject);
- testGetVersion(goodObject);
- testGetSerialNumber(goodObject, equalObject, diffObject);
+ testGetSubject(goodObject, equalObject, diffObject);
+ testGetIssuer(goodObject, equalObject, diffObject);
- testGetSubject(goodObject, equalObject, diffObject);
- testGetIssuer(goodObject, equalObject, diffObject);
+ testGetSubjectAltNames(dataCentralDir);
+ testGetCriticalExtensionOIDs(dataCentralDir, goodObject);
- testGetSubjectAltNames(dataCentralDir);
- testGetCriticalExtensionOIDs(dataCentralDir, goodObject);
+ testGetSubjectPublicKey(goodObject, equalObject, diffObject);
+ testGetSubjectPublicKeyAlgId(goodObject);
+ testMakeInheritedDSAPublicKey(dataCentralDir);
- testGetSubjectPublicKey(goodObject, equalObject, diffObject);
- testGetSubjectPublicKeyAlgId(goodObject);
- testMakeInheritedDSAPublicKey(dataCentralDir);
+ testCheckValidity(goodObject, diffObject);
- testCheckValidity(goodObject, diffObject);
+ testBasicConstraints_GetCAFlag(dataCentralDir);
+ testBasicConstraints_GetPathLenConstraint(dataCentralDir);
+ testGetBasicConstraints(dataCentralDir);
- testBasicConstraints_GetCAFlag(dataCentralDir);
- testBasicConstraints_GetPathLenConstraint(dataCentralDir);
- testGetBasicConstraints(dataCentralDir);
+ /* Basic Policy Processing */
+ testGetPolicyInformation(dataDir);
+ testCertPolicy_GetPolicyId(dataDir);
+ testCertPolicy_GetPolQualifiers(dataDir);
+ testPolicyQualifier_GetPolicyQualifierId(dataDir);
+ testPolicyQualifier_GetQualifier(dataDir);
+ testAreCertPoliciesCritical(dataCentralDir, dataDir);
- /* Basic Policy Processing */
- testGetPolicyInformation(dataDir);
- testCertPolicy_GetPolicyId(dataDir);
- testCertPolicy_GetPolQualifiers(dataDir);
- testPolicyQualifier_GetPolicyQualifierId(dataDir);
- testPolicyQualifier_GetQualifier(dataDir);
- testAreCertPoliciesCritical(dataCentralDir, dataDir);
+ /* Advanced Policy Processing */
+ testCertPolicyConstraints(dataDir);
+ testCertPolicyMaps(dataDir);
- /* Advanced Policy Processing */
- testCertPolicyConstraints(dataDir);
- testCertPolicyMaps(dataDir);
+ testNameConstraints(dataDir);
- testNameConstraints(dataDir);
+ testVerifySignature(dataCentralDir);
- testVerifySignature(dataCentralDir);
-
- testDestroy(goodObject, equalObject, diffObject);
+ testDestroy(goodObject, equalObject, diffObject);
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("Cert");
+ endTests("Cert");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/pki/test_crl.c b/cmd/libpkix/pkix_pl/pki/test_crl.c
index de711adfb..6372c7a37 100644
--- a/cmd/libpkix/pkix_pl/pki/test_crl.c
+++ b/cmd/libpkix/pkix_pl/pki/test_crl.c
@@ -13,296 +13,290 @@
static void *plContext = NULL;
-static
-void createCRLs(
- char *dataDir,
- char *goodInput,
- char *diffInput,
- PKIX_PL_CRL **goodObject,
- PKIX_PL_CRL **equalObject,
- PKIX_PL_CRL **diffObject)
+static void
+createCRLs(
+ char *dataDir,
+ char *goodInput,
+ char *diffInput,
+ PKIX_PL_CRL **goodObject,
+ PKIX_PL_CRL **equalObject,
+ PKIX_PL_CRL **diffObject)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_CRL_Create <goodObject>");
- *goodObject = createCRL(dataDir, goodInput, plContext);
+ subTest("PKIX_PL_CRL_Create <goodObject>");
+ *goodObject = createCRL(dataDir, goodInput, plContext);
- subTest("PKIX_PL_CRL_Create <equalObject>");
- *equalObject = createCRL(dataDir, goodInput, plContext);
+ subTest("PKIX_PL_CRL_Create <equalObject>");
+ *equalObject = createCRL(dataDir, goodInput, plContext);
- subTest("PKIX_PL_CRL_Create <diffObject>");
- *diffObject = createCRL(dataDir, diffInput, plContext);
+ subTest("PKIX_PL_CRL_Create <diffObject>");
+ *diffObject = createCRL(dataDir, diffInput, plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static void testGetCRLEntryForSerialNumber(
- PKIX_PL_CRL *goodObject)
+static void
+testGetCRLEntryForSerialNumber(
+ PKIX_PL_CRL *goodObject)
{
- PKIX_PL_BigInt *bigInt;
- PKIX_PL_String *bigIntString = NULL;
- PKIX_PL_CRLEntry *crlEntry = NULL;
- PKIX_PL_String *crlEntryString = NULL;
- char *snAscii = "3039";
- char *expectedAscii =
- "\n\t[\n"
- "\tSerialNumber: 3039\n"
- "\tReasonCode: 257\n"
- "\tRevocationDate: Fri Jan 07, 2005\n"
+ PKIX_PL_BigInt *bigInt;
+ PKIX_PL_String *bigIntString = NULL;
+ PKIX_PL_CRLEntry *crlEntry = NULL;
+ PKIX_PL_String *crlEntryString = NULL;
+ char *snAscii = "3039";
+ char *expectedAscii =
+ "\n\t[\n"
+ "\tSerialNumber: 3039\n"
+ "\tReasonCode: 257\n"
+ "\tRevocationDate: Fri Jan 07, 2005\n"
/* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */
- "\tCritExtOIDs: (EMPTY)\n"
- "\t]\n\t";
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n\t";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber");
+ subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- snAscii,
- PL_strlen(snAscii),
- &bigIntString,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ snAscii,
+ PL_strlen(snAscii),
+ &bigIntString,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
- bigIntString,
- &bigInt,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
+ bigIntString,
+ &bigInt,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
- goodObject, bigInt, &crlEntry, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+ goodObject, bigInt, &crlEntry, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(
- (PKIX_PL_Object *)crlEntry,
- &crlEntryString,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(
+ (PKIX_PL_Object *)crlEntry,
+ &crlEntryString,
+ plContext));
- testToStringHelper((PKIX_PL_Object *)crlEntryString,
- expectedAscii, plContext);
+ testToStringHelper((PKIX_PL_Object *)crlEntryString,
+ expectedAscii, plContext);
cleanup:
- PKIX_TEST_DECREF_AC(bigIntString);
- PKIX_TEST_DECREF_AC(bigInt);
- PKIX_TEST_DECREF_AC(crlEntryString);
- PKIX_TEST_DECREF_AC(crlEntry);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(bigIntString);
+ PKIX_TEST_DECREF_AC(bigInt);
+ PKIX_TEST_DECREF_AC(crlEntryString);
+ PKIX_TEST_DECREF_AC(crlEntry);
+ PKIX_TEST_RETURN();
}
-static void testGetIssuer(
- PKIX_PL_CRL *goodObject,
- PKIX_PL_CRL *equalObject,
- PKIX_PL_CRL *diffObject)
+static void
+testGetIssuer(
+ PKIX_PL_CRL *goodObject,
+ PKIX_PL_CRL *equalObject,
+ PKIX_PL_CRL *diffObject)
{
- PKIX_PL_X500Name *goodIssuer = NULL;
- PKIX_PL_X500Name *equalIssuer = NULL;
- PKIX_PL_X500Name *diffIssuer = NULL;
- char *expectedAscii = "CN=hanfeiyu,O=sun,C=us";
+ PKIX_PL_X500Name *goodIssuer = NULL;
+ PKIX_PL_X500Name *equalIssuer = NULL;
+ PKIX_PL_X500Name *diffIssuer = NULL;
+ char *expectedAscii = "CN=hanfeiyu,O=sun,C=us";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_CRL_GetIssuer");
+ subTest("PKIX_PL_CRL_GetIssuer");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_CRL_GetIssuer(goodObject, &goodIssuer, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_CRL_GetIssuer(goodObject, &goodIssuer, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_CRL_GetIssuer(equalObject, &equalIssuer, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_CRL_GetIssuer(equalObject, &equalIssuer, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_CRL_GetIssuer(diffObject, &diffIssuer, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_CRL_GetIssuer(diffObject, &diffIssuer, plContext));
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodIssuer,
- equalIssuer,
- diffIssuer,
- expectedAscii,
- X500Name,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer,
+ equalIssuer,
+ diffIssuer,
+ expectedAscii,
+ X500Name,
+ PKIX_TRUE);
cleanup:
- PKIX_TEST_DECREF_AC(goodIssuer);
- PKIX_TEST_DECREF_AC(equalIssuer);
- PKIX_TEST_DECREF_AC(diffIssuer);
+ PKIX_TEST_DECREF_AC(goodIssuer);
+ PKIX_TEST_DECREF_AC(equalIssuer);
+ PKIX_TEST_DECREF_AC(diffIssuer);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testCritExtensionsAbsent(PKIX_PL_CRL *crl)
{
- PKIX_List *oidList = NULL;
- PKIX_UInt32 numOids = 0;
+ PKIX_List *oidList = NULL;
+ PKIX_UInt32 numOids = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCriticalExtensionOIDs
- (crl, &oidList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCriticalExtensionOIDs(crl, &oidList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (oidList, &numOids, plContext));
- if (numOids != 0){
- pkixTestErrorMsg = "unexpected mismatch";
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(oidList, &numOids, plContext));
+ if (numOids != 0) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(oidList);
+ PKIX_TEST_DECREF_AC(oidList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testGetCriticalExtensionOIDs(PKIX_PL_CRL *goodObject)
{
- subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs "
- "<0 element>");
- testCritExtensionsAbsent(goodObject);
-
+ subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs "
+ "<0 element>");
+ testCritExtensionsAbsent(goodObject);
}
-static void testVerifySignature(char *dataCentralDir, PKIX_PL_CRL *crl){
- PKIX_PL_Cert *firstCert = NULL;
- PKIX_PL_Cert *secondCert = NULL;
- PKIX_PL_PublicKey *firstPubKey = NULL;
- PKIX_PL_PublicKey *secondPubKey = NULL;
-
- PKIX_TEST_STD_VARS();
+static void
+testVerifySignature(char *dataCentralDir, PKIX_PL_CRL *crl)
+{
+ PKIX_PL_Cert *firstCert = NULL;
+ PKIX_PL_Cert *secondCert = NULL;
+ PKIX_PL_PublicKey *firstPubKey = NULL;
+ PKIX_PL_PublicKey *secondPubKey = NULL;
- subTest("PKIX_PL_Cert_Create <hanfeiyu2hanfeiyu>");
- firstCert = createCert(dataCentralDir, "hanfeiyu2hanfeiyu", plContext);
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Cert_Create <hy2hy-bc0>");
- secondCert = createCert(dataCentralDir, "hy2hy-bc0", plContext);
+ subTest("PKIX_PL_Cert_Create <hanfeiyu2hanfeiyu>");
+ firstCert = createCert(dataCentralDir, "hanfeiyu2hanfeiyu", plContext);
- subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfeiyu2hanfeiyu>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_GetSubjectPublicKey
- (firstCert, &firstPubKey, plContext));
+ subTest("PKIX_PL_Cert_Create <hy2hy-bc0>");
+ secondCert = createCert(dataCentralDir, "hy2hy-bc0", plContext);
- subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfei2hanfei>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_GetSubjectPublicKey
- (secondCert, &secondPubKey, plContext));
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfeiyu2hanfeiyu>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext));
- subTest("PKIX_PL_CRL_VerifySignature <positive>");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_CRL_VerifySignature(crl, firstPubKey, plContext));
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfei2hanfei>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext));
- subTest("PKIX_PL_CRL_VerifySignature <negative>");
- PKIX_TEST_EXPECT_ERROR
- (PKIX_PL_CRL_VerifySignature(crl, secondPubKey, plContext));
+ subTest("PKIX_PL_CRL_VerifySignature <positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_VerifySignature(crl, firstPubKey, plContext));
+ subTest("PKIX_PL_CRL_VerifySignature <negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_CRL_VerifySignature(crl, secondPubKey, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(firstCert);
- PKIX_TEST_DECREF_AC(secondCert);
- PKIX_TEST_DECREF_AC(firstPubKey);
- PKIX_TEST_DECREF_AC(secondPubKey);
+ PKIX_TEST_DECREF_AC(firstCert);
+ PKIX_TEST_DECREF_AC(secondCert);
+ PKIX_TEST_DECREF_AC(firstPubKey);
+ PKIX_TEST_DECREF_AC(secondPubKey);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(void) {
- (void) printf("\nUSAGE:\ttest_crl <test-purpose> <data-central-dir>\n\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_crl <test-purpose> <data-central-dir>\n\n");
}
/* Functional tests for CRL public functions */
-int test_crl(int argc, char *argv[]) {
- PKIX_PL_CRL *goodObject = NULL;
- PKIX_PL_CRL *equalObject = NULL;
- PKIX_PL_CRL *diffObject = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- char *dataCentralDir = NULL;
- char *goodInput = "crlgood.crl";
- char *diffInput = "crldiff.crl";
- char *expectedAscii =
- "[\n"
- "\tVersion: v2\n"
- "\tIssuer: CN=hanfeiyu,O=sun,C=us\n"
- "\tUpdate: [Last: Fri Jan 07, 2005\n"
+int
+test_crl(int argc, char *argv[])
+{
+ PKIX_PL_CRL *goodObject = NULL;
+ PKIX_PL_CRL *equalObject = NULL;
+ PKIX_PL_CRL *diffObject = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ char *dataCentralDir = NULL;
+ char *goodInput = "crlgood.crl";
+ char *diffInput = "crldiff.crl";
+ char *expectedAscii =
+ "[\n"
+ "\tVersion: v2\n"
+ "\tIssuer: CN=hanfeiyu,O=sun,C=us\n"
+ "\tUpdate: [Last: Fri Jan 07, 2005\n"
/* "\tUpdate: [Last: Fri Jan 07 15:09:10 2005\n" */
- "\t Next: Sat Jan 07, 2006]\n"
+ "\t Next: Sat Jan 07, 2006]\n"
/* "\t Next: Sat Jan 07 15:09:10 2006]\n" */
- "\tSignatureAlgId: 1.2.840.10040.4.3\n"
- "\tCRL Number : (null)\n"
- "\n\tEntry List: (\n"
- "\t[\n"
- "\tSerialNumber: 010932\n"
- "\tReasonCode: 260\n"
- "\tRevocationDate: Fri Jan 07, 2005\n"
+ "\tSignatureAlgId: 1.2.840.10040.4.3\n"
+ "\tCRL Number : (null)\n"
+ "\n\tEntry List: (\n"
+ "\t[\n"
+ "\tSerialNumber: 010932\n"
+ "\tReasonCode: 260\n"
+ "\tRevocationDate: Fri Jan 07, 2005\n"
/* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */
- "\tCritExtOIDs: (EMPTY)\n"
- "\t]\n\t"
- ", "
- "\n\t[\n"
- "\tSerialNumber: 3039\n"
- "\tReasonCode: 257\n"
- "\tRevocationDate: Fri Jan 07, 2005\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n\t"
+ ", "
+ "\n\t[\n"
+ "\tSerialNumber: 3039\n"
+ "\tReasonCode: 257\n"
+ "\tRevocationDate: Fri Jan 07, 2005\n"
/* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */
- "\tCritExtOIDs: (EMPTY)\n"
- "\t]\n\t"
- ")"
- "\n\n"
- "\tCritExtOIDs: (EMPTY)\n"
- "]\n";
- /* Note XXX serialnumber and reasoncode need debug */
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n\t"
+ ")"
+ "\n\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "]\n";
+ /* Note XXX serialnumber and reasoncode need debug */
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("CRL");
+ startTests("CRL");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- if (argc < 3+j) {
- printUsage();
- return (0);
- }
+ if (argc < 3 + j) {
+ printUsage();
+ return (0);
+ }
- dataCentralDir = argv[2+j];
+ dataCentralDir = argv[2 + j];
- createCRLs
- (dataCentralDir,
- goodInput,
- diffInput,
- &goodObject,
- &equalObject,
- &diffObject);
+ createCRLs(dataCentralDir,
+ goodInput,
+ diffInput,
+ &goodObject,
+ &equalObject,
+ &diffObject);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- equalObject,
- diffObject,
- expectedAscii,
- CRL,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ expectedAscii,
+ CRL,
+ PKIX_TRUE);
- testGetIssuer(goodObject, equalObject, diffObject);
+ testGetIssuer(goodObject, equalObject, diffObject);
- testGetCriticalExtensionOIDs(goodObject);
+ testGetCriticalExtensionOIDs(goodObject);
- testGetCRLEntryForSerialNumber(goodObject);
+ testGetCRLEntryForSerialNumber(goodObject);
- testVerifySignature(dataCentralDir, goodObject);
+ testVerifySignature(dataCentralDir, goodObject);
cleanup:
- PKIX_TEST_DECREF_AC(goodObject);
- PKIX_TEST_DECREF_AC(equalObject);
- PKIX_TEST_DECREF_AC(diffObject);
+ PKIX_TEST_DECREF_AC(goodObject);
+ PKIX_TEST_DECREF_AC(equalObject);
+ PKIX_TEST_DECREF_AC(diffObject);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("CRL");
+ endTests("CRL");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/pki/test_crlentry.c b/cmd/libpkix/pkix_pl/pki/test_crlentry.c
index ebeb7ace0..30a008b4c 100644
--- a/cmd/libpkix/pkix_pl/pki/test_crlentry.c
+++ b/cmd/libpkix/pkix_pl/pki/test_crlentry.c
@@ -13,199 +13,196 @@
static void *plContext = NULL;
-static
-void createCRLEntries(
- char *dataDir,
- char *crlInput,
- PKIX_PL_CRL **pCrl,
- PKIX_PL_CRLEntry **goodObject,
- PKIX_PL_CRLEntry **equalObject,
- PKIX_PL_CRLEntry **diffObject)
+static void
+createCRLEntries(
+ char *dataDir,
+ char *crlInput,
+ PKIX_PL_CRL **pCrl,
+ PKIX_PL_CRLEntry **goodObject,
+ PKIX_PL_CRLEntry **equalObject,
+ PKIX_PL_CRLEntry **diffObject)
{
- PKIX_PL_CRL *crl = NULL;
- PKIX_PL_BigInt *firstSNBigInt = NULL;
- PKIX_PL_BigInt *secondSNBigInt = NULL;
- PKIX_PL_String *firstSNString = NULL;
- PKIX_PL_String *secondSNString = NULL;
- char *firstSNAscii = "010932";
- char *secondSNAscii = "3039";
-
- PKIX_TEST_STD_VARS();
-
- subTest("PKIX_PL_CRL_Create <crl>");
- crl = createCRL(dataDir, crlInput, plContext);
-
- subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- firstSNAscii,
- PL_strlen(firstSNAscii),
- &firstSNString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
- firstSNString,
- &firstSNBigInt,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
- crl, firstSNBigInt, goodObject, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
- crl, firstSNBigInt, equalObject, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- secondSNAscii,
- PL_strlen(secondSNAscii),
- &secondSNString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
- secondSNString,
- &secondSNBigInt,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
- crl, secondSNBigInt, diffObject, plContext));
-
-
-
- *pCrl = crl;
+ PKIX_PL_CRL *crl = NULL;
+ PKIX_PL_BigInt *firstSNBigInt = NULL;
+ PKIX_PL_BigInt *secondSNBigInt = NULL;
+ PKIX_PL_String *firstSNString = NULL;
+ PKIX_PL_String *secondSNString = NULL;
+ char *firstSNAscii = "010932";
+ char *secondSNAscii = "3039";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_CRL_Create <crl>");
+ crl = createCRL(dataDir, crlInput, plContext);
+
+ subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ firstSNAscii,
+ PL_strlen(firstSNAscii),
+ &firstSNString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
+ firstSNString,
+ &firstSNBigInt,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+ crl, firstSNBigInt, goodObject, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+ crl, firstSNBigInt, equalObject, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ secondSNAscii,
+ PL_strlen(secondSNAscii),
+ &secondSNString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
+ secondSNString,
+ &secondSNBigInt,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+ crl, secondSNBigInt, diffObject, plContext));
+
+ *pCrl = crl;
cleanup:
- PKIX_TEST_DECREF_AC(firstSNBigInt);
- PKIX_TEST_DECREF_AC(secondSNBigInt);
- PKIX_TEST_DECREF_AC(firstSNString);
- PKIX_TEST_DECREF_AC(secondSNString);
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(firstSNBigInt);
+ PKIX_TEST_DECREF_AC(secondSNBigInt);
+ PKIX_TEST_DECREF_AC(firstSNString);
+ PKIX_TEST_DECREF_AC(secondSNString);
+ PKIX_TEST_RETURN();
}
-static void testGetReasonCode(
- PKIX_PL_CRLEntry *goodObject)
+static void
+testGetReasonCode(
+ PKIX_PL_CRLEntry *goodObject)
{
- PKIX_Int32 reasonCode = 0;
- PKIX_Int32 expectedReasonCode = 260;
+ PKIX_Int32 reasonCode = 0;
+ PKIX_Int32 expectedReasonCode = 260;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_CRLEntry_GetCRLEntryReasonCode");
+ subTest("PKIX_PL_CRLEntry_GetCRLEntryReasonCode");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCRLEntryReasonCode(
- goodObject, &reasonCode, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCRLEntryReasonCode(
+ goodObject, &reasonCode, plContext));
- if (reasonCode != expectedReasonCode) {
- testError("unexpected value of CRL Entry Reason Code");
- (void) printf("Actual value:\t%d\n", reasonCode);
- (void) printf("Expected value:\t%d\n", expectedReasonCode);
- goto cleanup;
- }
+ if (reasonCode != expectedReasonCode) {
+ testError("unexpected value of CRL Entry Reason Code");
+ (void)printf("Actual value:\t%d\n", reasonCode);
+ (void)printf("Expected value:\t%d\n", expectedReasonCode);
+ goto cleanup;
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testCritExtensionsAbsent(PKIX_PL_CRLEntry *crlEntry)
{
- PKIX_List *oidList = NULL;
- PKIX_UInt32 numOids = 0;
+ PKIX_List *oidList = NULL;
+ PKIX_UInt32 numOids = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
- (crlEntry, &oidList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCriticalExtensionOIDs(crlEntry, &oidList, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (oidList, &numOids, plContext));
- if (numOids != 0){
- pkixTestErrorMsg = "unexpected mismatch";
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(oidList, &numOids, plContext));
+ if (numOids != 0) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
cleanup:
- PKIX_TEST_DECREF_AC(oidList);
+ PKIX_TEST_DECREF_AC(oidList);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testGetCriticalExtensionOIDs(PKIX_PL_CRLEntry *goodObject)
{
- subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs "
- "<CritExtensionsAbsent>");
- testCritExtensionsAbsent(goodObject);
-
+ subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs "
+ "<CritExtensionsAbsent>");
+ testCritExtensionsAbsent(goodObject);
}
-static
-void printUsage(void) {
- (void) printf("\nUSAGE:\ttest_crlentry <data-dir>\n\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_crlentry <data-dir>\n\n");
}
/* Functional tests for CRLENTRY public functions */
-int test_crlentry(int argc, char *argv[]) {
- PKIX_PL_CRL *crl = NULL;
- PKIX_PL_CRLEntry *goodObject = NULL;
- PKIX_PL_CRLEntry *equalObject = NULL;
- PKIX_PL_CRLEntry *diffObject = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- char *dataDir = NULL;
- char *goodInput = "crlgood.crl";
- char *expectedAscii =
- "\n\t[\n"
- "\tSerialNumber: 010932\n"
- "\tReasonCode: 260\n"
- "\tRevocationDate: Fri Jan 07 15:09:10 2005\n"
- "\tCritExtOIDs: (EMPTY)\n"
- "\t]\n\t";
-
- /* Note XXX serialnumber and reasoncode need debug */
-
- PKIX_TEST_STD_VARS();
-
- startTests("CRLEntry");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- if (argc < 1+j) {
- printUsage();
- return (0);
- }
+int
+test_crlentry(int argc, char *argv[])
+{
+ PKIX_PL_CRL *crl = NULL;
+ PKIX_PL_CRLEntry *goodObject = NULL;
+ PKIX_PL_CRLEntry *equalObject = NULL;
+ PKIX_PL_CRLEntry *diffObject = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ char *dataDir = NULL;
+ char *goodInput = "crlgood.crl";
+ char *expectedAscii =
+ "\n\t[\n"
+ "\tSerialNumber: 010932\n"
+ "\tReasonCode: 260\n"
+ "\tRevocationDate: Fri Jan 07 15:09:10 2005\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n\t";
+
+ /* Note XXX serialnumber and reasoncode need debug */
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("CRLEntry");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 1 + j) {
+ printUsage();
+ return (0);
+ }
- dataDir = argv[1+j];
+ dataDir = argv[1 + j];
- createCRLEntries
- (dataDir, goodInput, &crl, &goodObject, &equalObject, &diffObject);
+ createCRLEntries(dataDir, goodInput, &crl, &goodObject, &equalObject, &diffObject);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- equalObject,
- diffObject,
- NULL, /* expectedAscii, */
- CRLENTRY,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ NULL, /* expectedAscii, */
+ CRLENTRY,
+ PKIX_TRUE);
- testGetReasonCode(goodObject);
+ testGetReasonCode(goodObject);
- testGetCriticalExtensionOIDs(goodObject);
+ testGetCriticalExtensionOIDs(goodObject);
cleanup:
- PKIX_TEST_DECREF_AC(crl);
- PKIX_TEST_DECREF_AC(goodObject);
- PKIX_TEST_DECREF_AC(equalObject);
- PKIX_TEST_DECREF_AC(diffObject);
+ PKIX_TEST_DECREF_AC(crl);
+ PKIX_TEST_DECREF_AC(goodObject);
+ PKIX_TEST_DECREF_AC(equalObject);
+ PKIX_TEST_DECREF_AC(diffObject);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("CRLEntry");
+ endTests("CRLEntry");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/pki/test_date.c b/cmd/libpkix/pkix_pl/pki/test_date.c
index 588eced0a..4fb3718c1 100644
--- a/cmd/libpkix/pkix_pl/pki/test_date.c
+++ b/cmd/libpkix/pkix_pl/pki/test_date.c
@@ -8,8 +8,6 @@
*
*/
-
-
#include "testutil.h"
#include "testutil_nss.h"
@@ -17,92 +15,92 @@ static void *plContext = NULL;
static void
createDates(char *goodInput, char *diffInput,
- PKIX_PL_Date **goodDate,
- PKIX_PL_Date **equalDate,
- PKIX_PL_Date **diffDate){
-
- subTest("PKIX_PL_Date_Create <goodDate>");
- *goodDate = createDate(goodInput, plContext);
+ PKIX_PL_Date **goodDate,
+ PKIX_PL_Date **equalDate,
+ PKIX_PL_Date **diffDate)
+{
- subTest("PKIX_PL_Date_Create <equalDate>");
- *equalDate = createDate(goodInput, plContext);
+ subTest("PKIX_PL_Date_Create <goodDate>");
+ *goodDate = createDate(goodInput, plContext);
- subTest("PKIX_PL_Date_Create <diffDate>");
- *diffDate = createDate(diffInput, plContext);
+ subTest("PKIX_PL_Date_Create <equalDate>");
+ *equalDate = createDate(goodInput, plContext);
+ subTest("PKIX_PL_Date_Create <diffDate>");
+ *diffDate = createDate(diffInput, plContext);
}
static void
testDestroy(void *goodObject, void *equalObject, void *diffObject)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_Date_Destroy");
+ subTest("PKIX_PL_Date_Destroy");
- PKIX_TEST_DECREF_BC(goodObject);
- PKIX_TEST_DECREF_BC(equalObject);
- PKIX_TEST_DECREF_BC(diffObject);
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
-static
-void testDate(char *goodInput, char *diffInput){
+static void
+testDate(char *goodInput, char *diffInput)
+{
- PKIX_PL_Date *goodDate = NULL;
- PKIX_PL_Date *equalDate = NULL;
- PKIX_PL_Date *diffDate = NULL;
+ PKIX_PL_Date *goodDate = NULL;
+ PKIX_PL_Date *equalDate = NULL;
+ PKIX_PL_Date *diffDate = NULL;
- /*
+ /*
* The ASCII rep of the date will vary by platform and locale
* This particular string was generated on a SPARC running Solaris 9
* in an English locale
*/
- /* char *expectedAscii = "Mon Mar 29 08:48:47 2004"; */
- char *expectedAscii = "Mon Mar 29, 2004";
+ /* char *expectedAscii = "Mon Mar 29 08:48:47 2004"; */
+ char *expectedAscii = "Mon Mar 29, 2004";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- createDates(goodInput, diffInput,
- &goodDate, &equalDate, &diffDate);
+ createDates(goodInput, diffInput,
+ &goodDate, &equalDate, &diffDate);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodDate, equalDate, diffDate, expectedAscii, Date, PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodDate, equalDate, diffDate, expectedAscii, Date, PKIX_TRUE);
- testDestroy(goodDate, equalDate, diffDate);
-
- PKIX_TEST_RETURN();
+ testDestroy(goodDate, equalDate, diffDate);
+ PKIX_TEST_RETURN();
}
-int test_date(int argc, char *argv[]) {
+int
+test_date(int argc, char *argv[])
+{
- char *goodInput = NULL;
- char *diffInput = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ char *goodInput = NULL;
+ char *diffInput = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("Date");
+ startTests("Date");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- goodInput = "040329134847Z";
- diffInput = "050329135847Z";
- testDate(goodInput, diffInput);
+ goodInput = "040329134847Z";
+ diffInput = "050329135847Z";
+ testDate(goodInput, diffInput);
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("Date");
+ endTests("Date");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/pki/test_generalname.c b/cmd/libpkix/pkix_pl/pki/test_generalname.c
index 6ba0b404f..9719cd99c 100644
--- a/cmd/libpkix/pkix_pl/pki/test_generalname.c
+++ b/cmd/libpkix/pkix_pl/pki/test_generalname.c
@@ -15,108 +15,109 @@ static void *plContext = NULL;
static void
createGeneralNames(PKIX_UInt32 nameType, char *goodInput, char *diffInput,
- PKIX_PL_GeneralName **goodName,
- PKIX_PL_GeneralName **equalName,
- PKIX_PL_GeneralName **diffName){
-
- subTest("PKIX_PL_GeneralName_Create <goodName>");
- *goodName = createGeneralName(nameType, goodInput, plContext);
+ PKIX_PL_GeneralName **goodName,
+ PKIX_PL_GeneralName **equalName,
+ PKIX_PL_GeneralName **diffName)
+{
- subTest("PKIX_PL_GeneralName_Create <equalName>");
- *equalName = createGeneralName(nameType, goodInput, plContext);
+ subTest("PKIX_PL_GeneralName_Create <goodName>");
+ *goodName = createGeneralName(nameType, goodInput, plContext);
- subTest("PKIX_PL_GeneralName_Create <diffName>");
- *diffName = createGeneralName(nameType, diffInput, plContext);
+ subTest("PKIX_PL_GeneralName_Create <equalName>");
+ *equalName = createGeneralName(nameType, goodInput, plContext);
+ subTest("PKIX_PL_GeneralName_Create <diffName>");
+ *diffName = createGeneralName(nameType, diffInput, plContext);
}
static void
testDestroy(void *goodObject, void *equalObject, void *diffObject)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_GeneralName_Destroy");
+ subTest("PKIX_PL_GeneralName_Destroy");
- PKIX_TEST_DECREF_BC(goodObject);
- PKIX_TEST_DECREF_BC(equalObject);
- PKIX_TEST_DECREF_BC(diffObject);
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
-static void testNameType
-(PKIX_UInt32 nameType, char *goodInput, char *diffInput, char *expectedAscii){
+static void
+testNameType(PKIX_UInt32 nameType, char *goodInput, char *diffInput, char *expectedAscii)
+{
- PKIX_PL_GeneralName *goodName = NULL;
- PKIX_PL_GeneralName *equalName = NULL;
- PKIX_PL_GeneralName *diffName = NULL;
+ PKIX_PL_GeneralName *goodName = NULL;
+ PKIX_PL_GeneralName *equalName = NULL;
+ PKIX_PL_GeneralName *diffName = NULL;
- createGeneralNames(nameType, goodInput, diffInput,
- &goodName, &equalName, &diffName);
+ createGeneralNames(nameType, goodInput, diffInput,
+ &goodName, &equalName, &diffName);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodName,
- equalName,
- diffName,
- expectedAscii,
- GeneralName,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodName,
+ equalName,
+ diffName,
+ expectedAscii,
+ GeneralName,
+ PKIX_TRUE);
- testDestroy(goodName, equalName, diffName);
+ testDestroy(goodName, equalName, diffName);
}
-int test_generalname(int argc, char *argv[]) {
+int
+test_generalname(int argc, char *argv[])
+{
- char *goodInput = NULL;
- char *diffInput = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ char *goodInput = NULL;
+ char *diffInput = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("GeneralName");
+ startTests("GeneralName");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- goodInput = "john@sun.com";
- diffInput = "john@labs.com";
- testNameType(PKIX_RFC822_NAME, goodInput, diffInput, goodInput);
+ goodInput = "john@sun.com";
+ diffInput = "john@labs.com";
+ testNameType(PKIX_RFC822_NAME, goodInput, diffInput, goodInput);
- goodInput = "example1.com";
- diffInput = "ex2.net";
- testNameType(PKIX_DNS_NAME, goodInput, diffInput, goodInput);
+ goodInput = "example1.com";
+ diffInput = "ex2.net";
+ testNameType(PKIX_DNS_NAME, goodInput, diffInput, goodInput);
- goodInput = "cn=yassir, ou=labs, o=sun, c=us";
- diffInput = "cn=alice, ou=labs, o=sun, c=us";
- testNameType(PKIX_DIRECTORY_NAME,
- goodInput,
- diffInput,
- "CN=yassir,OU=labs,O=sun,C=us");
+ goodInput = "cn=yassir, ou=labs, o=sun, c=us";
+ diffInput = "cn=alice, ou=labs, o=sun, c=us";
+ testNameType(PKIX_DIRECTORY_NAME,
+ goodInput,
+ diffInput,
+ "CN=yassir,OU=labs,O=sun,C=us");
- goodInput = "http://example1.com";
- diffInput = "http://ex2.net";
- testNameType(PKIX_URI_NAME, goodInput, diffInput, goodInput);
+ goodInput = "http://example1.com";
+ diffInput = "http://ex2.net";
+ testNameType(PKIX_URI_NAME, goodInput, diffInput, goodInput);
- goodInput = "1.2.840.11";
- diffInput = "1.2.840.115349";
- testNameType(PKIX_OID_NAME, goodInput, diffInput, goodInput);
+ goodInput = "1.2.840.11";
+ diffInput = "1.2.840.115349";
+ testNameType(PKIX_OID_NAME, goodInput, diffInput, goodInput);
- /*
+/*
* We don't support creating PKIX_EDIPARTY_NAME,
* PKIX_IP_NAME, OTHER_NAME, X400_ADDRESS from strings
*/
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("GeneralName");
+ endTests("GeneralName");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c b/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c
index 6849ef8a8..636ba3ead 100644
--- a/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c
+++ b/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c
@@ -13,112 +13,115 @@
static void *plContext = NULL;
-static char *catDirName(char *platform, char *dir, void *plContext)
+static char *
+catDirName(char *platform, char *dir, void *plContext)
{
- char *pathName = NULL;
- PKIX_UInt32 dirLen;
- PKIX_UInt32 platformLen;
+ char *pathName = NULL;
+ PKIX_UInt32 dirLen;
+ PKIX_UInt32 platformLen;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- dirLen = PL_strlen(dir);
- platformLen = PL_strlen(platform);
+ dirLen = PL_strlen(dir);
+ platformLen = PL_strlen(platform);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
- (platformLen + dirLen + 2, (void **)&pathName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen +
+ dirLen +
+ 2,
+ (void **)&pathName, plContext));
- PL_strcpy(pathName, platform);
- PL_strcat(pathName, "/");
- PL_strcat(pathName, dir);
+ PL_strcpy(pathName, platform);
+ PL_strcat(pathName, "/");
+ PL_strcat(pathName, dir);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (pathName);
+ return (pathName);
}
static void
testNameConstraints(char *dataDir)
{
- char *goodPname = "nameConstraintsDN5CACert.crt";
- PKIX_PL_Cert *goodCert = NULL;
- PKIX_PL_CertNameConstraints *goodNC = NULL;
- char *expectedAscii =
- "[\n"
- "\t\tPermitted Name: (OU=permittedSubtree1,"
- "O=Test Certificates,C=US)\n"
- "\t\tExcluded Name: (OU=excludedSubtree1,"
- "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
- "\t]\n";
+ char *goodPname = "nameConstraintsDN5CACert.crt";
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_CertNameConstraints *goodNC = NULL;
+ char *expectedAscii =
+ "[\n"
+ "\t\tPermitted Name: (OU=permittedSubtree1,"
+ "O=Test Certificates,C=US)\n"
+ "\t\tExcluded Name: (OU=excludedSubtree1,"
+ "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
+ "\t]\n";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_CertNameConstraints");
+ subTest("PKIX_PL_CertNameConstraints");
- goodCert = createCert(dataDir, goodPname, plContext);
+ goodCert = createCert(dataDir, goodPname, plContext);
- subTest("PKIX_PL_Cert_GetNameConstraints");
+ subTest("PKIX_PL_Cert_GetNameConstraints");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (goodCert, &goodNC, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(goodCert, &goodNC, plContext));
- testToStringHelper
- ((PKIX_PL_Object *)goodNC, expectedAscii, plContext);
+ testToStringHelper((PKIX_PL_Object *)goodNC, expectedAscii, plContext);
cleanup:
- PKIX_TEST_DECREF_AC(goodNC);
- PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(goodNC);
+ PKIX_TEST_DECREF_AC(goodCert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void printUsage(void) {
- (void) printf
- ("\nUSAGE:\ttest_nameconstraints <test-purpose>"
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_nameconstraints <test-purpose>"
" <data-dir> <platform-prefix>\n\n");
}
/* Functional tests for CRL public functions */
-int test_nameconstraints(int argc, char *argv[]) {
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- char *platformDir = NULL;
- char *dataDir = NULL;
- char *combinedDir = NULL;
+int
+test_nameconstraints(int argc, char *argv[])
+{
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ char *platformDir = NULL;
+ char *dataDir = NULL;
+ char *combinedDir = NULL;
- /* Note XXX serialnumber and reasoncode need debug */
+ /* Note XXX serialnumber and reasoncode need debug */
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("NameConstraints");
+ startTests("NameConstraints");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- if (argc < 3 + j) {
- printUsage();
- return (0);
- }
+ if (argc < 3 + j) {
+ printUsage();
+ return (0);
+ }
- dataDir = argv[2 + j];
- platformDir = argv[3 + j];
- combinedDir = catDirName(platformDir, dataDir, plContext);
+ dataDir = argv[2 + j];
+ platformDir = argv[3 + j];
+ combinedDir = catDirName(platformDir, dataDir, plContext);
- testNameConstraints(combinedDir);
+ testNameConstraints(combinedDir);
cleanup:
- pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext);
+ pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("NameConstraints");
+ endTests("NameConstraints");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c b/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c
index 3b4f27a8d..8f2ff9ec7 100644
--- a/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c
+++ b/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c
@@ -8,126 +8,114 @@
*
*/
-
-
#include "testutil.h"
#include "testutil_nss.h"
static void *plContext = NULL;
-int test_subjectinfoaccess(int argc, char *argv[]) {
-
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_Cert *certDiff = NULL;
- PKIX_List *aiaList = NULL;
- PKIX_List *siaList = NULL;
- PKIX_PL_InfoAccess *sia = NULL;
- PKIX_PL_InfoAccess *siaDup = NULL;
- PKIX_PL_InfoAccess *siaDiff = NULL;
- PKIX_PL_GeneralName *location = NULL;
- char *certPathName = NULL;
- char *dirName = NULL;
- PKIX_UInt32 method = 0;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 size, i;
- PKIX_UInt32 j = 0;
- char *expectedAscii = "[method:caRepository, "
- "location:http://betty.nist.gov/pathdiscoverytestsuite/"
- "p7cfiles/IssuedByTrustAnchor1.p7c]";
-
- PKIX_TEST_STD_VARS();
-
- startTests("SubjectInfoAccess");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- if (argc < 5+j) {
- printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]);
- }
-
- dirName = argv[2+j];
- certPathName = argv[3+j];
-
- subTest("Creating Cert with Subject Info Access");
- cert = createCert(dirName, certPathName, plContext);
-
- certPathName = argv[4+j];
-
- subTest("Creating Cert with Subject Info Access");
- certDiff = createCert(dirName, certPathName, plContext);
-
- subTest("Getting Subject Info Access");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess
- (cert, &siaList, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (siaList, &size, plContext));
-
- if (size != 1) {
- pkixTestErrorMsg = "unexpected number of AIA";
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (siaList, 0, (PKIX_PL_Object **) &sia, plContext));
-
- subTest("PKIX_PL_InfoAccess_GetMethod");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetMethod
- (sia, &method, plContext));
- if (method != PKIX_INFOACCESS_CA_REPOSITORY) {
- pkixTestErrorMsg = "unexpected method of AIA";
- goto cleanup;
- }
-
- subTest("PKIX_PL_InfoAccess_GetLocation");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation
- (sia, &location, plContext));
- if (!location) {
- pkixTestErrorMsg = "Cannot get AIA location";
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (siaList, 0, (PKIX_PL_Object **) &siaDup, plContext));
-
- subTest("Getting Authority Info Access as difference comparison");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess
- (certDiff, &aiaList, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
- (aiaList, &size, plContext));
-
- if (size != 1) {
- pkixTestErrorMsg = "unexpected number of AIA";
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
- (aiaList, 0, (PKIX_PL_Object **) &siaDiff, plContext));
-
- subTest("Checking: Equal, Hash and ToString");
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (sia, siaDup, siaDiff, expectedAscii, InfoAccess, PKIX_FALSE);
+int
+test_subjectinfoaccess(int argc, char *argv[])
+{
+
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_Cert *certDiff = NULL;
+ PKIX_List *aiaList = NULL;
+ PKIX_List *siaList = NULL;
+ PKIX_PL_InfoAccess *sia = NULL;
+ PKIX_PL_InfoAccess *siaDup = NULL;
+ PKIX_PL_InfoAccess *siaDiff = NULL;
+ PKIX_PL_GeneralName *location = NULL;
+ char *certPathName = NULL;
+ char *dirName = NULL;
+ PKIX_UInt32 method = 0;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 size, i;
+ PKIX_UInt32 j = 0;
+ char *expectedAscii = "[method:caRepository, "
+ "location:http://betty.nist.gov/pathdiscoverytestsuite/"
+ "p7cfiles/IssuedByTrustAnchor1.p7c]";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("SubjectInfoAccess");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 5 + j) {
+ printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]);
+ }
+
+ dirName = argv[2 + j];
+ certPathName = argv[3 + j];
+
+ subTest("Creating Cert with Subject Info Access");
+ cert = createCert(dirName, certPathName, plContext);
+
+ certPathName = argv[4 + j];
+
+ subTest("Creating Cert with Subject Info Access");
+ certDiff = createCert(dirName, certPathName, plContext);
+ subTest("Getting Subject Info Access");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess(cert, &siaList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(siaList, &size, plContext));
+
+ if (size != 1) {
+ pkixTestErrorMsg = "unexpected number of AIA";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&sia, plContext));
+
+ subTest("PKIX_PL_InfoAccess_GetMethod");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetMethod(sia, &method, plContext));
+ if (method != PKIX_INFOACCESS_CA_REPOSITORY) {
+ pkixTestErrorMsg = "unexpected method of AIA";
+ goto cleanup;
+ }
+
+ subTest("PKIX_PL_InfoAccess_GetLocation");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation(sia, &location, plContext));
+ if (!location) {
+ pkixTestErrorMsg = "Cannot get AIA location";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&siaDup, plContext));
+
+ subTest("Getting Authority Info Access as difference comparison");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(certDiff, &aiaList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext));
+
+ if (size != 1) {
+ pkixTestErrorMsg = "unexpected number of AIA";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&siaDiff, plContext));
+
+ subTest("Checking: Equal, Hash and ToString");
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(sia, siaDup, siaDiff, expectedAscii, InfoAccess, PKIX_FALSE);
cleanup:
- PKIX_TEST_DECREF_AC(location);
- PKIX_TEST_DECREF_AC(sia);
- PKIX_TEST_DECREF_AC(siaDup);
- PKIX_TEST_DECREF_AC(siaDiff);
- PKIX_TEST_DECREF_AC(aiaList);
- PKIX_TEST_DECREF_AC(siaList);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(certDiff);
-
- PKIX_Shutdown(plContext);
+ PKIX_TEST_DECREF_AC(location);
+ PKIX_TEST_DECREF_AC(sia);
+ PKIX_TEST_DECREF_AC(siaDup);
+ PKIX_TEST_DECREF_AC(siaDiff);
+ PKIX_TEST_DECREF_AC(aiaList);
+ PKIX_TEST_DECREF_AC(siaList);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(certDiff);
+
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("Subjectinfoaccess");
+ endTests("Subjectinfoaccess");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/pki/test_x500name.c b/cmd/libpkix/pkix_pl/pki/test_x500name.c
index 7daa0e830..91ff63fd0 100644
--- a/cmd/libpkix/pkix_pl/pki/test_x500name.c
+++ b/cmd/libpkix/pkix_pl/pki/test_x500name.c
@@ -14,164 +14,156 @@
static void *plContext = NULL;
static PKIX_PL_X500Name *
-createX500Name(char *asciiName, PKIX_Boolean expectedToPass){
+createX500Name(char *asciiName, PKIX_Boolean expectedToPass)
+{
- PKIX_PL_X500Name *x500Name = NULL;
- PKIX_PL_String *plString = NULL;
+ PKIX_PL_X500Name *x500Name = NULL;
+ PKIX_PL_String *plString = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiName, 0, &plString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiName, 0, &plString, plContext));
- if (expectedToPass){
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_X500Name_Create
- (plString, &x500Name, plContext));
- } else {
- PKIX_TEST_EXPECT_ERROR
- (PKIX_PL_X500Name_Create
- (plString, &x500Name, plContext));
- }
+ if (expectedToPass) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(plString, &x500Name, plContext));
+ } else {
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_X500Name_Create(plString, &x500Name, plContext));
+ }
cleanup:
- PKIX_TEST_DECREF_AC(plString);
+ PKIX_TEST_DECREF_AC(plString);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (x500Name);
+ return (x500Name);
}
static void
createX500Names(char *goodInput, char *diffInput, char *diffInputMatch,
- PKIX_PL_X500Name **goodObject,
- PKIX_PL_X500Name **equalObject,
- PKIX_PL_X500Name **diffObject,
- PKIX_PL_X500Name **diffObjectMatch)
+ PKIX_PL_X500Name **goodObject,
+ PKIX_PL_X500Name **equalObject,
+ PKIX_PL_X500Name **diffObject,
+ PKIX_PL_X500Name **diffObjectMatch)
{
- char *badAscii = "cn=yas#sir,ou=labs,o=sun,c=us";
- PKIX_PL_X500Name *badObject = NULL;
+ char *badAscii = "cn=yas#sir,ou=labs,o=sun,c=us";
+ PKIX_PL_X500Name *badObject = NULL;
- subTest("PKIX_PL_X500Name_Create <goodObject>");
- *goodObject = createX500Name(goodInput, PKIX_TRUE);
+ subTest("PKIX_PL_X500Name_Create <goodObject>");
+ *goodObject = createX500Name(goodInput, PKIX_TRUE);
- subTest("PKIX_PL_X500Name_Create <equalObject>");
- *equalObject = createX500Name(goodInput, PKIX_TRUE);
+ subTest("PKIX_PL_X500Name_Create <equalObject>");
+ *equalObject = createX500Name(goodInput, PKIX_TRUE);
- subTest("PKIX_PL_X500Name_Create <diffObject>");
- *diffObject = createX500Name(diffInput, PKIX_TRUE);
+ subTest("PKIX_PL_X500Name_Create <diffObject>");
+ *diffObject = createX500Name(diffInput, PKIX_TRUE);
- subTest("PKIX_PL_X500Name_Create <diffObjectMatch>");
- *diffObjectMatch = createX500Name(diffInputMatch, PKIX_TRUE);
+ subTest("PKIX_PL_X500Name_Create <diffObjectMatch>");
+ *diffObjectMatch = createX500Name(diffInputMatch, PKIX_TRUE);
- subTest("PKIX_PL_X500Name_Create <negative>");
- badObject = createX500Name(badAscii, PKIX_FALSE);
+ subTest("PKIX_PL_X500Name_Create <negative>");
+ badObject = createX500Name(badAscii, PKIX_FALSE);
}
-static void testMatchHelper
-(PKIX_PL_X500Name *goodName, PKIX_PL_X500Name *otherName, PKIX_Boolean match)
+static void
+testMatchHelper(PKIX_PL_X500Name *goodName, PKIX_PL_X500Name *otherName, PKIX_Boolean match)
{
- PKIX_Boolean cmpResult;
+ PKIX_Boolean cmpResult;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Match
- (goodName,
- otherName,
- &cmpResult,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Match(goodName,
+ otherName,
+ &cmpResult,
+ plContext));
- if ((match && !cmpResult) || (!match && cmpResult)){
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%d\n", cmpResult);
- (void) printf("Expected value:\t%d\n", match);
- }
+ if ((match && !cmpResult) || (!match && cmpResult)) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", cmpResult);
+ (void)printf("Expected value:\t%d\n", match);
+ }
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
static void
testMatch(void *goodObject, void *diffObject, void *diffObjectMatch)
{
- subTest("PKIX_PL_X500Name_Match <match>");
- testMatchHelper((PKIX_PL_X500Name *)diffObject,
- (PKIX_PL_X500Name *)diffObjectMatch,
- PKIX_TRUE);
-
- subTest("PKIX_PL_X500Name_Match <non-match>");
- testMatchHelper((PKIX_PL_X500Name *)goodObject,
- (PKIX_PL_X500Name *)diffObject,
- PKIX_FALSE);
+ subTest("PKIX_PL_X500Name_Match <match>");
+ testMatchHelper((PKIX_PL_X500Name *)diffObject,
+ (PKIX_PL_X500Name *)diffObjectMatch,
+ PKIX_TRUE);
+
+ subTest("PKIX_PL_X500Name_Match <non-match>");
+ testMatchHelper((PKIX_PL_X500Name *)goodObject,
+ (PKIX_PL_X500Name *)diffObject,
+ PKIX_FALSE);
}
-static void testDestroy
-(void *goodObject, void *equalObject, void *diffObject, void *diffObjectMatch)
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject, void *diffObjectMatch)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- subTest("PKIX_PL_X500Name_Destroy");
+ subTest("PKIX_PL_X500Name_Destroy");
- PKIX_TEST_DECREF_BC(goodObject);
- PKIX_TEST_DECREF_BC(equalObject);
- PKIX_TEST_DECREF_BC(diffObject);
- PKIX_TEST_DECREF_BC(diffObjectMatch);
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
+ PKIX_TEST_DECREF_BC(diffObjectMatch);
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
-int test_x500name(int argc, char *argv[]) {
+int
+test_x500name(int argc, char *argv[])
+{
- PKIX_PL_X500Name *goodObject = NULL;
- PKIX_PL_X500Name *equalObject = NULL;
- PKIX_PL_X500Name *diffObject = NULL;
- PKIX_PL_X500Name *diffObjectMatch = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ PKIX_PL_X500Name *goodObject = NULL;
+ PKIX_PL_X500Name *equalObject = NULL;
+ PKIX_PL_X500Name *diffObject = NULL;
+ PKIX_PL_X500Name *diffObjectMatch = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- /* goodInput is encoded in PKIX_ESCASCII */
- char *goodInput = "cn=Strau&#x00Df;,ou=labs,o=sun,c=us";
- char *diffInput = "cn=steve,ou=labs,o=sun,c=us";
- char *diffInputMatch = "Cn=SteVe,Ou=lABs,o=SUn,c=uS";
- char *expectedAscii = "CN=Strau&#x00DF;,OU=labs,O=sun,C=us";
+ /* goodInput is encoded in PKIX_ESCASCII */
+ char *goodInput = "cn=Strau&#x00Df;,ou=labs,o=sun,c=us";
+ char *diffInput = "cn=steve,ou=labs,o=sun,c=us";
+ char *diffInputMatch = "Cn=SteVe,Ou=lABs,o=SUn,c=uS";
+ char *expectedAscii = "CN=Strau&#x00DF;,OU=labs,O=sun,C=us";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("X500Name");
+ startTests("X500Name");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- createX500Names
- (goodInput, diffInput, diffInputMatch,
- &goodObject, &equalObject, &diffObject, &diffObjectMatch);
+ createX500Names(goodInput, diffInput, diffInputMatch,
+ &goodObject, &equalObject, &diffObject, &diffObjectMatch);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (goodObject,
- equalObject,
- diffObject,
- expectedAscii,
- X500Name,
- PKIX_TRUE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ expectedAscii,
+ X500Name,
+ PKIX_TRUE);
- testMatch(goodObject, diffObject, diffObjectMatch);
+ testMatch(goodObject, diffObject, diffObjectMatch);
- testDestroy(goodObject, equalObject, diffObject, diffObjectMatch);
+ testDestroy(goodObject, equalObject, diffObject, diffObjectMatch);
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("X500Name");
+ endTests("X500Name");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/stress_test.c b/cmd/libpkix/pkix_pl/system/stress_test.c
index a19f9d33e..839dc068d 100644
--- a/cmd/libpkix/pkix_pl/system/stress_test.c
+++ b/cmd/libpkix/pkix_pl/system/stress_test.c
@@ -13,143 +13,134 @@
static void *plContext = NULL;
-int stress_test(int argc, char *argv[]) {
-
- PKIX_UInt32 i, k, length, hashcode;
- PKIX_UInt32 size = 17576;
- char temp[4];
- PKIX_Boolean result;
- PKIX_PL_String *strings[17576], *tempString;
- PKIX_PL_String *utf16strings[17576];
- PKIX_PL_ByteArray *byteArrays[17576];
- void *dest;
- PKIX_PL_HashTable *ht = NULL;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- PKIX_TEST_STD_VARS();
-
- startTests("Stress Test");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- /* ---------------------------- */
- subTest("Create every three letter String");
-
- for (i = 0; i < 26; i++)
- for (j = 0; j < 26; j++)
- for (k = 0; k < 26; k++) {
- temp[0] = (char)('a'+i);
- temp[1] = (char)('a'+j);
- temp[2] = (char)('a'+k);
- temp[3] = 0;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, temp, 3,
- &strings[26*(i*26+j)+k], plContext));
- }
-
- /* ---------------------------- */
- subTest("Create a bytearray from each string's UTF-16 encoding");
- for (i = 0; i < size; i++) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_String_GetEncoded
- (strings[i],
- PKIX_UTF16,
- &dest,
- &length,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create
- (dest, length, &byteArrays[i], plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
- }
-
- /* ---------------------------- */
- subTest("Create a copy string from each bytearray");
- for (i = 0; i < size; i++) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_UTF16, *(void **)byteArrays[i], 6,
- &utf16strings[i], plContext));
- }
-
- /* ---------------------------- */
- subTest("Compare each original string with the copy");
- for (i = 0; i < size; i++) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object*)strings[i],
- (PKIX_PL_Object*)utf16strings[i],
- &result,
- plContext));
- if (result == 0)
- testError("Strings do not match");
- }
-
- /* ---------------------------- */
- subTest("Put each string into a Hashtable");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_HashTable_Create(size/2, 0, &ht, plContext));
-
- for (i = 0; i < size; i++) {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object*)strings[i],
- &hashcode,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add
- (ht,
- (void *)&hashcode,
- (void*)strings[i],
- plContext));
- }
-
-
- /* ---------------------------- */
- subTest("Compare each copy string with the hashtable entries ");
- for (i = 0; i < size; i++) {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object*)utf16strings[i],
- &hashcode,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup
- (ht,
- (void *)&hashcode,
- (PKIX_PL_Object**)&tempString,
- plContext));
-
- if (tempString == NULL)
- testError("String not found in hashtable");
- else {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object*)tempString,
- (PKIX_PL_Object*)utf16strings[i],
- &result,
- plContext));
- if (result == 0)
- testError("Strings do not match");
- PKIX_TEST_DECREF_BC(tempString);
- }
+int
+stress_test(int argc, char *argv[])
+{
+
+ PKIX_UInt32 i, k, length, hashcode;
+ PKIX_UInt32 size = 17576;
+ char temp[4];
+ PKIX_Boolean result;
+ PKIX_PL_String *strings[17576], *tempString;
+ PKIX_PL_String *utf16strings[17576];
+ PKIX_PL_ByteArray *byteArrays[17576];
+ void *dest;
+ PKIX_PL_HashTable *ht = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Stress Test");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ /* ---------------------------- */
+ subTest("Create every three letter String");
+
+ for (i = 0; i < 26; i++)
+ for (j = 0; j < 26; j++)
+ for (k = 0; k < 26; k++) {
+ temp[0] = (char)('a' + i);
+ temp[1] = (char)('a' + j);
+ temp[2] = (char)('a' + k);
+ temp[3] = 0;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, temp, 3,
+ &strings[26 * (i * 26 + j) + k],
+ plContext));
+ }
+
+ /* ---------------------------- */
+ subTest("Create a bytearray from each string's UTF-16 encoding");
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(strings[i],
+ PKIX_UTF16,
+ &dest,
+ &length,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(dest, length, &byteArrays[i], plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ }
+
+ /* ---------------------------- */
+ subTest("Create a copy string from each bytearray");
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF16, *(void **)byteArrays[i], 6,
+ &utf16strings[i], plContext));
+ }
+
+ /* ---------------------------- */
+ subTest("Compare each original string with the copy");
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)strings[i],
+ (PKIX_PL_Object *)utf16strings[i],
+ &result,
+ plContext));
+ if (result == 0)
+ testError("Strings do not match");
+ }
+
+ /* ---------------------------- */
+ subTest("Put each string into a Hashtable");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(size /
+ 2,
+ 0, &ht, plContext));
+
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)strings[i],
+ &hashcode,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (void *)&hashcode,
+ (void *)strings[i],
+ plContext));
+ }
+
+ /* ---------------------------- */
+ subTest("Compare each copy string with the hashtable entries ");
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)utf16strings[i],
+ &hashcode,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (void *)&hashcode,
+ (PKIX_PL_Object **)&tempString,
+ plContext));
+
+ if (tempString == NULL)
+ testError("String not found in hashtable");
+ else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)tempString,
+ (PKIX_PL_Object *)utf16strings[i],
+ &result,
+ plContext));
+ if (result == 0)
+ testError("Strings do not match");
+ PKIX_TEST_DECREF_BC(tempString);
}
+ }
cleanup:
- /* ---------------------------- */
- subTest("Destroy All Objects");
+ /* ---------------------------- */
+ subTest("Destroy All Objects");
- PKIX_TEST_DECREF_AC(ht);
+ PKIX_TEST_DECREF_AC(ht);
- for (i = 0; i < size; i++) {
- PKIX_TEST_DECREF_AC(strings[i]);
- PKIX_TEST_DECREF_AC(utf16strings[i]);
- PKIX_TEST_DECREF_AC(byteArrays[i]);
- }
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_DECREF_AC(strings[i]);
+ PKIX_TEST_DECREF_AC(utf16strings[i]);
+ PKIX_TEST_DECREF_AC(byteArrays[i]);
+ }
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("Stress Test");
- return (0);
+ endTests("Stress Test");
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_bigint.c b/cmd/libpkix/pkix_pl/system/test_bigint.c
index a70f8d349..85b98eee3 100644
--- a/cmd/libpkix/pkix_pl/system/test_bigint.c
+++ b/cmd/libpkix/pkix_pl/system/test_bigint.c
@@ -15,180 +15,176 @@ static void *plContext = NULL;
static void
createBigInt(
- PKIX_PL_BigInt **bigInts,
- char *bigIntAscii,
- PKIX_Boolean errorHandling)
+ PKIX_PL_BigInt **bigInts,
+ char *bigIntAscii,
+ PKIX_Boolean errorHandling)
{
- PKIX_PL_String *bigIntString = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- bigIntAscii,
- PL_strlen(bigIntAscii),
- &bigIntString,
- plContext));
-
- if (errorHandling){
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_BigInt_Create
- (bigIntString,
- bigInts,
- plContext));
- } else {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create
- (bigIntString,
- bigInts,
- plContext));
- }
+ PKIX_PL_String *bigIntString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ bigIntAscii,
+ PL_strlen(bigIntAscii),
+ &bigIntString,
+ plContext));
+
+ if (errorHandling) {
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_BigInt_Create(bigIntString,
+ bigInts,
+ plContext));
+ } else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(bigIntString,
+ bigInts,
+ plContext));
+ }
cleanup:
- PKIX_TEST_DECREF_AC(bigIntString);
+ PKIX_TEST_DECREF_AC(bigIntString);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testToString(
- PKIX_PL_BigInt *bigInt,
- char *expAscii)
+ PKIX_PL_BigInt *bigInt,
+ char *expAscii)
{
- PKIX_PL_String *bigIntString = NULL;
- char *temp = NULL;
+ PKIX_PL_String *bigIntString = NULL;
+ char *temp = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)bigInt,
- &bigIntString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)bigInt,
+ &bigIntString, plContext));
- temp = PKIX_String2ASCII(bigIntString, plContext);
- if (temp == plContext){
- testError("PKIX_String2Ascii failed");
- goto cleanup;
- }
+ temp = PKIX_String2ASCII(bigIntString, plContext);
+ if (temp == plContext) {
+ testError("PKIX_String2Ascii failed");
+ goto cleanup;
+ }
- if (PL_strcmp(temp, expAscii) != 0) {
- (void) printf("\tBigInt ToString: %s %s\n", temp, expAscii);
- testError("Output string does not match source");
- }
+ if (PL_strcmp(temp, expAscii) != 0) {
+ (void)printf("\tBigInt ToString: %s %s\n", temp, expAscii);
+ testError("Output string does not match source");
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(bigIntString);
+ PKIX_TEST_DECREF_AC(bigIntString);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testCompare(
- PKIX_PL_BigInt *firstBigInt,
- PKIX_PL_BigInt *secondBigInt,
- PKIX_Int32 *cmpResult)
+ PKIX_PL_BigInt *firstBigInt,
+ PKIX_PL_BigInt *secondBigInt,
+ PKIX_Int32 *cmpResult)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare
- ((PKIX_PL_Object*)firstBigInt,
- (PKIX_PL_Object*)secondBigInt,
- cmpResult, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)firstBigInt,
+ (PKIX_PL_Object *)secondBigInt,
+ cmpResult, plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testDestroy(
- PKIX_PL_BigInt *bigInt)
+ PKIX_PL_BigInt *bigInt)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(bigInt);
+ PKIX_TEST_DECREF_BC(bigInt);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_bigint(int argc, char *argv[]) {
+int
+test_bigint(int argc, char *argv[])
+{
- PKIX_UInt32 size = 4, badSize = 3, i = 0;
- PKIX_PL_BigInt *testBigInt[4] = {NULL};
- PKIX_Int32 cmpResult;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ PKIX_UInt32 size = 4, badSize = 3, i = 0;
+ PKIX_PL_BigInt *testBigInt[4] = { NULL };
+ PKIX_Int32 cmpResult;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- char *bigIntValue[4] =
+ char *bigIntValue[4] =
{
- "03",
- "ff",
- "1010101010101010101010101010101010101010",
- "1010101010101010101010101010101010101010",
+ "03",
+ "ff",
+ "1010101010101010101010101010101010101010",
+ "1010101010101010101010101010101010101010",
};
- char *badValue[3] = {"00ff", "fff", "-ff"};
-
- PKIX_TEST_STD_VARS();
-
- startTests("BigInts");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- for (i = 0; i < badSize; i++) {
- subTest("PKIX_PL_BigInt_Create <error_handling>");
- createBigInt(&testBigInt[i], badValue[i], PKIX_TRUE);
- }
-
- for (i = 0; i < size; i++) {
- subTest("PKIX_PL_BigInt_Create");
- createBigInt(&testBigInt[i], bigIntValue[i], PKIX_FALSE);
- }
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (testBigInt[2],
- testBigInt[3],
- testBigInt[1],
- bigIntValue[2],
- BigInt,
- PKIX_TRUE);
-
- for (i = 0; i < size; i++) {
- subTest("PKIX_PL_BigInt_ToString");
- testToString(testBigInt[i], bigIntValue[i]);
- }
-
- subTest("PKIX_PL_BigInt_Compare <gt>");
- testCompare(testBigInt[2], testBigInt[1], &cmpResult);
- if (cmpResult <= 0){
- testError("Invalid Result from String Compare");
- }
-
- subTest("PKIX_PL_BigInt_Compare <lt>");
- testCompare(testBigInt[1], testBigInt[2], &cmpResult);
- if (cmpResult >= 0){
- testError("Invalid Result from String Compare");
- }
-
- subTest("PKIX_PL_BigInt_Compare <eq>");
- testCompare(testBigInt[2], testBigInt[3], &cmpResult);
- if (cmpResult != 0){
- testError("Invalid Result from String Compare");
- }
-
- for (i = 0; i < size; i++) {
- subTest("PKIX_PL_BigInt_Destroy");
- testDestroy(testBigInt[i]);
- }
+ char *badValue[3] = { "00ff", "fff", "-ff" };
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("BigInts");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ for (i = 0; i < badSize; i++) {
+ subTest("PKIX_PL_BigInt_Create <error_handling>");
+ createBigInt(&testBigInt[i], badValue[i], PKIX_TRUE);
+ }
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_BigInt_Create");
+ createBigInt(&testBigInt[i], bigIntValue[i], PKIX_FALSE);
+ }
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(testBigInt[2],
+ testBigInt[3],
+ testBigInt[1],
+ bigIntValue[2],
+ BigInt,
+ PKIX_TRUE);
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_BigInt_ToString");
+ testToString(testBigInt[i], bigIntValue[i]);
+ }
+
+ subTest("PKIX_PL_BigInt_Compare <gt>");
+ testCompare(testBigInt[2], testBigInt[1], &cmpResult);
+ if (cmpResult <= 0) {
+ testError("Invalid Result from String Compare");
+ }
+
+ subTest("PKIX_PL_BigInt_Compare <lt>");
+ testCompare(testBigInt[1], testBigInt[2], &cmpResult);
+ if (cmpResult >= 0) {
+ testError("Invalid Result from String Compare");
+ }
+
+ subTest("PKIX_PL_BigInt_Compare <eq>");
+ testCompare(testBigInt[2], testBigInt[3], &cmpResult);
+ if (cmpResult != 0) {
+ testError("Invalid Result from String Compare");
+ }
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_BigInt_Destroy");
+ testDestroy(testBigInt[i]);
+ }
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- endTests("BigInt");
+ endTests("BigInt");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_bytearray.c b/cmd/libpkix/pkix_pl/system/test_bytearray.c
index ba056681c..402685b59 100644
--- a/cmd/libpkix/pkix_pl/system/test_bytearray.c
+++ b/cmd/libpkix/pkix_pl/system/test_bytearray.c
@@ -15,227 +15,217 @@ static void *plContext = NULL;
static void
createByteArray(
- PKIX_PL_ByteArray **byteArray,
- char *bytes,
- PKIX_UInt32 length)
+ PKIX_PL_ByteArray **byteArray,
+ char *bytes,
+ PKIX_UInt32 length)
{
- PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create
- ((void*)bytes,
- length,
- byteArray,
- plContext));
+ PKIX_TEST_STD_VARS();
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)bytes,
+ length,
+ byteArray,
+ plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-
static void
testZeroLength(void)
{
- PKIX_PL_ByteArray *byteArray = NULL;
- void *array = NULL;
- PKIX_UInt32 length = 2;
+ PKIX_PL_ByteArray *byteArray = NULL;
+ void *array = NULL;
+ PKIX_UInt32 length = 2;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- createByteArray(&byteArray, NULL, 0);
+ createByteArray(&byteArray, NULL, 0);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetLength
- (byteArray, &length, plContext));
- if (length != 0){
- testError("Length should be zero");
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetLength(byteArray, &length, plContext));
+ if (length != 0) {
+ testError("Length should be zero");
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetPointer
- (byteArray, &array, plContext));
- if (array){
- testError("Array should be NULL");
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetPointer(byteArray, &array, plContext));
+ if (array) {
+ testError("Array should be NULL");
+ }
- testToStringHelper((PKIX_PL_Object *)byteArray, "[]", plContext);
+ testToStringHelper((PKIX_PL_Object *)byteArray, "[]", plContext);
cleanup:
- PKIX_TEST_DECREF_AC(byteArray);
+ PKIX_TEST_DECREF_AC(byteArray);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-
static void
testToString(
- PKIX_PL_ByteArray *byteArray,
- char *expAscii)
+ PKIX_PL_ByteArray *byteArray,
+ char *expAscii)
{
- PKIX_PL_String *string = NULL;
- char *temp = NULL;
+ PKIX_PL_String *string = NULL;
+ char *temp = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)byteArray,
- &string, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)byteArray,
+ &string, plContext));
- temp = PKIX_String2ASCII(string, plContext);
- if (temp == NULL){
- testError("PKIX_String2Ascii failed");
- goto cleanup;
- }
+ temp = PKIX_String2ASCII(string, plContext);
+ if (temp == NULL) {
+ testError("PKIX_String2Ascii failed");
+ goto cleanup;
+ }
- if (PL_strcmp(temp, expAscii) != 0) {
- (void) printf("\tByteArray ToString: %s %s\n", temp, expAscii);
- testError("Output string does not match source");
- }
+ if (PL_strcmp(temp, expAscii) != 0) {
+ (void)printf("\tByteArray ToString: %s %s\n", temp, expAscii);
+ testError("Output string does not match source");
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(string);
+ PKIX_TEST_DECREF_AC(string);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testGetLength(
- PKIX_PL_ByteArray *byteArray,
- PKIX_UInt32 expLength)
+ PKIX_PL_ByteArray *byteArray,
+ PKIX_UInt32 expLength)
{
- PKIX_UInt32 arrayLength;
+ PKIX_UInt32 arrayLength;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetLength
- (byteArray, &arrayLength, plContext));
-
- if (arrayLength != expLength){
- (void) printf("\tByteArray GetLength: %d %d\n",
- arrayLength, expLength);
- testError("Incorrect Array Length returned");
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetLength(byteArray, &arrayLength, plContext));
+ if (arrayLength != expLength) {
+ (void)printf("\tByteArray GetLength: %d %d\n",
+ arrayLength, expLength);
+ testError("Incorrect Array Length returned");
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testGetPointer(
- PKIX_PL_ByteArray *byteArray,
- char *expBytes,
- PKIX_UInt32 arrayLength)
+ PKIX_PL_ByteArray *byteArray,
+ char *expBytes,
+ PKIX_UInt32 arrayLength)
{
- char *temp = NULL;
- PKIX_UInt32 j;
+ char *temp = NULL;
+ PKIX_UInt32 j;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetPointer
- (byteArray, (void **)&temp, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetPointer(byteArray, (void **)&temp, plContext));
- for (j = 0; j < arrayLength; j++) {
- if (temp[j] != expBytes[j]){
- testError("Incorrect Byte Array Contents");
- }
+ for (j = 0; j < arrayLength; j++) {
+ if (temp[j] != expBytes[j]) {
+ testError("Incorrect Byte Array Contents");
}
+ }
cleanup:
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- PKIX_TEST_RETURN();
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ PKIX_TEST_RETURN();
}
void
testDestroy(
- PKIX_PL_ByteArray *byteArray)
+ PKIX_PL_ByteArray *byteArray)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(byteArray);
+ PKIX_TEST_DECREF_BC(byteArray);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_bytearray(int argc, char *argv[]) {
-
- PKIX_PL_ByteArray *testByteArray[4];
-
- PKIX_UInt32 i, size = 4;
- PKIX_UInt32 lengths[4] = {5, 6, 1, 5};
- char dArray0[5] = {1, 2, 3, 4, 5};
- unsigned char dArray1[6] = {127, 128, 129, 254, 255, 0};
- char dArray2[1] = {100};
- char dArray3[5] = {1, 2, 3, 4, 5};
-
- char *expected[4] = {
- "[001, 002, 003, 004, 005]",
- "[127, 128, 129, 254, 255, 000]",
- "[100]",
- "[001, 002, 003, 004, 005]"
- };
-
- char *dummyArray[4];
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- PKIX_TEST_STD_VARS();
-
- dummyArray[0] = dArray0;
- dummyArray[1] = (char*)dArray1;
- dummyArray[2] = dArray2;
- dummyArray[3] = dArray3;
-
- startTests("ByteArrays");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- subTest ("PKIX_PL_ByteArray_Create <zero length>");
- testZeroLength();
-
- for (i = 0; i < size; i++) {
- subTest("PKIX_PL_ByteArray_Create");
- createByteArray(&testByteArray[i], dummyArray[i], lengths[i]);
- }
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (testByteArray[0],
- testByteArray[3],
- testByteArray[1],
- "[001, 002, 003, 004, 005]",
- ByteArray,
- PKIX_TRUE);
-
- for (i = 0; i < size; i++) {
- subTest("PKIX_PL_ByteArray_ToString");
- testToString(testByteArray[i], expected[i]);
- }
-
- for (i = 0; i < size; i++) {
- subTest("PKIX_PL_ByteArray_GetLength");
- testGetLength(testByteArray[i], lengths[i]);
- }
-
- for (i = 0; i < size; i++) {
- subTest("PKIX_PL_ByteArray_GetPointer");
- testGetPointer(testByteArray[i], dummyArray[i], lengths[i]);
- }
-
+int
+test_bytearray(int argc, char *argv[])
+{
- for (i = 0; i < size; i++) {
- subTest("PKIX_PL_ByteArray_Destroy");
- testDestroy(testByteArray[i]);
- }
+ PKIX_PL_ByteArray *testByteArray[4];
+
+ PKIX_UInt32 i, size = 4;
+ PKIX_UInt32 lengths[4] = { 5, 6, 1, 5 };
+ char dArray0[5] = { 1, 2, 3, 4, 5 };
+ unsigned char dArray1[6] = { 127, 128, 129, 254, 255, 0 };
+ char dArray2[1] = { 100 };
+ char dArray3[5] = { 1, 2, 3, 4, 5 };
+
+ char *expected[4] = {
+ "[001, 002, 003, 004, 005]",
+ "[127, 128, 129, 254, 255, 000]",
+ "[100]",
+ "[001, 002, 003, 004, 005]"
+ };
+
+ char *dummyArray[4];
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ dummyArray[0] = dArray0;
+ dummyArray[1] = (char *)dArray1;
+ dummyArray[2] = dArray2;
+ dummyArray[3] = dArray3;
+
+ startTests("ByteArrays");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("PKIX_PL_ByteArray_Create <zero length>");
+ testZeroLength();
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_ByteArray_Create");
+ createByteArray(&testByteArray[i], dummyArray[i], lengths[i]);
+ }
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(testByteArray[0],
+ testByteArray[3],
+ testByteArray[1],
+ "[001, 002, 003, 004, 005]",
+ ByteArray,
+ PKIX_TRUE);
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_ByteArray_ToString");
+ testToString(testByteArray[i], expected[i]);
+ }
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_ByteArray_GetLength");
+ testGetLength(testByteArray[i], lengths[i]);
+ }
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_ByteArray_GetPointer");
+ testGetPointer(testByteArray[i], dummyArray[i], lengths[i]);
+ }
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_ByteArray_Destroy");
+ testDestroy(testByteArray[i]);
+ }
cleanup:
- PKIX_Shutdown(plContext);
-
- endTests("ByteArray");
+ PKIX_Shutdown(plContext);
- return (0);
+ endTests("ByteArray");
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_hashtable.c b/cmd/libpkix/pkix_pl/system/test_hashtable.c
index 9d774a678..663bfc9fa 100644
--- a/cmd/libpkix/pkix_pl/system/test_hashtable.c
+++ b/cmd/libpkix/pkix_pl/system/test_hashtable.c
@@ -15,411 +15,366 @@ static void *plContext = NULL;
static void
createHashTables(
- PKIX_PL_HashTable **ht,
- PKIX_PL_HashTable **ht2,
- PKIX_PL_HashTable **ht3,
- PKIX_PL_HashTable **ht4)
+ PKIX_PL_HashTable **ht,
+ PKIX_PL_HashTable **ht2,
+ PKIX_PL_HashTable **ht3,
+ PKIX_PL_HashTable **ht4)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create
- (1, 0, ht, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create
- (5, 0, ht2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(1, 0, ht, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(5, 0, ht2, plContext));
- /* at most two entries per bucket */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create
- (1, 2, ht4, plContext));
+ /* at most two entries per bucket */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(1, 2, ht4, plContext));
- *ht3 = *ht;
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_IncRef((PKIX_PL_Object*)*ht3, plContext));
+ *ht3 = *ht;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*ht3, plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testAdd(
- PKIX_PL_HashTable *ht,
- PKIX_PL_HashTable *ht2,
- PKIX_PL_String **testString,
- PKIX_PL_String **testString2,
- PKIX_PL_String **testString3,
- PKIX_PL_OID **testOID)
+ PKIX_PL_HashTable *ht,
+ PKIX_PL_HashTable *ht2,
+ PKIX_PL_String **testString,
+ PKIX_PL_String **testString2,
+ PKIX_PL_String **testString3,
+ PKIX_PL_OID **testOID)
{
- char* dummyString = "test string 1";
- char* dummyString2 = "test string 2";
- char* dummyString3 = "test string 3";
- char* dummyOID = "2.11.22222.33333";
-
- PKIX_TEST_STD_VARS();
-
- /* Make some dummy objects */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_String_Create(
- PKIX_ESCASCII,
- dummyString,
- PL_strlen(dummyString),
- testString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_String_Create(
- PKIX_ESCASCII,
- dummyString2,
- PL_strlen(dummyString2),
- testString2,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_String_Create(
- PKIX_ESCASCII,
- dummyString3,
- PL_strlen(dummyString3),
- testString3,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_OID_Create(dummyOID, testOID, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add
- (ht,
- (PKIX_PL_Object *)*testString,
- (PKIX_PL_Object *)*testString2,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add
- (ht2,
- (PKIX_PL_Object *)*testString,
- (PKIX_PL_Object *)*testString2,
- plContext));
-
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add
- (ht,
- (PKIX_PL_Object *)*testString2,
- (PKIX_PL_Object *)*testString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add
- (ht2,
- (PKIX_PL_Object *)*testString2,
- (PKIX_PL_Object *)*testString,
- plContext));
-
-
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add
- (ht,
- (PKIX_PL_Object *)*testOID,
- (PKIX_PL_Object *)*testOID,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add
- (ht2,
- (PKIX_PL_Object *)*testOID,
- (PKIX_PL_Object *)*testOID,
- plContext));
+ char *dummyString = "test string 1";
+ char *dummyString2 = "test string 2";
+ char *dummyString3 = "test string 3";
+ char *dummyOID = "2.11.22222.33333";
+
+ PKIX_TEST_STD_VARS();
+
+ /* Make some dummy objects */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ dummyString,
+ PL_strlen(dummyString),
+ testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ dummyString2,
+ PL_strlen(dummyString2),
+ testString2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ dummyString3,
+ PL_strlen(dummyString3),
+ testString3,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(dummyOID, testOID, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testString,
+ (PKIX_PL_Object *)*testString2,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2,
+ (PKIX_PL_Object *)*testString,
+ (PKIX_PL_Object *)*testString2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testString2,
+ (PKIX_PL_Object *)*testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2,
+ (PKIX_PL_Object *)*testString2,
+ (PKIX_PL_Object *)*testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testOID,
+ (PKIX_PL_Object *)*testOID,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2,
+ (PKIX_PL_Object *)*testOID,
+ (PKIX_PL_Object *)*testOID,
+ plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testAddFIFO(
- PKIX_PL_HashTable *ht,
- PKIX_PL_String **testString,
- PKIX_PL_String **testString2,
- PKIX_PL_String **testString3)
+ PKIX_PL_HashTable *ht,
+ PKIX_PL_String **testString,
+ PKIX_PL_String **testString2,
+ PKIX_PL_String **testString3)
{
- PKIX_PL_String *targetString = NULL;
- PKIX_Boolean cmpResult;
+ PKIX_PL_String *targetString = NULL;
+ PKIX_Boolean cmpResult;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- /*
+ /*
* ht is created as one bucket, two entries per bucket. Since we add
* three items to the ht, we expect the first one to be deleted.
*/
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add
- (ht,
- (PKIX_PL_Object *)*testString,
- (PKIX_PL_Object *)*testString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add
- (ht,
- (PKIX_PL_Object *)*testString2,
- (PKIX_PL_Object *)*testString2,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add
- (ht,
- (PKIX_PL_Object *)*testString3,
- (PKIX_PL_Object *)*testString3,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup
- (ht,
- (PKIX_PL_Object *)*testString,
- (PKIX_PL_Object**)&targetString,
- plContext));
- if (targetString != NULL) {
- testError("HashTable_Lookup retrieved a supposed deleted item");
- PKIX_TEST_DECREF_BC(targetString);
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup
- (ht,
- (PKIX_PL_Object *)*testString3,
- (PKIX_PL_Object**)&targetString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Equals(
- (PKIX_PL_Object *)targetString,
- (PKIX_PL_Object *)*testString3,
- &cmpResult,
- plContext));
- if (cmpResult != PKIX_TRUE){
- testError("HashTable_Lookup failed");
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testString,
+ (PKIX_PL_Object *)*testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testString2,
+ (PKIX_PL_Object *)*testString2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testString3,
+ (PKIX_PL_Object *)*testString3,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (PKIX_PL_Object *)*testString,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+ if (targetString != NULL) {
+ testError("HashTable_Lookup retrieved a supposed deleted item");
PKIX_TEST_DECREF_BC(targetString);
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (PKIX_PL_Object *)*testString3,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetString,
+ (PKIX_PL_Object *)*testString3,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testLookup(
- PKIX_PL_HashTable *ht,
- PKIX_PL_HashTable *ht2,
- PKIX_PL_String *testString,
- PKIX_PL_String *testString2,
- PKIX_PL_String *testString3,
- PKIX_PL_OID *testOID)
+ PKIX_PL_HashTable *ht,
+ PKIX_PL_HashTable *ht2,
+ PKIX_PL_String *testString,
+ PKIX_PL_String *testString2,
+ PKIX_PL_String *testString3,
+ PKIX_PL_OID *testOID)
{
- PKIX_PL_String *targetString = NULL;
- PKIX_PL_String *targetOID = NULL;
- PKIX_Boolean cmpResult;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup
- (ht,
- (PKIX_PL_Object *)testString,
- (PKIX_PL_Object**)&targetString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Equals(
- (PKIX_PL_Object *)targetString,
- (PKIX_PL_Object *)testString2,
- &cmpResult,
- plContext));
- if (cmpResult != PKIX_TRUE){
- testError("HashTable_Lookup failed");
- }
- PKIX_TEST_DECREF_BC(targetString);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup
- (ht2,
- (PKIX_PL_Object *)testString,
- (PKIX_PL_Object**)&targetString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Equals(
- (PKIX_PL_Object *)targetString,
- (PKIX_PL_Object *)testString2,
- &cmpResult,
- plContext));
- if (cmpResult != PKIX_TRUE){
- testError("HashTable_Lookup failed");
- }
- PKIX_TEST_DECREF_BC(targetString);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup
- (ht2,
- (PKIX_PL_Object *)testString2,
- (PKIX_PL_Object**)&targetString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Equals(
- (PKIX_PL_Object *)targetString,
- (PKIX_PL_Object *)testString,
- &cmpResult,
- plContext));
- if (cmpResult != PKIX_TRUE){
- testError("HashTable_Lookup failed");
- }
- PKIX_TEST_DECREF_BC(targetString);
-
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup
- (ht,
- (PKIX_PL_Object *)testOID,
- (PKIX_PL_Object**)&targetOID,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)targetOID, &targetString, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Equals(
- (PKIX_PL_Object *)targetOID,
- (PKIX_PL_Object *)testOID,
- &cmpResult,
- plContext));
- if (cmpResult != PKIX_TRUE){
- testError("HashTable_Lookup failed");
- }
- PKIX_TEST_DECREF_BC(targetString);
- PKIX_TEST_DECREF_BC(targetOID);
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup
- (ht2,
- (PKIX_PL_Object *)testOID,
- (PKIX_PL_Object**)&targetOID,
- plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)targetOID, &targetString, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Equals(
- (PKIX_PL_Object *)targetOID,
- (PKIX_PL_Object *)testOID,
- &cmpResult,
- plContext));
- if (cmpResult != PKIX_TRUE){
- testError("HashTable_Lookup failed");
- }
- PKIX_TEST_DECREF_BC(targetString);
- PKIX_TEST_DECREF_BC(targetOID);
-
- (void) printf("Looking up item not in HashTable.\n");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup
- (ht,
- (PKIX_PL_Object *)testString3,
- (PKIX_PL_Object**)&targetString,
- plContext));
- if (targetString == NULL)
- (void) printf("\tCorrectly returned NULL.\n");
- else
- testError("Hashtable did not return NULL value as expected");
-
+ PKIX_PL_String *targetString = NULL;
+ PKIX_PL_String *targetOID = NULL;
+ PKIX_Boolean cmpResult;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (PKIX_PL_Object *)testString,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetString,
+ (PKIX_PL_Object *)testString2,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2,
+ (PKIX_PL_Object *)testString,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetString,
+ (PKIX_PL_Object *)testString2,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2,
+ (PKIX_PL_Object *)testString2,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetString,
+ (PKIX_PL_Object *)testString,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (PKIX_PL_Object *)testOID,
+ (PKIX_PL_Object **)&targetOID,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)targetOID, &targetString, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetOID,
+ (PKIX_PL_Object *)testOID,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
+ PKIX_TEST_DECREF_BC(targetOID);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2,
+ (PKIX_PL_Object *)testOID,
+ (PKIX_PL_Object **)&targetOID,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)targetOID, &targetString, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetOID,
+ (PKIX_PL_Object *)testOID,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
+ PKIX_TEST_DECREF_BC(targetOID);
+
+ (void)printf("Looking up item not in HashTable.\n");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (PKIX_PL_Object *)testString3,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+ if (targetString == NULL)
+ (void)printf("\tCorrectly returned NULL.\n");
+ else
+ testError("Hashtable did not return NULL value as expected");
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testRemove(
- PKIX_PL_HashTable *ht,
- PKIX_PL_HashTable *ht2,
- PKIX_PL_String *testString,
- PKIX_PL_String *testString2,
- PKIX_PL_OID *testOID)
+ PKIX_PL_HashTable *ht,
+ PKIX_PL_HashTable *ht2,
+ PKIX_PL_String *testString,
+ PKIX_PL_String *testString2,
+ PKIX_PL_OID *testOID)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove
- (ht,
- (PKIX_PL_Object *)testString,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht,
+ (PKIX_PL_Object *)testString,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove
- (ht,
- (PKIX_PL_Object *)testOID,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht,
+ (PKIX_PL_Object *)testOID,
+ plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove
- (ht2,
- (PKIX_PL_Object *)testString2,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht2,
+ (PKIX_PL_Object *)testString2,
+ plContext));
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_HashTable_Remove
- (ht,
- (PKIX_PL_Object *)testString,
- plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_HashTable_Remove(ht,
+ (PKIX_PL_Object *)testString,
+ plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testDestroy(
- PKIX_PL_HashTable *ht,
- PKIX_PL_HashTable *ht2,
- PKIX_PL_HashTable *ht3,
- PKIX_PL_HashTable *ht4)
+ PKIX_PL_HashTable *ht,
+ PKIX_PL_HashTable *ht2,
+ PKIX_PL_HashTable *ht3,
+ PKIX_PL_HashTable *ht4)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(ht);
- PKIX_TEST_DECREF_BC(ht2);
- PKIX_TEST_DECREF_BC(ht3);
- PKIX_TEST_DECREF_BC(ht4);
+ PKIX_TEST_DECREF_BC(ht);
+ PKIX_TEST_DECREF_BC(ht2);
+ PKIX_TEST_DECREF_BC(ht3);
+ PKIX_TEST_DECREF_BC(ht4);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
+int
+test_hashtable(int argc, char *argv[])
+{
+ PKIX_PL_HashTable *ht, *ht2, *ht3, *ht4;
+ PKIX_PL_String *testString, *testString2, *testString3;
+ PKIX_PL_OID *testOID;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ PKIX_TEST_STD_VARS();
-int test_hashtable(int argc, char *argv[]) {
-
- PKIX_PL_HashTable *ht, *ht2, *ht3, *ht4;
- PKIX_PL_String *testString, *testString2, *testString3;
- PKIX_PL_OID *testOID;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- PKIX_TEST_STD_VARS();
-
- startTests("HashTables");
+ startTests("HashTables");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- subTest("PKIX_PL_HashTable_Create");
- createHashTables(&ht, &ht2, &ht3, &ht4);
+ subTest("PKIX_PL_HashTable_Create");
+ createHashTables(&ht, &ht2, &ht3, &ht4);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (ht,
- ht3,
- ht2,
- NULL,
- HashTable,
- PKIX_FALSE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(ht,
+ ht3,
+ ht2,
+ NULL,
+ HashTable,
+ PKIX_FALSE);
- subTest("PKIX_PL_HashTable_Add");
- testAdd(ht, ht2, &testString, &testString2, &testString3, &testOID);
+ subTest("PKIX_PL_HashTable_Add");
+ testAdd(ht, ht2, &testString, &testString2, &testString3, &testOID);
- subTest("PKIX_PL_HashTable_ADD - with Bucket Size limit");
- testAddFIFO(ht4, &testString, &testString2, &testString3);
+ subTest("PKIX_PL_HashTable_ADD - with Bucket Size limit");
+ testAddFIFO(ht4, &testString, &testString2, &testString3);
- subTest("PKIX_PL_HashTable_Lookup");
- testLookup(ht, ht2, testString, testString2, testString3, testOID);
+ subTest("PKIX_PL_HashTable_Lookup");
+ testLookup(ht, ht2, testString, testString2, testString3, testOID);
- subTest("PKIX_PL_HashTable_Remove");
- testRemove(ht, ht2, testString, testString2, testOID);
+ subTest("PKIX_PL_HashTable_Remove");
+ testRemove(ht, ht2, testString, testString2, testOID);
- PKIX_TEST_DECREF_BC(testString);
- PKIX_TEST_DECREF_BC(testString2);
- PKIX_TEST_DECREF_BC(testString3);
- PKIX_TEST_DECREF_BC(testOID);
+ PKIX_TEST_DECREF_BC(testString);
+ PKIX_TEST_DECREF_BC(testString2);
+ PKIX_TEST_DECREF_BC(testString3);
+ PKIX_TEST_DECREF_BC(testOID);
- subTest("PKIX_PL_HashTable_Destroy");
- testDestroy(ht, ht2, ht3, ht4);
+ subTest("PKIX_PL_HashTable_Destroy");
+ testDestroy(ht, ht2, ht3, ht4);
cleanup:
- PKIX_Shutdown(plContext);
-
- endTests("BigInt");
+ PKIX_Shutdown(plContext);
- return (0);
+ endTests("BigInt");
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_mem.c b/cmd/libpkix/pkix_pl/system/test_mem.c
index 3df436761..3a4e5f713 100644
--- a/cmd/libpkix/pkix_pl/system/test_mem.c
+++ b/cmd/libpkix/pkix_pl/system/test_mem.c
@@ -13,119 +13,121 @@
static void *plContext = NULL;
-static
-void testMalloc(PKIX_UInt32 **array)
+static void
+testMalloc(PKIX_UInt32 **array)
{
- PKIX_UInt32 i, arraySize = 10;
- PKIX_TEST_STD_VARS();
-
- /* Create an integer array of size 10 */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(
- (PKIX_UInt32)(arraySize*sizeof (unsigned int)),
- (void **) array, plContext));
-
- /* Fill in some values */
- (void) printf ("Setting array[i] = i...\n");
- for (i = 0; i < arraySize; i++) {
- (*array)[i] = i;
- if ((*array)[i] != i)
- testError("Array has incorrect contents");
- }
-
- /* Memory now reflects changes */
- (void) printf("\tArray: a[0] = %d, a[5] = %d, a[7] = %d.\n",
- (*array[0]), (*array)[5], (*array)[7]);
+ PKIX_UInt32 i, arraySize = 10;
+ PKIX_TEST_STD_VARS();
+
+ /* Create an integer array of size 10 */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(
+ (PKIX_UInt32)(arraySize * sizeof(unsigned int)),
+ (void **)array, plContext));
+
+ /* Fill in some values */
+ (void)printf("Setting array[i] = i...\n");
+ for (i = 0; i < arraySize; i++) {
+ (*array)[i] = i;
+ if ((*array)[i] != i)
+ testError("Array has incorrect contents");
+ }
+
+ /* Memory now reflects changes */
+ (void)printf("\tArray: a[0] = %d, a[5] = %d, a[7] = %d.\n",
+ (*array[0]), (*array)[5], (*array)[7]);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testRealloc(PKIX_UInt32 **array)
+static void
+testRealloc(PKIX_UInt32 **array)
{
- PKIX_UInt32 i, arraySize = 20;
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Realloc(*array,
- (PKIX_UInt32)(arraySize*sizeof (unsigned int)),
- (void **) array, plContext));
-
- /* Fill in the new elements */
- (void) printf ("Setting new portion of array to a[i] = i...\n");
- for (i = arraySize/2; i < arraySize; i++) {
- (*array)[i] = i;
- if ((*array)[i] != i)
- testError("Array has incorrect contents");
- }
-
- /* New elements should be reflected. The old should be the same */
- (void) printf("\tArray: a[0] = %d, a[15] = %d, a[17] = %d.\n",
- (*array)[0], (*array)[15], (*array)[17]);
+ PKIX_UInt32 i, arraySize = 20;
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Realloc(*array,
+ (PKIX_UInt32)(arraySize *
+ sizeof(unsigned int)),
+ (void **)array, plContext));
+
+ /* Fill in the new elements */
+ (void)printf("Setting new portion of array to a[i] = i...\n");
+ for (i = arraySize / 2; i < arraySize; i++) {
+ (*array)[i] = i;
+ if ((*array)[i] != i)
+ testError("Array has incorrect contents");
+ }
+
+ /* New elements should be reflected. The old should be the same */
+ (void)printf("\tArray: a[0] = %d, a[15] = %d, a[17] = %d.\n",
+ (*array)[0], (*array)[15], (*array)[17]);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testFree(PKIX_UInt32 *array)
+static void
+testFree(PKIX_UInt32 *array)
{
- PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext));
+ PKIX_TEST_STD_VARS();
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_mem(int argc, char *argv[]) {
+int
+test_mem(int argc, char *argv[])
+{
- unsigned int *array = NULL;
- int arraySize = 10;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ unsigned int *array = NULL;
+ int arraySize = 10;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("Memory Allocation");
+ startTests("Memory Allocation");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- subTest("PKIX_PL_Malloc");
- testMalloc(&array);
+ subTest("PKIX_PL_Malloc");
+ testMalloc(&array);
- subTest("PKIX_PL_Realloc");
- testRealloc(&array);
+ subTest("PKIX_PL_Realloc");
+ testRealloc(&array);
- subTest("PKIX_PL_Free");
- testFree(array);
+ subTest("PKIX_PL_Free");
+ testFree(array);
- /* --Negative Test Cases------------------- */
- /* Create an integer array of size 10 */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(
- (PKIX_UInt32)(arraySize*sizeof (unsigned int)),
- (void **) &array, plContext));
+ /* --Negative Test Cases------------------- */
+ /* Create an integer array of size 10 */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(
+ (PKIX_UInt32)(arraySize * sizeof(unsigned int)),
+ (void **)&array, plContext));
- (void) printf("Attempting to reallocate 0 sized memory...\n");
+ (void)printf("Attempting to reallocate 0 sized memory...\n");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Realloc(array, 0, (void **) &array, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Realloc(array, 0, (void **)&array, plContext));
- (void) printf("Attempting to allocate to null pointer...\n");
+ (void)printf("Attempting to allocate to null pointer...\n");
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_Malloc(10, NULL, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Malloc(10, NULL, plContext));
- (void) printf("Attempting to reallocate to null pointer...\n");
+ (void)printf("Attempting to reallocate to null pointer...\n");
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_Realloc(NULL, 10, NULL, plContext));
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Realloc(NULL, 10, NULL, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext));
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- endTests("Memory Allocation");
+ endTests("Memory Allocation");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_monitorlock.c b/cmd/libpkix/pkix_pl/system/test_monitorlock.c
index 513489747..21974258f 100644
--- a/cmd/libpkix/pkix_pl/system/test_monitorlock.c
+++ b/cmd/libpkix/pkix_pl/system/test_monitorlock.c
@@ -13,99 +13,92 @@
static void *plContext = NULL;
-static
-void createMonitorLockes(
- PKIX_PL_MonitorLock **monitorLock,
- PKIX_PL_MonitorLock **monitorLock2,
- PKIX_PL_MonitorLock **monitorLock3)
+static void
+createMonitorLockes(
+ PKIX_PL_MonitorLock **monitorLock,
+ PKIX_PL_MonitorLock **monitorLock2,
+ PKIX_PL_MonitorLock **monitorLock3)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Create
- (monitorLock, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Create
- (monitorLock2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Create(monitorLock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Create(monitorLock2, plContext));
- *monitorLock3 = *monitorLock;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
- ((PKIX_PL_Object*)*monitorLock3, plContext));
+ *monitorLock3 = *monitorLock;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*monitorLock3, plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testLock(PKIX_PL_MonitorLock *monitorLock)
+static void
+testLock(PKIX_PL_MonitorLock *monitorLock)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Enter
- (monitorLock, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Enter
- (monitorLock, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Exit
- (monitorLock, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Exit
- (monitorLock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Enter(monitorLock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Enter(monitorLock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Exit(monitorLock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Exit(monitorLock, plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testDestroy(
- PKIX_PL_MonitorLock *monitorLock,
- PKIX_PL_MonitorLock *monitorLock2,
- PKIX_PL_MonitorLock *monitorLock3)
+static void
+testDestroy(
+ PKIX_PL_MonitorLock *monitorLock,
+ PKIX_PL_MonitorLock *monitorLock2,
+ PKIX_PL_MonitorLock *monitorLock3)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(monitorLock);
- PKIX_TEST_DECREF_BC(monitorLock2);
- PKIX_TEST_DECREF_BC(monitorLock3);
+ PKIX_TEST_DECREF_BC(monitorLock);
+ PKIX_TEST_DECREF_BC(monitorLock2);
+ PKIX_TEST_DECREF_BC(monitorLock3);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_monitorlock(int argc, char *argv[]) {
+int
+test_monitorlock(int argc, char *argv[])
+{
- PKIX_PL_MonitorLock *monitorLock, *monitorLock2, *monitorLock3;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ PKIX_PL_MonitorLock *monitorLock, *monitorLock2, *monitorLock3;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("MonitorLocks");
+ startTests("MonitorLocks");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- subTest("PKIX_PL_MonitorLock_Create");
- createMonitorLockes(&monitorLock, &monitorLock2, &monitorLock3);
+ subTest("PKIX_PL_MonitorLock_Create");
+ createMonitorLockes(&monitorLock, &monitorLock2, &monitorLock3);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (monitorLock,
- monitorLock3,
- monitorLock2,
- NULL,
- MonitorLock,
- PKIX_FALSE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(monitorLock,
+ monitorLock3,
+ monitorLock2,
+ NULL,
+ MonitorLock,
+ PKIX_FALSE);
- subTest("PKIX_PL_MonitorLock_Lock/Unlock");
- testLock(monitorLock);
+ subTest("PKIX_PL_MonitorLock_Lock/Unlock");
+ testLock(monitorLock);
- subTest("PKIX_PL_MonitorLock_Destroy");
- testDestroy(monitorLock, monitorLock2, monitorLock3);
+ subTest("PKIX_PL_MonitorLock_Destroy");
+ testDestroy(monitorLock, monitorLock2, monitorLock3);
cleanup:
- PKIX_Shutdown(plContext);
-
- PKIX_TEST_RETURN();
+ PKIX_Shutdown(plContext);
- endTests("MonitorLockes");
+ PKIX_TEST_RETURN();
- return (0);
+ endTests("MonitorLockes");
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_mutex.c b/cmd/libpkix/pkix_pl/system/test_mutex.c
index f40ad44ab..bb0e7a024 100644
--- a/cmd/libpkix/pkix_pl/system/test_mutex.c
+++ b/cmd/libpkix/pkix_pl/system/test_mutex.c
@@ -13,91 +13,90 @@
static void *plContext = NULL;
-static
-void createMutexes(
- PKIX_PL_Mutex **mutex,
- PKIX_PL_Mutex **mutex2,
- PKIX_PL_Mutex **mutex3)
+static void
+createMutexes(
+ PKIX_PL_Mutex **mutex,
+ PKIX_PL_Mutex **mutex2,
+ PKIX_PL_Mutex **mutex3)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(mutex, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(mutex2, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(mutex, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(mutex2, plContext));
- *mutex3 = *mutex;
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_IncRef((PKIX_PL_Object*)*mutex3, plContext));
+ *mutex3 = *mutex;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*mutex3, plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testLock(PKIX_PL_Mutex *mutex)
+static void
+testLock(PKIX_PL_Mutex *mutex)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Lock(mutex, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Unlock(mutex, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Lock(mutex, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Unlock(mutex, plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-static
-void testDestroy(
- PKIX_PL_Mutex *mutex,
- PKIX_PL_Mutex *mutex2,
- PKIX_PL_Mutex *mutex3)
+static void
+testDestroy(
+ PKIX_PL_Mutex *mutex,
+ PKIX_PL_Mutex *mutex2,
+ PKIX_PL_Mutex *mutex3)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(mutex);
- PKIX_TEST_DECREF_BC(mutex2);
- PKIX_TEST_DECREF_BC(mutex3);
+ PKIX_TEST_DECREF_BC(mutex);
+ PKIX_TEST_DECREF_BC(mutex2);
+ PKIX_TEST_DECREF_BC(mutex3);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_mutex(int argc, char *argv[]) {
+int
+test_mutex(int argc, char *argv[])
+{
- PKIX_PL_Mutex *mutex, *mutex2, *mutex3;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ PKIX_PL_Mutex *mutex, *mutex2, *mutex3;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("Mutexes");
+ startTests("Mutexes");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- subTest("PKIX_PL_Mutex_Create");
- createMutexes(&mutex, &mutex2, &mutex3);
+ subTest("PKIX_PL_Mutex_Create");
+ createMutexes(&mutex, &mutex2, &mutex3);
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (mutex,
- mutex3,
- mutex2,
- NULL,
- Mutex,
- PKIX_FALSE);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(mutex,
+ mutex3,
+ mutex2,
+ NULL,
+ Mutex,
+ PKIX_FALSE);
- subTest("PKIX_PL_Mutex_Lock/Unlock");
- testLock(mutex);
+ subTest("PKIX_PL_Mutex_Lock/Unlock");
+ testLock(mutex);
- subTest("PKIX_PL_Mutex_Destroy");
- testDestroy(mutex, mutex2, mutex3);
+ subTest("PKIX_PL_Mutex_Destroy");
+ testDestroy(mutex, mutex2, mutex3);
cleanup:
- PKIX_Shutdown(plContext);
-
- PKIX_TEST_RETURN();
+ PKIX_Shutdown(plContext);
- endTests("Mutexes");
+ PKIX_TEST_RETURN();
- return (0);
+ endTests("Mutexes");
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_mutex2.c b/cmd/libpkix/pkix_pl/system/test_mutex2.c
index fc433840c..197eba2b4 100644
--- a/cmd/libpkix/pkix_pl/system/test_mutex2.c
+++ b/cmd/libpkix/pkix_pl/system/test_mutex2.c
@@ -8,7 +8,6 @@
*
*/
-
#include "testutil.h"
#include "testutil_nss.h"
@@ -17,144 +16,151 @@ static PKIX_PL_Mutex *mutex;
static PRCondVar *cv;
static void *plContext = NULL;
-static void consumer(/* ARGSUSED */ void* arg) {
- PRStatus status = PR_SUCCESS;
- PKIX_Error *errorResult;
- int i = 0;
- for (i = 0; i < 5; i++) {
- (void) PKIX_PL_Mutex_Lock(mutex, plContext);
- while (((box1 == 0) ||
- (box2 == 0) ||
- (box3 == 0)) &&
- (status == PR_SUCCESS))
- status = PR_WaitCondVar(cv, PR_INTERVAL_NO_TIMEOUT);
-
- (void) printf("\tConsumer got Box1 = %d ", box1);
- box1 = 0;
- (void) printf("Box2 = %d ", box2);
- box2 = 0;
- (void) printf("Box3 = %d\n", box3);
- box3 = 0;
-
- status = PR_NotifyAllCondVar(cv);
- if (status == PR_FAILURE)
- (void) printf
- ("Consumer error while notifying condvar\n");
- errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
- if (errorResult) testError("PKIX_PL_Mutex_Unlock failed");
- }
- (void) printf("Consumer exiting...\n");
+static void
+consumer(/* ARGSUSED */ void *arg)
+{
+ PRStatus status = PR_SUCCESS;
+ PKIX_Error *errorResult;
+ int i = 0;
+ for (i = 0; i < 5; i++) {
+ (void)PKIX_PL_Mutex_Lock(mutex, plContext);
+ while (((box1 == 0) ||
+ (box2 == 0) ||
+ (box3 == 0)) &&
+ (status == PR_SUCCESS))
+ status = PR_WaitCondVar(cv, PR_INTERVAL_NO_TIMEOUT);
+
+ (void)printf("\tConsumer got Box1 = %d ", box1);
+ box1 = 0;
+ (void)printf("Box2 = %d ", box2);
+ box2 = 0;
+ (void)printf("Box3 = %d\n", box3);
+ box3 = 0;
+
+ status = PR_NotifyAllCondVar(cv);
+ if (status == PR_FAILURE)
+ (void)printf("Consumer error while notifying condvar\n");
+ errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Unlock failed");
+ }
+ (void)printf("Consumer exiting...\n");
}
-static void producer(void* arg) {
- PRStatus status = PR_SUCCESS;
- int value = *(int*)arg;
- int i = 0;
- int *box;
- PKIX_Error *errorResult;
- if (value == 10) box = &box1;
- else if (value == 20) box = &box2;
- else if (value == 30) box = &box3;
-
- for (i = 0; i < 5; i++) {
- (void) PKIX_PL_Mutex_Lock(mutex, plContext);
- while ((*box != 0) && (status == PR_SUCCESS))
- status = PR_WaitCondVar(cv, PR_INTERVAL_NO_TIMEOUT);
-
- *box = i+1;
- (void) printf
- ("\tProducer %d put value: %d\n", value, *box);
-
- status = PR_NotifyAllCondVar(cv);
- if (status == PR_FAILURE)
- (void) printf
- ("Producer %d error while notifying condvar\n",
- value);
- errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
- if (errorResult) testError("PKIX_PL_Mutex_Unlock failed");
- }
+static void
+producer(void *arg)
+{
+ PRStatus status = PR_SUCCESS;
+ int value = *(int *)arg;
+ int i = 0;
+ int *box;
+ PKIX_Error *errorResult;
+ if (value == 10)
+ box = &box1;
+ else if (value == 20)
+ box = &box2;
+ else if (value == 30)
+ box = &box3;
+
+ for (i = 0; i < 5; i++) {
+ (void)PKIX_PL_Mutex_Lock(mutex, plContext);
+ while ((*box != 0) && (status == PR_SUCCESS))
+ status = PR_WaitCondVar(cv, PR_INTERVAL_NO_TIMEOUT);
+
+ *box = i + 1;
+ (void)printf("\tProducer %d put value: %d\n", value, *box);
+
+ status = PR_NotifyAllCondVar(cv);
+ if (status == PR_FAILURE)
+ (void)printf("Producer %d error while notifying condvar\n",
+ value);
+ errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Unlock failed");
+ }
}
-int test_mutex2(int argc, char *argv[]) {
-
- PRThread *consThread, *prodThread, *prodThread2, *prodThread3;
- int x = 10, y = 20, z = 30;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- PKIX_TEST_STD_VARS();
-
- startTests("Mutex and Threads");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- (void) printf("Attempting to create new mutex...\n");
- subTest("Mutex Creation");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(&mutex, plContext));
-
- cv = PR_NewCondVar(*(PRLock **) mutex);
-
- subTest("Starting consumer thread");
- consThread = PR_CreateThread(PR_USER_THREAD,
- consumer,
- NULL,
- PR_PRIORITY_NORMAL,
- PR_LOCAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
-
- subTest("Starting producer thread 1");
- prodThread = PR_CreateThread(PR_USER_THREAD,
- producer,
- &x,
- PR_PRIORITY_NORMAL,
- PR_LOCAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
-
- subTest("Starting producer thread 2");
- prodThread2 = PR_CreateThread(PR_USER_THREAD,
- producer,
- &y,
- PR_PRIORITY_NORMAL,
- PR_LOCAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
-
- subTest("Starting producer thread 3");
- prodThread3 = PR_CreateThread(PR_USER_THREAD,
- producer,
- &z,
- PR_PRIORITY_NORMAL,
- PR_LOCAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
-
-
- PR_JoinThread(consThread);
-
- (void) PR_DestroyCondVar(cv);
- PKIX_TEST_DECREF_BC(mutex);
-
- /*
+int
+test_mutex2(int argc, char *argv[])
+{
+
+ PRThread *consThread, *prodThread, *prodThread2, *prodThread3;
+ int x = 10, y = 20, z = 30;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Mutex and Threads");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ (void)printf("Attempting to create new mutex...\n");
+ subTest("Mutex Creation");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(&mutex, plContext));
+
+ cv = PR_NewCondVar(*(PRLock **)mutex);
+
+ subTest("Starting consumer thread");
+ consThread = PR_CreateThread(PR_USER_THREAD,
+ consumer,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ subTest("Starting producer thread 1");
+ prodThread = PR_CreateThread(PR_USER_THREAD,
+ producer,
+ &x,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ subTest("Starting producer thread 2");
+ prodThread2 = PR_CreateThread(PR_USER_THREAD,
+ producer,
+ &y,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ subTest("Starting producer thread 3");
+ prodThread3 = PR_CreateThread(PR_USER_THREAD,
+ producer,
+ &z,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ PR_JoinThread(consThread);
+
+ (void)PR_DestroyCondVar(cv);
+ PKIX_TEST_DECREF_BC(mutex);
+
+ /*
* Note: we should also be freeing each thread's stack, but we
* don't have access to the prodThread->stack variable (since
* it is not exported). As a result, we have 120 bytes of memory
* leakage.
*/
- PR_Free(prodThread);
- PR_Free(prodThread2);
- PR_Free(prodThread3);
+ PR_Free(prodThread);
+ PR_Free(prodThread2);
+ PR_Free(prodThread3);
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("Mutex and Threads");
+ endTests("Mutex and Threads");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_mutex3.c b/cmd/libpkix/pkix_pl/system/test_mutex3.c
index 2bcbd4aab..9f42f629b 100644
--- a/cmd/libpkix/pkix_pl/system/test_mutex3.c
+++ b/cmd/libpkix/pkix_pl/system/test_mutex3.c
@@ -14,81 +14,91 @@
static PKIX_PL_Mutex *mutex;
static void *plContext = NULL;
-static void t1(/* ARGSUSED */ void* arg) {
- PKIX_Error *errorResult;
+static void
+t1(/* ARGSUSED */ void *arg)
+{
+ PKIX_Error *errorResult;
- (void) printf("t1 acquiring lock...\n");
- errorResult = PKIX_PL_Mutex_Lock(mutex, plContext);
- if (errorResult) testError("PKIX_PL_Mutex_Lock failed");
+ (void)printf("t1 acquiring lock...\n");
+ errorResult = PKIX_PL_Mutex_Lock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Lock failed");
- (void) printf("t1 sleeplng for 3 seconds\n");
- PR_Sleep(PR_SecondsToInterval(3));
- (void) printf("t1 releasing lock...\n");
+ (void)printf("t1 sleeplng for 3 seconds\n");
+ PR_Sleep(PR_SecondsToInterval(3));
+ (void)printf("t1 releasing lock...\n");
- errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
- if (errorResult) testError("PKIX_PL_Mutex_Unlock failed");
+ errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Unlock failed");
- (void) printf("t1 exiting...\n");
+ (void)printf("t1 exiting...\n");
}
-static void t2(/* ARGSUSED */ void* arg) {
- PKIX_Error *errorResult;
+static void
+t2(/* ARGSUSED */ void *arg)
+{
+ PKIX_Error *errorResult;
- (void) printf("t2 acquiring lock...\n");
- errorResult = PKIX_PL_Mutex_Lock(mutex, plContext);
- if (errorResult) testError("PKIX_PL_Mutex_Lock failed");
+ (void)printf("t2 acquiring lock...\n");
+ errorResult = PKIX_PL_Mutex_Lock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Lock failed");
- (void) printf("t2 releasing lock...\n");
- errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
- if (errorResult) testError("PKIX_PL_Mutex_Unlock failed");
+ (void)printf("t2 releasing lock...\n");
+ errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Unlock failed");
- (void) printf("t2 exiting...\n");
+ (void)printf("t2 exiting...\n");
}
-int test_mutex3(int argc, char *argv[]) {
- PRThread *thread, *thread2;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+int
+test_mutex3(int argc, char *argv[])
+{
+ PRThread *thread, *thread2;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("Mutex and Threads");
+ startTests("Mutex and Threads");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- subTest("Mutex Creation");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(&mutex, plContext));
+ subTest("Mutex Creation");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(&mutex, plContext));
- subTest("Starting thread");
- thread = PR_CreateThread(PR_USER_THREAD,
- t1,
- NULL,
- PR_PRIORITY_NORMAL,
- PR_LOCAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
+ subTest("Starting thread");
+ thread = PR_CreateThread(PR_USER_THREAD,
+ t1,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
- thread2 = PR_CreateThread(PR_USER_THREAD,
- t2,
- NULL,
- PR_PRIORITY_NORMAL,
- PR_LOCAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
+ thread2 = PR_CreateThread(PR_USER_THREAD,
+ t2,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
- PR_JoinThread(thread2);
- PR_JoinThread(thread);
+ PR_JoinThread(thread2);
+ PR_JoinThread(thread);
cleanup:
- PKIX_TEST_DECREF_AC(mutex);
+ PKIX_TEST_DECREF_AC(mutex);
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("Mutex and Threads");
+ endTests("Mutex and Threads");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_object.c b/cmd/libpkix/pkix_pl/system/test_object.c
index d94477957..ebb691ba6 100644
--- a/cmd/libpkix/pkix_pl/system/test_object.c
+++ b/cmd/libpkix/pkix_pl/system/test_object.c
@@ -15,275 +15,267 @@ static void *plContext = NULL;
static PKIX_Error *
destructor(
- /* ARGSUSED */ PKIX_PL_Object *object,
- /* ARGSUSED */ void *plContext)
+ /* ARGSUSED */ PKIX_PL_Object *object,
+ /* ARGSUSED */ void *plContext)
{
- (void) printf("\tUser defined destructor called\n");
- return (NULL);
+ (void)printf("\tUser defined destructor called\n");
+ return (NULL);
}
-static PKIX_Error*
+static PKIX_Error *
toStringCallback(
- PKIX_PL_Object *obj,
- PKIX_PL_String **pString,
- /* ARGSUSED */ void* plContext) {
-
- PKIX_Error *errorResult;
- PKIX_UInt32 type;
- char *format = "(addr: %x, type: %d)";
- PKIX_PL_String *formatString = NULL;
-
- errorResult = PKIX_PL_String_Create(
- PKIX_ESCASCII,
- format,
- PL_strlen(format),
- &formatString,
- plContext);
- if (errorResult) testError("PKIX_PL_String_Create failed");
+ PKIX_PL_Object *obj,
+ PKIX_PL_String **pString,
+ /* ARGSUSED */ void *plContext)
+{
+
+ PKIX_Error *errorResult;
+ PKIX_UInt32 type;
+ char *format = "(addr: %x, type: %d)";
+ PKIX_PL_String *formatString = NULL;
- if (pString == plContext)
- testError("Null String");
+ errorResult = PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ format,
+ PL_strlen(format),
+ &formatString,
+ plContext);
+ if (errorResult)
+ testError("PKIX_PL_String_Create failed");
- type = (unsigned int)0;
+ if (pString == plContext)
+ testError("Null String");
- (void) PKIX_PL_Object_GetType(obj, &type, plContext);
+ type = (unsigned int)0;
- errorResult = PKIX_PL_Sprintf(pString, plContext,
- formatString,
- (int)obj, type);
- if (errorResult) testError("PKIX_PL_Sprintf failed");
+ (void)PKIX_PL_Object_GetType(obj, &type, plContext);
+ errorResult = PKIX_PL_Sprintf(pString, plContext,
+ formatString,
+ (int)obj, type);
+ if (errorResult)
+ testError("PKIX_PL_Sprintf failed");
- errorResult = PKIX_PL_Object_DecRef((PKIX_PL_Object*)formatString,
+ errorResult = PKIX_PL_Object_DecRef((PKIX_PL_Object *)formatString,
plContext);
- if (errorResult) testError("PKIX_PL_Object_DecRef failed");
+ if (errorResult)
+ testError("PKIX_PL_Object_DecRef failed");
- return (NULL);
+ return (NULL);
}
static PKIX_Error *
comparator(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Int32 *pValue,
- /* ARGSUSED */ void *plContext)
+ PKIX_PL_Object *first,
+ PKIX_PL_Object *second,
+ PKIX_Int32 *pValue,
+ /* ARGSUSED */ void *plContext)
{
- if (*(char *)first > *(char *)second)
- *pValue = 1;
- else if (*(char *)first < *(char *)second)
- *pValue = -1;
- else
- *pValue = 0;
- return (NULL);
+ if (*(char *)first > *(char *)second)
+ *pValue = 1;
+ else if (*(char *)first < *(char *)second)
+ *pValue = -1;
+ else
+ *pValue = 0;
+ return (NULL);
}
-
static PKIX_Error *
hashcodeCallback(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pValue,
- /* ARGSUSED */ void *plContext)
+ PKIX_PL_Object *object,
+ PKIX_UInt32 *pValue,
+ /* ARGSUSED */ void *plContext)
{
- *pValue = 123456789;
- return (NULL);
+ *pValue = 123456789;
+ return (NULL);
}
-static PKIX_Error*
+static PKIX_Error *
equalsCallback(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *result,
- void* plContext) {
+ PKIX_PL_Object *first,
+ PKIX_PL_Object *second,
+ PKIX_Boolean *result,
+ void *plContext)
+{
- PKIX_UInt32 firstType = 0, secondType = 0;
+ PKIX_UInt32 firstType = 0, secondType = 0;
- if ((first == plContext)||(second == plContext))
- testError("Null Object");
+ if ((first == plContext) || (second == plContext))
+ testError("Null Object");
- (void) PKIX_PL_Object_GetType(first, &firstType, plContext);
+ (void)PKIX_PL_Object_GetType(first, &firstType, plContext);
- (void) PKIX_PL_Object_GetType(second, &secondType, plContext);
+ (void)PKIX_PL_Object_GetType(second, &secondType, plContext);
- *result = (firstType == secondType)?PKIX_TRUE:PKIX_FALSE;
+ *result = (firstType == secondType) ? PKIX_TRUE : PKIX_FALSE;
- return (NULL);
+ return (NULL);
}
static void
createObjects(
- PKIX_PL_Object **obj,
- PKIX_PL_Object **obj2,
- PKIX_PL_Object **obj3,
- PKIX_PL_Object **obj4)
+ PKIX_PL_Object **obj,
+ PKIX_PL_Object **obj2,
+ PKIX_PL_Object **obj3,
+ PKIX_PL_Object **obj4)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
#ifdef PKIX_USER_OBJECT_TYPE
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType
- (1000, /* type */
- "thousand", /* description */
- NULL, /* destructor */
- NULL, /* equals */
- (PKIX_PL_HashcodeCallback)hashcodeCallback,
- NULL, /* toString */
- NULL, /* Comparator */
- NULL,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc
- (1000, /* type */
- 12, /* size */
- obj,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType
- (2000, /* type */
- "two thousand" /* description */,
- (PKIX_PL_DestructorCallback)destructor,
- (PKIX_PL_EqualsCallback)equalsCallback,
- NULL, /* hashcode */
- (PKIX_PL_ToStringCallback)toStringCallback,
- (PKIX_PL_ComparatorCallback)comparator,
- NULL,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc
- (2000, /* type */
- 1, /* size */
- obj2,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc
- (2000, /* type */
- 1, /* size */
- obj4,
- plContext));
-
- *obj3 = *obj;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef(*obj3, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType(1000, /* type */
+ "thousand", /* description */
+ NULL, /* destructor */
+ NULL, /* equals */
+ (PKIX_PL_HashcodeCallback)hashcodeCallback,
+ NULL, /* toString */
+ NULL, /* Comparator */
+ NULL,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(1000, /* type */
+ 12, /* size */
+ obj,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType(2000, /* type */
+ "two thousand" /* description */,
+ (PKIX_PL_DestructorCallback)destructor,
+ (PKIX_PL_EqualsCallback)equalsCallback,
+ NULL, /* hashcode */
+ (PKIX_PL_ToStringCallback)toStringCallback,
+ (PKIX_PL_ComparatorCallback)comparator,
+ NULL,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(2000, /* type */
+ 1, /* size */
+ obj2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(2000, /* type */
+ 1, /* size */
+ obj4,
+ plContext));
+
+ *obj3 = *obj;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef(*obj3, plContext));
cleanup:
#endif /* PKIX_USER_OBJECT_TYPE */
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-
static void
testGetType(
- PKIX_PL_Object *obj,
- PKIX_PL_Object *obj2,
- PKIX_PL_Object *obj3)
+ PKIX_PL_Object *obj,
+ PKIX_PL_Object *obj2,
+ PKIX_PL_Object *obj3)
{
- PKIX_UInt32 testType;
+ PKIX_UInt32 testType;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_GetType(obj, &testType, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj, &testType, plContext));
- if (testType != 1000)
- testError("Object 1 returned the wrong type");
+ if (testType != 1000)
+ testError("Object 1 returned the wrong type");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_GetType(obj2, &testType, plContext));
- if (testType != 2000)
- testError("Object 2 returned the wrong type");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj2, &testType, plContext));
+ if (testType != 2000)
+ testError("Object 2 returned the wrong type");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_GetType(obj3, &testType, plContext));
- if (testType != 1000)
- testError("Object 3 returned the wrong type");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj3, &testType, plContext));
+ if (testType != 1000)
+ testError("Object 3 returned the wrong type");
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testCompare(
- PKIX_PL_Object *obj2,
- PKIX_PL_Object *obj4)
+ PKIX_PL_Object *obj2,
+ PKIX_PL_Object *obj4)
{
- PKIX_Int32 cmpResult;
- PKIX_TEST_STD_VARS();
-
- *(char *)obj2 = 0x20;
- *(char *)obj4 = 0x10;
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Compare(obj2, obj4, &cmpResult, plContext));
- if (cmpResult <= 0) testError("Invalid Result from Object Compare");
+ PKIX_Int32 cmpResult;
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Compare(obj4, obj2, &cmpResult, plContext));
- if (cmpResult >= 0) testError("Invalid Result from Object Compare");
+ *(char *)obj2 = 0x20;
+ *(char *)obj4 = 0x10;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj2, obj4, &cmpResult, plContext));
+ if (cmpResult <= 0)
+ testError("Invalid Result from Object Compare");
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Compare(obj4, obj4, &cmpResult, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj4, obj2, &cmpResult, plContext));
+ if (cmpResult >= 0)
+ testError("Invalid Result from Object Compare");
- *(char *)obj2 = 0x10;
- if (cmpResult != 0) testError("Invalid Result from Object Compare");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj4, obj4, &cmpResult, plContext));
+ *(char *)obj2 = 0x10;
+ if (cmpResult != 0)
+ testError("Invalid Result from Object Compare");
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-
static void
testDestroy(
- PKIX_PL_Object *obj,
- PKIX_PL_Object *obj2,
- PKIX_PL_Object *obj3,
- PKIX_PL_Object *obj4)
+ PKIX_PL_Object *obj,
+ PKIX_PL_Object *obj2,
+ PKIX_PL_Object *obj3,
+ PKIX_PL_Object *obj4)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(obj);
- PKIX_TEST_DECREF_BC(obj2);
- PKIX_TEST_DECREF_BC(obj3);
- PKIX_TEST_DECREF_BC(obj4);
+ PKIX_TEST_DECREF_BC(obj);
+ PKIX_TEST_DECREF_BC(obj2);
+ PKIX_TEST_DECREF_BC(obj3);
+ PKIX_TEST_DECREF_BC(obj4);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_object(int argc, char *argv[]) {
+int
+test_object(int argc, char *argv[])
+{
#ifdef PKIX_USER_OBJECT_TYPE
- PKIX_PL_Object *obj, *obj2, *obj3, *obj4;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- PKIX_TEST_STD_VARS();
+ PKIX_PL_Object *obj, *obj2, *obj3, *obj4;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- startTests("Objects");
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ startTests("Objects");
- subTest("PKIX_PL_Object_Create");
- createObjects(&obj, &obj2, &obj3, &obj4);
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- PKIX_TEST_EQ_HASH_TOSTR_DUP(obj, obj3, obj2, NULL, Object, PKIX_FALSE);
+ subTest("PKIX_PL_Object_Create");
+ createObjects(&obj, &obj2, &obj3, &obj4);
- subTest("PKIX_PL_Object_GetType");
- testGetType(obj, obj2, obj3);
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(obj, obj3, obj2, NULL, Object, PKIX_FALSE);
- subTest("PKIX_PL_Object_Compare");
- testCompare(obj2, obj4);
+ subTest("PKIX_PL_Object_GetType");
+ testGetType(obj, obj2, obj3);
- subTest("PKIX_PL_Object_Destroy");
- testDestroy(obj, obj2, obj3, obj4);
+ subTest("PKIX_PL_Object_Compare");
+ testCompare(obj2, obj4);
+ subTest("PKIX_PL_Object_Destroy");
+ testDestroy(obj, obj2, obj3, obj4);
cleanup:
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- endTests("Objects");
+ endTests("Objects");
#endif /* PKIX_USER_OBJECT_TYPE */
- return (0);
-
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_oid.c b/cmd/libpkix/pkix_pl/system/test_oid.c
index 55d95f268..09cddaeea 100644
--- a/cmd/libpkix/pkix_pl/system/test_oid.c
+++ b/cmd/libpkix/pkix_pl/system/test_oid.c
@@ -15,199 +15,198 @@ static void *plContext = NULL;
static void
createOID(
- PKIX_PL_OID **testOID,
- char *oidAscii,
- PKIX_Boolean errorHandling)
+ PKIX_PL_OID **testOID,
+ char *oidAscii,
+ PKIX_Boolean errorHandling)
{
- PKIX_TEST_STD_VARS();
-
- if (errorHandling){
- PKIX_TEST_EXPECT_ERROR
- (PKIX_PL_OID_Create(oidAscii, testOID, plContext));
- } else {
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_OID_Create(oidAscii, testOID, plContext));
- }
+ PKIX_TEST_STD_VARS();
+ if (errorHandling) {
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_OID_Create(oidAscii, testOID, plContext));
+ } else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(oidAscii, testOID, plContext));
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testToString(
- PKIX_PL_OID *oid,
- char *expAscii)
+ PKIX_PL_OID *oid,
+ char *expAscii)
{
- PKIX_PL_String *oidString = NULL;
- char *temp = NULL;
+ PKIX_PL_String *oidString = NULL;
+ char *temp = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)oid,
- &oidString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)oid,
+ &oidString, plContext));
- temp = PKIX_String2ASCII(oidString, plContext);
- if (temp == NULL){
- testError("PKIX_String2Ascii failed");
- goto cleanup;
- }
+ temp = PKIX_String2ASCII(oidString, plContext);
+ if (temp == NULL) {
+ testError("PKIX_String2Ascii failed");
+ goto cleanup;
+ }
- if (PL_strcmp(temp, expAscii) != 0) {
- (void) printf("\tOid ToString: %s %s\n", temp, expAscii);
- testError("Output string does not match source");
- }
+ if (PL_strcmp(temp, expAscii) != 0) {
+ (void)printf("\tOid ToString: %s %s\n", temp, expAscii);
+ testError("Output string does not match source");
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(oidString);
+ PKIX_TEST_DECREF_AC(oidString);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testCompare(
- PKIX_PL_OID *oid0,
- PKIX_PL_OID *oid1,
- PKIX_PL_OID *oid2,
- PKIX_PL_OID *oid3)
+ PKIX_PL_OID *oid0,
+ PKIX_PL_OID *oid1,
+ PKIX_PL_OID *oid2,
+ PKIX_PL_OID *oid3)
{
- PKIX_Int32 cmpResult;
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object*)oid0,
- (PKIX_PL_Object*)oid1,
- &cmpResult, plContext));
- if (cmpResult <= 0) testError("Invalid Result from OID Compare");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object*)oid1,
- (PKIX_PL_Object*)oid0,
- &cmpResult, plContext));
- if (cmpResult >= 0) testError("Invalid Result from OID Compare");
-
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object*)oid1,
- (PKIX_PL_Object*)oid2,
- &cmpResult, plContext));
- if (cmpResult >= 0) testError("Invalid Result from OID Compare");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object*)oid2,
- (PKIX_PL_Object*)oid1,
- &cmpResult, plContext));
- if (cmpResult <= 0) testError("Invalid Result from OID Compare");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object*)oid1,
- (PKIX_PL_Object*)oid3,
- &cmpResult, plContext));
- if (cmpResult != 0) testError("Invalid Result from OID Compare");
+ PKIX_Int32 cmpResult;
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid0,
+ (PKIX_PL_Object *)oid1,
+ &cmpResult, plContext));
+ if (cmpResult <= 0)
+ testError("Invalid Result from OID Compare");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1,
+ (PKIX_PL_Object *)oid0,
+ &cmpResult, plContext));
+ if (cmpResult >= 0)
+ testError("Invalid Result from OID Compare");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1,
+ (PKIX_PL_Object *)oid2,
+ &cmpResult, plContext));
+ if (cmpResult >= 0)
+ testError("Invalid Result from OID Compare");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid2,
+ (PKIX_PL_Object *)oid1,
+ &cmpResult, plContext));
+ if (cmpResult <= 0)
+ testError("Invalid Result from OID Compare");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1,
+ (PKIX_PL_Object *)oid3,
+ &cmpResult, plContext));
+ if (cmpResult != 0)
+ testError("Invalid Result from OID Compare");
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testDestroy(
- PKIX_PL_OID *oid)
+ PKIX_PL_OID *oid)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(oid);
+ PKIX_TEST_DECREF_BC(oid);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
+int
+test_oid(int argc, char *argv[])
+{
-int test_oid(int argc, char *argv[]) {
-
- PKIX_PL_OID *testOID[6] = {NULL};
- PKIX_PL_OID *badTestOID = NULL;
- PKIX_UInt32 i, size = 6;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- char* validOID[6] = {
- "2.11.22222.33333",
- "1.2.3.004.5.6.7",
- "2.11.22222.33333",
- "1.2.3.4.5.6.7",
- "1.2.3",
- "2.39.3"
- };
-
- char* expected[6] = {
- "2.11.22222.33333",
- "1.2.3.4.5.6.7",
- "2.11.22222.33333",
- "1.2.3.4.5.6.7",
- "1.2.3",
- "2.39.3"
- };
-
- char *badOID[11] = {
- "1.2.4294967299",
- "this. is. a. bad. oid",
- "00a1000.002b",
- "100.-5.10",
- "1.2..3",
- ".1.2.3",
- "1.2.3.",
- "00010.1.2.3",
- "1.000041.2.3",
- "000000000000000000000000000000000000000010.3.2",
- "1"
- };
-
- PKIX_TEST_STD_VARS();
-
- startTests("OIDs");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- for (i = 0; i < size; i++) {
- subTest("PKIX_PL_OID_Create");
- createOID(&testOID[i], validOID[i], PKIX_FALSE);
- }
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (testOID[0],
- testOID[2],
- testOID[1],
- NULL,
- OID,
- PKIX_FALSE);
-
- for (i = 0; i < size; i++) {
- subTest("PKIX_PL_OID_ToString");
- testToString(testOID[i], expected[i]);
- }
-
- subTest("PKIX_PL_OID_Compare");
- testCompare(testOID[0], testOID[1], testOID[2], testOID[3]);
-
- for (i = 0; i < size; i++) {
- subTest("PKIX_PL_OID_Destroy");
- testDestroy(testOID[i]);
- }
-
- for (i = 0; i < 11; i++) {
- subTest("PKIX_PL_OID Error Handling");
- createOID(&badTestOID, badOID[i], PKIX_TRUE);
- }
+ PKIX_PL_OID *testOID[6] = { NULL };
+ PKIX_PL_OID *badTestOID = NULL;
+ PKIX_UInt32 i, size = 6;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ char *validOID[6] = {
+ "2.11.22222.33333",
+ "1.2.3.004.5.6.7",
+ "2.11.22222.33333",
+ "1.2.3.4.5.6.7",
+ "1.2.3",
+ "2.39.3"
+ };
+
+ char *expected[6] = {
+ "2.11.22222.33333",
+ "1.2.3.4.5.6.7",
+ "2.11.22222.33333",
+ "1.2.3.4.5.6.7",
+ "1.2.3",
+ "2.39.3"
+ };
+
+ char *badOID[11] = {
+ "1.2.4294967299",
+ "this. is. a. bad. oid",
+ "00a1000.002b",
+ "100.-5.10",
+ "1.2..3",
+ ".1.2.3",
+ "1.2.3.",
+ "00010.1.2.3",
+ "1.000041.2.3",
+ "000000000000000000000000000000000000000010.3.2",
+ "1"
+ };
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("OIDs");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_OID_Create");
+ createOID(&testOID[i], validOID[i], PKIX_FALSE);
+ }
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(testOID[0],
+ testOID[2],
+ testOID[1],
+ NULL,
+ OID,
+ PKIX_FALSE);
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_OID_ToString");
+ testToString(testOID[i], expected[i]);
+ }
+
+ subTest("PKIX_PL_OID_Compare");
+ testCompare(testOID[0], testOID[1], testOID[2], testOID[3]);
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_OID_Destroy");
+ testDestroy(testOID[i]);
+ }
+
+ for (i = 0; i < 11; i++) {
+ subTest("PKIX_PL_OID Error Handling");
+ createOID(&badTestOID, badOID[i], PKIX_TRUE);
+ }
cleanup:
- PKIX_Shutdown(plContext);
-
- endTests("OIDs");
+ PKIX_Shutdown(plContext);
- return (0);
+ endTests("OIDs");
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_rwlock.c b/cmd/libpkix/pkix_pl/system/test_rwlock.c
index fe62dd462..9c09d6479 100644
--- a/cmd/libpkix/pkix_pl/system/test_rwlock.c
+++ b/cmd/libpkix/pkix_pl/system/test_rwlock.c
@@ -13,182 +13,192 @@ static PKIX_PL_RWLock *rwlock = NULL, *rwlock2 = NULL, *rwlock3 = NULL;
static PRThread *thread = NULL, *thread2 = NULL, *thread3 = NULL;
static void *plContext = NULL;
-static void reader(void) {
- PKIX_Error *errorResult;
-
- errorResult = PKIX_PL_AcquireReaderLock(rwlock, NULL);
- if (errorResult) testError("PKIX_PL_AcquireReaderLock failed");
-
- (void) printf("\t[Thread #1 Read Lock #1.]\n");
- (void) printf("\t[Thread #1 Sleeplng for 1 seconds.]\n");
- PR_Sleep(PR_SecondsToInterval(1));
- PKIX_PL_ReleaseReaderLock(rwlock, NULL);
- if (errorResult) testError("PKIX_PL_ReleaseReaderLock failed");
- (void) printf("\t[Thread #1 Read UNLock #1.]\n");
+static void
+reader(void)
+{
+ PKIX_Error *errorResult;
+
+ errorResult = PKIX_PL_AcquireReaderLock(rwlock, NULL);
+ if (errorResult)
+ testError("PKIX_PL_AcquireReaderLock failed");
+
+ (void)printf("\t[Thread #1 Read Lock #1.]\n");
+ (void)printf("\t[Thread #1 Sleeplng for 1 seconds.]\n");
+ PR_Sleep(PR_SecondsToInterval(1));
+ PKIX_PL_ReleaseReaderLock(rwlock, NULL);
+ if (errorResult)
+ testError("PKIX_PL_ReleaseReaderLock failed");
+ (void)printf("\t[Thread #1 Read UNLock #1.]\n");
}
+static void
+writer(void)
+{
+ PKIX_Error *errorResult;
+ /* This thread should stick here until lock 1 is released */
+ PKIX_PL_AcquireWriterLock(rwlock, NULL);
+ if (errorResult)
+ testError("PKIX_PL_AcquireWriterLock failed");
-static void writer(void) {
- PKIX_Error *errorResult;
- /* This thread should stick here until lock 1 is released */
- PKIX_PL_AcquireWriterLock(rwlock, NULL);
- if (errorResult) testError("PKIX_PL_AcquireWriterLock failed");
+ (void)printf("\t[Thread #2 Write Lock #1.]\n");
- (void) printf("\t[Thread #2 Write Lock #1.]\n");
+ PKIX_PL_AcquireWriterLock(rwlock2, NULL);
+ if (errorResult)
+ testError("PKIX_PL_AcquireWriterLock failed");
+ (void)printf("\t[Thread #2 Write Lock #2.]\n");
- PKIX_PL_AcquireWriterLock(rwlock2, NULL);
- if (errorResult) testError("PKIX_PL_AcquireWriterLock failed");
- (void) printf("\t[Thread #2 Write Lock #2.]\n");
+ (void)printf("\t[Thread #2 Sleeplng for 1 seconds.]\n");
+ PR_Sleep(PR_SecondsToInterval(1));
- (void) printf("\t[Thread #2 Sleeplng for 1 seconds.]\n");
- PR_Sleep(PR_SecondsToInterval(1));
+ PKIX_PL_ReleaseWriterLock(rwlock2, NULL);
+ if (errorResult)
+ testError("PKIX_PL_ReleaseWriterLock failed");
+ (void)printf("\t[Thread #2 Write UNLock #2.]\n");
- PKIX_PL_ReleaseWriterLock(rwlock2, NULL);
- if (errorResult) testError("PKIX_PL_ReleaseWriterLock failed");
- (void) printf("\t[Thread #2 Write UNLock #2.]\n");
+ (void)printf("\t[Thread #2 Sleeplng for 1 seconds.]\n");
+ PR_Sleep(PR_SecondsToInterval(1));
- (void) printf("\t[Thread #2 Sleeplng for 1 seconds.]\n");
- PR_Sleep(PR_SecondsToInterval(1));
+ PKIX_PL_ReleaseWriterLock(rwlock, NULL);
+ if (errorResult)
+ testError("PKIX_PL_ReleaseWriterLock failed");
+ (void)printf("\t[Thread #2 Write UNLock #1.]\n");
- PKIX_PL_ReleaseWriterLock(rwlock, NULL);
- if (errorResult) testError("PKIX_PL_ReleaseWriterLock failed");
- (void) printf("\t[Thread #2 Write UNLock #1.]\n");
-
- PR_JoinThread(thread3);
+ PR_JoinThread(thread3);
}
-static void reader2(void) {
- PKIX_Error *errorResult;
- /* Reader 2 should yield here until the writer is done */
+static void
+reader2(void)
+{
+ PKIX_Error *errorResult;
+ /* Reader 2 should yield here until the writer is done */
- PKIX_PL_AcquireReaderLock(rwlock2, NULL);
- if (errorResult) testError("PKIX_PL_AcquireReaderLock failed");
+ PKIX_PL_AcquireReaderLock(rwlock2, NULL);
+ if (errorResult)
+ testError("PKIX_PL_AcquireReaderLock failed");
- (void) printf("\t[Thread #3 Read Lock #2.]\n");
+ (void)printf("\t[Thread #3 Read Lock #2.]\n");
- PKIX_PL_AcquireReaderLock(rwlock3, NULL);
- if (errorResult) testError("PKIX_PL_AcquireReaderLock failed");
- (void) printf("\t[Thread #3 Read Lock #3.]\n");
+ PKIX_PL_AcquireReaderLock(rwlock3, NULL);
+ if (errorResult)
+ testError("PKIX_PL_AcquireReaderLock failed");
+ (void)printf("\t[Thread #3 Read Lock #3.]\n");
- (void) printf("\t[Thread #3 Sleeplng for 1 seconds.]\n");
- PR_Sleep(PR_SecondsToInterval(1));
+ (void)printf("\t[Thread #3 Sleeplng for 1 seconds.]\n");
+ PR_Sleep(PR_SecondsToInterval(1));
- PKIX_PL_ReleaseReaderLock(rwlock3, NULL);
- if (errorResult) testError("PKIX_PL_ReleaseReaderLock failed");
- (void) printf("\t[Thread #3 Read UNLock #3.]\n");
+ PKIX_PL_ReleaseReaderLock(rwlock3, NULL);
+ if (errorResult)
+ testError("PKIX_PL_ReleaseReaderLock failed");
+ (void)printf("\t[Thread #3 Read UNLock #3.]\n");
- (void) printf("\t[Thread #3 Sleeplng for 1 seconds.]\n");
- PR_Sleep(PR_SecondsToInterval(1));
+ (void)printf("\t[Thread #3 Sleeplng for 1 seconds.]\n");
+ PR_Sleep(PR_SecondsToInterval(1));
- PKIX_PL_ReleaseReaderLock(rwlock2, NULL);
- if (errorResult) testError("PKIX_PL_ReleaseReaderLock failed");
- (void) printf("\t[Thread #3 Read UNLock #2.]\n");
+ PKIX_PL_ReleaseReaderLock(rwlock2, NULL);
+ if (errorResult)
+ testError("PKIX_PL_ReleaseReaderLock failed");
+ (void)printf("\t[Thread #3 Read UNLock #2.]\n");
}
+int
+test_rwlock()
+{
+ PKIX_PL_String *outputString = NULL;
+ PKIX_UInt32 j = 0;
+ PKIX_Boolean bool;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_TEST_STD_VARS();
+ startTests("RWLocks");
-int test_rwlock() {
- PKIX_PL_String* outputString = NULL;
- PKIX_UInt32 j = 0;
- PKIX_Boolean bool;
- PKIX_UInt32 actualMinorVersion;
-
- PKIX_TEST_STD_VARS();
- startTests("RWLocks");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- (void) printf("Attempting to create new rwlock...\n");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock2, plContext));
+ (void)printf("Attempting to create new rwlock...\n");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock3, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock, plContext));
- /* Test toString functionality */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)rwlock, &outputString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock2, plContext));
- (void) printf("Testing RWLock toString: %s\n",
- PKIX_String2ASCII(outputString));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock3, plContext));
- PKIX_TEST_DECREF_BC(outputString);
+ /* Test toString functionality */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)rwlock, &outputString, plContext));
- /* Call Equals on two different objects */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- ((PKIX_PL_Object*)rwlock,
- (PKIX_PL_Object*)rwlock2,
- &bool,
- plContext));
+ (void)printf("Testing RWLock toString: %s\n",
+ PKIX_String2ASCII(outputString));
- (void) printf("Testing RWLock Equals: %d (should be 0)\n", bool);
+ PKIX_TEST_DECREF_BC(outputString);
- if (bool != 0)
- testError("Error in RWLock_Equals");
+ /* Call Equals on two different objects */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)rwlock,
+ (PKIX_PL_Object *)rwlock2,
+ &bool,
+ plContext));
- /* Call Equals on two equal objects */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object*)rwlock,
- (PKIX_PL_Object*)rwlock, &bool, plContext));
+ (void)printf("Testing RWLock Equals: %d (should be 0)\n", bool);
- (void) printf("Testing RWLock Equals: %d (should be 1)\n", bool);
- if (bool != 1)
- testError("Error in RWLock_Equals");
+ if (bool != 0)
+ testError("Error in RWLock_Equals");
- subTest("Multi-Thread Read/Write Lock Testing");
+ /* Call Equals on two equal objects */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)rwlock,
+ (PKIX_PL_Object *)rwlock, &bool, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_AcquireReaderLock(rwlock, plContext));
- (void) printf("\t[Main Thread Read Lock #1.]\n");
+ (void)printf("Testing RWLock Equals: %d (should be 1)\n", bool);
+ if (bool != 1)
+ testError("Error in RWLock_Equals");
- thread = PR_CreateThread(PR_USER_THREAD,
- reader,
- NULL,
- PR_PRIORITY_NORMAL,
- PR_LOCAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
+ subTest("Multi-Thread Read/Write Lock Testing");
- thread2 = PR_CreateThread(PR_USER_THREAD,
- writer,
- NULL,
- PR_PRIORITY_NORMAL,
- PR_LOCAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_AcquireReaderLock(rwlock, plContext));
+ (void)printf("\t[Main Thread Read Lock #1.]\n");
- thread3 = PR_CreateThread(PR_USER_THREAD,
- reader2,
- NULL,
- PR_PRIORITY_NORMAL,
- PR_LOCAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
+ thread = PR_CreateThread(PR_USER_THREAD,
+ reader,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
- PR_JoinThread(thread);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ReleaseReaderLock
- (rwlock, plContext));
- (void) printf("\t[Main Thread Read Unlock #1.]\n");
+ thread2 = PR_CreateThread(PR_USER_THREAD,
+ writer,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
- PR_JoinThread(thread2);
+ thread3 = PR_CreateThread(PR_USER_THREAD,
+ reader2,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+ PR_JoinThread(thread);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ReleaseReaderLock(rwlock, plContext));
+ (void)printf("\t[Main Thread Read Unlock #1.]\n");
+ PR_JoinThread(thread2);
cleanup:
- /* Test destructor */
- subTest("Testing destructor...");
- PKIX_TEST_DECREF_AC(rwlock);
- PKIX_TEST_DECREF_AC(rwlock2);
- PKIX_TEST_DECREF_AC(rwlock3);
+ /* Test destructor */
+ subTest("Testing destructor...");
+ PKIX_TEST_DECREF_AC(rwlock);
+ PKIX_TEST_DECREF_AC(rwlock2);
+ PKIX_TEST_DECREF_AC(rwlock3);
- pkixTestTempResult = PKIX_Shutdown(plContext);
- if (pkixTestTempResult) pkixTestErrorResult = pkixTestTempResult;
+ pkixTestTempResult = PKIX_Shutdown(plContext);
+ if (pkixTestTempResult)
+ pkixTestErrorResult = pkixTestTempResult;
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("RWLocks");
+ endTests("RWLocks");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_string.c b/cmd/libpkix/pkix_pl/system/test_string.c
index de80ed0f7..9b84f94d9 100644
--- a/cmd/libpkix/pkix_pl/system/test_string.c
+++ b/cmd/libpkix/pkix_pl/system/test_string.c
@@ -15,432 +15,420 @@ static void *plContext = NULL;
static void
createString(
- PKIX_PL_String **testString,
- PKIX_UInt32 format,
- char *stringAscii,
- PKIX_UInt32 length)
+ PKIX_PL_String **testString,
+ PKIX_UInt32 format,
+ char *stringAscii,
+ PKIX_UInt32 length)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_String_Create
- (format, stringAscii, length, testString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(format, stringAscii, length, testString, plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
createStringOther(
- PKIX_PL_String **testEscAscii,
- PKIX_PL_String **testUtf16,
- PKIX_PL_String **ampString,
- PKIX_PL_String **testDebugAscii,
- PKIX_PL_String **testNullString,
- PKIX_UInt32 *utf16data)
+ PKIX_PL_String **testEscAscii,
+ PKIX_PL_String **testUtf16,
+ PKIX_PL_String **ampString,
+ PKIX_PL_String **testDebugAscii,
+ PKIX_PL_String **testNullString,
+ PKIX_UInt32 *utf16data)
{
- char *nullText = "Hi&#x0000; there!";
+ char *nullText = "Hi&#x0000; there!";
- char *escAsciiString =
- "&#x00A1;&#x00010000;&#x0FFF;&#x00100001;";
+ char *escAsciiString =
+ "&#x00A1;&#x00010000;&#x0FFF;&#x00100001;";
- char *debugAsciiString =
- "string with&#x000A;newlines and&#x0009;tabs";
+ char *debugAsciiString =
+ "string with&#x000A;newlines and&#x0009;tabs";
- char * utfAmp = "\x00&";
+ char *utfAmp = "\x00&";
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- createString(testEscAscii,
- PKIX_ESCASCII,
- escAsciiString,
- PL_strlen(escAsciiString));
+ createString(testEscAscii,
+ PKIX_ESCASCII,
+ escAsciiString,
+ PL_strlen(escAsciiString));
- createString(testUtf16, PKIX_UTF16, (char *)utf16data, 12);
+ createString(testUtf16, PKIX_UTF16, (char *)utf16data, 12);
- createString(ampString, PKIX_UTF16, utfAmp, 2);
+ createString(ampString, PKIX_UTF16, utfAmp, 2);
- createString(testDebugAscii,
- PKIX_ESCASCII_DEBUG,
- debugAsciiString,
- PL_strlen(debugAsciiString));
+ createString(testDebugAscii,
+ PKIX_ESCASCII_DEBUG,
+ debugAsciiString,
+ PL_strlen(debugAsciiString));
- createString(testNullString,
- PKIX_ESCASCII_DEBUG,
- nullText,
- PL_strlen(nullText));
+ createString(testNullString,
+ PKIX_ESCASCII_DEBUG,
+ nullText,
+ PL_strlen(nullText));
- goto cleanup;
+ goto cleanup;
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testGetEncoded(
- PKIX_PL_String *testEscAscii,
- PKIX_PL_String *testString0,
- PKIX_PL_String *testDebugAscii,
- PKIX_PL_String *testNullString,
- PKIX_UInt32 *utf16data)
+ PKIX_PL_String *testEscAscii,
+ PKIX_PL_String *testString0,
+ PKIX_PL_String *testDebugAscii,
+ PKIX_PL_String *testNullString,
+ PKIX_UInt32 *utf16data)
{
- char *temp = NULL;
- void *dest = NULL;
- void *dest2 = NULL;
- char *plainText = "string with\nnewlines and\ttabs";
- PKIX_UInt32 length, length2, i;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testEscAscii,
- PKIX_UTF16,
- &dest,
- &length,
- plContext));
- for (i = 0; i < length; i++) {
- if (((char*)dest)[i] != ((char*)utf16data)[i]) {
- testError("UTF-16 Data Differs from Source");
- printf("%d-th char is different -%c-%c-\n", i,
- ((char*)dest)[i], ((char*)utf16data)[i]);
- }
+ char *temp = NULL;
+ void *dest = NULL;
+ void *dest2 = NULL;
+ char *plainText = "string with\nnewlines and\ttabs";
+ PKIX_UInt32 length, length2, i;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testEscAscii,
+ PKIX_UTF16,
+ &dest,
+ &length,
+ plContext));
+ for (i = 0; i < length; i++) {
+ if (((char *)dest)[i] != ((char *)utf16data)[i]) {
+ testError("UTF-16 Data Differs from Source");
+ printf("%d-th char is different -%c-%c-\n", i,
+ ((char *)dest)[i], ((char *)utf16data)[i]);
}
-
- length = 0;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testNullString,
- PKIX_UTF16,
- &dest,
- &length,
- plContext));
-
- length = 0;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testString0,
- PKIX_ESCASCII_DEBUG,
- &dest,
- &length,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testDebugAscii,
- PKIX_ESCASCII_DEBUG,
- &dest2,
- &length2,
- plContext));
-
- for (i = 0; (i < length) && (i < length2); i++)
- if (((char*)dest)[i] != ((char*)dest2)[i]) {
- testError("Equivalent strings are unequal");
- break;
- }
-
- length = 0;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
- length2 = 0;
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest2, plContext));
-
- temp = PKIX_String2ASCII(testDebugAscii, plContext);
- if (temp){
- if (PL_strcmp(plainText, temp) != 0)
- testError("Debugged ASCII does not match "
- "equivalent EscAscii");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+
+ length = 0;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testNullString,
+ PKIX_UTF16,
+ &dest,
+ &length,
+ plContext));
+
+ length = 0;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testString0,
+ PKIX_ESCASCII_DEBUG,
+ &dest,
+ &length,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testDebugAscii,
+ PKIX_ESCASCII_DEBUG,
+ &dest2,
+ &length2,
+ plContext));
+
+ for (i = 0; (i < length) && (i < length2); i++)
+ if (((char *)dest)[i] != ((char *)dest2)[i]) {
+ testError("Equivalent strings are unequal");
+ break;
}
+ length = 0;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ length2 = 0;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest2, plContext));
+
+ temp = PKIX_String2ASCII(testDebugAscii, plContext);
+ if (temp) {
+ if (PL_strcmp(plainText, temp) != 0)
+ testError("Debugged ASCII does not match "
+ "equivalent EscAscii");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testSprintf(void)
{
- PKIX_Int32 x = 0xCAFE;
- PKIX_Int32 y = -12345;
- PKIX_PL_String *testString = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *sprintfString = NULL;
- char *plainText = "Testing Sprintf";
- char *format = "%s %x %u %d";
- char *convertedFormat = "%s %lx %lu %ld";
- char *temp = NULL;
- char *temp2 = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- plainText,
- PL_strlen(plainText),
- &testString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- format,
- 11,
- &formatString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Sprintf(&sprintfString,
- plContext,
- formatString,
- testString, x, y, y));
- PKIX_TEST_DECREF_BC(testString);
-
- temp = PR_smprintf(convertedFormat, plainText, x, y, y);
- temp2 = PKIX_String2ASCII(sprintfString, plContext);
-
- if (PL_strcmp(temp, temp2) != 0)
- testError("Sprintf produced incorrect output");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp2, plContext));
-
-
- PKIX_TEST_DECREF_BC(sprintfString);
-
-
- PKIX_TEST_DECREF_BC(formatString);
-
+ PKIX_Int32 x = 0xCAFE;
+ PKIX_Int32 y = -12345;
+ PKIX_PL_String *testString = NULL;
+ PKIX_PL_String *formatString = NULL;
+ PKIX_PL_String *sprintfString = NULL;
+ char *plainText = "Testing Sprintf";
+ char *format = "%s %x %u %d";
+ char *convertedFormat = "%s %lx %lu %ld";
+ char *temp = NULL;
+ char *temp2 = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ plainText,
+ PL_strlen(plainText),
+ &testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ format,
+ 11,
+ &formatString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Sprintf(&sprintfString,
+ plContext,
+ formatString,
+ testString, x, y, y));
+ PKIX_TEST_DECREF_BC(testString);
+
+ temp = PR_smprintf(convertedFormat, plainText, x, y, y);
+ temp2 = PKIX_String2ASCII(sprintfString, plContext);
+
+ if (PL_strcmp(temp, temp2) != 0)
+ testError("Sprintf produced incorrect output");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp2, plContext));
+
+ PKIX_TEST_DECREF_BC(sprintfString);
+
+ PKIX_TEST_DECREF_BC(formatString);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testErrorHandling(void)
{
- char *debugAsciiString =
- "string with&#x000A;newlines and&#x0009;tabs";
-
- PKIX_PL_String *testString = NULL;
-
- PKIX_TEST_STD_VARS();
-
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- NULL,
- 50,
- &testString,
- plContext));
-
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
- "blah", 4, NULL, plContext));
-
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_Sprintf(&testString, plContext, NULL));
-
- PKIX_TEST_EXPECT_ERROR
- (PKIX_PL_GetString(0, NULL, &testString, plContext));
-
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_GetString(0, "blah", 0, plContext));
-
- /* ---------------------------- */
- subTest("Unicode Error Handling");
-
- /* &#x must be followed by 4 hexadecimal digits */
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- "&#x003k;",
- 7,
- &testString,
- plContext));
-
- /* &#x must be followed by 4 hexadecimal digits */
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- "abc&#x00",
- 8,
- &testString,
- plContext));
-
- /* &#x must be between 00010000-0010FFFF */
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- "&#x00200101;",
- 11,
- &testString,
- plContext));
-
- /* &#x must be followed by 8 hexadecimal digits */
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- "&#x001000",
- 10,
- &testString,
- plContext));
-
- /* &#x must be followed by 8 hexadecimal digits */
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- "&#x0010m00;",
- 10,
- &testString,
- plContext));
-
- /* Byte values D800-DFFF are reserved */
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- "&#xD800;",
- 7,
- &testString,
- plContext));
-
- /* Can't use &#x for regular characters */
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- "&#x0032;",
- 7,
- &testString,
- plContext));
-
- /* Can't use non-printable characters */
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- "\xA1",
- 1,
- &testString,
- plContext));
-
- /* Only legal \\ characters are \\, u and U */
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- "&blah",
- 5,
- &testString,
- plContext));
-
-
-
- /* Surrogate pairs must be legal */
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_UTF16,
- "\xd8\x00\x0\x66",
- 4,
- &testString,
- plContext));
-
- /* Debugged EscASCII should not be accepted as EscASCII */
- PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- debugAsciiString,
- PL_strlen(debugAsciiString),
- &testString,
- plContext));
+ char *debugAsciiString =
+ "string with&#x000A;newlines and&#x0009;tabs";
+
+ PKIX_PL_String *testString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ NULL,
+ 50,
+ &testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ "blah", 4, NULL, plContext));
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Sprintf(&testString, plContext, NULL));
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_GetString(0, NULL, &testString, plContext));
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_GetString(0, "blah", 0, plContext));
+
+ /* ---------------------------- */
+ subTest("Unicode Error Handling");
+
+ /* &#x must be followed by 4 hexadecimal digits */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#x003k;",
+ 7,
+ &testString,
+ plContext));
+
+ /* &#x must be followed by 4 hexadecimal digits */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "abc&#x00",
+ 8,
+ &testString,
+ plContext));
+
+ /* &#x must be between 00010000-0010FFFF */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#x00200101;",
+ 11,
+ &testString,
+ plContext));
+
+ /* &#x must be followed by 8 hexadecimal digits */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#x001000",
+ 10,
+ &testString,
+ plContext));
+
+ /* &#x must be followed by 8 hexadecimal digits */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#x0010m00;",
+ 10,
+ &testString,
+ plContext));
+
+ /* Byte values D800-DFFF are reserved */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#xD800;",
+ 7,
+ &testString,
+ plContext));
+
+ /* Can't use &#x for regular characters */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#x0032;",
+ 7,
+ &testString,
+ plContext));
+
+ /* Can't use non-printable characters */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "\xA1",
+ 1,
+ &testString,
+ plContext));
+
+ /* Only legal \\ characters are \\, u and U */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&blah",
+ 5,
+ &testString,
+ plContext));
+
+ /* Surrogate pairs must be legal */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_UTF16,
+ "\xd8\x00\x0\x66",
+ 4,
+ &testString,
+ plContext));
+
+ /* Debugged EscASCII should not be accepted as EscASCII */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ debugAsciiString,
+ PL_strlen(debugAsciiString),
+ &testString,
+ plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testDestroy(
- PKIX_PL_String *string)
+ PKIX_PL_String *string)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(string);
+ PKIX_TEST_DECREF_BC(string);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
+int
+test_string(int argc, char *argv[])
+{
-int test_string(int argc, char *argv[]) {
-
- PKIX_PL_String *testString[6] = {NULL};
- PKIX_PL_String *testNullString = NULL;
- PKIX_PL_String *testDebugAscii = NULL;
- PKIX_PL_String *testEscAscii = NULL;
- PKIX_PL_String *testUtf16 = NULL;
- PKIX_PL_String *ampString = NULL;
- unsigned char utf16Data[] = {0x00, 0xA1, 0xD8, 0x00,
- 0xDC, 0x00, 0x0F, 0xFF,
- 0xDB, 0xC0, 0xDC, 0x01};
- PKIX_UInt32 i, size = 6;
-
- char *plainText[6] = {
- "string with\nnewlines and\ttabs",
- "Not an escaped char: &amp;#x0012;",
- "Encode &amp; with &amp;amp; in ASCII",
- "&#x00A1;",
- "&amp;",
- "string with\nnewlines and\ttabs"
- };
-
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
-
- PKIX_TEST_STD_VARS();
-
- startTests("Strings");
-
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
-
- subTest("PKIX_PL_String_Create <ascii format>");
- for (i = 0; i < size; i++) {
- testString[i] = NULL;
- createString
- (&testString[i],
- PKIX_ESCASCII,
- plainText[i],
- PL_strlen(plainText[i]));
- }
-
- subTest("PKIX_PL_String_Create <other formats>");
- createStringOther
- (&testEscAscii,
- &testUtf16,
- &ampString,
- &testDebugAscii,
- &testNullString,
- (PKIX_UInt32 *)utf16Data);
-
- PKIX_TEST_EQ_HASH_TOSTR_DUP
- (testString[0],
- testString[5],
- testString[1],
- plainText[0],
- String,
- PKIX_TRUE);
-
- subTest("PKIX_PL_String_GetEncoded");
- testGetEncoded
- (testEscAscii,
- testString[0],
- testDebugAscii,
- testNullString,
- (PKIX_UInt32 *)utf16Data);
-
- subTest("PKIX_PL_Sprintf");
- testSprintf();
-
- subTest("PKIX_PL_String_Create <error_handling>");
- testErrorHandling();
-
- subTest("PKIX_PL_String_Destroy");
- for (i = 0; i < size; i++) {
- testDestroy(testString[i]);
- }
- testDestroy(testEscAscii);
- testDestroy(testUtf16);
- testDestroy(ampString);
- testDestroy(testDebugAscii);
- testDestroy(testNullString);
+ PKIX_PL_String *testString[6] = { NULL };
+ PKIX_PL_String *testNullString = NULL;
+ PKIX_PL_String *testDebugAscii = NULL;
+ PKIX_PL_String *testEscAscii = NULL;
+ PKIX_PL_String *testUtf16 = NULL;
+ PKIX_PL_String *ampString = NULL;
+ unsigned char utf16Data[] = { 0x00, 0xA1, 0xD8, 0x00,
+ 0xDC, 0x00, 0x0F, 0xFF,
+ 0xDB, 0xC0, 0xDC, 0x01 };
+ PKIX_UInt32 i, size = 6;
+
+ char *plainText[6] = {
+ "string with\nnewlines and\ttabs",
+ "Not an escaped char: &amp;#x0012;",
+ "Encode &amp; with &amp;amp; in ASCII",
+ "&#x00A1;",
+ "&amp;",
+ "string with\nnewlines and\ttabs"
+ };
+
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Strings");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("PKIX_PL_String_Create <ascii format>");
+ for (i = 0; i < size; i++) {
+ testString[i] = NULL;
+ createString(&testString[i],
+ PKIX_ESCASCII,
+ plainText[i],
+ PL_strlen(plainText[i]));
+ }
+
+ subTest("PKIX_PL_String_Create <other formats>");
+ createStringOther(&testEscAscii,
+ &testUtf16,
+ &ampString,
+ &testDebugAscii,
+ &testNullString,
+ (PKIX_UInt32 *)utf16Data);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(testString[0],
+ testString[5],
+ testString[1],
+ plainText[0],
+ String,
+ PKIX_TRUE);
+
+ subTest("PKIX_PL_String_GetEncoded");
+ testGetEncoded(testEscAscii,
+ testString[0],
+ testDebugAscii,
+ testNullString,
+ (PKIX_UInt32 *)utf16Data);
+
+ subTest("PKIX_PL_Sprintf");
+ testSprintf();
+
+ subTest("PKIX_PL_String_Create <error_handling>");
+ testErrorHandling();
+
+ subTest("PKIX_PL_String_Destroy");
+ for (i = 0; i < size; i++) {
+ testDestroy(testString[i]);
+ }
+ testDestroy(testEscAscii);
+ testDestroy(testUtf16);
+ testDestroy(ampString);
+ testDestroy(testDebugAscii);
+ testDestroy(testNullString);
cleanup:
- PKIX_Shutdown(plContext);
-
- PKIX_TEST_RETURN();
+ PKIX_Shutdown(plContext);
- endTests("String");
+ PKIX_TEST_RETURN();
- return (0);
+ endTests("String");
+ return (0);
}
diff --git a/cmd/libpkix/pkix_pl/system/test_string2.c b/cmd/libpkix/pkix_pl/system/test_string2.c
index 8424c4874..c76d1e9ac 100644
--- a/cmd/libpkix/pkix_pl/system/test_string2.c
+++ b/cmd/libpkix/pkix_pl/system/test_string2.c
@@ -15,328 +15,323 @@ static void *plContext = NULL;
static void
createString(
- PKIX_PL_String **vivaEspanaString,
- PKIX_PL_String **straussString,
- PKIX_PL_String **gorbachevString,
- PKIX_PL_String **testUTF16String,
- PKIX_PL_String **chineseString,
- PKIX_PL_String **jeanRenoString)
+ PKIX_PL_String **vivaEspanaString,
+ PKIX_PL_String **straussString,
+ PKIX_PL_String **gorbachevString,
+ PKIX_PL_String **testUTF16String,
+ PKIX_PL_String **chineseString,
+ PKIX_PL_String **jeanRenoString)
{
- /* this is meant to fail - it highlights bug 0002 */
- unsigned char utf16String[4] = { 0xF8, 0x60,
- 0xFC, 0x60};
-
- unsigned char chinese[16] = { 0xe7, 0xab, 0xa0,
- 0xe5, 0xad, 0x90,
- 0xe6, 0x80, 0xa1,
- 0x20,
- 0xe4, 0xb8, 0xad,
- 0xe5, 0x9b, 0xbd
- };
-
- char* jeanReno = "Jean R\303\251no is an actor.";
- char* gorbachev = /* This is the name "Gorbachev" in cyrllic */
+ /* this is meant to fail - it highlights bug 0002 */
+ unsigned char utf16String[4] = { 0xF8, 0x60,
+ 0xFC, 0x60 };
+
+ unsigned char chinese[16] = { 0xe7, 0xab, 0xa0,
+ 0xe5, 0xad, 0x90,
+ 0xe6, 0x80, 0xa1,
+ 0x20,
+ 0xe4, 0xb8, 0xad,
+ 0xe5, 0x9b, 0xbd };
+
+ char *jeanReno = "Jean R\303\251no is an actor.";
+ char *gorbachev = /* This is the name "Gorbachev" in cyrllic */
"\xd0\x93\xd0\xbe\xd1\x80\xd0\xb1\xd0\xb0\xd1\x87\xd1\x91\xd0\xb2";
- char *vivaEspana =
- "&#x00A1;Viva Espa&#x00f1;a!";
-
- char *strauss =
- "Strau&#x00Df; was born in &#x00D6;sterreich";
-
- PKIX_TEST_STD_VARS();
-
- /* ---------------------------- */
- subTest("String Creation");
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- vivaEspana,
- PL_strlen(vivaEspana),
- vivaEspanaString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_ESCASCII,
- strauss,
- PL_strlen(strauss),
- straussString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_UTF8,
- gorbachev,
- PL_strlen(gorbachev),
- gorbachevString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_UTF16,
- utf16String,
- 4,
- testUTF16String,
- plContext));
-
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_UTF8,
- chinese,
- 16,
- chineseString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
- PKIX_UTF8,
- jeanReno,
- PL_strlen(jeanReno),
- jeanRenoString,
- plContext));
+ char *vivaEspana =
+ "&#x00A1;Viva Espa&#x00f1;a!";
+
+ char *strauss =
+ "Strau&#x00Df; was born in &#x00D6;sterreich";
+
+ PKIX_TEST_STD_VARS();
+
+ /* ---------------------------- */
+ subTest("String Creation");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ vivaEspana,
+ PL_strlen(vivaEspana),
+ vivaEspanaString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ strauss,
+ PL_strlen(strauss),
+ straussString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_UTF8,
+ gorbachev,
+ PL_strlen(gorbachev),
+ gorbachevString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_UTF16,
+ utf16String,
+ 4,
+ testUTF16String,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_UTF8,
+ chinese,
+ 16,
+ chineseString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_UTF8,
+ jeanReno,
+ PL_strlen(jeanReno),
+ jeanRenoString,
+ plContext));
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testGetEncoded(PKIX_PL_String *string, PKIX_UInt32 format)
{
- void *dest = NULL;
- PKIX_UInt32 length;
+ void *dest = NULL;
+ PKIX_UInt32 length;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded
- (string,
- format,
- &dest,
- &length,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(string,
+ format,
+ &dest,
+ &length,
+ plContext));
- if (dest){
- (void) printf("\tResult: %s\n", (char *)dest);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
- }
+ if (dest) {
+ (void)printf("\tResult: %s\n", (char *)dest);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-
static void
testHTMLOutput(
- PKIX_PL_String *vivaEspanaString,
- PKIX_PL_String *straussString,
- PKIX_PL_String *gorbachevString,
- PKIX_PL_String *testUTF16String,
- PKIX_PL_String *chineseString,
- PKIX_PL_String *jeanRenoString)
+ PKIX_PL_String *vivaEspanaString,
+ PKIX_PL_String *straussString,
+ PKIX_PL_String *gorbachevString,
+ PKIX_PL_String *testUTF16String,
+ PKIX_PL_String *chineseString,
+ PKIX_PL_String *jeanRenoString)
{
- void *dest = NULL;
- PKIX_UInt32 length;
-
- FILE *htmlFile = NULL;
-
- PKIX_TEST_STD_VARS();
-
- /* Opening a file for output */
- htmlFile = fopen("utf8.html", "w");
-
- if (htmlFile != plContext) {
- (void) fprintf(htmlFile, "<html><head>\n");
- (void) fprintf(htmlFile, "<meta http-equiv=\"Content-Type\"");
- (void) fprintf(htmlFile,
- "content = \"text/html; charset = UTF-8\">\n");
- (void) fprintf(htmlFile, "</head><body>\n");
- (void) fprintf(htmlFile, "<font size =\"+2\">\n");
- } else
- (void) printf("Could not open HTML file\n");
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testUTF16String,
- PKIX_UTF8,
- &dest,
- &length,
- plContext));
- if (htmlFile != plContext) {
- (void) printf("%d bytes written to HTML file\n",
- fwrite(dest, length, 1, htmlFile));
- (void) fprintf(htmlFile, "<BR>\n");
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
- dest = NULL;
- length = 0;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(chineseString,
- PKIX_UTF8,
- &dest,
- &length,
- plContext));
- if (htmlFile != plContext) {
- (void) printf("%d bytes written to HTML file\n",
- fwrite(dest, length, 1, htmlFile));
- (void) fprintf(htmlFile, "<BR>\n");
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
- dest = NULL;
- length = 0;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(jeanRenoString,
- PKIX_UTF8,
- &dest,
- &length,
- plContext));
- if (htmlFile != plContext) {
- (void) printf("%d bytes written to HTML file\n",
- fwrite(dest, length, 1, htmlFile));
- (void) fprintf(htmlFile, "<BR>\n");
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
- dest = NULL;
- length = 0;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(vivaEspanaString,
- PKIX_UTF8,
- &dest,
- &length,
- plContext));
- if (htmlFile != plContext) {
- (void) printf("%d bytes written to HTML file\n",
- fwrite(dest, length, 1, htmlFile));
- (void) fprintf(htmlFile, "<BR>\n");
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
- dest = NULL;
- length = 0;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(straussString,
- PKIX_UTF8,
- &dest,
- &length,
- plContext));
- if (htmlFile != plContext) {
- (void) printf("%d bytes written to HTML file\n",
- fwrite(dest, length, 1, htmlFile));
- (void) fprintf(htmlFile, "<BR>\n");
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
- dest = NULL;
- length = 0;
-
-
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(straussString,
- PKIX_UTF8,
- &dest,
- &length,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
- dest = NULL;
- length = 0;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(gorbachevString,
- PKIX_UTF8,
- &dest,
- &length,
- plContext));
- if (htmlFile != plContext) {
- (void) printf("%d bytes written to HTML file\n",
- fwrite(dest, length, 1, htmlFile));
- (void) fprintf(htmlFile, "<BR>\n");
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
- dest = NULL;
- length = 0;
-
- if (htmlFile != plContext) {
- (void) fprintf(htmlFile, "</font>\n");
- (void) fprintf(htmlFile, "</body></html>\n");
- (void) fclose(htmlFile);
- }
+ void *dest = NULL;
+ PKIX_UInt32 length;
+
+ FILE *htmlFile = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ /* Opening a file for output */
+ htmlFile = fopen("utf8.html", "w");
+
+ if (htmlFile != plContext) {
+ (void)fprintf(htmlFile, "<html><head>\n");
+ (void)fprintf(htmlFile, "<meta http-equiv=\"Content-Type\"");
+ (void)fprintf(htmlFile,
+ "content = \"text/html; charset = UTF-8\">\n");
+ (void)fprintf(htmlFile, "</head><body>\n");
+ (void)fprintf(htmlFile, "<font size =\"+2\">\n");
+ } else
+ (void)printf("Could not open HTML file\n");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testUTF16String,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(chineseString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(jeanRenoString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(vivaEspanaString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(straussString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(straussString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(gorbachevString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ if (htmlFile != plContext) {
+ (void)fprintf(htmlFile, "</font>\n");
+ (void)fprintf(htmlFile, "</body></html>\n");
+ (void)fclose(htmlFile);
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
static void
testDestroy(
- PKIX_PL_String *string)
+ PKIX_PL_String *string)
{
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_DECREF_BC(string);
+ PKIX_TEST_DECREF_BC(string);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-int test_string2(int argc, char *argv[]) {
+int
+test_string2(int argc, char *argv[])
+{
- PKIX_PL_String *vivaEspanaString, *straussString, *testUTF16String;
- PKIX_PL_String *chineseString, *jeanRenoString, *gorbachevString;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
+ PKIX_PL_String *vivaEspanaString, *straussString, *testUTF16String;
+ PKIX_PL_String *chineseString, *jeanRenoString, *gorbachevString;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- startTests("Unicode Strings");
+ startTests("Unicode Strings");
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- subTest("PKIX_PL_String_Create");
- createString(&vivaEspanaString,
- &straussString,
- &gorbachevString,
- &testUTF16String,
- &chineseString,
- &jeanRenoString);
+ subTest("PKIX_PL_String_Create");
+ createString(&vivaEspanaString,
+ &straussString,
+ &gorbachevString,
+ &testUTF16String,
+ &chineseString,
+ &jeanRenoString);
- subTest("Converting UTF-16 to EscASCII");
- testGetEncoded(testUTF16String, PKIX_ESCASCII);
+ subTest("Converting UTF-16 to EscASCII");
+ testGetEncoded(testUTF16String, PKIX_ESCASCII);
- subTest("Converting UTF-8 to EscASCII");
- testGetEncoded(chineseString, PKIX_ESCASCII);
+ subTest("Converting UTF-8 to EscASCII");
+ testGetEncoded(chineseString, PKIX_ESCASCII);
- subTest("Converting UTF-8 to EscASCII");
- testGetEncoded(jeanRenoString, PKIX_ESCASCII);
+ subTest("Converting UTF-8 to EscASCII");
+ testGetEncoded(jeanRenoString, PKIX_ESCASCII);
- subTest("Converting EscASCII to UTF-16");
- testGetEncoded(vivaEspanaString, PKIX_UTF16);
+ subTest("Converting EscASCII to UTF-16");
+ testGetEncoded(vivaEspanaString, PKIX_UTF16);
- subTest("Converting UTF-8 to UTF-16");
- testGetEncoded(chineseString, PKIX_UTF16);
+ subTest("Converting UTF-8 to UTF-16");
+ testGetEncoded(chineseString, PKIX_UTF16);
- subTest("Creating HTML Output File \'utf8.html\'");
- testHTMLOutput(vivaEspanaString,
- straussString,
- gorbachevString,
- testUTF16String,
- chineseString,
- jeanRenoString);
+ subTest("Creating HTML Output File \'utf8.html\'");
+ testHTMLOutput(vivaEspanaString,
+ straussString,
+ gorbachevString,
+ testUTF16String,
+ chineseString,
+ jeanRenoString);
- subTest("Unicode Destructors");
- testDestroy(testUTF16String);
- testDestroy(chineseString);
- testDestroy(jeanRenoString);
- testDestroy(vivaEspanaString);
- testDestroy(straussString);
- testDestroy(gorbachevString);
+ subTest("Unicode Destructors");
+ testDestroy(testUTF16String);
+ testDestroy(chineseString);
+ testDestroy(jeanRenoString);
+ testDestroy(vivaEspanaString);
+ testDestroy(straussString);
+ testDestroy(gorbachevString);
cleanup:
- PKIX_Shutdown(plContext);
-
- PKIX_TEST_RETURN();
+ PKIX_Shutdown(plContext);
- endTests("Unicode Strings");
+ PKIX_TEST_RETURN();
- return (0);
+ endTests("Unicode Strings");
+ return (0);
}
diff --git a/cmd/libpkix/pkixutil/pkixutil.c b/cmd/libpkix/pkixutil/pkixutil.c
index 8deb883e3..158f45895 100644
--- a/cmd/libpkix/pkixutil/pkixutil.c
+++ b/cmd/libpkix/pkixutil/pkixutil.c
@@ -16,7 +16,7 @@
#include "nss.h"
#include "secport.h"
-typedef int (*mainTestFn)(int argc, char* argv[]);
+typedef int (*mainTestFn)(int argc, char *argv[]);
extern int libpkix_buildthreads(int argc, char *argv[]);
extern int nss_threads(int argc, char *argv[]);
@@ -88,84 +88,84 @@ extern int dumpcert(int argc, char *argv[]);
extern int dumpcrl(int argc, char *argv[]);
extern int validate_chain(int argc, char *argv[]);
-
typedef struct {
char *fnName;
mainTestFn fnPointer;
} testFunctionRef;
testFunctionRef testFnRefTable[] = {
- {"libpkix_buildthreads", libpkix_buildthreads},
- {"nss_threads", nss_threads},
- {"test_certselector", test_certselector},
- {"test_comcertselparams", test_comcertselparams},
- {"test_certchainchecker", test_certchainchecker},
- {"test_comcrlselparams", test_comcrlselparams},
- {"test_crlselector", test_crlselector},
- {"test_procparams", test_procparams},
- {"test_resourcelimits", test_resourcelimits},
- {"test_trustanchor", test_trustanchor},
- {"test_valparams", test_valparams},
- {"test_buildresult", test_buildresult},
- {"test_policynode", test_policynode},
- {"test_valresult", test_valresult},
- {"test_verifynode", test_verifynode},
- {"test_store", test_store},
- {"test_basicchecker", test_basicchecker},
- {"test_basicconstraintschecker", test_basicconstraintschecker},
- {"test_buildchain", test_buildchain},
- {"test_buildchain_partialchain", test_buildchain_partialchain},
- {"test_buildchain_resourcelimits", test_buildchain_resourcelimits},
- {"test_buildchain_uchecker", test_buildchain_uchecker},
- {"test_customcrlchecker", test_customcrlchecker},
- {"test_defaultcrlchecker2stores", test_defaultcrlchecker2stores},
- {"test_ocsp", test_ocsp},
- {"test_policychecker", test_policychecker},
- {"test_subjaltnamechecker", test_subjaltnamechecker},
- {"test_validatechain", test_validatechain},
- {"test_validatechain_NB", test_validatechain_NB},
- {"test_validatechain_bc", test_validatechain_bc},
- {"test_error", test_error},
- {"test_list", test_list},
- {"test_list2", test_list2},
- {"test_logger", test_logger},
- {"test_colcertstore", test_colcertstore},
- {"test_ekuchecker", test_ekuchecker},
- {"test_httpcertstore", test_httpcertstore},
- {"test_pk11certstore", test_pk11certstore},
- {"test_socket", test_socket},
- {"test_authorityinfoaccess", test_authorityinfoaccess},
- {"test_cert", test_cert},
- {"test_crl", test_crl},
- {"test_crlentry", test_crlentry},
- {"test_date", test_date},
- {"test_generalname", test_generalname},
- {"test_nameconstraints", test_nameconstraints},
- {"test_subjectinfoaccess", test_subjectinfoaccess},
- {"test_x500name", test_x500name},
- {"stress_test", stress_test},
- {"test_bigint", test_bigint},
- {"test_bytearray", test_bytearray},
- {"test_hashtable", test_hashtable},
- {"test_mem", test_mem},
- {"test_monitorlock", test_monitorlock},
- {"test_mutex", test_mutex},
- {"test_mutex2", test_mutex2},
- {"test_mutex3", test_mutex3},
- {"test_object", test_object},
- {"test_oid", test_oid},
-/* {"test_rwlock", test_rwlock }*/
- {"test_string", test_string},
- {"test_string2", test_string2},
- {"build_chain", build_chain},
- {"dumpcert", dumpcert},
- {"dumpcrl", dumpcrl},
- {"validate_chain", validate_chain},
- {NULL, NULL },
+ { "libpkix_buildthreads", libpkix_buildthreads },
+ { "nss_threads", nss_threads },
+ { "test_certselector", test_certselector },
+ { "test_comcertselparams", test_comcertselparams },
+ { "test_certchainchecker", test_certchainchecker },
+ { "test_comcrlselparams", test_comcrlselparams },
+ { "test_crlselector", test_crlselector },
+ { "test_procparams", test_procparams },
+ { "test_resourcelimits", test_resourcelimits },
+ { "test_trustanchor", test_trustanchor },
+ { "test_valparams", test_valparams },
+ { "test_buildresult", test_buildresult },
+ { "test_policynode", test_policynode },
+ { "test_valresult", test_valresult },
+ { "test_verifynode", test_verifynode },
+ { "test_store", test_store },
+ { "test_basicchecker", test_basicchecker },
+ { "test_basicconstraintschecker", test_basicconstraintschecker },
+ { "test_buildchain", test_buildchain },
+ { "test_buildchain_partialchain", test_buildchain_partialchain },
+ { "test_buildchain_resourcelimits", test_buildchain_resourcelimits },
+ { "test_buildchain_uchecker", test_buildchain_uchecker },
+ { "test_customcrlchecker", test_customcrlchecker },
+ { "test_defaultcrlchecker2stores", test_defaultcrlchecker2stores },
+ { "test_ocsp", test_ocsp },
+ { "test_policychecker", test_policychecker },
+ { "test_subjaltnamechecker", test_subjaltnamechecker },
+ { "test_validatechain", test_validatechain },
+ { "test_validatechain_NB", test_validatechain_NB },
+ { "test_validatechain_bc", test_validatechain_bc },
+ { "test_error", test_error },
+ { "test_list", test_list },
+ { "test_list2", test_list2 },
+ { "test_logger", test_logger },
+ { "test_colcertstore", test_colcertstore },
+ { "test_ekuchecker", test_ekuchecker },
+ { "test_httpcertstore", test_httpcertstore },
+ { "test_pk11certstore", test_pk11certstore },
+ { "test_socket", test_socket },
+ { "test_authorityinfoaccess", test_authorityinfoaccess },
+ { "test_cert", test_cert },
+ { "test_crl", test_crl },
+ { "test_crlentry", test_crlentry },
+ { "test_date", test_date },
+ { "test_generalname", test_generalname },
+ { "test_nameconstraints", test_nameconstraints },
+ { "test_subjectinfoaccess", test_subjectinfoaccess },
+ { "test_x500name", test_x500name },
+ { "stress_test", stress_test },
+ { "test_bigint", test_bigint },
+ { "test_bytearray", test_bytearray },
+ { "test_hashtable", test_hashtable },
+ { "test_mem", test_mem },
+ { "test_monitorlock", test_monitorlock },
+ { "test_mutex", test_mutex },
+ { "test_mutex2", test_mutex2 },
+ { "test_mutex3", test_mutex3 },
+ { "test_object", test_object },
+ { "test_oid", test_oid },
+ /* {"test_rwlock", test_rwlock }*/
+ { "test_string", test_string },
+ { "test_string2", test_string2 },
+ { "build_chain", build_chain },
+ { "dumpcert", dumpcert },
+ { "dumpcrl", dumpcrl },
+ { "validate_chain", validate_chain },
+ { NULL, NULL },
};
-static
-void printUsage(char *cmdName) {
+static void
+printUsage(char *cmdName)
+{
int fnCounter = 0;
fprintf(stderr, "Usage: %s [test name] [arg1]...[argN]\n\n", cmdName);
@@ -181,22 +181,22 @@ void printUsage(char *cmdName) {
}
static SECStatus
-getTestArguments(int argc,
- char **argv,
+getTestArguments(int argc,
+ char **argv,
mainTestFn *ptestFn,
- char **pdbPath,
- int *pargc,
- char ***pargv)
+ char **pdbPath,
+ int *pargc,
+ char ***pargv)
{
PLOptState *optstate = NULL;
PLOptStatus status;
mainTestFn testFunction = NULL;
char **wArgv = NULL;
- char *dbPath = NULL;
- char *fnName = NULL;
- int wArgc = 0;
- int fnCounter = 0;
-
+ char *dbPath = NULL;
+ char *fnName = NULL;
+ int wArgc = 0;
+ int fnCounter = 0;
+
if (argc < 2) {
printf("ERROR: insufficient number of arguments: %s.\n", fnName);
return SECFailure;
@@ -215,7 +215,7 @@ getTestArguments(int argc,
return SECFailure;
}
- wArgv = PORT_ZNewArray(char*, argc);
+ wArgv = PORT_ZNewArray(char *, argc);
if (!wArgv) {
return SECFailure;
}
@@ -227,14 +227,14 @@ getTestArguments(int argc,
optstate = PL_CreateOptState(argc - 1, argv + 1, "d:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
- case 'd':
- dbPath = (char*)optstate->value;
- break;
+ case 'd':
+ dbPath = (char *)optstate->value;
+ break;
- default:
- wArgv[wArgc] = (char*)optstate->value;
- wArgc += 1;
- break;
+ default:
+ wArgv[wArgc] = (char *)optstate->value;
+ wArgc += 1;
+ break;
}
}
PL_DestroyOptState(optstate);
@@ -243,22 +243,21 @@ getTestArguments(int argc,
*pdbPath = dbPath;
*pargc = wArgc;
*pargv = wArgv;
-
+
return SECSuccess;
}
-
-static
-int runCmd(mainTestFn fnPointer,
- int argc,
- char **argv,
- char *dbPath)
+static int
+runCmd(mainTestFn fnPointer,
+ int argc,
+ char **argv,
+ char *dbPath)
{
int retStat = 0;
-
+
/* Initialize NSPR and NSS. */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
+
/* if using databases, use NSS_Init and not NSS_NoDB_Init */
if (dbPath && PORT_Strlen(dbPath) != 0) {
if (NSS_Init(dbPath) != SECSuccess)
@@ -276,7 +275,9 @@ int runCmd(mainTestFn fnPointer,
return retStat;
}
-int main(int argc, char **argv) {
+int
+main(int argc, char **argv)
+{
mainTestFn testFunction = NULL;
char *dbPath = NULL;
char **testArgv = NULL;
@@ -289,11 +290,10 @@ int main(int argc, char **argv) {
printUsage(argv[0]);
return 1;
}
-
+
rv = runCmd(testFunction, testArgc, testArgv, dbPath);
PORT_Free(testArgv);
return rv;
}
-
diff --git a/cmd/libpkix/sample_apps/build_chain.c b/cmd/libpkix/sample_apps/build_chain.c
index fa717d9ae..38bf1d9f3 100644
--- a/cmd/libpkix/sample_apps/build_chain.c
+++ b/cmd/libpkix/sample_apps/build_chain.c
@@ -34,232 +34,209 @@
static void *plContext = NULL;
-static
-void printUsage(void){
- (void) printf("\nUSAGE:\tbuildChain "
- "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
- (void) printf
- ("Builds a chain of certificates between "
- "<trustedCert> and <targetCert>\n"
- "using the certs and CRLs in <certStoreDirectory>.\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\tbuildChain "
+ "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
+ (void)printf("Builds a chain of certificates between "
+ "<trustedCert> and <targetCert>\n"
+ "using the certs and CRLs in <certStoreDirectory>.\n");
}
static PKIX_PL_Cert *
createCert(char *inFileName)
{
- PKIX_PL_ByteArray *byteArray = NULL;
- void *buf = NULL;
- PRFileDesc *inFile = NULL;
- PKIX_UInt32 len;
- SECItem certDER;
- SECStatus rv;
- /* default: NULL cert (failure case) */
- PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_ByteArray *byteArray = NULL;
+ void *buf = NULL;
+ PRFileDesc *inFile = NULL;
+ PKIX_UInt32 len;
+ SECItem certDER;
+ SECStatus rv;
+ /* default: NULL cert (failure case) */
+ PKIX_PL_Cert *cert = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ certDER.data = NULL;
- PKIX_TEST_STD_VARS();
+ inFile = PR_Open(inFileName, PR_RDONLY, 0);
- certDER.data = NULL;
+ if (!inFile) {
+ pkixTestErrorMsg = "Unable to open cert file";
+ goto cleanup;
+ } else {
+ rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
+ if (!rv) {
+ buf = (void *)certDER.data;
+ len = certDER.len;
- inFile = PR_Open(inFileName, PR_RDONLY, 0);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext));
- if (!inFile){
- pkixTestErrorMsg = "Unable to open cert file";
- goto cleanup;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext));
+
+ SECITEM_FreeItem(&certDER, PR_FALSE);
} else {
- rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
- if (!rv){
- buf = (void *)certDER.data;
- len = certDER.len;
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create
- (buf, len, &byteArray, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create
- (byteArray, &cert, plContext));
-
- SECITEM_FreeItem(&certDER, PR_FALSE);
- } else {
- pkixTestErrorMsg = "Unable to read DER from cert file";
- goto cleanup;
- }
+ pkixTestErrorMsg = "Unable to read DER from cert file";
+ goto cleanup;
}
+ }
cleanup:
- if (inFile){
- PR_Close(inFile);
- }
+ if (inFile) {
+ PR_Close(inFile);
+ }
- if (PKIX_TEST_ERROR_RECEIVED){
- SECITEM_FreeItem(&certDER, PR_FALSE);
- }
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ SECITEM_FreeItem(&certDER, PR_FALSE);
+ }
- PKIX_TEST_DECREF_AC(byteArray);
+ PKIX_TEST_DECREF_AC(byteArray);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (cert);
+ return (cert);
}
-int build_chain(int argc, char *argv[])
+int
+build_chain(int argc, char *argv[])
{
- PKIX_BuildResult *buildResult = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_List *anchors = NULL;
- PKIX_List *certs = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- char *trustedCertFile = NULL;
- char *targetCertFile = NULL;
- char *storeDirAscii = NULL;
- PKIX_PL_String *storeDirString = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_PL_Cert *targetCert = NULL;
- PKIX_UInt32 actualMinorVersion, numCerts, i;
- PKIX_UInt32 j = 0;
- PKIX_CertStore *certStore = NULL;
- PKIX_List *certStores = NULL;
- char * asciiResult = NULL;
- PKIX_Boolean useArenas = PKIX_FALSE;
- void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
- void *nbioContext = NULL;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 4){
- printUsage();
- return (0);
- }
-
- useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
+ PKIX_BuildResult *buildResult = NULL;
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_List *anchors = NULL;
+ PKIX_List *certs = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ char *trustedCertFile = NULL;
+ char *targetCertFile = NULL;
+ char *storeDirAscii = NULL;
+ PKIX_PL_String *storeDirString = NULL;
+ PKIX_PL_Cert *trustedCert = NULL;
+ PKIX_PL_Cert *targetCert = NULL;
+ PKIX_UInt32 actualMinorVersion, numCerts, i;
+ PKIX_UInt32 j = 0;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_List *certStores = NULL;
+ char *asciiResult = NULL;
+ PKIX_Boolean useArenas = PKIX_FALSE;
+ void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
+ void *nbioContext = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 4) {
+ printUsage();
+ return (0);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize
- (PKIX_TRUE, /* nssInitNeeded */
- useArenas,
- PKIX_MAJOR_VERSION,
- PKIX_MINOR_VERSION,
- PKIX_MINOR_VERSION,
- &actualMinorVersion,
- &plContext));
+ useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
- /* create processing params with list of trust anchors */
- trustedCertFile = argv[j+1];
- trustedCert = createCert(trustedCertFile);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */
+ useArenas,
+ PKIX_MAJOR_VERSION,
+ PKIX_MINOR_VERSION,
+ PKIX_MINOR_VERSION,
+ &actualMinorVersion,
+ &plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
- (trustedCert, &anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (anchors, (PKIX_PL_Object *)anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
- (anchors, &procParams, plContext));
+ /* create processing params with list of trust anchors */
+ trustedCertFile = argv[j + 1];
+ trustedCert = createCert(trustedCertFile);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
- /* create CertSelector with target certificate in params */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+ /* create CertSelector with target certificate in params */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
- targetCertFile = argv[j+2];
- targetCert = createCert(targetCertFile);
+ targetCertFile = argv[j + 2];
+ targetCert = createCert(targetCertFile);
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_SetCertificate
- (certSelParams, targetCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
- /* create CertStores */
+ /* create CertStores */
- storeDirAscii = argv[j+3];
+ storeDirAscii = argv[j + 3];
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
- (storeDirString, &certStore, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (certStores, (PKIX_PL_Object *)certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(storeDirString, &certStore, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
- (procParams, certStores, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
- /* build cert chain using processing params and return buildResult */
+ /* build cert chain using processing params and return buildResult */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain
- (procParams,
- &nbioContext,
- &buildState,
- &buildResult,
- NULL,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain(procParams,
+ &nbioContext,
+ &buildState,
+ &buildResult,
+ NULL,
+ plContext));
- /*
+ /*
* As long as we use only CertStores with blocking I/O, we can omit
* checking for completion with nbioContext.
*/
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetLength(certs, &numCerts, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
- printf("\n");
+ printf("\n");
- for (i = 0; i < numCerts; i++){
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_GetItem
- (certs, i, (PKIX_PL_Object**)&cert, plContext));
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext));
- asciiResult = PKIX_Cert2ASCII(cert);
+ asciiResult = PKIX_Cert2ASCII(cert);
- printf("CERT[%d]:\n%s\n", i, asciiResult);
+ printf("CERT[%d]:\n%s\n", i, asciiResult);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
- asciiResult = NULL;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
+ asciiResult = NULL;
- PKIX_TEST_DECREF_BC(cert);
- }
+ PKIX_TEST_DECREF_BC(cert);
+ }
cleanup:
- if (PKIX_TEST_ERROR_RECEIVED){
- (void) printf("FAILED TO BUILD CHAIN\n");
- } else {
- (void) printf("SUCCESSFULLY BUILT CHAIN\n");
- }
-
- PKIX_PL_Free(asciiResult, plContext);
-
- PKIX_TEST_DECREF_AC(certs);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(certStore);
- PKIX_TEST_DECREF_AC(certStores);
- PKIX_TEST_DECREF_AC(storeDirString);
- PKIX_TEST_DECREF_AC(trustedCert);
- PKIX_TEST_DECREF_AC(targetCert);
- PKIX_TEST_DECREF_AC(anchor);
- PKIX_TEST_DECREF_AC(anchors);
- PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_DECREF_AC(certSelParams);
- PKIX_TEST_DECREF_AC(certSelector);
- PKIX_TEST_DECREF_AC(buildResult);
-
- PKIX_TEST_RETURN();
-
- PKIX_Shutdown(plContext);
-
- return (0);
-
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ (void)printf("FAILED TO BUILD CHAIN\n");
+ } else {
+ (void)printf("SUCCESSFULLY BUILT CHAIN\n");
+ }
+
+ PKIX_PL_Free(asciiResult, plContext);
+
+ PKIX_TEST_DECREF_AC(certs);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(certStores);
+ PKIX_TEST_DECREF_AC(storeDirString);
+ PKIX_TEST_DECREF_AC(trustedCert);
+ PKIX_TEST_DECREF_AC(targetCert);
+ PKIX_TEST_DECREF_AC(anchor);
+ PKIX_TEST_DECREF_AC(anchors);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(certSelParams);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(buildResult);
+
+ PKIX_TEST_RETURN();
+
+ PKIX_Shutdown(plContext);
+
+ return (0);
}
diff --git a/cmd/libpkix/sample_apps/dumpcert.c b/cmd/libpkix/sample_apps/dumpcert.c
index 553507763..6ff5f8377 100644
--- a/cmd/libpkix/sample_apps/dumpcert.c
+++ b/cmd/libpkix/sample_apps/dumpcert.c
@@ -23,162 +23,160 @@
static void *plContext = NULL;
-static
-void printUsage(void){
- (void) printf("\nUSAGE:\tdumpcert <certFile>\n");
- (void) printf("\tParses a certificate located at <certFile> "
- "and displays it.\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\tdumpcert <certFile>\n");
+ (void)printf("\tParses a certificate located at <certFile> "
+ "and displays it.\n");
}
-static
-void printFailure(char *msg){
- (void) printf("FAILURE: %s\n", msg);
+static void
+printFailure(char *msg)
+{
+ (void)printf("FAILURE: %s\n", msg);
}
static PKIX_PL_Cert *
createCert(char *inFileName)
{
- PKIX_PL_ByteArray *byteArray = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_Error *error = NULL;
- PRFileDesc *inFile = NULL;
- SECItem certDER;
- void *buf = NULL;
- PKIX_UInt32 len;
- SECStatus rv = SECFailure;
-
- certDER.data = NULL;
+ PKIX_PL_ByteArray *byteArray = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_Error *error = NULL;
+ PRFileDesc *inFile = NULL;
+ SECItem certDER;
+ void *buf = NULL;
+ PKIX_UInt32 len;
+ SECStatus rv = SECFailure;
+
+ certDER.data = NULL;
+
+ inFile = PR_Open(inFileName, PR_RDONLY, 0);
+
+ if (!inFile) {
+ printFailure("Unable to open cert file");
+ goto cleanup;
+ } else {
+ rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
+ if (!rv) {
+ buf = (void *)certDER.data;
+ len = certDER.len;
+
+ error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext);
+
+ if (error) {
+ printFailure("PKIX_PL_ByteArray_Create failed");
+ goto cleanup;
+ }
- inFile = PR_Open(inFileName, PR_RDONLY, 0);
+ error = PKIX_PL_Cert_Create(byteArray, &cert, plContext);
- if (!inFile){
- printFailure("Unable to open cert file");
+ if (error) {
+ printFailure("PKIX_PL_Cert_Create failed");
goto cleanup;
+ }
} else {
- rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
- if (!rv){
- buf = (void *)certDER.data;
- len = certDER.len;
-
- error = PKIX_PL_ByteArray_Create
- (buf, len, &byteArray, plContext);
-
- if (error){
- printFailure("PKIX_PL_ByteArray_Create failed");
- goto cleanup;
- }
-
- error = PKIX_PL_Cert_Create
- (byteArray, &cert, plContext);
-
- if (error){
- printFailure("PKIX_PL_Cert_Create failed");
- goto cleanup;
- }
- } else {
- printFailure("Unable to read DER from cert file");
- goto cleanup;
- }
+ printFailure("Unable to read DER from cert file");
+ goto cleanup;
}
+ }
cleanup:
- if (inFile){
- PR_Close(inFile);
- }
+ if (inFile) {
+ PR_Close(inFile);
+ }
- if (rv == SECSuccess){
- SECITEM_FreeItem(&certDER, PR_FALSE);
- }
+ if (rv == SECSuccess) {
+ SECITEM_FreeItem(&certDER, PR_FALSE);
+ }
- if (byteArray){
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)(byteArray), plContext);
- }
+ if (byteArray) {
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(byteArray), plContext);
+ }
- return (cert);
+ return (cert);
}
-int dumpcert(int argc, char *argv[])
+int
+dumpcert(int argc, char *argv[])
{
- PKIX_PL_String *string = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_Error *error = NULL;
- char *ascii = NULL;
- PKIX_UInt32 length = 0;
- PKIX_UInt32 j = 0;
- PKIX_Boolean useArenas = PKIX_FALSE;
- PKIX_UInt32 actualMinorVersion;
+ PKIX_PL_String *string = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_Error *error = NULL;
+ char *ascii = NULL;
+ PKIX_UInt32 length = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_Boolean useArenas = PKIX_FALSE;
+ PKIX_UInt32 actualMinorVersion;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- if (argc == 1){
- printUsage();
- return (0);
- }
+ if (argc == 1) {
+ printUsage();
+ return (0);
+ }
- useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
+ useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
- PKIX_Initialize
- (PKIX_TRUE, /* nssInitNeeded */
- useArenas,
- PKIX_MAJOR_VERSION,
- PKIX_MINOR_VERSION,
- PKIX_MINOR_VERSION,
- &actualMinorVersion,
- &plContext);
+ PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */
+ useArenas,
+ PKIX_MAJOR_VERSION,
+ PKIX_MINOR_VERSION,
+ PKIX_MINOR_VERSION,
+ &actualMinorVersion,
+ &plContext);
- cert = createCert(argv[1+j]);
+ cert = createCert(argv[1 + j]);
- if (cert){
+ if (cert) {
- error = PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)cert, &string, plContext);
+ error = PKIX_PL_Object_ToString((PKIX_PL_Object *)cert, &string, plContext);
- if (error){
- printFailure("Unable to get string representation "
- "of cert");
- goto cleanup;
- }
+ if (error) {
+ printFailure("Unable to get string representation "
+ "of cert");
+ goto cleanup;
+ }
- error = PKIX_PL_String_GetEncoded
- (string,
- PKIX_ESCASCII,
- (void **)&ascii,
- &length,
- plContext);
+ error = PKIX_PL_String_GetEncoded(string,
+ PKIX_ESCASCII,
+ (void **)&ascii,
+ &length,
+ plContext);
- if (error || !ascii){
- printFailure("Unable to get ASCII encoding of string");
- goto cleanup;
- }
+ if (error || !ascii) {
+ printFailure("Unable to get ASCII encoding of string");
+ goto cleanup;
+ }
- (void) printf("OUTPUT:\n%s\n", ascii);
+ (void)printf("OUTPUT:\n%s\n", ascii);
- } else {
- printFailure("Unable to create certificate");
- goto cleanup;
- }
+ } else {
+ printFailure("Unable to create certificate");
+ goto cleanup;
+ }
cleanup:
- if (cert){
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)(cert), plContext);
- }
+ if (cert) {
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(cert), plContext);
+ }
- if (string){
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext);
- }
+ if (string) {
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext);
+ }
- if (ascii){
- PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext);
- }
+ if (ascii) {
+ PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext);
+ }
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("DUMPCERT");
+ endTests("DUMPCERT");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/sample_apps/dumpcrl.c b/cmd/libpkix/sample_apps/dumpcrl.c
index cfb84bd4a..642601409 100644
--- a/cmd/libpkix/sample_apps/dumpcrl.c
+++ b/cmd/libpkix/sample_apps/dumpcrl.c
@@ -23,165 +23,164 @@
static void *plContext = NULL;
-static
-void printUsage(void){
- (void) printf("\nUSAGE:\tdumpcrl <crlFile>\n");
- (void) printf("\tParses a CRL located at <crlFile> "
- "and displays it.\n");
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\tdumpcrl <crlFile>\n");
+ (void)printf("\tParses a CRL located at <crlFile> "
+ "and displays it.\n");
}
-static
-void printFailure(char *msg){
- (void) printf("FAILURE: %s\n", msg);
+static void
+printFailure(char *msg)
+{
+ (void)printf("FAILURE: %s\n", msg);
}
static PKIX_PL_CRL *
createCRL(char *inFileName)
{
- PKIX_PL_ByteArray *byteArray = NULL;
- PKIX_PL_CRL *crl = NULL;
- PKIX_Error *error = NULL;
- PRFileDesc *inFile = NULL;
- SECItem crlDER;
- void *buf = NULL;
- PKIX_UInt32 len;
- SECStatus rv;
-
- PKIX_TEST_STD_VARS();
-
- crlDER.data = NULL;
-
- inFile = PR_Open(inFileName, PR_RDONLY, 0);
+ PKIX_PL_ByteArray *byteArray = NULL;
+ PKIX_PL_CRL *crl = NULL;
+ PKIX_Error *error = NULL;
+ PRFileDesc *inFile = NULL;
+ SECItem crlDER;
+ void *buf = NULL;
+ PKIX_UInt32 len;
+ SECStatus rv;
+
+ PKIX_TEST_STD_VARS();
+
+ crlDER.data = NULL;
+
+ inFile = PR_Open(inFileName, PR_RDONLY, 0);
+
+ if (!inFile) {
+ printFailure("Unable to open crl file");
+ goto cleanup;
+ } else {
+ rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
+ if (!rv) {
+ buf = (void *)crlDER.data;
+ len = crlDER.len;
+
+ error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext);
+
+ if (error) {
+ printFailure("PKIX_PL_ByteArray_Create failed");
+ goto cleanup;
+ }
- if (!inFile){
- printFailure("Unable to open crl file");
+ error = PKIX_PL_CRL_Create(byteArray, &crl, plContext);
+ if (error) {
+ printFailure("PKIX_PL_CRL_Create failed");
goto cleanup;
+ }
+
+ SECITEM_FreeItem(&crlDER, PR_FALSE);
} else {
- rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
- if (!rv){
- buf = (void *)crlDER.data;
- len = crlDER.len;
-
- error = PKIX_PL_ByteArray_Create
- (buf, len, &byteArray, plContext);
-
- if (error){
- printFailure("PKIX_PL_ByteArray_Create failed");
- goto cleanup;
- }
-
- error = PKIX_PL_CRL_Create(byteArray, &crl, plContext);
- if (error){
- printFailure("PKIX_PL_CRL_Create failed");
- goto cleanup;
- }
-
- SECITEM_FreeItem(&crlDER, PR_FALSE);
- } else {
- printFailure("Unable to read DER from crl file");
- goto cleanup;
- }
+ printFailure("Unable to read DER from crl file");
+ goto cleanup;
}
+ }
cleanup:
- if (inFile){
- PR_Close(inFile);
- }
+ if (inFile) {
+ PR_Close(inFile);
+ }
- if (error){
- SECITEM_FreeItem(&crlDER, PR_FALSE);
- }
+ if (error) {
+ SECITEM_FreeItem(&crlDER, PR_FALSE);
+ }
- if (byteArray){
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)(byteArray), plContext);
- }
+ if (byteArray) {
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(byteArray), plContext);
+ }
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (crl);
+ return (crl);
}
-int dumpcrl(int argc, char *argv[])
+int
+dumpcrl(int argc, char *argv[])
{
- PKIX_PL_String *string = NULL;
- PKIX_PL_CRL *crl = NULL;
- PKIX_Error *error = NULL;
- char *ascii = NULL;
- PKIX_UInt32 length;
- PKIX_UInt32 actualMinorVersion;
- PKIX_UInt32 j = 0;
- PKIX_Boolean useArenas = PKIX_FALSE;
+ PKIX_PL_String *string = NULL;
+ PKIX_PL_CRL *crl = NULL;
+ PKIX_Error *error = NULL;
+ char *ascii = NULL;
+ PKIX_UInt32 length;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ PKIX_Boolean useArenas = PKIX_FALSE;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- if (argc == 1){
- printUsage();
- return (0);
- }
+ if (argc == 1) {
+ printUsage();
+ return (0);
+ }
- useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
+ useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
- PKIX_Initialize
- (PKIX_TRUE, /* nssInitNeeded */
- useArenas,
- PKIX_MAJOR_VERSION,
- PKIX_MINOR_VERSION,
- PKIX_MINOR_VERSION,
- &actualMinorVersion,
- &plContext);
+ PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */
+ useArenas,
+ PKIX_MAJOR_VERSION,
+ PKIX_MINOR_VERSION,
+ PKIX_MINOR_VERSION,
+ &actualMinorVersion,
+ &plContext);
- crl = createCRL(argv[j+1]);
+ crl = createCRL(argv[j + 1]);
- if (crl){
+ if (crl) {
- error = PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)crl, &string, plContext);
+ error = PKIX_PL_Object_ToString((PKIX_PL_Object *)crl, &string, plContext);
- if (error){
- printFailure("Unable to get string representation "
- "of crl");
- goto cleanup;
- }
+ if (error) {
+ printFailure("Unable to get string representation "
+ "of crl");
+ goto cleanup;
+ }
- error = PKIX_PL_String_GetEncoded
- (string,
- PKIX_ESCASCII,
- (void **)&ascii,
- &length,
- plContext);
- if (error || !ascii){
- printFailure("Unable to get ASCII encoding of string");
- goto cleanup;
- }
+ error = PKIX_PL_String_GetEncoded(string,
+ PKIX_ESCASCII,
+ (void **)&ascii,
+ &length,
+ plContext);
+ if (error || !ascii) {
+ printFailure("Unable to get ASCII encoding of string");
+ goto cleanup;
+ }
- (void) printf("OUTPUT:\n%s\n", ascii);
+ (void)printf("OUTPUT:\n%s\n", ascii);
- } else {
- printFailure("Unable to create CRL");
- goto cleanup;
- }
+ } else {
+ printFailure("Unable to create CRL");
+ goto cleanup;
+ }
cleanup:
- if (crl){
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)(crl), plContext);
- }
+ if (crl) {
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(crl), plContext);
+ }
- if (string){
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext);
- }
+ if (string) {
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext);
+ }
- if (ascii){
- PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext);
- }
+ if (ascii) {
+ PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext);
+ }
- PKIX_Shutdown(plContext);
+ PKIX_Shutdown(plContext);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- endTests("DUMPCRL");
+ endTests("DUMPCRL");
- return (0);
+ return (0);
}
diff --git a/cmd/libpkix/sample_apps/validate_chain.c b/cmd/libpkix/sample_apps/validate_chain.c
index 56343a6f6..1ccf364e0 100644
--- a/cmd/libpkix/sample_apps/validate_chain.c
+++ b/cmd/libpkix/sample_apps/validate_chain.c
@@ -34,201 +34,187 @@
static void *plContext = NULL;
-static
-void printUsage(void){
- (void) printf("\nUSAGE:\tvalidateChain <trustedCert> "
- "<cert_1> <cert_2> ... <cert_n>\n");
- (void) printf("\tValidates a chain of n certificates "
- "using the given trust anchor.\n");
-
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\tvalidateChain <trustedCert> "
+ "<cert_1> <cert_2> ... <cert_n>\n");
+ (void)printf("\tValidates a chain of n certificates "
+ "using the given trust anchor.\n");
}
static PKIX_PL_Cert *
createCert(char *inFileName)
{
- PKIX_PL_ByteArray *byteArray = NULL;
- void *buf = NULL;
- PRFileDesc *inFile = NULL;
- PKIX_UInt32 len;
- SECItem certDER;
- SECStatus rv;
- /* default: NULL cert (failure case) */
- PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_ByteArray *byteArray = NULL;
+ void *buf = NULL;
+ PRFileDesc *inFile = NULL;
+ PKIX_UInt32 len;
+ SECItem certDER;
+ SECStatus rv;
+ /* default: NULL cert (failure case) */
+ PKIX_PL_Cert *cert = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ certDER.data = NULL;
- PKIX_TEST_STD_VARS();
+ inFile = PR_Open(inFileName, PR_RDONLY, 0);
- certDER.data = NULL;
+ if (!inFile) {
+ pkixTestErrorMsg = "Unable to open cert file";
+ goto cleanup;
+ } else {
+ rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
+ if (!rv) {
+ buf = (void *)certDER.data;
+ len = certDER.len;
- inFile = PR_Open(inFileName, PR_RDONLY, 0);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext));
- if (!inFile){
- pkixTestErrorMsg = "Unable to open cert file";
- goto cleanup;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext));
+
+ SECITEM_FreeItem(&certDER, PR_FALSE);
} else {
- rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
- if (!rv){
- buf = (void *)certDER.data;
- len = certDER.len;
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_ByteArray_Create
- (buf, len, &byteArray, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create
- (byteArray, &cert, plContext));
-
- SECITEM_FreeItem(&certDER, PR_FALSE);
- } else {
- pkixTestErrorMsg = "Unable to read DER from cert file";
- goto cleanup;
- }
+ pkixTestErrorMsg = "Unable to read DER from cert file";
+ goto cleanup;
}
+ }
cleanup:
- if (inFile){
- PR_Close(inFile);
- }
+ if (inFile) {
+ PR_Close(inFile);
+ }
- if (PKIX_TEST_ERROR_RECEIVED){
- SECITEM_FreeItem(&certDER, PR_FALSE);
- }
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ SECITEM_FreeItem(&certDER, PR_FALSE);
+ }
- PKIX_TEST_DECREF_AC(byteArray);
+ PKIX_TEST_DECREF_AC(byteArray);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (cert);
+ return (cert);
}
-int validate_chain(int argc, char *argv[])
+int
+validate_chain(int argc, char *argv[])
{
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_List *anchors = NULL;
- PKIX_List *certs = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_ValidateParams *valParams = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_PL_X500Name *subject = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_VerifyNode *verifyTree = NULL;
- PKIX_PL_String *verifyString = NULL;
-
- char *trustedCertFile = NULL;
- char *chainCertFile = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_PL_Cert *chainCert = NULL;
- PKIX_UInt32 chainLength = 0;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 j = 0;
- PKIX_UInt32 actualMinorVersion;
-
- PKIX_TEST_STD_VARS();
-
- if (argc < 3){
- printUsage();
- return (0);
- }
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_List *anchors = NULL;
+ PKIX_List *certs = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_PL_X500Name *subject = NULL;
+ PKIX_ComCertSelParams *certSelParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_VerifyNode *verifyTree = NULL;
+ PKIX_PL_String *verifyString = NULL;
+
+ char *trustedCertFile = NULL;
+ char *chainCertFile = NULL;
+ PKIX_PL_Cert *trustedCert = NULL;
+ PKIX_PL_Cert *chainCert = NULL;
+ PKIX_UInt32 chainLength = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 actualMinorVersion;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 3) {
+ printUsage();
+ return (0);
+ }
- PKIX_TEST_EXPECT_NO_ERROR(
- PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
- chainLength = (argc - j) - 2;
+ chainLength = (argc - j) - 2;
- /* create processing params with list of trust anchors */
- trustedCertFile = argv[1+j];
- trustedCert = createCert(trustedCertFile);
+ /* create processing params with list of trust anchors */
+ trustedCertFile = argv[1 + j];
+ trustedCert = createCert(trustedCertFile);
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
#if 0
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject
(certSelParams, subject, plContext));
#endif
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
- PKIX_TEST_DECREF_BC(subject);
- PKIX_TEST_DECREF_BC(certSelParams);
+ PKIX_TEST_DECREF_BC(subject);
+ PKIX_TEST_DECREF_BC(certSelParams);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
- (trustedCert, &anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_List_AppendItem
- (anchors, (PKIX_PL_Object *)anchor, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
- (anchors, &procParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetTargetCertConstraints
- (procParams, certSelector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
- PKIX_TEST_DECREF_BC(certSelector);
+ PKIX_TEST_DECREF_BC(certSelector);
- /* create cert chain */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));
- for (i = 0; i < chainLength; i++){
- chainCertFile = argv[(i + j) + 2];
- chainCert = createCert(chainCertFile);
+ /* create cert chain */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));
+ for (i = 0; i < chainLength; i++) {
+ chainCertFile = argv[(i + j) + 2];
+ chainCert = createCert(chainCertFile);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (certs,
- (PKIX_PL_Object *)chainCert,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs,
+ (PKIX_PL_Object *)chainCert,
+ plContext));
- PKIX_TEST_DECREF_BC(chainCert);
- chainCert = NULL;
- }
- /* create validate params with processing params and cert chain */
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create
- (procParams, certs, &valParams, plContext));
+ PKIX_TEST_DECREF_BC(chainCert);
+ chainCert = NULL;
+ }
+ /* create validate params with processing params and cert chain */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, certs, &valParams, plContext));
- PKIX_TEST_DECREF_BC(trustedCert); trustedCert = NULL;
- PKIX_TEST_DECREF_BC(anchor); anchor = NULL;
- PKIX_TEST_DECREF_BC(anchors); anchors = NULL;
- PKIX_TEST_DECREF_BC(certs); certs = NULL;
- PKIX_TEST_DECREF_BC(procParams); procParams = NULL;
+ PKIX_TEST_DECREF_BC(trustedCert);
+ trustedCert = NULL;
+ PKIX_TEST_DECREF_BC(anchor);
+ anchor = NULL;
+ PKIX_TEST_DECREF_BC(anchors);
+ anchors = NULL;
+ PKIX_TEST_DECREF_BC(certs);
+ certs = NULL;
+ PKIX_TEST_DECREF_BC(procParams);
+ procParams = NULL;
- /* validate cert chain using processing params and return valResult */
+ /* validate cert chain using processing params and return valResult */
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
- if (valResult != NULL){
- (void) printf("SUCCESSFULLY VALIDATED\n");
- }
+ if (valResult != NULL) {
+ (void)printf("SUCCESSFULLY VALIDATED\n");
+ }
cleanup:
- if (PKIX_TEST_ERROR_RECEIVED){
- (void) printf("FAILED TO VALIDATE\n");
- (void) PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)verifyTree, &verifyString, plContext);
- (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
- PKIX_TEST_DECREF_AC(verifyString);
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ (void)printf("FAILED TO VALIDATE\n");
+ (void)PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext);
+ (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+ PKIX_TEST_DECREF_AC(verifyString);
+ }
- }
+ PKIX_TEST_DECREF_AC(verifyTree);
+ PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(valParams);
- PKIX_TEST_DECREF_AC(verifyTree);
- PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_RETURN();
- PKIX_TEST_RETURN();
-
- PKIX_Shutdown(plContext);
-
- return (0);
+ PKIX_Shutdown(plContext);
+ return (0);
}
diff --git a/cmd/libpkix/testutil/testutil.c b/cmd/libpkix/testutil/testutil.c
index b73639538..0f438ba43 100755..100644
--- a/cmd/libpkix/testutil/testutil.c
+++ b/cmd/libpkix/testutil/testutil.c
@@ -36,8 +36,8 @@ static int errCount = 0;
void
startTests(char *testName)
{
- (void) printf("*START OF TESTS FOR %s:\n", testName);
- errCount = 0;
+ (void)printf("*START OF TESTS FOR %s:\n", testName);
+ errCount = 0;
}
/*
@@ -60,15 +60,16 @@ startTests(char *testName)
void
endTests(char *testName)
{
- char plural = ' ';
-
- (void) printf("*END OF TESTS FOR %s: ", testName);
- if (errCount > 0) {
- if (errCount > 1) plural = 's';
- (void) printf("%d SUBTEST%c FAILED.\n\n", errCount, plural);
- } else {
- (void) printf("ALL TESTS COMPLETED SUCCESSFULLY.\n\n");
- }
+ char plural = ' ';
+
+ (void)printf("*END OF TESTS FOR %s: ", testName);
+ if (errCount > 0) {
+ if (errCount > 1)
+ plural = 's';
+ (void)printf("%d SUBTEST%c FAILED.\n\n", errCount, plural);
+ } else {
+ (void)printf("ALL TESTS COMPLETED SUCCESSFULLY.\n\n");
+ }
}
/*
@@ -90,7 +91,7 @@ endTests(char *testName)
void
subTest(char *subTestName)
{
- (void) printf("TESTING: %s ...\n", subTestName);
+ (void)printf("TESTING: %s ...\n", subTestName);
}
/*
@@ -115,8 +116,8 @@ subTest(char *subTestName)
void
testErrorUndo(char *msg)
{
- --errCount;
- (void) printf("TEST FAILURE *** EXPECTED *** :%s\n", msg);
+ --errCount;
+ (void)printf("TEST FAILURE *** EXPECTED *** :%s\n", msg);
}
/*
@@ -140,8 +141,8 @@ testErrorUndo(char *msg)
void
testError(char *msg)
{
- ++errCount;
- (void) printf("TEST FAILURE: %s\n", msg);
+ ++errCount;
+ (void)printf("TEST FAILURE: %s\n", msg);
}
/*
@@ -167,27 +168,26 @@ testError(char *msg)
char *
PKIX_String2ASCII(PKIX_PL_String *string, void *plContext)
{
- PKIX_UInt32 length;
- char *asciiString = NULL;
- PKIX_Error *errorResult;
+ PKIX_UInt32 length;
+ char *asciiString = NULL;
+ PKIX_Error *errorResult;
- errorResult = PKIX_PL_String_GetEncoded
- (string,
- PKIX_ESCASCII,
- (void **)&asciiString,
- &length,
- plContext);
+ errorResult = PKIX_PL_String_GetEncoded(string,
+ PKIX_ESCASCII,
+ (void **)&asciiString,
+ &length,
+ plContext);
- if (errorResult) goto cleanup;
+ if (errorResult)
+ goto cleanup;
cleanup:
- if (errorResult){
- return (NULL);
- }
-
- return (asciiString);
+ if (errorResult) {
+ return (NULL);
+ }
+ return (asciiString);
}
/*
@@ -211,36 +211,34 @@ cleanup:
char *
PKIX_Error2ASCII(PKIX_Error *error, void *plContext)
{
- PKIX_UInt32 length;
- char *asciiString = NULL;
- PKIX_PL_String *pkixString = NULL;
- PKIX_Error *errorResult = NULL;
-
- errorResult = PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)error, &pkixString, plContext);
- if (errorResult) goto cleanup;
-
- errorResult = PKIX_PL_String_GetEncoded
- (pkixString,
- PKIX_ESCASCII,
- (void **)&asciiString,
- &length,
- plContext);
+ PKIX_UInt32 length;
+ char *asciiString = NULL;
+ PKIX_PL_String *pkixString = NULL;
+ PKIX_Error *errorResult = NULL;
+
+ errorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)error, &pkixString, plContext);
+ if (errorResult)
+ goto cleanup;
+
+ errorResult = PKIX_PL_String_GetEncoded(pkixString,
+ PKIX_ESCASCII,
+ (void **)&asciiString,
+ &length,
+ plContext);
cleanup:
- if (pkixString){
- if (PKIX_PL_Object_DecRef
- ((PKIX_PL_Object*)pkixString, plContext)){
- return (NULL);
- }
+ if (pkixString) {
+ if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixString, plContext)) {
+ return (NULL);
}
+ }
- if (errorResult){
- return (NULL);
- }
+ if (errorResult) {
+ return (NULL);
+ }
- return (asciiString);
+ return (asciiString);
}
/*
@@ -262,31 +260,30 @@ cleanup:
char *
PKIX_Object2ASCII(PKIX_PL_Object *object)
{
- PKIX_UInt32 length;
- char *asciiString = NULL;
- PKIX_PL_String *pkixString = NULL;
- PKIX_Error *errorResult = NULL;
+ PKIX_UInt32 length;
+ char *asciiString = NULL;
+ PKIX_PL_String *pkixString = NULL;
+ PKIX_Error *errorResult = NULL;
- errorResult = PKIX_PL_Object_ToString
- (object, &pkixString, NULL);
- if (errorResult) goto cleanup;
+ errorResult = PKIX_PL_Object_ToString(object, &pkixString, NULL);
+ if (errorResult)
+ goto cleanup;
- errorResult = PKIX_PL_String_GetEncoded
- (pkixString, PKIX_ESCASCII, (void **)&asciiString, &length, NULL);
+ errorResult = PKIX_PL_String_GetEncoded(pkixString, PKIX_ESCASCII, (void **)&asciiString, &length, NULL);
cleanup:
- if (pkixString){
- if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixString, NULL)){
- return (NULL);
- }
+ if (pkixString) {
+ if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixString, NULL)) {
+ return (NULL);
}
+ }
- if (errorResult){
- return (NULL);
- }
+ if (errorResult) {
+ return (NULL);
+ }
- return (asciiString);
+ return (asciiString);
}
/*
@@ -308,68 +305,71 @@ cleanup:
char *
PKIX_Cert2ASCII(PKIX_PL_Cert *cert)
{
- PKIX_PL_X500Name *issuer = NULL;
- void *issuerAscii = NULL;
- PKIX_PL_X500Name *subject = NULL;
- void *subjectAscii = NULL;
- void *asciiString = NULL;
- PKIX_Error *errorResult = NULL;
- PKIX_UInt32 numChars;
-
- /* Issuer */
- errorResult = PKIX_PL_Cert_GetIssuer(cert, &issuer, NULL);
- if (errorResult) goto cleanup;
-
- issuerAscii = PKIX_Object2ASCII((PKIX_PL_Object*)issuer);
-
- /* Subject */
- errorResult = PKIX_PL_Cert_GetSubject(cert, &subject, NULL);
- if (errorResult) goto cleanup;
-
- if (subject){
- subjectAscii = PKIX_Object2ASCII((PKIX_PL_Object*)subject);
- }
-
- errorResult = PKIX_PL_Malloc(200, &asciiString, NULL);
- if (errorResult) goto cleanup;
-
- numChars =
- PR_snprintf
- (asciiString,
- 200,
- "Issuer=%s\nSubject=%s\n",
- issuerAscii,
- subjectAscii);
-
- if (!numChars) goto cleanup;
+ PKIX_PL_X500Name *issuer = NULL;
+ void *issuerAscii = NULL;
+ PKIX_PL_X500Name *subject = NULL;
+ void *subjectAscii = NULL;
+ void *asciiString = NULL;
+ PKIX_Error *errorResult = NULL;
+ PKIX_UInt32 numChars;
+
+ /* Issuer */
+ errorResult = PKIX_PL_Cert_GetIssuer(cert, &issuer, NULL);
+ if (errorResult)
+ goto cleanup;
+
+ issuerAscii = PKIX_Object2ASCII((PKIX_PL_Object *)issuer);
+
+ /* Subject */
+ errorResult = PKIX_PL_Cert_GetSubject(cert, &subject, NULL);
+ if (errorResult)
+ goto cleanup;
+
+ if (subject) {
+ subjectAscii = PKIX_Object2ASCII((PKIX_PL_Object *)subject);
+ }
+
+ errorResult = PKIX_PL_Malloc(200, &asciiString, NULL);
+ if (errorResult)
+ goto cleanup;
+
+ numChars =
+ PR_snprintf(asciiString,
+ 200,
+ "Issuer=%s\nSubject=%s\n",
+ issuerAscii,
+ subjectAscii);
+
+ if (!numChars)
+ goto cleanup;
cleanup:
- if (issuer){
- if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)issuer, NULL)){
- return (NULL);
- }
+ if (issuer) {
+ if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)issuer, NULL)) {
+ return (NULL);
}
+ }
- if (subject){
- if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)subject, NULL)){
- return (NULL);
- }
+ if (subject) {
+ if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)subject, NULL)) {
+ return (NULL);
}
+ }
- if (PKIX_PL_Free((PKIX_PL_Object*)issuerAscii, NULL)){
- return (NULL);
- }
+ if (PKIX_PL_Free((PKIX_PL_Object *)issuerAscii, NULL)) {
+ return (NULL);
+ }
- if (PKIX_PL_Free((PKIX_PL_Object*)subjectAscii, NULL)){
- return (NULL);
- }
+ if (PKIX_PL_Free((PKIX_PL_Object *)subjectAscii, NULL)) {
+ return (NULL);
+ }
- if (errorResult){
- return (NULL);
- }
+ if (errorResult) {
+ return (NULL);
+ }
- return (asciiString);
+ return (asciiString);
}
/*
@@ -397,35 +397,32 @@ cleanup:
*/
void
testHashcodeHelper(
- PKIX_PL_Object *goodObject,
- PKIX_PL_Object *otherObject,
- PKIX_Boolean match,
- void *plContext)
+ PKIX_PL_Object *goodObject,
+ PKIX_PL_Object *otherObject,
+ PKIX_Boolean match,
+ void *plContext)
{
- PKIX_UInt32 goodHash;
- PKIX_UInt32 otherHash;
- PKIX_Boolean cmpResult;
- PKIX_TEST_STD_VARS();
+ PKIX_UInt32 goodHash;
+ PKIX_UInt32 otherHash;
+ PKIX_Boolean cmpResult;
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)goodObject, &goodHash, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)goodObject, &goodHash, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)otherObject, &otherHash, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)otherObject, &otherHash, plContext));
- cmpResult = (goodHash == otherHash);
+ cmpResult = (goodHash == otherHash);
- if ((match && !cmpResult) || (!match && cmpResult)){
- testError("unexpected mismatch");
- (void) printf("Hash1:\t%d\n", goodHash);
- (void) printf("Hash2:\t%d\n", otherHash);
- }
+ if ((match && !cmpResult) || (!match && cmpResult)) {
+ testError("unexpected mismatch");
+ (void)printf("Hash1:\t%d\n", goodHash);
+ (void)printf("Hash2:\t%d\n", otherHash);
+ }
cleanup:
- PKIX_TEST_RETURN();
-
+ PKIX_TEST_RETURN();
}
/*
@@ -450,48 +447,46 @@ cleanup:
*/
void
testToStringHelper(
- PKIX_PL_Object *goodObject,
- char *expected,
- void *plContext)
+ PKIX_PL_Object *goodObject,
+ char *expected,
+ void *plContext)
{
- PKIX_PL_String *stringRep = NULL;
- char *actual = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_PL_String *stringRep = NULL;
+ char *actual = NULL;
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
- (goodObject, &stringRep, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(goodObject, &stringRep, plContext));
- actual = PKIX_String2ASCII(stringRep, plContext);
- if (actual == NULL){
- pkixTestErrorMsg = "PKIX_String2ASCII Failed";
- goto cleanup;
- }
+ actual = PKIX_String2ASCII(stringRep, plContext);
+ if (actual == NULL) {
+ pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+ goto cleanup;
+ }
- /*
+ /*
* If you are having trouble matching the string, uncomment the
* PL_strstr function to figure out what's going on.
*/
- /*
+ /*
if (PL_strstr(actual, expected) == NULL){
testError("PL_strstr failed");
}
*/
-
- if (PL_strcmp(actual, expected) != 0){
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%s\n", actual);
- (void) printf("Expected value:\t%s\n", expected);
- }
+ if (PL_strcmp(actual, expected) != 0) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%s\n", actual);
+ (void)printf("Expected value:\t%s\n", expected);
+ }
cleanup:
- PKIX_PL_Free(actual, plContext);
+ PKIX_PL_Free(actual, plContext);
- PKIX_TEST_DECREF_AC(stringRep);
+ PKIX_TEST_DECREF_AC(stringRep);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
/*
@@ -518,31 +513,28 @@ cleanup:
*/
void
testEqualsHelper(
- PKIX_PL_Object *goodObject,
- PKIX_PL_Object *otherObject,
- PKIX_Boolean match,
- void *plContext)
+ PKIX_PL_Object *goodObject,
+ PKIX_PL_Object *otherObject,
+ PKIX_Boolean match,
+ void *plContext)
{
- PKIX_Boolean cmpResult;
- PKIX_TEST_STD_VARS();
+ PKIX_Boolean cmpResult;
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Object_Equals
- (goodObject, otherObject, &cmpResult, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(goodObject, otherObject, &cmpResult, plContext));
- if ((match && !cmpResult) || (!match && cmpResult)){
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%d\n", cmpResult);
- (void) printf("Expected value:\t%d\n", match);
- }
+ if ((match && !cmpResult) || (!match && cmpResult)) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", cmpResult);
+ (void)printf("Expected value:\t%d\n", match);
+ }
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
-
/*
* FUNCTION: testDuplicateHelper
* DESCRIPTION:
@@ -561,26 +553,24 @@ cleanup:
void
testDuplicateHelper(PKIX_PL_Object *object, void *plContext)
{
- PKIX_PL_Object *newObject = NULL;
- PKIX_Boolean cmpResult;
+ PKIX_PL_Object *newObject = NULL;
+ PKIX_Boolean cmpResult;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
- (object, &newObject, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate(object, &newObject, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
- (object, newObject, &cmpResult, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(object, newObject, &cmpResult, plContext));
- if (!cmpResult){
- testError("unexpected mismatch");
- (void) printf("Actual value:\t%d\n", cmpResult);
- (void) printf("Expected value:\t%d\n", PKIX_TRUE);
- }
+ if (!cmpResult) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", cmpResult);
+ (void)printf("Expected value:\t%d\n", PKIX_TRUE);
+ }
cleanup:
- PKIX_TEST_DECREF_AC(newObject);
+ PKIX_TEST_DECREF_AC(newObject);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
}
diff --git a/cmd/libpkix/testutil/testutil.h b/cmd/libpkix/testutil/testutil.h
index 9ef6719c0..2cfe5b8a8 100755..100644
--- a/cmd/libpkix/testutil/testutil.h
+++ b/cmd/libpkix/testutil/testutil.h
@@ -49,9 +49,9 @@ extern "C" {
* declarations after statements). PKIX_TEST_STD_VARS declares and initializes
* several variables needed by the other test macros.
*/
-#define PKIX_TEST_STD_VARS() \
- PKIX_Error *pkixTestErrorResult = NULL; \
- char *pkixTestErrorMsg = NULL;
+#define PKIX_TEST_STD_VARS() \
+ PKIX_Error *pkixTestErrorResult = NULL; \
+ char *pkixTestErrorMsg = NULL;
/*
* PKIX_TEST_EXPECT_NO_ERROR should be used to wrap a standard PKIX function
@@ -64,12 +64,12 @@ extern "C" {
*/
#define PKIX_TEST_EXPECT_NO_ERROR(func) \
- do { \
- pkixTestErrorResult = (func); \
- if (pkixTestErrorResult) { \
- goto cleanup; \
- } \
- } while (0)
+ do { \
+ pkixTestErrorResult = (func); \
+ if (pkixTestErrorResult) { \
+ goto cleanup; \
+ } \
+ } while (0)
/*
* PKIX_TEST_EXPECT_ERROR should be used to wrap a standard PKIX function call
@@ -82,16 +82,16 @@ extern "C" {
* Example Usage: PKIX_TEST_EXPECT_ERROR(pkixFunc_expected_to_fail(...));
*/
-#define PKIX_TEST_EXPECT_ERROR(func) \
- do { \
- pkixTestErrorResult = (func); \
- if (!pkixTestErrorResult){ \
- pkixTestErrorMsg = \
- "Should have thrown an error here."; \
- goto cleanup; \
- } \
- PKIX_TEST_DECREF_BC(pkixTestErrorResult); \
- } while (0)
+#define PKIX_TEST_EXPECT_ERROR(func) \
+ do { \
+ pkixTestErrorResult = (func); \
+ if (!pkixTestErrorResult) { \
+ pkixTestErrorMsg = \
+ "Should have thrown an error here."; \
+ goto cleanup; \
+ } \
+ PKIX_TEST_DECREF_BC(pkixTestErrorResult); \
+ } while (0)
/*
* PKIX_TEST_DECREF_BC is a convenience macro which should only be called
@@ -101,15 +101,13 @@ extern "C" {
* This macro MUST NOT be called after the "cleanup" label.
*/
-#define PKIX_TEST_DECREF_BC(obj) \
- do { \
- if (obj){ \
- PKIX_TEST_EXPECT_NO_ERROR \
- (PKIX_PL_Object_DecRef \
- ((PKIX_PL_Object*)(obj), plContext)); \
- obj = NULL; \
- } \
- } while (0)
+#define PKIX_TEST_DECREF_BC(obj) \
+ do { \
+ if (obj) { \
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_DecRef((PKIX_PL_Object *)(obj), plContext)); \
+ obj = NULL; \
+ } \
+ } while (0)
/*
* PKIX_TEST_DECREF_AC is a convenience macro which should only be called
@@ -122,18 +120,17 @@ extern "C" {
* DecRef failure is fatal and may be indicative of memory corruption.
*/
-#define PKIX_TEST_DECREF_AC(obj) \
- do { \
- if (obj){ \
- PKIX_Error *pkixTestTempResult = NULL; \
- pkixTestTempResult = \
- PKIX_PL_Object_DecRef \
- ((PKIX_PL_Object*)(obj), plContext); \
- if (pkixTestTempResult) \
- pkixTestErrorResult = pkixTestTempResult; \
- obj = NULL; \
- } \
- } while (0)
+#define PKIX_TEST_DECREF_AC(obj) \
+ do { \
+ if (obj) { \
+ PKIX_Error *pkixTestTempResult = NULL; \
+ pkixTestTempResult = \
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(obj), plContext); \
+ if (pkixTestTempResult) \
+ pkixTestErrorResult = pkixTestTempResult; \
+ obj = NULL; \
+ } \
+ } while (0)
/*
* PKIX_TEST_RETURN must always be AFTER the "cleanup" label. It does nothing
@@ -144,30 +141,27 @@ extern "C" {
* as an input and the error is DecRef'd. In the case of unexpected success
* testError is called with a standard string.
*/
-#define PKIX_TEST_RETURN() \
- { \
- if (pkixTestErrorMsg){ \
- testError(pkixTestErrorMsg); \
- } else if (pkixTestErrorResult){ \
- pkixTestErrorMsg = \
- PKIX_Error2ASCII \
- (pkixTestErrorResult, plContext); \
- if (pkixTestErrorMsg) { \
- testError(pkixTestErrorMsg); \
- PKIX_PL_Free \
- ((PKIX_PL_Object *)pkixTestErrorMsg, \
- plContext); \
- } else { \
- testError("PKIX_Error2ASCII Failed"); \
- } \
- if (pkixTestErrorResult != PKIX_ALLOC_ERROR()){ \
- PKIX_PL_Object_DecRef \
- ((PKIX_PL_Object*)pkixTestErrorResult, \
- plContext); \
- pkixTestErrorResult = NULL; \
- } \
- } \
- }
+#define PKIX_TEST_RETURN() \
+ { \
+ if (pkixTestErrorMsg) { \
+ testError(pkixTestErrorMsg); \
+ } else if (pkixTestErrorResult) { \
+ pkixTestErrorMsg = \
+ PKIX_Error2ASCII(pkixTestErrorResult, plContext); \
+ if (pkixTestErrorMsg) { \
+ testError(pkixTestErrorMsg); \
+ PKIX_PL_Free((PKIX_PL_Object *)pkixTestErrorMsg, \
+ plContext); \
+ } else { \
+ testError("PKIX_Error2ASCII Failed"); \
+ } \
+ if (pkixTestErrorResult != PKIX_ALLOC_ERROR()) { \
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixTestErrorResult, \
+ plContext); \
+ pkixTestErrorResult = NULL; \
+ } \
+ } \
+ }
/*
* PKIX_TEST_EQ_HASH_TOSTR_DUP is a convenience macro which executes the
@@ -185,44 +179,40 @@ extern "C" {
* Note: If goodObj uses the default Equals and Hashcode functions, then
* for goodObj and equalObj to be equal, they must have the same pointer value.
*/
-#define PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObj, equalObj, diffObj, \
- expAscii, type, checkDuplicate) \
- do { \
- subTest("PKIX_PL_" #type "_Equals <match>"); \
- testEqualsHelper \
- ((PKIX_PL_Object *)(goodObj), \
- (PKIX_PL_Object *)(equalObj), \
- PKIX_TRUE, \
- plContext); \
- subTest("PKIX_PL_" #type "_Hashcode <match>"); \
- testHashcodeHelper \
- ((PKIX_PL_Object *)(goodObj), \
- (PKIX_PL_Object *)(equalObj), \
- PKIX_TRUE, \
- plContext); \
- subTest("PKIX_PL_" #type "_Equals <non-match>"); \
- testEqualsHelper \
- ((PKIX_PL_Object *)(goodObj), \
- (PKIX_PL_Object *)(diffObj), \
- PKIX_FALSE, \
- plContext); \
- subTest("PKIX_PL_" #type "_Hashcode <non-match>"); \
- testHashcodeHelper \
- ((PKIX_PL_Object *)(goodObj), \
- (PKIX_PL_Object *)(diffObj), \
- PKIX_FALSE, \
- plContext); \
- if (expAscii){ \
- subTest("PKIX_PL_" #type "_ToString"); \
- testToStringHelper \
- ((PKIX_PL_Object *)(goodObj), \
- (expAscii), \
- plContext); } \
- if (checkDuplicate){ \
- subTest("PKIX_PL_" #type "_Duplicate"); \
- testDuplicateHelper \
- ((PKIX_PL_Object *)goodObj, plContext); } \
- } while (0)
+#define PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObj, equalObj, diffObj, \
+ expAscii, type, checkDuplicate) \
+ do { \
+ subTest("PKIX_PL_" #type "_Equals <match>"); \
+ testEqualsHelper((PKIX_PL_Object *)(goodObj), \
+ (PKIX_PL_Object *)(equalObj), \
+ PKIX_TRUE, \
+ plContext); \
+ subTest("PKIX_PL_" #type "_Hashcode <match>"); \
+ testHashcodeHelper((PKIX_PL_Object *)(goodObj), \
+ (PKIX_PL_Object *)(equalObj), \
+ PKIX_TRUE, \
+ plContext); \
+ subTest("PKIX_PL_" #type "_Equals <non-match>"); \
+ testEqualsHelper((PKIX_PL_Object *)(goodObj), \
+ (PKIX_PL_Object *)(diffObj), \
+ PKIX_FALSE, \
+ plContext); \
+ subTest("PKIX_PL_" #type "_Hashcode <non-match>"); \
+ testHashcodeHelper((PKIX_PL_Object *)(goodObj), \
+ (PKIX_PL_Object *)(diffObj), \
+ PKIX_FALSE, \
+ plContext); \
+ if (expAscii) { \
+ subTest("PKIX_PL_" #type "_ToString"); \
+ testToStringHelper((PKIX_PL_Object *)(goodObj), \
+ (expAscii), \
+ plContext); \
+ } \
+ if (checkDuplicate) { \
+ subTest("PKIX_PL_" #type "_Duplicate"); \
+ testDuplicateHelper((PKIX_PL_Object *)goodObj, plContext); \
+ } \
+ } while (0)
/*
* PKIX_TEST_DECREF_BC is a convenience macro which should only be called
@@ -233,16 +223,15 @@ extern "C" {
*/
#define PKIX_TEST_ABORT_ON_NULL(obj) \
- do { \
- if (!obj){ \
- goto cleanup; \
- } \
- } while (0)
+ do { \
+ if (!obj) { \
+ goto cleanup; \
+ } \
+ } while (0)
-#define PKIX_TEST_ARENAS_ARG(arena) \
- (arena? \
- (PORT_Strcmp(arena, "arenas") ? PKIX_FALSE : (j++, PKIX_TRUE)): \
- PKIX_FALSE)
+#define PKIX_TEST_ARENAS_ARG(arena) \
+ (arena ? (PORT_Strcmp(arena, "arenas") ? PKIX_FALSE : (j++, PKIX_TRUE)) : \
+ PKIX_FALSE)
#define PKIX_TEST_ERROR_RECEIVED (pkixTestErrorMsg || pkixTestErrorResult)
@@ -262,38 +251,38 @@ _ErrorCheck(PKIX_Error *errorResult);
extern PKIX_Error *
_OutputError(PKIX_Error *errorResult);
-char* PKIX_String2ASCII(PKIX_PL_String *string, void *plContext);
+char *PKIX_String2ASCII(PKIX_PL_String *string, void *plContext);
-char* PKIX_Error2ASCII(PKIX_Error *error, void *plContext);
+char *PKIX_Error2ASCII(PKIX_Error *error, void *plContext);
-char* PKIX_Object2ASCII(PKIX_PL_Object *object);
+char *PKIX_Object2ASCII(PKIX_PL_Object *object);
char *PKIX_Cert2ASCII(PKIX_PL_Cert *cert);
void
testHashcodeHelper(
- PKIX_PL_Object *goodObject,
- PKIX_PL_Object *otherObject,
- PKIX_Boolean match,
- void *plContext);
+ PKIX_PL_Object *goodObject,
+ PKIX_PL_Object *otherObject,
+ PKIX_Boolean match,
+ void *plContext);
void
testToStringHelper(
- PKIX_PL_Object *goodObject,
- char *expected,
- void *plContext);
+ PKIX_PL_Object *goodObject,
+ char *expected,
+ void *plContext);
void
testEqualsHelper(
- PKIX_PL_Object *goodObject,
- PKIX_PL_Object *otherObject,
- PKIX_Boolean match,
- void *plContext);
+ PKIX_PL_Object *goodObject,
+ PKIX_PL_Object *otherObject,
+ PKIX_Boolean match,
+ void *plContext);
void
testDuplicateHelper(
- PKIX_PL_Object *object,
- void *plContext);
+ PKIX_PL_Object *object,
+ void *plContext);
void
testErrorUndo(char *msg);
diff --git a/cmd/libpkix/testutil/testutil_nss.c b/cmd/libpkix/testutil/testutil_nss.c
index 4f7cc4096..3417d0ab7 100755..100644
--- a/cmd/libpkix/testutil/testutil_nss.c
+++ b/cmd/libpkix/testutil/testutil_nss.c
@@ -33,598 +33,547 @@
#include "keythi.h"
#include "nss.h"
-static char *catDirName(char *dir, char *name, void *plContext)
+static char *
+catDirName(char *dir, char *name, void *plContext)
{
- char *pathName = NULL;
- PKIX_UInt32 nameLen;
- PKIX_UInt32 dirLen;
+ char *pathName = NULL;
+ PKIX_UInt32 nameLen;
+ PKIX_UInt32 dirLen;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- nameLen = PL_strlen(name);
- dirLen = PL_strlen(dir);
+ nameLen = PL_strlen(name);
+ dirLen = PL_strlen(dir);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
- (dirLen + nameLen + 2,
- (void **)&pathName,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirLen + nameLen + 2,
+ (void **)&pathName,
+ plContext));
- PL_strcpy(pathName, dir);
- PL_strcat(pathName, "/");
- PL_strcat(pathName, name);
- printf("pathName = %s\n", pathName);
+ PL_strcpy(pathName, dir);
+ PL_strcat(pathName, "/");
+ PL_strcat(pathName, name);
+ printf("pathName = %s\n", pathName);
cleanup:
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (pathName);
+ return (pathName);
}
PKIX_PL_Cert *
createCert(
- char *dirName,
- char *certFileName,
- void *plContext)
+ char *dirName,
+ char *certFileName,
+ void *plContext)
{
- PKIX_PL_ByteArray *byteArray = NULL;
- void *buf = NULL;
- PRFileDesc *certFile = NULL;
- PKIX_UInt32 len;
- SECItem certDER;
- SECStatus rv;
- /* default: NULL cert (failure case) */
- PKIX_PL_Cert *cert = NULL;
- char *pathName = NULL;
+ PKIX_PL_ByteArray *byteArray = NULL;
+ void *buf = NULL;
+ PRFileDesc *certFile = NULL;
+ PKIX_UInt32 len;
+ SECItem certDER;
+ SECStatus rv;
+ /* default: NULL cert (failure case) */
+ PKIX_PL_Cert *cert = NULL;
+ char *pathName = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
+ certDER.data = NULL;
- certDER.data = NULL;
+ pathName = catDirName(dirName, certFileName, plContext);
+ certFile = PR_Open(pathName, PR_RDONLY, 0);
- pathName = catDirName(dirName, certFileName, plContext);
- certFile = PR_Open(pathName, PR_RDONLY, 0);
+ if (!certFile) {
+ pkixTestErrorMsg = "Unable to open cert file";
+ goto cleanup;
+ } else {
+ rv = SECU_ReadDERFromFile(&certDER, certFile, PR_FALSE, PR_FALSE);
+ if (!rv) {
+ buf = (void *)certDER.data;
+ len = certDER.len;
- if (!certFile){
- pkixTestErrorMsg = "Unable to open cert file";
- goto cleanup;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext));
+
+ SECITEM_FreeItem(&certDER, PR_FALSE);
} else {
- rv = SECU_ReadDERFromFile(&certDER, certFile, PR_FALSE, PR_FALSE);
- if (!rv){
- buf = (void *)certDER.data;
- len = certDER.len;
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_ByteArray_Create
- (buf, len, &byteArray, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create
- (byteArray, &cert, plContext));
-
- SECITEM_FreeItem(&certDER, PR_FALSE);
- } else {
- pkixTestErrorMsg = "Unable to read DER from cert file";
- goto cleanup;
- }
+ pkixTestErrorMsg = "Unable to read DER from cert file";
+ goto cleanup;
}
+ }
cleanup:
- pkixTestErrorResult = PKIX_PL_Free(pathName, plContext);
+ pkixTestErrorResult = PKIX_PL_Free(pathName, plContext);
- if (certFile){
- PR_Close(certFile);
- }
+ if (certFile) {
+ PR_Close(certFile);
+ }
- if (PKIX_TEST_ERROR_RECEIVED){
- SECITEM_FreeItem(&certDER, PR_FALSE);
- }
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ SECITEM_FreeItem(&certDER, PR_FALSE);
+ }
- PKIX_TEST_DECREF_AC(byteArray);
+ PKIX_TEST_DECREF_AC(byteArray);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (cert);
+ return (cert);
}
PKIX_PL_CRL *
createCRL(
- char *dirName,
- char *crlFileName,
- void *plContext)
+ char *dirName,
+ char *crlFileName,
+ void *plContext)
{
- PKIX_PL_ByteArray *byteArray = NULL;
- PKIX_PL_CRL *crl = NULL;
- PKIX_Error *error = NULL;
- PRFileDesc *inFile = NULL;
- SECItem crlDER;
- void *buf = NULL;
- PKIX_UInt32 len;
- SECStatus rv;
- char *pathName = NULL;
-
- PKIX_TEST_STD_VARS();
-
- crlDER.data = NULL;
-
- pathName = catDirName(dirName, crlFileName, plContext);
- inFile = PR_Open(pathName, PR_RDONLY, 0);
+ PKIX_PL_ByteArray *byteArray = NULL;
+ PKIX_PL_CRL *crl = NULL;
+ PKIX_Error *error = NULL;
+ PRFileDesc *inFile = NULL;
+ SECItem crlDER;
+ void *buf = NULL;
+ PKIX_UInt32 len;
+ SECStatus rv;
+ char *pathName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ crlDER.data = NULL;
+
+ pathName = catDirName(dirName, crlFileName, plContext);
+ inFile = PR_Open(pathName, PR_RDONLY, 0);
+
+ if (!inFile) {
+ pkixTestErrorMsg = "Unable to open crl file";
+ goto cleanup;
+ } else {
+ rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
+ if (!rv) {
+ buf = (void *)crlDER.data;
+ len = crlDER.len;
+
+ error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext);
+
+ if (error) {
+ pkixTestErrorMsg =
+ "PKIX_PL_ByteArray_Create failed";
+ goto cleanup;
+ }
- if (!inFile){
- pkixTestErrorMsg = "Unable to open crl file";
+ error = PKIX_PL_CRL_Create(byteArray, &crl, plContext);
+ if (error) {
+ pkixTestErrorMsg = "PKIX_PL_Crl_Create failed";
goto cleanup;
+ }
+
+ SECITEM_FreeItem(&crlDER, PR_FALSE);
} else {
- rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
- if (!rv){
- buf = (void *)crlDER.data;
- len = crlDER.len;
-
- error = PKIX_PL_ByteArray_Create
- (buf, len, &byteArray, plContext);
-
- if (error){
- pkixTestErrorMsg =
- "PKIX_PL_ByteArray_Create failed";
- goto cleanup;
- }
-
- error = PKIX_PL_CRL_Create(byteArray, &crl, plContext);
- if (error){
- pkixTestErrorMsg = "PKIX_PL_Crl_Create failed";
- goto cleanup;
- }
-
- SECITEM_FreeItem(&crlDER, PR_FALSE);
- } else {
- pkixTestErrorMsg = "Unable to read DER from crl file";
- goto cleanup;
- }
+ pkixTestErrorMsg = "Unable to read DER from crl file";
+ goto cleanup;
}
+ }
cleanup:
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(pathName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(pathName, plContext));
- if (inFile){
- PR_Close(inFile);
- }
-
- if (error){
- SECITEM_FreeItem(&crlDER, PR_FALSE);
- }
+ if (inFile) {
+ PR_Close(inFile);
+ }
- PKIX_TEST_DECREF_AC(byteArray);
+ if (error) {
+ SECITEM_FreeItem(&crlDER, PR_FALSE);
+ }
- PKIX_TEST_RETURN();
+ PKIX_TEST_DECREF_AC(byteArray);
- return (crl);
+ PKIX_TEST_RETURN();
+ return (crl);
}
PKIX_TrustAnchor *
createTrustAnchor(
- char *dirName,
- char *certFileName,
- PKIX_Boolean useCert,
- void *plContext)
+ char *dirName,
+ char *certFileName,
+ PKIX_Boolean useCert,
+ void *plContext)
{
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_X500Name *name = NULL;
- PKIX_PL_PublicKey *pubKey = NULL;
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_X500Name *name = NULL;
+ PKIX_PL_PublicKey *pubKey = NULL;
+ PKIX_PL_CertNameConstraints *nameConstraints = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- cert = createCert(dirName, certFileName, plContext);
+ cert = createCert(dirName, certFileName, plContext);
- if (useCert){
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
- (cert, &anchor, plContext));
- } else {
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject
- (cert, &name, plContext));
+ if (useCert) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(cert, &anchor, plContext));
+ } else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(cert, &name, plContext));
- if (name == NULL){
- goto cleanup;
- }
+ if (name == NULL) {
+ goto cleanup;
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (cert, &pubKey, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
- (cert, &nameConstraints, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &nameConstraints, NULL));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_TrustAnchor_CreateWithNameKeyPair
- (name, pubKey, nameConstraints, &anchor, plContext));
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithNameKeyPair(name, pubKey, nameConstraints, &anchor, plContext));
+ }
cleanup:
- if (PKIX_TEST_ERROR_RECEIVED){
- PKIX_TEST_DECREF_AC(anchor);
- }
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(anchor);
+ }
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(name);
- PKIX_TEST_DECREF_AC(pubKey);
- PKIX_TEST_DECREF_AC(nameConstraints);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(name);
+ PKIX_TEST_DECREF_AC(pubKey);
+ PKIX_TEST_DECREF_AC(nameConstraints);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (anchor);
+ return (anchor);
}
PKIX_List *
createCertChain(
- char *dirName,
- char *firstCertFileName,
- char *secondCertFileName,
- void *plContext)
+ char *dirName,
+ char *firstCertFileName,
+ char *secondCertFileName,
+ void *plContext)
{
- PKIX_PL_Cert *firstCert = NULL;
- PKIX_PL_Cert *secondCert = NULL;
- PKIX_List *certList = NULL;
+ PKIX_PL_Cert *firstCert = NULL;
+ PKIX_PL_Cert *secondCert = NULL;
+ PKIX_List *certList = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));
- firstCert = createCert(dirName, firstCertFileName, plContext);
+ firstCert = createCert(dirName, firstCertFileName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (certList, (PKIX_PL_Object *)firstCert, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)firstCert, plContext));
- if (secondCertFileName){
- secondCert = createCert(dirName, secondCertFileName, plContext);
+ if (secondCertFileName) {
+ secondCert = createCert(dirName, secondCertFileName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (certList, (PKIX_PL_Object *)secondCert, plContext));
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)secondCert, plContext));
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable
- (certList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext));
cleanup:
- if (PKIX_TEST_ERROR_RECEIVED){
- PKIX_TEST_DECREF_AC(certList);
- }
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(certList);
+ }
- PKIX_TEST_DECREF_AC(firstCert);
- PKIX_TEST_DECREF_AC(secondCert);
+ PKIX_TEST_DECREF_AC(firstCert);
+ PKIX_TEST_DECREF_AC(secondCert);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (certList);
+ return (certList);
}
PKIX_List *
createCertChainPlus(
- char *dirName,
- char *certNames[],
- PKIX_PL_Cert *certs[],
- PKIX_UInt32 numCerts,
- void *plContext)
+ char *dirName,
+ char *certNames[],
+ PKIX_PL_Cert *certs[],
+ PKIX_UInt32 numCerts,
+ void *plContext)
{
- PKIX_List *certList = NULL;
- PKIX_UInt32 i;
+ PKIX_List *certList = NULL;
+ PKIX_UInt32 i;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));
- for (i = 0; i < numCerts; i++) {
+ for (i = 0; i < numCerts; i++) {
- certs[i] = createCert(dirName, certNames[i], plContext);
+ certs[i] = createCert(dirName, certNames[i], plContext);
- /* Create Cert may fail */
- if (certs[i] == NULL) {
- PKIX_TEST_DECREF_BC(certList);
- goto cleanup;
- }
-
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (certList,
- (PKIX_PL_Object *)certs[i],
- plContext));
+ /* Create Cert may fail */
+ if (certs[i] == NULL) {
+ PKIX_TEST_DECREF_BC(certList);
+ goto cleanup;
}
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable
- (certList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList,
+ (PKIX_PL_Object *)certs[i],
+ plContext));
+ }
-cleanup:
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext));
- if (PKIX_TEST_ERROR_RECEIVED){
- PKIX_TEST_DECREF_AC(certList);
- }
+cleanup:
- for (i = 0; i < numCerts; i++) {
- PKIX_TEST_DECREF_AC(certs[i]);
- }
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(certList);
+ }
- PKIX_TEST_RETURN();
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_DECREF_AC(certs[i]);
+ }
- return (certList);
+ PKIX_TEST_RETURN();
+ return (certList);
}
PKIX_PL_Date *
createDate(
- char *asciiDate,
- void *plContext)
+ char *asciiDate,
+ void *plContext)
{
- PKIX_PL_Date *date = NULL;
- PKIX_PL_String *plString = NULL;
+ PKIX_PL_Date *date = NULL;
+ PKIX_PL_String *plString = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiDate, 0, &plString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiDate, 0, &plString, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime
- (plString, &date, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(plString, &date, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(plString);
+ PKIX_TEST_DECREF_AC(plString);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (date);
+ return (date);
}
PKIX_ProcessingParams *
createProcessingParams(
- char *dirName,
- char *firstAnchorFileName,
- char *secondAnchorFileName,
- char *dateAscii,
- PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
- PKIX_Boolean isCrlEnabled,
- void *plContext)
+ char *dirName,
+ char *firstAnchorFileName,
+ char *secondAnchorFileName,
+ char *dateAscii,
+ PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+ PKIX_Boolean isCrlEnabled,
+ void *plContext)
{
- PKIX_TrustAnchor *firstAnchor = NULL;
- PKIX_TrustAnchor *secondAnchor = NULL;
- PKIX_List *anchorsList = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_PL_String *dateString = NULL;
- PKIX_PL_Date *testDate = NULL;
+ PKIX_TrustAnchor *firstAnchor = NULL;
+ PKIX_TrustAnchor *secondAnchor = NULL;
+ PKIX_List *anchorsList = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_PL_String *dateString = NULL;
+ PKIX_PL_Date *testDate = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchorsList, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchorsList, plContext));
- firstAnchor = createTrustAnchor
- (dirName, firstAnchorFileName, PKIX_FALSE, plContext);
+ firstAnchor = createTrustAnchor(dirName, firstAnchorFileName, PKIX_FALSE, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (anchorsList,
- (PKIX_PL_Object *)firstAnchor,
- plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList,
+ (PKIX_PL_Object *)firstAnchor,
+ plContext));
- if (secondAnchorFileName){
- secondAnchor =
- createTrustAnchor
- (dirName, secondAnchorFileName, PKIX_FALSE, plContext);
+ if (secondAnchorFileName) {
+ secondAnchor =
+ createTrustAnchor(dirName, secondAnchorFileName, PKIX_FALSE, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
- (anchorsList,
- (PKIX_PL_Object *)secondAnchor,
- plContext));
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList,
+ (PKIX_PL_Object *)secondAnchor,
+ plContext));
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
- (anchorsList, &procParams, plContext));
-
- if (dateAscii){
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_String_Create
- (PKIX_ESCASCII,
- dateAscii,
- 0,
- &dateString,
- plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_PL_Date_Create_UTCTime
- (dateString, &testDate, plContext));
-
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetDate
- (procParams, testDate, plContext));
- }
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchorsList, &procParams, plContext));
+
+ if (dateAscii) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ dateAscii,
+ 0,
+ &dateString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(dateString, &testDate, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(procParams, testDate, plContext));
+ }
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies
- (procParams, initialPolicies, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
- (procParams, isCrlEnabled, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, isCrlEnabled, plContext));
cleanup:
- if (PKIX_TEST_ERROR_RECEIVED){
- PKIX_TEST_DECREF_AC(procParams);
- }
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(procParams);
+ }
- PKIX_TEST_DECREF_AC(dateString);
- PKIX_TEST_DECREF_AC(testDate);
- PKIX_TEST_DECREF_AC(anchorsList);
- PKIX_TEST_DECREF_AC(firstAnchor);
- PKIX_TEST_DECREF_AC(secondAnchor);
+ PKIX_TEST_DECREF_AC(dateString);
+ PKIX_TEST_DECREF_AC(testDate);
+ PKIX_TEST_DECREF_AC(anchorsList);
+ PKIX_TEST_DECREF_AC(firstAnchor);
+ PKIX_TEST_DECREF_AC(secondAnchor);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (procParams);
+ return (procParams);
}
PKIX_ValidateParams *
createValidateParams(
- char *dirName,
- char *firstAnchorFileName,
- char *secondAnchorFileName,
- char *dateAscii,
- PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
- PKIX_Boolean initialPolicyMappingInhibit,
- PKIX_Boolean initialAnyPolicyInhibit,
- PKIX_Boolean initialExplicitPolicy,
- PKIX_Boolean isCrlEnabled,
- PKIX_List *chain,
- void *plContext)
+ char *dirName,
+ char *firstAnchorFileName,
+ char *secondAnchorFileName,
+ char *dateAscii,
+ PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+ PKIX_Boolean initialPolicyMappingInhibit,
+ PKIX_Boolean initialAnyPolicyInhibit,
+ PKIX_Boolean initialExplicitPolicy,
+ PKIX_Boolean isCrlEnabled,
+ PKIX_List *chain,
+ void *plContext)
{
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_ValidateParams *valParams = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_ValidateParams *valParams = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- procParams =
- createProcessingParams
- (dirName,
- firstAnchorFileName,
- secondAnchorFileName,
- dateAscii,
- NULL,
- isCrlEnabled,
- plContext);
+ procParams =
+ createProcessingParams(dirName,
+ firstAnchorFileName,
+ secondAnchorFileName,
+ dateAscii,
+ NULL,
+ isCrlEnabled,
+ plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies
- (procParams, initialPolicies, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetPolicyMappingInhibited
- (procParams, initialPolicyMappingInhibit, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetPolicyMappingInhibited(procParams, initialPolicyMappingInhibit, NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetAnyPolicyInhibited
- (procParams, initialAnyPolicyInhibit, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetAnyPolicyInhibited(procParams, initialAnyPolicyInhibit, NULL));
- PKIX_TEST_EXPECT_NO_ERROR
- (PKIX_ProcessingParams_SetExplicitPolicyRequired
- (procParams, initialExplicitPolicy, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetExplicitPolicyRequired(procParams, initialExplicitPolicy, NULL));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create
- (procParams, chain, &valParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, chain, &valParams, plContext));
cleanup:
- if (PKIX_TEST_ERROR_RECEIVED){
- PKIX_TEST_DECREF_AC(valParams);
- }
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(valParams);
+ }
- PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(procParams);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (valParams);
+ return (valParams);
}
PKIX_ValidateResult *
createValidateResult(
- char *dirName,
- char *anchorFileName,
- char *pubKeyCertFileName,
- void *plContext)
+ char *dirName,
+ char *anchorFileName,
+ char *pubKeyCertFileName,
+ void *plContext)
{
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_PublicKey *pubKey = NULL;
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_PublicKey *pubKey = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- anchor = createTrustAnchor
- (dirName, anchorFileName, PKIX_FALSE, plContext);
- cert = createCert(dirName, pubKeyCertFileName, plContext);
+ anchor = createTrustAnchor(dirName, anchorFileName, PKIX_FALSE, plContext);
+ cert = createCert(dirName, pubKeyCertFileName, plContext);
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
- (cert, &pubKey, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext));
- PKIX_TEST_EXPECT_NO_ERROR
- (pkix_ValidateResult_Create
- (pubKey, anchor, NULL, &valResult, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_ValidateResult_Create(pubKey, anchor, NULL, &valResult, plContext));
cleanup:
- if (PKIX_TEST_ERROR_RECEIVED){
- PKIX_TEST_DECREF_AC(valResult);
- }
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(valResult);
+ }
- PKIX_TEST_DECREF_AC(anchor);
- PKIX_TEST_DECREF_AC(cert);
- PKIX_TEST_DECREF_AC(pubKey);
+ PKIX_TEST_DECREF_AC(anchor);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(pubKey);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (valResult);
+ return (valResult);
}
PKIX_PL_GeneralName *
createGeneralName(
- PKIX_UInt32 nameType,
- char *asciiName,
- void *plContext)
+ PKIX_UInt32 nameType,
+ char *asciiName,
+ void *plContext)
{
- PKIX_PL_GeneralName *generalName = NULL;
- PKIX_PL_String *plString = NULL;
+ PKIX_PL_GeneralName *generalName = NULL;
+ PKIX_PL_String *plString = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiName, 0, &plString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiName, 0, &plString, plContext));
- PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_GeneralName_Create
- (nameType, plString, &generalName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_GeneralName_Create(nameType, plString, &generalName, plContext));
cleanup:
- PKIX_TEST_DECREF_AC(plString);
+ PKIX_TEST_DECREF_AC(plString);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (generalName);
+ return (generalName);
}
PKIX_BuildResult *
createBuildResult(
- char *dirName,
- char *anchorFileName,
- char *pubKeyCertFileName,
- char *firstChainCertFileName,
- char *secondChainCertFileName,
- void *plContext)
+ char *dirName,
+ char *anchorFileName,
+ char *pubKeyCertFileName,
+ char *firstChainCertFileName,
+ char *secondChainCertFileName,
+ void *plContext)
{
- PKIX_BuildResult *buildResult = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_List *certChain = NULL;
+ PKIX_BuildResult *buildResult = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_List *certChain = NULL;
- PKIX_TEST_STD_VARS();
+ PKIX_TEST_STD_VARS();
- valResult = createValidateResult
- (dirName, anchorFileName, pubKeyCertFileName, plContext);
- certChain = createCertChain
- (dirName,
- firstChainCertFileName,
- secondChainCertFileName,
- plContext);
+ valResult = createValidateResult(dirName, anchorFileName, pubKeyCertFileName, plContext);
+ certChain = createCertChain(dirName,
+ firstChainCertFileName,
+ secondChainCertFileName,
+ plContext);
- PKIX_TEST_EXPECT_NO_ERROR
- (pkix_BuildResult_Create
- (valResult, certChain, &buildResult, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_BuildResult_Create(valResult, certChain, &buildResult, plContext));
cleanup:
- if (PKIX_TEST_ERROR_RECEIVED){
- PKIX_TEST_DECREF_AC(buildResult);
- }
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(buildResult);
+ }
- PKIX_TEST_DECREF_AC(valResult);
- PKIX_TEST_DECREF_AC(certChain);
+ PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(certChain);
- PKIX_TEST_RETURN();
+ PKIX_TEST_RETURN();
- return (buildResult);
+ return (buildResult);
}
diff --git a/cmd/libpkix/testutil/testutil_nss.h b/cmd/libpkix/testutil/testutil_nss.h
index 0f00b3173..e1f24af89 100755..100644
--- a/cmd/libpkix/testutil/testutil_nss.h
+++ b/cmd/libpkix/testutil/testutil_nss.h
@@ -29,89 +29,88 @@ extern "C" {
PKIX_PL_Cert *
createCert(
- char *dirName,
- char *certFile,
- void *plContext);
+ char *dirName,
+ char *certFile,
+ void *plContext);
PKIX_PL_CRL *
createCRL(
- char *dirName,
- char *crlFileName,
- void *plContext);
+ char *dirName,
+ char *crlFileName,
+ void *plContext);
PKIX_TrustAnchor *
createTrustAnchor(
- char *dirName,
- char *taFileName,
- PKIX_Boolean useCert,
- void *plContext);
+ char *dirName,
+ char *taFileName,
+ PKIX_Boolean useCert,
+ void *plContext);
PKIX_List *
createCertChain(
- char *dirName,
- char *firstCertFileName,
- char *secondCertFileName,
- void *plContext);
+ char *dirName,
+ char *firstCertFileName,
+ char *secondCertFileName,
+ void *plContext);
PKIX_List *
createCertChainPlus(
- char *dirName,
- char *certNames[],
- PKIX_PL_Cert *certs[],
- PKIX_UInt32 numCerts,
- void *plContext);
+ char *dirName,
+ char *certNames[],
+ PKIX_PL_Cert *certs[],
+ PKIX_UInt32 numCerts,
+ void *plContext);
PKIX_PL_Date *
createDate(
- char *asciiDate,
- void *plContext);
-
+ char *asciiDate,
+ void *plContext);
PKIX_ProcessingParams *
createProcessingParams(
- char *dirName,
- char *firstAnchorFileName,
- char *secondAnchorFileName,
- char *dateAscii,
- PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
- PKIX_Boolean isCrlEnabled,
- void *plContext);
+ char *dirName,
+ char *firstAnchorFileName,
+ char *secondAnchorFileName,
+ char *dateAscii,
+ PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+ PKIX_Boolean isCrlEnabled,
+ void *plContext);
PKIX_ValidateParams *
createValidateParams(
- char *dirName,
- char *firstAnchorFileName,
- char *secondAnchorFileName,
- char *dateAscii,
- PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
- PKIX_Boolean initialPolicyMappingInhibit,
- PKIX_Boolean initialAnyPolicyInhibit,
- PKIX_Boolean initialExplicitPolicy,
- PKIX_Boolean isCrlEnabled,
- PKIX_List *chain,
- void *plContext);
+ char *dirName,
+ char *firstAnchorFileName,
+ char *secondAnchorFileName,
+ char *dateAscii,
+ PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+ PKIX_Boolean initialPolicyMappingInhibit,
+ PKIX_Boolean initialAnyPolicyInhibit,
+ PKIX_Boolean initialExplicitPolicy,
+ PKIX_Boolean isCrlEnabled,
+ PKIX_List *chain,
+ void *plContext);
PKIX_ValidateResult *
createValidateResult(
- char *dirName,
- char *anchorFileName,
- char *pubKeyCertFileName,
- void *plContext);
+ char *dirName,
+ char *anchorFileName,
+ char *pubKeyCertFileName,
+ void *plContext);
PKIX_BuildResult *
createBuildResult(
- char *dirName,
- char *anchorFileName,
- char *pubKeyCertFileName,
- char *firstChainCertFileName,
- char *secondChainCertFileName,
- void *plContext);
+ char *dirName,
+ char *anchorFileName,
+ char *pubKeyCertFileName,
+ char *firstChainCertFileName,
+ char *secondChainCertFileName,
+ void *plContext);
PKIX_PL_GeneralName *
createGeneralName(
- PKIX_UInt32 nameType,
- char *asciiName,
- void *plContext);
+ PKIX_UInt32 nameType,
+ char *asciiName,
+ void *plContext);
#ifdef __cplusplus
}
diff --git a/cmd/listsuites/listsuites.c b/cmd/listsuites/listsuites.c
index f4e2cb862..4f7dc7e50 100644
--- a/cmd/listsuites/listsuites.c
+++ b/cmd/listsuites/listsuites.c
@@ -2,7 +2,7 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* This program demonstrates the use of SSL_GetCipherSuiteInfo to avoid
+/* This program demonstrates the use of SSL_GetCipherSuiteInfo to avoid
* all compiled-in knowledge of SSL cipher suites.
*
* Try: ./listsuites | grep -v : | sort -b +4rn -5 +1 -2 +2 -3 +3 -4 +5r -6
@@ -13,7 +13,8 @@
#include "secport.h"
#include "ssl.h"
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
int i;
@@ -23,40 +24,40 @@ int main(int argc, char **argv)
/* disable all the SSL3 cipher suites */
for (i = 0; i < SSL_NumImplementedCiphers; i++) {
- PRUint16 suite = cipherSuites[i];
- SECStatus rv;
- PRBool enabled;
- PRErrorCode err;
- SSLCipherSuiteInfo info;
+ PRUint16 suite = cipherSuites[i];
+ SECStatus rv;
+ PRBool enabled;
+ PRErrorCode err;
+ SSLCipherSuiteInfo info;
rv = SSL_CipherPrefGetDefault(suite, &enabled);
- if (rv != SECSuccess) {
- err = PR_GetError();
- ++errCount;
- fprintf(stderr,
- "SSL_CipherPrefGetDefault didn't like value 0x%04x (i = %d): %s\n",
- suite, i, PORT_ErrorToString(err));
- continue;
- }
- rv = SSL_GetCipherSuiteInfo(suite, &info, (int)(sizeof info));
- if (rv != SECSuccess) {
- err = PR_GetError();
- ++errCount;
- fprintf(stderr,
- "SSL_GetCipherSuiteInfo didn't like value 0x%04x (i = %d): %s\n",
- suite, i, PORT_ErrorToString(err));
- continue;
- }
- fprintf(stdout,
- "%s:\n" /* up to 37 spaces */
- " 0x%04hx %-5s %-5s %-8s %3hd %-6s %-8s %-4s %-8s %-11s\n",
- info.cipherSuiteName, info.cipherSuite,
- info.keaTypeName, info.authAlgorithmName, info.symCipherName,
- info.effectiveKeyBits, info.macAlgorithmName,
- enabled ? "Enabled" : "Disabled",
- info.isFIPS ? "FIPS" : "",
- info.isExportable ? "Export" : "Domestic",
- info.nonStandard ? "nonStandard" : "");
+ if (rv != SECSuccess) {
+ err = PR_GetError();
+ ++errCount;
+ fprintf(stderr,
+ "SSL_CipherPrefGetDefault didn't like value 0x%04x (i = %d): %s\n",
+ suite, i, PORT_ErrorToString(err));
+ continue;
+ }
+ rv = SSL_GetCipherSuiteInfo(suite, &info, (int)(sizeof info));
+ if (rv != SECSuccess) {
+ err = PR_GetError();
+ ++errCount;
+ fprintf(stderr,
+ "SSL_GetCipherSuiteInfo didn't like value 0x%04x (i = %d): %s\n",
+ suite, i, PORT_ErrorToString(err));
+ continue;
+ }
+ fprintf(stdout,
+ "%s:\n" /* up to 37 spaces */
+ " 0x%04hx %-5s %-5s %-8s %3hd %-6s %-8s %-4s %-8s %-11s\n",
+ info.cipherSuiteName, info.cipherSuite,
+ info.keaTypeName, info.authAlgorithmName, info.symCipherName,
+ info.effectiveKeyBits, info.macAlgorithmName,
+ enabled ? "Enabled" : "Disabled",
+ info.isFIPS ? "FIPS" : "",
+ info.isExportable ? "Export" : "Domestic",
+ info.nonStandard ? "nonStandard" : "");
}
return errCount;
}
diff --git a/cmd/lowhashtest/lowhashtest.c b/cmd/lowhashtest/lowhashtest.c
index 8a128effb..29d6ff4fd 100644
--- a/cmd/lowhashtest/lowhashtest.c
+++ b/cmd/lowhashtest/lowhashtest.c
@@ -15,9 +15,10 @@
static char *progName = NULL;
-static int test_long_message(NSSLOWInitContext *initCtx,
- HASH_HashType algoType, unsigned int hashLen,
- const PRUint8 expected[], PRUint8 results[])
+static int
+test_long_message(NSSLOWInitContext *initCtx,
+ HASH_HashType algoType, unsigned int hashLen,
+ const PRUint8 expected[], PRUint8 results[])
{
unsigned int len, i, rv = 0;
NSSLOWHASHContext *ctx;
@@ -27,27 +28,27 @@ static int test_long_message(NSSLOWInitContext *initCtx,
* buffer and call update 1,000 times.
*/
unsigned char buf[1000];
- (void) PORT_Memset(buf, 'a', sizeof(buf));
+ (void)PORT_Memset(buf, 'a', sizeof(buf));
ctx = NSSLOWHASH_NewContext(initCtx, algoType);
if (ctx == NULL) {
- SECU_PrintError(progName, "Couldn't get hash context\n");
- return 1;
+ SECU_PrintError(progName, "Couldn't get hash context\n");
+ return 1;
}
NSSLOWHASH_Begin(ctx);
for (i = 0; i < 1000; ++i) {
- NSSLOWHASH_Update(ctx, buf, 1000);
+ NSSLOWHASH_Update(ctx, buf, 1000);
}
NSSLOWHASH_End(ctx, results, &len, hashLen);
PR_ASSERT(len == hashLen);
PR_ASSERT(PORT_Memcmp(expected, results, hashLen) == 0);
if (PORT_Memcmp(expected, results, len) != 0) {
- SECU_PrintError(progName, "Hash mismatch\n");
- SECU_PrintBuf(stdout, "Expected: ", expected, hashLen);
- SECU_PrintBuf(stdout, "Actual: ", results, len);
- rv = 1;
+ SECU_PrintError(progName, "Hash mismatch\n");
+ SECU_PrintBuf(stdout, "Expected: ", expected, hashLen);
+ SECU_PrintBuf(stdout, "Actual: ", results, len);
+ rv = 1;
}
NSSLOWHASH_Destroy(ctx);
@@ -56,77 +57,85 @@ static int test_long_message(NSSLOWInitContext *initCtx,
return rv;
}
-static int test_long_message_sha1(NSSLOWInitContext *initCtx) {
+static int
+test_long_message_sha1(NSSLOWInitContext *initCtx)
+{
PRUint8 results[SHA1_LENGTH];
/* Test vector from FIPS 180-2: appendix B.3. */
/* 34aa973c d4c4daa4 f61eeb2b dbad2731 6534016f. */
static const PRUint8 expected[SHA256_LENGTH] =
- { 0x34,0xaa,0x97,0x3c, 0xd4,0xc4,0xda,0xa4, 0xf6,0x1e,0xeb,0x2b,
- 0xdb,0xad,0x27,0x31, 0x65,0x34,0x01,0x6f };
+ { 0x34, 0xaa, 0x97, 0x3c, 0xd4, 0xc4, 0xda, 0xa4, 0xf6, 0x1e, 0xeb, 0x2b,
+ 0xdb, 0xad, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6f };
unsigned char buf[1000];
- (void) PORT_Memset(buf, 'a', sizeof(buf));
+ (void)PORT_Memset(buf, 'a', sizeof(buf));
return test_long_message(initCtx, HASH_AlgSHA1,
- SHA1_LENGTH, &expected[0], results);
+ SHA1_LENGTH, &expected[0], results);
}
-static int test_long_message_sha256(NSSLOWInitContext *initCtx) {
+static int
+test_long_message_sha256(NSSLOWInitContext *initCtx)
+{
PRUint8 results[SHA256_LENGTH];
/* cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0. */
static const PRUint8 expected[SHA256_LENGTH] =
- { 0xcd,0xc7,0x6e,0x5c, 0x99,0x14,0xfb,0x92, 0x81,0xa1,0xc7,0xe2, 0x84,0xd7,0x3e,0x67,
- 0xf1,0x80,0x9a,0x48, 0xa4,0x97,0x20,0x0e, 0x04,0x6d,0x39,0xcc, 0xc7,0x11,0x2c,0xd0 };
+ { 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67,
+ 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0 };
unsigned char buf[1000];
- (void) PORT_Memset(buf, 'a', sizeof(buf));
+ (void)PORT_Memset(buf, 'a', sizeof(buf));
return test_long_message(initCtx, HASH_AlgSHA256,
- SHA256_LENGTH, &expected[0], results);
+ SHA256_LENGTH, &expected[0], results);
}
-static int test_long_message_sha384(NSSLOWInitContext *initCtx) {
+static int
+test_long_message_sha384(NSSLOWInitContext *initCtx)
+{
PRUint8 results[SHA384_LENGTH];
/* Test vector from FIPS 180-2: appendix B.3. */
/*
- 9d0e1809716474cb
- 086e834e310a4a1c
- ed149e9c00f24852
- 7972cec5704c2a5b
- 07b8b3dc38ecc4eb
- ae97ddd87f3d8985.
+ 9d0e1809716474cb
+ 086e834e310a4a1c
+ ed149e9c00f24852
+ 7972cec5704c2a5b
+ 07b8b3dc38ecc4eb
+ ae97ddd87f3d8985.
*/
static const PRUint8 expected[SHA384_LENGTH] =
- { 0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,
- 0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,
- 0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,
- 0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,
- 0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,
- 0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 };
+ { 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb,
+ 0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c,
+ 0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52,
+ 0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b,
+ 0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb,
+ 0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85 };
unsigned char buf[1000];
- (void) PORT_Memset(buf, 'a', sizeof(buf));
+ (void)PORT_Memset(buf, 'a', sizeof(buf));
return test_long_message(initCtx, HASH_AlgSHA384,
- SHA384_LENGTH, &expected[0], results);
+ SHA384_LENGTH, &expected[0], results);
}
-static int test_long_message_sha512(NSSLOWInitContext *initCtx) {
+static int
+test_long_message_sha512(NSSLOWInitContext *initCtx)
+{
PRUint8 results[SHA512_LENGTH];
/* Test vector from FIPS 180-2: appendix B.3. */
static const PRUint8 expected[SHA512_LENGTH] =
- { 0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63,
- 0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb,
- 0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b,
- 0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b};
+ { 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63,
+ 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb,
+ 0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a, 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b,
+ 0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e, 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b };
unsigned char buf[1000];
- (void) PORT_Memset(buf, 'a', sizeof(buf));
+ (void)PORT_Memset(buf, 'a', sizeof(buf));
return test_long_message(initCtx, HASH_AlgSHA512,
- SHA512_LENGTH, &expected[0], results);
+ SHA512_LENGTH, &expected[0], results);
}
-
-static int testMessageDigest(NSSLOWInitContext *initCtx,
- HASH_HashType algoType, unsigned int hashLen,
- const unsigned char *message,
- const PRUint8 expected[], PRUint8 results[])
+static int
+testMessageDigest(NSSLOWInitContext *initCtx,
+ HASH_HashType algoType, unsigned int hashLen,
+ const unsigned char *message,
+ const PRUint8 expected[], PRUint8 results[])
{
NSSLOWHASHContext *ctx;
unsigned int len;
@@ -134,8 +143,8 @@ static int testMessageDigest(NSSLOWInitContext *initCtx,
ctx = NSSLOWHASH_NewContext(initCtx, algoType);
if (ctx == NULL) {
- SECU_PrintError(progName, "Couldn't get hash context\n");
- return 1;
+ SECU_PrintError(progName, "Couldn't get hash context\n");
+ return 1;
}
NSSLOWHASH_Begin(ctx);
@@ -145,10 +154,10 @@ static int testMessageDigest(NSSLOWInitContext *initCtx,
PR_ASSERT(PORT_Memcmp(expected, results, len) == 0);
if (PORT_Memcmp(expected, results, len) != 0) {
- SECU_PrintError(progName, "Hash mismatch\n");
- SECU_PrintBuf(stdout, "Expected: ", expected, hashLen);
- SECU_PrintBuf(stdout, "Actual: ", results, len);
- rv = 1;
+ SECU_PrintError(progName, "Hash mismatch\n");
+ SECU_PrintBuf(stdout, "Expected: ", expected, hashLen);
+ SECU_PrintBuf(stdout, "Actual: ", results, len);
+ rv = 1;
}
NSSLOWHASH_Destroy(ctx);
@@ -157,39 +166,39 @@ static int testMessageDigest(NSSLOWInitContext *initCtx,
return rv;
}
-
-static int testMD5(NSSLOWInitContext *initCtx)
+static int
+testMD5(NSSLOWInitContext *initCtx)
{
- /* test vectors that glibc, our API main client, uses */
+ /* test vectors that glibc, our API main client, uses */
static const struct {
- const unsigned char *input;
- const PRUint8 result[MD5_LENGTH];
- } md5tests[] = {
- { (unsigned char *) "",
- {0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e} },
- { (unsigned char *) "a",
- {0x0c,0xc1,0x75,0xb9,0xc0,0xf1,0xb6,0xa8,0x31,0xc3,0x99,0xe2,0x69,0x77,0x26,0x61} },
- { (unsigned char *) "abc",
- {0x90,0x01,0x50,0x98,0x3c,0xd2,0x4f,0xb0,0xd6,0x96,0x3f,0x7d,0x28,0xe1,0x7f,0x72} },
- { (unsigned char *) "message digest",
- {0xf9,0x6b,0x69,0x7d,0x7c,0xb7,0x93,0x8d,0x52,0x5a,0x2f,0x31,0xaa,0xf1,0x61,0xd0} },
- { (unsigned char *) "abcdefghijklmnopqrstuvwxyz",
- {0xc3,0xfc,0xd3,0xd7,0x61,0x92,0xe4,0x00,0x7d,0xfb,0x49,0x6c,0xca,0x67,0xe1,0x3b} },
- { (unsigned char *) "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
- {0xd1,0x74,0xab,0x98,0xd2,0x77,0xd9,0xf5,0xa5,0x61,0x1c,0x2c,0x9f,0x41,0x9d,0x9f} },
- { (unsigned char *) "123456789012345678901234567890123456789012345678901234567890"
- "12345678901234567890",
- {0x57,0xed,0xf4,0xa2,0x2b,0xe3,0xc9,0x55,0xac,0x49,0xda,0x2e,0x21,0x07,0xb6,0x7a} }
+ const unsigned char *input;
+ const PRUint8 result[MD5_LENGTH];
+ } md5tests[] = {
+ { (unsigned char *)"",
+ { 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e } },
+ { (unsigned char *)"a",
+ { 0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8, 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 } },
+ { (unsigned char *)"abc",
+ { 0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 } },
+ { (unsigned char *)"message digest",
+ { 0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d, 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 } },
+ { (unsigned char *)"abcdefghijklmnopqrstuvwxyz",
+ { 0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b } },
+ { (unsigned char *)"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ { 0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5, 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f } },
+ { (unsigned char *)"123456789012345678901234567890123456789012345678901234567890"
+ "12345678901234567890",
+ { 0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55, 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a } }
};
PRUint8 results[MD5_LENGTH];
int rv = 0, cnt, numTests;
- numTests = sizeof(md5tests)/sizeof(md5tests[0]);
+ numTests = sizeof(md5tests) / sizeof(md5tests[0]);
for (cnt = 0; cnt < numTests; cnt++) {
- rv += testMessageDigest(initCtx, HASH_AlgMD5, MD5_LENGTH,
- (const unsigned char *) md5tests[cnt].input,
- md5tests[cnt].result, &results[0]);
+ rv += testMessageDigest(initCtx, HASH_AlgMD5, MD5_LENGTH,
+ (const unsigned char *)md5tests[cnt].input,
+ md5tests[cnt].result, &results[0]);
}
return rv;
}
@@ -199,187 +208,182 @@ static int testMD5(NSSLOWInitContext *initCtx)
*
*/
-static int testSHA1(NSSLOWInitContext *initCtx)
+static int
+testSHA1(NSSLOWInitContext *initCtx)
{
static const struct {
- const unsigned char *input;
- const PRUint8 result[SHA1_LENGTH];
+ const unsigned char *input;
+ const PRUint8 result[SHA1_LENGTH];
} sha1tests[] = {
- /* one block messsage */
- { (const unsigned char *)
- "abc",
- /* a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d. */
-
- { 0xa9,0x99,0x3e,0x36, 0x47,0x06,0x81,0x6a, /* a9993e36 4706816a */
- 0xba,0x3e,0x25,0x71, /* ba3e2571 */
- 0x78,0x50,0xc2,0x6c, 0x9c,0xd0,0xd8,0x9d} /* 7850c26c 9cd0d89d */
- },
- { (const unsigned char *)
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- /* 84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1. */
- {0x84,0x98,0x3e,0x44, 0x1c,0x3b,0xd2,0x6e, 0xba,0xae,0x4a,0xa1,
- 0xf9,0x51,0x29,0xe5, 0xe5,0x46,0x70,0xf1}
- }
+ /* one block messsage */
+ {
+ (const unsigned char *)"abc",
+ /* a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d. */
+
+ { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, /* a9993e36 4706816a */
+ 0xba, 0x3e, 0x25, 0x71, /* ba3e2571 */
+ 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d } /* 7850c26c 9cd0d89d */
+ },
+ { (const unsigned char *)"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ /* 84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1. */
+ { 0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e, 0xba, 0xae, 0x4a, 0xa1,
+ 0xf9, 0x51, 0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1 } }
};
PRUint8 results[SHA1_LENGTH];
int rv = 0, cnt, numTests;
- numTests = sizeof(sha1tests)/sizeof(sha1tests[0]);
+ numTests = sizeof(sha1tests) / sizeof(sha1tests[0]);
for (cnt = 0; cnt < numTests; cnt++) {
- rv += testMessageDigest(initCtx, HASH_AlgSHA1, SHA1_LENGTH,
- (const unsigned char *) sha1tests[cnt].input,
- sha1tests[cnt].result, &results[0]);
+ rv += testMessageDigest(initCtx, HASH_AlgSHA1, SHA1_LENGTH,
+ (const unsigned char *)sha1tests[cnt].input,
+ sha1tests[cnt].result, &results[0]);
}
rv += test_long_message_sha1(initCtx);
return rv;
}
-static int testSHA224(NSSLOWInitContext *initCtx)
+static int
+testSHA224(NSSLOWInitContext *initCtx)
{
static const struct {
- const unsigned char *input;
- const PRUint8 result[SHA224_LENGTH];
+ const unsigned char *input;
+ const PRUint8 result[SHA224_LENGTH];
} sha224tests[] = {
- /* one block messsage */
- { (const unsigned char *) "abc",
- {0x23,0x09,0x7D,0x22,0x34,0x05,0xD8,0x22,0x86,0x42,0xA4,0x77,0xBD,0xA2,0x55,0xB3,
- 0x2A,0xAD,0xBC,0xE4,0xBD,0xA0,0xB3,0xF7,0xE3,0x6C,0x9D,0xA7}
- },
- /* two block message */
- { (const unsigned char *) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- {0x75,0x38,0x8B,0x16,0x51,0x27,0x76,0xCC,0x5D,0xBA,0x5D,0xA1,0xFD,0x89,0x01,0x50,
- 0xB0,0xC6,0x45,0x5C,0xB4,0xF5,0x8B,0x19,0x52,0x52,0x25,0x25}
- }
+ /* one block messsage */
+ { (const unsigned char *)"abc",
+ { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22, 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
+ 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7, 0xE3, 0x6C, 0x9D, 0xA7 } },
+ /* two block message */
+ { (const unsigned char *)"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC, 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
+ 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19, 0x52, 0x52, 0x25, 0x25 } }
};
PRUint8 results[SHA224_LENGTH];
int rv = 0, cnt, numTests;
- numTests = sizeof(sha224tests)/sizeof(sha224tests[0]);
+ numTests = sizeof(sha224tests) / sizeof(sha224tests[0]);
for (cnt = 0; cnt < numTests; cnt++) {
- rv += testMessageDigest(initCtx, HASH_AlgSHA224, SHA224_LENGTH,
- (const unsigned char *) sha224tests[cnt].input,
- sha224tests[cnt].result, &results[0]);
+ rv += testMessageDigest(initCtx, HASH_AlgSHA224, SHA224_LENGTH,
+ (const unsigned char *)sha224tests[cnt].input,
+ sha224tests[cnt].result, &results[0]);
}
return rv;
}
-static int testSHA256(NSSLOWInitContext *initCtx)
+static int
+testSHA256(NSSLOWInitContext *initCtx)
{
static const struct {
- const unsigned char *input;
- const PRUint8 result[SHA256_LENGTH];
+ const unsigned char *input;
+ const PRUint8 result[SHA256_LENGTH];
} sha256tests[] = {
- /* Test vectors from FIPS 180-2: appendix B.1. */
- { (unsigned char *) "abc",
- {0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
- 0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad}
- },
- /* Test vectors from FIPS 180-2: appendix B.2. */
- { (unsigned char *) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- {0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,
- 0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1}
- }
+ /* Test vectors from FIPS 180-2: appendix B.1. */
+ { (unsigned char *)"abc",
+ { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
+ 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad } },
+ /* Test vectors from FIPS 180-2: appendix B.2. */
+ { (unsigned char *)"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
+ 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 } }
};
PRUint8 results[SHA256_LENGTH];
int rv = 0, cnt, numTests;
- numTests = sizeof(sha256tests)/sizeof(sha256tests[0]);
+ numTests = sizeof(sha256tests) / sizeof(sha256tests[0]);
for (cnt = 0; cnt < numTests; cnt++) {
- rv += testMessageDigest(initCtx, HASH_AlgSHA256, SHA256_LENGTH,
- (const unsigned char *) sha256tests[cnt].input,
- sha256tests[cnt].result, &results[0]);
+ rv += testMessageDigest(initCtx, HASH_AlgSHA256, SHA256_LENGTH,
+ (const unsigned char *)sha256tests[cnt].input,
+ sha256tests[cnt].result, &results[0]);
}
rv += test_long_message_sha256(initCtx);
return rv;
}
-static int testSHA384(NSSLOWInitContext *initCtx)
+static int
+testSHA384(NSSLOWInitContext *initCtx)
{
static const struct {
- const unsigned char *input;
- const PRUint8 result[SHA384_LENGTH];
+ const unsigned char *input;
+ const PRUint8 result[SHA384_LENGTH];
} sha384tests[] = {
- /* Test vector from FIPS 180-2: appendix D, single-block message. */
- { (unsigned char *) "abc",
- {0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,
- 0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,
- 0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,
- 0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,
- 0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,
- 0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7} },
-
- /* Test vectors from FIPS 180-2: appendix D, multi-block message. */
- { (unsigned char *)
- "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
- "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
- /*
- 09330c33f71147e8
- 3d192fc782cd1b47
- 53111b173b3b05d2
+ /* Test vector from FIPS 180-2: appendix D, single-block message. */
+ { (unsigned char *)"abc",
+ { 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b,
+ 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
+ 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63,
+ 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
+ 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23,
+ 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 } },
+
+ /* Test vectors from FIPS 180-2: appendix D, multi-block message. */
+ { (unsigned char *)"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
+ /*
+ 09330c33f71147e8
+ 3d192fc782cd1b47
+ 53111b173b3b05d2
2fa08086e3b0f712
- fcc7c71a557e2db9
+ fcc7c71a557e2db9
66c3e9fa91746039.
*/
- {0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,
- 0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,
- 0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,
- 0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,
- 0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,
- 0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39} }
- };
+ { 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8,
+ 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47,
+ 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2,
+ 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12,
+ 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9,
+ 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 } }
+ };
PRUint8 results[SHA384_LENGTH];
int rv = 0, cnt, numTests;
- numTests = sizeof(sha384tests)/sizeof(sha384tests[0]);
+ numTests = sizeof(sha384tests) / sizeof(sha384tests[0]);
for (cnt = 0; cnt < numTests; cnt++) {
rv += testMessageDigest(initCtx, HASH_AlgSHA384, SHA384_LENGTH,
- (const unsigned char *) sha384tests[cnt].input,
- sha384tests[cnt].result, &results[0]);
+ (const unsigned char *)sha384tests[cnt].input,
+ sha384tests[cnt].result, &results[0]);
}
rv += test_long_message_sha384(initCtx);
return rv;
}
-
-int testSHA512(NSSLOWInitContext *initCtx)
+int
+testSHA512(NSSLOWInitContext *initCtx)
{
static const struct {
- const unsigned char *input;
- const PRUint8 result[SHA512_LENGTH];
+ const unsigned char *input;
+ const PRUint8 result[SHA512_LENGTH];
} sha512tests[] = {
- /* Test vectors from FIPS 180-2: appendix C.1. */
- { (unsigned char *) "abc",
- { 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
- 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
- 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
- 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f}
- },
- /* Test vectors from FIPS 180-2: appendix C.2. */
- { (unsigned char *) "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
- "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
- {0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda,0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f,
- 0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1,0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18,
- 0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4,0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a,
- 0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54,0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09}
- }
+ /* Test vectors from FIPS 180-2: appendix C.1. */
+ { (unsigned char *)"abc",
+ { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
+ 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
+ 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
+ 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f } },
+ /* Test vectors from FIPS 180-2: appendix C.2. */
+ { (unsigned char *)"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
+ { 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f,
+ 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18,
+ 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4, 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
+ 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54, 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 } }
};
PRUint8 results[SHA512_LENGTH];
int rv = 0, cnt, numTests;
- numTests = sizeof(sha512tests)/sizeof(sha512tests[0]);
+ numTests = sizeof(sha512tests) / sizeof(sha512tests[0]);
for (cnt = 0; cnt < numTests; cnt++) {
- rv = testMessageDigest(initCtx, HASH_AlgSHA512, SHA512_LENGTH,
- (const unsigned char *) sha512tests[cnt].input,
- sha512tests[cnt].result, &results[0]);
+ rv = testMessageDigest(initCtx, HASH_AlgSHA512, SHA512_LENGTH,
+ (const unsigned char *)sha512tests[cnt].input,
+ sha512tests[cnt].result, &results[0]);
}
rv += test_long_message_sha512(initCtx);
return rv;
@@ -389,53 +393,53 @@ static void
Usage(char *progName)
{
fprintf(stderr, "Usage: %s [algorithm]\n",
- progName);
+ progName);
fprintf(stderr, "algorithm must be one of %s\n",
- "{ MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 }");
+ "{ MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 }");
fprintf(stderr, "default is to test all\n");
exit(-1);
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
NSSLOWInitContext *initCtx;
int rv = 0; /* counts the number of failures */
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
initCtx = NSSLOW_Init();
if (initCtx == NULL) {
- SECU_PrintError(progName, "Couldn't initialize for hashing\n");
- return 1;
+ SECU_PrintError(progName, "Couldn't initialize for hashing\n");
+ return 1;
}
if (argc || !argv[1] || strlen(argv[1]) == 0) {
- rv += testMD5(initCtx);
- rv += testSHA1(initCtx);
- rv += testSHA224(initCtx);
- rv += testSHA256(initCtx);
- rv += testSHA384(initCtx);
- rv += testSHA512(initCtx);
+ rv += testMD5(initCtx);
+ rv += testSHA1(initCtx);
+ rv += testSHA224(initCtx);
+ rv += testSHA256(initCtx);
+ rv += testSHA384(initCtx);
+ rv += testSHA512(initCtx);
} else if (strcmp(argv[1], "MD5") == 0) {
- rv += testMD5(initCtx);
+ rv += testMD5(initCtx);
} else if (strcmp(argv[1], "SHA1") == 0) {
- rv += testSHA1(initCtx);
+ rv += testSHA1(initCtx);
} else if (strcmp(argv[1], "SHA224") == 0) {
- rv += testSHA224(initCtx);
+ rv += testSHA224(initCtx);
} else if (strcmp(argv[1], "SHA226") == 0) {
- rv += testSHA256(initCtx);
+ rv += testSHA256(initCtx);
} else if (strcmp(argv[1], "SHA384") == 0) {
- rv += testSHA384(initCtx);
+ rv += testSHA384(initCtx);
} else if (strcmp(argv[1], "SHA512") == 0) {
- rv += testSHA512(initCtx);
+ rv += testSHA512(initCtx);
} else {
- SECU_PrintError(progName, "Unsupported hash type %s\n", argv[0]);
- Usage(progName);
+ SECU_PrintError(progName, "Unsupported hash type %s\n", argv[0]);
+ Usage(progName);
}
NSSLOW_Shutdown(initCtx);
return (rv == 0) ? 0 : 1;
}
-
diff --git a/cmd/makepqg/makepqg.c b/cmd/makepqg/makepqg.c
index 01d190d2c..85f8218ff 100644
--- a/cmd/makepqg/makepqg.c
+++ b/cmd/makepqg/makepqg.c
@@ -20,149 +20,144 @@
#define BPB 8 /* bits per byte. */
-char *progName;
-
+char *progName;
const SEC_ASN1Template seckey_PQGParamsTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
- { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, prime) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, subPrime) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, base) },
{ 0 }
};
-
-
void
Usage(void)
{
fprintf(stderr, "Usage: %s\n", progName);
- fprintf(stderr,
-"-a Output DER-encoded PQG params, BTOA encoded.\n"
-"-b Output DER-encoded PQG params in binary\n"
-"-r Output P, Q and G in ASCII hexadecimal. \n"
-" -l prime-length Length of prime in bits (1024 is default)\n"
-" -n subprime-length Length of subprime in bits\n"
-" -o file Output to this file (default is stdout)\n"
-" -g bits Generate SEED this many bits long.\n"
-);
+ fprintf(stderr,
+ "-a Output DER-encoded PQG params, BTOA encoded.\n"
+ "-b Output DER-encoded PQG params in binary\n"
+ "-r Output P, Q and G in ASCII hexadecimal. \n"
+ " -l prime-length Length of prime in bits (1024 is default)\n"
+ " -n subprime-length Length of subprime in bits\n"
+ " -o file Output to this file (default is stdout)\n"
+ " -g bits Generate SEED this many bits long.\n");
exit(-1);
-
}
SECStatus
-outputPQGParams(PQGParams * pqgParams, PRBool output_binary, PRBool output_raw,
- FILE * outFile)
+outputPQGParams(PQGParams *pqgParams, PRBool output_binary, PRBool output_raw,
+ FILE *outFile)
{
- PLArenaPool * arena = NULL;
- char * PQG;
- SECItem * pItem;
- int cc;
- SECStatus rv;
- SECItem encodedParams;
+ PLArenaPool *arena = NULL;
+ char *PQG;
+ SECItem *pItem;
+ int cc;
+ SECStatus rv;
+ SECItem encodedParams;
if (output_raw) {
- SECItem item;
-
- rv = PK11_PQG_GetPrimeFromParams(pqgParams, &item);
- if (rv) {
- SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
- return rv;
- }
- SECU_PrintInteger(outFile, &item, "Prime", 1);
- SECITEM_FreeItem(&item, PR_FALSE);
-
- rv = PK11_PQG_GetSubPrimeFromParams(pqgParams, &item);
- if (rv) {
- SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
- return rv;
- }
- SECU_PrintInteger(outFile, &item, "Subprime", 1);
- SECITEM_FreeItem(&item, PR_FALSE);
-
- rv = PK11_PQG_GetBaseFromParams(pqgParams, &item);
- if (rv) {
- SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
- return rv;
- }
- SECU_PrintInteger(outFile, &item, "Base", 1);
- SECITEM_FreeItem(&item, PR_FALSE);
-
- fprintf(outFile, "\n");
- return SECSuccess;
+ SECItem item;
+
+ rv = PK11_PQG_GetPrimeFromParams(pqgParams, &item);
+ if (rv) {
+ SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
+ return rv;
+ }
+ SECU_PrintInteger(outFile, &item, "Prime", 1);
+ SECITEM_FreeItem(&item, PR_FALSE);
+
+ rv = PK11_PQG_GetSubPrimeFromParams(pqgParams, &item);
+ if (rv) {
+ SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
+ return rv;
+ }
+ SECU_PrintInteger(outFile, &item, "Subprime", 1);
+ SECITEM_FreeItem(&item, PR_FALSE);
+
+ rv = PK11_PQG_GetBaseFromParams(pqgParams, &item);
+ if (rv) {
+ SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
+ return rv;
+ }
+ SECU_PrintInteger(outFile, &item, "Base", 1);
+ SECITEM_FreeItem(&item, PR_FALSE);
+
+ fprintf(outFile, "\n");
+ return SECSuccess;
}
encodedParams.data = NULL;
- encodedParams.len = 0;
+ encodedParams.len = 0;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) {
- SECU_PrintError(progName, "PORT_NewArena");
- return SECFailure;
+ SECU_PrintError(progName, "PORT_NewArena");
+ return SECFailure;
}
pItem = SEC_ASN1EncodeItem(arena, &encodedParams, pqgParams,
- seckey_PQGParamsTemplate);
+ seckey_PQGParamsTemplate);
if (!pItem) {
- SECU_PrintError(progName, "SEC_ASN1EncodeItem");
- PORT_FreeArena(arena, PR_FALSE);
- return SECFailure;
+ SECU_PrintError(progName, "SEC_ASN1EncodeItem");
+ PORT_FreeArena(arena, PR_FALSE);
+ return SECFailure;
}
if (output_binary) {
- size_t len;
- len = fwrite(encodedParams.data, 1, encodedParams.len, outFile);
- PORT_FreeArena(arena, PR_FALSE);
- if (len != encodedParams.len) {
- fprintf(stderr, "%s: fwrite failed\n", progName);
- return SECFailure;
- }
- return SECSuccess;
+ size_t len;
+ len = fwrite(encodedParams.data, 1, encodedParams.len, outFile);
+ PORT_FreeArena(arena, PR_FALSE);
+ if (len != encodedParams.len) {
+ fprintf(stderr, "%s: fwrite failed\n", progName);
+ return SECFailure;
+ }
+ return SECSuccess;
}
/* must be output ASCII */
- PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len);
+ PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len);
PORT_FreeArena(arena, PR_FALSE);
if (!PQG) {
- SECU_PrintError(progName, "BTOA_DataToAscii");
- return SECFailure;
+ SECU_PrintError(progName, "BTOA_DataToAscii");
+ return SECFailure;
}
- cc = fprintf(outFile,"%s\n",PQG);
+ cc = fprintf(outFile, "%s\n", PQG);
PORT_Free(PQG);
if (cc <= 0) {
- fprintf(stderr, "%s: fprintf failed\n", progName);
- return SECFailure;
+ fprintf(stderr, "%s: fprintf failed\n", progName);
+ return SECFailure;
}
return SECSuccess;
}
SECStatus
-outputPQGVerify(PQGVerify * pqgVerify, PRBool output_binary, PRBool output_raw,
- FILE * outFile)
+outputPQGVerify(PQGVerify *pqgVerify, PRBool output_binary, PRBool output_raw,
+ FILE *outFile)
{
SECStatus rv = SECSuccess;
if (output_raw) {
- SECItem item;
- unsigned int counter;
-
- rv = PK11_PQG_GetHFromVerify(pqgVerify, &item);
- if (rv) {
- SECU_PrintError(progName, "PK11_PQG_GetHFromVerify");
- return rv;
- }
- SECU_PrintInteger(outFile, &item, "h", 1);
- SECITEM_FreeItem(&item, PR_FALSE);
-
- rv = PK11_PQG_GetSeedFromVerify(pqgVerify, &item);
- if (rv) {
- SECU_PrintError(progName, "PK11_PQG_GetSeedFromVerify");
- return rv;
- }
- SECU_PrintInteger(outFile, &item, "SEED", 1);
- fprintf(outFile, " g: %d\n", item.len * BPB);
- SECITEM_FreeItem(&item, PR_FALSE);
-
- counter = PK11_PQG_GetCounterFromVerify(pqgVerify);
- fprintf(outFile, " counter: %d\n", counter);
- fprintf(outFile, "\n");
+ SECItem item;
+ unsigned int counter;
+
+ rv = PK11_PQG_GetHFromVerify(pqgVerify, &item);
+ if (rv) {
+ SECU_PrintError(progName, "PK11_PQG_GetHFromVerify");
+ return rv;
+ }
+ SECU_PrintInteger(outFile, &item, "h", 1);
+ SECITEM_FreeItem(&item, PR_FALSE);
+
+ rv = PK11_PQG_GetSeedFromVerify(pqgVerify, &item);
+ if (rv) {
+ SECU_PrintError(progName, "PK11_PQG_GetSeedFromVerify");
+ return rv;
+ }
+ SECU_PrintInteger(outFile, &item, "SEED", 1);
+ fprintf(outFile, " g: %d\n", item.len * BPB);
+ SECITEM_FreeItem(&item, PR_FALSE);
+
+ counter = PK11_PQG_GetCounterFromVerify(pqgVerify);
+ fprintf(outFile, " counter: %d\n", counter);
+ fprintf(outFile, "\n");
}
return rv;
}
@@ -170,75 +165,72 @@ outputPQGVerify(PQGVerify * pqgVerify, PRBool output_binary, PRBool output_raw,
int
main(int argc, char **argv)
{
- FILE * outFile = NULL;
- char * outFileName = NULL;
- PQGParams * pqgParams = NULL;
- PQGVerify * pqgVerify = NULL;
- int keySizeInBits = 1024;
- int j = 8;
- int g = 0;
- int gMax = 0;
- int qSizeInBits = 0;
- SECStatus rv = 0;
- SECStatus passed = 0;
- PRBool output_ascii = PR_FALSE;
- PRBool output_binary = PR_FALSE;
- PRBool output_raw = PR_FALSE;
+ FILE *outFile = NULL;
+ char *outFileName = NULL;
+ PQGParams *pqgParams = NULL;
+ PQGVerify *pqgVerify = NULL;
+ int keySizeInBits = 1024;
+ int j = 8;
+ int g = 0;
+ int gMax = 0;
+ int qSizeInBits = 0;
+ SECStatus rv = 0;
+ SECStatus passed = 0;
+ PRBool output_ascii = PR_FALSE;
+ PRBool output_binary = PR_FALSE;
+ PRBool output_raw = PR_FALSE;
PLOptState *optstate;
PLOptStatus status;
-
progName = strrchr(argv[0], '/');
if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
+ progName = strrchr(argv[0], '\\');
+ progName = progName ? progName + 1 : argv[0];
/* Parse command line arguments */
- optstate = PL_CreateOptState(argc, argv, "?abg:l:n:o:r" );
+ optstate = PL_CreateOptState(argc, argv, "?abg:l:n:o:r");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
-
- case 'l':
- keySizeInBits = atoi(optstate->value);
- break;
-
- case 'n':
- qSizeInBits = atoi(optstate->value);
- break;
-
- case 'a':
- output_ascii = PR_TRUE;
- break;
-
- case 'b':
- output_binary = PR_TRUE;
- break;
-
- case 'r':
- output_raw = PR_TRUE;
- break;
-
- case 'o':
- if (outFileName) {
- PORT_Free(outFileName);
- }
- outFileName = PORT_Strdup(optstate->value);
- if (!outFileName) {
- rv = -1;
- }
- break;
-
- case 'g':
- g = atoi(optstate->value);
- break;
-
-
- default:
- case '?':
- Usage();
- break;
-
- }
+ switch (optstate->option) {
+
+ case 'l':
+ keySizeInBits = atoi(optstate->value);
+ break;
+
+ case 'n':
+ qSizeInBits = atoi(optstate->value);
+ break;
+
+ case 'a':
+ output_ascii = PR_TRUE;
+ break;
+
+ case 'b':
+ output_binary = PR_TRUE;
+ break;
+
+ case 'r':
+ output_raw = PR_TRUE;
+ break;
+
+ case 'o':
+ if (outFileName) {
+ PORT_Free(outFileName);
+ }
+ outFileName = PORT_Strdup(optstate->value);
+ if (!outFileName) {
+ rv = -1;
+ }
+ break;
+
+ case 'g':
+ g = atoi(optstate->value);
+ break;
+
+ default:
+ case '?':
+ Usage();
+ break;
+ }
}
PL_DestroyOptState(optstate);
@@ -247,101 +239,103 @@ main(int argc, char **argv)
}
/* exactly 1 of these options must be set. */
- if (1 != ((output_ascii != PR_FALSE) +
- (output_binary != PR_FALSE) +
- (output_raw != PR_FALSE))) {
- Usage();
+ if (1 != ((output_ascii != PR_FALSE) +
+ (output_binary != PR_FALSE) +
+ (output_raw != PR_FALSE))) {
+ Usage();
}
- gMax = 2*keySizeInBits;
+ gMax = 2 * keySizeInBits;
if (keySizeInBits < 1024) {
- j = PQG_PBITS_TO_INDEX(keySizeInBits);
- if (j < 0) {
- fprintf(stderr, "%s: Illegal prime length, \n"
- "\tacceptable values are between 512 and 1024,\n"
- "\tand divisible by 64, or 2048 or 3072\n",
- progName);
- return 2;
- }
- gMax =2048;
- if ((qSizeInBits != 0) && (qSizeInBits != 160)) {
- fprintf(stderr, "%s: Illegal subprime length, \n"
- "\tonly 160 is acceptible for primes <= 1024\n",
- progName);
- return 2;
- }
- /* this forces keysizes less than 1024 into the DSA1 generation
+ j = PQG_PBITS_TO_INDEX(keySizeInBits);
+ if (j < 0) {
+ fprintf(stderr, "%s: Illegal prime length, \n"
+ "\tacceptable values are between 512 and 1024,\n"
+ "\tand divisible by 64, or 2048 or 3072\n",
+ progName);
+ return 2;
+ }
+ gMax = 2048;
+ if ((qSizeInBits != 0) && (qSizeInBits != 160)) {
+ fprintf(stderr, "%s: Illegal subprime length, \n"
+ "\tonly 160 is acceptible for primes <= 1024\n",
+ progName);
+ return 2;
+ }
+ /* this forces keysizes less than 1024 into the DSA1 generation
* code. Whether 1024 uses DSA2 or not is triggered by qSizeInBits
* being non-zero. All larger keysizes will use DSA2.
*/
- qSizeInBits = 0;
- }
+ qSizeInBits = 0;
+ }
if (g != 0 && (g < 160 || g >= gMax || g % 8 != 0)) {
- fprintf(stderr, "%s: Illegal g bits, \n"
- "\tacceptable values are between 160 and %d,\n"
- "\tand divisible by 8\n", progName, gMax);
- return 3;
+ fprintf(stderr, "%s: Illegal g bits, \n"
+ "\tacceptable values are between 160 and %d,\n"
+ "\tand divisible by 8\n",
+ progName, gMax);
+ return 3;
}
if (!rv && outFileName) {
- outFile = fopen(outFileName, output_binary ? "wb" : "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, outFileName);
- rv = -1;
- }
+ outFile = fopen(outFileName, output_binary ? "wb" : "w");
+ if (!outFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, outFileName);
+ rv = -1;
+ }
}
if (outFileName) {
- PORT_Free(outFileName);
+ PORT_Free(outFileName);
}
if (rv != 0) {
- return 1;
+ return 1;
}
if (outFile == NULL) {
- outFile = stdout;
+ outFile = stdout;
}
-
NSS_NoDB_Init(NULL);
if (keySizeInBits > 1024 || qSizeInBits != 0) {
- rv = PK11_PQG_ParamGenV2((unsigned)keySizeInBits,
- (unsigned) qSizeInBits, (unsigned)(g/8), &pqgParams, &pqgVerify);
+ rv = PK11_PQG_ParamGenV2((unsigned)keySizeInBits,
+ (unsigned)qSizeInBits, (unsigned)(g /
+ 8),
+ &pqgParams, &pqgVerify);
} else if (g) {
- rv = PK11_PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g/8),
- &pqgParams, &pqgVerify);
- } else {
- rv = PK11_PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify);
+ rv = PK11_PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g / 8),
+ &pqgParams, &pqgVerify);
+ } else {
+ rv = PK11_PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify);
}
/* below here, must go to loser */
if (rv != SECSuccess || pqgParams == NULL || pqgVerify == NULL) {
- SECU_PrintError(progName, "PQG parameter generation failed.\n");
- goto loser;
- }
+ SECU_PrintError(progName, "PQG parameter generation failed.\n");
+ goto loser;
+ }
fprintf(stderr, "%s: PQG parameter generation completed.\n", progName);
rv = outputPQGParams(pqgParams, output_binary, output_raw, outFile);
if (rv) {
- fprintf(stderr, "%s: failed to output PQG params.\n", progName);
- goto loser;
+ fprintf(stderr, "%s: failed to output PQG params.\n", progName);
+ goto loser;
}
rv = outputPQGVerify(pqgVerify, output_binary, output_raw, outFile);
if (rv) {
- fprintf(stderr, "%s: failed to output PQG Verify.\n", progName);
- goto loser;
+ fprintf(stderr, "%s: failed to output PQG Verify.\n", progName);
+ goto loser;
}
rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &passed);
if (rv != SECSuccess) {
- fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName);
- goto loser;
+ fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName);
+ goto loser;
}
if (passed != SECSuccess) {
- fprintf(stderr, "%s: PQG parameters failed verification.\n", progName);
- goto loser;
- }
+ fprintf(stderr, "%s: PQG parameters failed verification.\n", progName);
+ goto loser;
+ }
fprintf(stderr, "%s: PQG parameters passed verification.\n", progName);
PK11_PQG_DestroyParams(pqgParams);
diff --git a/cmd/modutil/error.h b/cmd/modutil/error.h
index ba42264b5..b328afebc 100644
--- a/cmd/modutil/error.h
+++ b/cmd/modutil/error.h
@@ -10,127 +10,127 @@
* changed.
*/
typedef enum {
- NO_ERR=0,
- INVALID_USAGE_ERR,
- UNEXPECTED_ARG_ERR,
- UNKNOWN_OPTION_ERR,
- MULTIPLE_COMMAND_ERR,
- OPTION_NEEDS_ARG_ERR,
- DUPLICATE_OPTION_ERR,
- MISSING_PARAM_ERR,
- INVALID_FIPS_ARG,
- NO_COMMAND_ERR,
- NO_DBDIR_ERR,
- FIPS_SWITCH_FAILED_ERR,
- FIPS_ALREADY_ON_ERR,
- FIPS_ALREADY_OFF_ERR,
- FILE_ALREADY_EXISTS_ERR,
- FILE_DOESNT_EXIST_ERR,
- FILE_NOT_READABLE_ERR,
- FILE_NOT_WRITEABLE_ERR,
- DIR_DOESNT_EXIST_ERR,
- DIR_NOT_READABLE_ERR,
- DIR_NOT_WRITEABLE_ERR,
- INVALID_CONSTANT_ERR,
- ADD_MODULE_FAILED_ERR,
- UNUSED_ERR, /* reserved for future use */
- OUT_OF_MEM_ERR,
- DELETE_INTERNAL_ERR,
- DELETE_FAILED_ERR,
- NO_LIST_LOCK_ERR,
- NO_MODULE_LIST_ERR,
- NO_SUCH_MODULE_ERR,
- MOD_INFO_ERR,
- SLOT_INFO_ERR,
- TOKEN_INFO_ERR,
- NO_SUCH_TOKEN_ERR,
- CHANGEPW_FAILED_ERR,
- BAD_PW_ERR,
- DB_ACCESS_ERR,
- AUTHENTICATION_FAILED_ERR,
- NO_SUCH_SLOT_ERR,
- ENABLE_FAILED_ERR,
- UPDATE_MOD_FAILED_ERR,
- DEFAULT_FAILED_ERR,
- UNDEFAULT_FAILED_ERR,
- STDIN_READ_ERR,
- UNSPECIFIED_ERR,
- NOCERTDB_MISUSE_ERR,
- NSS_INITIALIZE_FAILED_ERR,
+ NO_ERR = 0,
+ INVALID_USAGE_ERR,
+ UNEXPECTED_ARG_ERR,
+ UNKNOWN_OPTION_ERR,
+ MULTIPLE_COMMAND_ERR,
+ OPTION_NEEDS_ARG_ERR,
+ DUPLICATE_OPTION_ERR,
+ MISSING_PARAM_ERR,
+ INVALID_FIPS_ARG,
+ NO_COMMAND_ERR,
+ NO_DBDIR_ERR,
+ FIPS_SWITCH_FAILED_ERR,
+ FIPS_ALREADY_ON_ERR,
+ FIPS_ALREADY_OFF_ERR,
+ FILE_ALREADY_EXISTS_ERR,
+ FILE_DOESNT_EXIST_ERR,
+ FILE_NOT_READABLE_ERR,
+ FILE_NOT_WRITEABLE_ERR,
+ DIR_DOESNT_EXIST_ERR,
+ DIR_NOT_READABLE_ERR,
+ DIR_NOT_WRITEABLE_ERR,
+ INVALID_CONSTANT_ERR,
+ ADD_MODULE_FAILED_ERR,
+ UNUSED_ERR, /* reserved for future use */
+ OUT_OF_MEM_ERR,
+ DELETE_INTERNAL_ERR,
+ DELETE_FAILED_ERR,
+ NO_LIST_LOCK_ERR,
+ NO_MODULE_LIST_ERR,
+ NO_SUCH_MODULE_ERR,
+ MOD_INFO_ERR,
+ SLOT_INFO_ERR,
+ TOKEN_INFO_ERR,
+ NO_SUCH_TOKEN_ERR,
+ CHANGEPW_FAILED_ERR,
+ BAD_PW_ERR,
+ DB_ACCESS_ERR,
+ AUTHENTICATION_FAILED_ERR,
+ NO_SUCH_SLOT_ERR,
+ ENABLE_FAILED_ERR,
+ UPDATE_MOD_FAILED_ERR,
+ DEFAULT_FAILED_ERR,
+ UNDEFAULT_FAILED_ERR,
+ STDIN_READ_ERR,
+ UNSPECIFIED_ERR,
+ NOCERTDB_MISUSE_ERR,
+ NSS_INITIALIZE_FAILED_ERR,
- LAST_ERR /* must be last */
+ LAST_ERR /* must be last */
} Error;
#define SUCCESS NO_ERR
/* !!! Should move this into its own .c and un-static it. */
static char *errStrings[] = {
- "Operation completed successfully.\n",
- "ERROR: Invalid command line.\n",
- "ERROR: Not expecting argument \"%s\".\n",
- "ERROR: Unknown option: %s.\n",
- "ERROR: %s: multiple commands are not allowed on the command line.\n",
- "ERROR: %s: option needs an argument.\n",
- "ERROR: %s: option cannot be given more than once.\n",
- "ERROR: Command \"%s\" requires parameter \"%s\".\n",
- "ERROR: Argument to -fips must be \"true\" or \"false\".\n",
- "ERROR: No command was specified.\n",
- "ERROR: Cannot determine database directory: use the -dbdir option.\n",
- "ERROR: Unable to switch FIPS modes.\n",
- "FIPS mode already enabled.\n",
- "FIPS mode already disabled.\n",
- "ERROR: File \"%s\" already exists.\n",
- "ERROR: File \"%s\" does not exist.\n",
- "ERROR: File \"%s\" is not readable.\n",
- "ERROR: File \"%s\" is not writeable.\n",
- "ERROR: Directory \"%s\" does not exist.\n",
- "ERROR: Directory \"%s\" is not readable.\n",
- "ERROR: Directory \"%s\" is not writeable.\n",
- "\"%s\" is not a recognized value.\n",
- "ERROR: Failed to add module \"%s\". Probable cause : \"%s\".\n",
- "Unused error string",
- "ERROR: Out of memory.\n",
- "ERROR: Cannot delete internal module.\n",
- "ERROR: Failed to delete module \"%s\".\n",
- "ERROR: Unable to obtain lock on module list.\n",
- "ERROR: Unable to obtain module list.\n",
- "ERROR: Module \"%s\" not found in database.\n",
- "ERROR: Unable to get information about module \"%s\".\n",
- "ERROR: Unable to get information about slot \"%s\".\n",
- "ERROR: Unable to get information about token \"%s\".\n",
- "ERROR: Token \"%s\" not found.\n",
- "ERROR: Unable to change password on token \"%s\".\n",
- "ERROR: Incorrect password.\n",
- "ERROR: Unable to access database \"%s\".\n",
- "ERROR: Unable to authenticate to token \"%s\".\n",
- "ERROR: Slot \"%s\" not found.\n",
- "ERROR: Failed to %s slot \"%s\".\n",
- "ERROR: Failed to update module \"%s\".\n",
- "ERROR: Failed to change defaults.\n",
- "ERROR: Failed to change default.\n",
- "ERROR: Unable to read from standard input.\n",
- "ERROR: Unknown error occurred.\n",
- "ERROR: -nocertdb option can only be used with the -jar command.\n"
- "ERROR: NSS_Initialize() failed.\n"
+ "Operation completed successfully.\n",
+ "ERROR: Invalid command line.\n",
+ "ERROR: Not expecting argument \"%s\".\n",
+ "ERROR: Unknown option: %s.\n",
+ "ERROR: %s: multiple commands are not allowed on the command line.\n",
+ "ERROR: %s: option needs an argument.\n",
+ "ERROR: %s: option cannot be given more than once.\n",
+ "ERROR: Command \"%s\" requires parameter \"%s\".\n",
+ "ERROR: Argument to -fips must be \"true\" or \"false\".\n",
+ "ERROR: No command was specified.\n",
+ "ERROR: Cannot determine database directory: use the -dbdir option.\n",
+ "ERROR: Unable to switch FIPS modes.\n",
+ "FIPS mode already enabled.\n",
+ "FIPS mode already disabled.\n",
+ "ERROR: File \"%s\" already exists.\n",
+ "ERROR: File \"%s\" does not exist.\n",
+ "ERROR: File \"%s\" is not readable.\n",
+ "ERROR: File \"%s\" is not writeable.\n",
+ "ERROR: Directory \"%s\" does not exist.\n",
+ "ERROR: Directory \"%s\" is not readable.\n",
+ "ERROR: Directory \"%s\" is not writeable.\n",
+ "\"%s\" is not a recognized value.\n",
+ "ERROR: Failed to add module \"%s\". Probable cause : \"%s\".\n",
+ "Unused error string",
+ "ERROR: Out of memory.\n",
+ "ERROR: Cannot delete internal module.\n",
+ "ERROR: Failed to delete module \"%s\".\n",
+ "ERROR: Unable to obtain lock on module list.\n",
+ "ERROR: Unable to obtain module list.\n",
+ "ERROR: Module \"%s\" not found in database.\n",
+ "ERROR: Unable to get information about module \"%s\".\n",
+ "ERROR: Unable to get information about slot \"%s\".\n",
+ "ERROR: Unable to get information about token \"%s\".\n",
+ "ERROR: Token \"%s\" not found.\n",
+ "ERROR: Unable to change password on token \"%s\".\n",
+ "ERROR: Incorrect password.\n",
+ "ERROR: Unable to access database \"%s\".\n",
+ "ERROR: Unable to authenticate to token \"%s\".\n",
+ "ERROR: Slot \"%s\" not found.\n",
+ "ERROR: Failed to %s slot \"%s\".\n",
+ "ERROR: Failed to update module \"%s\".\n",
+ "ERROR: Failed to change defaults.\n",
+ "ERROR: Failed to change default.\n",
+ "ERROR: Unable to read from standard input.\n",
+ "ERROR: Unknown error occurred.\n",
+ "ERROR: -nocertdb option can only be used with the -jar command.\n"
+ "ERROR: NSS_Initialize() failed.\n"
};
typedef enum {
- FIPS_ENABLED_MSG=0,
- FIPS_DISABLED_MSG,
- USING_DBDIR_MSG,
- CREATING_DB_MSG,
- ADD_MODULE_SUCCESS_MSG,
- DELETE_SUCCESS_MSG,
- CHANGEPW_SUCCESS_MSG,
- BAD_PW_MSG,
- PW_MATCH_MSG,
- DONE_MSG,
- ENABLE_SUCCESS_MSG,
- DEFAULT_SUCCESS_MSG,
- UNDEFAULT_SUCCESS_MSG,
- BROWSER_RUNNING_MSG,
- ABORTING_MSG,
+ FIPS_ENABLED_MSG = 0,
+ FIPS_DISABLED_MSG,
+ USING_DBDIR_MSG,
+ CREATING_DB_MSG,
+ ADD_MODULE_SUCCESS_MSG,
+ DELETE_SUCCESS_MSG,
+ CHANGEPW_SUCCESS_MSG,
+ BAD_PW_MSG,
+ PW_MATCH_MSG,
+ DONE_MSG,
+ ENABLE_SUCCESS_MSG,
+ DEFAULT_SUCCESS_MSG,
+ UNDEFAULT_SUCCESS_MSG,
+ BROWSER_RUNNING_MSG,
+ ABORTING_MSG,
- LAST_MSG /* must be last */
+ LAST_MSG /* must be last */
} Message;
/* defined in modutil.c */
diff --git a/cmd/modutil/install-ds.c b/cmd/modutil/install-ds.c
index e0cb58eea..c8fef7897 100644
--- a/cmd/modutil/install-ds.c
+++ b/cmd/modutil/install-ds.c
@@ -29,1242 +29,1265 @@
/* Error codes */
enum {
- BOGUS_RELATIVE_DIR=0,
- BOGUS_ABSOLUTE_DIR,
- BOGUS_FILE_PERMISSIONS,
- NO_RELATIVE_DIR,
- NO_ABSOLUTE_DIR,
- EMPTY_PLATFORM_STRING,
- BOGUS_PLATFORM_STRING,
- REPEAT_MODULE_FILE,
- REPEAT_MODULE_NAME,
- BOGUS_MODULE_FILE,
- BOGUS_MODULE_NAME,
- REPEAT_MECH,
- BOGUS_MECH_FLAGS,
- REPEAT_CIPHER,
- BOGUS_CIPHER_FLAGS,
- REPEAT_FILES,
- REPEAT_EQUIV,
- BOGUS_EQUIV,
- EQUIV_TOO_MUCH_INFO,
- NO_FILES,
- NO_MODULE_FILE,
- NO_MODULE_NAME,
- NO_PLATFORMS,
- EQUIV_LOOP,
- UNKNOWN_MODULE_FILE
+ BOGUS_RELATIVE_DIR = 0,
+ BOGUS_ABSOLUTE_DIR,
+ BOGUS_FILE_PERMISSIONS,
+ NO_RELATIVE_DIR,
+ NO_ABSOLUTE_DIR,
+ EMPTY_PLATFORM_STRING,
+ BOGUS_PLATFORM_STRING,
+ REPEAT_MODULE_FILE,
+ REPEAT_MODULE_NAME,
+ BOGUS_MODULE_FILE,
+ BOGUS_MODULE_NAME,
+ REPEAT_MECH,
+ BOGUS_MECH_FLAGS,
+ REPEAT_CIPHER,
+ BOGUS_CIPHER_FLAGS,
+ REPEAT_FILES,
+ REPEAT_EQUIV,
+ BOGUS_EQUIV,
+ EQUIV_TOO_MUCH_INFO,
+ NO_FILES,
+ NO_MODULE_FILE,
+ NO_MODULE_NAME,
+ NO_PLATFORMS,
+ EQUIV_LOOP,
+ UNKNOWN_MODULE_FILE
};
/* Indexed by the above error codes */
-static const char *errString[] = {
- "%s: Invalid relative directory",
- "%s: Invalid absolute directory",
- "%s: Invalid file permissions",
- "%s: No relative directory specified",
- "%s: No absolute directory specified",
- "Empty string given for platform name",
- "%s: invalid platform string",
- "More than one ModuleFile entry given for platform %s",
- "More than one ModuleName entry given for platform %s",
- "Invalid ModuleFile specification for platform %s",
- "Invalid ModuleName specification for platform %s",
- "More than one DefaultMechanismFlags entry given for platform %s",
- "Invalid DefaultMechanismFlags specification for platform %s",
- "More than one DefaultCipherFlags entry given for platform %s",
- "Invalid DefaultCipherFlags entry given for platform %s",
- "More than one Files entry given for platform %s",
- "More than one EquivalentPlatform entry given for platform %s",
- "Invalid EquivalentPlatform specification for platform %s",
- "Module %s uses an EquivalentPlatform but also specifies its own"
- " information",
- "No Files specification in module %s",
- "No ModuleFile specification in module %s",
- "No ModuleName specification in module %s",
- "No Platforms specification in installer script",
- "Platform %s has an equivalency loop",
- "Module file \"%s\" in platform \"%s\" does not exist"
+static const char* errString[] = {
+ "%s: Invalid relative directory",
+ "%s: Invalid absolute directory",
+ "%s: Invalid file permissions",
+ "%s: No relative directory specified",
+ "%s: No absolute directory specified",
+ "Empty string given for platform name",
+ "%s: invalid platform string",
+ "More than one ModuleFile entry given for platform %s",
+ "More than one ModuleName entry given for platform %s",
+ "Invalid ModuleFile specification for platform %s",
+ "Invalid ModuleName specification for platform %s",
+ "More than one DefaultMechanismFlags entry given for platform %s",
+ "Invalid DefaultMechanismFlags specification for platform %s",
+ "More than one DefaultCipherFlags entry given for platform %s",
+ "Invalid DefaultCipherFlags entry given for platform %s",
+ "More than one Files entry given for platform %s",
+ "More than one EquivalentPlatform entry given for platform %s",
+ "Invalid EquivalentPlatform specification for platform %s",
+ "Module %s uses an EquivalentPlatform but also specifies its own"
+ " information",
+ "No Files specification in module %s",
+ "No ModuleFile specification in module %s",
+ "No ModuleName specification in module %s",
+ "No Platforms specification in installer script",
+ "Platform %s has an equivalency loop",
+ "Module file \"%s\" in platform \"%s\" does not exist"
};
static char* PR_Strdup(const char* str);
-#define PAD(x) {int i; for(i=0;i<x;i++) printf(" ");}
+#define PAD(x) \
+ { \
+ int i; \
+ for (i = 0; i < x; i++) \
+ printf(" "); \
+ }
#define PADINC 4
Pk11Install_File*
Pk11Install_File_new()
{
- Pk11Install_File* new_this;
- new_this = (Pk11Install_File*)PR_Malloc(sizeof(Pk11Install_File));
- Pk11Install_File_init(new_this);
- return new_this;
+ Pk11Install_File* new_this;
+ new_this = (Pk11Install_File*)PR_Malloc(sizeof(Pk11Install_File));
+ Pk11Install_File_init(new_this);
+ return new_this;
}
void
Pk11Install_File_init(Pk11Install_File* _this)
{
- _this->jarPath=NULL;
- _this->relativePath=NULL;
- _this->absolutePath=NULL;
- _this->executable=PR_FALSE;
- _this->permissions=0;
+ _this->jarPath = NULL;
+ _this->relativePath = NULL;
+ _this->absolutePath = NULL;
+ _this->executable = PR_FALSE;
+ _this->permissions = 0;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: ~Pk11Install_File
-// Class: Pk11Install_File
-// Notes: Destructor.
+// Method: ~Pk11Install_File
+// Class: Pk11Install_File
+// Notes: Destructor.
*/
void
Pk11Install_File_delete(Pk11Install_File* _this)
{
- Pk11Install_File_Cleanup(_this);
+ Pk11Install_File_Cleanup(_this);
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Cleanup
-// Class: Pk11Install_File
+// Method: Cleanup
+// Class: Pk11Install_File
*/
void
Pk11Install_File_Cleanup(Pk11Install_File* _this)
{
- if(_this->jarPath) {
- PR_Free(_this->jarPath);
- _this->jarPath = NULL;
- }
- if(_this->relativePath) {
- PR_Free(_this->relativePath);
- _this->relativePath = NULL;
- }
- if(_this->absolutePath) {
- PR_Free(_this->absolutePath);
- _this->absolutePath = NULL;
- }
-
- _this->permissions = 0;
- _this->executable = PR_FALSE;
+ if (_this->jarPath) {
+ PR_Free(_this->jarPath);
+ _this->jarPath = NULL;
+ }
+ if (_this->relativePath) {
+ PR_Free(_this->relativePath);
+ _this->relativePath = NULL;
+ }
+ if (_this->absolutePath) {
+ PR_Free(_this->absolutePath);
+ _this->absolutePath = NULL;
+ }
+
+ _this->permissions = 0;
+ _this->executable = PR_FALSE;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Generate
-// Class: Pk11Install_File
-// Notes: Creates a file data structure from a syntax tree.
-// Returns: NULL for success, otherwise an error message.
+// Method: Generate
+// Class: Pk11Install_File
+// Notes: Creates a file data structure from a syntax tree.
+// Returns: NULL for success, otherwise an error message.
*/
char*
Pk11Install_File_Generate(Pk11Install_File* _this,
- const Pk11Install_Pair *pair)
+ const Pk11Install_Pair* pair)
{
- Pk11Install_ListIter *iter;
- Pk11Install_Value *val;
- Pk11Install_Pair *subpair;
- Pk11Install_ListIter *subiter;
- Pk11Install_Value *subval;
- char* errStr;
- char *endp;
- PRBool gotPerms;
-
- iter=NULL;
- subiter=NULL;
- errStr=NULL;
- gotPerms=PR_FALSE;
-
- /* Clear out old values */
- Pk11Install_File_Cleanup(_this);
-
- _this->jarPath = PR_Strdup(pair->key);
-
- /* Go through all the pairs under this file heading */
- iter = Pk11Install_ListIter_new(pair->list);
- for( ; (val = iter->current); Pk11Install_ListIter_nextItem(iter)) {
- if(val->type == PAIR_VALUE) {
- subpair = val->pair;
-
- /* Relative directory */
- if(!PORT_Strcasecmp(subpair->key, RELATIVE_DIR_STRING)) {
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)){
- errStr = PR_smprintf(errString[BOGUS_RELATIVE_DIR],
- _this->jarPath);
- goto loser;
- }
- _this->relativePath = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(&subiter);
-
- /* Absolute directory */
- } else if( !PORT_Strcasecmp(subpair->key, ABSOLUTE_DIR_STRING)) {
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)){
- errStr = PR_smprintf(errString[BOGUS_ABSOLUTE_DIR],
- _this->jarPath);
- goto loser;
- }
- _this->absolutePath = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(&subiter);
-
- /* file permissions */
- } else if( !PORT_Strcasecmp(subpair->key,
- FILE_PERMISSIONS_STRING)) {
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE) ||
- !subval->string || !subval->string[0]){
- errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
- _this->jarPath);
- goto loser;
- }
- _this->permissions = (int) strtol(subval->string, &endp, 8);
- if(*endp != '\0') {
- errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
- _this->jarPath);
- goto loser;
- }
- gotPerms = PR_TRUE;
- Pk11Install_ListIter_delete(&subiter);
- }
- } else {
- if(!PORT_Strcasecmp(val->string, EXECUTABLE_STRING)) {
- _this->executable = PR_TRUE;
- }
- }
- }
-
- /* Default permission value */
- if(!gotPerms) {
- _this->permissions = DEFAULT_PERMISSIONS;
- }
-
- /* Make sure we got all the information */
- if(!_this->relativePath && !_this->absolutePath) {
- errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath);
- goto loser;
- }
+ Pk11Install_ListIter* iter;
+ Pk11Install_Value* val;
+ Pk11Install_Pair* subpair;
+ Pk11Install_ListIter* subiter;
+ Pk11Install_Value* subval;
+ char* errStr;
+ char* endp;
+ PRBool gotPerms;
+
+ iter = NULL;
+ subiter = NULL;
+ errStr = NULL;
+ gotPerms = PR_FALSE;
+
+ /* Clear out old values */
+ Pk11Install_File_Cleanup(_this);
+
+ _this->jarPath = PR_Strdup(pair->key);
+
+ /* Go through all the pairs under this file heading */
+ iter = Pk11Install_ListIter_new(pair->list);
+ for (; (val = iter->current); Pk11Install_ListIter_nextItem(iter)) {
+ if (val->type == PAIR_VALUE) {
+ subpair = val->pair;
+
+ /* Relative directory */
+ if (!PORT_Strcasecmp(subpair->key, RELATIVE_DIR_STRING)) {
+ subiter = Pk11Install_ListIter_new(subpair->list);
+ subval = subiter->current;
+ if (!subval || (subval->type != STRING_VALUE)) {
+ errStr = PR_smprintf(errString[BOGUS_RELATIVE_DIR],
+ _this->jarPath);
+ goto loser;
+ }
+ _this->relativePath = PR_Strdup(subval->string);
+ Pk11Install_ListIter_delete(&subiter);
+
+ /* Absolute directory */
+ } else if (!PORT_Strcasecmp(subpair->key, ABSOLUTE_DIR_STRING)) {
+ subiter = Pk11Install_ListIter_new(subpair->list);
+ subval = subiter->current;
+ if (!subval || (subval->type != STRING_VALUE)) {
+ errStr = PR_smprintf(errString[BOGUS_ABSOLUTE_DIR],
+ _this->jarPath);
+ goto loser;
+ }
+ _this->absolutePath = PR_Strdup(subval->string);
+ Pk11Install_ListIter_delete(&subiter);
+
+ /* file permissions */
+ } else if (!PORT_Strcasecmp(subpair->key,
+ FILE_PERMISSIONS_STRING)) {
+ subiter = Pk11Install_ListIter_new(subpair->list);
+ subval = subiter->current;
+ if (!subval || (subval->type != STRING_VALUE) ||
+ !subval->string || !subval->string[0]) {
+ errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
+ _this->jarPath);
+ goto loser;
+ }
+ _this->permissions = (int)strtol(subval->string, &endp, 8);
+ if (*endp != '\0') {
+ errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
+ _this->jarPath);
+ goto loser;
+ }
+ gotPerms = PR_TRUE;
+ Pk11Install_ListIter_delete(&subiter);
+ }
+ } else {
+ if (!PORT_Strcasecmp(val->string, EXECUTABLE_STRING)) {
+ _this->executable = PR_TRUE;
+ }
+ }
+ }
+
+ /* Default permission value */
+ if (!gotPerms) {
+ _this->permissions = DEFAULT_PERMISSIONS;
+ }
+
+ /* Make sure we got all the information */
+ if (!_this->relativePath && !_this->absolutePath) {
+ errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath);
+ goto loser;
+ }
#if 0
- if(!_this->relativePath ) {
- errStr = PR_smprintf(errString[NO_RELATIVE_DIR], _this->jarPath);
- goto loser;
- }
- if(!_this->absolutePath) {
- errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath);
- goto loser;
- }
+ if(!_this->relativePath ) {
+ errStr = PR_smprintf(errString[NO_RELATIVE_DIR], _this->jarPath);
+ goto loser;
+ }
+ if(!_this->absolutePath) {
+ errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath);
+ goto loser;
+ }
#endif
loser:
- if(iter) {
- Pk11Install_ListIter_delete(&iter);
- }
- if(subiter) {
- Pk11Install_ListIter_delete(&subiter);
- }
- return errStr;
+ if (iter) {
+ Pk11Install_ListIter_delete(&iter);
+ }
+ if (subiter) {
+ Pk11Install_ListIter_delete(&subiter);
+ }
+ return errStr;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Print
-// Class: Pk11Install_File
+// Method: Print
+// Class: Pk11Install_File
*/
void
Pk11Install_File_Print(Pk11Install_File* _this, int pad)
{
- PAD(pad); printf("jarPath: %s\n",
- _this->jarPath ? _this->jarPath : "<NULL>");
- PAD(pad); printf("relativePath: %s\n",
- _this->relativePath ? _this->relativePath: "<NULL>");
- PAD(pad); printf("absolutePath: %s\n",
- _this->absolutePath ? _this->absolutePath: "<NULL>");
- PAD(pad); printf("permissions: %o\n", _this->permissions);
+ PAD(pad);
+ printf("jarPath: %s\n",
+ _this->jarPath ? _this->jarPath : "<NULL>");
+ PAD(pad);
+ printf("relativePath: %s\n",
+ _this->relativePath ? _this->relativePath : "<NULL>");
+ PAD(pad);
+ printf("absolutePath: %s\n",
+ _this->absolutePath ? _this->absolutePath : "<NULL>");
+ PAD(pad);
+ printf("permissions: %o\n", _this->permissions);
}
Pk11Install_PlatformName*
Pk11Install_PlatformName_new()
{
- Pk11Install_PlatformName* new_this;
- new_this = (Pk11Install_PlatformName*)
- PR_Malloc(sizeof(Pk11Install_PlatformName));
- Pk11Install_PlatformName_init(new_this);
- return new_this;
+ Pk11Install_PlatformName* new_this;
+ new_this = (Pk11Install_PlatformName*)
+ PR_Malloc(sizeof(Pk11Install_PlatformName));
+ Pk11Install_PlatformName_init(new_this);
+ return new_this;
}
void
Pk11Install_PlatformName_init(Pk11Install_PlatformName* _this)
{
- _this->OS = NULL;
- _this->verString = NULL;
- _this->numDigits = 0;
- _this->arch = NULL;
+ _this->OS = NULL;
+ _this->verString = NULL;
+ _this->numDigits = 0;
+ _this->arch = NULL;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: ~Pk11Install_PlatformName
-// Class: Pk11Install_PlatformName
+// Method: ~Pk11Install_PlatformName
+// Class: Pk11Install_PlatformName
*/
void
Pk11Install_PlatformName_delete(Pk11Install_PlatformName* _this)
{
- Pk11Install_PlatformName_Cleanup(_this);
+ Pk11Install_PlatformName_Cleanup(_this);
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Cleanup
-// Class: Pk11Install_PlatformName
+// Method: Cleanup
+// Class: Pk11Install_PlatformName
*/
void
Pk11Install_PlatformName_Cleanup(Pk11Install_PlatformName* _this)
{
- if(_this->OS) {
- PR_Free(_this->OS);
- _this->OS = NULL;
- }
- if(_this->verString) {
- int i;
- for (i=0; i<_this->numDigits; i++) {
- PR_Free(_this->verString[i]);
- }
- PR_Free(_this->verString);
- _this->verString = NULL;
- }
- if(_this->arch) {
- PR_Free(_this->arch);
- _this->arch = NULL;
- }
- _this->numDigits = 0;
+ if (_this->OS) {
+ PR_Free(_this->OS);
+ _this->OS = NULL;
+ }
+ if (_this->verString) {
+ int i;
+ for (i = 0; i < _this->numDigits; i++) {
+ PR_Free(_this->verString[i]);
+ }
+ PR_Free(_this->verString);
+ _this->verString = NULL;
+ }
+ if (_this->arch) {
+ PR_Free(_this->arch);
+ _this->arch = NULL;
+ }
+ _this->numDigits = 0;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Generate
-// Class: Pk11Install_PlatformName
-// Notes: Extracts the information from a platform string.
+// Method: Generate
+// Class: Pk11Install_PlatformName
+// Notes: Extracts the information from a platform string.
*/
char*
Pk11Install_PlatformName_Generate(Pk11Install_PlatformName* _this,
- const char *str)
+ const char* str)
{
- char *errStr;
- char *copy;
- char *end, *start; /* start and end of a section (OS, version, arch)*/
- char *pend, *pstart; /* start and end of one portion of version*/
- char *endp; /* used by strtol*/
- int periods, i;
-
- errStr=NULL;
- copy=NULL;
-
- if(!str) {
- errStr = PR_smprintf(errString[EMPTY_PLATFORM_STRING]);
- goto loser;
- }
- copy = PR_Strdup(str);
-
- /*
- // Get the OS
- */
- end = strchr(copy, PLATFORM_SEPARATOR_CHAR);
- if(!end || end==copy) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- *end = '\0';
-
- _this->OS = PR_Strdup(copy);
-
- /*
- // Get the digits of the version of form: x.x.x (arbitrary number of digits)
- */
-
- start = end+1;
- end = strchr(start, PLATFORM_SEPARATOR_CHAR);
- if(!end) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- *end = '\0';
-
- if(end!=start) {
- /* Find out how many periods*/
- periods = 0;
- pstart = start;
- while( (pend=strchr(pstart, '.')) ) {
- periods++;
- pstart = pend+1;
- }
- _this->numDigits= 1+ periods;
- _this->verString = (char**)PR_Malloc(sizeof(char*)*_this->numDigits);
-
- pstart = start;
- i = 0;
- /* Get the digits before each period*/
- while( (pend=strchr(pstart, '.')) ) {
- if(pend == pstart) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- *pend = '\0';
- _this->verString[i] = PR_Strdup(pstart);
- endp = pend;
- if(endp==pstart || (*endp != '\0')) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- pstart = pend+1;
- i++;
- }
- /* Last digit comes after the last period*/
- if(*pstart == '\0') {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- _this->verString[i] = PR_Strdup(pstart);
- /*
- if(endp==pstart || (*endp != '\0')) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- */
- } else {
- _this->verString = NULL;
- _this->numDigits = 0;
- }
-
- /*
- // Get the architecture
- */
- start = end+1;
- if( strchr(start, PLATFORM_SEPARATOR_CHAR) ) {
- errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
- goto loser;
- }
- _this->arch = PR_Strdup(start);
-
- if(copy) {
- PR_Free(copy);
- }
- return NULL;
+ char* errStr;
+ char* copy;
+ char *end, *start; /* start and end of a section (OS, version, arch)*/
+ char *pend, *pstart; /* start and end of one portion of version*/
+ char* endp; /* used by strtol*/
+ int periods, i;
+
+ errStr = NULL;
+ copy = NULL;
+
+ if (!str) {
+ errStr = PR_smprintf(errString[EMPTY_PLATFORM_STRING]);
+ goto loser;
+ }
+ copy = PR_Strdup(str);
+
+ /*
+ // Get the OS
+ */
+ end = strchr(copy, PLATFORM_SEPARATOR_CHAR);
+ if (!end || end == copy) {
+ errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+ goto loser;
+ }
+ *end = '\0';
+
+ _this->OS = PR_Strdup(copy);
+
+ /*
+ // Get the digits of the version of form: x.x.x (arbitrary number of digits)
+ */
+
+ start = end + 1;
+ end = strchr(start, PLATFORM_SEPARATOR_CHAR);
+ if (!end) {
+ errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+ goto loser;
+ }
+ *end = '\0';
+
+ if (end != start) {
+ /* Find out how many periods*/
+ periods = 0;
+ pstart = start;
+ while ((pend = strchr(pstart, '.'))) {
+ periods++;
+ pstart = pend + 1;
+ }
+ _this->numDigits = 1 + periods;
+ _this->verString = (char**)PR_Malloc(sizeof(char*) * _this->numDigits);
+
+ pstart = start;
+ i = 0;
+ /* Get the digits before each period*/
+ while ((pend = strchr(pstart, '.'))) {
+ if (pend == pstart) {
+ errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+ goto loser;
+ }
+ *pend = '\0';
+ _this->verString[i] = PR_Strdup(pstart);
+ endp = pend;
+ if (endp == pstart || (*endp != '\0')) {
+ errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+ goto loser;
+ }
+ pstart = pend + 1;
+ i++;
+ }
+ /* Last digit comes after the last period*/
+ if (*pstart == '\0') {
+ errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+ goto loser;
+ }
+ _this->verString[i] = PR_Strdup(pstart);
+ /*
+ if(endp==pstart || (*endp != '\0')) {
+ errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+ goto loser;
+ }
+ */
+ } else {
+ _this->verString = NULL;
+ _this->numDigits = 0;
+ }
+
+ /*
+ // Get the architecture
+ */
+ start = end + 1;
+ if (strchr(start, PLATFORM_SEPARATOR_CHAR)) {
+ errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+ goto loser;
+ }
+ _this->arch = PR_Strdup(start);
+
+ if (copy) {
+ PR_Free(copy);
+ }
+ return NULL;
loser:
- if(_this->OS) {
- PR_Free(_this->OS);
- _this->OS = NULL;
- }
- if(_this->verString) {
- for (i=0; i<_this->numDigits; i++) {
- PR_Free(_this->verString[i]);
- }
- PR_Free(_this->verString);
- _this->verString = NULL;
- }
- _this->numDigits = 0;
- if(_this->arch) {
- PR_Free(_this->arch);
- _this->arch = NULL;
- }
- if(copy) {
- PR_Free(copy);
- }
-
- return errStr;
+ if (_this->OS) {
+ PR_Free(_this->OS);
+ _this->OS = NULL;
+ }
+ if (_this->verString) {
+ for (i = 0; i < _this->numDigits; i++) {
+ PR_Free(_this->verString[i]);
+ }
+ PR_Free(_this->verString);
+ _this->verString = NULL;
+ }
+ _this->numDigits = 0;
+ if (_this->arch) {
+ PR_Free(_this->arch);
+ _this->arch = NULL;
+ }
+ if (copy) {
+ PR_Free(copy);
+ }
+
+ return errStr;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: operator ==
-// Class: Pk11Install_PlatformName
-// Returns: PR_TRUE if the platform have the same OS, arch, and version
+// Method: operator ==
+// Class: Pk11Install_PlatformName
+// Returns: PR_TRUE if the platform have the same OS, arch, and version
*/
PRBool
Pk11Install_PlatformName_equal(Pk11Install_PlatformName* _this,
- Pk11Install_PlatformName* cmp)
+ Pk11Install_PlatformName* cmp)
{
- int i;
-
- if(!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) {
- return PR_FALSE;
- }
-
- if( PORT_Strcasecmp(_this->OS, cmp->OS) ||
- PORT_Strcasecmp(_this->arch, cmp->arch) ||
- _this->numDigits != cmp->numDigits ) {
- return PR_FALSE;
- }
-
- for(i=0; i < _this->numDigits; i++) {
- if(PORT_Strcasecmp(_this->verString[i], cmp->verString[i])) {
- return PR_FALSE;
- }
- }
- return PR_TRUE;
+ int i;
+
+ if (!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) {
+ return PR_FALSE;
+ }
+
+ if (PORT_Strcasecmp(_this->OS, cmp->OS) ||
+ PORT_Strcasecmp(_this->arch, cmp->arch) ||
+ _this->numDigits != cmp->numDigits) {
+ return PR_FALSE;
+ }
+
+ for (i = 0; i < _this->numDigits; i++) {
+ if (PORT_Strcasecmp(_this->verString[i], cmp->verString[i])) {
+ return PR_FALSE;
+ }
+ }
+ return PR_TRUE;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: operator <=
-// Class: Pk11Install_PlatformName
-// Returns: PR_TRUE if the platform have the same OS and arch and a lower
-// or equal release.
+// Method: operator <=
+// Class: Pk11Install_PlatformName
+// Returns: PR_TRUE if the platform have the same OS and arch and a lower
+// or equal release.
*/
PRBool
Pk11Install_PlatformName_lteq(Pk11Install_PlatformName* _this,
Pk11Install_PlatformName* cmp)
{
- return (Pk11Install_PlatformName_equal(_this,cmp) ||
- Pk11Install_PlatformName_lt(_this,cmp)) ? PR_TRUE : PR_FALSE;
+ return (Pk11Install_PlatformName_equal(_this, cmp) ||
+ Pk11Install_PlatformName_lt(_this, cmp))
+ ? PR_TRUE
+ : PR_FALSE;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: operator <
-// Class: Pk11Install_PlatformName
-// Returns: PR_TRUE if the platform have the same OS and arch and a greater
-// release.
+// Method: operator <
+// Class: Pk11Install_PlatformName
+// Returns: PR_TRUE if the platform have the same OS and arch and a greater
+// release.
*/
PRBool
Pk11Install_PlatformName_lt(Pk11Install_PlatformName* _this,
Pk11Install_PlatformName* cmp)
{
- int i, scmp;
-
- if(!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) {
- return PR_FALSE;
- }
-
- if( PORT_Strcasecmp(_this->OS, cmp->OS) ) {
- return PR_FALSE;
- }
- if( PORT_Strcasecmp(_this->arch, cmp->arch) ) {
- return PR_FALSE;
- }
-
- for(i=0; (i < _this->numDigits) && (i < cmp->numDigits); i++) {
- scmp = PORT_Strcasecmp(_this->verString[i], cmp->verString[i]);
- if (scmp > 0) {
- return PR_FALSE;
- } else if (scmp < 0) {
- return PR_TRUE;
- }
- }
- /* All the digits they have in common are the same. */
- if(_this->numDigits < cmp->numDigits) {
- return PR_TRUE;
- }
-
- return PR_FALSE;
+ int i, scmp;
+
+ if (!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) {
+ return PR_FALSE;
+ }
+
+ if (PORT_Strcasecmp(_this->OS, cmp->OS)) {
+ return PR_FALSE;
+ }
+ if (PORT_Strcasecmp(_this->arch, cmp->arch)) {
+ return PR_FALSE;
+ }
+
+ for (i = 0; (i < _this->numDigits) && (i < cmp->numDigits); i++) {
+ scmp = PORT_Strcasecmp(_this->verString[i], cmp->verString[i]);
+ if (scmp > 0) {
+ return PR_FALSE;
+ } else if (scmp < 0) {
+ return PR_TRUE;
+ }
+ }
+ /* All the digits they have in common are the same. */
+ if (_this->numDigits < cmp->numDigits) {
+ return PR_TRUE;
+ }
+
+ return PR_FALSE;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: GetString
-// Class: Pk11Install_PlatformName
-// Returns: String composed of OS, release, and architecture separated
-// by the separator char. Memory is allocated by this function
-// but is the responsibility of the caller to de-allocate.
+// Method: GetString
+// Class: Pk11Install_PlatformName
+// Returns: String composed of OS, release, and architecture separated
+// by the separator char. Memory is allocated by this function
+// but is the responsibility of the caller to de-allocate.
*/
char*
-Pk11Install_PlatformName_GetString(Pk11Install_PlatformName* _this)
+Pk11Install_PlatformName_GetString(Pk11Install_PlatformName* _this)
{
- char *ret;
- char *ver;
- char *OS_;
- char *arch_;
+ char* ret;
+ char* ver;
+ char* OS_;
+ char* arch_;
- OS_=NULL;
- arch_=NULL;
+ OS_ = NULL;
+ arch_ = NULL;
- OS_ = _this->OS ? _this->OS : "";
- arch_ = _this->arch ? _this->arch : "";
+ OS_ = _this->OS ? _this->OS : "";
+ arch_ = _this->arch ? _this->arch : "";
- ver = Pk11Install_PlatformName_GetVerString(_this);
- ret = PR_smprintf("%s%c%s%c%s", OS_, PLATFORM_SEPARATOR_CHAR, ver,
- PLATFORM_SEPARATOR_CHAR, arch_);
+ ver = Pk11Install_PlatformName_GetVerString(_this);
+ ret = PR_smprintf("%s%c%s%c%s", OS_, PLATFORM_SEPARATOR_CHAR, ver,
+ PLATFORM_SEPARATOR_CHAR, arch_);
- PR_Free(ver);
+ PR_Free(ver);
- return ret;
+ return ret;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: GetVerString
-// Class: Pk11Install_PlatformName
-// Returns: The version string for this platform, in the form x.x.x with an
-// arbitrary number of digits. Memory allocated by function,
-// must be de-allocated by caller.
+// Method: GetVerString
+// Class: Pk11Install_PlatformName
+// Returns: The version string for this platform, in the form x.x.x with an
+// arbitrary number of digits. Memory allocated by function,
+// must be de-allocated by caller.
*/
char*
-Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this)
+Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this)
{
- char *tmp;
- char *ret;
- int i;
- char buf[80];
-
- tmp = (char*)PR_Malloc(80*_this->numDigits+1);
- tmp[0] = '\0';
-
- for(i=0; i < _this->numDigits-1; i++) {
- sprintf(buf, "%s.", _this->verString[i]);
- strcat(tmp, buf);
- }
- if(i < _this->numDigits) {
- sprintf(buf, "%s", _this->verString[i]);
- strcat(tmp, buf);
- }
-
- ret = PR_Strdup(tmp);
- free(tmp);
-
- return ret;
+ char* tmp;
+ char* ret;
+ int i;
+ char buf[80];
+
+ tmp = (char*)PR_Malloc(80 * _this->numDigits + 1);
+ tmp[0] = '\0';
+
+ for (i = 0; i < _this->numDigits - 1; i++) {
+ sprintf(buf, "%s.", _this->verString[i]);
+ strcat(tmp, buf);
+ }
+ if (i < _this->numDigits) {
+ sprintf(buf, "%s", _this->verString[i]);
+ strcat(tmp, buf);
+ }
+
+ ret = PR_Strdup(tmp);
+ free(tmp);
+
+ return ret;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Print
-// Class: Pk11Install_PlatformName
+// Method: Print
+// Class: Pk11Install_PlatformName
*/
void
Pk11Install_PlatformName_Print(Pk11Install_PlatformName* _this, int pad)
{
- char *str = NULL;
- PAD(pad); printf("OS: %s\n", _this->OS ? _this->OS : "<NULL>");
- PAD(pad); printf("Digits: ");
- if(_this->numDigits == 0) {
- printf("None\n");
- } else {
- str = Pk11Install_PlatformName_GetVerString(_this);
- printf("%s\n", str);
- PR_Free(str);
- }
- PAD(pad); printf("arch: %s\n", _this->arch ? _this->arch : "<NULL>");
+ char* str = NULL;
+ PAD(pad);
+ printf("OS: %s\n", _this->OS ? _this->OS : "<NULL>");
+ PAD(pad);
+ printf("Digits: ");
+ if (_this->numDigits == 0) {
+ printf("None\n");
+ } else {
+ str = Pk11Install_PlatformName_GetVerString(_this);
+ printf("%s\n", str);
+ PR_Free(str);
+ }
+ PAD(pad);
+ printf("arch: %s\n", _this->arch ? _this->arch : "<NULL>");
}
Pk11Install_Platform*
Pk11Install_Platform_new()
{
- Pk11Install_Platform* new_this;
- new_this = (Pk11Install_Platform*)PR_Malloc(sizeof(Pk11Install_Platform));
- Pk11Install_Platform_init(new_this);
- return new_this;
+ Pk11Install_Platform* new_this;
+ new_this = (Pk11Install_Platform*)PR_Malloc(sizeof(Pk11Install_Platform));
+ Pk11Install_Platform_init(new_this);
+ return new_this;
}
void
Pk11Install_Platform_init(Pk11Install_Platform* _this)
{
- Pk11Install_PlatformName_init(&_this->name);
- Pk11Install_PlatformName_init(&_this->equivName);
- _this->equiv = NULL;
- _this->usesEquiv = PR_FALSE;
- _this->moduleFile = NULL;
- _this->moduleName = NULL;
- _this->modFile = -1;
- _this->mechFlags = 0;
- _this->cipherFlags = 0;
- _this->files = NULL;
- _this->numFiles = 0;
+ Pk11Install_PlatformName_init(&_this->name);
+ Pk11Install_PlatformName_init(&_this->equivName);
+ _this->equiv = NULL;
+ _this->usesEquiv = PR_FALSE;
+ _this->moduleFile = NULL;
+ _this->moduleName = NULL;
+ _this->modFile = -1;
+ _this->mechFlags = 0;
+ _this->cipherFlags = 0;
+ _this->files = NULL;
+ _this->numFiles = 0;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: ~Pk11Install_Platform
-// Class: Pk11Install_Platform
+// Method: ~Pk11Install_Platform
+// Class: Pk11Install_Platform
*/
void
Pk11Install_Platform_delete(Pk11Install_Platform* _this)
{
- Pk11Install_Platform_Cleanup(_this);
+ Pk11Install_Platform_Cleanup(_this);
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Cleanup
-// Class: Pk11Install_Platform
+// Method: Cleanup
+// Class: Pk11Install_Platform
*/
void
Pk11Install_Platform_Cleanup(Pk11Install_Platform* _this)
{
- int i;
- if(_this->moduleFile) {
- PR_Free(_this->moduleFile);
- _this->moduleFile = NULL;
- }
- if(_this->moduleName) {
- PR_Free(_this->moduleName);
- _this->moduleName = NULL;
- }
- if(_this->files) {
- for (i=0;i<_this->numFiles;i++) {
- Pk11Install_File_delete(&_this->files[i]);
- }
- PR_Free(_this->files);
- _this->files = NULL;
- }
- _this->equiv = NULL;
- _this->usesEquiv = PR_FALSE;
- _this->modFile = -1;
- _this->numFiles = 0;
- _this->mechFlags = _this->cipherFlags = 0;
+ int i;
+ if (_this->moduleFile) {
+ PR_Free(_this->moduleFile);
+ _this->moduleFile = NULL;
+ }
+ if (_this->moduleName) {
+ PR_Free(_this->moduleName);
+ _this->moduleName = NULL;
+ }
+ if (_this->files) {
+ for (i = 0; i < _this->numFiles; i++) {
+ Pk11Install_File_delete(&_this->files[i]);
+ }
+ PR_Free(_this->files);
+ _this->files = NULL;
+ }
+ _this->equiv = NULL;
+ _this->usesEquiv = PR_FALSE;
+ _this->modFile = -1;
+ _this->numFiles = 0;
+ _this->mechFlags = _this->cipherFlags = 0;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Generate
-// Class: Pk11Install_Platform
-// Notes: Creates a platform data structure from a syntax tree.
-// Returns: NULL for success, otherwise an error message.
+// Method: Generate
+// Class: Pk11Install_Platform
+// Notes: Creates a platform data structure from a syntax tree.
+// Returns: NULL for success, otherwise an error message.
*/
char*
Pk11Install_Platform_Generate(Pk11Install_Platform* _this,
- const Pk11Install_Pair *pair)
+ const Pk11Install_Pair* pair)
{
- char* errStr;
- char* endptr;
- char* tmp;
- int i;
- Pk11Install_ListIter *iter;
- Pk11Install_Value *val;
- Pk11Install_Value *subval;
- Pk11Install_Pair *subpair;
- Pk11Install_ListIter *subiter;
- PRBool gotModuleFile, gotModuleName, gotMech,
- gotCipher, gotFiles, gotEquiv;
-
- errStr=NULL;
- iter=subiter=NULL;
- val=subval=NULL;
- subpair=NULL;
- gotModuleFile=gotModuleName=gotMech=gotCipher=gotFiles=gotEquiv=PR_FALSE;
- Pk11Install_Platform_Cleanup(_this);
-
- errStr = Pk11Install_PlatformName_Generate(&_this->name,pair->key);
- if(errStr) {
- tmp = PR_smprintf("%s: %s", pair->key, errStr);
- PR_smprintf_free(errStr);
- errStr = tmp;
- goto loser;
- }
-
- iter = Pk11Install_ListIter_new(pair->list);
- for( ; (val=iter->current); Pk11Install_ListIter_nextItem(iter)) {
- if(val->type==PAIR_VALUE) {
- subpair = val->pair;
-
- if( !PORT_Strcasecmp(subpair->key, MODULE_FILE_STRING)) {
- if(gotModuleFile) {
- errStr = PR_smprintf(errString[REPEAT_MODULE_FILE],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)) {
- errStr = PR_smprintf(errString[BOGUS_MODULE_FILE],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- _this->moduleFile = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(&subiter);
- gotModuleFile = PR_TRUE;
- } else if(!PORT_Strcasecmp(subpair->key, MODULE_NAME_STRING)){
- if(gotModuleName) {
- errStr = PR_smprintf(errString[REPEAT_MODULE_NAME],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)) {
- errStr = PR_smprintf(errString[BOGUS_MODULE_NAME],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- _this->moduleName = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(&subiter);
- gotModuleName = PR_TRUE;
- } else if(!PORT_Strcasecmp(subpair->key, MECH_FLAGS_STRING)) {
- endptr=NULL;
-
- if(gotMech) {
- errStr = PR_smprintf(errString[REPEAT_MECH],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)) {
- errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- _this->mechFlags = strtol(subval->string, &endptr, 0);
- if(*endptr!='\0' || (endptr==subval->string) ) {
- errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- Pk11Install_ListIter_delete(&subiter);
- gotMech = PR_TRUE;
- } else if(!PORT_Strcasecmp(subpair->key,CIPHER_FLAGS_STRING)) {
- endptr=NULL;
-
- if(gotCipher) {
- errStr = PR_smprintf(errString[REPEAT_CIPHER],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE)) {
- errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- _this->cipherFlags = strtol(subval->string, &endptr, 0);
- if(*endptr!='\0' || (endptr==subval->string) ) {
- errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- Pk11Install_ListIter_delete(&subiter);
- gotCipher = PR_TRUE;
- } else if(!PORT_Strcasecmp(subpair->key, FILES_STRING)) {
- if(gotFiles) {
- errStr = PR_smprintf(errString[REPEAT_FILES],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- _this->numFiles = subpair->list->numPairs;
- _this->files = (Pk11Install_File*)
- PR_Malloc(sizeof(Pk11Install_File)*_this->numFiles);
- for(i=0; i < _this->numFiles; i++,
- Pk11Install_ListIter_nextItem(subiter)) {
- Pk11Install_File_init(&_this->files[i]);
- val = subiter->current;
- if(val && (val->type==PAIR_VALUE)) {
- errStr = Pk11Install_File_Generate(&_this->files[i],val->pair);
- if(errStr) {
- tmp = PR_smprintf("%s: %s",
- Pk11Install_PlatformName_GetString(&_this->name),errStr);
- PR_smprintf_free(errStr);
- errStr = tmp;
- goto loser;
- }
- }
- }
- gotFiles = PR_TRUE;
- } else if(!PORT_Strcasecmp(subpair->key,
- EQUIVALENT_PLATFORM_STRING)) {
- if(gotEquiv) {
- errStr = PR_smprintf(errString[REPEAT_EQUIV],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- subiter = Pk11Install_ListIter_new(subpair->list);
- subval = subiter->current;
- if(!subval || (subval->type != STRING_VALUE) ) {
- errStr = PR_smprintf(errString[BOGUS_EQUIV],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- errStr = Pk11Install_PlatformName_Generate(&_this->equivName,
- subval->string);
- if(errStr) {
- tmp = PR_smprintf("%s: %s",
- Pk11Install_PlatformName_GetString(&_this->name), errStr);
- tmp = PR_smprintf("%s: %s",
- Pk11Install_PlatformName_GetString(&_this->name), errStr);
- PR_smprintf_free(errStr);
- errStr = tmp;
- goto loser;
- }
- _this->usesEquiv = PR_TRUE;
- }
- }
- }
-
- /* Make sure we either have an EquivalentPlatform or all the other info */
- if(_this->usesEquiv &&
- (gotFiles || gotModuleFile || gotModuleName || gotMech || gotCipher)) {
- errStr = PR_smprintf(errString[EQUIV_TOO_MUCH_INFO],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- if(!gotFiles && !_this->usesEquiv) {
- errStr = PR_smprintf(errString[NO_FILES],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- if(!gotModuleFile && !_this->usesEquiv) {
- errStr= PR_smprintf(errString[NO_MODULE_FILE],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- if(!gotModuleName && !_this->usesEquiv) {
- errStr = PR_smprintf(errString[NO_MODULE_NAME],
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
-
- /* Point the modFile pointer to the correct file */
- if(gotModuleFile) {
- for(i=0; i < _this->numFiles; i++) {
- if(!PORT_Strcasecmp(_this->moduleFile, _this->files[i].jarPath) ) {
- _this->modFile = i;
- break;
- }
- }
- if(_this->modFile==-1) {
- errStr = PR_smprintf(errString[UNKNOWN_MODULE_FILE],
- _this->moduleFile,
- Pk11Install_PlatformName_GetString(&_this->name));
- goto loser;
- }
- }
-
+ char* errStr;
+ char* endptr;
+ char* tmp;
+ int i;
+ Pk11Install_ListIter* iter;
+ Pk11Install_Value* val;
+ Pk11Install_Value* subval;
+ Pk11Install_Pair* subpair;
+ Pk11Install_ListIter* subiter;
+ PRBool gotModuleFile, gotModuleName, gotMech,
+ gotCipher, gotFiles, gotEquiv;
+
+ errStr = NULL;
+ iter = subiter = NULL;
+ val = subval = NULL;
+ subpair = NULL;
+ gotModuleFile = gotModuleName = gotMech = gotCipher = gotFiles = gotEquiv = PR_FALSE;
+ Pk11Install_Platform_Cleanup(_this);
+
+ errStr = Pk11Install_PlatformName_Generate(&_this->name, pair->key);
+ if (errStr) {
+ tmp = PR_smprintf("%s: %s", pair->key, errStr);
+ PR_smprintf_free(errStr);
+ errStr = tmp;
+ goto loser;
+ }
+
+ iter = Pk11Install_ListIter_new(pair->list);
+ for (; (val = iter->current); Pk11Install_ListIter_nextItem(iter)) {
+ if (val->type == PAIR_VALUE) {
+ subpair = val->pair;
+
+ if (!PORT_Strcasecmp(subpair->key, MODULE_FILE_STRING)) {
+ if (gotModuleFile) {
+ errStr = PR_smprintf(errString[REPEAT_MODULE_FILE],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ subiter = Pk11Install_ListIter_new(subpair->list);
+ subval = subiter->current;
+ if (!subval || (subval->type != STRING_VALUE)) {
+ errStr = PR_smprintf(errString[BOGUS_MODULE_FILE],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ _this->moduleFile = PR_Strdup(subval->string);
+ Pk11Install_ListIter_delete(&subiter);
+ gotModuleFile = PR_TRUE;
+ } else if (!PORT_Strcasecmp(subpair->key, MODULE_NAME_STRING)) {
+ if (gotModuleName) {
+ errStr = PR_smprintf(errString[REPEAT_MODULE_NAME],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ subiter = Pk11Install_ListIter_new(subpair->list);
+ subval = subiter->current;
+ if (!subval || (subval->type != STRING_VALUE)) {
+ errStr = PR_smprintf(errString[BOGUS_MODULE_NAME],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ _this->moduleName = PR_Strdup(subval->string);
+ Pk11Install_ListIter_delete(&subiter);
+ gotModuleName = PR_TRUE;
+ } else if (!PORT_Strcasecmp(subpair->key, MECH_FLAGS_STRING)) {
+ endptr = NULL;
+
+ if (gotMech) {
+ errStr = PR_smprintf(errString[REPEAT_MECH],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ subiter = Pk11Install_ListIter_new(subpair->list);
+ subval = subiter->current;
+ if (!subval || (subval->type != STRING_VALUE)) {
+ errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ _this->mechFlags = strtol(subval->string, &endptr, 0);
+ if (*endptr != '\0' || (endptr == subval->string)) {
+ errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ Pk11Install_ListIter_delete(&subiter);
+ gotMech = PR_TRUE;
+ } else if (!PORT_Strcasecmp(subpair->key, CIPHER_FLAGS_STRING)) {
+ endptr = NULL;
+
+ if (gotCipher) {
+ errStr = PR_smprintf(errString[REPEAT_CIPHER],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ subiter = Pk11Install_ListIter_new(subpair->list);
+ subval = subiter->current;
+ if (!subval || (subval->type != STRING_VALUE)) {
+ errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ _this->cipherFlags = strtol(subval->string, &endptr, 0);
+ if (*endptr != '\0' || (endptr == subval->string)) {
+ errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ Pk11Install_ListIter_delete(&subiter);
+ gotCipher = PR_TRUE;
+ } else if (!PORT_Strcasecmp(subpair->key, FILES_STRING)) {
+ if (gotFiles) {
+ errStr = PR_smprintf(errString[REPEAT_FILES],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ subiter = Pk11Install_ListIter_new(subpair->list);
+ _this->numFiles = subpair->list->numPairs;
+ _this->files = (Pk11Install_File*)
+ PR_Malloc(sizeof(Pk11Install_File) * _this->numFiles);
+ for (i = 0; i < _this->numFiles; i++,
+ Pk11Install_ListIter_nextItem(subiter)) {
+ Pk11Install_File_init(&_this->files[i]);
+ val = subiter->current;
+ if (val && (val->type == PAIR_VALUE)) {
+ errStr = Pk11Install_File_Generate(&_this->files[i], val->pair);
+ if (errStr) {
+ tmp = PR_smprintf("%s: %s",
+ Pk11Install_PlatformName_GetString(&_this->name), errStr);
+ PR_smprintf_free(errStr);
+ errStr = tmp;
+ goto loser;
+ }
+ }
+ }
+ gotFiles = PR_TRUE;
+ } else if (!PORT_Strcasecmp(subpair->key,
+ EQUIVALENT_PLATFORM_STRING)) {
+ if (gotEquiv) {
+ errStr = PR_smprintf(errString[REPEAT_EQUIV],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ subiter = Pk11Install_ListIter_new(subpair->list);
+ subval = subiter->current;
+ if (!subval || (subval->type != STRING_VALUE)) {
+ errStr = PR_smprintf(errString[BOGUS_EQUIV],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ errStr = Pk11Install_PlatformName_Generate(&_this->equivName,
+ subval->string);
+ if (errStr) {
+ tmp = PR_smprintf("%s: %s",
+ Pk11Install_PlatformName_GetString(&_this->name), errStr);
+ tmp = PR_smprintf("%s: %s",
+ Pk11Install_PlatformName_GetString(&_this->name), errStr);
+ PR_smprintf_free(errStr);
+ errStr = tmp;
+ goto loser;
+ }
+ _this->usesEquiv = PR_TRUE;
+ }
+ }
+ }
+
+ /* Make sure we either have an EquivalentPlatform or all the other info */
+ if (_this->usesEquiv &&
+ (gotFiles || gotModuleFile || gotModuleName || gotMech || gotCipher)) {
+ errStr = PR_smprintf(errString[EQUIV_TOO_MUCH_INFO],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ if (!gotFiles && !_this->usesEquiv) {
+ errStr = PR_smprintf(errString[NO_FILES],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ if (!gotModuleFile && !_this->usesEquiv) {
+ errStr = PR_smprintf(errString[NO_MODULE_FILE],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ if (!gotModuleName && !_this->usesEquiv) {
+ errStr = PR_smprintf(errString[NO_MODULE_NAME],
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+
+ /* Point the modFile pointer to the correct file */
+ if (gotModuleFile) {
+ for (i = 0; i < _this->numFiles; i++) {
+ if (!PORT_Strcasecmp(_this->moduleFile, _this->files[i].jarPath)) {
+ _this->modFile = i;
+ break;
+ }
+ }
+ if (_this->modFile == -1) {
+ errStr = PR_smprintf(errString[UNKNOWN_MODULE_FILE],
+ _this->moduleFile,
+ Pk11Install_PlatformName_GetString(&_this->name));
+ goto loser;
+ }
+ }
+
loser:
- if(iter) {
- PR_Free(iter);
- }
- if(subiter) {
- PR_Free(subiter);
- }
- return errStr;
+ if (iter) {
+ PR_Free(iter);
+ }
+ if (subiter) {
+ PR_Free(subiter);
+ }
+ return errStr;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Print
-// Class: Pk11Install_Platform
+// Method: Print
+// Class: Pk11Install_Platform
*/
void
Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad)
{
- int i;
-
- PAD(pad); printf("Name:\n");
- Pk11Install_PlatformName_Print(&_this->name,pad+PADINC);
- PAD(pad); printf("equivName:\n");
- Pk11Install_PlatformName_Print(&_this->equivName,pad+PADINC);
- PAD(pad);
- if(_this->usesEquiv) {
- printf("Uses equiv, which points to:\n");
- Pk11Install_Platform_Print(_this->equiv,pad+PADINC);
- } else {
- printf("Doesn't use equiv\n");
- }
- PAD(pad);
- printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile
- : "<NULL>");
- PAD(pad); printf("mechFlags: %lx\n", _this->mechFlags);
- PAD(pad); printf("cipherFlags: %lx\n", _this->cipherFlags);
- PAD(pad); printf("Files:\n");
- for(i=0; i < _this->numFiles; i++) {
- Pk11Install_File_Print(&_this->files[i],pad+PADINC);
- PAD(pad); printf("--------------------\n");
- }
+ int i;
+
+ PAD(pad);
+ printf("Name:\n");
+ Pk11Install_PlatformName_Print(&_this->name, pad + PADINC);
+ PAD(pad);
+ printf("equivName:\n");
+ Pk11Install_PlatformName_Print(&_this->equivName, pad + PADINC);
+ PAD(pad);
+ if (_this->usesEquiv) {
+ printf("Uses equiv, which points to:\n");
+ Pk11Install_Platform_Print(_this->equiv, pad + PADINC);
+ } else {
+ printf("Doesn't use equiv\n");
+ }
+ PAD(pad);
+ printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile
+ : "<NULL>");
+ PAD(pad);
+ printf("mechFlags: %lx\n", _this->mechFlags);
+ PAD(pad);
+ printf("cipherFlags: %lx\n", _this->cipherFlags);
+ PAD(pad);
+ printf("Files:\n");
+ for (i = 0; i < _this->numFiles; i++) {
+ Pk11Install_File_Print(&_this->files[i], pad + PADINC);
+ PAD(pad);
+ printf("--------------------\n");
+ }
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Pk11Install_Info
-// Class: Pk11Install_Info
+// Method: Pk11Install_Info
+// Class: Pk11Install_Info
*/
Pk11Install_Info*
Pk11Install_Info_new()
{
- Pk11Install_Info* new_this;
- new_this = (Pk11Install_Info*)PR_Malloc(sizeof(Pk11Install_Info));
- Pk11Install_Info_init(new_this);
- return new_this;
+ Pk11Install_Info* new_this;
+ new_this = (Pk11Install_Info*)PR_Malloc(sizeof(Pk11Install_Info));
+ Pk11Install_Info_init(new_this);
+ return new_this;
}
void
Pk11Install_Info_init(Pk11Install_Info* _this)
{
- _this->platforms = NULL;
- _this->numPlatforms = 0;
- _this->forwardCompatible = NULL;
- _this->numForwardCompatible = 0;
+ _this->platforms = NULL;
+ _this->numPlatforms = 0;
+ _this->forwardCompatible = NULL;
+ _this->numForwardCompatible = 0;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: ~Pk11Install_Info
-// Class: Pk11Install_Info
+// Method: ~Pk11Install_Info
+// Class: Pk11Install_Info
*/
void
Pk11Install_Info_delete(Pk11Install_Info* _this)
{
- Pk11Install_Info_Cleanup(_this);
+ Pk11Install_Info_Cleanup(_this);
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Cleanup
-// Class: Pk11Install_Info
+// Method: Cleanup
+// Class: Pk11Install_Info
*/
void
Pk11Install_Info_Cleanup(Pk11Install_Info* _this)
{
- int i;
- if(_this->platforms) {
- for (i=0;i<_this->numPlatforms;i++) {
- Pk11Install_Platform_delete(&_this->platforms[i]);
- }
- PR_Free(&_this->platforms);
- _this->platforms = NULL;
- _this->numPlatforms = 0;
- }
-
- if(_this->forwardCompatible) {
- for (i=0;i<_this->numForwardCompatible;i++) {
- Pk11Install_PlatformName_delete(&_this->forwardCompatible[i]);
- }
- PR_Free(&_this->forwardCompatible);
- _this->numForwardCompatible = 0;
- }
+ int i;
+ if (_this->platforms) {
+ for (i = 0; i < _this->numPlatforms; i++) {
+ Pk11Install_Platform_delete(&_this->platforms[i]);
+ }
+ PR_Free(&_this->platforms);
+ _this->platforms = NULL;
+ _this->numPlatforms = 0;
+ }
+
+ if (_this->forwardCompatible) {
+ for (i = 0; i < _this->numForwardCompatible; i++) {
+ Pk11Install_PlatformName_delete(&_this->forwardCompatible[i]);
+ }
+ PR_Free(&_this->forwardCompatible);
+ _this->numForwardCompatible = 0;
+ }
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Generate
-// Class: Pk11Install_Info
-// Takes: Pk11Install_ValueList *list, the top-level list
-// resulting from parsing an installer file.
-// Returns: char*, NULL if successful, otherwise an error string.
-// Caller is responsible for freeing memory.
+// Method: Generate
+// Class: Pk11Install_Info
+// Takes: Pk11Install_ValueList *list, the top-level list
+// resulting from parsing an installer file.
+// Returns: char*, NULL if successful, otherwise an error string.
+// Caller is responsible for freeing memory.
*/
char*
Pk11Install_Info_Generate(Pk11Install_Info* _this,
- const Pk11Install_ValueList *list)
+ const Pk11Install_ValueList* list)
{
- char *errStr;
- Pk11Install_ListIter *iter;
- Pk11Install_Value *val;
- Pk11Install_Pair *pair;
- Pk11Install_ListIter *subiter;
- Pk11Install_Value *subval;
- Pk11Install_Platform *first, *second;
- int i, j;
-
- errStr=NULL;
- iter=subiter=NULL;
- Pk11Install_Info_Cleanup(_this);
-
- iter = Pk11Install_ListIter_new(list);
- for( ; (val=iter->current); Pk11Install_ListIter_nextItem(iter)) {
- if(val->type == PAIR_VALUE) {
- pair = val->pair;
-
- if(!PORT_Strcasecmp(pair->key, FORWARD_COMPATIBLE_STRING)) {
- subiter = Pk11Install_ListIter_new(pair->list);
- _this->numForwardCompatible = pair->list->numStrings;
- _this->forwardCompatible = (Pk11Install_PlatformName*)
- PR_Malloc(sizeof(Pk11Install_PlatformName)*
- _this->numForwardCompatible);
- for(i=0; i < _this->numForwardCompatible; i++,
- Pk11Install_ListIter_nextItem(subiter)) {
- subval = subiter->current;
- if(subval->type == STRING_VALUE) {
- errStr = Pk11Install_PlatformName_Generate(
- &_this->forwardCompatible[i], subval->string);
- if(errStr) {
- goto loser;
- }
- }
- }
- Pk11Install_ListIter_delete(&subiter);
- } else if(!PORT_Strcasecmp(pair->key, PLATFORMS_STRING)) {
- subiter = Pk11Install_ListIter_new(pair->list);
- _this->numPlatforms = pair->list->numPairs;
- _this->platforms = (Pk11Install_Platform*)
- PR_Malloc(sizeof(Pk11Install_Platform)*
- _this->numPlatforms);
- for(i=0; i < _this->numPlatforms; i++,
- Pk11Install_ListIter_nextItem(subiter)) {
- Pk11Install_Platform_init(&_this->platforms[i]);
- subval = subiter->current;
- if(subval->type == PAIR_VALUE) {
- errStr = Pk11Install_Platform_Generate(&_this->platforms[i],subval->pair);
- if(errStr) {
- goto loser;
- }
- }
- }
- Pk11Install_ListIter_delete(&subiter);
- }
- }
- }
-
- if(_this->numPlatforms == 0) {
- errStr = PR_smprintf(errString[NO_PLATFORMS]);
- goto loser;
- }
-
-/*
- //
- // Now process equivalent platforms
- //
-
- // First the naive pass
-*/
- for(i=0; i < _this->numPlatforms; i++) {
- if(_this->platforms[i].usesEquiv) {
- _this->platforms[i].equiv = NULL;
- for(j=0; j < _this->numPlatforms; j++) {
- if (Pk11Install_PlatformName_equal(&_this->platforms[i].equivName,
- &_this->platforms[j].name)) {
- if(i==j) {
- errStr = PR_smprintf(errString[EQUIV_LOOP],
- Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
- goto loser;
- }
- _this->platforms[i].equiv = &_this->platforms[j];
- break;
- }
- }
- if(_this->platforms[i].equiv == NULL) {
- errStr = PR_smprintf(errString[BOGUS_EQUIV],
- Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
- goto loser;
- }
- }
- }
-
-/*
- // Now the intelligent pass, which will also detect loops.
- // We will send two pointers through the linked list of equivalent
- // platforms. Both start with the current node. "first" traverses
- // two nodes for each iteration. "second" lags behind, only traversing
- // one node per iteration. Eventually one of two things will happen:
- // first will hit the end of the list (a platform that doesn't use
- // an equivalency), or first will equal second if there is a loop.
-*/
- for(i=0; i < _this->numPlatforms; i++) {
- if(_this->platforms[i].usesEquiv) {
- second = _this->platforms[i].equiv;
- if(!second->usesEquiv) {
- /* The first link is the terminal node */
- continue;
- }
- first = second->equiv;
- while(first->usesEquiv) {
- if(first == second) {
- errStr = PR_smprintf(errString[EQUIV_LOOP],
- Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
- goto loser;
- }
- first = first->equiv;
- if(!first->usesEquiv) {
- break;
- }
- if(first == second) {
- errStr = PR_smprintf(errString[EQUIV_LOOP],
- Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
- goto loser;
- }
- second = second->equiv;
- first = first->equiv;
- }
- _this->platforms[i].equiv = first;
- }
- }
+ char* errStr;
+ Pk11Install_ListIter* iter;
+ Pk11Install_Value* val;
+ Pk11Install_Pair* pair;
+ Pk11Install_ListIter* subiter;
+ Pk11Install_Value* subval;
+ Pk11Install_Platform *first, *second;
+ int i, j;
+
+ errStr = NULL;
+ iter = subiter = NULL;
+ Pk11Install_Info_Cleanup(_this);
+
+ iter = Pk11Install_ListIter_new(list);
+ for (; (val = iter->current); Pk11Install_ListIter_nextItem(iter)) {
+ if (val->type == PAIR_VALUE) {
+ pair = val->pair;
+
+ if (!PORT_Strcasecmp(pair->key, FORWARD_COMPATIBLE_STRING)) {
+ subiter = Pk11Install_ListIter_new(pair->list);
+ _this->numForwardCompatible = pair->list->numStrings;
+ _this->forwardCompatible = (Pk11Install_PlatformName*)
+ PR_Malloc(sizeof(Pk11Install_PlatformName) *
+ _this->numForwardCompatible);
+ for (i = 0; i < _this->numForwardCompatible; i++,
+ Pk11Install_ListIter_nextItem(subiter)) {
+ subval = subiter->current;
+ if (subval->type == STRING_VALUE) {
+ errStr = Pk11Install_PlatformName_Generate(
+ &_this->forwardCompatible[i], subval->string);
+ if (errStr) {
+ goto loser;
+ }
+ }
+ }
+ Pk11Install_ListIter_delete(&subiter);
+ } else if (!PORT_Strcasecmp(pair->key, PLATFORMS_STRING)) {
+ subiter = Pk11Install_ListIter_new(pair->list);
+ _this->numPlatforms = pair->list->numPairs;
+ _this->platforms = (Pk11Install_Platform*)
+ PR_Malloc(sizeof(Pk11Install_Platform) *
+ _this->numPlatforms);
+ for (i = 0; i < _this->numPlatforms; i++,
+ Pk11Install_ListIter_nextItem(subiter)) {
+ Pk11Install_Platform_init(&_this->platforms[i]);
+ subval = subiter->current;
+ if (subval->type == PAIR_VALUE) {
+ errStr = Pk11Install_Platform_Generate(&_this->platforms[i], subval->pair);
+ if (errStr) {
+ goto loser;
+ }
+ }
+ }
+ Pk11Install_ListIter_delete(&subiter);
+ }
+ }
+ }
+
+ if (_this->numPlatforms == 0) {
+ errStr = PR_smprintf(errString[NO_PLATFORMS]);
+ goto loser;
+ }
+
+ /*
+ //
+ // Now process equivalent platforms
+ //
+
+ // First the naive pass
+ */
+ for (i = 0; i < _this->numPlatforms; i++) {
+ if (_this->platforms[i].usesEquiv) {
+ _this->platforms[i].equiv = NULL;
+ for (j = 0; j < _this->numPlatforms; j++) {
+ if (Pk11Install_PlatformName_equal(&_this->platforms[i].equivName,
+ &_this->platforms[j].name)) {
+ if (i == j) {
+ errStr = PR_smprintf(errString[EQUIV_LOOP],
+ Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
+ goto loser;
+ }
+ _this->platforms[i].equiv = &_this->platforms[j];
+ break;
+ }
+ }
+ if (_this->platforms[i].equiv == NULL) {
+ errStr = PR_smprintf(errString[BOGUS_EQUIV],
+ Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
+ goto loser;
+ }
+ }
+ }
+
+ /*
+ // Now the intelligent pass, which will also detect loops.
+ // We will send two pointers through the linked list of equivalent
+ // platforms. Both start with the current node. "first" traverses
+ // two nodes for each iteration. "second" lags behind, only traversing
+ // one node per iteration. Eventually one of two things will happen:
+ // first will hit the end of the list (a platform that doesn't use
+ // an equivalency), or first will equal second if there is a loop.
+ */
+ for (i = 0; i < _this->numPlatforms; i++) {
+ if (_this->platforms[i].usesEquiv) {
+ second = _this->platforms[i].equiv;
+ if (!second->usesEquiv) {
+ /* The first link is the terminal node */
+ continue;
+ }
+ first = second->equiv;
+ while (first->usesEquiv) {
+ if (first == second) {
+ errStr = PR_smprintf(errString[EQUIV_LOOP],
+ Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
+ goto loser;
+ }
+ first = first->equiv;
+ if (!first->usesEquiv) {
+ break;
+ }
+ if (first == second) {
+ errStr = PR_smprintf(errString[EQUIV_LOOP],
+ Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
+ goto loser;
+ }
+ second = second->equiv;
+ first = first->equiv;
+ }
+ _this->platforms[i].equiv = first;
+ }
+ }
loser:
- if(iter) {
- Pk11Install_ListIter_delete(&iter);
- }
- if(subiter) {
- Pk11Install_ListIter_delete(&subiter);
- }
- return errStr;
+ if (iter) {
+ Pk11Install_ListIter_delete(&iter);
+ }
+ if (subiter) {
+ Pk11Install_ListIter_delete(&subiter);
+ }
+ return errStr;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: GetBestPlatform
-// Class: Pk11Install_Info
-// Takes: char *myPlatform, the platform we are currently running
-// on.
+// Method: GetBestPlatform
+// Class: Pk11Install_Info
+// Takes: char *myPlatform, the platform we are currently running
+// on.
*/
Pk11Install_Platform*
-Pk11Install_Info_GetBestPlatform(Pk11Install_Info* _this, char *myPlatform)
+Pk11Install_Info_GetBestPlatform(Pk11Install_Info* _this, char* myPlatform)
{
- Pk11Install_PlatformName plat;
- char *errStr;
- int i, j;
-
- errStr=NULL;
-
- Pk11Install_PlatformName_init(&plat);
- if( (errStr=Pk11Install_PlatformName_Generate(&plat, myPlatform)) ) {
- PR_smprintf_free(errStr);
- return NULL;
- }
-
- /* First try real platforms */
- for(i=0; i < _this->numPlatforms; i++) {
- if(Pk11Install_PlatformName_equal(&_this->platforms[i].name,&plat)) {
- if(_this->platforms[i].equiv) {
- return _this->platforms[i].equiv;
- }
- else {
- return &_this->platforms[i];
- }
- }
- }
-
- /* Now try forward compatible platforms */
- for(i=0; i < _this->numForwardCompatible; i++) {
- if(Pk11Install_PlatformName_lteq(&_this->forwardCompatible[i],&plat)) {
- break;
- }
- }
- if(i == _this->numForwardCompatible) {
- return NULL;
- }
-
- /* Got a forward compatible name, find the actual platform. */
- for(j=0; j < _this->numPlatforms; j++) {
- if(Pk11Install_PlatformName_equal(&_this->platforms[j].name,
- &_this->forwardCompatible[i])) {
- if(_this->platforms[j].equiv) {
- return _this->platforms[j].equiv;
- } else {
- return &_this->platforms[j];
- }
- }
- }
-
- return NULL;
+ Pk11Install_PlatformName plat;
+ char* errStr;
+ int i, j;
+
+ errStr = NULL;
+
+ Pk11Install_PlatformName_init(&plat);
+ if ((errStr = Pk11Install_PlatformName_Generate(&plat, myPlatform))) {
+ PR_smprintf_free(errStr);
+ return NULL;
+ }
+
+ /* First try real platforms */
+ for (i = 0; i < _this->numPlatforms; i++) {
+ if (Pk11Install_PlatformName_equal(&_this->platforms[i].name, &plat)) {
+ if (_this->platforms[i].equiv) {
+ return _this->platforms[i].equiv;
+ } else {
+ return &_this->platforms[i];
+ }
+ }
+ }
+
+ /* Now try forward compatible platforms */
+ for (i = 0; i < _this->numForwardCompatible; i++) {
+ if (Pk11Install_PlatformName_lteq(&_this->forwardCompatible[i], &plat)) {
+ break;
+ }
+ }
+ if (i == _this->numForwardCompatible) {
+ return NULL;
+ }
+
+ /* Got a forward compatible name, find the actual platform. */
+ for (j = 0; j < _this->numPlatforms; j++) {
+ if (Pk11Install_PlatformName_equal(&_this->platforms[j].name,
+ &_this->forwardCompatible[i])) {
+ if (_this->platforms[j].equiv) {
+ return _this->platforms[j].equiv;
+ } else {
+ return &_this->platforms[j];
+ }
+ }
+ }
+
+ return NULL;
}
/*
//////////////////////////////////////////////////////////////////////////
-// Method: Print
-// Class: Pk11Install_Info
+// Method: Print
+// Class: Pk11Install_Info
*/
void
Pk11Install_Info_Print(Pk11Install_Info* _this, int pad)
{
- int i;
-
- PAD(pad); printf("Forward Compatible:\n");
- for(i = 0; i < _this->numForwardCompatible; i++) {
- Pk11Install_PlatformName_Print(&_this->forwardCompatible[i],pad+PADINC);
- PAD(pad); printf("-------------------\n");
- }
- PAD(pad); printf("Platforms:\n");
- for( i = 0; i < _this->numPlatforms; i++) {
- Pk11Install_Platform_Print(&_this->platforms[i],pad+PADINC);
- PAD(pad); printf("-------------------\n");
- }
+ int i;
+
+ PAD(pad);
+ printf("Forward Compatible:\n");
+ for (i = 0; i < _this->numForwardCompatible; i++) {
+ Pk11Install_PlatformName_Print(&_this->forwardCompatible[i], pad + PADINC);
+ PAD(pad);
+ printf("-------------------\n");
+ }
+ PAD(pad);
+ printf("Platforms:\n");
+ for (i = 0; i < _this->numPlatforms; i++) {
+ Pk11Install_Platform_Print(&_this->platforms[i], pad + PADINC);
+ PAD(pad);
+ printf("-------------------\n");
+ }
}
/*
@@ -1273,103 +1296,103 @@ Pk11Install_Info_Print(Pk11Install_Info* _this, int pad)
static char*
PR_Strdup(const char* str)
{
- char *tmp;
- tmp = (char*) PR_Malloc((unsigned int)(strlen(str)+1));
- strcpy(tmp, str);
- return tmp;
+ char* tmp;
+ tmp = (char*)PR_Malloc((unsigned int)(strlen(str) + 1));
+ strcpy(tmp, str);
+ return tmp;
}
/* The global value list, the top of the tree */
-Pk11Install_ValueList* Pk11Install_valueList=NULL;
+Pk11Install_ValueList* Pk11Install_valueList = NULL;
/****************************************************************************/
void
Pk11Install_ValueList_AddItem(Pk11Install_ValueList* _this,
- Pk11Install_Value *item)
+ Pk11Install_Value* item)
{
- _this->numItems++;
- if (item->type == STRING_VALUE) {
- _this->numStrings++;
- } else {
- _this->numPairs++;
- }
- item->next = _this->head;
- _this->head = item;
+ _this->numItems++;
+ if (item->type == STRING_VALUE) {
+ _this->numStrings++;
+ } else {
+ _this->numPairs++;
+ }
+ item->next = _this->head;
+ _this->head = item;
}
/****************************************************************************/
Pk11Install_ListIter*
Pk11Install_ListIter_new_default()
{
- Pk11Install_ListIter* new_this;
- new_this = (Pk11Install_ListIter*)
- PR_Malloc(sizeof(Pk11Install_ListIter));
- Pk11Install_ListIter_init(new_this);
- return new_this;
+ Pk11Install_ListIter* new_this;
+ new_this = (Pk11Install_ListIter*)
+ PR_Malloc(sizeof(Pk11Install_ListIter));
+ Pk11Install_ListIter_init(new_this);
+ return new_this;
}
/****************************************************************************/
void
Pk11Install_ListIter_init(Pk11Install_ListIter* _this)
{
- _this->list = NULL;
- _this->current = NULL;
+ _this->list = NULL;
+ _this->current = NULL;
}
/****************************************************************************/
Pk11Install_ListIter*
-Pk11Install_ListIter_new(const Pk11Install_ValueList *_list)
+Pk11Install_ListIter_new(const Pk11Install_ValueList* _list)
{
- Pk11Install_ListIter* new_this;
- new_this = (Pk11Install_ListIter*)
- PR_Malloc(sizeof(Pk11Install_ListIter));
- new_this->list = _list;
- new_this->current = _list->head;
- return new_this;
+ Pk11Install_ListIter* new_this;
+ new_this = (Pk11Install_ListIter*)
+ PR_Malloc(sizeof(Pk11Install_ListIter));
+ new_this->list = _list;
+ new_this->current = _list->head;
+ return new_this;
}
/****************************************************************************/
void
Pk11Install_ListIter_delete(Pk11Install_ListIter** _this)
{
- (*_this)->list=NULL;
- (*_this)->current=NULL;
- PR_Free(*_this);
- *_this=NULL;
+ (*_this)->list = NULL;
+ (*_this)->current = NULL;
+ PR_Free(*_this);
+ *_this = NULL;
}
/****************************************************************************/
void
Pk11Install_ListIter_reset(Pk11Install_ListIter* _this)
{
- if(_this->list) {
- _this->current = _this->list->head;
- }
+ if (_this->list) {
+ _this->current = _this->list->head;
+ }
}
/*************************************************************************/
Pk11Install_Value*
Pk11Install_ListIter_nextItem(Pk11Install_ListIter* _this)
{
- if(_this->current) {
- _this->current = _this->current->next;
- }
+ if (_this->current) {
+ _this->current = _this->current->next;
+ }
- return _this->current;
+ return _this->current;
}
/****************************************************************************/
Pk11Install_ValueList*
Pk11Install_ValueList_new()
{
- Pk11Install_ValueList* new_this;
- new_this = (Pk11Install_ValueList*)
- PR_Malloc(sizeof(Pk11Install_ValueList));
- new_this->numItems = 0;
- new_this->numPairs = 0;
- new_this->numStrings = 0;
- new_this->head = NULL;
- return new_this;
+ Pk11Install_ValueList* new_this;
+ new_this = (Pk11Install_ValueList*)
+ PR_Malloc(sizeof(Pk11Install_ValueList));
+ new_this->numItems = 0;
+ new_this->numPairs = 0;
+ new_this->numStrings = 0;
+ new_this->head = NULL;
+ return new_this;
}
/****************************************************************************/
@@ -1377,123 +1400,126 @@ void
Pk11Install_ValueList_delete(Pk11Install_ValueList* _this)
{
- Pk11Install_Value *tmp;
- Pk11Install_Value *list;
- list = _this->head;
-
- while(list != NULL) {
- tmp = list;
- list = list->next;
- PR_Free(tmp);
- }
- PR_Free(_this);
+ Pk11Install_Value* tmp;
+ Pk11Install_Value* list;
+ list = _this->head;
+
+ while (list != NULL) {
+ tmp = list;
+ list = list->next;
+ PR_Free(tmp);
+ }
+ PR_Free(_this);
}
/****************************************************************************/
Pk11Install_Value*
Pk11Install_Value_new_default()
{
- Pk11Install_Value* new_this;
- new_this = (Pk11Install_Value*)PR_Malloc(sizeof(Pk11Install_Value));
- new_this->type = STRING_VALUE;
- new_this->string = NULL;
- new_this->pair = NULL;
- new_this->next = NULL;
- return new_this;
+ Pk11Install_Value* new_this;
+ new_this = (Pk11Install_Value*)PR_Malloc(sizeof(Pk11Install_Value));
+ new_this->type = STRING_VALUE;
+ new_this->string = NULL;
+ new_this->pair = NULL;
+ new_this->next = NULL;
+ return new_this;
}
/****************************************************************************/
Pk11Install_Value*
Pk11Install_Value_new(ValueType _type, Pk11Install_Pointer ptr)
{
- Pk11Install_Value* new_this;
- new_this = Pk11Install_Value_new_default();
- new_this->type = _type;
- if(_type == STRING_VALUE) {
- new_this->pair = NULL;
- new_this->string = ptr.string;
- } else {
- new_this->string = NULL;
- new_this->pair = ptr.pair;
- }
- return new_this;
+ Pk11Install_Value* new_this;
+ new_this = Pk11Install_Value_new_default();
+ new_this->type = _type;
+ if (_type == STRING_VALUE) {
+ new_this->pair = NULL;
+ new_this->string = ptr.string;
+ } else {
+ new_this->string = NULL;
+ new_this->pair = ptr.pair;
+ }
+ return new_this;
}
/****************************************************************************/
void
Pk11Install_Value_delete(Pk11Install_Value* _this)
{
- if(_this->type == STRING_VALUE) {
- PR_Free(_this->string);
- } else {
- PR_Free(_this->pair);
- }
+ if (_this->type == STRING_VALUE) {
+ PR_Free(_this->string);
+ } else {
+ PR_Free(_this->pair);
+ }
}
/****************************************************************************/
Pk11Install_Pair*
Pk11Install_Pair_new_default()
{
- return Pk11Install_Pair_new(NULL,NULL);
+ return Pk11Install_Pair_new(NULL, NULL);
}
/****************************************************************************/
Pk11Install_Pair*
-Pk11Install_Pair_new(char *_key, Pk11Install_ValueList *_list)
+Pk11Install_Pair_new(char* _key, Pk11Install_ValueList* _list)
{
- Pk11Install_Pair* new_this;
- new_this = (Pk11Install_Pair*)PR_Malloc(sizeof(Pk11Install_Pair));
- new_this->key = _key;
- new_this->list = _list;
- return new_this;
+ Pk11Install_Pair* new_this;
+ new_this = (Pk11Install_Pair*)PR_Malloc(sizeof(Pk11Install_Pair));
+ new_this->key = _key;
+ new_this->list = _list;
+ return new_this;
}
/****************************************************************************/
void
Pk11Install_Pair_delete(Pk11Install_Pair* _this)
{
- PR_Free(_this->key);
- Pk11Install_ValueList_delete(_this->list);
+ PR_Free(_this->key);
+ Pk11Install_ValueList_delete(_this->list);
}
/*************************************************************************/
void
Pk11Install_Pair_Print(Pk11Install_Pair* _this, int pad)
{
- while (_this) {
- /*PAD(pad); printf("**Pair\n");
- PAD(pad); printf("***Key====\n");*/
- PAD(pad); printf("%s {\n", _this->key);
- /*PAD(pad); printf("====\n");*/
- /*PAD(pad); printf("***ValueList\n");*/
- Pk11Install_ValueList_Print(_this->list,pad+PADINC);
- PAD(pad); printf("}\n");
- }
+ while (_this) {
+ /*PAD(pad); printf("**Pair\n");
+ PAD(pad); printf("***Key====\n");*/
+ PAD(pad);
+ printf("%s {\n", _this->key);
+ /*PAD(pad); printf("====\n");*/
+ /*PAD(pad); printf("***ValueList\n");*/
+ Pk11Install_ValueList_Print(_this->list, pad + PADINC);
+ PAD(pad);
+ printf("}\n");
+ }
}
/*************************************************************************/
void
Pk11Install_ValueList_Print(Pk11Install_ValueList* _this, int pad)
{
- Pk11Install_Value *v;
+ Pk11Install_Value* v;
- /*PAD(pad);printf("**Value List**\n");*/
- for(v = _this->head; v != NULL; v=v->next) {
- Pk11Install_Value_Print(v,pad);
- }
+ /*PAD(pad);printf("**Value List**\n");*/
+ for (v = _this->head; v != NULL; v = v->next) {
+ Pk11Install_Value_Print(v, pad);
+ }
}
/*************************************************************************/
void
Pk11Install_Value_Print(Pk11Install_Value* _this, int pad)
{
- /*PAD(pad); printf("**Value, type=%s\n",
- type==STRING_VALUE ? "string" : "pair");*/
- if(_this->type==STRING_VALUE) {
- /*PAD(pad+PADINC); printf("====\n");*/
- PAD(pad); printf("%s\n", _this->string);
- /*PAD(pad+PADINC); printf("====\n");*/
- } else {
- Pk11Install_Pair_Print(_this->pair,pad+PADINC);
- }
+ /*PAD(pad); printf("**Value, type=%s\n",
+ type==STRING_VALUE ? "string" : "pair");*/
+ if (_this->type == STRING_VALUE) {
+ /*PAD(pad+PADINC); printf("====\n");*/
+ PAD(pad);
+ printf("%s\n", _this->string);
+ /*PAD(pad+PADINC); printf("====\n");*/
+ } else {
+ Pk11Install_Pair_Print(_this->pair, pad + PADINC);
+ }
}
diff --git a/cmd/modutil/install-ds.h b/cmd/modutil/install-ds.h
index 554aa7ba8..70813f603 100644
--- a/cmd/modutil/install-ds.h
+++ b/cmd/modutil/install-ds.h
@@ -9,12 +9,13 @@
#include <prio.h>
#include <prmem.h>
-extern PRFileDesc *Pk11Install_FD;
+extern PRFileDesc* Pk11Install_FD;
extern int Pk11Install_yylex();
extern int Pk11Install_yylinenum;
-extern char *Pk11Install_yyerrstr;
+extern char* Pk11Install_yyerrstr;
-typedef enum { STRING_VALUE, PAIR_VALUE } ValueType;
+typedef enum { STRING_VALUE,
+ PAIR_VALUE } ValueType;
typedef struct Pk11Install_Pair_str Pk11Install_Pair;
typedef union Pk11Install_Pointer_str Pk11Install_Pointer;
@@ -36,16 +37,15 @@ extern Pk11Install_ValueList* Pk11Install_valueList;
*/
struct Pk11Install_Pair_str {
- char * key;
- Pk11Install_ValueList *list;
-
+ char* key;
+ Pk11Install_ValueList* list;
};
-Pk11Install_Pair*
+Pk11Install_Pair*
Pk11Install_Pair_new_default();
-Pk11Install_Pair*
-Pk11Install_Pair_new( char* _key, Pk11Install_ValueList* _list);
-void
+Pk11Install_Pair*
+Pk11Install_Pair_new(char* _key, Pk11Install_ValueList* _list);
+void
Pk11Install_Pair_delete(Pk11Install_Pair* _this);
void
Pk11Install_Pair_Print(Pk11Install_Pair* _this, int pad);
@@ -56,10 +56,10 @@ Pk11Install_Pair_Print(Pk11Install_Pair* _this, int pad);
//////////////////////////////////////////////////////////////////////////
*/
union Pk11Install_Pointer_str {
- Pk11Install_ValueList *list;
- Pk11Install_Value *value;
- Pk11Install_Pair *pair;
- char *string;
+ Pk11Install_ValueList* list;
+ Pk11Install_Value* value;
+ Pk11Install_Pair* pair;
+ char* string;
};
/*
@@ -69,13 +69,13 @@ union Pk11Install_Pointer_str {
*/
struct Pk11Install_Value_str {
- ValueType type;
- char *string;
- Pk11Install_Pair *pair;
- struct Pk11Install_Value_str *next;
+ ValueType type;
+ char* string;
+ Pk11Install_Pair* pair;
+ struct Pk11Install_Value_str* next;
};
-Pk11Install_Value*
+Pk11Install_Value*
Pk11Install_Value_new_default();
Pk11Install_Value*
Pk11Install_Value_new(ValueType _type, Pk11Install_Pointer ptr);
@@ -90,13 +90,13 @@ Pk11Install_Value_Print(Pk11Install_Value* _this, int pad);
//////////////////////////////////////////////////////////////////////////
*/
struct Pk11Install_ValueList_str {
- int numItems;
- int numPairs;
- int numStrings;
- Pk11Install_Value *head;
+ int numItems;
+ int numPairs;
+ int numStrings;
+ Pk11Install_Value* head;
};
-Pk11Install_ValueList*
+Pk11Install_ValueList*
Pk11Install_ValueList_new();
void
Pk11Install_ValueList_delete(Pk11Install_ValueList* _this);
@@ -106,18 +106,17 @@ Pk11Install_ValueList_AddItem(Pk11Install_ValueList* _this,
void
Pk11Install_ValueList_Print(Pk11Install_ValueList* _this, int pad);
-
/*
//////////////////////////////////////////////////////////////////////////
// Pk11Install_ListIter
//////////////////////////////////////////////////////////////////////////
*/
struct Pk11Install_ListIter_str {
- const Pk11Install_ValueList *list;
- Pk11Install_Value *current;
+ const Pk11Install_ValueList* list;
+ Pk11Install_Value* current;
};
-Pk11Install_ListIter*
+Pk11Install_ListIter*
Pk11Install_ListIter_new_default();
void
Pk11Install_ListIter_init(Pk11Install_ListIter* _this);
@@ -135,11 +134,11 @@ Pk11Install_ListIter_nextItem(Pk11Install_ListIter* _this);
* Pk11Install_File
*/
struct Pk11Install_File_str {
- char *jarPath;
- char *relativePath;
- char *absolutePath;
- PRBool executable;
- int permissions;
+ char* jarPath;
+ char* relativePath;
+ char* absolutePath;
+ PRBool executable;
+ int permissions;
};
Pk11Install_File*
@@ -151,7 +150,7 @@ Pk11Install_file_delete(Pk11Install_File* _this);
/*// Parses a syntax tree to obtain all attributes.
// Returns NULL for success, error message if parse error.*/
char*
-Pk11Install_File_Generate(Pk11Install_File* _this,
+Pk11Install_File_Generate(Pk11Install_File* _this,
const Pk11Install_Pair* pair);
void
Pk11Install_File_Print(Pk11Install_File* _this, int pad);
@@ -163,10 +162,10 @@ Pk11Install_File_Cleanup(Pk11Install_File* _this);
* Pk11Install_PlatformName
*/
struct Pk11Install_PlatformName_str {
- char *OS;
- char **verString;
- int numDigits;
- char *arch;
+ char* OS;
+ char** verString;
+ int numDigits;
+ char* arch;
};
Pk11Install_PlatformName*
@@ -201,17 +200,17 @@ Pk11Install_PlatformName_lt(Pk11Install_PlatformName* _this,
* Pk11Install_Platform
*/
struct Pk11Install_Platform_str {
- Pk11Install_PlatformName name;
- Pk11Install_PlatformName equivName;
- struct Pk11Install_Platform_str *equiv;
- PRBool usesEquiv;
- char *moduleFile;
- char *moduleName;
- int modFile;
- unsigned long mechFlags;
- unsigned long cipherFlags;
- Pk11Install_File *files;
- int numFiles;
+ Pk11Install_PlatformName name;
+ Pk11Install_PlatformName equivName;
+ struct Pk11Install_Platform_str* equiv;
+ PRBool usesEquiv;
+ char* moduleFile;
+ char* moduleName;
+ int modFile;
+ unsigned long mechFlags;
+ unsigned long cipherFlags;
+ Pk11Install_File* files;
+ int numFiles;
};
Pk11Install_Platform*
@@ -221,12 +220,12 @@ Pk11Install_Platform_init(Pk11Install_Platform* _this);
void
Pk11Install_Platform_delete(Pk11Install_Platform* _this);
/*// Returns NULL for success, error message if parse error.*/
-char*
+char*
Pk11Install_Platform_Generate(Pk11Install_Platform* _this,
- const Pk11Install_Pair *pair);
-void
+ const Pk11Install_Pair* pair);
+void
Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad);
-void
+void
Pk11Install_Platform_Cleanup(Pk11Install_Platform* _this);
/************************************************************************
@@ -234,10 +233,10 @@ Pk11Install_Platform_Cleanup(Pk11Install_Platform* _this);
* Pk11Install_Info
*/
struct Pk11Install_Info_str {
- Pk11Install_Platform *platforms;
- int numPlatforms;
- Pk11Install_PlatformName *forwardCompatible;
- int numForwardCompatible;
+ Pk11Install_Platform* platforms;
+ int numPlatforms;
+ Pk11Install_PlatformName* forwardCompatible;
+ int numForwardCompatible;
};
Pk11Install_Info*
@@ -247,15 +246,15 @@ Pk11Install_Info_init(Pk11Install_Info* _this);
void
Pk11Install_Info_delete(Pk11Install_Info* _this);
/*// Returns NULL for success, error message if parse error.*/
-char*
-Pk11Install_Info_Generate(Pk11Install_Info* _this,
- const Pk11Install_ValueList *list);
- /*// Returns NULL if there is no matching platform*/
-Pk11Install_Platform*
+char*
+Pk11Install_Info_Generate(Pk11Install_Info* _this,
+ const Pk11Install_ValueList* list);
+/*// Returns NULL if there is no matching platform*/
+Pk11Install_Platform*
Pk11Install_Info_GetBestPlatform(Pk11Install_Info* _this, char* myPlatform);
-void
+void
Pk11Install_Info_Print(Pk11Install_Info* _this, int pad);
-void
+void
Pk11Install_Info_Cleanup(Pk11Install_Info* _this);
#endif /* INSTALL_DS_H */
diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
index bcc7c7e24..662a971e4 100644
--- a/cmd/modutil/install.c
+++ b/cmd/modutil/install.c
@@ -23,16 +23,18 @@
/*}*/
extern /*"C"*/
-int Pk11Install_AddNewModule(char* moduleName, char* dllPath,
- unsigned long defaultMechanismFlags,
- unsigned long cipherEnableFlags);
+ int
+ Pk11Install_AddNewModule(char *moduleName, char *dllPath,
+ unsigned long defaultMechanismFlags,
+ unsigned long cipherEnableFlags);
extern /*"C"*/
-short Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out,
- PRBool query);
+ short
+ Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out,
+ PRBool query);
extern /*"C"*/
-const char* mySECU_ErrorString(PRErrorCode errnum);
-extern
-int Pk11Install_yyparse();
+ const char *
+ mySECU_ErrorString(PRErrorCode errnum);
+extern int Pk11Install_yyparse();
#define INSTALL_METAINFO_TAG "Pkcs11_install_script"
#define SCRIPT_TEMP_FILE "pkcs11inst.tmp"
@@ -40,73 +42,73 @@ int Pk11Install_yyparse();
#define TEMP_MARKER "%temp%"
#define PRINTF_ROOT_MARKER "%%root%%"
#define TEMPORARY_DIRECTORY_NAME "pk11inst.dir"
-#define JAR_BASE_END (JAR_BASE+100)
+#define JAR_BASE_END (JAR_BASE + 100)
-static PRLock* errorHandlerLock=NULL;
-static Pk11Install_ErrorHandler errorHandler=NULL;
-static char* PR_Strdup(const char* str);
-static int rm_dash_r (char *path);
+static PRLock *errorHandlerLock = NULL;
+static Pk11Install_ErrorHandler errorHandler = NULL;
+static char *PR_Strdup(const char *str);
+static int rm_dash_r(char *path);
static int make_dirs(char *path, int file_perms);
static int dir_perms(int perms);
static Pk11Install_Error DoInstall(JAR *jar, const char *installDir,
- const char* tempDir, Pk11Install_Platform *platform,
- PRFileDesc *feedback, PRBool noverify);
-
-static char *errorString[]= {
- "Operation was successful", /* PK11_INSTALL_NO_ERROR */
- "Directory \"%s\" does not exist", /* PK11_INSTALL_DIR_DOESNT_EXIST */
- "File \"%s\" does not exist", /* PK11_INSTALL_FILE_DOESNT_EXIST */
- "File \"%s\" is not readable", /* PK11_INSTALL_FILE_NOT_READABLE */
- "%s", /* PK11_INSTALL_ERROR_STRING */
- "Error in JAR file %s: %s", /* PK11_INSTALL_JAR_ERROR */
- "No Pkcs11_install_script specified in JAR metainfo file",
- /* PK11_INSTALL_NO_INSTALLER_SCRIPT */
- "Could not delete temporary file \"%s\"",
- /*PK11_INSTALL_DELETE_TEMP_FILE */
- "Could not open temporary file \"%s\"", /*PK11_INSTALL_OPEN_SCRIPT_FILE*/
- "%s: %s", /* PK11_INSTALL_SCRIPT_PARSE */
- "Error in script: %s",
- "Unable to obtain system platform information",
- "Installer script has no information about the current platform (%s)",
- "Relative directory \"%s\" does not contain "PRINTF_ROOT_MARKER,
- "Module File \"%s\" not found",
- "Error occurred installing module \"%s\" into database",
- "Error extracting \"%s\" from JAR file: %s",
- "Directory \"%s\" is not writeable",
- "Could not create directory \"%s\"",
- "Could not remove directory \"%s\"",
- "Unable to execute \"%s\"",
- "Unable to wait for process \"%s\"",
- "\"%s\" returned error code %d",
- "User aborted operation",
- "Unspecified error"
+ const char *tempDir, Pk11Install_Platform *platform,
+ PRFileDesc *feedback, PRBool noverify);
+
+static char *errorString[] = {
+ "Operation was successful", /* PK11_INSTALL_NO_ERROR */
+ "Directory \"%s\" does not exist", /* PK11_INSTALL_DIR_DOESNT_EXIST */
+ "File \"%s\" does not exist", /* PK11_INSTALL_FILE_DOESNT_EXIST */
+ "File \"%s\" is not readable", /* PK11_INSTALL_FILE_NOT_READABLE */
+ "%s", /* PK11_INSTALL_ERROR_STRING */
+ "Error in JAR file %s: %s", /* PK11_INSTALL_JAR_ERROR */
+ "No Pkcs11_install_script specified in JAR metainfo file",
+ /* PK11_INSTALL_NO_INSTALLER_SCRIPT */
+ "Could not delete temporary file \"%s\"",
+ /*PK11_INSTALL_DELETE_TEMP_FILE */
+ "Could not open temporary file \"%s\"", /*PK11_INSTALL_OPEN_SCRIPT_FILE*/
+ "%s: %s", /* PK11_INSTALL_SCRIPT_PARSE */
+ "Error in script: %s",
+ "Unable to obtain system platform information",
+ "Installer script has no information about the current platform (%s)",
+ "Relative directory \"%s\" does not contain " PRINTF_ROOT_MARKER,
+ "Module File \"%s\" not found",
+ "Error occurred installing module \"%s\" into database",
+ "Error extracting \"%s\" from JAR file: %s",
+ "Directory \"%s\" is not writeable",
+ "Could not create directory \"%s\"",
+ "Could not remove directory \"%s\"",
+ "Unable to execute \"%s\"",
+ "Unable to wait for process \"%s\"",
+ "\"%s\" returned error code %d",
+ "User aborted operation",
+ "Unspecified error"
};
enum {
- INSTALLED_FILE_MSG=0,
- INSTALLED_MODULE_MSG,
- INSTALLER_SCRIPT_NAME,
- MY_PLATFORM_IS,
- USING_PLATFORM,
- PARSED_INSTALL_SCRIPT,
- EXEC_FILE_MSG,
- EXEC_SUCCESS,
- INSTALLATION_COMPLETE_MSG,
- USER_ABORT
+ INSTALLED_FILE_MSG = 0,
+ INSTALLED_MODULE_MSG,
+ INSTALLER_SCRIPT_NAME,
+ MY_PLATFORM_IS,
+ USING_PLATFORM,
+ PARSED_INSTALL_SCRIPT,
+ EXEC_FILE_MSG,
+ EXEC_SUCCESS,
+ INSTALLATION_COMPLETE_MSG,
+ USER_ABORT
};
static char *msgStrings[] = {
- "Installed file %s to %s\n",
- "Installed module \"%s\" into module database\n",
- "Using installer script \"%s\"\n",
- "Current platform is %s\n",
- "Using installation parameters for platform %s\n",
- "Successfully parsed installation script\n",
- "Executing \"%s\"...\n",
- "\"%s\" executed successfully\n",
- "\nInstallation completed successfully\n",
- "\nAborting...\n"
+ "Installed file %s to %s\n",
+ "Installed module \"%s\" into module database\n",
+ "Using installer script \"%s\"\n",
+ "Current platform is %s\n",
+ "Using installation parameters for platform %s\n",
+ "Successfully parsed installation script\n",
+ "Executing \"%s\"...\n",
+ "\"%s\" executed successfully\n",
+ "\nInstallation completed successfully\n",
+ "\nAborting...\n"
};
/**************************************************************************
@@ -114,68 +116,72 @@ static char *msgStrings[] = {
*/
typedef struct StringNode_str {
char *str;
- struct StringNode_str* next;
+ struct StringNode_str *next;
} StringNode;
-StringNode* StringNode_new()
+StringNode *
+StringNode_new()
{
- StringNode* new_this;
- new_this = (StringNode*)PR_Malloc(sizeof(StringNode));
- PORT_Assert(new_this != NULL);
- new_this->str = NULL;
- new_this->next = NULL;
- return new_this;
+ StringNode *new_this;
+ new_this = (StringNode *)PR_Malloc(sizeof(StringNode));
+ PORT_Assert(new_this != NULL);
+ new_this->str = NULL;
+ new_this->next = NULL;
+ return new_this;
}
-void StringNode_delete(StringNode* s)
+void
+StringNode_delete(StringNode *s)
{
- if(s->str) {
- PR_Free(s->str);
- s->str=NULL;
- }
+ if (s->str) {
+ PR_Free(s->str);
+ s->str = NULL;
+ }
}
/*************************************************************************
* S t r i n g L i s t
*/
typedef struct StringList_str {
- StringNode* head;
- StringNode* tail;
+ StringNode *head;
+ StringNode *tail;
} StringList;
-void StringList_new(StringList* list)
+void
+StringList_new(StringList *list)
{
- list->head=NULL;
- list->tail=NULL;
+ list->head = NULL;
+ list->tail = NULL;
}
-void StringList_delete(StringList* list)
+void
+StringList_delete(StringList *list)
{
- StringNode *tmp;
- while(list->head) {
- tmp = list->head;
- list->head = list->head->next;
- StringNode_delete(tmp);
- }
+ StringNode *tmp;
+ while (list->head) {
+ tmp = list->head;
+ list->head = list->head->next;
+ StringNode_delete(tmp);
+ }
}
void
-StringList_Append(StringList* list, char* str)
+StringList_Append(StringList *list, char *str)
{
- if(!str) {
- return;
- }
-
- if(!list->tail) {
- /* This is the first element */
- list->head = list->tail = StringNode_new();
- } else {
- list->tail->next = StringNode_new();
- list->tail = list->tail->next;
- }
-
- list->tail->str = PR_Strdup(str);
- list->tail->next = NULL; /* just to be sure */
+ if (!str) {
+ return;
+ }
+
+ if (!list->tail) {
+ /* This is the first element */
+ list->head = list->tail = StringNode_new();
+ } else {
+ list->tail->next = StringNode_new();
+ list->tail = list->tail->next;
+ }
+
+ list->tail->str = PR_Strdup(str);
+ list->tail->next = NULL; /* just to be sure */
}
/**************************************************************************
@@ -188,20 +194,20 @@ StringList_Append(StringList* list, char* str)
Pk11Install_ErrorHandler
Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler)
{
- Pk11Install_ErrorHandler old;
+ Pk11Install_ErrorHandler old;
- if(!errorHandlerLock) {
- errorHandlerLock = PR_NewLock();
- }
+ if (!errorHandlerLock) {
+ errorHandlerLock = PR_NewLock();
+ }
- PR_Lock(errorHandlerLock);
+ PR_Lock(errorHandlerLock);
- old = errorHandler;
- errorHandler = handler;
+ old = errorHandler;
+ errorHandler = handler;
- PR_Unlock(errorHandlerLock);
+ PR_Unlock(errorHandlerLock);
- return old;
+ return old;
}
/**************************************************************************
@@ -215,9 +221,9 @@ Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler)
void
Pk11Install_Init()
{
- if(!errorHandlerLock) {
- errorHandlerLock = PR_NewLock();
- }
+ if (!errorHandlerLock) {
+ errorHandlerLock = PR_NewLock();
+ }
}
/**************************************************************************
@@ -232,10 +238,10 @@ Pk11Install_Init()
void
Pk11Install_Release()
{
- if(errorHandlerLock) {
- PR_Free(errorHandlerLock);
- errorHandlerLock = NULL;
- }
+ if (errorHandlerLock) {
+ PR_Free(errorHandlerLock);
+ errorHandlerLock = NULL;
+ }
}
/*************************************************************************
@@ -265,32 +271,32 @@ error(Pk11Install_Error errcode, ...)
#endif
{
- va_list ap;
- char *errstr;
- Pk11Install_ErrorHandler handler;
+ va_list ap;
+ char *errstr;
+ Pk11Install_ErrorHandler handler;
- if(!errorHandlerLock) {
- errorHandlerLock = PR_NewLock();
- }
+ if (!errorHandlerLock) {
+ errorHandlerLock = PR_NewLock();
+ }
- PR_Lock(errorHandlerLock);
+ PR_Lock(errorHandlerLock);
- handler = errorHandler;
+ handler = errorHandler;
- PR_Unlock(errorHandlerLock);
+ PR_Unlock(errorHandlerLock);
- if(handler) {
+ if (handler) {
#ifdef OSF1
- va_start(ap);
- errstr = PR_vsmprintf(errorString[va_arg(ap, Pk11Install_Error)], ap);
+ va_start(ap);
+ errstr = PR_vsmprintf(errorString[va_arg(ap, Pk11Install_Error)], ap);
#else
- va_start(ap, errcode);
- errstr = PR_vsmprintf(errorString[errcode], ap);
+ va_start(ap, errcode);
+ errstr = PR_vsmprintf(errorString[errcode], ap);
#endif
- handler(errstr);
- PR_smprintf_free(errstr);
- va_end(ap);
- }
+ handler(errstr);
+ PR_smprintf_free(errstr);
+ va_end(ap);
+ }
}
/*************************************************************************
@@ -299,16 +305,17 @@ error(Pk11Install_Error errcode, ...)
*/
static int
jar_callback(int status, JAR *foo, const char *bar, char *pathname,
- char *errortext) {
- char *string;
-
- string = PR_smprintf("JAR error %d: %s in file %s\n", status, errortext,
- pathname);
- error(PK11_INSTALL_ERROR_STRING, string);
- PR_smprintf_free(string);
- return 0;
+ char *errortext)
+{
+ char *string;
+
+ string = PR_smprintf("JAR error %d: %s in file %s\n", status, errortext,
+ pathname);
+ error(PK11_INSTALL_ERROR_STRING, string);
+ PR_smprintf_free(string);
+ return 0;
}
-
+
/*************************************************************************
*
* P k 1 1 I n s t a l l _ D o I n s t a l l
@@ -319,228 +326,232 @@ jar_callback(int status, JAR *foo, const char *bar, char *pathname,
*/
Pk11Install_Error
Pk11Install_DoInstall(char *jarFile, const char *installDir,
- const char *tempDir, PRFileDesc *feedback, short force, PRBool noverify)
+ const char *tempDir, PRFileDesc *feedback, short force, PRBool noverify)
{
- JAR *jar;
- char *installer;
- unsigned long installer_len;
- int status;
- Pk11Install_Error ret;
- PRBool made_temp_file;
- Pk11Install_Info installInfo;
- Pk11Install_Platform *platform;
- char* errMsg;
- char sysname[SYS_INFO_BUFFER_LENGTH], release[SYS_INFO_BUFFER_LENGTH],
- arch[SYS_INFO_BUFFER_LENGTH];
- char *myPlatform;
-
- jar=NULL;
- ret = PK11_INSTALL_UNSPECIFIED;
- made_temp_file=PR_FALSE;
- errMsg=NULL;
- Pk11Install_Info_init(&installInfo);
-
- /*
- printf("Inside DoInstall, jarFile=%s, installDir=%s, tempDir=%s\n",
- jarFile, installDir, tempDir);
- */
-
- /*
- * Check out jarFile and installDir for validity
- */
- if( PR_Access(installDir, PR_ACCESS_EXISTS) != PR_SUCCESS ) {
- error(PK11_INSTALL_DIR_DOESNT_EXIST, installDir);
- return PK11_INSTALL_DIR_DOESNT_EXIST;
- }
- if(!tempDir) {
- tempDir = ".";
- }
- if( PR_Access(tempDir, PR_ACCESS_EXISTS) != PR_SUCCESS ) {
- error(PK11_INSTALL_DIR_DOESNT_EXIST, tempDir);
- return PK11_INSTALL_DIR_DOESNT_EXIST;
- }
- if( PR_Access(tempDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS ) {
- error(PK11_INSTALL_DIR_NOT_WRITEABLE, tempDir);
- return PK11_INSTALL_DIR_NOT_WRITEABLE;
- }
- if( (PR_Access(jarFile, PR_ACCESS_EXISTS) != PR_SUCCESS) ) {
- error(PK11_INSTALL_FILE_DOESNT_EXIST, jarFile);
- return PK11_INSTALL_FILE_DOESNT_EXIST;
- }
- if( PR_Access(jarFile, PR_ACCESS_READ_OK) != PR_SUCCESS ) {
- error(PK11_INSTALL_FILE_NOT_READABLE, jarFile);
- return PK11_INSTALL_FILE_NOT_READABLE;
- }
-
- /*
- * Extract the JAR file
- */
- jar = JAR_new();
- JAR_set_callback(JAR_CB_SIGNAL, jar, jar_callback);
-
- if(noverify) {
- status = JAR_pass_archive_unverified(jar, jarArchGuess, jarFile, "url");
- } else {
- status = JAR_pass_archive(jar, jarArchGuess, jarFile, "url");
- }
- if( (status < 0) || (jar->valid < 0) ) {
- if (status >= JAR_BASE && status <= JAR_BASE_END) {
- error(PK11_INSTALL_JAR_ERROR, jarFile, JAR_get_error(status));
- } else {
- error(PK11_INSTALL_JAR_ERROR, jarFile,
- mySECU_ErrorString(PORT_GetError()));
- }
- ret=PK11_INSTALL_JAR_ERROR;
- goto loser;
- }
- /*printf("passed the archive\n");*/
-
- /*
- * Show the user security information, allow them to abort or continue
- */
- if( Pk11Install_UserVerifyJar(jar, PR_STDOUT,
- force?PR_FALSE:PR_TRUE) && !force) {
- if(feedback) {
- PR_fprintf(feedback, msgStrings[USER_ABORT]);
- }
- ret=PK11_INSTALL_USER_ABORT;
- goto loser;
- }
-
- /*
- * Get the name of the installation file
- */
- if( JAR_get_metainfo(jar, NULL, INSTALL_METAINFO_TAG, (void**)&installer,
- (unsigned long*)&installer_len) ) {
- error(PK11_INSTALL_NO_INSTALLER_SCRIPT);
- ret=PK11_INSTALL_NO_INSTALLER_SCRIPT;
- goto loser;
- }
- if(feedback) {
- PR_fprintf(feedback, msgStrings[INSTALLER_SCRIPT_NAME], installer);
- }
-
- /*
- * Extract the installation file
- */
- if( PR_Access(SCRIPT_TEMP_FILE, PR_ACCESS_EXISTS) == PR_SUCCESS) {
- if( PR_Delete(SCRIPT_TEMP_FILE) != PR_SUCCESS) {
- error(PK11_INSTALL_DELETE_TEMP_FILE, SCRIPT_TEMP_FILE);
- ret=PK11_INSTALL_DELETE_TEMP_FILE;
- goto loser;
- }
- }
- if(noverify) {
- status = JAR_extract(jar, installer, SCRIPT_TEMP_FILE);
- } else {
- status = JAR_verified_extract(jar, installer, SCRIPT_TEMP_FILE);
- }
- if(status) {
- if (status >= JAR_BASE && status <= JAR_BASE_END) {
- error(PK11_INSTALL_JAR_EXTRACT, installer, JAR_get_error(status));
- } else {
- error(PK11_INSTALL_JAR_EXTRACT, installer,
- mySECU_ErrorString(PORT_GetError()));
- }
- ret = PK11_INSTALL_JAR_EXTRACT;
- goto loser;
- } else {
- made_temp_file = PR_TRUE;
- }
-
- /*
- * Parse the installation file into a syntax tree
- */
- Pk11Install_FD = PR_Open(SCRIPT_TEMP_FILE, PR_RDONLY, 0);
- if(!Pk11Install_FD) {
- error(PK11_INSTALL_OPEN_SCRIPT_FILE, SCRIPT_TEMP_FILE);
- ret=PK11_INSTALL_OPEN_SCRIPT_FILE;
- goto loser;
- }
- if(Pk11Install_yyparse()) {
- error(PK11_INSTALL_SCRIPT_PARSE, installer,
- Pk11Install_yyerrstr ? Pk11Install_yyerrstr : "");
- ret=PK11_INSTALL_SCRIPT_PARSE;
- goto loser;
- }
+ JAR *jar;
+ char *installer;
+ unsigned long installer_len;
+ int status;
+ Pk11Install_Error ret;
+ PRBool made_temp_file;
+ Pk11Install_Info installInfo;
+ Pk11Install_Platform *platform;
+ char *errMsg;
+ char sysname[SYS_INFO_BUFFER_LENGTH], release[SYS_INFO_BUFFER_LENGTH],
+ arch[SYS_INFO_BUFFER_LENGTH];
+ char *myPlatform;
+
+ jar = NULL;
+ ret = PK11_INSTALL_UNSPECIFIED;
+ made_temp_file = PR_FALSE;
+ errMsg = NULL;
+ Pk11Install_Info_init(&installInfo);
+
+ /*
+ printf("Inside DoInstall, jarFile=%s, installDir=%s, tempDir=%s\n",
+ jarFile, installDir, tempDir);
+ */
+
+ /*
+ * Check out jarFile and installDir for validity
+ */
+ if (PR_Access(installDir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+ error(PK11_INSTALL_DIR_DOESNT_EXIST, installDir);
+ return PK11_INSTALL_DIR_DOESNT_EXIST;
+ }
+ if (!tempDir) {
+ tempDir = ".";
+ }
+ if (PR_Access(tempDir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+ error(PK11_INSTALL_DIR_DOESNT_EXIST, tempDir);
+ return PK11_INSTALL_DIR_DOESNT_EXIST;
+ }
+ if (PR_Access(tempDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+ error(PK11_INSTALL_DIR_NOT_WRITEABLE, tempDir);
+ return PK11_INSTALL_DIR_NOT_WRITEABLE;
+ }
+ if ((PR_Access(jarFile, PR_ACCESS_EXISTS) != PR_SUCCESS)) {
+ error(PK11_INSTALL_FILE_DOESNT_EXIST, jarFile);
+ return PK11_INSTALL_FILE_DOESNT_EXIST;
+ }
+ if (PR_Access(jarFile, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+ error(PK11_INSTALL_FILE_NOT_READABLE, jarFile);
+ return PK11_INSTALL_FILE_NOT_READABLE;
+ }
+
+ /*
+ * Extract the JAR file
+ */
+ jar = JAR_new();
+ JAR_set_callback(JAR_CB_SIGNAL, jar, jar_callback);
+
+ if (noverify) {
+ status = JAR_pass_archive_unverified(jar, jarArchGuess, jarFile, "url");
+ } else {
+ status = JAR_pass_archive(jar, jarArchGuess, jarFile, "url");
+ }
+ if ((status < 0) || (jar->valid < 0)) {
+ if (status >= JAR_BASE && status <= JAR_BASE_END) {
+ error(PK11_INSTALL_JAR_ERROR, jarFile, JAR_get_error(status));
+ } else {
+ error(PK11_INSTALL_JAR_ERROR, jarFile,
+ mySECU_ErrorString(PORT_GetError()));
+ }
+ ret = PK11_INSTALL_JAR_ERROR;
+ goto loser;
+ }
+ /*printf("passed the archive\n");*/
+
+ /*
+ * Show the user security information, allow them to abort or continue
+ */
+ if (Pk11Install_UserVerifyJar(jar, PR_STDOUT,
+ force ?
+ PR_FALSE
+ :
+ PR_TRUE) &&
+ !force) {
+ if (feedback) {
+ PR_fprintf(feedback, msgStrings[USER_ABORT]);
+ }
+ ret = PK11_INSTALL_USER_ABORT;
+ goto loser;
+ }
+
+ /*
+ * Get the name of the installation file
+ */
+ if (JAR_get_metainfo(jar, NULL, INSTALL_METAINFO_TAG, (void **)&installer,
+ (unsigned long *)&installer_len)) {
+ error(PK11_INSTALL_NO_INSTALLER_SCRIPT);
+ ret = PK11_INSTALL_NO_INSTALLER_SCRIPT;
+ goto loser;
+ }
+ if (feedback) {
+ PR_fprintf(feedback, msgStrings[INSTALLER_SCRIPT_NAME], installer);
+ }
+
+ /*
+ * Extract the installation file
+ */
+ if (PR_Access(SCRIPT_TEMP_FILE, PR_ACCESS_EXISTS) == PR_SUCCESS) {
+ if (PR_Delete(SCRIPT_TEMP_FILE) != PR_SUCCESS) {
+ error(PK11_INSTALL_DELETE_TEMP_FILE, SCRIPT_TEMP_FILE);
+ ret = PK11_INSTALL_DELETE_TEMP_FILE;
+ goto loser;
+ }
+ }
+ if (noverify) {
+ status = JAR_extract(jar, installer, SCRIPT_TEMP_FILE);
+ } else {
+ status = JAR_verified_extract(jar, installer, SCRIPT_TEMP_FILE);
+ }
+ if (status) {
+ if (status >= JAR_BASE && status <= JAR_BASE_END) {
+ error(PK11_INSTALL_JAR_EXTRACT, installer, JAR_get_error(status));
+ } else {
+ error(PK11_INSTALL_JAR_EXTRACT, installer,
+ mySECU_ErrorString(PORT_GetError()));
+ }
+ ret = PK11_INSTALL_JAR_EXTRACT;
+ goto loser;
+ } else {
+ made_temp_file = PR_TRUE;
+ }
+
+ /*
+ * Parse the installation file into a syntax tree
+ */
+ Pk11Install_FD = PR_Open(SCRIPT_TEMP_FILE, PR_RDONLY, 0);
+ if (!Pk11Install_FD) {
+ error(PK11_INSTALL_OPEN_SCRIPT_FILE, SCRIPT_TEMP_FILE);
+ ret = PK11_INSTALL_OPEN_SCRIPT_FILE;
+ goto loser;
+ }
+ if (Pk11Install_yyparse()) {
+ error(PK11_INSTALL_SCRIPT_PARSE, installer,
+ Pk11Install_yyerrstr ? Pk11Install_yyerrstr : "");
+ ret = PK11_INSTALL_SCRIPT_PARSE;
+ goto loser;
+ }
#if 0
- /* for debugging */
- Pk11Install_valueList->Print(0);
+ /* for debugging */
+ Pk11Install_valueList->Print(0);
#endif
- /*
- * From the syntax tree, build a semantic structure
- */
- errMsg = Pk11Install_Info_Generate(&installInfo,Pk11Install_valueList);
- if(errMsg) {
- error(PK11_INSTALL_SEMANTIC, errMsg);
- ret=PK11_INSTALL_SEMANTIC;
- goto loser;
- }
+ /*
+ * From the syntax tree, build a semantic structure
+ */
+ errMsg = Pk11Install_Info_Generate(&installInfo, Pk11Install_valueList);
+ if (errMsg) {
+ error(PK11_INSTALL_SEMANTIC, errMsg);
+ ret = PK11_INSTALL_SEMANTIC;
+ goto loser;
+ }
#if 0
- installInfo.Print(0);
+ installInfo.Print(0);
#endif
- if(feedback) {
- PR_fprintf(feedback, msgStrings[PARSED_INSTALL_SCRIPT]);
- }
-
- /*
- * Figure out which platform to use
- */
- {
- sysname[0] = release[0] = arch[0] = '\0';
-
- if( (PR_GetSystemInfo(PR_SI_SYSNAME, sysname, SYS_INFO_BUFFER_LENGTH)
- != PR_SUCCESS) ||
- (PR_GetSystemInfo(PR_SI_RELEASE, release, SYS_INFO_BUFFER_LENGTH)
- != PR_SUCCESS) ||
- (PR_GetSystemInfo(PR_SI_ARCHITECTURE, arch, SYS_INFO_BUFFER_LENGTH)
- != PR_SUCCESS) ) {
- error(PK11_INSTALL_SYSINFO);
- ret=PK11_INSTALL_SYSINFO;
- goto loser;
- }
- myPlatform = PR_smprintf("%s:%s:%s", sysname, release, arch);
- platform = Pk11Install_Info_GetBestPlatform(&installInfo,myPlatform);
- if(!platform) {
- error(PK11_INSTALL_NO_PLATFORM, myPlatform);
- PR_smprintf_free(myPlatform);
- ret=PK11_INSTALL_NO_PLATFORM;
- goto loser;
- }
- if(feedback) {
- PR_fprintf(feedback, msgStrings[MY_PLATFORM_IS], myPlatform);
- PR_fprintf(feedback, msgStrings[USING_PLATFORM],
- Pk11Install_PlatformName_GetString(&platform->name));
- }
- PR_smprintf_free(myPlatform);
- }
-
- /* Run the install for that platform */
- ret = DoInstall(jar, installDir, tempDir, platform, feedback, noverify);
- if(ret) {
- goto loser;
- }
-
- ret = PK11_INSTALL_SUCCESS;
+ if (feedback) {
+ PR_fprintf(feedback, msgStrings[PARSED_INSTALL_SCRIPT]);
+ }
+
+ /*
+ * Figure out which platform to use
+ */
+ {
+ sysname[0] = release[0] = arch[0] = '\0';
+
+ if ((PR_GetSystemInfo(PR_SI_SYSNAME, sysname, SYS_INFO_BUFFER_LENGTH) !=
+ PR_SUCCESS) ||
+ (PR_GetSystemInfo(PR_SI_RELEASE, release, SYS_INFO_BUFFER_LENGTH) !=
+ PR_SUCCESS) ||
+ (PR_GetSystemInfo(PR_SI_ARCHITECTURE, arch, SYS_INFO_BUFFER_LENGTH) !=
+ PR_SUCCESS)) {
+ error(PK11_INSTALL_SYSINFO);
+ ret = PK11_INSTALL_SYSINFO;
+ goto loser;
+ }
+ myPlatform = PR_smprintf("%s:%s:%s", sysname, release, arch);
+ platform = Pk11Install_Info_GetBestPlatform(&installInfo, myPlatform);
+ if (!platform) {
+ error(PK11_INSTALL_NO_PLATFORM, myPlatform);
+ PR_smprintf_free(myPlatform);
+ ret = PK11_INSTALL_NO_PLATFORM;
+ goto loser;
+ }
+ if (feedback) {
+ PR_fprintf(feedback, msgStrings[MY_PLATFORM_IS], myPlatform);
+ PR_fprintf(feedback, msgStrings[USING_PLATFORM],
+ Pk11Install_PlatformName_GetString(&platform->name));
+ }
+ PR_smprintf_free(myPlatform);
+ }
+
+ /* Run the install for that platform */
+ ret = DoInstall(jar, installDir, tempDir, platform, feedback, noverify);
+ if (ret) {
+ goto loser;
+ }
+
+ ret = PK11_INSTALL_SUCCESS;
loser:
- if(Pk11Install_valueList) {
- Pk11Install_ValueList_delete(Pk11Install_valueList);
- PR_Free(Pk11Install_valueList);
- Pk11Install_valueList = NULL;
- }
- if(jar) {
- JAR_destroy(jar);
- }
- if(made_temp_file) {
- PR_Delete(SCRIPT_TEMP_FILE);
- }
- if(errMsg) {
- PR_smprintf_free(errMsg);
- }
- return ret;
+ if (Pk11Install_valueList) {
+ Pk11Install_ValueList_delete(Pk11Install_valueList);
+ PR_Free(Pk11Install_valueList);
+ Pk11Install_valueList = NULL;
+ }
+ if (jar) {
+ JAR_destroy(jar);
+ }
+ if (made_temp_file) {
+ PR_Delete(SCRIPT_TEMP_FILE);
+ }
+ if (errMsg) {
+ PR_smprintf_free(errMsg);
+ }
+ return ret;
}
/*
@@ -549,260 +560,259 @@ loser:
*/
static Pk11Install_Error
DoInstall(JAR *jar, const char *installDir, const char *tempDir,
- Pk11Install_Platform *platform, PRFileDesc *feedback, PRBool noverify)
+ Pk11Install_Platform *platform, PRFileDesc *feedback, PRBool noverify)
{
- Pk11Install_File *file;
- Pk11Install_Error ret;
- char *reldir;
- char *dest;
- char *modDest;
- char *cp;
- int i;
- int status;
- char *tempname, *temp;
- StringList executables;
- StringNode *execNode;
- PRProcessAttr *attr;
- PRProcess *proc;
- char *argv[2];
- char *envp[1];
- int errcode;
-
- ret=PK11_INSTALL_UNSPECIFIED;
- reldir=NULL;
- dest=NULL;
- modDest=NULL;
- tempname=NULL;
-
- StringList_new(&executables);
- /*
- // Create Temporary directory
- */
- tempname = PR_smprintf("%s/%s", tempDir, TEMPORARY_DIRECTORY_NAME);
- if( PR_Access(tempname, PR_ACCESS_EXISTS)==PR_SUCCESS ) {
- /* Left over from previous run? Delete it. */
- rm_dash_r(tempname);
- }
- if(PR_MkDir(tempname, 0700) != PR_SUCCESS) {
- error(PK11_INSTALL_CREATE_DIR, tempname);
- ret = PK11_INSTALL_CREATE_DIR;
- goto loser;
- }
-
- /*
- // Install all the files
- */
- for(i=0; i < platform->numFiles; i++) {
- file = &platform->files[i];
-
- if(file->relativePath) {
- PRBool foundMarker = PR_FALSE;
- reldir = PR_Strdup(file->relativePath);
-
- /* Replace all the markers with the directories for which they stand */
- while(1) {
- if( (cp=PL_strcasestr(reldir, ROOT_MARKER)) ) {
- /* Has a %root% marker */
- *cp = '\0';
- temp = PR_smprintf("%s%s%s", reldir, installDir,
- cp+strlen(ROOT_MARKER));
- PR_Free(reldir);
- reldir = temp;
- foundMarker = PR_TRUE;
- } else if( (cp = PL_strcasestr(reldir, TEMP_MARKER)) ) {
- /* Has a %temp% marker */
- *cp = '\0';
- temp = PR_smprintf("%s%s%s", reldir, tempname,
- cp+strlen(TEMP_MARKER));
- PR_Free(reldir);
- reldir = temp;
- foundMarker = PR_TRUE;
- } else {
- break;
- }
- }
- if(!foundMarker) {
- /* Has no markers...this isn't really a relative directory */
- error(PK11_INSTALL_BOGUS_REL_DIR, file->relativePath);
- ret = PK11_INSTALL_BOGUS_REL_DIR;
- goto loser;
- }
- dest = reldir;
- reldir = NULL;
- } else if(file->absolutePath) {
- dest = PR_Strdup(file->absolutePath);
- }
-
- /* Remember if this is the module file, we'll need to add it later */
- if(i == platform->modFile) {
- modDest = PR_Strdup(dest);
- }
-
- /* Remember is this is an executable, we'll need to run it later */
- if(file->executable) {
- StringList_Append(&executables,dest);
- /*executables.Append(dest);*/
- }
-
- /* Make sure the directory we are targetting exists */
- if( make_dirs(dest, file->permissions) ) {
- ret=PK11_INSTALL_CREATE_DIR;
- goto loser;
- }
-
- /* Actually extract the file onto the filesystem */
- if(noverify) {
- status = JAR_extract(jar, (char*)file->jarPath, dest);
- } else {
- status = JAR_verified_extract(jar, (char*)file->jarPath, dest);
- }
- if(status) {
- if (status >= JAR_BASE && status <= JAR_BASE_END) {
- error(PK11_INSTALL_JAR_EXTRACT, file->jarPath,
- JAR_get_error(status));
- } else {
- error(PK11_INSTALL_JAR_EXTRACT, file->jarPath,
- mySECU_ErrorString(PORT_GetError()));
- }
- ret=PK11_INSTALL_JAR_EXTRACT;
- goto loser;
- }
- if(feedback) {
- PR_fprintf(feedback, msgStrings[INSTALLED_FILE_MSG],
- file->jarPath, dest);
- }
-
- /* no NSPR command to change permissions? */
+ Pk11Install_File *file;
+ Pk11Install_Error ret;
+ char *reldir;
+ char *dest;
+ char *modDest;
+ char *cp;
+ int i;
+ int status;
+ char *tempname, *temp;
+ StringList executables;
+ StringNode *execNode;
+ PRProcessAttr *attr;
+ PRProcess *proc;
+ char *argv[2];
+ char *envp[1];
+ int errcode;
+
+ ret = PK11_INSTALL_UNSPECIFIED;
+ reldir = NULL;
+ dest = NULL;
+ modDest = NULL;
+ tempname = NULL;
+
+ StringList_new(&executables);
+ /*
+ // Create Temporary directory
+ */
+ tempname = PR_smprintf("%s/%s", tempDir, TEMPORARY_DIRECTORY_NAME);
+ if (PR_Access(tempname, PR_ACCESS_EXISTS) == PR_SUCCESS) {
+ /* Left over from previous run? Delete it. */
+ rm_dash_r(tempname);
+ }
+ if (PR_MkDir(tempname, 0700) != PR_SUCCESS) {
+ error(PK11_INSTALL_CREATE_DIR, tempname);
+ ret = PK11_INSTALL_CREATE_DIR;
+ goto loser;
+ }
+
+ /*
+ // Install all the files
+ */
+ for (i = 0; i < platform->numFiles; i++) {
+ file = &platform->files[i];
+
+ if (file->relativePath) {
+ PRBool foundMarker = PR_FALSE;
+ reldir = PR_Strdup(file->relativePath);
+
+ /* Replace all the markers with the directories for which they stand */
+ while (1) {
+ if ((cp = PL_strcasestr(reldir, ROOT_MARKER))) {
+ /* Has a %root% marker */
+ *cp = '\0';
+ temp = PR_smprintf("%s%s%s", reldir, installDir,
+ cp + strlen(ROOT_MARKER));
+ PR_Free(reldir);
+ reldir = temp;
+ foundMarker = PR_TRUE;
+ } else if ((cp = PL_strcasestr(reldir, TEMP_MARKER))) {
+ /* Has a %temp% marker */
+ *cp = '\0';
+ temp = PR_smprintf("%s%s%s", reldir, tempname,
+ cp + strlen(TEMP_MARKER));
+ PR_Free(reldir);
+ reldir = temp;
+ foundMarker = PR_TRUE;
+ } else {
+ break;
+ }
+ }
+ if (!foundMarker) {
+ /* Has no markers...this isn't really a relative directory */
+ error(PK11_INSTALL_BOGUS_REL_DIR, file->relativePath);
+ ret = PK11_INSTALL_BOGUS_REL_DIR;
+ goto loser;
+ }
+ dest = reldir;
+ reldir = NULL;
+ } else if (file->absolutePath) {
+ dest = PR_Strdup(file->absolutePath);
+ }
+
+ /* Remember if this is the module file, we'll need to add it later */
+ if (i == platform->modFile) {
+ modDest = PR_Strdup(dest);
+ }
+
+ /* Remember is this is an executable, we'll need to run it later */
+ if (file->executable) {
+ StringList_Append(&executables, dest);
+ /*executables.Append(dest);*/
+ }
+
+ /* Make sure the directory we are targetting exists */
+ if (make_dirs(dest, file->permissions)) {
+ ret = PK11_INSTALL_CREATE_DIR;
+ goto loser;
+ }
+
+ /* Actually extract the file onto the filesystem */
+ if (noverify) {
+ status = JAR_extract(jar, (char *)file->jarPath, dest);
+ } else {
+ status = JAR_verified_extract(jar, (char *)file->jarPath, dest);
+ }
+ if (status) {
+ if (status >= JAR_BASE && status <= JAR_BASE_END) {
+ error(PK11_INSTALL_JAR_EXTRACT, file->jarPath,
+ JAR_get_error(status));
+ } else {
+ error(PK11_INSTALL_JAR_EXTRACT, file->jarPath,
+ mySECU_ErrorString(PORT_GetError()));
+ }
+ ret = PK11_INSTALL_JAR_EXTRACT;
+ goto loser;
+ }
+ if (feedback) {
+ PR_fprintf(feedback, msgStrings[INSTALLED_FILE_MSG],
+ file->jarPath, dest);
+ }
+
+/* no NSPR command to change permissions? */
#ifdef XP_UNIX
- chmod(dest, file->permissions);
+ chmod(dest, file->permissions);
#endif
- /* Memory clean-up tasks */
- if(reldir) {
- PR_Free(reldir);
- reldir = NULL;
- }
- if(dest) {
- PR_Free(dest);
- dest = NULL;
- }
- }
- /* Make sure we found the module file */
- if(!modDest) {
- /* Internal problem here, since every platform is supposed to have
- a module file */
- error(PK11_INSTALL_NO_MOD_FILE, platform->moduleName);
- ret=PK11_INSTALL_NO_MOD_FILE;
- goto loser;
- }
-
- /*
- // Execute any executable files
- */
- {
- argv[1] = NULL;
- envp[0] = NULL;
- for(execNode = executables.head; execNode; execNode = execNode->next) {
- attr = PR_NewProcessAttr();
- argv[0] = PR_Strdup(execNode->str);
-
- /* Announce our intentions */
- if(feedback) {
- PR_fprintf(feedback, msgStrings[EXEC_FILE_MSG], execNode->str);
- }
-
- /* start the process */
- if( !(proc=PR_CreateProcess(execNode->str, argv, envp, attr)) ) {
- PR_Free(argv[0]);
- PR_DestroyProcessAttr(attr);
- error(PK11_INSTALL_EXEC_FILE, execNode->str);
- ret=PK11_INSTALL_EXEC_FILE;
- goto loser;
- }
-
- /* wait for it to finish */
- if( PR_WaitProcess(proc, &errcode) != PR_SUCCESS) {
- PR_Free(argv[0]);
- PR_DestroyProcessAttr(attr);
- error(PK11_INSTALL_WAIT_PROCESS, execNode->str);
- ret=PK11_INSTALL_WAIT_PROCESS;
- goto loser;
- }
-
- /* What happened? */
- if(errcode) {
- /* process returned an error */
- error(PK11_INSTALL_PROC_ERROR, execNode->str, errcode);
- } else if(feedback) {
- /* process ran successfully */
- PR_fprintf(feedback, msgStrings[EXEC_SUCCESS], execNode->str);
- }
-
- PR_Free(argv[0]);
- PR_DestroyProcessAttr(attr);
- }
- }
-
- /*
- // Add the module
- */
- status = Pk11Install_AddNewModule((char*)platform->moduleName,
- (char*)modDest, platform->mechFlags, platform->cipherFlags );
-
- if(status != SECSuccess) {
- error(PK11_INSTALL_ADD_MODULE, platform->moduleName);
- ret=PK11_INSTALL_ADD_MODULE;
- goto loser;
- }
- if(feedback) {
- PR_fprintf(feedback, msgStrings[INSTALLED_MODULE_MSG],
- platform->moduleName);
- }
-
- if(feedback) {
- PR_fprintf(feedback, msgStrings[INSTALLATION_COMPLETE_MSG]);
- }
-
- ret = PK11_INSTALL_SUCCESS;
+ /* Memory clean-up tasks */
+ if (reldir) {
+ PR_Free(reldir);
+ reldir = NULL;
+ }
+ if (dest) {
+ PR_Free(dest);
+ dest = NULL;
+ }
+ }
+ /* Make sure we found the module file */
+ if (!modDest) {
+ /* Internal problem here, since every platform is supposed to have
+ a module file */
+ error(PK11_INSTALL_NO_MOD_FILE, platform->moduleName);
+ ret = PK11_INSTALL_NO_MOD_FILE;
+ goto loser;
+ }
+
+ /*
+ // Execute any executable files
+ */
+ {
+ argv[1] = NULL;
+ envp[0] = NULL;
+ for (execNode = executables.head; execNode; execNode = execNode->next) {
+ attr = PR_NewProcessAttr();
+ argv[0] = PR_Strdup(execNode->str);
+
+ /* Announce our intentions */
+ if (feedback) {
+ PR_fprintf(feedback, msgStrings[EXEC_FILE_MSG], execNode->str);
+ }
+
+ /* start the process */
+ if (!(proc = PR_CreateProcess(execNode->str, argv, envp, attr))) {
+ PR_Free(argv[0]);
+ PR_DestroyProcessAttr(attr);
+ error(PK11_INSTALL_EXEC_FILE, execNode->str);
+ ret = PK11_INSTALL_EXEC_FILE;
+ goto loser;
+ }
+
+ /* wait for it to finish */
+ if (PR_WaitProcess(proc, &errcode) != PR_SUCCESS) {
+ PR_Free(argv[0]);
+ PR_DestroyProcessAttr(attr);
+ error(PK11_INSTALL_WAIT_PROCESS, execNode->str);
+ ret = PK11_INSTALL_WAIT_PROCESS;
+ goto loser;
+ }
+
+ /* What happened? */
+ if (errcode) {
+ /* process returned an error */
+ error(PK11_INSTALL_PROC_ERROR, execNode->str, errcode);
+ } else if (feedback) {
+ /* process ran successfully */
+ PR_fprintf(feedback, msgStrings[EXEC_SUCCESS], execNode->str);
+ }
+
+ PR_Free(argv[0]);
+ PR_DestroyProcessAttr(attr);
+ }
+ }
+
+ /*
+ // Add the module
+ */
+ status = Pk11Install_AddNewModule((char *)platform->moduleName,
+ (char *)modDest, platform->mechFlags, platform->cipherFlags);
+
+ if (status != SECSuccess) {
+ error(PK11_INSTALL_ADD_MODULE, platform->moduleName);
+ ret = PK11_INSTALL_ADD_MODULE;
+ goto loser;
+ }
+ if (feedback) {
+ PR_fprintf(feedback, msgStrings[INSTALLED_MODULE_MSG],
+ platform->moduleName);
+ }
+
+ if (feedback) {
+ PR_fprintf(feedback, msgStrings[INSTALLATION_COMPLETE_MSG]);
+ }
+
+ ret = PK11_INSTALL_SUCCESS;
loser:
- if(reldir) {
- PR_Free(reldir);
- }
- if(dest) {
- PR_Free(dest);
- }
- if(modDest) {
- PR_Free(modDest);
- }
- if(tempname) {
- PRFileInfo info;
- if(PR_GetFileInfo(tempname, &info) == PR_SUCCESS) {
- if(info.type == PR_FILE_DIRECTORY) {
- /* Recursively remove temporary directory */
- if(rm_dash_r(tempname)) {
- error(PK11_INSTALL_REMOVE_DIR,
- tempname);
- ret=PK11_INSTALL_REMOVE_DIR;
- }
-
- }
- }
- PR_Free(tempname);
- }
- StringList_delete(&executables);
- return ret;
+ if (reldir) {
+ PR_Free(reldir);
+ }
+ if (dest) {
+ PR_Free(dest);
+ }
+ if (modDest) {
+ PR_Free(modDest);
+ }
+ if (tempname) {
+ PRFileInfo info;
+ if (PR_GetFileInfo(tempname, &info) == PR_SUCCESS) {
+ if (info.type == PR_FILE_DIRECTORY) {
+ /* Recursively remove temporary directory */
+ if (rm_dash_r(tempname)) {
+ error(PK11_INSTALL_REMOVE_DIR,
+ tempname);
+ ret = PK11_INSTALL_REMOVE_DIR;
+ }
+ }
+ }
+ PR_Free(tempname);
+ }
+ StringList_delete(&executables);
+ return ret;
}
/*
//////////////////////////////////////////////////////////////////////////
*/
-static char*
-PR_Strdup(const char* str)
+static char *
+PR_Strdup(const char *str)
{
- char *tmp = (char*) PR_Malloc(strlen(str)+1);
- strcpy(tmp, str);
- return tmp;
+ char *tmp = (char *)PR_Malloc(strlen(str) + 1);
+ strcpy(tmp, str);
+ return tmp;
}
/*
@@ -812,43 +822,43 @@ PR_Strdup(const char* str)
*
*/
static int
-rm_dash_r (char *path)
+rm_dash_r(char *path)
{
- PRDir *dir;
+ PRDir *dir;
PRDirEntry *entry;
PRFileInfo fileinfo;
char filename[240];
- if(PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) {
+ if (PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) {
/*fprintf(stderr, "Error: Unable to access %s\n", filename);*/
return -1;
}
- if(fileinfo.type == PR_FILE_DIRECTORY) {
+ if (fileinfo.type == PR_FILE_DIRECTORY) {
dir = PR_OpenDir(path);
- if(!dir) {
+ if (!dir) {
return -1;
}
/* Recursively delete all entries in the directory */
- while((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
+ while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
sprintf(filename, "%s/%s", path, entry->name);
- if(rm_dash_r(filename)) {
+ if (rm_dash_r(filename)) {
PR_CloseDir(dir);
return -1;
}
}
- if(PR_CloseDir(dir) != PR_SUCCESS) {
+ if (PR_CloseDir(dir) != PR_SUCCESS) {
return -1;
}
/* Delete the directory itself */
- if(PR_RmDir(path) != PR_SUCCESS) {
+ if (PR_RmDir(path) != PR_SUCCESS) {
return -1;
}
} else {
- if(PR_Delete(path) != PR_SUCCESS) {
+ if (PR_Delete(path) != PR_SUCCESS) {
return -1;
}
}
@@ -865,97 +875,97 @@ rm_dash_r (char *path)
static int
make_dirs(char *path, int file_perms)
{
- char *Path;
- char *start;
- char *sep;
- int ret = 0;
- PRFileInfo info;
-
- if(!path) {
- return 0;
- }
-
- Path = PR_Strdup(path);
- start = strpbrk(Path, "/\\");
- if(!start) {
- return 0;
- }
- start++; /* start right after first slash */
-
- /* Each time through the loop add one more directory. */
- while( (sep=strpbrk(start, "/\\")) ) {
- *sep = '\0';
-
- if( PR_GetFileInfo(Path, &info) != PR_SUCCESS) {
- /* No such dir, we have to create it */
- if( PR_MkDir(Path, dir_perms(file_perms)) != PR_SUCCESS) {
- error(PK11_INSTALL_CREATE_DIR, Path);
- ret = PK11_INSTALL_CREATE_DIR;
- goto loser;
- }
- } else {
- /* something exists by this name, make sure it's a directory */
- if( info.type != PR_FILE_DIRECTORY ) {
- error(PK11_INSTALL_CREATE_DIR, Path);
- ret = PK11_INSTALL_CREATE_DIR;
- goto loser;
- }
- }
-
- /* If this is the lowest directory level, make sure it is writeable */
- if(!strpbrk(sep+1, "/\\")) {
- if( PR_Access(Path, PR_ACCESS_WRITE_OK)!=PR_SUCCESS) {
- error(PK11_INSTALL_DIR_NOT_WRITEABLE, Path);
- ret = PK11_INSTALL_DIR_NOT_WRITEABLE;
- goto loser;
- }
- }
-
- start = sep+1; /* start after the next slash */
- *sep = '/';
- }
+ char *Path;
+ char *start;
+ char *sep;
+ int ret = 0;
+ PRFileInfo info;
+
+ if (!path) {
+ return 0;
+ }
+
+ Path = PR_Strdup(path);
+ start = strpbrk(Path, "/\\");
+ if (!start) {
+ return 0;
+ }
+ start++; /* start right after first slash */
+
+ /* Each time through the loop add one more directory. */
+ while ((sep = strpbrk(start, "/\\"))) {
+ *sep = '\0';
+
+ if (PR_GetFileInfo(Path, &info) != PR_SUCCESS) {
+ /* No such dir, we have to create it */
+ if (PR_MkDir(Path, dir_perms(file_perms)) != PR_SUCCESS) {
+ error(PK11_INSTALL_CREATE_DIR, Path);
+ ret = PK11_INSTALL_CREATE_DIR;
+ goto loser;
+ }
+ } else {
+ /* something exists by this name, make sure it's a directory */
+ if (info.type != PR_FILE_DIRECTORY) {
+ error(PK11_INSTALL_CREATE_DIR, Path);
+ ret = PK11_INSTALL_CREATE_DIR;
+ goto loser;
+ }
+ }
+
+ /* If this is the lowest directory level, make sure it is writeable */
+ if (!strpbrk(sep + 1, "/\\")) {
+ if (PR_Access(Path, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+ error(PK11_INSTALL_DIR_NOT_WRITEABLE, Path);
+ ret = PK11_INSTALL_DIR_NOT_WRITEABLE;
+ goto loser;
+ }
+ }
+
+ start = sep + 1; /* start after the next slash */
+ *sep = '/';
+ }
loser:
- PR_Free(Path);
- return ret;
+ PR_Free(Path);
+ return ret;
}
/*************************************************************************
* d i r _ p e r m s
- *
+ *
* Guesses the desired permissions on a directory based on the permissions
* of a file that will be stored in it. Give read, write, and
- * execute to the owner (so we can create the file), read and
+ * execute to the owner (so we can create the file), read and
* execute to anyone who has read permissions on the file, and write
* to anyone who has write permissions on the file.
*/
static int
dir_perms(int perms)
{
- int ret = 0;
-
- /* owner */
- ret |= 0700;
-
- /* group */
- if(perms & 0040) {
- /* read on the file -> read and execute on the directory */
- ret |= 0050;
- }
- if(perms & 0020) {
- /* write on the file -> write on the directory */
- ret |= 0020;
- }
-
- /* others */
- if(perms & 0004) {
- /* read on the file -> read and execute on the directory */
- ret |= 0005;
- }
- if(perms & 0002) {
- /* write on the file -> write on the directory */
- ret |= 0002;
- }
-
- return ret;
+ int ret = 0;
+
+ /* owner */
+ ret |= 0700;
+
+ /* group */
+ if (perms & 0040) {
+ /* read on the file -> read and execute on the directory */
+ ret |= 0050;
+ }
+ if (perms & 0020) {
+ /* write on the file -> write on the directory */
+ ret |= 0020;
+ }
+
+ /* others */
+ if (perms & 0004) {
+ /* read on the file -> read and execute on the directory */
+ ret |= 0005;
+ }
+ if (perms & 0002) {
+ /* write on the file -> write on the directory */
+ ret |= 0002;
+ }
+
+ return ret;
}
diff --git a/cmd/modutil/install.h b/cmd/modutil/install.h
index d9461189e..5d6d3eaba 100644
--- a/cmd/modutil/install.h
+++ b/cmd/modutil/install.h
@@ -14,31 +14,31 @@ extern "C" {
typedef void (*Pk11Install_ErrorHandler)(char *);
typedef enum {
- PK11_INSTALL_NO_ERROR=0,
- PK11_INSTALL_DIR_DOESNT_EXIST,
- PK11_INSTALL_FILE_DOESNT_EXIST,
- PK11_INSTALL_FILE_NOT_READABLE,
- PK11_INSTALL_ERROR_STRING,
- PK11_INSTALL_JAR_ERROR,
- PK11_INSTALL_NO_INSTALLER_SCRIPT,
- PK11_INSTALL_DELETE_TEMP_FILE,
- PK11_INSTALL_OPEN_SCRIPT_FILE,
- PK11_INSTALL_SCRIPT_PARSE,
- PK11_INSTALL_SEMANTIC,
- PK11_INSTALL_SYSINFO,
- PK11_INSTALL_NO_PLATFORM,
- PK11_INSTALL_BOGUS_REL_DIR,
- PK11_INSTALL_NO_MOD_FILE,
- PK11_INSTALL_ADD_MODULE,
- PK11_INSTALL_JAR_EXTRACT,
- PK11_INSTALL_DIR_NOT_WRITEABLE,
- PK11_INSTALL_CREATE_DIR,
- PK11_INSTALL_REMOVE_DIR,
- PK11_INSTALL_EXEC_FILE,
- PK11_INSTALL_WAIT_PROCESS,
- PK11_INSTALL_PROC_ERROR,
- PK11_INSTALL_USER_ABORT,
- PK11_INSTALL_UNSPECIFIED
+ PK11_INSTALL_NO_ERROR = 0,
+ PK11_INSTALL_DIR_DOESNT_EXIST,
+ PK11_INSTALL_FILE_DOESNT_EXIST,
+ PK11_INSTALL_FILE_NOT_READABLE,
+ PK11_INSTALL_ERROR_STRING,
+ PK11_INSTALL_JAR_ERROR,
+ PK11_INSTALL_NO_INSTALLER_SCRIPT,
+ PK11_INSTALL_DELETE_TEMP_FILE,
+ PK11_INSTALL_OPEN_SCRIPT_FILE,
+ PK11_INSTALL_SCRIPT_PARSE,
+ PK11_INSTALL_SEMANTIC,
+ PK11_INSTALL_SYSINFO,
+ PK11_INSTALL_NO_PLATFORM,
+ PK11_INSTALL_BOGUS_REL_DIR,
+ PK11_INSTALL_NO_MOD_FILE,
+ PK11_INSTALL_ADD_MODULE,
+ PK11_INSTALL_JAR_EXTRACT,
+ PK11_INSTALL_DIR_NOT_WRITEABLE,
+ PK11_INSTALL_CREATE_DIR,
+ PK11_INSTALL_REMOVE_DIR,
+ PK11_INSTALL_EXEC_FILE,
+ PK11_INSTALL_WAIT_PROCESS,
+ PK11_INSTALL_PROC_ERROR,
+ PK11_INSTALL_USER_ABORT,
+ PK11_INSTALL_UNSPECIFIED
} Pk11Install_Error;
#define PK11_INSTALL_SUCCESS PK11_INSTALL_NO_ERROR
@@ -50,7 +50,7 @@ typedef enum {
* needs to be called by multithreaded apps, before they make any calls
* to this library.
*/
-void
+void
Pk11Install_Init();
/**************************************************************************
@@ -63,7 +63,6 @@ Pk11Install_Init();
Pk11Install_ErrorHandler
Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler);
-
/**************************************************************************
*
* P k 1 1 I n s t a l l _ R e l e a s e
@@ -73,7 +72,7 @@ Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler);
* first. This function doesn't have to be called at all unless you're
* really anal about freeing memory before your program exits.
*/
-void
+void
Pk11Install_Release();
/*************************************************************************
@@ -91,8 +90,8 @@ Pk11Install_Release();
*/
Pk11Install_Error
Pk11Install_DoInstall(char *jarFile, const char *installDir,
- const char *tempDir, PRFileDesc *feedback, short force,
- PRBool noverify);
+ const char *tempDir, PRFileDesc *feedback, short force,
+ PRBool noverify);
#ifdef __cplusplus
}
diff --git a/cmd/modutil/installparse.c b/cmd/modutil/installparse.c
index 12694db1e..3598972c6 100644
--- a/cmd/modutil/installparse.c
+++ b/cmd/modutil/installparse.c
@@ -6,7 +6,7 @@
char yysccsid[] = "@(#)yaccpar 1.4 (Berkeley) 02/25/90";
#endif
#line 37 "installparse.y"
-
+
#define yyparse Pk11Install_yyparse
#define yylex Pk11Install_yylex
#define yyerror Pk11Install_yyerror
@@ -38,13 +38,14 @@ char yysccsid[] = "@(#)yaccpar 1.4 (Berkeley) 02/25/90";
#define YYSTYPE Pk11Install_Pointer
extern char *Pk11Install_yytext;
-char *Pk11Install_yyerrstr=NULL;
+char *Pk11Install_yyerrstr = NULL;
#line 40 "ytab.c"
#define OPENBRACE 257
#define CLOSEBRACE 258
#define STRING 259
#define YYERRCODE 256
+/* clang-format on */
short yylhs[] = { -1,
0, 1, 1, 2, 2, 3, 4,
};
@@ -125,6 +126,7 @@ short yycheck[] = { 4,
-1, -1, -1, -1, -1, -1, -1, 257, 258, 259,
258,
};
+/* clang-format on */
#define YYFINAL 2
#ifndef YYDEBUG
#define YYDEBUG 0
@@ -132,30 +134,30 @@ short yycheck[] = { 4,
#define YYMAXTOKEN 259
#if YYDEBUG
char *yyname[] = {
-"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"OPENBRACE","CLOSEBRACE","STRING",
+ "end-of-file", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "OPENBRACE", "CLOSEBRACE", "STRING",
};
char *yyrule[] = {
-"$accept : toplist",
-"toplist : valuelist",
-"valuelist : value valuelist",
-"valuelist :",
-"value : key_value_pair",
-"value : STRING",
-"key_value_pair : key OPENBRACE valuelist CLOSEBRACE",
-"key : STRING",
+ "$accept : toplist",
+ "toplist : valuelist",
+ "valuelist : value valuelist",
+ "valuelist :",
+ "value : key_value_pair",
+ "value : STRING",
+ "key_value_pair : key OPENBRACE valuelist CLOSEBRACE",
+ "key : STRING",
};
#endif
#ifndef YYSTYPE
typedef int YYSTYPE;
#endif
-#define yyclearin (yychar=(-1))
-#define yyerrok (yyerrflag=0)
+#define yyclearin (yychar = (-1))
+#define yyerrok (yyerrflag = 0)
#ifndef YYSTACKSIZE
#ifdef YYMAXDEPTH
#define YYSTACKSIZE YYMAXDEPTH
@@ -181,15 +183,15 @@ YYSTYPE yyvs[YYSTACKSIZE];
void
Pk11Install_yyerror(char *message)
{
- char *tmp;
- if(Pk11Install_yyerrstr) {
- tmp=PR_smprintf("%sline %d: %s\n", Pk11Install_yyerrstr,
- Pk11Install_yylinenum, message);
- PR_smprintf_free(Pk11Install_yyerrstr);
- } else {
- tmp = PR_smprintf("line %d: %s\n", Pk11Install_yylinenum, message);
- }
- Pk11Install_yyerrstr=tmp;
+ char *tmp;
+ if (Pk11Install_yyerrstr) {
+ tmp = PR_smprintf("%sline %d: %s\n", Pk11Install_yyerrstr,
+ Pk11Install_yylinenum, message);
+ PR_smprintf_free(Pk11Install_yyerrstr);
+ } else {
+ tmp = PR_smprintf("line %d: %s\n", Pk11Install_yylinenum, message);
+ }
+ Pk11Install_yyerrstr = tmp;
}
#line 191 "ytab.c"
#define YYABORT goto yyabort
@@ -203,8 +205,7 @@ yyparse()
register char *yys;
extern char *PR_GetEnvSecure();
- if ((yys = PR_GetEnvSecure("YYDEBUG")) != NULL)
- {
+ if ((yys = PR_GetEnvSecure("YYDEBUG")) != NULL) {
yyn = *yys;
if (yyn >= '0' && yyn <= '9')
yydebug = yyn - '0';
@@ -220,46 +221,47 @@ yyparse()
*yyssp = yystate = 0;
yyloop:
- if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
- if (yychar < 0)
- {
- if ((yychar = yylex()) < 0) yychar = 0;
+ if ((yyn = yydefred[yystate]) != 0)
+ goto yyreduce;
+ if (yychar < 0) {
+ if ((yychar = yylex()) < 0)
+ yychar = 0;
#if YYDEBUG
- if (yydebug)
- {
+ if (yydebug) {
yys = 0;
- if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
- if (!yys) yys = "illegal-symbol";
+ if (yychar <= YYMAXTOKEN)
+ yys = yyname[yychar];
+ if (!yys)
+ yys = "illegal-symbol";
printf("yydebug: state %d, reading %d (%s)\n", yystate,
- yychar, yys);
+ yychar, yys);
}
#endif
}
if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
- yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
- {
+ yyn <= YYTABLESIZE && yycheck[yyn] == yychar) {
#if YYDEBUG
if (yydebug)
printf("yydebug: state %d, shifting to state %d\n",
- yystate, yytable[yyn]);
+ yystate, yytable[yyn]);
#endif
- if (yyssp >= yyss + yystacksize - 1)
- {
+ if (yyssp >= yyss + yystacksize - 1) {
goto yyoverflow;
}
*++yyssp = yystate = yytable[yyn];
*++yyvsp = yylval;
yychar = (-1);
- if (yyerrflag > 0) --yyerrflag;
+ if (yyerrflag > 0)
+ --yyerrflag;
goto yyloop;
}
if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
- yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
- {
+ yyn <= YYTABLESIZE && yycheck[yyn] == yychar) {
yyn = yytable[yyn];
goto yyreduce;
}
- if (yyerrflag) goto yyinrecovery;
+ if (yyerrflag)
+ goto yyinrecovery;
#ifdef lint
goto yynewerror;
yynewerror:
@@ -271,51 +273,47 @@ yyerrlab:
#endif
++yynerrs;
yyinrecovery:
- if (yyerrflag < 3)
- {
+ if (yyerrflag < 3) {
yyerrflag = 3;
- for (;;)
- {
+ for (;;) {
if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
- yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
- {
+ yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) {
#if YYDEBUG
if (yydebug)
printf("yydebug: state %d, error recovery shifting\
- to state %d\n", *yyssp, yytable[yyn]);
+ to state %d\n",
+ *yyssp, yytable[yyn]);
#endif
- if (yyssp >= yyss + yystacksize - 1)
- {
+ if (yyssp >= yyss + yystacksize - 1) {
goto yyoverflow;
}
*++yyssp = yystate = yytable[yyn];
*++yyvsp = yylval;
goto yyloop;
- }
- else
- {
+ } else {
#if YYDEBUG
if (yydebug)
printf("yydebug: error recovery discarding state %d\n",
- *yyssp);
+ *yyssp);
#endif
- if (yyssp <= yyss) goto yyabort;
+ if (yyssp <= yyss)
+ goto yyabort;
--yyssp;
--yyvsp;
}
}
- }
- else
- {
- if (yychar == 0) goto yyabort;
+ } else {
+ if (yychar == 0)
+ goto yyabort;
#if YYDEBUG
- if (yydebug)
- {
+ if (yydebug) {
yys = 0;
- if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
- if (!yys) yys = "illegal-symbol";
+ if (yychar <= YYMAXTOKEN)
+ yys = yyname[yychar];
+ if (!yys)
+ yys = "illegal-symbol";
printf("yydebug: state %d, error recovery discards token %d (%s)\n",
- yystate, yychar, yys);
+ yystate, yychar, yys);
}
#endif
yychar = (-1);
@@ -325,100 +323,94 @@ yyreduce:
#if YYDEBUG
if (yydebug)
printf("yydebug: state %d, reducing by rule %d (%s)\n",
- yystate, yyn, yyrule[yyn]);
+ yystate, yyn, yyrule[yyn]);
#endif
yym = yylen[yyn];
- yyval = yyvsp[1-yym];
- switch (yyn)
- {
-case 1:
+ yyval = yyvsp[1 - yym];
+ switch (yyn) {
+ case 1:
#line 84 "installparse.y"
-{
- Pk11Install_valueList = yyvsp[0].list;
-}
-break;
-case 2:
+ {
+ Pk11Install_valueList = yyvsp[0].list;
+ } break;
+ case 2:
#line 89 "installparse.y"
-{
- Pk11Install_ValueList_AddItem(yyvsp[0].list,yyvsp[-1].value);
- yyval .list = yyvsp[0].list;
-}
-break;
-case 3:
+ {
+ Pk11Install_ValueList_AddItem(yyvsp[0].list, yyvsp[-1].value);
+ yyval.list = yyvsp[0].list;
+ } break;
+ case 3:
#line 94 "installparse.y"
-{
- yyval .list = Pk11Install_ValueList_new();
-}
-break;
-case 4:
+ {
+ yyval.list = Pk11Install_ValueList_new();
+ } break;
+ case 4:
#line 99 "installparse.y"
-{
- yyval .value= Pk11Install_Value_new(PAIR_VALUE,yyvsp[0]);
-}
-break;
-case 5:
+ {
+ yyval.value = Pk11Install_Value_new(PAIR_VALUE, yyvsp[0]);
+ } break;
+ case 5:
#line 103 "installparse.y"
-{
- yyval .value= Pk11Install_Value_new(STRING_VALUE, yyvsp[0]);
-}
-break;
-case 6:
+ {
+ yyval.value = Pk11Install_Value_new(STRING_VALUE, yyvsp[0]);
+ } break;
+ case 6:
#line 108 "installparse.y"
-{
- yyval .pair = Pk11Install_Pair_new(yyvsp[-3].string,yyvsp[-1].list);
-}
-break;
-case 7:
+ {
+ yyval.pair = Pk11Install_Pair_new(yyvsp[-3].string, yyvsp[-1].list);
+ } break;
+ case 7:
#line 113 "installparse.y"
-{
- yyval .string = yyvsp[0].string;
-}
-break;
+ {
+ yyval.string = yyvsp[0].string;
+ } break;
#line 374 "ytab.c"
}
yyssp -= yym;
yystate = *yyssp;
yyvsp -= yym;
yym = yylhs[yyn];
- if (yystate == 0 && yym == 0)
- {
+ if (yystate == 0 && yym == 0) {
#ifdef YYDEBUG
if (yydebug)
printf("yydebug: after reduction, shifting from state 0 to\
- state %d\n", YYFINAL);
+ state %d\n",
+ YYFINAL);
#endif
yystate = YYFINAL;
*++yyssp = YYFINAL;
*++yyvsp = yyval;
- if (yychar < 0)
- {
- if ((yychar = yylex()) < 0) yychar = 0;
+ if (yychar < 0) {
+ if ((yychar = yylex()) < 0)
+ yychar = 0;
#if YYDEBUG
- if (yydebug)
- {
+ if (yydebug) {
yys = 0;
- if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
- if (!yys) yys = "illegal-symbol";
+ if (yychar <= YYMAXTOKEN)
+ yys = yyname[yychar];
+ if (!yys)
+ yys = "illegal-symbol";
printf("yydebug: state %d, reading %d (%s)\n",
- YYFINAL, yychar, yys);
+ YYFINAL, yychar, yys);
}
#endif
}
- if (yychar == 0) goto yyaccept;
+ if (yychar == 0)
+ goto yyaccept;
goto yyloop;
}
if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
- yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
+ yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
yystate = yytable[yyn];
else
yystate = yydgoto[yym];
#ifdef YYDEBUG
if (yydebug)
printf("yydebug: after reduction, shifting from state %d \
-to state %d\n", *yyssp, yystate);
+to state %d\n",
+ *yyssp, yystate);
#endif
- if (yyssp >= yyss + yystacksize - 1)
- {
+ if (yyssp >= yyss + yystacksize - 1) {
goto yyoverflow;
}
*++yyssp = yystate;
diff --git a/cmd/modutil/instsec.c b/cmd/modutil/instsec.c
index 284e489ec..95191e729 100644
--- a/cmd/modutil/instsec.c
+++ b/cmd/modutil/instsec.c
@@ -15,21 +15,22 @@
* We don't want to include security include files in the C++ code too much.
*/
-static char* PR_fgets(char *buf, int size, PRFileDesc *file);
+static char *PR_fgets(char *buf, int size, PRFileDesc *file);
/***************************************************************************
*
* P k 1 1 I n s t a l l _ A d d N e w M o d u l e
*/
int
-Pk11Install_AddNewModule(char* moduleName, char* dllPath,
- unsigned long defaultMechanismFlags,
- unsigned long cipherEnableFlags)
+Pk11Install_AddNewModule(char *moduleName, char *dllPath,
+ unsigned long defaultMechanismFlags,
+ unsigned long cipherEnableFlags)
{
- return (SECMOD_AddNewModule(moduleName, dllPath,
- SECMOD_PubMechFlagstoInternal(defaultMechanismFlags),
- SECMOD_PubCipherFlagstoInternal(cipherEnableFlags))
- == SECSuccess) ? 0 : -1;
+ return (SECMOD_AddNewModule(moduleName, dllPath,
+ SECMOD_PubMechFlagstoInternal(defaultMechanismFlags),
+ SECMOD_PubCipherFlagstoInternal(cipherEnableFlags)) == SECSuccess)
+ ? 0
+ : -1;
}
/*************************************************************************
@@ -45,67 +46,68 @@ Pk11Install_AddNewModule(char* moduleName, char* dllPath,
short
Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out, PRBool query)
{
- JAR_Context *ctx;
- JAR_Cert *fing;
- JAR_Item *item;
- char stdinbuf[80];
- int count=0;
-
- CERTCertificate *cert, *prev=NULL;
-
- PR_fprintf(out, "\nThis installation JAR file was signed by:\n");
-
- ctx = JAR_find(jar, NULL, jarTypeSign);
-
- while(JAR_find_next(ctx, &item) >= 0 ) {
- fing = (JAR_Cert*) item->data;
- cert = fing->cert;
- if(cert==prev) {
- continue;
- }
-
- count++;
- PR_fprintf(out, "----------------------------------------------\n");
- if(cert) {
- if(cert->nickname) {
- PR_fprintf(out, "**NICKNAME**\n%s\n", cert->nickname);
- }
- if(cert->subjectName) {
- PR_fprintf(out, "**SUBJECT NAME**\n%s\n", cert->subjectName); }
- if(cert->issuerName) {
- PR_fprintf(out, "**ISSUER NAME**\n%s\n", cert->issuerName);
- }
- } else {
- PR_fprintf(out, "No matching certificate could be found.\n");
- }
- PR_fprintf(out, "----------------------------------------------\n\n");
-
- prev=cert;
- }
-
- JAR_find_end(ctx);
-
- if(count==0) {
- PR_fprintf(out, "No signatures found: JAR FILE IS UNSIGNED.\n");
- }
-
- if(query) {
- PR_fprintf(out,
-"Do you wish to continue this installation? (y/n) ");
-
- if(PR_fgets(stdinbuf, 80, PR_STDIN) != NULL) {
- char *response;
-
- if( (response=strtok(stdinbuf, " \t\n\r")) ) {
- if( !PL_strcasecmp(response, "y") ||
- !PL_strcasecmp(response, "yes") ) {
- return 0;
- }
- }
- }
- }
-
- return 1;
+ JAR_Context *ctx;
+ JAR_Cert *fing;
+ JAR_Item *item;
+ char stdinbuf[80];
+ int count = 0;
+
+ CERTCertificate *cert, *prev = NULL;
+
+ PR_fprintf(out, "\nThis installation JAR file was signed by:\n");
+
+ ctx = JAR_find(jar, NULL, jarTypeSign);
+
+ while (JAR_find_next(ctx, &item) >= 0) {
+ fing = (JAR_Cert *)item->data;
+ cert = fing->cert;
+ if (cert == prev) {
+ continue;
+ }
+
+ count++;
+ PR_fprintf(out, "----------------------------------------------\n");
+ if (cert) {
+ if (cert->nickname) {
+ PR_fprintf(out, "**NICKNAME**\n%s\n", cert->nickname);
+ }
+ if (cert->subjectName) {
+ PR_fprintf(out, "**SUBJECT NAME**\n%s\n", cert->subjectName);
+ }
+ if (cert->issuerName) {
+ PR_fprintf(out, "**ISSUER NAME**\n%s\n", cert->issuerName);
+ }
+ } else {
+ PR_fprintf(out, "No matching certificate could be found.\n");
+ }
+ PR_fprintf(out, "----------------------------------------------\n\n");
+
+ prev = cert;
+ }
+
+ JAR_find_end(ctx);
+
+ if (count == 0) {
+ PR_fprintf(out, "No signatures found: JAR FILE IS UNSIGNED.\n");
+ }
+
+ if (query) {
+ PR_fprintf(out,
+ "Do you wish to continue this installation? (y/n) ");
+
+ if (PR_fgets(stdinbuf, 80, PR_STDIN) != NULL) {
+ char *response;
+
+ if ((response = strtok(stdinbuf, " \t\n\r"))) {
+ if (!PL_strcasecmp(response, "y") ||
+ !PL_strcasecmp(response, "yes")) {
+ return 0;
+ }
+ }
+ }
+ }
+
+ return 1;
}
/**************************************************************************
@@ -114,27 +116,27 @@ Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out, PRBool query)
*
* fgets implemented with NSPR.
*/
-static char*
+static char *
PR_fgets(char *buf, int size, PRFileDesc *file)
{
int i;
int status;
char c;
- i=0;
- while(i < size-1) {
- status = PR_Read(file, (void*) &c, 1);
- if(status==-1) {
+ i = 0;
+ while (i < size - 1) {
+ status = PR_Read(file, (void *)&c, 1);
+ if (status == -1) {
return NULL;
- } else if(status==0) {
+ } else if (status == 0) {
break;
}
buf[i++] = c;
- if(c=='\n') {
+ if (c == '\n') {
break;
}
}
- buf[i]='\0';
+ buf[i] = '\0';
return buf;
}
@@ -144,7 +146,8 @@ PR_fgets(char *buf, int size, PRFileDesc *file)
* m y S E C U _ E r r o r S t r i n g
*
*/
-const char* mySECU_ErrorString(PRErrorCode errnum)
+const char *
+mySECU_ErrorString(PRErrorCode errnum)
{
- return SECU_Strerror(errnum);
+ return SECU_Strerror(errnum);
}
diff --git a/cmd/modutil/lex.Pk11Install_yy.c b/cmd/modutil/lex.Pk11Install_yy.c
index 4533e0c76..4fa3d766e 100644
--- a/cmd/modutil/lex.Pk11Install_yy.c
+++ b/cmd/modutil/lex.Pk11Install_yy.c
@@ -29,7 +29,6 @@
#include <stdio.h>
-
/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
#ifdef c_plusplus
#ifndef __cplusplus
@@ -37,7 +36,6 @@
#endif
#endif
-
#ifdef __cplusplus
#include <stdlib.h>
@@ -49,19 +47,19 @@
/* The "const" storage-class-modifier is valid. */
#define YY_USE_CONST
-#else /* ! __cplusplus */
+#else /* ! __cplusplus */
#if __STDC__
#define YY_USE_PROTOS
#define YY_USE_CONST
-#endif /* __STDC__ */
-#endif /* ! __cplusplus */
+#endif /* __STDC__ */
+#endif /* ! __cplusplus */
#ifdef __TURBOC__
- #pragma warn -rch
- #pragma warn -use
+#pragma warn - rch
+#pragma warn - use
#include <io.h>
#include <stdlib.h>
#define YY_USE_CONST
@@ -74,7 +72,6 @@
#define yyconst
#endif
-
#ifdef YY_USE_PROTOS
#define YY_PROTO(proto) proto
#else
@@ -89,7 +86,7 @@
* we want to instead treat it as an 8-bit unsigned char, hence the
* double cast.
*/
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
+#define YY_SC_TO_UI(c) ((unsigned int)(unsigned char)c)
/* Enter a start condition. This macro really ought to take a parameter,
* but we do it the disgusting crufty way forced on us by the ()-less
@@ -108,7 +105,7 @@
#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart( yyin )
+#define YY_NEW_FILE yyrestart(yyin)
#define YY_END_OF_BUFFER_CHAR 0
@@ -128,10 +125,10 @@ extern FILE *yyin, *yyout;
* int a single C statement (which needs a semi-colon terminator). This
* avoids problems with code like:
*
- * if ( condition_holds )
- * yyless( 5 );
- * else
- * do_something_else();
+ * if ( condition_holds )
+ * yyless( 5 );
+ * else
+ * do_something_else();
*
* Prior to using the do-while the compiler would get upset at the
* "else" because it interpreted the "if" statement as being all
@@ -140,18 +137,16 @@ extern FILE *yyin, *yyout;
/* Return all but the first 'n' matched characters back to the input stream. */
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- *yy_cp = yy_hold_char; \
- YY_RESTORE_YY_MORE_OFFSET \
- yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \
- YY_DO_BEFORE_ACTION; /* set up yytext again */ \
- } \
- while ( 0 )
+#define yyless(n) \
+ do { \
+ /* Undo effects of setting up yytext. */ \
+ *yy_cp = yy_hold_char; \
+ YY_RESTORE_YY_MORE_OFFSET \
+ yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \
+ YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+ } while (0)
-#define unput(c) yyunput( c, yytext_ptr )
+#define unput(c) yyunput(c, yytext_ptr)
/* The following is because we cannot portably get our hands on size_t
* (without autoconf's help, which isn't available because we want
@@ -159,63 +154,61 @@ extern FILE *yyin, *yyout;
*/
typedef unsigned int yy_size_t;
-
-struct yy_buffer_state
- {
- FILE *yy_input_file;
-
- char *yy_ch_buf; /* input buffer */
- char *yy_buf_pos; /* current position in input buffer */
-
- /* Size of input buffer in bytes, not including room for EOB
- * characters.
- */
- yy_size_t yy_buf_size;
-
- /* Number of characters read into yy_ch_buf, not including EOB
- * characters.
- */
- int yy_n_chars;
-
- /* Whether we "own" the buffer - i.e., we know we created it,
- * and can realloc() it to grow it, and should free() it to
- * delete it.
- */
- int yy_is_our_buffer;
-
- /* Whether this is an "interactive" input source; if so, and
- * if we're using stdio for input, then we want to use getc()
- * instead of fread(), to make sure we stop fetching input after
- * each newline.
- */
- int yy_is_interactive;
-
- /* Whether we're considered to be at the beginning of a line.
- * If so, '^' rules will be active on the next match, otherwise
- * not.
- */
- int yy_at_bol;
-
- /* Whether to try to fill the input buffer when we reach the
- * end of it.
- */
- int yy_fill_buffer;
-
- int yy_buffer_status;
+struct yy_buffer_state {
+ FILE *yy_input_file;
+
+ char *yy_ch_buf; /* input buffer */
+ char *yy_buf_pos; /* current position in input buffer */
+
+ /* Size of input buffer in bytes, not including room for EOB
+ * characters.
+ */
+ yy_size_t yy_buf_size;
+
+ /* Number of characters read into yy_ch_buf, not including EOB
+ * characters.
+ */
+ int yy_n_chars;
+
+ /* Whether we "own" the buffer - i.e., we know we created it,
+ * and can realloc() it to grow it, and should free() it to
+ * delete it.
+ */
+ int yy_is_our_buffer;
+
+ /* Whether this is an "interactive" input source; if so, and
+ * if we're using stdio for input, then we want to use getc()
+ * instead of fread(), to make sure we stop fetching input after
+ * each newline.
+ */
+ int yy_is_interactive;
+
+ /* Whether we're considered to be at the beginning of a line.
+ * If so, '^' rules will be active on the next match, otherwise
+ * not.
+ */
+ int yy_at_bol;
+
+ /* Whether to try to fill the input buffer when we reach the
+ * end of it.
+ */
+ int yy_fill_buffer;
+
+ int yy_buffer_status;
#define YY_BUFFER_NEW 0
#define YY_BUFFER_NORMAL 1
- /* When an EOF's been seen but there's still some text to process
- * then we mark the buffer as YY_EOF_PENDING, to indicate that we
- * shouldn't try reading from the input source any more. We might
- * still have a bunch of tokens to match, though, because of
- * possible backing-up.
- *
- * When we actually see the EOF, we change the status to "new"
- * (via yyrestart()), so that the user can continue scanning by
- * just pointing yyin at a new input file.
- */
+/* When an EOF's been seen but there's still some text to process
+ * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+ * shouldn't try reading from the input source any more. We might
+ * still have a bunch of tokens to match, though, because of
+ * possible backing-up.
+ *
+ * When we actually see the EOF, we change the status to "new"
+ * (via yyrestart()), so that the user can continue scanning by
+ * just pointing yyin at a new input file.
+ */
#define YY_BUFFER_EOF_PENDING 2
- };
+};
static YY_BUFFER_STATE yy_current_buffer = 0;
@@ -225,152 +218,143 @@ static YY_BUFFER_STATE yy_current_buffer = 0;
*/
#define YY_CURRENT_BUFFER yy_current_buffer
-
/* yy_hold_char holds the character lost when yytext is formed. */
static char yy_hold_char;
-static int yy_n_chars; /* number of characters read into yy_ch_buf */
-
+static int yy_n_chars; /* number of characters read into yy_ch_buf */
int yyleng;
/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 1; /* whether we need to initialize */
-static int yy_start = 0; /* start state number */
+static char *yy_c_buf_p = (char *)0;
+static int yy_init = 1; /* whether we need to initialize */
+static int yy_start = 0; /* start state number */
/* Flag which is used to allow yywrap()'s to do buffer switches
* instead of setting up a fresh yyin. A bit of a hack ...
*/
static int yy_did_buffer_switch_on_eof;
-void yyrestart YY_PROTO(( FILE *input_file ));
+void yyrestart YY_PROTO((FILE * input_file));
-void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer ));
-void yy_load_buffer_state YY_PROTO(( void ));
-YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size ));
-void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b ));
-void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file ));
-void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b ));
-#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer )
+void yy_switch_to_buffer YY_PROTO((YY_BUFFER_STATE new_buffer));
+void yy_load_buffer_state YY_PROTO((void));
+YY_BUFFER_STATE yy_create_buffer YY_PROTO((FILE * file, int size));
+void yy_delete_buffer YY_PROTO((YY_BUFFER_STATE b));
+void yy_init_buffer YY_PROTO((YY_BUFFER_STATE b, FILE *file));
+void yy_flush_buffer YY_PROTO((YY_BUFFER_STATE b));
+#define YY_FLUSH_BUFFER yy_flush_buffer(yy_current_buffer)
-YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size ));
-YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str ));
-YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len ));
+YY_BUFFER_STATE yy_scan_buffer YY_PROTO((char *base, yy_size_t size));
+YY_BUFFER_STATE yy_scan_string YY_PROTO((yyconst char *yy_str));
+YY_BUFFER_STATE yy_scan_bytes YY_PROTO((yyconst char *bytes, int len));
-static void *yy_flex_alloc YY_PROTO(( yy_size_t ));
-static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t ));
-static void yy_flex_free YY_PROTO(( void * ));
+static void *yy_flex_alloc YY_PROTO((yy_size_t));
+static void *yy_flex_realloc YY_PROTO((void *, yy_size_t));
+static void yy_flex_free YY_PROTO((void *));
#define yy_new_buffer yy_create_buffer
-#define yy_set_interactive(is_interactive) \
- { \
- if ( ! yy_current_buffer ) \
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
- yy_current_buffer->yy_is_interactive = is_interactive; \
- }
+#define yy_set_interactive(is_interactive) \
+ { \
+ if (!yy_current_buffer) \
+ yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); \
+ yy_current_buffer->yy_is_interactive = is_interactive; \
+ }
-#define yy_set_bol(at_bol) \
- { \
- if ( ! yy_current_buffer ) \
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
- yy_current_buffer->yy_at_bol = at_bol; \
- }
+#define yy_set_bol(at_bol) \
+ { \
+ if (!yy_current_buffer) \
+ yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); \
+ yy_current_buffer->yy_at_bol = at_bol; \
+ }
#define YY_AT_BOL() (yy_current_buffer->yy_at_bol)
typedef unsigned char YY_CHAR;
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
+FILE *yyin = (FILE *)0, *yyout = (FILE *)0;
typedef int yy_state_type;
extern char *yytext;
#define yytext_ptr yytext
-static yy_state_type yy_get_previous_state YY_PROTO(( void ));
-static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state ));
-static int yy_get_next_buffer YY_PROTO(( void ));
-static void yy_fatal_error YY_PROTO(( yyconst char msg[] ));
+static yy_state_type yy_get_previous_state YY_PROTO((void));
+static yy_state_type yy_try_NUL_trans YY_PROTO((yy_state_type current_state));
+static int yy_get_next_buffer YY_PROTO((void));
+static void yy_fatal_error YY_PROTO((yyconst char msg[]));
/* Done after the current pattern has been matched and before the
* corresponding action - sets up yytext.
*/
-#define YY_DO_BEFORE_ACTION \
- yytext_ptr = yy_bp; \
- yyleng = (int) (yy_cp - yy_bp); \
- yy_hold_char = *yy_cp; \
- *yy_cp = '\0'; \
- yy_c_buf_p = yy_cp;
+#define YY_DO_BEFORE_ACTION \
+ yytext_ptr = yy_bp; \
+ yyleng = (int)(yy_cp - yy_bp); \
+ yy_hold_char = *yy_cp; \
+ *yy_cp = '\0'; \
+ yy_c_buf_p = yy_cp;
#define YY_NUM_RULES 8
#define YY_END_OF_BUFFER 9
static yyconst short int yy_accept[16] =
- { 0,
- 0, 0, 9, 3, 6, 5, 7, 1, 2, 3,
- 6, 0, 0, 4, 0
- } ;
+ { 0,
+ 0, 0, 9, 3, 6, 5, 7, 1, 2, 3,
+ 6, 0, 0, 4, 0 };
static yyconst int yy_ec[256] =
- { 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
- 1, 1, 4, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 2, 1, 5, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 6, 1, 1, 1, 1, 1, 1, 1, 1,
-
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 7, 1, 8, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
-
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1
- } ;
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
+ 1, 1, 4, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 2, 1, 5, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 6, 1, 1, 1, 1, 1, 1, 1, 1,
+
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 7, 1, 8, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1 };
static yyconst int yy_meta[9] =
- { 0,
- 1, 2, 3, 4, 3, 1, 5, 5
- } ;
+ { 0,
+ 1, 2, 3, 4, 3, 1, 5, 5 };
static yyconst short int yy_base[19] =
- { 0,
- 0, 0, 19, 0, 0, 21, 12, 21, 21, 0,
- 0, 4, 6, 21, 21, 13, 11, 15
- } ;
+ { 0,
+ 0, 0, 19, 0, 0, 21, 12, 21, 21, 0,
+ 0, 4, 6, 21, 21, 13, 11, 15 };
static yyconst short int yy_def[19] =
- { 0,
- 15, 1, 15, 16, 17, 15, 18, 15, 15, 16,
- 17, 18, 15, 15, 0, 15, 15, 15
- } ;
+ { 0,
+ 15, 1, 15, 16, 17, 15, 18, 15, 15, 16,
+ 17, 18, 15, 15, 0, 15, 15, 15 };
static yyconst short int yy_nxt[30] =
- { 0,
- 4, 5, 6, 5, 7, 4, 8, 9, 14, 13,
- 12, 12, 11, 10, 11, 12, 12, 13, 15, 12,
- 3, 15, 15, 15, 15, 15, 15, 15, 15
- } ;
+ { 0,
+ 4, 5, 6, 5, 7, 4, 8, 9, 14, 13,
+ 12, 12, 11, 10, 11, 12, 12, 13, 15, 12,
+ 3, 15, 15, 15, 15, 15, 15, 15, 15 };
static yyconst short int yy_chk[30] =
- { 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 12, 12,
- 13, 13, 17, 16, 17, 18, 18, 7, 3, 18,
- 15, 15, 15, 15, 15, 15, 15, 15, 15
- } ;
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 12, 12,
+ 13, 13, 17, 16, 17, 18, 18, 7, 3, 18,
+ 15, 15, 15, 15, 15, 15, 15, 15, 15 };
static yy_state_type yy_last_accepting_state;
static char *yy_last_accepting_cpos;
@@ -390,12 +374,12 @@ char *yytext;
#line 5 "installparse.l"
#include <string.h>
-#include "install-ds.h" /* defines tokens and data structures */
-#include "installparse.h" /* produced by yacc -d */
+#include "install-ds.h" /* defines tokens and data structures */
+#include "installparse.h" /* produced by yacc -d */
#include <prprf.h>
-static char *putSimpleString(char*); /* return copy of string */
-static char *putComplexString(char*); /* strip out quotes, deal with */
- /* escaped characters */
+static char *putSimpleString(char *); /* return copy of string */
+static char *putComplexString(char *); /* strip out quotes, deal with */
+ /* escaped characters */
void Pk11Install_yyerror(char *);
@@ -404,28 +388,29 @@ void Pk11Install_yyerror(char *);
#define realloc PR_Realloc
#define free PR_Free
-int Pk11Install_yylinenum=1;
+int Pk11Install_yylinenum = 1;
static char *err;
#define YY_NEVER_INTERACTIVE 1
#define yyunput Pkcs11Install_yyunput
/* This is the default YY_INPUT modified for NSPR */
-#define YY_INPUT(buf,result,max_size) \
- if ( yy_current_buffer->yy_is_interactive ) { \
- char c; \
- int n; \
- for ( n = 0; n < max_size && \
- PR_Read(Pk11Install_FD, &c, 1)==1 && c != '\n'; ++n ) { \
- buf[n] = c; \
- } \
- if ( c == '\n' ) { \
- buf[n++] = c; \
- } \
- result = n; \
- } else { \
- result = PR_Read(Pk11Install_FD, buf, max_size); \
- }
+#define YY_INPUT(buf, result, max_size) \
+ if (yy_current_buffer->yy_is_interactive) { \
+ char c; \
+ int n; \
+ for (n = 0; n < max_size && \
+ PR_Read(Pk11Install_FD, &c, 1) == 1 && c != '\n'; \
+ ++n) { \
+ buf[n] = c; \
+ } \
+ if (c == '\n') { \
+ buf[n++] = c; \
+ } \
+ result = n; \
+ } else { \
+ result = PR_Read(Pk11Install_FD, buf, max_size); \
+ }
/*** Regular expression definitions ***/
/* simple_string has no whitespace, quotes, or braces */
@@ -441,29 +426,29 @@ static char *err;
#ifndef YY_SKIP_YYWRAP
#ifdef __cplusplus
-extern "C" int yywrap YY_PROTO(( void ));
+extern "C" int yywrap YY_PROTO((void));
#else
-extern int yywrap YY_PROTO(( void ));
+extern int yywrap YY_PROTO((void));
#endif
#endif
#ifndef YY_NO_UNPUT
-static void yyunput YY_PROTO(( int c, char *buf_ptr ));
+static void yyunput YY_PROTO((int c, char *buf_ptr));
#endif
#ifndef yytext_ptr
-static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int ));
+static void yy_flex_strncpy YY_PROTO((char *, yyconst char *, int));
#endif
#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen YY_PROTO(( yyconst char * ));
+static int yy_flex_strlen YY_PROTO((yyconst char *));
#endif
#ifndef YY_NO_INPUT
#ifdef __cplusplus
-static int yyinput YY_PROTO(( void ));
+static int yyinput YY_PROTO((void));
#else
-static int input YY_PROTO(( void ));
+static int input YY_PROTO((void));
#endif
#endif
@@ -472,13 +457,13 @@ static int yy_start_stack_ptr = 0;
static int yy_start_stack_depth = 0;
static int *yy_start_stack = 0;
#ifndef YY_NO_PUSH_STATE
-static void yy_push_state YY_PROTO(( int new_state ));
+static void yy_push_state YY_PROTO((int new_state));
#endif
#ifndef YY_NO_POP_STATE
-static void yy_pop_state YY_PROTO(( void ));
+static void yy_pop_state YY_PROTO((void));
#endif
#ifndef YY_NO_TOP_STATE
-static int yy_top_state YY_PROTO(( void ));
+static int yy_top_state YY_PROTO((void));
#endif
#else
@@ -513,29 +498,28 @@ YY_MALLOC_DECL
/* This used to be an fputs(), but since the string might contain NUL's,
* we now use fwrite().
*/
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
+#define ECHO (void)fwrite(yytext, yyleng, 1, yyout)
#endif
/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
* is returned in "result".
*/
#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
- if ( yy_current_buffer->yy_is_interactive ) \
- { \
- int c = '*', n; \
- for ( n = 0; n < max_size && \
- (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
- buf[n] = (char) c; \
- if ( c == '\n' ) \
- buf[n++] = (char) c; \
- if ( c == EOF && ferror( yyin ) ) \
- YY_FATAL_ERROR( "input in flex scanner failed" ); \
- result = n; \
- } \
- else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \
- && ferror( yyin ) ) \
- YY_FATAL_ERROR( "input in flex scanner failed" );
+#define YY_INPUT(buf, result, max_size) \
+ if (yy_current_buffer->yy_is_interactive) { \
+ int c = '*', n; \
+ for (n = 0; n < max_size && \
+ (c = getc(yyin)) != EOF && c != '\n'; \
+ ++n) \
+ buf[n] = (char)c; \
+ if (c == '\n') \
+ buf[n++] = (char)c; \
+ if (c == EOF && ferror(yyin)) \
+ YY_FATAL_ERROR("input in flex scanner failed"); \
+ result = n; \
+ } else if (((result = fread(buf, 1, max_size, yyin)) == 0) && \
+ ferror(yyin)) \
+ YY_FATAL_ERROR("input in flex scanner failed");
#endif
/* No semi-colon after return; correct usage is to write "yyterminate();" -
@@ -553,14 +537,14 @@ YY_MALLOC_DECL
/* Report a fatal error. */
#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+#define YY_FATAL_ERROR(msg) yy_fatal_error(msg)
#endif
/* Default declaration of generated scanner - a define so the user can
* easily add parameters.
*/
#ifndef YY_DECL
-#define YY_DECL int yylex YY_PROTO(( void ))
+#define YY_DECL int yylex YY_PROTO((void))
#endif
/* Code executed at the beginning of each rule, after yytext and yyleng
@@ -576,921 +560,883 @@ YY_MALLOC_DECL
#endif
#define YY_RULE_SETUP \
- YY_USER_ACTION
+ YY_USER_ACTION
YY_DECL
- {
- register yy_state_type yy_current_state;
- register char *yy_cp, *yy_bp;
- register int yy_act;
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp, *yy_bp;
+ register int yy_act;
#line 60 "installparse.l"
-
#line 591 "lex.Pk11Install_yy.cpp"
- if ( yy_init )
- {
- yy_init = 0;
+ if (yy_init) {
+ yy_init = 0;
#ifdef YY_USER_INIT
- YY_USER_INIT;
-#endif
-
- if ( ! yy_start )
- yy_start = 1; /* first start state */
-
- if ( ! yyin )
- yyin = stdin;
-
- if ( ! yyout )
- yyout = stdout;
-
- if ( ! yy_current_buffer )
- yy_current_buffer =
- yy_create_buffer( yyin, YY_BUF_SIZE );
-
- yy_load_buffer_state();
- }
-
- while ( 1 ) /* loops until end-of-file is reached */
- {
- yy_cp = yy_c_buf_p;
-
- /* Support of yytext. */
- *yy_cp = yy_hold_char;
-
- /* yy_bp points to the position in yy_ch_buf of the start of
- * the current run.
- */
- yy_bp = yy_cp;
-
- yy_current_state = yy_start;
-yy_match:
- do
- {
- register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 16 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- ++yy_cp;
- }
- while ( yy_base[yy_current_state] != 21 );
-
-yy_find_action:
- yy_act = yy_accept[yy_current_state];
- if ( yy_act == 0 )
- { /* have to back up */
- yy_cp = yy_last_accepting_cpos;
- yy_current_state = yy_last_accepting_state;
- yy_act = yy_accept[yy_current_state];
- }
-
- YY_DO_BEFORE_ACTION;
-
-
-do_action: /* This label is used only to access EOF actions. */
-
-
- switch ( yy_act )
- { /* beginning of action switch */
- case 0: /* must back up */
- /* undo the effects of YY_DO_BEFORE_ACTION */
- *yy_cp = yy_hold_char;
- yy_cp = yy_last_accepting_cpos;
- yy_current_state = yy_last_accepting_state;
- goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
+ YY_USER_INIT;
+#endif
+
+ if (!yy_start)
+ yy_start = 1; /* first start state */
+
+ if (!yyin)
+ yyin = stdin;
+
+ if (!yyout)
+ yyout = stdout;
+
+ if (!yy_current_buffer)
+ yy_current_buffer =
+ yy_create_buffer(yyin, YY_BUF_SIZE);
+
+ yy_load_buffer_state();
+ }
+
+ while (1) /* loops until end-of-file is reached */
+ {
+ yy_cp = yy_c_buf_p;
+
+ /* Support of yytext. */
+ *yy_cp = yy_hold_char;
+
+ /* yy_bp points to the position in yy_ch_buf of the start of
+ * the current run.
+ */
+ yy_bp = yy_cp;
+
+ yy_current_state = yy_start;
+ yy_match:
+ do {
+ register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+ if (yy_accept[yy_current_state]) {
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
+ }
+ while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+ yy_current_state = (int)yy_def[yy_current_state];
+ if (yy_current_state >= 16)
+ yy_c = yy_meta[(unsigned int)yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+ ++yy_cp;
+ } while (yy_base[yy_current_state] != 21);
+
+ yy_find_action:
+ yy_act = yy_accept[yy_current_state];
+ if (yy_act == 0) { /* have to back up */
+ yy_cp = yy_last_accepting_cpos;
+ yy_current_state = yy_last_accepting_state;
+ yy_act = yy_accept[yy_current_state];
+ }
+
+ YY_DO_BEFORE_ACTION;
+
+ do_action: /* This label is used only to access EOF actions. */
+
+ switch (yy_act) { /* beginning of action switch */
+ case 0: /* must back up */
+ /* undo the effects of YY_DO_BEFORE_ACTION */
+ *yy_cp = yy_hold_char;
+ yy_cp = yy_last_accepting_cpos;
+ yy_current_state = yy_last_accepting_state;
+ goto yy_find_action;
+
+ case 1:
+ YY_RULE_SETUP
#line 62 "installparse.l"
-return OPENBRACE;
- YY_BREAK
-case 2:
-YY_RULE_SETUP
+ return OPENBRACE;
+ YY_BREAK
+ case 2:
+ YY_RULE_SETUP
#line 63 "installparse.l"
-return CLOSEBRACE;
- YY_BREAK
-case 3:
-YY_RULE_SETUP
+ return CLOSEBRACE;
+ YY_BREAK
+ case 3:
+ YY_RULE_SETUP
#line 64 "installparse.l"
-{Pk11Install_yylval.string =
- putSimpleString(Pk11Install_yytext);
- return STRING;}
- YY_BREAK
-case 4:
-YY_RULE_SETUP
+ {
+ Pk11Install_yylval.string =
+ putSimpleString(Pk11Install_yytext);
+ return STRING;
+ }
+ YY_BREAK
+ case 4:
+ YY_RULE_SETUP
#line 67 "installparse.l"
-{Pk11Install_yylval.string =
- putComplexString(Pk11Install_yytext);
- return STRING;}
- YY_BREAK
-case 5:
-YY_RULE_SETUP
+ {
+ Pk11Install_yylval.string =
+ putComplexString(Pk11Install_yytext);
+ return STRING;
+ }
+ YY_BREAK
+ case 5:
+ YY_RULE_SETUP
#line 71 "installparse.l"
-Pk11Install_yylinenum++;
- YY_BREAK
-case 6:
-YY_RULE_SETUP
+ Pk11Install_yylinenum++;
+ YY_BREAK
+ case 6:
+ YY_RULE_SETUP
#line 73 "installparse.l"
-;
- YY_BREAK
-case 7:
-YY_RULE_SETUP
+ ;
+ YY_BREAK
+ case 7:
+ YY_RULE_SETUP
#line 75 "installparse.l"
-{err = PR_smprintf("Invalid lexeme: %s",Pk11Install_yytext);
- Pk11Install_yyerror(err);
- PR_smprintf_free(err);
- return 1;
- }
- YY_BREAK
-case 8:
-YY_RULE_SETUP
+ {
+ err =
+ PR_smprintf("Invalid lexeme: %s", Pk11Install_yytext);
+ Pk11Install_yyerror(err);
+ PR_smprintf_free(err);
+ return 1;
+ }
+ YY_BREAK
+ case 8:
+ YY_RULE_SETUP
#line 81 "installparse.l"
-ECHO;
- YY_BREAK
+ ECHO;
+ YY_BREAK
#line 722 "lex.Pk11Install_yy.cpp"
-case YY_STATE_EOF(INITIAL):
- yyterminate();
-
- case YY_END_OF_BUFFER:
- {
- /* Amount of text matched not including the EOB char. */
- int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1;
-
- /* Undo the effects of YY_DO_BEFORE_ACTION. */
- *yy_cp = yy_hold_char;
- YY_RESTORE_YY_MORE_OFFSET
-
- if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW )
- {
- /* We're scanning a new file or input source. It's
- * possible that this happened because the user
- * just pointed yyin at a new source and called
- * yylex(). If so, then we have to assure
- * consistency between yy_current_buffer and our
- * globals. Here is the right place to do so, because
- * this is the first action (other than possibly a
- * back-up) that will match for the new input source.
- */
- yy_n_chars = yy_current_buffer->yy_n_chars;
- yy_current_buffer->yy_input_file = yyin;
- yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
- }
-
- /* Note that here we test for yy_c_buf_p "<=" to the position
- * of the first EOB in the buffer, since yy_c_buf_p will
- * already have been incremented past the NUL character
- * (since all states make transitions on EOB to the
- * end-of-buffer state). Contrast this with the test
- * in input().
- */
- if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] )
- { /* This was really a NUL. */
- yy_state_type yy_next_state;
-
- yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state();
-
- /* Okay, we're now positioned to make the NUL
- * transition. We couldn't have
- * yy_get_previous_state() go ahead and do it
- * for us because it doesn't know how to deal
- * with the possibility of jamming (and we don't
- * want to build jamming into it because then it
- * will run more slowly).
- */
-
- yy_next_state = yy_try_NUL_trans( yy_current_state );
-
- yy_bp = yytext_ptr + YY_MORE_ADJ;
-
- if ( yy_next_state )
- {
- /* Consume the NUL. */
- yy_cp = ++yy_c_buf_p;
- yy_current_state = yy_next_state;
- goto yy_match;
- }
-
- else
- {
- yy_cp = yy_c_buf_p;
- goto yy_find_action;
- }
- }
-
- else switch ( yy_get_next_buffer() )
- {
- case EOB_ACT_END_OF_FILE:
- {
- yy_did_buffer_switch_on_eof = 0;
-
- if ( yywrap() )
- {
- /* Note: because we've taken care in
- * yy_get_next_buffer() to have set up
- * yytext, we can now set up
- * yy_c_buf_p so that if some total
- * hoser (like flex itself) wants to
- * call the scanner after we return the
- * YY_NULL, it'll still work - another
- * YY_NULL will get returned.
- */
- yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
-
- yy_act = YY_STATE_EOF(YY_START);
- goto do_action;
- }
-
- else
- {
- if ( ! yy_did_buffer_switch_on_eof )
- YY_NEW_FILE;
- }
- break;
- }
-
- case EOB_ACT_CONTINUE_SCAN:
- yy_c_buf_p =
- yytext_ptr + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state();
-
- yy_cp = yy_c_buf_p;
- yy_bp = yytext_ptr + YY_MORE_ADJ;
- goto yy_match;
-
- case EOB_ACT_LAST_MATCH:
- yy_c_buf_p =
- &yy_current_buffer->yy_ch_buf[yy_n_chars];
-
- yy_current_state = yy_get_previous_state();
-
- yy_cp = yy_c_buf_p;
- yy_bp = yytext_ptr + YY_MORE_ADJ;
- goto yy_find_action;
- }
- break;
- }
-
- default:
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--no action found" );
- } /* end of action switch */
- } /* end of scanning one token */
- } /* end of yylex */
-
+ case YY_STATE_EOF(INITIAL):
+ yyterminate();
+
+ case YY_END_OF_BUFFER: {
+ /* Amount of text matched not including the EOB char. */
+ int yy_amount_of_matched_text = (int)(yy_cp - yytext_ptr) - 1;
+
+ /* Undo the effects of YY_DO_BEFORE_ACTION. */
+ *yy_cp = yy_hold_char;
+ YY_RESTORE_YY_MORE_OFFSET
+
+ if (yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW) {
+ /* We're scanning a new file or input source. It's
+ * possible that this happened because the user
+ * just pointed yyin at a new source and called
+ * yylex(). If so, then we have to assure
+ * consistency between yy_current_buffer and our
+ * globals. Here is the right place to do so, because
+ * this is the first action (other than possibly a
+ * back-up) that will match for the new input source.
+ */
+ yy_n_chars = yy_current_buffer->yy_n_chars;
+ yy_current_buffer->yy_input_file = yyin;
+ yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
+ }
+
+ /* Note that here we test for yy_c_buf_p "<=" to the position
+ * of the first EOB in the buffer, since yy_c_buf_p will
+ * already have been incremented past the NUL character
+ * (since all states make transitions on EOB to the
+ * end-of-buffer state). Contrast this with the test
+ * in input().
+ */
+ if (yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars]) { /* This was really a NUL. */
+ yy_state_type yy_next_state;
+
+ yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state();
+
+ /* Okay, we're now positioned to make the NUL
+ * transition. We couldn't have
+ * yy_get_previous_state() go ahead and do it
+ * for us because it doesn't know how to deal
+ * with the possibility of jamming (and we don't
+ * want to build jamming into it because then it
+ * will run more slowly).
+ */
+
+ yy_next_state = yy_try_NUL_trans(yy_current_state);
+
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
+
+ if (yy_next_state) {
+ /* Consume the NUL. */
+ yy_cp = ++yy_c_buf_p;
+ yy_current_state = yy_next_state;
+ goto yy_match;
+ }
+
+ else {
+ yy_cp = yy_c_buf_p;
+ goto yy_find_action;
+ }
+ }
+
+ else
+ switch (yy_get_next_buffer()) {
+ case EOB_ACT_END_OF_FILE: {
+ yy_did_buffer_switch_on_eof = 0;
+
+ if (yywrap()) {
+ /* Note: because we've taken care in
+ * yy_get_next_buffer() to have set up
+ * yytext, we can now set up
+ * yy_c_buf_p so that if some total
+ * hoser (like flex itself) wants to
+ * call the scanner after we return the
+ * YY_NULL, it'll still work - another
+ * YY_NULL will get returned.
+ */
+ yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
+
+ yy_act = YY_STATE_EOF(YY_START);
+ goto do_action;
+ }
+
+ else {
+ if (!yy_did_buffer_switch_on_eof)
+ YY_NEW_FILE;
+ }
+ break;
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ yy_c_buf_p =
+ yytext_ptr + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state();
+
+ yy_cp = yy_c_buf_p;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
+ goto yy_match;
+
+ case EOB_ACT_LAST_MATCH:
+ yy_c_buf_p =
+ &yy_current_buffer->yy_ch_buf[yy_n_chars];
+
+ yy_current_state = yy_get_previous_state();
+
+ yy_cp = yy_c_buf_p;
+ yy_bp = yytext_ptr + YY_MORE_ADJ;
+ goto yy_find_action;
+ }
+ break;
+ }
+
+ default:
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--no action found");
+ } /* end of action switch */
+ } /* end of scanning one token */
+} /* end of yylex */
/* yy_get_next_buffer - try to read in a new buffer
*
* Returns a code representing an action:
- * EOB_ACT_LAST_MATCH -
- * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- * EOB_ACT_END_OF_FILE - end of file
+ * EOB_ACT_LAST_MATCH -
+ * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ * EOB_ACT_END_OF_FILE - end of file
*/
-static int yy_get_next_buffer()
- {
- register char *dest = yy_current_buffer->yy_ch_buf;
- register char *source = yytext_ptr;
- register int number_to_move, i;
- int ret_val;
-
- if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] )
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--end of buffer missed" );
-
- if ( yy_current_buffer->yy_fill_buffer == 0 )
- { /* Don't try to fill the buffer, so this is an EOF. */
- if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 )
- {
- /* We matched a single character, the EOB, so
- * treat this as a final EOF.
- */
- return EOB_ACT_END_OF_FILE;
- }
-
- else
- {
- /* We matched some text prior to the EOB, first
- * process it.
- */
- return EOB_ACT_LAST_MATCH;
- }
- }
-
- /* Try to read more data. */
-
- /* First move last chars to start of buffer. */
- number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1;
-
- for ( i = 0; i < number_to_move; ++i )
- *(dest++) = *(source++);
-
- if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING )
- /* don't do the read, it's not guaranteed to return an EOF,
- * just force an EOF
- */
- yy_current_buffer->yy_n_chars = yy_n_chars = 0;
-
- else
- {
- int num_to_read =
- yy_current_buffer->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )
- { /* Not enough room in the buffer - grow it. */
+static int
+yy_get_next_buffer()
+{
+ register char *dest = yy_current_buffer->yy_ch_buf;
+ register char *source = yytext_ptr;
+ register int number_to_move, i;
+ int ret_val;
+
+ if (yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1])
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--end of buffer missed");
+
+ if (yy_current_buffer->yy_fill_buffer == 0) { /* Don't try to fill the buffer, so this is an EOF. */
+ if (yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1) {
+ /* We matched a single character, the EOB, so
+ * treat this as a final EOF.
+ */
+ return EOB_ACT_END_OF_FILE;
+ }
+
+ else {
+ /* We matched some text prior to the EOB, first
+ * process it.
+ */
+ return EOB_ACT_LAST_MATCH;
+ }
+ }
+
+ /* Try to read more data. */
+
+ /* First move last chars to start of buffer. */
+ number_to_move = (int)(yy_c_buf_p - yytext_ptr) - 1;
+
+ for (i = 0; i < number_to_move; ++i)
+ *(dest++) = *(source++);
+
+ if (yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING)
+ /* don't do the read, it's not guaranteed to return an EOF,
+ * just force an EOF
+ */
+ yy_current_buffer->yy_n_chars = yy_n_chars = 0;
+
+ else {
+ int num_to_read =
+ yy_current_buffer->yy_buf_size - number_to_move - 1;
+
+ while (num_to_read <= 0) { /* Not enough room in the buffer - grow it. */
#ifdef YY_USES_REJECT
- YY_FATAL_ERROR(
-"input buffer overflow, can't enlarge buffer because scanner uses REJECT" );
+ YY_FATAL_ERROR(
+ "input buffer overflow, can't enlarge buffer because scanner uses REJECT");
#else
- /* just a shorter name for the current buffer */
- YY_BUFFER_STATE b = yy_current_buffer;
+ /* just a shorter name for the current buffer */
+ YY_BUFFER_STATE b = yy_current_buffer;
- int yy_c_buf_p_offset =
- (int) (yy_c_buf_p - b->yy_ch_buf);
+ int yy_c_buf_p_offset =
+ (int)(yy_c_buf_p - b->yy_ch_buf);
- if ( b->yy_is_our_buffer )
- {
- int new_size = b->yy_buf_size * 2;
+ if (b->yy_is_our_buffer) {
+ int new_size = b->yy_buf_size * 2;
- if ( new_size <= 0 )
- b->yy_buf_size += b->yy_buf_size / 8;
- else
- b->yy_buf_size *= 2;
+ if (new_size <= 0)
+ b->yy_buf_size += b->yy_buf_size / 8;
+ else
+ b->yy_buf_size *= 2;
- b->yy_ch_buf = (char *)
- /* Include room in for 2 EOB chars. */
- yy_flex_realloc( (void *) b->yy_ch_buf,
- b->yy_buf_size + 2 );
- }
- else
- /* Can't grow it, we don't own it. */
- b->yy_ch_buf = 0;
+ b->yy_ch_buf = (char *)
+ /* Include room in for 2 EOB chars. */
+ yy_flex_realloc((void *)b->yy_ch_buf,
+ b->yy_buf_size + 2);
+ } else
+ /* Can't grow it, we don't own it. */
+ b->yy_ch_buf = 0;
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR(
- "fatal error - scanner input buffer overflow" );
+ if (!b->yy_ch_buf)
+ YY_FATAL_ERROR(
+ "fatal error - scanner input buffer overflow");
- yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
+ yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
- num_to_read = yy_current_buffer->yy_buf_size -
- number_to_move - 1;
+ num_to_read = yy_current_buffer->yy_buf_size -
+ number_to_move - 1;
#endif
- }
+ }
- if ( num_to_read > YY_READ_BUF_SIZE )
- num_to_read = YY_READ_BUF_SIZE;
+ if (num_to_read > YY_READ_BUF_SIZE)
+ num_to_read = YY_READ_BUF_SIZE;
- /* Read in more data. */
- YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]),
- yy_n_chars, num_to_read );
+ /* Read in more data. */
+ YY_INPUT((&yy_current_buffer->yy_ch_buf[number_to_move]),
+ yy_n_chars, num_to_read);
- yy_current_buffer->yy_n_chars = yy_n_chars;
- }
+ yy_current_buffer->yy_n_chars = yy_n_chars;
+ }
- if ( yy_n_chars == 0 )
- {
- if ( number_to_move == YY_MORE_ADJ )
- {
- ret_val = EOB_ACT_END_OF_FILE;
- yyrestart( yyin );
- }
+ if (yy_n_chars == 0) {
+ if (number_to_move == YY_MORE_ADJ) {
+ ret_val = EOB_ACT_END_OF_FILE;
+ yyrestart(yyin);
+ }
- else
- {
- ret_val = EOB_ACT_LAST_MATCH;
- yy_current_buffer->yy_buffer_status =
- YY_BUFFER_EOF_PENDING;
- }
- }
+ else {
+ ret_val = EOB_ACT_LAST_MATCH;
+ yy_current_buffer->yy_buffer_status =
+ YY_BUFFER_EOF_PENDING;
+ }
+ }
- else
- ret_val = EOB_ACT_CONTINUE_SCAN;
+ else
+ ret_val = EOB_ACT_CONTINUE_SCAN;
- yy_n_chars += number_to_move;
- yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
- yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
+ yy_n_chars += number_to_move;
+ yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
+ yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
- yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
-
- return ret_val;
- }
+ yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
+ return ret_val;
+}
/* yy_get_previous_state - get the state just before the EOB char was reached */
-static yy_state_type yy_get_previous_state()
- {
- register yy_state_type yy_current_state;
- register char *yy_cp;
-
- yy_current_state = yy_start;
-
- for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp )
- {
- register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 16 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- }
-
- return yy_current_state;
- }
-
+static yy_state_type
+yy_get_previous_state()
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp;
+
+ yy_current_state = yy_start;
+
+ for (yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp) {
+ register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ if (yy_accept[yy_current_state]) {
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
+ }
+ while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+ yy_current_state = (int)yy_def[yy_current_state];
+ if (yy_current_state >= 16)
+ yy_c = yy_meta[(unsigned int)yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+ }
+
+ return yy_current_state;
+}
/* yy_try_NUL_trans - try to make a transition on the NUL character
*
* synopsis
- * next_state = yy_try_NUL_trans( current_state );
+ * next_state = yy_try_NUL_trans( current_state );
*/
#ifdef YY_USE_PROTOS
-static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state )
+static yy_state_type
+yy_try_NUL_trans(yy_state_type yy_current_state)
#else
-static yy_state_type yy_try_NUL_trans( yy_current_state )
-yy_state_type yy_current_state;
-#endif
- {
- register int yy_is_jam;
- register char *yy_cp = yy_c_buf_p;
-
- register YY_CHAR yy_c = 1;
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 16 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- yy_is_jam = (yy_current_state == 15);
-
- return yy_is_jam ? 0 : yy_current_state;
- }
-
+static yy_state_type yy_try_NUL_trans(yy_current_state)
+ yy_state_type yy_current_state;
+#endif
+{
+ register int yy_is_jam;
+ register char *yy_cp = yy_c_buf_p;
+
+ register YY_CHAR yy_c = 1;
+ if (yy_accept[yy_current_state]) {
+ yy_last_accepting_state = yy_current_state;
+ yy_last_accepting_cpos = yy_cp;
+ }
+ while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+ yy_current_state = (int)yy_def[yy_current_state];
+ if (yy_current_state >= 16)
+ yy_c = yy_meta[(unsigned int)yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+ yy_is_jam = (yy_current_state == 15);
+
+ return yy_is_jam ? 0 : yy_current_state;
+}
#ifndef YY_NO_UNPUT
#ifdef YY_USE_PROTOS
-static void yyunput( int c, register char *yy_bp )
+static void
+yyunput(int c, register char *yy_bp)
#else
-static void yyunput( c, yy_bp )
-int c;
+static void yyunput(c, yy_bp) int c;
register char *yy_bp;
#endif
- {
- register char *yy_cp = yy_c_buf_p;
-
- /* undo effects of setting up yytext */
- *yy_cp = yy_hold_char;
-
- if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
- { /* need to shift things up to make room */
- /* +2 for EOB chars. */
- register int number_to_move = yy_n_chars + 2;
- register char *dest = &yy_current_buffer->yy_ch_buf[
- yy_current_buffer->yy_buf_size + 2];
- register char *source =
- &yy_current_buffer->yy_ch_buf[number_to_move];
+{
+ register char *yy_cp = yy_c_buf_p;
- while ( source > yy_current_buffer->yy_ch_buf )
- *--dest = *--source;
+ /* undo effects of setting up yytext */
+ *yy_cp = yy_hold_char;
- yy_cp += (int) (dest - source);
- yy_bp += (int) (dest - source);
- yy_current_buffer->yy_n_chars =
- yy_n_chars = yy_current_buffer->yy_buf_size;
+ if (yy_cp < yy_current_buffer->yy_ch_buf + 2) { /* need to shift things up to make room */
+ /* +2 for EOB chars. */
+ register int number_to_move = yy_n_chars + 2;
+ register char *dest = &yy_current_buffer->yy_ch_buf[yy_current_buffer->yy_buf_size +
+ 2];
+ register char *source =
+ &yy_current_buffer->yy_ch_buf[number_to_move];
- if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
- YY_FATAL_ERROR( "flex scanner push-back overflow" );
- }
+ while (source > yy_current_buffer->yy_ch_buf)
+ *--dest = *--source;
- *--yy_cp = (char) c;
+ yy_cp += (int)(dest - source);
+ yy_bp += (int)(dest - source);
+ yy_current_buffer->yy_n_chars =
+ yy_n_chars = yy_current_buffer->yy_buf_size;
+ if (yy_cp < yy_current_buffer->yy_ch_buf + 2)
+ YY_FATAL_ERROR("flex scanner push-back overflow");
+ }
- yytext_ptr = yy_bp;
- yy_hold_char = *yy_cp;
- yy_c_buf_p = yy_cp;
- }
-#endif /* ifndef YY_NO_UNPUT */
+ *--yy_cp = (char)c;
+ yytext_ptr = yy_bp;
+ yy_hold_char = *yy_cp;
+ yy_c_buf_p = yy_cp;
+}
+#endif /* ifndef YY_NO_UNPUT */
#ifndef YY_NO_INPUT
#ifdef __cplusplus
-static int yyinput()
+static int
+yyinput()
#else
-static int input()
-#endif
- {
- int c;
-
- *yy_c_buf_p = yy_hold_char;
-
- if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR )
- {
- /* yy_c_buf_p now points to the character we want to return.
- * If this occurs *before* the EOB characters, then it's a
- * valid NUL; if not, then we've hit the end of the buffer.
- */
- if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] )
- /* This was really a NUL. */
- *yy_c_buf_p = '\0';
-
- else
- { /* need more input */
- int offset = yy_c_buf_p - yytext_ptr;
- ++yy_c_buf_p;
-
- switch ( yy_get_next_buffer() )
- {
- case EOB_ACT_LAST_MATCH:
- /* This happens because yy_g_n_b()
- * sees that we've accumulated a
- * token and flags that we need to
- * try matching the token before
- * proceeding. But for input(),
- * there's no matching to consider.
- * So convert the EOB_ACT_LAST_MATCH
- * to EOB_ACT_END_OF_FILE.
- */
-
- /* Reset buffer status. */
- yyrestart( yyin );
-
- /* fall through */
-
- case EOB_ACT_END_OF_FILE:
- {
- if ( yywrap() )
- return EOF;
-
- if ( ! yy_did_buffer_switch_on_eof )
- YY_NEW_FILE;
+static int
+input()
+#endif
+{
+ int c;
+
+ *yy_c_buf_p = yy_hold_char;
+
+ if (*yy_c_buf_p == YY_END_OF_BUFFER_CHAR) {
+ /* yy_c_buf_p now points to the character we want to return.
+ * If this occurs *before* the EOB characters, then it's a
+ * valid NUL; if not, then we've hit the end of the buffer.
+ */
+ if (yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars])
+ /* This was really a NUL. */
+ *yy_c_buf_p = '\0';
+
+ else { /* need more input */
+ int offset = yy_c_buf_p - yytext_ptr;
+ ++yy_c_buf_p;
+
+ switch (yy_get_next_buffer()) {
+ case EOB_ACT_LAST_MATCH:
+ /* This happens because yy_g_n_b()
+ * sees that we've accumulated a
+ * token and flags that we need to
+ * try matching the token before
+ * proceeding. But for input(),
+ * there's no matching to consider.
+ * So convert the EOB_ACT_LAST_MATCH
+ * to EOB_ACT_END_OF_FILE.
+ */
+
+ /* Reset buffer status. */
+ yyrestart(yyin);
+
+ /* fall through */
+
+ case EOB_ACT_END_OF_FILE: {
+ if (yywrap())
+ return EOF;
+
+ if (!yy_did_buffer_switch_on_eof)
+ YY_NEW_FILE;
#ifdef __cplusplus
- return yyinput();
+ return yyinput();
#else
- return input();
+ return input();
#endif
- }
+ }
- case EOB_ACT_CONTINUE_SCAN:
- yy_c_buf_p = yytext_ptr + offset;
- break;
- }
- }
- }
+ case EOB_ACT_CONTINUE_SCAN:
+ yy_c_buf_p = yytext_ptr + offset;
+ break;
+ }
+ }
+ }
- c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */
- *yy_c_buf_p = '\0'; /* preserve yytext */
- yy_hold_char = *++yy_c_buf_p;
-
-
- return c;
- }
-#endif /* ifndef YY_NO_INPUT */
+ c = *(unsigned char *)yy_c_buf_p; /* cast for 8-bit char's */
+ *yy_c_buf_p = '\0'; /* preserve yytext */
+ yy_hold_char = *++yy_c_buf_p;
+ return c;
+}
+#endif /* ifndef YY_NO_INPUT */
#ifdef YY_USE_PROTOS
-void yyrestart( FILE *input_file )
+void
+yyrestart(FILE *input_file)
#else
-void yyrestart( input_file )
-FILE *input_file;
+void yyrestart(input_file)
+ FILE *input_file;
#endif
- {
- if ( ! yy_current_buffer )
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE );
-
- yy_init_buffer( yy_current_buffer, input_file );
- yy_load_buffer_state();
- }
+{
+ if (!yy_current_buffer)
+ yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE);
+ yy_init_buffer(yy_current_buffer, input_file);
+ yy_load_buffer_state();
+}
#ifdef YY_USE_PROTOS
-void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer )
+void
+yy_switch_to_buffer(YY_BUFFER_STATE new_buffer)
#else
-void yy_switch_to_buffer( new_buffer )
-YY_BUFFER_STATE new_buffer;
+void yy_switch_to_buffer(new_buffer)
+ YY_BUFFER_STATE new_buffer;
#endif
- {
- if ( yy_current_buffer == new_buffer )
- return;
-
- if ( yy_current_buffer )
- {
- /* Flush out information for old buffer. */
- *yy_c_buf_p = yy_hold_char;
- yy_current_buffer->yy_buf_pos = yy_c_buf_p;
- yy_current_buffer->yy_n_chars = yy_n_chars;
- }
-
- yy_current_buffer = new_buffer;
- yy_load_buffer_state();
-
- /* We don't actually know whether we did this switch during
- * EOF (yywrap()) processing, but the only time this flag
- * is looked at is after yywrap() is called, so it's safe
- * to go ahead and always set it.
- */
- yy_did_buffer_switch_on_eof = 1;
- }
-
+{
+ if (yy_current_buffer == new_buffer)
+ return;
+
+ if (yy_current_buffer) {
+ /* Flush out information for old buffer. */
+ *yy_c_buf_p = yy_hold_char;
+ yy_current_buffer->yy_buf_pos = yy_c_buf_p;
+ yy_current_buffer->yy_n_chars = yy_n_chars;
+ }
+
+ yy_current_buffer = new_buffer;
+ yy_load_buffer_state();
+
+ /* We don't actually know whether we did this switch during
+ * EOF (yywrap()) processing, but the only time this flag
+ * is looked at is after yywrap() is called, so it's safe
+ * to go ahead and always set it.
+ */
+ yy_did_buffer_switch_on_eof = 1;
+}
#ifdef YY_USE_PROTOS
-void yy_load_buffer_state( void )
+void
+yy_load_buffer_state(void)
#else
-void yy_load_buffer_state()
+void
+yy_load_buffer_state()
#endif
- {
- yy_n_chars = yy_current_buffer->yy_n_chars;
- yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
- yyin = yy_current_buffer->yy_input_file;
- yy_hold_char = *yy_c_buf_p;
- }
-
+{
+ yy_n_chars = yy_current_buffer->yy_n_chars;
+ yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
+ yyin = yy_current_buffer->yy_input_file;
+ yy_hold_char = *yy_c_buf_p;
+}
#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_create_buffer( FILE *file, int size )
+YY_BUFFER_STATE
+yy_create_buffer(FILE *file, int size)
#else
-YY_BUFFER_STATE yy_create_buffer( file, size )
-FILE *file;
+YY_BUFFER_STATE yy_create_buffer(file, size)
+ FILE *file;
int size;
#endif
- {
- YY_BUFFER_STATE b;
-
- b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+{
+ YY_BUFFER_STATE b;
- b->yy_buf_size = size;
+ b = (YY_BUFFER_STATE)yy_flex_alloc(sizeof(struct yy_buffer_state));
+ if (!b)
+ YY_FATAL_ERROR("out of dynamic memory in yy_create_buffer()");
- /* yy_ch_buf has to be 2 characters longer than the size given because
- * we need to put in 2 end-of-buffer characters.
- */
- b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 );
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+ b->yy_buf_size = size;
- b->yy_is_our_buffer = 1;
+ /* yy_ch_buf has to be 2 characters longer than the size given because
+ * we need to put in 2 end-of-buffer characters.
+ */
+ b->yy_ch_buf = (char *)yy_flex_alloc(b->yy_buf_size + 2);
+ if (!b->yy_ch_buf)
+ YY_FATAL_ERROR("out of dynamic memory in yy_create_buffer()");
- yy_init_buffer( b, file );
+ b->yy_is_our_buffer = 1;
- return b;
- }
+ yy_init_buffer(b, file);
+ return b;
+}
#ifdef YY_USE_PROTOS
-void yy_delete_buffer( YY_BUFFER_STATE b )
+void
+yy_delete_buffer(YY_BUFFER_STATE b)
#else
-void yy_delete_buffer( b )
-YY_BUFFER_STATE b;
+void yy_delete_buffer(b)
+ YY_BUFFER_STATE b;
#endif
- {
- if ( ! b )
- return;
-
- if ( b == yy_current_buffer )
- yy_current_buffer = (YY_BUFFER_STATE) 0;
+{
+ if (!b)
+ return;
- if ( b->yy_is_our_buffer )
- yy_flex_free( (void *) b->yy_ch_buf );
+ if (b == yy_current_buffer)
+ yy_current_buffer = (YY_BUFFER_STATE)0;
- yy_flex_free( (void *) b );
- }
+ if (b->yy_is_our_buffer)
+ yy_flex_free((void *)b->yy_ch_buf);
+ yy_flex_free((void *)b);
+}
#ifndef YY_ALWAYS_INTERACTIVE
#ifndef YY_NEVER_INTERACTIVE
-extern int isatty YY_PROTO(( int ));
+extern int isatty YY_PROTO((int));
#endif
#endif
#ifdef YY_USE_PROTOS
-void yy_init_buffer( YY_BUFFER_STATE b, FILE *file )
+void
+yy_init_buffer(YY_BUFFER_STATE b, FILE *file)
#else
-void yy_init_buffer( b, file )
-YY_BUFFER_STATE b;
+void yy_init_buffer(b, file)
+ YY_BUFFER_STATE b;
FILE *file;
#endif
+{
+ yy_flush_buffer(b);
- {
- yy_flush_buffer( b );
-
- b->yy_input_file = file;
- b->yy_fill_buffer = 1;
+ b->yy_input_file = file;
+ b->yy_fill_buffer = 1;
#if YY_ALWAYS_INTERACTIVE
- b->yy_is_interactive = 1;
+ b->yy_is_interactive = 1;
#else
#if YY_NEVER_INTERACTIVE
- b->yy_is_interactive = 0;
+ b->yy_is_interactive = 0;
#else
- b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
+ b->yy_is_interactive = file ? (isatty(fileno(file)) > 0) : 0;
#endif
#endif
- }
-
+}
#ifdef YY_USE_PROTOS
-void yy_flush_buffer( YY_BUFFER_STATE b )
+void
+yy_flush_buffer(YY_BUFFER_STATE b)
#else
-void yy_flush_buffer( b )
-YY_BUFFER_STATE b;
+void yy_flush_buffer(b)
+ YY_BUFFER_STATE b;
#endif
- {
- if ( ! b )
- return;
-
- b->yy_n_chars = 0;
+{
+ if (!b)
+ return;
- /* We always need two end-of-buffer characters. The first causes
- * a transition to the end-of-buffer state. The second causes
- * a jam in that state.
- */
- b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
- b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+ b->yy_n_chars = 0;
- b->yy_buf_pos = &b->yy_ch_buf[0];
+ /* We always need two end-of-buffer characters. The first causes
+ * a transition to the end-of-buffer state. The second causes
+ * a jam in that state.
+ */
+ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+ b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
- b->yy_at_bol = 1;
- b->yy_buffer_status = YY_BUFFER_NEW;
+ b->yy_buf_pos = &b->yy_ch_buf[0];
- if ( b == yy_current_buffer )
- yy_load_buffer_state();
- }
+ b->yy_at_bol = 1;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+ if (b == yy_current_buffer)
+ yy_load_buffer_state();
+}
#ifndef YY_NO_SCAN_BUFFER
#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size )
+YY_BUFFER_STATE
+yy_scan_buffer(char *base, yy_size_t size)
#else
-YY_BUFFER_STATE yy_scan_buffer( base, size )
-char *base;
+YY_BUFFER_STATE yy_scan_buffer(base, size) char *base;
yy_size_t size;
#endif
- {
- YY_BUFFER_STATE b;
-
- if ( size < 2 ||
- base[size-2] != YY_END_OF_BUFFER_CHAR ||
- base[size-1] != YY_END_OF_BUFFER_CHAR )
- /* They forgot to leave room for the EOB's. */
- return 0;
-
- b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
- b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
- b->yy_buf_pos = b->yy_ch_buf = base;
- b->yy_is_our_buffer = 0;
- b->yy_input_file = 0;
- b->yy_n_chars = b->yy_buf_size;
- b->yy_is_interactive = 0;
- b->yy_at_bol = 1;
- b->yy_fill_buffer = 0;
- b->yy_buffer_status = YY_BUFFER_NEW;
-
- yy_switch_to_buffer( b );
-
- return b;
- }
+{
+ YY_BUFFER_STATE b;
+
+ if (size < 2 ||
+ base[size - 2] != YY_END_OF_BUFFER_CHAR ||
+ base[size - 1] != YY_END_OF_BUFFER_CHAR)
+ /* They forgot to leave room for the EOB's. */
+ return 0;
+
+ b = (YY_BUFFER_STATE)yy_flex_alloc(sizeof(struct yy_buffer_state));
+ if (!b)
+ YY_FATAL_ERROR("out of dynamic memory in yy_scan_buffer()");
+
+ b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
+ b->yy_buf_pos = b->yy_ch_buf = base;
+ b->yy_is_our_buffer = 0;
+ b->yy_input_file = 0;
+ b->yy_n_chars = b->yy_buf_size;
+ b->yy_is_interactive = 0;
+ b->yy_at_bol = 1;
+ b->yy_fill_buffer = 0;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ yy_switch_to_buffer(b);
+
+ return b;
+}
#endif
-
#ifndef YY_NO_SCAN_STRING
#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str )
+YY_BUFFER_STATE
+yy_scan_string(yyconst char *yy_str)
#else
-YY_BUFFER_STATE yy_scan_string( yy_str )
-yyconst char *yy_str;
+YY_BUFFER_STATE yy_scan_string(yy_str)
+ yyconst char *yy_str;
#endif
- {
- int len;
- for ( len = 0; yy_str[len]; ++len )
- ;
+{
+ int len;
+ for (len = 0; yy_str[len]; ++len)
+ ;
- return yy_scan_bytes( yy_str, len );
- }
+ return yy_scan_bytes(yy_str, len);
+}
#endif
-
#ifndef YY_NO_SCAN_BYTES
#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len )
+YY_BUFFER_STATE
+yy_scan_bytes(yyconst char *bytes, int len)
#else
-YY_BUFFER_STATE yy_scan_bytes( bytes, len )
-yyconst char *bytes;
+YY_BUFFER_STATE yy_scan_bytes(bytes, len)
+ yyconst char *bytes;
int len;
#endif
- {
- YY_BUFFER_STATE b;
- char *buf;
- yy_size_t n;
- int i;
+{
+ YY_BUFFER_STATE b;
+ char *buf;
+ yy_size_t n;
+ int i;
- /* Get memory for full buffer, including space for trailing EOB's. */
- n = len + 2;
- buf = (char *) yy_flex_alloc( n );
- if ( ! buf )
- YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+ /* Get memory for full buffer, including space for trailing EOB's. */
+ n = len + 2;
+ buf = (char *)yy_flex_alloc(n);
+ if (!buf)
+ YY_FATAL_ERROR("out of dynamic memory in yy_scan_bytes()");
- for ( i = 0; i < len; ++i )
- buf[i] = bytes[i];
+ for (i = 0; i < len; ++i)
+ buf[i] = bytes[i];
- buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
+ buf[len] = buf[len + 1] = YY_END_OF_BUFFER_CHAR;
- b = yy_scan_buffer( buf, n );
- if ( ! b )
- YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+ b = yy_scan_buffer(buf, n);
+ if (!b)
+ YY_FATAL_ERROR("bad buffer in yy_scan_bytes()");
- /* It's okay to grow etc. this buffer, and we should throw it
- * away when we're done.
- */
- b->yy_is_our_buffer = 1;
+ /* It's okay to grow etc. this buffer, and we should throw it
+ * away when we're done.
+ */
+ b->yy_is_our_buffer = 1;
- return b;
- }
+ return b;
+}
#endif
-
#ifndef YY_NO_PUSH_STATE
#ifdef YY_USE_PROTOS
-static void yy_push_state( int new_state )
+static void
+yy_push_state(int new_state)
#else
-static void yy_push_state( new_state )
-int new_state;
+static void yy_push_state(new_state) int new_state;
#endif
- {
- if ( yy_start_stack_ptr >= yy_start_stack_depth )
- {
- yy_size_t new_size;
+{
+ if (yy_start_stack_ptr >= yy_start_stack_depth) {
+ yy_size_t new_size;
- yy_start_stack_depth += YY_START_STACK_INCR;
- new_size = yy_start_stack_depth * sizeof( int );
+ yy_start_stack_depth += YY_START_STACK_INCR;
+ new_size = yy_start_stack_depth * sizeof(int);
- if ( ! yy_start_stack )
- yy_start_stack = (int *) yy_flex_alloc( new_size );
+ if (!yy_start_stack)
+ yy_start_stack = (int *)yy_flex_alloc(new_size);
- else
- yy_start_stack = (int *) yy_flex_realloc(
- (void *) yy_start_stack, new_size );
+ else
+ yy_start_stack = (int *)yy_flex_realloc(
+ (void *)yy_start_stack, new_size);
- if ( ! yy_start_stack )
- YY_FATAL_ERROR(
- "out of memory expanding start-condition stack" );
- }
+ if (!yy_start_stack)
+ YY_FATAL_ERROR(
+ "out of memory expanding start-condition stack");
+ }
- yy_start_stack[yy_start_stack_ptr++] = YY_START;
+ yy_start_stack[yy_start_stack_ptr++] = YY_START;
- BEGIN(new_state);
- }
+ BEGIN(new_state);
+}
#endif
-
#ifndef YY_NO_POP_STATE
-static void yy_pop_state()
- {
- if ( --yy_start_stack_ptr < 0 )
- YY_FATAL_ERROR( "start-condition stack underflow" );
+static void
+yy_pop_state()
+{
+ if (--yy_start_stack_ptr < 0)
+ YY_FATAL_ERROR("start-condition stack underflow");
- BEGIN(yy_start_stack[yy_start_stack_ptr]);
- }
+ BEGIN(yy_start_stack[yy_start_stack_ptr]);
+}
#endif
-
#ifndef YY_NO_TOP_STATE
-static int yy_top_state()
- {
- return yy_start_stack[yy_start_stack_ptr - 1];
- }
+static int
+yy_top_state()
+{
+ return yy_start_stack[yy_start_stack_ptr - 1];
+}
#endif
#ifndef YY_EXIT_FAILURE
@@ -1498,163 +1444,164 @@ static int yy_top_state()
#endif
#ifdef YY_USE_PROTOS
-static void yy_fatal_error( yyconst char msg[] )
+static void
+yy_fatal_error(yyconst char msg[])
#else
-static void yy_fatal_error( msg )
-char msg[];
+static void yy_fatal_error(msg) char msg[];
#endif
- {
- (void) fprintf( stderr, "%s\n", msg );
- exit( YY_EXIT_FAILURE );
- }
-
-
+{
+ (void)fprintf(stderr, "%s\n", msg);
+ exit(YY_EXIT_FAILURE);
+}
/* Redefine yyless() so it works in section 3 code. */
#undef yyless
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- yytext[yyleng] = yy_hold_char; \
- yy_c_buf_p = yytext + n; \
- yy_hold_char = *yy_c_buf_p; \
- *yy_c_buf_p = '\0'; \
- yyleng = n; \
- } \
- while ( 0 )
-
+#define yyless(n) \
+ do { \
+ /* Undo effects of setting up yytext. */ \
+ yytext[yyleng] = yy_hold_char; \
+ yy_c_buf_p = yytext + n; \
+ yy_hold_char = *yy_c_buf_p; \
+ *yy_c_buf_p = '\0'; \
+ yyleng = n; \
+ } while (0)
/* Internal utility routines. */
#ifndef yytext_ptr
#ifdef YY_USE_PROTOS
-static void yy_flex_strncpy( char *s1, yyconst char *s2, int n )
+static void
+yy_flex_strncpy(char *s1, yyconst char *s2, int n)
#else
-static void yy_flex_strncpy( s1, s2, n )
-char *s1;
+static void yy_flex_strncpy(s1, s2, n) char *s1;
yyconst char *s2;
int n;
#endif
- {
- register int i;
- for ( i = 0; i < n; ++i )
- s1[i] = s2[i];
- }
+{
+ register int i;
+ for (i = 0; i < n; ++i)
+ s1[i] = s2[i];
+}
#endif
#ifdef YY_NEED_STRLEN
#ifdef YY_USE_PROTOS
-static int yy_flex_strlen( yyconst char *s )
+static int
+yy_flex_strlen(yyconst char *s)
#else
-static int yy_flex_strlen( s )
-yyconst char *s;
+static int yy_flex_strlen(s)
+ yyconst char *s;
#endif
- {
- register int n;
- for ( n = 0; s[n]; ++n )
- ;
+{
+ register int n;
+ for (n = 0; s[n]; ++n)
+ ;
- return n;
- }
+ return n;
+}
#endif
-
#ifdef YY_USE_PROTOS
-static void *yy_flex_alloc( yy_size_t size )
+static void *
+yy_flex_alloc(yy_size_t size)
#else
-static void *yy_flex_alloc( size )
-yy_size_t size;
+static void *yy_flex_alloc(size)
+ yy_size_t size;
#endif
- {
- return (void *) malloc( size );
- }
+{
+ return (void *)malloc(size);
+}
#ifdef YY_USE_PROTOS
-static void *yy_flex_realloc( void *ptr, yy_size_t size )
+static void *
+yy_flex_realloc(void *ptr, yy_size_t size)
#else
-static void *yy_flex_realloc( ptr, size )
-void *ptr;
+static void *yy_flex_realloc(ptr, size) void *ptr;
yy_size_t size;
#endif
- {
- /* The cast to (char *) in the following accommodates both
- * implementations that use char* generic pointers, and those
- * that use void* generic pointers. It works with the latter
- * because both ANSI C and C++ allow castless assignment from
- * any pointer type to void*, and deal with argument conversions
- * as though doing an assignment.
- */
- return (void *) realloc( (char *) ptr, size );
- }
+{
+ /* The cast to (char *) in the following accommodates both
+ * implementations that use char* generic pointers, and those
+ * that use void* generic pointers. It works with the latter
+ * because both ANSI C and C++ allow castless assignment from
+ * any pointer type to void*, and deal with argument conversions
+ * as though doing an assignment.
+ */
+ return (void *)realloc((char *)ptr, size);
+}
#ifdef YY_USE_PROTOS
-static void yy_flex_free( void *ptr )
+static void
+yy_flex_free(void *ptr)
#else
-static void yy_flex_free( ptr )
-void *ptr;
+static void yy_flex_free(ptr) void *ptr;
#endif
- {
- free( ptr );
- }
+{
+ free(ptr);
+}
#if YY_MAIN
-int main()
- {
- yylex();
- return 0;
- }
+int
+main()
+{
+ yylex();
+ return 0;
+}
#endif
#line 81 "installparse.l"
/*------------------------ Program Section ----------------------------*/
-PRFileDesc *Pk11Install_FD=NULL;
+PRFileDesc *Pk11Install_FD = NULL;
/*************************************************************************/
/* dummy function required by lex */
-int Pk11Install_yywrap(void) { return 1;}
+int
+Pk11Install_yywrap(void)
+{
+ return 1;
+}
/*************************************************************************/
/* Return a copy of the given string */
-static char*
+static char *
putSimpleString(char *str)
{
- char *tmp = (char*) PR_Malloc(strlen(str)+1);
- strcpy(tmp, str);
- return tmp;
+ char *tmp = (char *)PR_Malloc(strlen(str) + 1);
+ strcpy(tmp, str);
+ return tmp;
}
/*************************************************************************/
/* Strip out quotes, replace escaped characters with what they stand for.
This function assumes that what is passed in is actually a complex
string, so error checking is lax. */
-static char*
+static char *
putComplexString(char *str)
{
- int size, i,j;
- char *tmp;
-
- if(!str) {
- return NULL;
- }
- size = strlen(str);
-
- /* Allocate the new space. This string will actually be too big,
- since quotes and backslashes will be stripped out. But that's ok. */
- tmp = (char*) PR_Malloc(size+1);
-
- /* Copy it over */
- for(i=0, j=0; i < size; i++) {
- if(str[i]=='\"') {
- continue; /* skip un-escaped quotes */
- } else if(str[i]=='\\') {
- ++i; /* escaped character. skip the backslash */
- }
- tmp[j++] = str[i];
- }
- tmp[j] = '\0';
-
- return tmp;
+ int size, i, j;
+ char *tmp;
+
+ if (!str) {
+ return NULL;
+ }
+ size = strlen(str);
+
+ /* Allocate the new space. This string will actually be too big,
+ since quotes and backslashes will be stripped out. But that's ok. */
+ tmp = (char *)PR_Malloc(size + 1);
+
+ /* Copy it over */
+ for (i = 0, j = 0; i < size; i++) {
+ if (str[i] == '\"') {
+ continue; /* skip un-escaped quotes */
+ } else if (str[i] == '\\') {
+ ++i; /* escaped character. skip the backslash */
+ }
+ tmp[j++] = str[i];
+ }
+ tmp[j] = '\0';
+
+ return tmp;
}
diff --git a/cmd/modutil/modutil.c b/cmd/modutil/modutil.c
index 64212024f..02972f7b4 100644
--- a/cmd/modutil/modutil.c
+++ b/cmd/modutil/modutil.c
@@ -2,8 +2,8 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* To edit this file, set TABSTOPS to 4 spaces.
- * This is not the normal NSS convention.
+/* To edit this file, set TABSTOPS to 4 spaces.
+ * This is not the normal NSS convention.
*/
#include "modutil.h"
@@ -12,140 +12,138 @@
#include "certdb.h" /* for CERT_DB_FILE_VERSION */
#include "nss.h"
-static void install_error(char *message);
-static char* PR_fgets(char *buf, int size, PRFileDesc *file);
-static char *progName;
-
+static void install_error(char* message);
+static char* PR_fgets(char* buf, int size, PRFileDesc* file);
+static char* progName;
/* This enum must be kept in sync with the commandNames list */
typedef enum {
- NO_COMMAND,
- ADD_COMMAND,
- CHANGEPW_COMMAND,
- CREATE_COMMAND,
- DEFAULT_COMMAND,
- DELETE_COMMAND,
- DISABLE_COMMAND,
- ENABLE_COMMAND,
- FIPS_COMMAND,
- JAR_COMMAND,
- LIST_COMMAND,
- RAW_LIST_COMMAND,
- RAW_ADD_COMMAND,
- CHKFIPS_COMMAND,
- UNDEFAULT_COMMAND
+ NO_COMMAND,
+ ADD_COMMAND,
+ CHANGEPW_COMMAND,
+ CREATE_COMMAND,
+ DEFAULT_COMMAND,
+ DELETE_COMMAND,
+ DISABLE_COMMAND,
+ ENABLE_COMMAND,
+ FIPS_COMMAND,
+ JAR_COMMAND,
+ LIST_COMMAND,
+ RAW_LIST_COMMAND,
+ RAW_ADD_COMMAND,
+ CHKFIPS_COMMAND,
+ UNDEFAULT_COMMAND
} Command;
/* This list must be kept in sync with the Command enum */
-static char *commandNames[] = {
- "(no command)",
- "-add",
- "-changepw",
- "-create",
- "-default",
- "-delete",
- "-disable",
- "-enable",
- "-fips",
- "-jar",
- "-list",
- "-rawlist",
- "-rawadd",
- "-chkfips",
- "-undefault"
+static char* commandNames[] = {
+ "(no command)",
+ "-add",
+ "-changepw",
+ "-create",
+ "-default",
+ "-delete",
+ "-disable",
+ "-enable",
+ "-fips",
+ "-jar",
+ "-list",
+ "-rawlist",
+ "-rawadd",
+ "-chkfips",
+ "-undefault"
};
-
/* this enum must be kept in sync with the optionStrings list */
typedef enum {
- ADD_ARG=0,
- RAW_ADD_ARG,
- CHANGEPW_ARG,
- CIPHERS_ARG,
- CREATE_ARG,
- DBDIR_ARG,
- DBPREFIX_ARG,
- DEFAULT_ARG,
- DELETE_ARG,
- DISABLE_ARG,
- ENABLE_ARG,
- FIPS_ARG,
- FORCE_ARG,
- JAR_ARG,
- LIBFILE_ARG,
- LIST_ARG,
- RAW_LIST_ARG,
- MECHANISMS_ARG,
- NEWPWFILE_ARG,
- PWFILE_ARG,
- SLOT_ARG,
- UNDEFAULT_ARG,
- INSTALLDIR_ARG,
- TEMPDIR_ARG,
- SECMOD_ARG,
- NOCERTDB_ARG,
- STRING_ARG,
- CHKFIPS_ARG,
-
- NUM_ARGS /* must be last */
+ ADD_ARG = 0,
+ RAW_ADD_ARG,
+ CHANGEPW_ARG,
+ CIPHERS_ARG,
+ CREATE_ARG,
+ DBDIR_ARG,
+ DBPREFIX_ARG,
+ DEFAULT_ARG,
+ DELETE_ARG,
+ DISABLE_ARG,
+ ENABLE_ARG,
+ FIPS_ARG,
+ FORCE_ARG,
+ JAR_ARG,
+ LIBFILE_ARG,
+ LIST_ARG,
+ RAW_LIST_ARG,
+ MECHANISMS_ARG,
+ NEWPWFILE_ARG,
+ PWFILE_ARG,
+ SLOT_ARG,
+ UNDEFAULT_ARG,
+ INSTALLDIR_ARG,
+ TEMPDIR_ARG,
+ SECMOD_ARG,
+ NOCERTDB_ARG,
+ STRING_ARG,
+ CHKFIPS_ARG,
+
+ NUM_ARGS /* must be last */
} Arg;
/* This list must be kept in sync with the Arg enum */
-static char *optionStrings[] = {
- "-add",
- "-rawadd",
- "-changepw",
- "-ciphers",
- "-create",
- "-dbdir",
- "-dbprefix",
- "-default",
- "-delete",
- "-disable",
- "-enable",
- "-fips",
- "-force",
- "-jar",
- "-libfile",
- "-list",
- "-rawlist",
- "-mechanisms",
- "-newpwfile",
- "-pwfile",
- "-slot",
- "-undefault",
- "-installdir",
- "-tempdir",
- "-secmod",
- "-nocertdb",
- "-string",
- "-chkfips",
+static char* optionStrings[] = {
+ "-add",
+ "-rawadd",
+ "-changepw",
+ "-ciphers",
+ "-create",
+ "-dbdir",
+ "-dbprefix",
+ "-default",
+ "-delete",
+ "-disable",
+ "-enable",
+ "-fips",
+ "-force",
+ "-jar",
+ "-libfile",
+ "-list",
+ "-rawlist",
+ "-mechanisms",
+ "-newpwfile",
+ "-pwfile",
+ "-slot",
+ "-undefault",
+ "-installdir",
+ "-tempdir",
+ "-secmod",
+ "-nocertdb",
+ "-string",
+ "-chkfips",
};
-char *msgStrings[] = {
- "FIPS mode enabled.\n",
- "FIPS mode disabled.\n",
- "Using database directory %s...\n",
- "Creating \"%s\"...",
- "Module \"%s\" added to database.\n",
- "Module \"%s\" deleted from database.\n",
- "Token \"%s\" password changed successfully.\n",
- "Incorrect password, try again...\n",
- "Passwords do not match, try again...\n",
- "done.\n",
- "Slot \"%s\" %s.\n",
- "Successfully changed defaults.\n",
- "Successfully changed defaults.\n",
-"\nWARNING: Performing this operation while the browser is running could cause"
-"\ncorruption of your security databases. If the browser is currently running,"
-"\nyou should exit browser before continuing this operation. Type "
-"\n'q <enter>' to abort, or <enter> to continue: ",
- "\nAborting...\n"
+char* msgStrings[] = {
+ "FIPS mode enabled.\n",
+ "FIPS mode disabled.\n",
+ "Using database directory %s...\n",
+ "Creating \"%s\"...",
+ "Module \"%s\" added to database.\n",
+ "Module \"%s\" deleted from database.\n",
+ "Token \"%s\" password changed successfully.\n",
+ "Incorrect password, try again...\n",
+ "Passwords do not match, try again...\n",
+ "done.\n",
+ "Slot \"%s\" %s.\n",
+ "Successfully changed defaults.\n",
+ "Successfully changed defaults.\n",
+ "\nWARNING: Performing this operation while the browser is running could cause"
+ "\ncorruption of your security databases. If the browser is currently running,"
+ "\nyou should exit browser before continuing this operation. Type "
+ "\n'q <enter>' to abort, or <enter> to continue: ",
+ "\nAborting...\n"
};
/* Increment i if doing so would have i still be less than j. If you
are able to do this, return 0. Otherwise return 1. */
-#define TRY_INC(i,j) ( ((i+1)<j) ? (++i, 0) : 1 )
+#define TRY_INC(i, j) (((i + 1) < j) ? (++i, 0) : 1)
/********************************************************************
*
@@ -177,327 +175,327 @@ static PRBool nocertdb = PR_FALSE;
* p a r s e _ a r g s
*/
static Error
-parse_args(int argc, char *argv[])
+parse_args(int argc, char* argv[])
{
- int i;
- char *arg;
- int optionType;
-
- /* Loop over all arguments */
- for(i=1; i < argc; i++) {
- arg = argv[i];
-
- /* Make sure this is an option and not some floating argument */
- if(arg[0] != '-') {
- PR_fprintf(PR_STDERR, errStrings[UNEXPECTED_ARG_ERR], argv[i]);
- return UNEXPECTED_ARG_ERR;
- }
-
- /* Find which option this is */
- for(optionType=0; optionType < NUM_ARGS; optionType++) {
- if(! strcmp(arg, optionStrings[optionType])) {
- break;
- }
- }
-
- /* Deal with this specific option */
- switch(optionType) {
- case NUM_ARGS:
- default:
- PR_fprintf(PR_STDERR, errStrings[UNKNOWN_OPTION_ERR], arg);
- return UNKNOWN_OPTION_ERR;
- break;
- case ADD_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = ADD_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- moduleName = argv[i];
- break;
- case CHANGEPW_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = CHANGEPW_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- tokenName = argv[i];
- break;
- case CIPHERS_ARG:
- if(ciphers != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- ciphers = argv[i];
- break;
- case CREATE_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = CREATE_COMMAND;
- break;
- case DBDIR_ARG:
- if(dbdir != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- dbdir = argv[i];
- break;
- case DBPREFIX_ARG:
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- dbprefix = argv[i];
- break;
- case UNDEFAULT_ARG:
- case DEFAULT_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- if(optionType == DEFAULT_ARG) {
- command = DEFAULT_COMMAND;
- } else {
- command = UNDEFAULT_COMMAND;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- moduleName = argv[i];
- break;
- case DELETE_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = DELETE_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- moduleName = argv[i];
- break;
- case DISABLE_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = DISABLE_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- moduleName = argv[i];
- break;
- case ENABLE_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = ENABLE_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- moduleName = argv[i];
- break;
- case FIPS_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = FIPS_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- fipsArg = argv[i];
- break;
- case CHKFIPS_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = CHKFIPS_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- fipsArg = argv[i];
- break;
- case FORCE_ARG:
- force = 1;
- break;
- case NOCERTDB_ARG:
- nocertdb = PR_TRUE;
- break;
- case INSTALLDIR_ARG:
- if(installDir != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- installDir = argv[i];
- break;
- case TEMPDIR_ARG:
- if(tempDir != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- tempDir = argv[i];
- break;
- case JAR_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = JAR_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- jarFile = argv[i];
- break;
- case LIBFILE_ARG:
- if(libFile != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- libFile = argv[i];
- break;
- case LIST_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = LIST_COMMAND;
- /* This option may or may not have an argument */
- if( (i+1 < argc) && (argv[i+1][0] != '-') ) {
- moduleName = argv[++i];
- }
- break;
- case RAW_LIST_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = RAW_LIST_COMMAND;
- /* This option may or may not have an argument */
- if( (i+1 < argc) && (argv[i+1][0] != '-') ) {
- moduleName = argv[++i];
- }
- break;
- case RAW_ADD_ARG:
- if(command != NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
- return MULTIPLE_COMMAND_ERR;
- }
- command = RAW_ADD_COMMAND;
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- moduleSpec = argv[i];
- break;
- case MECHANISMS_ARG:
- if(mechanisms != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- mechanisms = argv[i];
- break;
- case NEWPWFILE_ARG:
- if(newpwFile != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- newpwFile = argv[i];
- break;
- case PWFILE_ARG:
- if(pwFile != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- pwFile = argv[i];
- break;
- case SLOT_ARG:
- if(slotName != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- slotName = argv[i];
- break;
- case SECMOD_ARG:
- if(secmodName != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- secmodName = argv[i];
- break;
- case STRING_ARG:
- if(secmodString != NULL) {
- PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
- return DUPLICATE_OPTION_ERR;
- }
- if(TRY_INC(i, argc)) {
- PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
- return OPTION_NEEDS_ARG_ERR;
- }
- secmodString = argv[i];
- break;
- }
- }
- return SUCCESS;
+ int i;
+ char* arg;
+ int optionType;
+
+ /* Loop over all arguments */
+ for (i = 1; i < argc; i++) {
+ arg = argv[i];
+
+ /* Make sure this is an option and not some floating argument */
+ if (arg[0] != '-') {
+ PR_fprintf(PR_STDERR, errStrings[UNEXPECTED_ARG_ERR], argv[i]);
+ return UNEXPECTED_ARG_ERR;
+ }
+
+ /* Find which option this is */
+ for (optionType = 0; optionType < NUM_ARGS; optionType++) {
+ if (!strcmp(arg, optionStrings[optionType])) {
+ break;
+ }
+ }
+
+ /* Deal with this specific option */
+ switch (optionType) {
+ case NUM_ARGS:
+ default:
+ PR_fprintf(PR_STDERR, errStrings[UNKNOWN_OPTION_ERR], arg);
+ return UNKNOWN_OPTION_ERR;
+ break;
+ case ADD_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = ADD_COMMAND;
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ moduleName = argv[i];
+ break;
+ case CHANGEPW_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = CHANGEPW_COMMAND;
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ tokenName = argv[i];
+ break;
+ case CIPHERS_ARG:
+ if (ciphers != NULL) {
+ PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+ return DUPLICATE_OPTION_ERR;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ ciphers = argv[i];
+ break;
+ case CREATE_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = CREATE_COMMAND;
+ break;
+ case DBDIR_ARG:
+ if (dbdir != NULL) {
+ PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+ return DUPLICATE_OPTION_ERR;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ dbdir = argv[i];
+ break;
+ case DBPREFIX_ARG:
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ dbprefix = argv[i];
+ break;
+ case UNDEFAULT_ARG:
+ case DEFAULT_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ if (optionType == DEFAULT_ARG) {
+ command = DEFAULT_COMMAND;
+ } else {
+ command = UNDEFAULT_COMMAND;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ moduleName = argv[i];
+ break;
+ case DELETE_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = DELETE_COMMAND;
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ moduleName = argv[i];
+ break;
+ case DISABLE_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = DISABLE_COMMAND;
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ moduleName = argv[i];
+ break;
+ case ENABLE_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = ENABLE_COMMAND;
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ moduleName = argv[i];
+ break;
+ case FIPS_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = FIPS_COMMAND;
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ fipsArg = argv[i];
+ break;
+ case CHKFIPS_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = CHKFIPS_COMMAND;
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ fipsArg = argv[i];
+ break;
+ case FORCE_ARG:
+ force = 1;
+ break;
+ case NOCERTDB_ARG:
+ nocertdb = PR_TRUE;
+ break;
+ case INSTALLDIR_ARG:
+ if (installDir != NULL) {
+ PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+ return DUPLICATE_OPTION_ERR;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ installDir = argv[i];
+ break;
+ case TEMPDIR_ARG:
+ if (tempDir != NULL) {
+ PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+ return DUPLICATE_OPTION_ERR;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ tempDir = argv[i];
+ break;
+ case JAR_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = JAR_COMMAND;
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ jarFile = argv[i];
+ break;
+ case LIBFILE_ARG:
+ if (libFile != NULL) {
+ PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+ return DUPLICATE_OPTION_ERR;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ libFile = argv[i];
+ break;
+ case LIST_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = LIST_COMMAND;
+ /* This option may or may not have an argument */
+ if ((i + 1 < argc) && (argv[i + 1][0] != '-')) {
+ moduleName = argv[++i];
+ }
+ break;
+ case RAW_LIST_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = RAW_LIST_COMMAND;
+ /* This option may or may not have an argument */
+ if ((i + 1 < argc) && (argv[i + 1][0] != '-')) {
+ moduleName = argv[++i];
+ }
+ break;
+ case RAW_ADD_ARG:
+ if (command != NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+ return MULTIPLE_COMMAND_ERR;
+ }
+ command = RAW_ADD_COMMAND;
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ moduleSpec = argv[i];
+ break;
+ case MECHANISMS_ARG:
+ if (mechanisms != NULL) {
+ PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+ return DUPLICATE_OPTION_ERR;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ mechanisms = argv[i];
+ break;
+ case NEWPWFILE_ARG:
+ if (newpwFile != NULL) {
+ PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+ return DUPLICATE_OPTION_ERR;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ newpwFile = argv[i];
+ break;
+ case PWFILE_ARG:
+ if (pwFile != NULL) {
+ PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+ return DUPLICATE_OPTION_ERR;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ pwFile = argv[i];
+ break;
+ case SLOT_ARG:
+ if (slotName != NULL) {
+ PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+ return DUPLICATE_OPTION_ERR;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ slotName = argv[i];
+ break;
+ case SECMOD_ARG:
+ if (secmodName != NULL) {
+ PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+ return DUPLICATE_OPTION_ERR;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ secmodName = argv[i];
+ break;
+ case STRING_ARG:
+ if (secmodString != NULL) {
+ PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+ return DUPLICATE_OPTION_ERR;
+ }
+ if (TRY_INC(i, argc)) {
+ PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+ return OPTION_NEEDS_ARG_ERR;
+ }
+ secmodString = argv[i];
+ break;
+ }
+ }
+ return SUCCESS;
}
/************************************************************************
@@ -507,58 +505,58 @@ parse_args(int argc, char *argv[])
static Error
verify_params()
{
- switch(command) {
- case ADD_COMMAND:
- if(libFile == NULL) {
- PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
- commandNames[ADD_COMMAND], optionStrings[LIBFILE_ARG]);
- return MISSING_PARAM_ERR;
- }
- break;
- case CHANGEPW_COMMAND:
- break;
- case CREATE_COMMAND:
- break;
- case DELETE_COMMAND:
- break;
- case DISABLE_COMMAND:
- break;
- case ENABLE_COMMAND:
- break;
- case FIPS_COMMAND:
- case CHKFIPS_COMMAND:
- if(PL_strcasecmp(fipsArg, "true") &&
- PL_strcasecmp(fipsArg, "false")) {
- PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
- return INVALID_FIPS_ARG;
- }
- break;
- case JAR_COMMAND:
- if(installDir == NULL) {
- PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
- commandNames[JAR_COMMAND], optionStrings[INSTALLDIR_ARG]);
- return MISSING_PARAM_ERR;
- }
- break;
- case LIST_COMMAND:
- case RAW_LIST_COMMAND:
- break;
- case RAW_ADD_COMMAND:
- break;
- case UNDEFAULT_COMMAND:
- case DEFAULT_COMMAND:
- if(mechanisms == NULL) {
- PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
- commandNames[command], optionStrings[MECHANISMS_ARG]);
- return MISSING_PARAM_ERR;
- }
- break;
- default:
- /* Ignore this here */
- break;
- }
-
- return SUCCESS;
+ switch (command) {
+ case ADD_COMMAND:
+ if (libFile == NULL) {
+ PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
+ commandNames[ADD_COMMAND], optionStrings[LIBFILE_ARG]);
+ return MISSING_PARAM_ERR;
+ }
+ break;
+ case CHANGEPW_COMMAND:
+ break;
+ case CREATE_COMMAND:
+ break;
+ case DELETE_COMMAND:
+ break;
+ case DISABLE_COMMAND:
+ break;
+ case ENABLE_COMMAND:
+ break;
+ case FIPS_COMMAND:
+ case CHKFIPS_COMMAND:
+ if (PL_strcasecmp(fipsArg, "true") &&
+ PL_strcasecmp(fipsArg, "false")) {
+ PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
+ return INVALID_FIPS_ARG;
+ }
+ break;
+ case JAR_COMMAND:
+ if (installDir == NULL) {
+ PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
+ commandNames[JAR_COMMAND], optionStrings[INSTALLDIR_ARG]);
+ return MISSING_PARAM_ERR;
+ }
+ break;
+ case LIST_COMMAND:
+ case RAW_LIST_COMMAND:
+ break;
+ case RAW_ADD_COMMAND:
+ break;
+ case UNDEFAULT_COMMAND:
+ case DEFAULT_COMMAND:
+ if (mechanisms == NULL) {
+ PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
+ commandNames[command], optionStrings[MECHANISMS_ARG]);
+ return MISSING_PARAM_ERR;
+ }
+ break;
+ default:
+ /* Ignore this here */
+ break;
+ }
+
+ return SUCCESS;
}
/********************************************************************
@@ -578,105 +576,106 @@ verify_params()
static Error
check_crypto(PRBool create, PRBool readOnly)
{
- char *dir;
- char *moddbname=NULL;
- Error retval;
- static const char multiaccess[] = { "multiaccess:" };
-
- dir = SECU_ConfigDirectory(dbdir); /* dir is never NULL */
- if (dir[0] == '\0') {
- PR_fprintf(PR_STDERR, errStrings[NO_DBDIR_ERR]);
- retval=NO_DBDIR_ERR;
- goto loser;
- }
- if (strncmp(dir, multiaccess, sizeof multiaccess - 1) == 0) {
- /* won't attempt to handle the multiaccess case. */
- return SUCCESS;
- }
+ char* dir;
+ char* moddbname = NULL;
+ Error retval;
+ static const char multiaccess[] = { "multiaccess:" };
+
+ dir = SECU_ConfigDirectory(dbdir); /* dir is never NULL */
+ if (dir[0] == '\0') {
+ PR_fprintf(PR_STDERR, errStrings[NO_DBDIR_ERR]);
+ retval = NO_DBDIR_ERR;
+ goto loser;
+ }
+ if (strncmp(dir, multiaccess, sizeof multiaccess - 1) == 0) {
+ /* won't attempt to handle the multiaccess case. */
+ return SUCCESS;
+ }
#ifdef notdef
- /* Make sure db directory exists and is readable */
- if(PR_Access(dir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dir);
- retval = DIR_DOESNT_EXIST_ERR;
- goto loser;
- } else if(PR_Access(dir, PR_ACCESS_READ_OK) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dir);
- retval = DIR_NOT_READABLE_ERR;
- goto loser;
- }
-
- if (secmodName == NULL) {
- secmodName = "secmod.db";
- }
-
- moddbname = PR_smprintf("%s/%s", dir, secmodName);
- if (!moddbname)
- return OUT_OF_MEM_ERR;
-
- /* Check for the proper permissions on databases */
- if(create) {
- /* Make sure dbs don't already exist, and the directory is
- writeable */
- if(PR_Access(moddbname, PR_ACCESS_EXISTS)==PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_ALREADY_EXISTS_ERR],
- moddbname);
- retval=FILE_ALREADY_EXISTS_ERR;
- goto loser;
- } else
- if(PR_Access(dir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dir);
- retval=DIR_NOT_WRITEABLE_ERR;
- goto loser;
- }
- } else {
- /* Make sure dbs are readable and writeable */
- if(PR_Access(moddbname, PR_ACCESS_READ_OK) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], moddbname);
- retval=FILE_NOT_READABLE_ERR;
- goto loser;
- }
-
- /* Check for write access if we'll be making changes */
- if( !readOnly ) {
- if(PR_Access(moddbname, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
- PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR],
- moddbname);
- retval=FILE_NOT_WRITEABLE_ERR;
- goto loser;
- }
- }
- PR_fprintf(PR_STDOUT, msgStrings[USING_DBDIR_MSG],
- SECU_ConfigDirectory(NULL));
- }
+ /* Make sure db directory exists and is readable */
+ if (PR_Access(dir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+ PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dir);
+ retval = DIR_DOESNT_EXIST_ERR;
+ goto loser;
+ } else if (PR_Access(dir, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+ PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dir);
+ retval = DIR_NOT_READABLE_ERR;
+ goto loser;
+ }
+
+ if (secmodName == NULL) {
+ secmodName = "secmod.db";
+ }
+
+ moddbname = PR_smprintf("%s/%s", dir, secmodName);
+ if (!moddbname)
+ return OUT_OF_MEM_ERR;
+
+ /* Check for the proper permissions on databases */
+ if (create) {
+ /* Make sure dbs don't already exist, and the directory is
+ writeable */
+ if (PR_Access(moddbname, PR_ACCESS_EXISTS) == PR_SUCCESS) {
+ PR_fprintf(PR_STDERR, errStrings[FILE_ALREADY_EXISTS_ERR],
+ moddbname);
+ retval = FILE_ALREADY_EXISTS_ERR;
+ goto loser;
+ } else if (PR_Access(dir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+ PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dir);
+ retval = DIR_NOT_WRITEABLE_ERR;
+ goto loser;
+ }
+ } else {
+ /* Make sure dbs are readable and writeable */
+ if (PR_Access(moddbname, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+ PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], moddbname);
+ retval = FILE_NOT_READABLE_ERR;
+ goto loser;
+ }
+
+ /* Check for write access if we'll be making changes */
+ if (!readOnly) {
+ if (PR_Access(moddbname, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+ PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR],
+ moddbname);
+ retval = FILE_NOT_WRITEABLE_ERR;
+ goto loser;
+ }
+ }
+ PR_fprintf(PR_STDOUT, msgStrings[USING_DBDIR_MSG],
+ SECU_ConfigDirectory(NULL));
+ }
#endif
- retval=SUCCESS;
+ retval = SUCCESS;
loser:
- if (moddbname) {
- PR_Free(moddbname);
- }
- return retval;
+ if (moddbname) {
+ PR_Free(moddbname);
+ }
+ return retval;
}
static Error
init_crypto(PRBool create, PRBool readOnly)
{
- PRUint32 flags = 0;
- SECStatus rv;
- Error retval;
- /* Open/create key database */
-
- if (readOnly) flags |= NSS_INIT_READONLY;
- if (nocertdb) flags |= NSS_INIT_NOCERTDB;
- rv = NSS_Initialize(SECU_ConfigDirectory(NULL), dbprefix, dbprefix,
- secmodName, flags);
- if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- retval=NSS_INITIALIZE_FAILED_ERR;
- } else
- retval=SUCCESS;
-
- return retval;
+ PRUint32 flags = 0;
+ SECStatus rv;
+ Error retval;
+ /* Open/create key database */
+
+ if (readOnly)
+ flags |= NSS_INIT_READONLY;
+ if (nocertdb)
+ flags |= NSS_INIT_NOCERTDB;
+ rv = NSS_Initialize(SECU_ConfigDirectory(NULL), dbprefix, dbprefix,
+ secmodName, flags);
+ if (rv != SECSuccess) {
+ SECU_PrintPRandOSError(progName);
+ retval = NSS_INITIALIZE_FAILED_ERR;
+ } else
+ retval = SUCCESS;
+
+ return retval;
}
/*************************************************************************
@@ -686,71 +685,69 @@ init_crypto(PRBool create, PRBool readOnly)
static void
usage()
{
- PR_fprintf(PR_STDOUT,
-"\nNetscape Cryptographic Module Utility\n"
-"Usage: modutil [command] [options]\n\n"
-" COMMANDS\n"
-"---------------------------------------------------------------------------\n"
-"-add MODULE_NAME Add the named module to the module database\n"
-" -libfile LIBRARY_FILE The name of the file (.so or .dll)\n"
-" containing the implementation of PKCS #11\n"
-" [-ciphers CIPHER_LIST] Enable the given ciphers on this module\n"
-" [-mechanisms MECHANISM_LIST] Make the module a default provider of the\n"
-" given mechanisms\n"
-" [-string CONFIG_STRING] Pass a configuration string to this module\n"
-"-changepw TOKEN Change the password on the named token\n"
-" [-pwfile FILE] The old password is in this file\n"
-" [-newpwfile FILE] The new password is in this file\n"
-"-chkfips [ true | false ] If true, verify FIPS mode. If false,\n"
-" verify not FIPS mode\n"
-"-create Create a new set of security databases\n"
-"-default MODULE Make the given module a default provider\n"
-" -mechanisms MECHANISM_LIST of the given mechanisms\n"
-" [-slot SLOT] limit change to only the given slot\n"
-"-delete MODULE Remove the named module from the module\n"
-" database\n"
-"-disable MODULE Disable the named module\n"
-" [-slot SLOT] Disable only the named slot on the module\n"
-"-enable MODULE Enable the named module\n"
-" [-slot SLOT] Enable only the named slot on the module\n"
-"-fips [ true | false ] If true, enable FIPS mode. If false,\n"
-" disable FIPS mode\n"
-"-force Do not run interactively\n"
-"-jar JARFILE Install a PKCS #11 module from the given\n"
-" JAR file in the PKCS #11 JAR format\n"
-" -installdir DIR Use DIR as the root directory of the\n"
-" installation\n"
-" [-tempdir DIR] Use DIR as the temporary installation\n"
-" directory. If not specified, the current\n"
-" directory is used\n"
-"-list [MODULE] Lists information about the specified module\n"
-" or about all modules if none is specified\n"
-"-rawadd MODULESPEC Add module spec string to secmod DB\n"
-"-rawlist [MODULE] Display module spec(s) for one or all\n"
-" loadable modules\n"
-"-undefault MODULE The given module is NOT a default provider\n"
-" -mechanisms MECHANISM_LIST of the listed mechanisms\n"
-" [-slot SLOT] limit change to only the given slot\n"
-"---------------------------------------------------------------------------\n"
-"\n"
-" OPTIONS\n"
-"---------------------------------------------------------------------------\n"
-"-dbdir DIR Directory DIR contains the security databases\n"
-"-dbprefix prefix Prefix for the security databases\n"
-"-nocertdb Do not load certificate or key databases. No\n"
-" verification will be performed on JAR files.\n"
-"-secmod secmodName Name of the security modules file\n"
-"---------------------------------------------------------------------------\n"
-"\n"
-"Mechanism lists are colon-separated. The following mechanisms are recognized:\n"
-"RSA, DSA, DH, RC2, RC4, RC5, AES, CAMELLIA, DES, MD2, MD5, SHA1, SHA256, SHA512,\n"
-"SSL, TLS, RANDOM, and FRIENDLY\n"
-"\n"
-"Cipher lists are colon-separated. The following ciphers are recognized:\n"
-"\n"
-"\nQuestions or bug reports should be sent to modutil-support@netscape.com.\n"
-);
-
+ PR_fprintf(PR_STDOUT,
+ "\nNetscape Cryptographic Module Utility\n"
+ "Usage: modutil [command] [options]\n\n"
+ " COMMANDS\n"
+ "---------------------------------------------------------------------------\n"
+ "-add MODULE_NAME Add the named module to the module database\n"
+ " -libfile LIBRARY_FILE The name of the file (.so or .dll)\n"
+ " containing the implementation of PKCS #11\n"
+ " [-ciphers CIPHER_LIST] Enable the given ciphers on this module\n"
+ " [-mechanisms MECHANISM_LIST] Make the module a default provider of the\n"
+ " given mechanisms\n"
+ " [-string CONFIG_STRING] Pass a configuration string to this module\n"
+ "-changepw TOKEN Change the password on the named token\n"
+ " [-pwfile FILE] The old password is in this file\n"
+ " [-newpwfile FILE] The new password is in this file\n"
+ "-chkfips [ true | false ] If true, verify FIPS mode. If false,\n"
+ " verify not FIPS mode\n"
+ "-create Create a new set of security databases\n"
+ "-default MODULE Make the given module a default provider\n"
+ " -mechanisms MECHANISM_LIST of the given mechanisms\n"
+ " [-slot SLOT] limit change to only the given slot\n"
+ "-delete MODULE Remove the named module from the module\n"
+ " database\n"
+ "-disable MODULE Disable the named module\n"
+ " [-slot SLOT] Disable only the named slot on the module\n"
+ "-enable MODULE Enable the named module\n"
+ " [-slot SLOT] Enable only the named slot on the module\n"
+ "-fips [ true | false ] If true, enable FIPS mode. If false,\n"
+ " disable FIPS mode\n"
+ "-force Do not run interactively\n"
+ "-jar JARFILE Install a PKCS #11 module from the given\n"
+ " JAR file in the PKCS #11 JAR format\n"
+ " -installdir DIR Use DIR as the root directory of the\n"
+ " installation\n"
+ " [-tempdir DIR] Use DIR as the temporary installation\n"
+ " directory. If not specified, the current\n"
+ " directory is used\n"
+ "-list [MODULE] Lists information about the specified module\n"
+ " or about all modules if none is specified\n"
+ "-rawadd MODULESPEC Add module spec string to secmod DB\n"
+ "-rawlist [MODULE] Display module spec(s) for one or all\n"
+ " loadable modules\n"
+ "-undefault MODULE The given module is NOT a default provider\n"
+ " -mechanisms MECHANISM_LIST of the listed mechanisms\n"
+ " [-slot SLOT] limit change to only the given slot\n"
+ "---------------------------------------------------------------------------\n"
+ "\n"
+ " OPTIONS\n"
+ "---------------------------------------------------------------------------\n"
+ "-dbdir DIR Directory DIR contains the security databases\n"
+ "-dbprefix prefix Prefix for the security databases\n"
+ "-nocertdb Do not load certificate or key databases. No\n"
+ " verification will be performed on JAR files.\n"
+ "-secmod secmodName Name of the security modules file\n"
+ "---------------------------------------------------------------------------\n"
+ "\n"
+ "Mechanism lists are colon-separated. The following mechanisms are recognized:\n"
+ "RSA, DSA, DH, RC2, RC4, RC5, AES, CAMELLIA, DES, MD2, MD5, SHA1, SHA256, SHA512,\n"
+ "SSL, TLS, RANDOM, and FRIENDLY\n"
+ "\n"
+ "Cipher lists are colon-separated. The following ciphers are recognized:\n"
+ "\n"
+ "\nQuestions or bug reports should be sent to modutil-support@netscape.com.\n");
}
/*************************************************************************
@@ -758,163 +755,164 @@ usage()
* m a i n
*/
int
-main(int argc, char *argv[])
+main(int argc, char* argv[])
{
- int errcode = SUCCESS;
- PRBool createdb, readOnly;
+ int errcode = SUCCESS;
+ PRBool createdb, readOnly;
#define STDINBUF_SIZE 80
- char stdinbuf[STDINBUF_SIZE];
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
-
- PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
-
- if(parse_args(argc, argv) != SUCCESS) {
- usage();
- errcode = INVALID_USAGE_ERR;
- goto loser;
- }
-
- if(verify_params() != SUCCESS) {
- usage();
- errcode = INVALID_USAGE_ERR;
- goto loser;
- }
-
- if(command==NO_COMMAND) {
- PR_fprintf(PR_STDERR, errStrings[NO_COMMAND_ERR]);
- usage();
- errcode = INVALID_USAGE_ERR;
- goto loser;
- }
-
- /* Set up crypto stuff */
- createdb = command==CREATE_COMMAND;
- readOnly = ((command == LIST_COMMAND) ||
- (command == CHKFIPS_COMMAND) ||
- (command == RAW_LIST_COMMAND));
-
- /* Make sure browser is not running if we're writing to a database */
- /* Do this before initializing crypto */
- if(!readOnly && !force) {
- char *response;
-
- PR_fprintf(PR_STDOUT, msgStrings[BROWSER_RUNNING_MSG]);
- if( ! PR_fgets(stdinbuf, STDINBUF_SIZE, PR_STDIN)) {
- PR_fprintf(PR_STDERR, errStrings[STDIN_READ_ERR]);
- errcode = STDIN_READ_ERR;
- goto loser;
- }
- if( (response=strtok(stdinbuf, " \r\n\t")) ) {
- if(!PL_strcasecmp(response, "q")) {
- PR_fprintf(PR_STDOUT, msgStrings[ABORTING_MSG]);
- errcode = SUCCESS;
- goto loser;
- }
- }
- PR_fprintf(PR_STDOUT, "\n");
- }
-
- errcode = check_crypto(createdb, readOnly);
- if( errcode != SUCCESS) {
- goto loser;
- }
-
- if ((command == RAW_LIST_COMMAND) || (command == RAW_ADD_COMMAND)) {
- if(!moduleName) {
- char *readOnlyStr, *noCertDBStr, *sep;
- if (!secmodName) secmodName="secmod.db";
- if (!dbprefix) dbprefix = "";
- sep = ((command == RAW_LIST_COMMAND) && nocertdb) ? "," : " ";
- readOnlyStr = (command == RAW_LIST_COMMAND) ? "readOnly" : "" ;
- noCertDBStr = nocertdb ? "noCertDB" : "";
- SECU_ConfigDirectory(dbdir);
-
- moduleName=PR_smprintf(
- "name=\"NSS default Module DB\" parameters=\"configdir=%s certPrefix=%s "
- "keyPrefix=%s secmod=%s flags=%s%s%s\" NSS=\"flags=internal,moduleDB,"
- "moduleDBOnly,critical\"",
- SECU_ConfigDirectory(NULL),dbprefix,dbprefix,
- secmodName, readOnlyStr,sep, noCertDBStr);
- }
- if (command == RAW_LIST_COMMAND) {
- errcode = RawListModule(moduleName);
- } else {
- PORT_Assert(moduleSpec);
- errcode = RawAddModule(moduleName,moduleSpec);
- }
- goto loser;
- }
-
- errcode = init_crypto(createdb, readOnly);
- if( errcode != SUCCESS) {
- goto loser;
- }
-
- errcode = LoadMechanismList();
- if (errcode != SUCCESS) {
- goto loser;
- }
-
- /* Execute the command */
- switch(command) {
- case ADD_COMMAND:
- errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
- break;
- case CHANGEPW_COMMAND:
- errcode = ChangePW(tokenName, pwFile, newpwFile);
- break;
- case CREATE_COMMAND:
- /* The work was already done in init_crypto() */
- break;
- case DEFAULT_COMMAND:
- errcode = SetDefaultModule(moduleName, slotName, mechanisms);
- break;
- case DELETE_COMMAND:
- errcode = DeleteModule(moduleName);
- break;
- case DISABLE_COMMAND:
- errcode = EnableModule(moduleName, slotName, PR_FALSE);
- break;
- case ENABLE_COMMAND:
- errcode = EnableModule(moduleName, slotName, PR_TRUE);
- break;
- case FIPS_COMMAND:
- errcode = FipsMode(fipsArg);
- break;
- case CHKFIPS_COMMAND:
- errcode = ChkFipsMode(fipsArg);
- break;
- case JAR_COMMAND:
- Pk11Install_SetErrorHandler(install_error);
- errcode = Pk11Install_DoInstall(jarFile, installDir, tempDir,
- PR_STDOUT, force, nocertdb);
- break;
- case LIST_COMMAND:
- if(moduleName) {
- errcode = ListModule(moduleName);
- } else {
- errcode = ListModules();
- }
- break;
- case UNDEFAULT_COMMAND:
- errcode = UnsetDefaultModule(moduleName, slotName, mechanisms);
- break;
- default:
- PR_fprintf(PR_STDERR, "This command is not supported yet.\n");
- errcode = INVALID_USAGE_ERR;
- break;
- }
-
- if (NSS_Shutdown() != SECSuccess) {
- exit(1);
- }
+ char stdinbuf[STDINBUF_SIZE];
+
+ progName = strrchr(argv[0], '/');
+ progName = progName ? progName + 1 : argv[0];
+
+ PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+
+ if (parse_args(argc, argv) != SUCCESS) {
+ usage();
+ errcode = INVALID_USAGE_ERR;
+ goto loser;
+ }
+
+ if (verify_params() != SUCCESS) {
+ usage();
+ errcode = INVALID_USAGE_ERR;
+ goto loser;
+ }
+
+ if (command == NO_COMMAND) {
+ PR_fprintf(PR_STDERR, errStrings[NO_COMMAND_ERR]);
+ usage();
+ errcode = INVALID_USAGE_ERR;
+ goto loser;
+ }
+
+ /* Set up crypto stuff */
+ createdb = command == CREATE_COMMAND;
+ readOnly = ((command == LIST_COMMAND) ||
+ (command == CHKFIPS_COMMAND) ||
+ (command == RAW_LIST_COMMAND));
+
+ /* Make sure browser is not running if we're writing to a database */
+ /* Do this before initializing crypto */
+ if (!readOnly && !force) {
+ char* response;
+
+ PR_fprintf(PR_STDOUT, msgStrings[BROWSER_RUNNING_MSG]);
+ if (!PR_fgets(stdinbuf, STDINBUF_SIZE, PR_STDIN)) {
+ PR_fprintf(PR_STDERR, errStrings[STDIN_READ_ERR]);
+ errcode = STDIN_READ_ERR;
+ goto loser;
+ }
+ if ((response = strtok(stdinbuf, " \r\n\t"))) {
+ if (!PL_strcasecmp(response, "q")) {
+ PR_fprintf(PR_STDOUT, msgStrings[ABORTING_MSG]);
+ errcode = SUCCESS;
+ goto loser;
+ }
+ }
+ PR_fprintf(PR_STDOUT, "\n");
+ }
+
+ errcode = check_crypto(createdb, readOnly);
+ if (errcode != SUCCESS) {
+ goto loser;
+ }
+
+ if ((command == RAW_LIST_COMMAND) || (command == RAW_ADD_COMMAND)) {
+ if (!moduleName) {
+ char *readOnlyStr, *noCertDBStr, *sep;
+ if (!secmodName)
+ secmodName = "secmod.db";
+ if (!dbprefix)
+ dbprefix = "";
+ sep = ((command == RAW_LIST_COMMAND) && nocertdb) ? "," : " ";
+ readOnlyStr = (command == RAW_LIST_COMMAND) ? "readOnly" : "";
+ noCertDBStr = nocertdb ? "noCertDB" : "";
+ SECU_ConfigDirectory(dbdir);
+
+ moduleName = PR_smprintf(
+ "name=\"NSS default Module DB\" parameters=\"configdir=%s certPrefix=%s "
+ "keyPrefix=%s secmod=%s flags=%s%s%s\" NSS=\"flags=internal,moduleDB,"
+ "moduleDBOnly,critical\"",
+ SECU_ConfigDirectory(NULL), dbprefix, dbprefix,
+ secmodName, readOnlyStr, sep, noCertDBStr);
+ }
+ if (command == RAW_LIST_COMMAND) {
+ errcode = RawListModule(moduleName);
+ } else {
+ PORT_Assert(moduleSpec);
+ errcode = RawAddModule(moduleName, moduleSpec);
+ }
+ goto loser;
+ }
+
+ errcode = init_crypto(createdb, readOnly);
+ if (errcode != SUCCESS) {
+ goto loser;
+ }
+
+ errcode = LoadMechanismList();
+ if (errcode != SUCCESS) {
+ goto loser;
+ }
+
+ /* Execute the command */
+ switch (command) {
+ case ADD_COMMAND:
+ errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
+ break;
+ case CHANGEPW_COMMAND:
+ errcode = ChangePW(tokenName, pwFile, newpwFile);
+ break;
+ case CREATE_COMMAND:
+ /* The work was already done in init_crypto() */
+ break;
+ case DEFAULT_COMMAND:
+ errcode = SetDefaultModule(moduleName, slotName, mechanisms);
+ break;
+ case DELETE_COMMAND:
+ errcode = DeleteModule(moduleName);
+ break;
+ case DISABLE_COMMAND:
+ errcode = EnableModule(moduleName, slotName, PR_FALSE);
+ break;
+ case ENABLE_COMMAND:
+ errcode = EnableModule(moduleName, slotName, PR_TRUE);
+ break;
+ case FIPS_COMMAND:
+ errcode = FipsMode(fipsArg);
+ break;
+ case CHKFIPS_COMMAND:
+ errcode = ChkFipsMode(fipsArg);
+ break;
+ case JAR_COMMAND:
+ Pk11Install_SetErrorHandler(install_error);
+ errcode = Pk11Install_DoInstall(jarFile, installDir, tempDir,
+ PR_STDOUT, force, nocertdb);
+ break;
+ case LIST_COMMAND:
+ if (moduleName) {
+ errcode = ListModule(moduleName);
+ } else {
+ errcode = ListModules();
+ }
+ break;
+ case UNDEFAULT_COMMAND:
+ errcode = UnsetDefaultModule(moduleName, slotName, mechanisms);
+ break;
+ default:
+ PR_fprintf(PR_STDERR, "This command is not supported yet.\n");
+ errcode = INVALID_USAGE_ERR;
+ break;
+ }
+
+ if (NSS_Shutdown() != SECSuccess) {
+ exit(1);
+ }
loser:
- PR_Cleanup();
- return errcode;
+ PR_Cleanup();
+ return errcode;
}
/************************************************************************
@@ -924,9 +922,9 @@ loser:
* Callback function to handle errors in PK11 JAR file installation.
*/
static void
-install_error(char *message)
+install_error(char* message)
{
- PR_fprintf(PR_STDERR, "Install error: %s\n", message);
+ PR_fprintf(PR_STDERR, "Install error: %s\n", message);
}
/*************************************************************************
@@ -936,11 +934,10 @@ install_error(char *message)
void
out_of_memory(void)
{
- PR_fprintf(PR_STDERR, errStrings[OUT_OF_MEM_ERR]);
- exit(OUT_OF_MEM_ERR);
+ PR_fprintf(PR_STDERR, errStrings[OUT_OF_MEM_ERR]);
+ exit(OUT_OF_MEM_ERR);
}
-
/**************************************************************************
*
* P R _ f g e t s
@@ -948,26 +945,26 @@ out_of_memory(void)
* fgets implemented with NSPR.
*/
static char*
-PR_fgets(char *buf, int size, PRFileDesc *file)
+PR_fgets(char* buf, int size, PRFileDesc* file)
{
- int i;
- int status;
- char c;
-
- i=0;
- while(i < size-1) {
- status = PR_Read(file, (void*) &c, 1);
- if(status==-1) {
- return NULL;
- } else if(status==0) {
- break;
- }
- buf[i++] = c;
- if(c=='\n') {
- break;
- }
- }
- buf[i]='\0';
-
- return buf;
+ int i;
+ int status;
+ char c;
+
+ i = 0;
+ while (i < size - 1) {
+ status = PR_Read(file, (void*)&c, 1);
+ if (status == -1) {
+ return NULL;
+ } else if (status == 0) {
+ break;
+ }
+ buf[i++] = c;
+ if (c == '\n') {
+ break;
+ }
+ }
+ buf[i] = '\0';
+
+ return buf;
}
diff --git a/cmd/modutil/modutil.h b/cmd/modutil/modutil.h
index 529d60ef1..127d0d0da 100644
--- a/cmd/modutil/modutil.h
+++ b/cmd/modutil/modutil.h
@@ -25,7 +25,7 @@ Error LoadMechanismList(void);
Error FipsMode(char *arg);
Error ChkFipsMode(char *arg);
Error AddModule(char *moduleName, char *libFile, char *ciphers,
- char *mechanisms, char* modparms);
+ char *mechanisms, char *modparms);
Error DeleteModule(char *moduleName);
Error ListModule(char *moduleName);
Error ListModules();
diff --git a/cmd/modutil/pk11.c b/cmd/modutil/pk11.c
index c0a6ccb71..9c460ecd8 100644
--- a/cmd/modutil/pk11.c
+++ b/cmd/modutil/pk11.c
@@ -20,49 +20,49 @@ FipsMode(char *arg)
{
char *internal_name;
- if(!PORT_Strcasecmp(arg, "true")) {
- if(!PK11_IsFIPS()) {
- internal_name = PR_smprintf("%s",
- SECMOD_GetInternalModule()->commonName);
- if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
- PR_smprintf_free(internal_name);
- PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
- return FIPS_SWITCH_FAILED_ERR;
- }
- PR_smprintf_free(internal_name);
- if (!PK11_IsFIPS()) {
- PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
- return FIPS_SWITCH_FAILED_ERR;
- }
- PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
- } else {
- PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
- return FIPS_ALREADY_ON_ERR;
- }
- } else if(!PORT_Strcasecmp(arg, "false")) {
- if(PK11_IsFIPS()) {
- internal_name = PR_smprintf("%s",
- SECMOD_GetInternalModule()->commonName);
- if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
- PR_smprintf_free(internal_name);
- PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
- return FIPS_SWITCH_FAILED_ERR;
- }
- PR_smprintf_free(internal_name);
- if (PK11_IsFIPS()) {
- PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
- return FIPS_SWITCH_FAILED_ERR;
- }
- PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
- } else {
- PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]);
- return FIPS_ALREADY_OFF_ERR;
- }
+ if (!PORT_Strcasecmp(arg, "true")) {
+ if (!PK11_IsFIPS()) {
+ internal_name = PR_smprintf("%s",
+ SECMOD_GetInternalModule()->commonName);
+ if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
+ PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
+ PR_smprintf_free(internal_name);
+ PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+ return FIPS_SWITCH_FAILED_ERR;
+ }
+ PR_smprintf_free(internal_name);
+ if (!PK11_IsFIPS()) {
+ PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+ return FIPS_SWITCH_FAILED_ERR;
+ }
+ PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
+ } else {
+ PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
+ return FIPS_ALREADY_ON_ERR;
+ }
+ } else if (!PORT_Strcasecmp(arg, "false")) {
+ if (PK11_IsFIPS()) {
+ internal_name = PR_smprintf("%s",
+ SECMOD_GetInternalModule()->commonName);
+ if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
+ PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
+ PR_smprintf_free(internal_name);
+ PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+ return FIPS_SWITCH_FAILED_ERR;
+ }
+ PR_smprintf_free(internal_name);
+ if (PK11_IsFIPS()) {
+ PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+ return FIPS_SWITCH_FAILED_ERR;
+ }
+ PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
+ } else {
+ PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]);
+ return FIPS_ALREADY_OFF_ERR;
+ }
} else {
- PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
- return INVALID_FIPS_ARG;
+ PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
+ return INVALID_FIPS_ARG;
}
return SUCCESS;
@@ -71,30 +71,30 @@ FipsMode(char *arg)
/*************************************************************************
*
* C h k F i p s M o d e
- * If arg=="true", verify FIPS mode is enabled on the internal module.
+ * If arg=="true", verify FIPS mode is enabled on the internal module.
* If arg=="false", verify FIPS mode is disabled on the internal module.
*/
Error
ChkFipsMode(char *arg)
{
- if(!PORT_Strcasecmp(arg, "true")) {
- if (PK11_IsFIPS()) {
- PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
- } else {
- PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
- return FIPS_SWITCH_FAILED_ERR;
- }
-
- } else if(!PORT_Strcasecmp(arg, "false")) {
- if(!PK11_IsFIPS()) {
- PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
- } else {
- PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
- return FIPS_SWITCH_FAILED_ERR;
- }
+ if (!PORT_Strcasecmp(arg, "true")) {
+ if (PK11_IsFIPS()) {
+ PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
+ } else {
+ PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
+ return FIPS_SWITCH_FAILED_ERR;
+ }
+
+ } else if (!PORT_Strcasecmp(arg, "false")) {
+ if (!PK11_IsFIPS()) {
+ PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
+ } else {
+ PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
+ return FIPS_SWITCH_FAILED_ERR;
+ }
} else {
- PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
- return INVALID_FIPS_ARG;
+ PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
+ return INVALID_FIPS_ARG;
}
return SUCCESS;
@@ -109,23 +109,21 @@ typedef struct {
unsigned long mask;
} MaskString;
-
static const MaskString cipherStrings[] = {
- {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG}
+ { "FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG }
};
static const int numCipherStrings =
sizeof(cipherStrings) / sizeof(cipherStrings[0]);
/* Initialized by LoadMechanismList */
-static MaskString *mechanismStrings = NULL;
+static MaskString *mechanismStrings = NULL;
static int numMechanismStrings = 0;
const static PK11DefaultArrayEntry *pk11_DefaultArray = NULL;
static int pk11_DefaultArraySize = 0;
/* Maximum length of a colon-separated list of all the strings in an
* array. */
-#define MAX_STRING_LIST_LEN 240 /* or less */
-
+#define MAX_STRING_LIST_LEN 240 /* or less */
Error
LoadMechanismList(void)
@@ -140,46 +138,46 @@ LoadMechanismList(void)
}
}
if (mechanismStrings != NULL) {
- return SUCCESS;
+ return SUCCESS;
}
/* build the mechanismStrings array */
mechanismStrings = PORT_NewArray(MaskString, pk11_DefaultArraySize);
if (mechanismStrings == NULL) {
- return OUT_OF_MEM_ERR;
+ return OUT_OF_MEM_ERR;
}
numMechanismStrings = pk11_DefaultArraySize;
for (i = 0; i < numMechanismStrings; i++) {
- const char *name = pk11_DefaultArray[i].name;
- unsigned long flag = pk11_DefaultArray[i].flag;
- /* map new name to old */
- switch (flag) {
- case SECMOD_FORTEZZA_FLAG:
- name = "FORTEZZA";
- break;
- case SECMOD_SHA1_FLAG:
- name = "SHA1";
- break;
- case SECMOD_CAMELLIA_FLAG:
- name = "CAMELLIA";
- break;
- case SECMOD_RANDOM_FLAG:
- name = "RANDOM";
- break;
- case SECMOD_FRIENDLY_FLAG:
- name = "FRIENDLY";
- break;
- default:
- break;
- }
- mechanismStrings[i].name = name;
- mechanismStrings[i].mask = SECMOD_InternaltoPubMechFlags(flag);
+ const char *name = pk11_DefaultArray[i].name;
+ unsigned long flag = pk11_DefaultArray[i].flag;
+ /* map new name to old */
+ switch (flag) {
+ case SECMOD_FORTEZZA_FLAG:
+ name = "FORTEZZA";
+ break;
+ case SECMOD_SHA1_FLAG:
+ name = "SHA1";
+ break;
+ case SECMOD_CAMELLIA_FLAG:
+ name = "CAMELLIA";
+ break;
+ case SECMOD_RANDOM_FLAG:
+ name = "RANDOM";
+ break;
+ case SECMOD_FRIENDLY_FLAG:
+ name = "FRIENDLY";
+ break;
+ default:
+ break;
+ }
+ mechanismStrings[i].name = name;
+ mechanismStrings[i].mask = SECMOD_InternaltoPubMechFlags(flag);
}
return SUCCESS;
}
/************************************************************************
- *
+ *
* g e t F l a g s F r o m S t r i n g
*
* Parses a mechanism list passed on the command line and converts it
@@ -197,37 +195,37 @@ getFlagsFromString(char *string, const MaskString array[], int elements)
char *buf;
char *end;
- if(!string || !string[0]) {
- return ret;
+ if (!string || !string[0]) {
+ return ret;
}
/* Make a temporary copy of the string */
- buf = PR_Malloc(strlen(string)+1);
- if(!buf) {
- out_of_memory();
+ buf = PR_Malloc(strlen(string) + 1);
+ if (!buf) {
+ out_of_memory();
}
strcpy(buf, string);
/* Look at each element of the list passed in */
- for(cp=buf; cp && *cp; cp = (end ? end+1 : NULL) ) {
- /* Look at the string up to the next colon */
- end = strchr(cp, ':');
- if(end) {
- *end = '\0';
- }
-
- /* Find which element this is */
- for(i=0; i < elements; i++) {
- if( !PORT_Strcasecmp(cp, array[i].name) ) {
- break;
- }
- }
- if(i == elements) {
- /* Skip a bogus string, but print a warning message */
- PR_fprintf(PR_STDERR, errStrings[INVALID_CONSTANT_ERR], cp);
- continue;
- }
- ret |= array[i].mask;
+ for (cp = buf; cp && *cp; cp = (end ? end + 1 : NULL)) {
+ /* Look at the string up to the next colon */
+ end = strchr(cp, ':');
+ if (end) {
+ *end = '\0';
+ }
+
+ /* Find which element this is */
+ for (i = 0; i < elements; i++) {
+ if (!PORT_Strcasecmp(cp, array[i].name)) {
+ break;
+ }
+ }
+ if (i == elements) {
+ /* Skip a bogus string, but print a warning message */
+ PR_fprintf(PR_STDERR, errStrings[INVALID_CONSTANT_ERR], cp);
+ continue;
+ }
+ ret |= array[i].mask;
}
PR_Free(buf);
@@ -237,7 +235,7 @@ getFlagsFromString(char *string, const MaskString array[], int elements)
/**********************************************************************
*
* g e t S t r i n g F r o m F l a g s
- *
+ *
* The return string's memory is owned by this function. Copy it
* if you need it permanently or you want to change it.
*/
@@ -246,17 +244,17 @@ getStringFromFlags(unsigned long flags, const MaskString array[], int elements)
{
static char buf[MAX_STRING_LIST_LEN];
int i;
- int count=0;
+ int count = 0;
buf[0] = '\0';
- for(i=0; i<elements; i++) {
- if( flags & array[i].mask ) {
- ++count;
- if(count!=1) {
- strcat(buf, ":");
- }
- strcat(buf, array[i].name);
- }
+ for (i = 0; i < elements; i++) {
+ if (flags & array[i].mask) {
+ ++count;
+ if (count != 1) {
+ strcat(buf, ":");
+ }
+ strcat(buf, array[i].name);
+ }
}
return buf;
}
@@ -270,43 +268,43 @@ getStringFromFlags(unsigned long flags, const MaskString array[], int elements)
*/
Error
AddModule(char *moduleName, char *libFile, char *cipherString,
- char *mechanismString, char* modparms)
+ char *mechanismString, char *modparms)
{
unsigned long ciphers;
unsigned long mechanisms;
SECStatus status;
mechanisms =
- getFlagsFromString(mechanismString, mechanismStrings,
- numMechanismStrings);
+ getFlagsFromString(mechanismString, mechanismStrings,
+ numMechanismStrings);
ciphers =
- getFlagsFromString(cipherString, cipherStrings, numCipherStrings);
+ getFlagsFromString(cipherString, cipherStrings, numCipherStrings);
status =
- SECMOD_AddNewModuleEx(moduleName, libFile,
- SECMOD_PubMechFlagstoInternal(mechanisms),
- SECMOD_PubCipherFlagstoInternal(ciphers),
- modparms, NULL );
-
- if(status != SECSuccess) {
- char* errtxt=NULL;
- PRInt32 copied = 0;
- if (PR_GetErrorTextLength()) {
- errtxt = PR_Malloc(PR_GetErrorTextLength() + 1);
- copied = PR_GetErrorText(errtxt);
- }
- if (copied && errtxt) {
- PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
- moduleName, errtxt);
- PR_Free(errtxt);
- } else {
- PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
- moduleName, SECU_Strerror(PORT_GetError()));
- }
- return ADD_MODULE_FAILED_ERR;
+ SECMOD_AddNewModuleEx(moduleName, libFile,
+ SECMOD_PubMechFlagstoInternal(mechanisms),
+ SECMOD_PubCipherFlagstoInternal(ciphers),
+ modparms, NULL);
+
+ if (status != SECSuccess) {
+ char *errtxt = NULL;
+ PRInt32 copied = 0;
+ if (PR_GetErrorTextLength()) {
+ errtxt = PR_Malloc(PR_GetErrorTextLength() + 1);
+ copied = PR_GetErrorText(errtxt);
+ }
+ if (copied && errtxt) {
+ PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
+ moduleName, errtxt);
+ PR_Free(errtxt);
+ } else {
+ PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
+ moduleName, SECU_Strerror(PORT_GetError()));
+ }
+ return ADD_MODULE_FAILED_ERR;
} else {
- PR_fprintf(PR_STDOUT, msgStrings[ADD_MODULE_SUCCESS_MSG], moduleName);
- return SUCCESS;
+ PR_fprintf(PR_STDOUT, msgStrings[ADD_MODULE_SUCCESS_MSG], moduleName);
+ return SUCCESS;
}
}
@@ -321,17 +319,17 @@ DeleteModule(char *moduleName)
{
SECStatus status;
int type;
-
+
status = SECMOD_DeleteModule(moduleName, &type);
- if(status != SECSuccess) {
- if(type == SECMOD_FIPS || type == SECMOD_INTERNAL) {
- PR_fprintf(PR_STDERR, errStrings[DELETE_INTERNAL_ERR]);
- return DELETE_INTERNAL_ERR;
- } else {
- PR_fprintf(PR_STDERR, errStrings[DELETE_FAILED_ERR], moduleName);
- return DELETE_FAILED_ERR;
- }
+ if (status != SECSuccess) {
+ if (type == SECMOD_FIPS || type == SECMOD_INTERNAL) {
+ PR_fprintf(PR_STDERR, errStrings[DELETE_INTERNAL_ERR]);
+ return DELETE_INTERNAL_ERR;
+ } else {
+ PR_fprintf(PR_STDERR, errStrings[DELETE_FAILED_ERR], moduleName);
+ return DELETE_FAILED_ERR;
+ }
}
PR_fprintf(PR_STDOUT, msgStrings[DELETE_SUCCESS_MSG], moduleName);
@@ -350,21 +348,21 @@ RawListModule(char *modulespec)
SECMODModule *module;
char **moduleSpecList;
- module = SECMOD_LoadModule(modulespec,NULL,PR_FALSE);
+ module = SECMOD_LoadModule(modulespec, NULL, PR_FALSE);
if (module == NULL) {
- /* handle error */
- return NO_SUCH_MODULE_ERR;
+ /* handle error */
+ return NO_SUCH_MODULE_ERR;
}
moduleSpecList = SECMOD_GetModuleSpecList(module);
if (!moduleSpecList || !moduleSpecList[0]) {
- SECU_PrintError("modutil",
- "no specs in secmod DB");
- return NO_SUCH_MODULE_ERR;
+ SECU_PrintError("modutil",
+ "no specs in secmod DB");
+ return NO_SUCH_MODULE_ERR;
}
- for ( ;*moduleSpecList; moduleSpecList++) {
- printf("%s\n\n",*moduleSpecList);
+ for (; *moduleSpecList; moduleSpecList++) {
+ printf("%s\n\n", *moduleSpecList);
}
return SUCCESS;
@@ -376,36 +374,35 @@ RawAddModule(char *dbmodulespec, char *modulespec)
SECMODModule *module;
SECMODModule *dbmodule;
-
- dbmodule = SECMOD_LoadModule(dbmodulespec,NULL,PR_TRUE);
+ dbmodule = SECMOD_LoadModule(dbmodulespec, NULL, PR_TRUE);
if (dbmodule == NULL) {
- /* handle error */
- return NO_SUCH_MODULE_ERR;
+ /* handle error */
+ return NO_SUCH_MODULE_ERR;
}
- module = SECMOD_LoadModule(modulespec,dbmodule,PR_FALSE);
+ module = SECMOD_LoadModule(modulespec, dbmodule, PR_FALSE);
if (module == NULL) {
- /* handle error */
- return NO_SUCH_MODULE_ERR;
+ /* handle error */
+ return NO_SUCH_MODULE_ERR;
}
- if( SECMOD_UpdateModule(module) != SECSuccess ) {
- PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], modulespec);
- return UPDATE_MOD_FAILED_ERR;
+ if (SECMOD_UpdateModule(module) != SECSuccess) {
+ PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], modulespec);
+ return UPDATE_MOD_FAILED_ERR;
}
return SUCCESS;
}
static void
-printModule(SECMODModule *module, int *count)
+printModule(SECMODModule *module, int *count)
{
int slotCount = module->loaded ? module->slotCount : 0;
int i;
if ((*count)++) {
- PR_fprintf(PR_STDOUT,"\n");
+ PR_fprintf(PR_STDOUT, "\n");
}
- PR_fprintf(PR_STDOUT, "%3d. %s\n", *count, module->commonName);
+ PR_fprintf(PR_STDOUT, "%3d. %s\n", *count, module->commonName);
if (module->dllName) {
PR_fprintf(PR_STDOUT, "\tlibrary name: %s\n", module->dllName);
@@ -413,10 +410,10 @@ printModule(SECMODModule *module, int *count)
if (slotCount == 0) {
PR_fprintf(PR_STDOUT,
- "\t slots: There are no slots attached to this module\n");
+ "\t slots: There are no slots attached to this module\n");
} else {
PR_fprintf(PR_STDOUT, "\t slots: %d slot%s attached\n",
- slotCount, (slotCount==1 ? "" : "s") );
+ slotCount, (slotCount == 1 ? "" : "s"));
}
if (module->loaded == 0) {
@@ -449,13 +446,13 @@ ListModules()
SECMODModuleList *list;
SECMODModuleList *deadlist;
SECMODModuleList *mlp;
- Error ret=UNSPECIFIED_ERR;
+ Error ret = UNSPECIFIED_ERR;
int count = 0;
lock = SECMOD_GetDefaultModuleListLock();
- if(!lock) {
- PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]);
- return NO_LIST_LOCK_ERR;
+ if (!lock) {
+ PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]);
+ return NO_LIST_LOCK_ERR;
}
SECMOD_GetReadLock(lock);
@@ -463,25 +460,24 @@ ListModules()
list = SECMOD_GetDefaultModuleList();
deadlist = SECMOD_GetDeadModuleList();
if (!list && !deadlist) {
- PR_fprintf(PR_STDERR, errStrings[NO_MODULE_LIST_ERR]);
- ret = NO_MODULE_LIST_ERR;
- goto loser;
+ PR_fprintf(PR_STDERR, errStrings[NO_MODULE_LIST_ERR]);
+ ret = NO_MODULE_LIST_ERR;
+ goto loser;
}
PR_fprintf(PR_STDOUT,
- "\nListing of PKCS #11 Modules\n"
- "-----------------------------------------------------------\n");
-
- for(mlp=list; mlp != NULL; mlp = mlp->next) {
- printModule(mlp->module, &count);
+ "\nListing of PKCS #11 Modules\n"
+ "-----------------------------------------------------------\n");
+
+ for (mlp = list; mlp != NULL; mlp = mlp->next) {
+ printModule(mlp->module, &count);
}
- for (mlp=deadlist; mlp != NULL; mlp = mlp->next) {
- printModule(mlp->module, &count);
+ for (mlp = deadlist; mlp != NULL; mlp = mlp->next) {
+ printModule(mlp->module, &count);
}
-
PR_fprintf(PR_STDOUT,
- "-----------------------------------------------------------\n");
+ "-----------------------------------------------------------\n");
ret = SUCCESS;
@@ -518,145 +514,145 @@ ListModule(char *moduleName)
CK_TOKEN_INFO tokeninfo;
char *ciphers, *mechanisms;
PK11DisableReasons reason;
- Error rv = SUCCESS;
+ Error rv = SUCCESS;
- if(!moduleName) {
- return SUCCESS;
+ if (!moduleName) {
+ return SUCCESS;
}
module = SECMOD_FindModule(moduleName);
- if(!module) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
- rv = NO_SUCH_MODULE_ERR;
+ if (!module) {
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
+ rv = NO_SUCH_MODULE_ERR;
goto loser;
}
- if ((module->loaded) &&
- (PK11_GetModInfo(module, &modinfo) != SECSuccess)) {
- PR_fprintf(PR_STDERR, errStrings[MOD_INFO_ERR], moduleName);
- rv = MOD_INFO_ERR;
+ if ((module->loaded) &&
+ (PK11_GetModInfo(module, &modinfo) != SECSuccess)) {
+ PR_fprintf(PR_STDERR, errStrings[MOD_INFO_ERR], moduleName);
+ rv = MOD_INFO_ERR;
goto loser;
}
/* Module info */
- PR_fprintf(PR_STDOUT,
- "\n-----------------------------------------------------------\n");
+ PR_fprintf(PR_STDOUT,
+ "\n-----------------------------------------------------------\n");
PR_fprintf(PR_STDOUT, "Name: %s\n", module->commonName);
- if(module->internal || !module->dllName) {
- PR_fprintf(PR_STDOUT, "Library file: **Internal ONLY module**\n");
+ if (module->internal || !module->dllName) {
+ PR_fprintf(PR_STDOUT, "Library file: **Internal ONLY module**\n");
} else {
- PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName);
+ PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName);
}
if (module->loaded) {
- PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID);
- PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription);
- PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n",
- modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor);
- PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n",
- modinfo.libraryVersion.major, modinfo.libraryVersion.minor);
+ PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID);
+ PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription);
+ PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n",
+ modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor);
+ PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n",
+ modinfo.libraryVersion.major, modinfo.libraryVersion.minor);
} else {
- PR_fprintf(PR_STDOUT, "* Module not loaded\n");
+ PR_fprintf(PR_STDOUT, "* Module not loaded\n");
}
/* Get cipher and mechanism flags */
ciphers = getStringFromFlags(module->ssl[0], cipherStrings,
- numCipherStrings);
- if(ciphers[0] == '\0') {
- ciphers = "None";
+ numCipherStrings);
+ if (ciphers[0] == '\0') {
+ ciphers = "None";
}
PR_fprintf(PR_STDOUT, "Cipher Enable Flags: %s\n", ciphers);
mechanisms = NULL;
if (module->slotCount > 0) {
- mechanisms = getStringFromFlags(
- PK11_GetDefaultFlags(module->slots[0]),
- mechanismStrings, numMechanismStrings);
+ mechanisms = getStringFromFlags(
+ PK11_GetDefaultFlags(module->slots[0]),
+ mechanismStrings, numMechanismStrings);
}
- if ((mechanisms==NULL) || (mechanisms[0] =='\0')) {
- mechanisms = "None";
+ if ((mechanisms == NULL) || (mechanisms[0] == '\0')) {
+ mechanisms = "None";
}
PR_fprintf(PR_STDOUT, "Default Mechanism Flags: %s\n", mechanisms);
#define PAD " "
/* Loop over each slot */
- for (slotnum=0; slotnum < module->slotCount; slotnum++) {
- slot = module->slots[slotnum];
- if (PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR],
- PK11_GetSlotName(slot));
- rv = SLOT_INFO_ERR;
- continue;
- }
-
- /* Slot Info */
- PR_fprintf(PR_STDOUT, "\n"PAD"Slot: %s\n", PK11_GetSlotName(slot));
- mechanisms = getStringFromFlags(PK11_GetDefaultFlags(slot),
- mechanismStrings, numMechanismStrings);
- if(mechanisms[0] =='\0') {
- mechanisms = "None";
- }
- PR_fprintf(PR_STDOUT, PAD"Slot Mechanism Flags: %s\n", mechanisms);
- PR_fprintf(PR_STDOUT, PAD"Manufacturer: %.32s\n",
- slotinfo.manufacturerID);
- if (PK11_IsHW(slot)) {
- PR_fprintf(PR_STDOUT, PAD"Type: Hardware\n");
- } else {
- PR_fprintf(PR_STDOUT, PAD"Type: Software\n");
- }
- PR_fprintf(PR_STDOUT, PAD"Version Number: %d.%d\n",
- slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor);
- PR_fprintf(PR_STDOUT, PAD"Firmware Version: %d.%d\n",
- slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor);
- if (PK11_IsDisabled(slot)) {
- reason = PK11_GetDisabledReason(slot);
- if(reason < numDisableReasonStr) {
- PR_fprintf(PR_STDOUT, PAD"Status: DISABLED (%s)\n",
- disableReasonStr[reason]);
- } else {
- PR_fprintf(PR_STDOUT, PAD"Status: DISABLED\n");
- }
- } else {
- PR_fprintf(PR_STDOUT, PAD"Status: Enabled\n");
- }
-
- if(PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR],
- PK11_GetTokenName(slot));
- rv = TOKEN_INFO_ERR;
- continue;
- }
-
- /* Token Info */
- PR_fprintf(PR_STDOUT, PAD"Token Name: %.32s\n",
- tokeninfo.label);
- PR_fprintf(PR_STDOUT, PAD"Token Manufacturer: %.32s\n",
- tokeninfo.manufacturerID);
- PR_fprintf(PR_STDOUT, PAD"Token Model: %.16s\n", tokeninfo.model);
- PR_fprintf(PR_STDOUT, PAD"Token Serial Number: %.16s\n",
- tokeninfo.serialNumber);
- PR_fprintf(PR_STDOUT, PAD"Token Version: %d.%d\n",
- tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor);
- PR_fprintf(PR_STDOUT, PAD"Token Firmware Version: %d.%d\n",
- tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor);
- if(tokeninfo.flags & CKF_WRITE_PROTECTED) {
- PR_fprintf(PR_STDOUT, PAD"Access: Write Protected\n");
- } else {
- PR_fprintf(PR_STDOUT, PAD"Access: NOT Write Protected\n");
- }
- if(tokeninfo.flags & CKF_LOGIN_REQUIRED) {
- PR_fprintf(PR_STDOUT, PAD"Login Type: Login required\n");
- } else {
- PR_fprintf(PR_STDOUT, PAD
- "Login Type: Public (no login required)\n");
- }
- if(tokeninfo.flags & CKF_USER_PIN_INITIALIZED) {
- PR_fprintf(PR_STDOUT, PAD"User Pin: Initialized\n");
- } else {
- PR_fprintf(PR_STDOUT, PAD"User Pin: NOT Initialized\n");
- }
- }
- PR_fprintf(PR_STDOUT,
- "\n-----------------------------------------------------------\n");
+ for (slotnum = 0; slotnum < module->slotCount; slotnum++) {
+ slot = module->slots[slotnum];
+ if (PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) {
+ PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR],
+ PK11_GetSlotName(slot));
+ rv = SLOT_INFO_ERR;
+ continue;
+ }
+
+ /* Slot Info */
+ PR_fprintf(PR_STDOUT, "\n" PAD "Slot: %s\n", PK11_GetSlotName(slot));
+ mechanisms = getStringFromFlags(PK11_GetDefaultFlags(slot),
+ mechanismStrings, numMechanismStrings);
+ if (mechanisms[0] == '\0') {
+ mechanisms = "None";
+ }
+ PR_fprintf(PR_STDOUT, PAD "Slot Mechanism Flags: %s\n", mechanisms);
+ PR_fprintf(PR_STDOUT, PAD "Manufacturer: %.32s\n",
+ slotinfo.manufacturerID);
+ if (PK11_IsHW(slot)) {
+ PR_fprintf(PR_STDOUT, PAD "Type: Hardware\n");
+ } else {
+ PR_fprintf(PR_STDOUT, PAD "Type: Software\n");
+ }
+ PR_fprintf(PR_STDOUT, PAD "Version Number: %d.%d\n",
+ slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor);
+ PR_fprintf(PR_STDOUT, PAD "Firmware Version: %d.%d\n",
+ slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor);
+ if (PK11_IsDisabled(slot)) {
+ reason = PK11_GetDisabledReason(slot);
+ if (reason < numDisableReasonStr) {
+ PR_fprintf(PR_STDOUT, PAD "Status: DISABLED (%s)\n",
+ disableReasonStr[reason]);
+ } else {
+ PR_fprintf(PR_STDOUT, PAD "Status: DISABLED\n");
+ }
+ } else {
+ PR_fprintf(PR_STDOUT, PAD "Status: Enabled\n");
+ }
+
+ if (PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) {
+ PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR],
+ PK11_GetTokenName(slot));
+ rv = TOKEN_INFO_ERR;
+ continue;
+ }
+
+ /* Token Info */
+ PR_fprintf(PR_STDOUT, PAD "Token Name: %.32s\n",
+ tokeninfo.label);
+ PR_fprintf(PR_STDOUT, PAD "Token Manufacturer: %.32s\n",
+ tokeninfo.manufacturerID);
+ PR_fprintf(PR_STDOUT, PAD "Token Model: %.16s\n", tokeninfo.model);
+ PR_fprintf(PR_STDOUT, PAD "Token Serial Number: %.16s\n",
+ tokeninfo.serialNumber);
+ PR_fprintf(PR_STDOUT, PAD "Token Version: %d.%d\n",
+ tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor);
+ PR_fprintf(PR_STDOUT, PAD "Token Firmware Version: %d.%d\n",
+ tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor);
+ if (tokeninfo.flags & CKF_WRITE_PROTECTED) {
+ PR_fprintf(PR_STDOUT, PAD "Access: Write Protected\n");
+ } else {
+ PR_fprintf(PR_STDOUT, PAD "Access: NOT Write Protected\n");
+ }
+ if (tokeninfo.flags & CKF_LOGIN_REQUIRED) {
+ PR_fprintf(PR_STDOUT, PAD "Login Type: Login required\n");
+ } else {
+ PR_fprintf(PR_STDOUT, PAD
+ "Login Type: Public (no login required)\n");
+ }
+ if (tokeninfo.flags & CKF_USER_PIN_INITIALIZED) {
+ PR_fprintf(PR_STDOUT, PAD "User Pin: Initialized\n");
+ } else {
+ PR_fprintf(PR_STDOUT, PAD "User Pin: NOT Initialized\n");
+ }
+ }
+ PR_fprintf(PR_STDOUT,
+ "\n-----------------------------------------------------------\n");
loser:
if (module) {
SECMOD_DestroyModule(module);
@@ -671,82 +667,82 @@ loser:
Error
ChangePW(char *tokenName, char *pwFile, char *newpwFile)
{
- char *oldpw=NULL, *newpw=NULL, *newpw2=NULL;
+ char *oldpw = NULL, *newpw = NULL, *newpw2 = NULL;
PK11SlotInfo *slot;
- Error ret=UNSPECIFIED_ERR;
+ Error ret = UNSPECIFIED_ERR;
PRBool matching;
slot = PK11_FindSlotByName(tokenName);
- if(!slot) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName);
- return NO_SUCH_TOKEN_ERR;
+ if (!slot) {
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName);
+ return NO_SUCH_TOKEN_ERR;
}
/* Get old password */
- if(! PK11_NeedUserInit(slot)) {
- if(pwFile) {
- oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile);
- if(PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]);
- ret=BAD_PW_ERR;
- goto loser;
- }
- } else {
- for(matching=PR_FALSE; !matching; ) {
- oldpw = SECU_GetPasswordString(NULL, "Enter old password: ");
- if(PK11_CheckUserPassword(slot, oldpw) == SECSuccess) {
- matching = PR_TRUE;
- } else {
- PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]);
- }
- }
- }
+ if (!PK11_NeedUserInit(slot)) {
+ if (pwFile) {
+ oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile);
+ if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
+ PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]);
+ ret = BAD_PW_ERR;
+ goto loser;
+ }
+ } else {
+ for (matching = PR_FALSE; !matching;) {
+ oldpw = SECU_GetPasswordString(NULL, "Enter old password: ");
+ if (PK11_CheckUserPassword(slot, oldpw) == SECSuccess) {
+ matching = PR_TRUE;
+ } else {
+ PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]);
+ }
+ }
+ }
}
/* Get new password */
- if(newpwFile) {
- newpw = SECU_FilePasswd(NULL, PR_FALSE, newpwFile);
+ if (newpwFile) {
+ newpw = SECU_FilePasswd(NULL, PR_FALSE, newpwFile);
} else {
- for(matching=PR_FALSE; !matching; ) {
- newpw = SECU_GetPasswordString(NULL, "Enter new password: ");
- newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: ");
- if(strcmp(newpw, newpw2)) {
- PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]);
- PORT_ZFree(newpw, strlen(newpw));
- PORT_ZFree(newpw2, strlen(newpw2));
- } else {
- matching = PR_TRUE;
- }
- }
+ for (matching = PR_FALSE; !matching;) {
+ newpw = SECU_GetPasswordString(NULL, "Enter new password: ");
+ newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: ");
+ if (strcmp(newpw, newpw2)) {
+ PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]);
+ PORT_ZFree(newpw, strlen(newpw));
+ PORT_ZFree(newpw2, strlen(newpw2));
+ } else {
+ matching = PR_TRUE;
+ }
+ }
}
/* Change the password */
- if(PK11_NeedUserInit(slot)) {
- if(PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
- ret = CHANGEPW_FAILED_ERR;
- goto loser;
- }
+ if (PK11_NeedUserInit(slot)) {
+ if (PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) {
+ PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
+ ret = CHANGEPW_FAILED_ERR;
+ goto loser;
+ }
} else {
- if(PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
- PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
- ret = CHANGEPW_FAILED_ERR;
- goto loser;
- }
+ if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
+ PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
+ ret = CHANGEPW_FAILED_ERR;
+ goto loser;
+ }
}
PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName);
ret = SUCCESS;
loser:
- if(oldpw) {
- PORT_ZFree(oldpw, strlen(oldpw));
+ if (oldpw) {
+ PORT_ZFree(oldpw, strlen(oldpw));
}
- if(newpw) {
- PORT_ZFree(newpw, strlen(newpw));
+ if (newpw) {
+ PORT_ZFree(newpw, strlen(newpw));
}
- if(newpw2) {
- PORT_ZFree(newpw2, strlen(newpw2));
+ if (newpw2) {
+ PORT_ZFree(newpw2, strlen(newpw2));
}
PK11_FreeSlot(slot);
@@ -772,53 +768,53 @@ EnableModule(char *moduleName, char *slotName, PRBool enable)
Error rv;
module = SECMOD_FindModule(moduleName);
- if(!module) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
- rv = NO_SUCH_MODULE_ERR;
+ if (!module) {
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
+ rv = NO_SUCH_MODULE_ERR;
goto loser;
}
- for(i=0; i < module->slotCount; i++) {
- slot = module->slots[i];
- if(slotName && strcmp(PK11_GetSlotName(slot), slotName)) {
- /* Not the right slot */
- continue;
- }
- if(enable) {
- if(! PK11_UserEnableSlot(slot)) {
- PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
- "enable", PK11_GetSlotName(slot));
- rv = ENABLE_FAILED_ERR;
+ for (i = 0; i < module->slotCount; i++) {
+ slot = module->slots[i];
+ if (slotName && strcmp(PK11_GetSlotName(slot), slotName)) {
+ /* Not the right slot */
+ continue;
+ }
+ if (enable) {
+ if (!PK11_UserEnableSlot(slot)) {
+ PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
+ "enable", PK11_GetSlotName(slot));
+ rv = ENABLE_FAILED_ERR;
goto loser;
- } else {
- found = PR_TRUE;
- PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
- PK11_GetSlotName(slot), "enabled");
- }
- } else {
- if(! PK11_UserDisableSlot(slot)) {
- PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
- "disable", PK11_GetSlotName(slot));
- rv = ENABLE_FAILED_ERR;
+ } else {
+ found = PR_TRUE;
+ PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
+ PK11_GetSlotName(slot), "enabled");
+ }
+ } else {
+ if (!PK11_UserDisableSlot(slot)) {
+ PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
+ "disable", PK11_GetSlotName(slot));
+ rv = ENABLE_FAILED_ERR;
goto loser;
- } else {
- found = PR_TRUE;
- PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
- PK11_GetSlotName(slot), "disabled");
- }
- }
+ } else {
+ found = PR_TRUE;
+ PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
+ PK11_GetSlotName(slot), "disabled");
+ }
+ }
}
- if(slotName && !found) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
- rv = NO_SUCH_SLOT_ERR;
+ if (slotName && !found) {
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
+ rv = NO_SUCH_SLOT_ERR;
goto loser;
}
/* Delete and re-add module to save changes */
- if( SECMOD_UpdateModule(module) != SECSuccess ) {
- PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName);
- rv = UPDATE_MOD_FAILED_ERR;
+ if (SECMOD_UpdateModule(module) != SECSuccess) {
+ PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName);
+ rv = UPDATE_MOD_FAILED_ERR;
goto loser;
}
@@ -842,53 +838,53 @@ SetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
PK11SlotInfo *slot;
int s, i;
unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
- numMechanismStrings);
+ numMechanismStrings);
PRBool found = PR_FALSE;
Error errcode = UNSPECIFIED_ERR;
- mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
+ mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
module = SECMOD_FindModule(moduleName);
- if(!module) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
- errcode = NO_SUCH_MODULE_ERR;
- goto loser;
+ if (!module) {
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
+ errcode = NO_SUCH_MODULE_ERR;
+ goto loser;
}
/* Go through each slot */
- for(s=0; s < module->slotCount; s++) {
- slot = module->slots[s];
-
- if ((slotName != NULL) &&
- !((strcmp(PK11_GetSlotName(slot),slotName) == 0) ||
- (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) {
- /* we are only interested in changing the one slot */
- continue;
- }
-
- found = PR_TRUE;
-
- /* Go through each mechanism */
- for(i=0; i < pk11_DefaultArraySize; i++) {
- if(pk11_DefaultArray[i].flag & mechFlags) {
- /* Enable this default mechanism */
- PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]),
- PR_TRUE);
- }
- }
+ for (s = 0; s < module->slotCount; s++) {
+ slot = module->slots[s];
+
+ if ((slotName != NULL) &&
+ !((strcmp(PK11_GetSlotName(slot), slotName) == 0) ||
+ (strcmp(PK11_GetTokenName(slot), slotName) == 0))) {
+ /* we are only interested in changing the one slot */
+ continue;
+ }
+
+ found = PR_TRUE;
+
+ /* Go through each mechanism */
+ for (i = 0; i < pk11_DefaultArraySize; i++) {
+ if (pk11_DefaultArray[i].flag & mechFlags) {
+ /* Enable this default mechanism */
+ PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]),
+ PR_TRUE);
+ }
+ }
}
if (slotName && !found) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
- errcode = NO_SUCH_SLOT_ERR;
- goto loser;
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
+ errcode = NO_SUCH_SLOT_ERR;
+ goto loser;
}
/* Delete and re-add module to save changes */
- if( SECMOD_UpdateModule(module) != SECSuccess ) {
- PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR],
- moduleName);
- errcode = DEFAULT_FAILED_ERR;
- goto loser;
+ if (SECMOD_UpdateModule(module) != SECSuccess) {
+ PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR],
+ moduleName);
+ errcode = DEFAULT_FAILED_ERR;
+ goto loser;
}
PR_fprintf(PR_STDOUT, msgStrings[DEFAULT_SUCCESS_MSG]);
@@ -908,49 +904,49 @@ loser:
Error
UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
{
- SECMODModule * module = NULL;
+ SECMODModule *module = NULL;
PK11SlotInfo *slot;
int s, i;
unsigned long mechFlags = getFlagsFromString(mechanisms,
- mechanismStrings, numMechanismStrings);
+ mechanismStrings, numMechanismStrings);
PRBool found = PR_FALSE;
Error rv;
- mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
+ mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
module = SECMOD_FindModule(moduleName);
- if(!module) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
- rv = NO_SUCH_MODULE_ERR;
+ if (!module) {
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
+ rv = NO_SUCH_MODULE_ERR;
goto loser;
}
- for(s=0; s < module->slotCount; s++) {
- slot = module->slots[s];
- if ((slotName != NULL) &&
- !((strcmp(PK11_GetSlotName(slot),slotName) == 0) ||
- (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) {
- /* we are only interested in changing the one slot */
- continue;
- }
- for(i=0; i < pk11_DefaultArraySize ; i++) {
- if(pk11_DefaultArray[i].flag & mechFlags) {
- PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]),
- PR_FALSE);
- }
- }
+ for (s = 0; s < module->slotCount; s++) {
+ slot = module->slots[s];
+ if ((slotName != NULL) &&
+ !((strcmp(PK11_GetSlotName(slot), slotName) == 0) ||
+ (strcmp(PK11_GetTokenName(slot), slotName) == 0))) {
+ /* we are only interested in changing the one slot */
+ continue;
+ }
+ for (i = 0; i < pk11_DefaultArraySize; i++) {
+ if (pk11_DefaultArray[i].flag & mechFlags) {
+ PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]),
+ PR_FALSE);
+ }
+ }
}
if (slotName && !found) {
- PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
- rv = NO_SUCH_SLOT_ERR;
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
+ rv = NO_SUCH_SLOT_ERR;
goto loser;
}
/* Delete and re-add module to save changes */
- if( SECMOD_UpdateModule(module) != SECSuccess ) {
- PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR],
- moduleName);
- rv = UNDEFAULT_FAILED_ERR;
+ if (SECMOD_UpdateModule(module) != SECSuccess) {
+ PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR],
+ moduleName);
+ rv = UNDEFAULT_FAILED_ERR;
goto loser;
}
diff --git a/cmd/multinit/multinit.c b/cmd/multinit/multinit.c
index 32c3eb401..676c7d87e 100644
--- a/cmd/multinit/multinit.c
+++ b/cmd/multinit/multinit.c
@@ -17,8 +17,8 @@ typedef struct commandDescriptStr {
} commandDescript;
enum optionNames {
- opt_liborder = 0,
- opt_mainDB,
+ opt_liborder = 0,
+ opt_mainDB,
opt_lib1DB,
opt_lib2DB,
opt_mainRO,
@@ -37,81 +37,78 @@ enum optionNames {
opt_last
};
-
-static const
-secuCommandFlag options_init[] =
-{
- { /* opt_liborder */ 'o', PR_TRUE, "1M2zmi", PR_TRUE, "order" },
- { /* opt_mainDB */ 'd', PR_TRUE, 0, PR_FALSE, "main_db" },
- { /* opt_lib1DB */ '1', PR_TRUE, 0, PR_FALSE, "lib1_db" },
- { /* opt_lib2DB */ '2', PR_TRUE, 0, PR_FALSE, "lib2_db" },
- { /* opt_mainRO */ 'r', PR_FALSE, 0, PR_FALSE, "main_readonly" },
- { /* opt_lib1RO */ 0, PR_FALSE, 0, PR_FALSE, "lib1_readonly" },
- { /* opt_lib2RO */ 0, PR_FALSE, 0, PR_FALSE, "lib2_readonly" },
- { /* opt_mainCMD */ 'c', PR_TRUE, 0, PR_FALSE, "main_command" },
- { /* opt_lib1CMD */ 0, PR_TRUE, 0, PR_FALSE, "lib1_command" },
- { /* opt_lib2CMD */ 0, PR_TRUE, 0, PR_FALSE, "lib2_command" },
- { /* opt_mainTokNam */'t', PR_TRUE, 0, PR_FALSE, "main_token_name" },
- { /* opt_lib1TokNam */ 0, PR_TRUE, 0, PR_FALSE, "lib1_token_name" },
- { /* opt_lib2TokNam */ 0, PR_TRUE, 0, PR_FALSE, "lib2_token_name" },
- { /* opt_oldStype */ 's', PR_FALSE, 0, PR_FALSE, "oldStype" },
- { /* opt_verbose */ 'v', PR_FALSE, 0, PR_FALSE, "verbose" },
- { /* opt_summary */ 'z', PR_FALSE, 0, PR_FALSE, "summary" },
- { /* opt_help */ 'h', PR_FALSE, 0, PR_FALSE, "help" }
-};
-
-static const
-commandDescript options_des[] =
-{
- { /* opt_liborder */ PR_FALSE, "initOrder",
- " Specifies the order of NSS initialization and shutdown. Order is\n"
- " given as a string where each character represents either an init or\n"
- " a shutdown of the main program or one of the 2 test libraries\n"
- " (library 1 and library 2). The valid characters are as follows:\n"
- " M Init the main program\n 1 Init library 1\n"
- " 2 Init library 2\n"
- " m Shutdown the main program\n i Shutdown library 1\n"
- " z Shutdown library 2\n" },
- { /* opt_mainDB */ PR_TRUE, "nss_db",
- " Specified the directory to open the nss database for the main\n"
- " program. Must be specified if \"M\" is given in the order string\n"},
- { /* opt_lib1DB */ PR_FALSE, "nss_db",
- " Specified the directory to open the nss database for library 1.\n"
- " Must be specified if \"1\" is given in the order string\n"},
- { /* opt_lib2DB */ PR_FALSE, "nss_db",
- " Specified the directory to open the nss database for library 2.\n"
- " Must be specified if \"2\" is given in the order string\n"},
- { /* opt_mainRO */ PR_FALSE, NULL,
- " Open the main program's database read only.\n" },
- { /* opt_lib1RO */ PR_FALSE, NULL,
- " Open library 1's database read only.\n" },
- { /* opt_lib2RO */ PR_FALSE, NULL,
- " Open library 2's database read only.\n" },
- { /* opt_mainCMD */ PR_FALSE, "nss_command",
- " Specifies the NSS command to execute in the main program.\n"
- " Valid commands are: \n"
- " key_slot, list_slots, list_certs, add_cert, none.\n"
- " Default is \"none\".\n" },
- { /* opt_lib1CMD */ PR_FALSE, "nss_command",
- " Specifies the NSS command to execute in library 1.\n" },
- { /* opt_lib2CMD */ PR_FALSE, "nss_command",
- " Specifies the NSS command to execute in library 2.\n" },
- { /* opt_mainTokNam */PR_FALSE, "token_name",
- " Specifies the name of PKCS11 token for the main program's "
- "database.\n" },
- { /* opt_lib1TokNam */PR_FALSE, "token_name",
- " Specifies the name of PKCS11 token for library 1's database.\n" },
- { /* opt_lib2TokNam */PR_FALSE, "token_name",
- " Specifies the name of PKCS11 token for library 2's database.\n" },
- { /* opt_oldStype */ PR_FALSE, NULL,
- " Use NSS_Shutdown rather than NSS_ShutdownContext in the main\n"
- " program.\n" },
- { /* opt_verbose */ PR_FALSE, NULL,
- " Noisily output status to standard error\n" },
- { /* opt_summarize */ PR_FALSE, NULL,
- "report a summary of the test results\n" },
- { /* opt_help */ PR_FALSE, NULL, " give this message\n" }
-};
+static const secuCommandFlag options_init[] =
+ {
+ { /* opt_liborder */ 'o', PR_TRUE, "1M2zmi", PR_TRUE, "order" },
+ { /* opt_mainDB */ 'd', PR_TRUE, 0, PR_FALSE, "main_db" },
+ { /* opt_lib1DB */ '1', PR_TRUE, 0, PR_FALSE, "lib1_db" },
+ { /* opt_lib2DB */ '2', PR_TRUE, 0, PR_FALSE, "lib2_db" },
+ { /* opt_mainRO */ 'r', PR_FALSE, 0, PR_FALSE, "main_readonly" },
+ { /* opt_lib1RO */ 0, PR_FALSE, 0, PR_FALSE, "lib1_readonly" },
+ { /* opt_lib2RO */ 0, PR_FALSE, 0, PR_FALSE, "lib2_readonly" },
+ { /* opt_mainCMD */ 'c', PR_TRUE, 0, PR_FALSE, "main_command" },
+ { /* opt_lib1CMD */ 0, PR_TRUE, 0, PR_FALSE, "lib1_command" },
+ { /* opt_lib2CMD */ 0, PR_TRUE, 0, PR_FALSE, "lib2_command" },
+ { /* opt_mainTokNam */ 't', PR_TRUE, 0, PR_FALSE, "main_token_name" },
+ { /* opt_lib1TokNam */ 0, PR_TRUE, 0, PR_FALSE, "lib1_token_name" },
+ { /* opt_lib2TokNam */ 0, PR_TRUE, 0, PR_FALSE, "lib2_token_name" },
+ { /* opt_oldStype */ 's', PR_FALSE, 0, PR_FALSE, "oldStype" },
+ { /* opt_verbose */ 'v', PR_FALSE, 0, PR_FALSE, "verbose" },
+ { /* opt_summary */ 'z', PR_FALSE, 0, PR_FALSE, "summary" },
+ { /* opt_help */ 'h', PR_FALSE, 0, PR_FALSE, "help" }
+ };
+
+static const commandDescript options_des[] =
+ {
+ { /* opt_liborder */ PR_FALSE, "initOrder",
+ " Specifies the order of NSS initialization and shutdown. Order is\n"
+ " given as a string where each character represents either an init or\n"
+ " a shutdown of the main program or one of the 2 test libraries\n"
+ " (library 1 and library 2). The valid characters are as follows:\n"
+ " M Init the main program\n 1 Init library 1\n"
+ " 2 Init library 2\n"
+ " m Shutdown the main program\n i Shutdown library 1\n"
+ " z Shutdown library 2\n" },
+ { /* opt_mainDB */ PR_TRUE, "nss_db",
+ " Specified the directory to open the nss database for the main\n"
+ " program. Must be specified if \"M\" is given in the order string\n" },
+ { /* opt_lib1DB */ PR_FALSE, "nss_db",
+ " Specified the directory to open the nss database for library 1.\n"
+ " Must be specified if \"1\" is given in the order string\n" },
+ { /* opt_lib2DB */ PR_FALSE, "nss_db",
+ " Specified the directory to open the nss database for library 2.\n"
+ " Must be specified if \"2\" is given in the order string\n" },
+ { /* opt_mainRO */ PR_FALSE, NULL,
+ " Open the main program's database read only.\n" },
+ { /* opt_lib1RO */ PR_FALSE, NULL,
+ " Open library 1's database read only.\n" },
+ { /* opt_lib2RO */ PR_FALSE, NULL,
+ " Open library 2's database read only.\n" },
+ { /* opt_mainCMD */ PR_FALSE, "nss_command",
+ " Specifies the NSS command to execute in the main program.\n"
+ " Valid commands are: \n"
+ " key_slot, list_slots, list_certs, add_cert, none.\n"
+ " Default is \"none\".\n" },
+ { /* opt_lib1CMD */ PR_FALSE, "nss_command",
+ " Specifies the NSS command to execute in library 1.\n" },
+ { /* opt_lib2CMD */ PR_FALSE, "nss_command",
+ " Specifies the NSS command to execute in library 2.\n" },
+ { /* opt_mainTokNam */ PR_FALSE, "token_name",
+ " Specifies the name of PKCS11 token for the main program's "
+ "database.\n" },
+ { /* opt_lib1TokNam */ PR_FALSE, "token_name",
+ " Specifies the name of PKCS11 token for library 1's database.\n" },
+ { /* opt_lib2TokNam */ PR_FALSE, "token_name",
+ " Specifies the name of PKCS11 token for library 2's database.\n" },
+ { /* opt_oldStype */ PR_FALSE, NULL,
+ " Use NSS_Shutdown rather than NSS_ShutdownContext in the main\n"
+ " program.\n" },
+ { /* opt_verbose */ PR_FALSE, NULL,
+ " Noisily output status to standard error\n" },
+ { /* opt_summarize */ PR_FALSE, NULL,
+ "report a summary of the test results\n" },
+ { /* opt_help */ PR_FALSE, NULL, " give this message\n" }
+ };
/*
* output our short help (table driven). (does not exit).
@@ -120,47 +117,47 @@ static void
short_help(const char *prog)
{
int count = opt_last;
- int i,words_found;
+ int i, words_found;
/* make sure all the tables are up to date before we allow compiles to
* succeed */
- PR_STATIC_ASSERT(sizeof(options_init)/sizeof(secuCommandFlag) == opt_last);
- PR_STATIC_ASSERT(sizeof(options_init)/sizeof(secuCommandFlag) ==
- sizeof(options_des)/sizeof(commandDescript));
+ PR_STATIC_ASSERT(sizeof(options_init) / sizeof(secuCommandFlag) == opt_last);
+ PR_STATIC_ASSERT(sizeof(options_init) / sizeof(secuCommandFlag) ==
+ sizeof(options_des) / sizeof(commandDescript));
/* print the base usage */
- fprintf(stderr,"usage: %s ",prog);
- for (i=0, words_found=0; i < count; i++) {
- if (!options_des[i].required) {
- fprintf(stderr,"[");
- }
- if (options_init[i].longform) {
- fprintf(stderr, "--%s", options_init[i].longform);
- words_found++;
- } else {
- fprintf(stderr, "-%c", options_init[i].flag);
- }
- if (options_init[i].needsArg) {
- if (options_des[i].arg) {
- fprintf(stderr," %s",options_des[i].arg);
- } else {
- fprintf(stderr," arg");
- }
- words_found++;
- }
- if (!options_des[i].required) {
- fprintf(stderr,"]");
- }
- if (i < count-1 ) {
- if (words_found >= 5) {
- fprintf(stderr,"\n ");
- words_found=0;
- } else {
- fprintf(stderr," ");
- }
- }
- }
- fprintf(stderr,"\n");
+ fprintf(stderr, "usage: %s ", prog);
+ for (i = 0, words_found = 0; i < count; i++) {
+ if (!options_des[i].required) {
+ fprintf(stderr, "[");
+ }
+ if (options_init[i].longform) {
+ fprintf(stderr, "--%s", options_init[i].longform);
+ words_found++;
+ } else {
+ fprintf(stderr, "-%c", options_init[i].flag);
+ }
+ if (options_init[i].needsArg) {
+ if (options_des[i].arg) {
+ fprintf(stderr, " %s", options_des[i].arg);
+ } else {
+ fprintf(stderr, " arg");
+ }
+ words_found++;
+ }
+ if (!options_des[i].required) {
+ fprintf(stderr, "]");
+ }
+ if (i < count - 1) {
+ if (words_found >= 5) {
+ fprintf(stderr, "\n ");
+ words_found = 0;
+ } else {
+ fprintf(stderr, " ");
+ }
+ }
+ }
+ fprintf(stderr, "\n");
}
/*
@@ -174,29 +171,29 @@ long_help(const char *prog)
short_help(prog);
/* print the option descriptions */
- fprintf(stderr,"\n");
- for (i=0; i < count; i++) {
- fprintf(stderr," ");
- if (options_init[i].flag) {
- fprintf(stderr, "-%c", options_init[i].flag);
- if (options_init[i].longform) {
- fprintf(stderr,",");
- }
- }
- if (options_init[i].longform) {
- fprintf(stderr,"--%s", options_init[i].longform);
- }
- if (options_init[i].needsArg) {
- if (options_des[i].arg) {
- fprintf(stderr," %s",options_des[i].arg);
- } else {
- fprintf(stderr," arg");
- }
- if (options_init[i].arg) {
- fprintf(stderr," (default = \"%s\")",options_init[i].arg);
- }
- }
- fprintf(stderr,"\n%s",options_des[i].des);
+ fprintf(stderr, "\n");
+ for (i = 0; i < count; i++) {
+ fprintf(stderr, " ");
+ if (options_init[i].flag) {
+ fprintf(stderr, "-%c", options_init[i].flag);
+ if (options_init[i].longform) {
+ fprintf(stderr, ",");
+ }
+ }
+ if (options_init[i].longform) {
+ fprintf(stderr, "--%s", options_init[i].longform);
+ }
+ if (options_init[i].needsArg) {
+ if (options_des[i].arg) {
+ fprintf(stderr, " %s", options_des[i].arg);
+ } else {
+ fprintf(stderr, " arg");
+ }
+ if (options_init[i].arg) {
+ fprintf(stderr, " (default = \"%s\")", options_init[i].arg);
+ }
+ }
+ fprintf(stderr, "\n%s", options_des[i].des);
}
}
@@ -204,14 +201,14 @@ long_help(const char *prog)
* record summary data
*/
struct bufferData {
- char * data; /* lowest address of the buffer */
- char * next; /* pointer to the next element on the buffer */
- int len; /* length of the buffer */
+ char *data; /* lowest address of the buffer */
+ char *next; /* pointer to the next element on the buffer */
+ int len; /* length of the buffer */
};
-/* our actual buffer. If data is NULL, then all append ops
+/* our actual buffer. If data is NULL, then all append ops
* except are noops */
-static struct bufferData buffer= { NULL, NULL, 0 };
+static struct bufferData buffer = { NULL, NULL, 0 };
#define CHUNK_SIZE 1000
@@ -222,12 +219,12 @@ static struct bufferData buffer= { NULL, NULL, 0 };
static void
initBuffer(void)
{
- buffer.data = PORT_Alloc(CHUNK_SIZE);
- if (!buffer.data) {
- return;
- }
- buffer.next = buffer.data;
- buffer.len = CHUNK_SIZE;
+ buffer.data = PORT_Alloc(CHUNK_SIZE);
+ if (!buffer.data) {
+ return;
+ }
+ buffer.next = buffer.data;
+ buffer.len = CHUNK_SIZE;
}
/*
@@ -238,16 +235,16 @@ initBuffer(void)
static void
growBuffer(void)
{
- char *new = PORT_Realloc(buffer.data, buffer.len + CHUNK_SIZE);
- if (!new) {
- buffer.data[buffer.len-2] = 'D'; /* signal malloc failure in summary */
- /* buffer must always point to good memory if it exists */
- buffer.next = buffer.data + (buffer.len -1);
- return;
- }
- buffer.next = new + (buffer.next-buffer.data);
- buffer.data = new;
- buffer.len += CHUNK_SIZE;
+ char *new = PORT_Realloc(buffer.data, buffer.len + CHUNK_SIZE);
+ if (!new) {
+ buffer.data[buffer.len - 2] = 'D'; /* signal malloc failure in summary */
+ /* buffer must always point to good memory if it exists */
+ buffer.next = buffer.data + (buffer.len - 1);
+ return;
+ }
+ buffer.next = new + (buffer.next - buffer.data);
+ buffer.data = new;
+ buffer.len += CHUNK_SIZE;
}
/*
@@ -257,12 +254,12 @@ static void
appendLabel(char label)
{
if (!buffer.data) {
- return;
+ return;
}
*buffer.next++ = label;
- if (buffer.data+buffer.len >= buffer.next) {
- growBuffer();
+ if (buffer.data + buffer.len >= buffer.next) {
+ growBuffer();
}
}
@@ -273,12 +270,12 @@ static void
appendString(char *string)
{
if (!buffer.data) {
- return;
+ return;
}
appendLabel('<');
while (*string) {
- appendLabel(*string++);
+ appendLabel(*string++);
}
appendLabel('>');
}
@@ -290,13 +287,13 @@ static void
appendBool(PRBool bool)
{
if (!buffer.data) {
- return;
+ return;
}
if (bool) {
- appendLabel('t');
+ appendLabel('t');
} else {
- appendLabel('f');
+ appendLabel('f');
}
}
@@ -307,9 +304,9 @@ static void
appendHex(unsigned char nibble)
{
if (nibble <= 9) {
- appendLabel('0'+nibble);
+ appendLabel('0' + nibble);
} else {
- appendLabel('a'+nibble-10);
+ appendLabel('a' + nibble - 10);
}
}
@@ -323,15 +320,15 @@ appendInt(unsigned int value)
int i;
if (!buffer.data) {
- return;
+ return;
}
appendLabel('0');
appendLabel('x');
value = value & 0xffffffff; /* only look at the buttom 8 bytes */
- for (i=0; i < 8; i++) {
- appendHex(value >> 28 );
- value = value << 4;
+ for (i = 0; i < 8; i++) {
+ appendHex(value >> 28);
+ value = value << 4;
}
}
@@ -339,14 +336,14 @@ appendInt(unsigned int value)
static void
appendFlags(unsigned int flag)
{
- char trust[10];
- char *cp=trust;
+ char trust[10];
+ char *cp = trust;
- trust[0] = 0;
- printflags(trust, flag);
- while (*cp) {
- appendLabel(*cp++);
- }
+ trust[0] = 0;
+ printflags(trust, flag);
+ while (*cp) {
+ appendLabel(*cp++);
+ }
}
/*
@@ -357,17 +354,16 @@ static void
dumpBuffer(void)
{
if (!buffer.data) {
- return;
+ return;
}
appendLabel(0); /* terminate */
- printf("\nresult=%s\n",buffer.data);
+ printf("\nresult=%s\n", buffer.data);
PORT_Free(buffer.data);
buffer.data = buffer.next = NULL;
buffer.len = 0;
}
-
/*
* usage, like traditional usage, automatically exit
*/
@@ -391,8 +387,8 @@ usage_long(const char *prog)
}
static const char *
-bool2String(PRBool bool)
-{
+bool2String(PRBool bool)
+{
return bool ? "true" : "false";
}
@@ -403,10 +399,10 @@ void
print_slot(PK11SlotInfo *slot, int log)
{
if (log) {
- fprintf(stderr, "* Name=%s Token_Name=%s present=%s, ro=%s *\n",
- PK11_GetSlotName(slot), PK11_GetTokenName(slot),
- bool2String(PK11_IsPresent(slot)),
- bool2String(PK11_IsReadOnly(slot)));
+ fprintf(stderr, "* Name=%s Token_Name=%s present=%s, ro=%s *\n",
+ PK11_GetSlotName(slot), PK11_GetTokenName(slot),
+ bool2String(PK11_IsPresent(slot)),
+ bool2String(PK11_IsReadOnly(slot)));
}
appendLabel('S');
appendString(PK11_GetTokenName(slot));
@@ -420,23 +416,23 @@ print_slot(PK11SlotInfo *slot, int log)
void
do_list_slots(const char *progName, int log)
{
- PK11SlotList *list;
- PK11SlotListElement *le;
+ PK11SlotList *list;
+ PK11SlotListElement *le;
- list= PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
- if (list == NULL) {
- fprintf(stderr,"ERROR: no tokens found %s\n",
- SECU_Strerror(PORT_GetError()));
- appendLabel('S');
- appendString("none");
- return;
- }
+ list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
+ if (list == NULL) {
+ fprintf(stderr, "ERROR: no tokens found %s\n",
+ SECU_Strerror(PORT_GetError()));
+ appendLabel('S');
+ appendString("none");
+ return;
+ }
- for (le= PK11_GetFirstSafe(list); le;
- le = PK11_GetNextSafe(list,le,PR_TRUE)) {
- print_slot(le->slot, log);
- }
- PK11_FreeSlotList(list);
+ for (le = PK11_GetFirstSafe(list); le;
+ le = PK11_GetNextSafe(list, le, PR_TRUE)) {
+ print_slot(le->slot, log);
+ }
+ PK11_FreeSlotList(list);
}
static PRBool
@@ -449,17 +445,17 @@ sort_CN(CERTCertificate *certa, CERTCertificate *certb, void *arg)
commonNameB = CERT_GetCommonName(&certb->subject);
if (commonNameA == NULL) {
- PORT_Free(commonNameB);
- return PR_TRUE;
+ PORT_Free(commonNameB);
+ return PR_TRUE;
}
if (commonNameB == NULL) {
- PORT_Free(commonNameA);
- return PR_FALSE;
+ PORT_Free(commonNameA);
+ return PR_FALSE;
}
- ret = PORT_Strcmp(commonNameA,commonNameB);
+ ret = PORT_Strcmp(commonNameA, commonNameB);
PORT_Free(commonNameA);
PORT_Free(commonNameB);
- return (ret < 0) ? PR_TRUE: PR_FALSE;
+ return (ret < 0) ? PR_TRUE : PR_FALSE;
}
/*
@@ -468,69 +464,69 @@ sort_CN(CERTCertificate *certa, CERTCertificate *certb, void *arg)
void
do_list_certs(const char *progName, int log)
{
- CERTCertList *list;
- CERTCertList *sorted;
- CERTCertListNode *node;
- CERTCertTrust trust;
- unsigned int i;
-
- list = PK11_ListCerts(PK11CertListUnique, NULL);
- if (list == NULL) {
- fprintf(stderr,"ERROR: no certs found %s\n",
- SECU_Strerror(PORT_GetError()));
- appendLabel('C');
- appendString("none");
- return;
- }
-
- sorted = CERT_NewCertList();
- if (sorted == NULL) {
- fprintf(stderr,"ERROR: no certs found %s\n",
- SECU_Strerror(PORT_GetError()));
- appendLabel('C');
- appendLabel('E');
- appendInt(PORT_GetError());
- return;
- }
-
- /* sort the list */
- for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node,list);
- node = CERT_LIST_NEXT(node)) {
- CERT_AddCertToListSorted(sorted, node->cert, sort_CN, NULL);
- }
-
-
- for (node = CERT_LIST_HEAD(sorted); !CERT_LIST_END(node,sorted);
- node = CERT_LIST_NEXT(node)) {
- CERTCertificate *cert = node->cert;
- char *commonName;
-
- SECU_PrintCertNickname(node, stderr);
- if (log) {
- fprintf(stderr, "* Slot=%s*\n", cert->slot ?
- PK11_GetTokenName(cert->slot) : "none");
- fprintf(stderr, "* Nickname=%s*\n", cert->nickname);
- fprintf(stderr, "* Subject=<%s>*\n", cert->subjectName);
- fprintf(stderr, "* Issuer=<%s>*\n", cert->issuerName);
- fprintf(stderr, "* SN=");
- for (i=0; i < cert->serialNumber.len; i++) {
- if (i!=0) fprintf(stderr,":");
- fprintf(stderr, "%02x",cert->serialNumber.data[0]);
- }
- fprintf(stderr," *\n");
- }
- appendLabel('C');
- commonName = CERT_GetCommonName(&cert->subject);
- appendString(commonName?commonName:"*NoName*");
- PORT_Free(commonName);
- if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
- appendFlags(trust.sslFlags);
- appendFlags(trust.emailFlags);
- appendFlags(trust.objectSigningFlags);
- }
- }
- CERT_DestroyCertList(list);
-
+ CERTCertList *list;
+ CERTCertList *sorted;
+ CERTCertListNode *node;
+ CERTCertTrust trust;
+ unsigned int i;
+
+ list = PK11_ListCerts(PK11CertListUnique, NULL);
+ if (list == NULL) {
+ fprintf(stderr, "ERROR: no certs found %s\n",
+ SECU_Strerror(PORT_GetError()));
+ appendLabel('C');
+ appendString("none");
+ return;
+ }
+
+ sorted = CERT_NewCertList();
+ if (sorted == NULL) {
+ fprintf(stderr, "ERROR: no certs found %s\n",
+ SECU_Strerror(PORT_GetError()));
+ appendLabel('C');
+ appendLabel('E');
+ appendInt(PORT_GetError());
+ return;
+ }
+
+ /* sort the list */
+ for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list);
+ node = CERT_LIST_NEXT(node)) {
+ CERT_AddCertToListSorted(sorted, node->cert, sort_CN, NULL);
+ }
+
+ for (node = CERT_LIST_HEAD(sorted); !CERT_LIST_END(node, sorted);
+ node = CERT_LIST_NEXT(node)) {
+ CERTCertificate *cert = node->cert;
+ char *commonName;
+
+ SECU_PrintCertNickname(node, stderr);
+ if (log) {
+ fprintf(stderr, "* Slot=%s*\n", cert->slot ?
+ PK11_GetTokenName(cert->slot)
+ : "none");
+ fprintf(stderr, "* Nickname=%s*\n", cert->nickname);
+ fprintf(stderr, "* Subject=<%s>*\n", cert->subjectName);
+ fprintf(stderr, "* Issuer=<%s>*\n", cert->issuerName);
+ fprintf(stderr, "* SN=");
+ for (i = 0; i < cert->serialNumber.len; i++) {
+ if (i != 0)
+ fprintf(stderr, ":");
+ fprintf(stderr, "%02x", cert->serialNumber.data[0]);
+ }
+ fprintf(stderr, " *\n");
+ }
+ appendLabel('C');
+ commonName = CERT_GetCommonName(&cert->subject);
+ appendString(commonName ? commonName : "*NoName*");
+ PORT_Free(commonName);
+ if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
+ appendFlags(trust.sslFlags);
+ appendFlags(trust.emailFlags);
+ appendFlags(trust.objectSigningFlags);
+ }
+ }
+ CERT_DestroyCertList(list);
}
/*
@@ -539,7 +535,7 @@ do_list_certs(const char *progName, int log)
void
do_add_cert(const char *progName, int log)
{
- PORT_Assert(/* do_add_cert not implemented */ 0);
+ PORT_Assert(/* do_add_cert not implemented */ 0);
}
/*
@@ -548,59 +544,57 @@ do_add_cert(const char *progName, int log)
void
do_key_slot(const char *progName, int log)
{
- PK11SlotInfo *slot = PK11_GetInternalKeySlot();
- if (!slot) {
- fprintf(stderr,"ERROR: no internal key slot found %s\n",
- SECU_Strerror(PORT_GetError()));
- appendLabel('K');
- appendLabel('S');
- appendString("none");
- }
- print_slot(slot, log);
- PK11_FreeSlot(slot);
+ PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+ if (!slot) {
+ fprintf(stderr, "ERROR: no internal key slot found %s\n",
+ SECU_Strerror(PORT_GetError()));
+ appendLabel('K');
+ appendLabel('S');
+ appendString("none");
+ }
+ print_slot(slot, log);
+ PK11_FreeSlot(slot);
}
/*
* execute some NSS command.
*/
void
-do_command(const char *label, int initialized, secuCommandFlag *command,
- const char *progName, int log)
-{
- char * command_string;
- if (!initialized) {
- return;
- }
-
- if (command->activated) {
- command_string = command->arg;
- } else {
- command_string = "none";
- }
-
- if (log) {
- fprintf(stderr, "*Executing nss command \"%s\" for %s*\n",
- command_string,label);
- }
-
- /* do something */
- if (PORT_Strcasecmp(command_string, "list_slots") == 0) {
- do_list_slots(progName, log);
- } else if (PORT_Strcasecmp(command_string, "list_certs") == 0) {
- do_list_certs(progName, log);
- } else if (PORT_Strcasecmp(command_string, "add_cert") == 0) {
- do_add_cert(progName, log);
- } else if (PORT_Strcasecmp(command_string, "key_slot") == 0) {
- do_key_slot(progName, log);
- } else if (PORT_Strcasecmp(command_string, "none") != 0) {
- fprintf(stderr, ">> Unknown command (%s)\n", command_string);
- appendLabel('E');
- appendString("bc");
- usage_long(progName);
- }
+do_command(const char *label, int initialized, secuCommandFlag *command,
+ const char *progName, int log)
+{
+ char *command_string;
+ if (!initialized) {
+ return;
+ }
-}
+ if (command->activated) {
+ command_string = command->arg;
+ } else {
+ command_string = "none";
+ }
+
+ if (log) {
+ fprintf(stderr, "*Executing nss command \"%s\" for %s*\n",
+ command_string, label);
+ }
+ /* do something */
+ if (PORT_Strcasecmp(command_string, "list_slots") == 0) {
+ do_list_slots(progName, log);
+ } else if (PORT_Strcasecmp(command_string, "list_certs") == 0) {
+ do_list_certs(progName, log);
+ } else if (PORT_Strcasecmp(command_string, "add_cert") == 0) {
+ do_add_cert(progName, log);
+ } else if (PORT_Strcasecmp(command_string, "key_slot") == 0) {
+ do_key_slot(progName, log);
+ } else if (PORT_Strcasecmp(command_string, "none") != 0) {
+ fprintf(stderr, ">> Unknown command (%s)\n", command_string);
+ appendLabel('E');
+ appendString("bc");
+ usage_long(progName);
+ }
+}
/*
* functions do handle
@@ -612,40 +606,41 @@ static int lib2_initialized;
void
main_Init(secuCommandFlag *db, secuCommandFlag *tokNam,
- int readOnly, const char *progName, int log)
+ int readOnly, const char *progName, int log)
{
SECStatus rv;
if (log) {
- fprintf(stderr,"*NSS_Init for the main program*\n");
+ fprintf(stderr, "*NSS_Init for the main program*\n");
}
appendLabel('M');
- if (!db->activated) {
- fprintf(stderr, ">> No main_db has been specified\n");
- usage(progName);
+ if (!db->activated) {
+ fprintf(stderr, ">> No main_db has been specified\n");
+ usage(progName);
}
if (main_initialized) {
- fprintf(stderr,"Warning: Second initialization of Main\n");
- appendLabel('E');
- appendString("2M");
+ fprintf(stderr, "Warning: Second initialization of Main\n");
+ appendLabel('E');
+ appendString("2M");
}
if (tokNam->activated) {
- PK11_ConfigurePKCS11(NULL, NULL, NULL, tokNam->arg,
- NULL, NULL, NULL, NULL, 0, 0);
+ PK11_ConfigurePKCS11(NULL, NULL, NULL, tokNam->arg,
+ NULL, NULL, NULL, NULL, 0, 0);
}
- rv = NSS_Initialize(db->arg, "", "", "",
- NSS_INIT_NOROOTINIT|(readOnly?NSS_INIT_READONLY:0));
+ rv = NSS_Initialize(db->arg, "", "", "",
+ NSS_INIT_NOROOTINIT |
+ (readOnly ? NSS_INIT_READONLY : 0));
if (rv != SECSuccess) {
- appendLabel('E');
- appendInt(PORT_GetError());
- fprintf(stderr,">> %s\n", SECU_Strerror(PORT_GetError()));
- dumpBuffer();
- exit(1);
+ appendLabel('E');
+ appendInt(PORT_GetError());
+ fprintf(stderr, ">> %s\n", SECU_Strerror(PORT_GetError()));
+ dumpBuffer();
+ exit(1);
}
main_initialized = 1;
}
void
-main_Do(secuCommandFlag *command, const char *progName, int log)
+main_Do(secuCommandFlag *command, const char *progName, int log)
{
do_command("main", main_initialized, command, progName, log);
}
@@ -656,30 +651,30 @@ main_Shutdown(int old_style, const char *progName, int log)
SECStatus rv;
appendLabel('N');
if (log) {
- fprintf(stderr,"*NSS_Shutdown for the main program*\n");
+ fprintf(stderr, "*NSS_Shutdown for the main program*\n");
}
if (!main_initialized) {
- fprintf(stderr,"Warning: Main shutdown without corresponding init\n");
+ fprintf(stderr, "Warning: Main shutdown without corresponding init\n");
}
if (old_style) {
- rv = NSS_Shutdown();
+ rv = NSS_Shutdown();
} else {
- rv = NSS_ShutdownContext(NULL);
+ rv = NSS_ShutdownContext(NULL);
}
fprintf(stderr, "Shutdown main state = %d\n", rv);
if (rv != SECSuccess) {
- appendLabel('E');
- appendInt(PORT_GetError());
- fprintf(stderr,"ERROR: %s\n", SECU_Strerror(PORT_GetError()));
+ appendLabel('E');
+ appendInt(PORT_GetError());
+ fprintf(stderr, "ERROR: %s\n", SECU_Strerror(PORT_GetError()));
}
main_initialized = 0;
}
/* common library init */
NSSInitContext *
-lib_Init(const char *lableString, char label, int initialized,
- secuCommandFlag *db, secuCommandFlag *tokNam, int readonly,
- const char *progName, int log)
+lib_Init(const char *lableString, char label, int initialized,
+ secuCommandFlag *db, secuCommandFlag *tokNam, int readonly,
+ const char *progName, int log)
{
NSSInitContext *ctxt;
NSSInitParameters initStrings;
@@ -687,101 +682,101 @@ lib_Init(const char *lableString, char label, int initialized,
appendLabel(label);
if (log) {
- fprintf(stderr,"*NSS_Init for %s*\n", lableString);
+ fprintf(stderr, "*NSS_Init for %s*\n", lableString);
}
- if (!db->activated) {
- fprintf(stderr, ">> No %s_db has been specified\n", lableString);
- usage(progName);
+ if (!db->activated) {
+ fprintf(stderr, ">> No %s_db has been specified\n", lableString);
+ usage(progName);
}
if (initialized) {
- fprintf(stderr,"Warning: Second initialization of %s\n", lableString);
+ fprintf(stderr, "Warning: Second initialization of %s\n", lableString);
}
if (tokNam->activated) {
- PORT_Memset(&initStrings, 0, sizeof(initStrings));
- initStrings.length = sizeof(initStrings);
- initStrings.dbTokenDescription = tokNam->arg;
- initStringPtr = &initStrings;
+ PORT_Memset(&initStrings, 0, sizeof(initStrings));
+ initStrings.length = sizeof(initStrings);
+ initStrings.dbTokenDescription = tokNam->arg;
+ initStringPtr = &initStrings;
}
ctxt = NSS_InitContext(db->arg, "", "", "", initStringPtr,
- NSS_INIT_NOROOTINIT|(readonly?NSS_INIT_READONLY:0));
+ NSS_INIT_NOROOTINIT |
+ (readonly ? NSS_INIT_READONLY : 0));
if (ctxt == NULL) {
- appendLabel('E');
- appendInt(PORT_GetError());
- fprintf(stderr,">> %s\n",SECU_Strerror(PORT_GetError()));
- dumpBuffer();
- exit(1);
+ appendLabel('E');
+ appendInt(PORT_GetError());
+ fprintf(stderr, ">> %s\n", SECU_Strerror(PORT_GetError()));
+ dumpBuffer();
+ exit(1);
}
return ctxt;
}
/* common library shutdown */
void
-lib_Shutdown(const char *labelString, char label, NSSInitContext *ctx,
- int initialize, const char *progName, int log)
+lib_Shutdown(const char *labelString, char label, NSSInitContext *ctx,
+ int initialize, const char *progName, int log)
{
SECStatus rv;
appendLabel(label);
if (log) {
- fprintf(stderr,"*NSS_Shutdown for %s\n*", labelString);
+ fprintf(stderr, "*NSS_Shutdown for %s\n*", labelString);
}
if (!initialize) {
- fprintf(stderr,"Warning: %s shutdown without corresponding init\n",
- labelString);
+ fprintf(stderr, "Warning: %s shutdown without corresponding init\n",
+ labelString);
}
rv = NSS_ShutdownContext(ctx);
fprintf(stderr, "Shutdown %s state = %d\n", labelString, rv);
if (rv != SECSuccess) {
- appendLabel('E');
- appendInt(PORT_GetError());
- fprintf(stderr,"ERROR: %s\n", SECU_Strerror(PORT_GetError()));
+ appendLabel('E');
+ appendInt(PORT_GetError());
+ fprintf(stderr, "ERROR: %s\n", SECU_Strerror(PORT_GetError()));
}
}
-
static NSSInitContext *lib1_context;
static NSSInitContext *lib2_context;
void
lib1_Init(secuCommandFlag *db, secuCommandFlag *tokNam,
- int readOnly, const char *progName, int log)
+ int readOnly, const char *progName, int log)
{
lib1_context = lib_Init("lib1", '1', lib1_initialized, db, tokNam,
- readOnly, progName, log);
+ readOnly, progName, log);
lib1_initialized = 1;
}
void
lib2_Init(secuCommandFlag *db, secuCommandFlag *tokNam,
- int readOnly, const char *progName, int log)
+ int readOnly, const char *progName, int log)
{
lib2_context = lib_Init("lib2", '2', lib2_initialized,
- db, tokNam, readOnly, progName, log);
+ db, tokNam, readOnly, progName, log);
lib2_initialized = 1;
}
-void
-lib1_Do(secuCommandFlag *command, const char *progName, int log)
+void
+lib1_Do(secuCommandFlag *command, const char *progName, int log)
{
do_command("lib1", lib1_initialized, command, progName, log);
}
void
-lib2_Do(secuCommandFlag *command, const char *progName, int log)
+lib2_Do(secuCommandFlag *command, const char *progName, int log)
{
do_command("lib2", lib2_initialized, command, progName, log);
}
void
-lib1_Shutdown(const char *progName, int log)
+lib1_Shutdown(const char *progName, int log)
{
- lib_Shutdown("lib1", 'I', lib1_context, lib1_initialized, progName, log);
- lib1_initialized = 0;
- /* don't clear lib1_Context, so we can test multiple attempts to close
+ lib_Shutdown("lib1", 'I', lib1_context, lib1_initialized, progName, log);
+ lib1_initialized = 0;
+ /* don't clear lib1_Context, so we can test multiple attempts to close
* the same context produces correct errors*/
}
void
-lib2_Shutdown(const char *progName, int log)
+lib2_Shutdown(const char *progName, int log)
{
lib_Shutdown("lib2", 'Z', lib2_context, lib2_initialized, progName, log);
lib2_initialized = 0;
@@ -792,97 +787,96 @@ lib2_Shutdown(const char *progName, int log)
int
main(int argc, char **argv)
{
- SECStatus rv;
- secuCommand libinit;
- char *progName;
- char *order;
- secuCommandFlag *options;
- int log = 0;
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- libinit.numCommands = 0;
- libinit.commands = 0;
- libinit.numOptions = opt_last;
- options = (secuCommandFlag *)PORT_Alloc(sizeof(options_init));
- if (options == NULL) {
- fprintf(stderr, ">> %s:Not enough free memory to run command\n",
- progName);
- exit(1);
- }
- PORT_Memcpy(options, options_init, sizeof(options_init));
- libinit.options = options;
-
- rv = SECU_ParseCommandLine(argc, argv, progName, & libinit);
- if (rv != SECSuccess) {
- usage(progName);
- }
-
- if (libinit.options[opt_help].activated) {
- long_help(progName);
- exit (0);
- }
-
- log = libinit.options[opt_verbose].activated;
- if (libinit.options[opt_summary].activated) {
- initBuffer();
- }
-
- order = libinit.options[opt_liborder].arg;
- if (!order) {
- usage(progName);
- }
-
- if (log) {
- fprintf(stderr,"* initializing with order \"%s\"*\n", order);
- }
-
- for (;*order; order++) {
- switch (*order) {
- case 'M':
- main_Init(&libinit.options[opt_mainDB],
- &libinit.options[opt_mainTokNam],
- libinit.options[opt_mainRO].activated,
- progName, log);
- break;
- case '1':
- lib1_Init(&libinit.options[opt_lib1DB],
- &libinit.options[opt_lib1TokNam],
- libinit.options[opt_lib1RO].activated,
- progName,log);
- break;
- case '2':
- lib2_Init(&libinit.options[opt_lib2DB],
- &libinit.options[opt_lib2TokNam],
- libinit.options[opt_lib2RO].activated,
- progName,log);
- break;
- case 'm':
- main_Shutdown(libinit.options[opt_oldStyle].activated,
- progName, log);
- break;
- case 'i':
- lib1_Shutdown(progName, log);
- break;
- case 'z':
- lib2_Shutdown(progName, log);
- break;
- default:
- fprintf(stderr,">> Unknown init/shutdown command \"%c\"", *order);
- usage_long(progName);
- }
- main_Do(&libinit.options[opt_mainCMD], progName, log);
- lib1_Do(&libinit.options[opt_lib1CMD], progName, log);
- lib2_Do(&libinit.options[opt_lib2CMD], progName, log);
- }
-
- if (NSS_IsInitialized()) {
- appendLabel('X');
- fprintf(stderr, "Warning: NSS is initialized\n");
- }
- dumpBuffer();
-
- exit(0);
-}
+ SECStatus rv;
+ secuCommand libinit;
+ char *progName;
+ char *order;
+ secuCommandFlag *options;
+ int log = 0;
+
+ progName = strrchr(argv[0], '/');
+ progName = progName ? progName + 1 : argv[0];
+
+ libinit.numCommands = 0;
+ libinit.commands = 0;
+ libinit.numOptions = opt_last;
+ options = (secuCommandFlag *)PORT_Alloc(sizeof(options_init));
+ if (options == NULL) {
+ fprintf(stderr, ">> %s:Not enough free memory to run command\n",
+ progName);
+ exit(1);
+ }
+ PORT_Memcpy(options, options_init, sizeof(options_init));
+ libinit.options = options;
+
+ rv = SECU_ParseCommandLine(argc, argv, progName, &libinit);
+ if (rv != SECSuccess) {
+ usage(progName);
+ }
+
+ if (libinit.options[opt_help].activated) {
+ long_help(progName);
+ exit(0);
+ }
+
+ log = libinit.options[opt_verbose].activated;
+ if (libinit.options[opt_summary].activated) {
+ initBuffer();
+ }
+
+ order = libinit.options[opt_liborder].arg;
+ if (!order) {
+ usage(progName);
+ }
+ if (log) {
+ fprintf(stderr, "* initializing with order \"%s\"*\n", order);
+ }
+
+ for (; *order; order++) {
+ switch (*order) {
+ case 'M':
+ main_Init(&libinit.options[opt_mainDB],
+ &libinit.options[opt_mainTokNam],
+ libinit.options[opt_mainRO].activated,
+ progName, log);
+ break;
+ case '1':
+ lib1_Init(&libinit.options[opt_lib1DB],
+ &libinit.options[opt_lib1TokNam],
+ libinit.options[opt_lib1RO].activated,
+ progName, log);
+ break;
+ case '2':
+ lib2_Init(&libinit.options[opt_lib2DB],
+ &libinit.options[opt_lib2TokNam],
+ libinit.options[opt_lib2RO].activated,
+ progName, log);
+ break;
+ case 'm':
+ main_Shutdown(libinit.options[opt_oldStyle].activated,
+ progName, log);
+ break;
+ case 'i':
+ lib1_Shutdown(progName, log);
+ break;
+ case 'z':
+ lib2_Shutdown(progName, log);
+ break;
+ default:
+ fprintf(stderr, ">> Unknown init/shutdown command \"%c\"", *order);
+ usage_long(progName);
+ }
+ main_Do(&libinit.options[opt_mainCMD], progName, log);
+ lib1_Do(&libinit.options[opt_lib1CMD], progName, log);
+ lib2_Do(&libinit.options[opt_lib2CMD], progName, log);
+ }
+
+ if (NSS_IsInitialized()) {
+ appendLabel('X');
+ fprintf(stderr, "Warning: NSS is initialized\n");
+ }
+ dumpBuffer();
+
+ exit(0);
+}
diff --git a/cmd/ocspclnt/ocspclnt.c b/cmd/ocspclnt/ocspclnt.c
index edf146a21..afcb7e13f 100644
--- a/cmd/ocspclnt/ocspclnt.c
+++ b/cmd/ocspclnt/ocspclnt.c
@@ -12,166 +12,164 @@
#include "nss.h"
#include "cert.h"
#include "ocsp.h"
-#include "xconst.h" /*
- * XXX internal header file; needed to get at
- * cert_DecodeAuthInfoAccessExtension -- would be
- * nice to not need this, but that would require
- * better/different APIs.
- */
-
-#ifndef NO_PP /*
- * Compile with this every once in a while to be
- * sure that no dependencies on it get added
- * outside of the pretty-printing routines.
- */
-#include "ocspti.h" /* internals for pretty-printing routines *only* */
-#endif /* NO_PP */
+#include "xconst.h" /*
+ * XXX internal header file; needed to get at
+ * cert_DecodeAuthInfoAccessExtension -- would be
+ * nice to not need this, but that would require
+ * better/different APIs.
+ */
+
+#ifndef NO_PP /* \
+ * Compile with this every once in a while to be \
+ * sure that no dependencies on it get added \
+ * outside of the pretty-printing routines. \
+ */
+#include "ocspti.h" /* internals for pretty-printing routines *only* */
+#endif /* NO_PP */
#if defined(_WIN32)
#include "fcntl.h"
#include "io.h"
#endif
-#define DEFAULT_DB_DIR "~/.netscape"
+#define DEFAULT_DB_DIR "~/.netscape"
/* global */
-char *program_name;
-
+char *program_name;
static void
-synopsis (char *program_name)
+synopsis(char *program_name)
{
PRFileDesc *pr_stderr;
pr_stderr = PR_STDERR;
- PR_fprintf (pr_stderr, "Usage:");
- PR_fprintf (pr_stderr,
- "\t%s -p [-d <dir>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t%s -P [-d <dir>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t%s -r <name> [-a] [-L] [-s <name>] [-d <dir>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t%s -R <name> [-a] [-l <location>] [-s <name>] [-d <dir>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t%s -S <name> [-a] [-l <location> -t <name>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t\t [-s <name>] [-w <time>] [-d <dir>]\n");
- PR_fprintf (pr_stderr,
- "\t%s -V <name> [-a] -u <usage> [-l <location> -t <name>]\n",
- program_name);
- PR_fprintf (pr_stderr,
- "\t\t [-s <name>] [-w <time>] [-d <dir>]\n");
+ PR_fprintf(pr_stderr, "Usage:");
+ PR_fprintf(pr_stderr,
+ "\t%s -p [-d <dir>]\n",
+ program_name);
+ PR_fprintf(pr_stderr,
+ "\t%s -P [-d <dir>]\n",
+ program_name);
+ PR_fprintf(pr_stderr,
+ "\t%s -r <name> [-a] [-L] [-s <name>] [-d <dir>]\n",
+ program_name);
+ PR_fprintf(pr_stderr,
+ "\t%s -R <name> [-a] [-l <location>] [-s <name>] [-d <dir>]\n",
+ program_name);
+ PR_fprintf(pr_stderr,
+ "\t%s -S <name> [-a] [-l <location> -t <name>]\n",
+ program_name);
+ PR_fprintf(pr_stderr,
+ "\t\t [-s <name>] [-w <time>] [-d <dir>]\n");
+ PR_fprintf(pr_stderr,
+ "\t%s -V <name> [-a] -u <usage> [-l <location> -t <name>]\n",
+ program_name);
+ PR_fprintf(pr_stderr,
+ "\t\t [-s <name>] [-w <time>] [-d <dir>]\n");
}
-
static void
-short_usage (char *program_name)
+short_usage(char *program_name)
{
- PR_fprintf (PR_STDERR,
- "Type %s -H for more detailed descriptions\n",
- program_name);
- synopsis (program_name);
+ PR_fprintf(PR_STDERR,
+ "Type %s -H for more detailed descriptions\n",
+ program_name);
+ synopsis(program_name);
}
-
static void
-long_usage (char *program_name)
+long_usage(char *program_name)
{
PRFileDesc *pr_stderr;
pr_stderr = PR_STDERR;
- synopsis (program_name);
- PR_fprintf (pr_stderr, "\nCommands (must specify exactly one):\n");
- PR_fprintf (pr_stderr,
- " %-13s Pretty-print a binary request read from stdin\n",
- "-p");
- PR_fprintf (pr_stderr,
- " %-13s Pretty-print a binary response read from stdin\n",
- "-P");
- PR_fprintf (pr_stderr,
- " %-13s Create a request for cert \"nickname\" on stdout\n",
- "-r nickname");
- PR_fprintf (pr_stderr,
- " %-13s Get response for cert \"nickname\", dump to stdout\n",
- "-R nickname");
- PR_fprintf (pr_stderr,
- " %-13s Get status for cert \"nickname\"\n",
- "-S nickname");
- PR_fprintf (pr_stderr,
- " %-13s Fully verify cert \"nickname\", w/ status check\n",
- "-V nickname");
- PR_fprintf (pr_stderr,
- "\n %-10s also can be the name of the file with DER or\n"
- " %-13s PEM(use -a option) cert encoding\n", "nickname", "");
- PR_fprintf (pr_stderr, "Options:\n");
- PR_fprintf (pr_stderr,
- " %-13s Decode input cert from PEM format. DER is default\n",
- "-a");
- PR_fprintf (pr_stderr,
- " %-13s Add the service locator extension to the request\n",
- "-L");
- PR_fprintf (pr_stderr,
- " %-13s Find security databases in \"dbdir\" (default %s)\n",
- "-d dbdir", DEFAULT_DB_DIR);
- PR_fprintf (pr_stderr,
- " %-13s Use \"location\" as URL of responder\n",
- "-l location");
- PR_fprintf (pr_stderr,
- " %-13s Trust cert \"nickname\" as response signer\n",
- "-t nickname");
- PR_fprintf (pr_stderr,
- " %-13s Sign requests with cert \"nickname\"\n",
- "-s nickname");
- PR_fprintf (pr_stderr,
- " %-13s Type of certificate usage for verification:\n",
- "-u usage");
- PR_fprintf (pr_stderr,
- "%-17s c SSL Client\n", "");
- PR_fprintf (pr_stderr,
- "%-17s s SSL Server\n", "");
- PR_fprintf (pr_stderr,
- "%-17s e Email Recipient\n", "");
- PR_fprintf (pr_stderr,
- "%-17s E Email Signer\n", "");
- PR_fprintf (pr_stderr,
- "%-17s S Object Signer\n", "");
- PR_fprintf (pr_stderr,
- "%-17s C CA\n", "");
- PR_fprintf (pr_stderr,
- " %-13s Validity time (default current time), one of:\n",
- "-w time");
- PR_fprintf (pr_stderr,
- "%-17s %-25s (GMT)\n", "", "YYMMDDhhmm[ss]Z");
- PR_fprintf (pr_stderr,
- "%-17s %-25s (later than GMT)\n", "", "YYMMDDhhmm[ss]+hhmm");
- PR_fprintf (pr_stderr,
- "%-17s %-25s (earlier than GMT)\n", "", "YYMMDDhhmm[ss]-hhmm");
+ synopsis(program_name);
+ PR_fprintf(pr_stderr, "\nCommands (must specify exactly one):\n");
+ PR_fprintf(pr_stderr,
+ " %-13s Pretty-print a binary request read from stdin\n",
+ "-p");
+ PR_fprintf(pr_stderr,
+ " %-13s Pretty-print a binary response read from stdin\n",
+ "-P");
+ PR_fprintf(pr_stderr,
+ " %-13s Create a request for cert \"nickname\" on stdout\n",
+ "-r nickname");
+ PR_fprintf(pr_stderr,
+ " %-13s Get response for cert \"nickname\", dump to stdout\n",
+ "-R nickname");
+ PR_fprintf(pr_stderr,
+ " %-13s Get status for cert \"nickname\"\n",
+ "-S nickname");
+ PR_fprintf(pr_stderr,
+ " %-13s Fully verify cert \"nickname\", w/ status check\n",
+ "-V nickname");
+ PR_fprintf(pr_stderr,
+ "\n %-10s also can be the name of the file with DER or\n"
+ " %-13s PEM(use -a option) cert encoding\n",
+ "nickname", "");
+ PR_fprintf(pr_stderr, "Options:\n");
+ PR_fprintf(pr_stderr,
+ " %-13s Decode input cert from PEM format. DER is default\n",
+ "-a");
+ PR_fprintf(pr_stderr,
+ " %-13s Add the service locator extension to the request\n",
+ "-L");
+ PR_fprintf(pr_stderr,
+ " %-13s Find security databases in \"dbdir\" (default %s)\n",
+ "-d dbdir", DEFAULT_DB_DIR);
+ PR_fprintf(pr_stderr,
+ " %-13s Use \"location\" as URL of responder\n",
+ "-l location");
+ PR_fprintf(pr_stderr,
+ " %-13s Trust cert \"nickname\" as response signer\n",
+ "-t nickname");
+ PR_fprintf(pr_stderr,
+ " %-13s Sign requests with cert \"nickname\"\n",
+ "-s nickname");
+ PR_fprintf(pr_stderr,
+ " %-13s Type of certificate usage for verification:\n",
+ "-u usage");
+ PR_fprintf(pr_stderr,
+ "%-17s c SSL Client\n", "");
+ PR_fprintf(pr_stderr,
+ "%-17s s SSL Server\n", "");
+ PR_fprintf(pr_stderr,
+ "%-17s e Email Recipient\n", "");
+ PR_fprintf(pr_stderr,
+ "%-17s E Email Signer\n", "");
+ PR_fprintf(pr_stderr,
+ "%-17s S Object Signer\n", "");
+ PR_fprintf(pr_stderr,
+ "%-17s C CA\n", "");
+ PR_fprintf(pr_stderr,
+ " %-13s Validity time (default current time), one of:\n",
+ "-w time");
+ PR_fprintf(pr_stderr,
+ "%-17s %-25s (GMT)\n", "", "YYMMDDhhmm[ss]Z");
+ PR_fprintf(pr_stderr,
+ "%-17s %-25s (later than GMT)\n", "", "YYMMDDhhmm[ss]+hhmm");
+ PR_fprintf(pr_stderr,
+ "%-17s %-25s (earlier than GMT)\n", "", "YYMMDDhhmm[ss]-hhmm");
}
#if defined(WIN32)
-/* We're going to write binary data to stdout, or read binary from stdin.
- * We must put stdout or stdin into O_BINARY mode or else
+/* We're going to write binary data to stdout, or read binary from stdin.
+ * We must put stdout or stdin into O_BINARY mode or else
outgoing \n's will become \r\n's, and incoming \r\n's will become \n's.
*/
static SECStatus
-make_file_binary(FILE * binfile)
+make_file_binary(FILE *binfile)
{
int smrv = _setmode(_fileno(binfile), _O_BINARY);
if (smrv == -1) {
fprintf(stderr, "%s: Cannot change stdout to binary mode.\n",
- program_name);
+ program_name);
}
return smrv;
}
#define MAKE_FILE_BINARY make_file_binary
#else
-#define MAKE_FILE_BINARY(file)
+#define MAKE_FILE_BINARY(file)
#endif
/*
@@ -189,67 +187,66 @@ make_file_binary(FILE * binfile)
* is expected to free them. ("SECITEM_FreeItem(item, PR_TRUE)")
*/
static SECItem *
-read_file_into_item (PRFileDesc *in_file, SECItemType si_type)
+read_file_into_item(PRFileDesc *in_file, SECItemType si_type)
{
- PRStatus prv;
- SECItem *item;
- PRFileInfo file_info;
- PRInt32 bytes_read;
+ PRStatus prv;
+ SECItem *item;
+ PRFileInfo file_info;
+ PRInt32 bytes_read;
- prv = PR_GetOpenFileInfo (in_file, &file_info);
+ prv = PR_GetOpenFileInfo(in_file, &file_info);
if (prv != PR_SUCCESS)
- return NULL;
+ return NULL;
- if (file_info.size == 0) {
- /* XXX Need a better error; just grabbed this one for expediency. */
- PORT_SetError (SEC_ERROR_INPUT_LEN);
- return NULL;
+ if (file_info.size == 0) {
+ /* XXX Need a better error; just grabbed this one for expediency. */
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return NULL;
}
- if (file_info.size > 0xffff) { /* I think this is too big. */
- PORT_SetError (SEC_ERROR_NO_MEMORY);
- return NULL;
+ if (file_info.size > 0xffff) { /* I think this is too big. */
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return NULL;
}
- item = PORT_Alloc (sizeof (SECItem));
+ item = PORT_Alloc(sizeof(SECItem));
if (item == NULL)
- return NULL;
+ return NULL;
item->type = si_type;
- item->len = (unsigned int) file_info.size;
- item->data = PORT_Alloc ((size_t)item->len);
+ item->len = (unsigned int)file_info.size;
+ item->data = PORT_Alloc((size_t)item->len);
if (item->data == NULL)
- goto loser;
+ goto loser;
- bytes_read = PR_Read (in_file, item->data, (PRInt32) item->len);
+ bytes_read = PR_Read(in_file, item->data, (PRInt32)item->len);
if (bytes_read < 0) {
- /* Something went wrong; error is already set for us. */
- goto loser;
+ /* Something went wrong; error is already set for us. */
+ goto loser;
} else if (bytes_read == 0) {
- /* Something went wrong; we read nothing. But no system/nspr error. */
- /* XXX Need to set an error here. */
- goto loser;
+ /* Something went wrong; we read nothing. But no system/nspr error. */
+ /* XXX Need to set an error here. */
+ goto loser;
} else if (item->len != (unsigned int)bytes_read) {
- /* Something went wrong; we read less (or more!?) than we expected. */
- /* XXX Need to set an error here. */
- goto loser;
+ /* Something went wrong; we read less (or more!?) than we expected. */
+ /* XXX Need to set an error here. */
+ goto loser;
}
return item;
loser:
- SECITEM_FreeItem (item, PR_TRUE);
+ SECITEM_FreeItem(item, PR_TRUE);
return NULL;
}
-
/*
* Create a DER-encoded OCSP request (for the certificate whose nickname
* is "name") and dump it out.
*/
static SECStatus
-create_request (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
- PRBool add_service_locator, PRBool add_acceptable_responses)
+create_request(FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
+ PRBool add_service_locator, PRBool add_acceptable_responses)
{
CERTCertList *certs = NULL;
CERTCertificate *myCert = NULL;
@@ -259,7 +256,7 @@ create_request (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
SECStatus rv = SECFailure;
if (handle == NULL || cert == NULL)
- return rv;
+ return rv;
myCert = CERT_DupCertificate(cert);
if (myCert == NULL)
@@ -270,10 +267,10 @@ create_request (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
*/
certs = CERT_NewCertList();
if (certs == NULL)
- goto loser;
+ goto loser;
- if (CERT_AddCertToListTail (certs, myCert) != SECSuccess)
- goto loser;
+ if (CERT_AddCertToListTail(certs, myCert) != SECSuccess)
+ goto loser;
/*
* Now that cert is included in the list, we need to be careful
@@ -281,41 +278,40 @@ create_request (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
*/
myCert = NULL;
- request = CERT_CreateOCSPRequest (certs, now, add_service_locator, NULL);
+ request = CERT_CreateOCSPRequest(certs, now, add_service_locator, NULL);
if (request == NULL)
- goto loser;
+ goto loser;
if (add_acceptable_responses) {
- rv = CERT_AddOCSPAcceptableResponses(request,
- SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
- if (rv != SECSuccess)
- goto loser;
+ rv = CERT_AddOCSPAcceptableResponses(request,
+ SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
+ if (rv != SECSuccess)
+ goto loser;
}
- encoding = CERT_EncodeOCSPRequest (NULL, request, NULL);
+ encoding = CERT_EncodeOCSPRequest(NULL, request, NULL);
if (encoding == NULL)
- goto loser;
+ goto loser;
MAKE_FILE_BINARY(out_file);
- if (fwrite (encoding->data, encoding->len, 1, out_file) != 1)
- goto loser;
+ if (fwrite(encoding->data, encoding->len, 1, out_file) != 1)
+ goto loser;
rv = SECSuccess;
loser:
if (encoding != NULL)
- SECITEM_FreeItem(encoding, PR_TRUE);
+ SECITEM_FreeItem(encoding, PR_TRUE);
if (request != NULL)
- CERT_DestroyOCSPRequest(request);
+ CERT_DestroyOCSPRequest(request);
if (certs != NULL)
- CERT_DestroyCertList (certs);
+ CERT_DestroyCertList(certs);
if (myCert != NULL)
- CERT_DestroyCertificate(myCert);
+ CERT_DestroyCertificate(myCert);
return rv;
}
-
/*
* Create a DER-encoded OCSP request (for the certificate whose nickname is
* "cert_name"), then get and dump a corresponding response. The responder
@@ -323,8 +319,8 @@ loser:
* via the AuthorityInfoAccess URL in the cert.
*/
static SECStatus
-dump_response (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
- const char *responder_url)
+dump_response(FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
+ const char *responder_url)
{
CERTCertList *certs = NULL;
CERTCertificate *myCert = NULL;
@@ -335,20 +331,20 @@ dump_response (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
PRBool includeServiceLocator;
if (handle == NULL || cert == NULL)
- return rv;
+ return rv;
myCert = CERT_DupCertificate(cert);
if (myCert == NULL)
goto loser;
if (responder_url != NULL) {
- loc = (char *) responder_url;
- includeServiceLocator = PR_TRUE;
+ loc = (char *)responder_url;
+ includeServiceLocator = PR_TRUE;
} else {
- loc = CERT_GetOCSPAuthorityInfoAccessLocation (cert);
- if (loc == NULL)
- goto loser;
- includeServiceLocator = PR_FALSE;
+ loc = CERT_GetOCSPAuthorityInfoAccessLocation(cert);
+ if (loc == NULL)
+ goto loser;
+ includeServiceLocator = PR_FALSE;
}
/*
@@ -356,10 +352,10 @@ dump_response (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
*/
certs = CERT_NewCertList();
if (certs == NULL)
- goto loser;
+ goto loser;
- if (CERT_AddCertToListTail (certs, myCert) != SECSuccess)
- goto loser;
+ if (CERT_AddCertToListTail(certs, myCert) != SECSuccess)
+ goto loser;
/*
* Now that cert is included in the list, we need to be careful
@@ -367,58 +363,57 @@ dump_response (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
*/
myCert = NULL;
- response = CERT_GetEncodedOCSPResponse (NULL, certs, loc, now,
- includeServiceLocator,
- NULL, NULL, NULL);
+ response = CERT_GetEncodedOCSPResponse(NULL, certs, loc, now,
+ includeServiceLocator,
+ NULL, NULL, NULL);
if (response == NULL)
- goto loser;
+ goto loser;
MAKE_FILE_BINARY(out_file);
- if (fwrite (response->data, response->len, 1, out_file) != 1)
- goto loser;
+ if (fwrite(response->data, response->len, 1, out_file) != 1)
+ goto loser;
rv = SECSuccess;
loser:
if (response != NULL)
- SECITEM_FreeItem (response, PR_TRUE);
+ SECITEM_FreeItem(response, PR_TRUE);
if (certs != NULL)
- CERT_DestroyCertList (certs);
+ CERT_DestroyCertList(certs);
if (myCert != NULL)
- CERT_DestroyCertificate(myCert);
+ CERT_DestroyCertificate(myCert);
if (loc != NULL && loc != responder_url)
- PORT_Free (loc);
+ PORT_Free(loc);
return rv;
}
-
/*
* Get the status for the specified certificate (whose nickname is "cert_name").
* Directly use the OCSP function rather than doing a full verification.
*/
static SECStatus
-get_cert_status (FILE *out_file, CERTCertDBHandle *handle,
- CERTCertificate *cert, const char *cert_name,
- PRTime verify_time)
+get_cert_status(FILE *out_file, CERTCertDBHandle *handle,
+ CERTCertificate *cert, const char *cert_name,
+ PRTime verify_time)
{
SECStatus rv = SECFailure;
if (handle == NULL || cert == NULL)
- goto loser;
+ goto loser;
- rv = CERT_CheckOCSPStatus (handle, cert, verify_time, NULL);
+ rv = CERT_CheckOCSPStatus(handle, cert, verify_time, NULL);
- fprintf (out_file, "Check of certificate \"%s\" ", cert_name);
+ fprintf(out_file, "Check of certificate \"%s\" ", cert_name);
if (rv == SECSuccess) {
- fprintf (out_file, "succeeded.\n");
+ fprintf(out_file, "succeeded.\n");
} else {
- const char *error_string = SECU_Strerror(PORT_GetError());
- fprintf (out_file, "failed. Reason:\n");
- if (error_string != NULL && PORT_Strlen(error_string) > 0)
- fprintf (out_file, "%s\n", error_string);
- else
- fprintf (out_file, "Unknown\n");
+ const char *error_string = SECU_Strerror(PORT_GetError());
+ fprintf(out_file, "failed. Reason:\n");
+ if (error_string != NULL && PORT_Strlen(error_string) > 0)
+ fprintf(out_file, "%s\n", error_string);
+ else
+ fprintf(out_file, "Unknown\n");
}
rv = SECSuccess;
@@ -428,34 +423,33 @@ loser:
return rv;
}
-
/*
* Verify the specified certificate (whose nickname is "cert_name").
* OCSP is already turned on, so we just need to call the standard
* certificate verification API and let it do all the work.
*/
static SECStatus
-verify_cert (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
- const char *cert_name, SECCertUsage cert_usage, PRTime verify_time)
+verify_cert(FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
+ const char *cert_name, SECCertUsage cert_usage, PRTime verify_time)
{
SECStatus rv = SECFailure;
if (handle == NULL || cert == NULL)
- return rv;
+ return rv;
- rv = CERT_VerifyCert (handle, cert, PR_TRUE, cert_usage, verify_time,
- NULL, NULL);
+ rv = CERT_VerifyCert(handle, cert, PR_TRUE, cert_usage, verify_time,
+ NULL, NULL);
- fprintf (out_file, "Verification of certificate \"%s\" ", cert_name);
+ fprintf(out_file, "Verification of certificate \"%s\" ", cert_name);
if (rv == SECSuccess) {
- fprintf (out_file, "succeeded.\n");
+ fprintf(out_file, "succeeded.\n");
} else {
- const char *error_string = SECU_Strerror(PORT_GetError());
- fprintf (out_file, "failed. Reason:\n");
- if (error_string != NULL && PORT_Strlen(error_string) > 0)
- fprintf (out_file, "%s\n", error_string);
- else
- fprintf (out_file, "Unknown\n");
+ const char *error_string = SECU_Strerror(PORT_GetError());
+ fprintf(out_file, "failed. Reason:\n");
+ if (error_string != NULL && PORT_Strlen(error_string) > 0)
+ fprintf(out_file, "%s\n", error_string);
+ else
+ fprintf(out_file, "Unknown\n");
}
rv = SECSuccess;
@@ -463,7 +457,7 @@ verify_cert (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
return rv;
}
-CERTCertificate*
+CERTCertificate *
find_certificate(CERTCertDBHandle *handle, const char *name, PRBool ascii)
{
CERTCertificate *cert = NULL;
@@ -473,9 +467,9 @@ find_certificate(CERTCertDBHandle *handle, const char *name, PRBool ascii)
if (handle == NULL || name == NULL)
return NULL;
- if (ascii == PR_FALSE) {
+ if (ascii == PR_FALSE) {
/* by default need to check if there is cert nick is given */
- cert = CERT_FindCertByNicknameOrEmailAddr (handle, (char *) name);
+ cert = CERT_FindCertByNicknameOrEmailAddr(handle, (char *)name);
if (cert != NULL)
return cert;
}
@@ -486,7 +480,7 @@ find_certificate(CERTCertDBHandle *handle, const char *name, PRBool ascii)
}
if (SECU_ReadDERFromFile(&der, certFile, ascii, PR_FALSE) == SECSuccess) {
- cert = CERT_DecodeCertFromPackage((char*)der.data, der.len);
+ cert = CERT_DecodeCertFromPackage((char *)der.data, der.len);
SECITEM_FreeItem(&der, PR_FALSE);
}
PR_Close(certFile);
@@ -494,328 +488,315 @@ find_certificate(CERTCertDBHandle *handle, const char *name, PRBool ascii)
return cert;
}
-
-#ifdef NO_PP
+#ifdef NO_PP
static SECStatus
-print_request (FILE *out_file, SECItem *data)
+print_request(FILE *out_file, SECItem *data)
{
- fprintf (out_file, "Cannot pretty-print request compiled with NO_PP.\n");
+ fprintf(out_file, "Cannot pretty-print request compiled with NO_PP.\n");
return SECSuccess;
}
static SECStatus
-print_response (FILE *out_file, SECItem *data, CERTCertDBHandle *handle)
+print_response(FILE *out_file, SECItem *data, CERTCertDBHandle *handle)
{
- fprintf (out_file, "Cannot pretty-print response compiled with NO_PP.\n");
+ fprintf(out_file, "Cannot pretty-print response compiled with NO_PP.\n");
return SECSuccess;
}
#else /* NO_PP */
static void
-print_ocsp_version (FILE *out_file, SECItem *version, int level)
+print_ocsp_version(FILE *out_file, SECItem *version, int level)
{
if (version->len > 0) {
- SECU_PrintInteger (out_file, version, "Version", level);
+ SECU_PrintInteger(out_file, version, "Version", level);
} else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "Version: DEFAULT\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Version: DEFAULT\n");
}
}
-
static void
-print_ocsp_cert_id (FILE *out_file, CERTOCSPCertID *cert_id, int level)
+print_ocsp_cert_id(FILE *out_file, CERTOCSPCertID *cert_id, int level)
{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Cert ID:\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Cert ID:\n");
level++;
- SECU_PrintAlgorithmID (out_file, &(cert_id->hashAlgorithm),
- "Hash Algorithm", level);
- SECU_PrintAsHex (out_file, &(cert_id->issuerNameHash),
- "Issuer Name Hash", level);
- SECU_PrintAsHex (out_file, &(cert_id->issuerKeyHash),
- "Issuer Key Hash", level);
- SECU_PrintInteger (out_file, &(cert_id->serialNumber),
- "Serial Number", level);
+ SECU_PrintAlgorithmID(out_file, &(cert_id->hashAlgorithm),
+ "Hash Algorithm", level);
+ SECU_PrintAsHex(out_file, &(cert_id->issuerNameHash),
+ "Issuer Name Hash", level);
+ SECU_PrintAsHex(out_file, &(cert_id->issuerKeyHash),
+ "Issuer Key Hash", level);
+ SECU_PrintInteger(out_file, &(cert_id->serialNumber),
+ "Serial Number", level);
/* XXX lookup the cert; if found, print something nice (nickname?) */
}
-
static void
-print_raw_certificates (FILE *out_file, SECItem **raw_certs, int level)
+print_raw_certificates(FILE *out_file, SECItem **raw_certs, int level)
{
SECItem *raw_cert;
int i = 0;
char cert_label[50];
- SECU_Indent (out_file, level);
+ SECU_Indent(out_file, level);
if (raw_certs == NULL) {
- fprintf (out_file, "No Certificates.\n");
- return;
+ fprintf(out_file, "No Certificates.\n");
+ return;
}
- fprintf (out_file, "Certificate List:\n");
+ fprintf(out_file, "Certificate List:\n");
while ((raw_cert = raw_certs[i++]) != NULL) {
- sprintf (cert_label, "Certificate (%d)", i);
- (void) SECU_PrintSignedData (out_file, raw_cert, cert_label, level + 1,
- (SECU_PPFunc)SECU_PrintCertificate);
+ sprintf(cert_label, "Certificate (%d)", i);
+ (void)SECU_PrintSignedData(out_file, raw_cert, cert_label, level + 1,
+ (SECU_PPFunc)SECU_PrintCertificate);
}
}
-
static void
-print_ocsp_extensions (FILE *out_file, CERTCertExtension **extensions,
- char *msg, int level)
+print_ocsp_extensions(FILE *out_file, CERTCertExtension **extensions,
+ char *msg, int level)
{
if (extensions) {
- SECU_PrintExtensions (out_file, extensions, msg, level);
+ SECU_PrintExtensions(out_file, extensions, msg, level);
} else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No %s\n", msg);
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "No %s\n", msg);
}
}
-
static void
-print_single_request (FILE *out_file, ocspSingleRequest *single, int level)
+print_single_request(FILE *out_file, ocspSingleRequest *single, int level)
{
- print_ocsp_cert_id (out_file, single->reqCert, level);
- print_ocsp_extensions (out_file, single->singleRequestExtensions,
- "Single Request Extensions", level);
+ print_ocsp_cert_id(out_file, single->reqCert, level);
+ print_ocsp_extensions(out_file, single->singleRequestExtensions,
+ "Single Request Extensions", level);
}
-
/*
* Decode the DER/BER-encoded item "data" as an OCSP request
* and pretty-print the subfields.
*/
static SECStatus
-print_request (FILE *out_file, SECItem *data)
+print_request(FILE *out_file, SECItem *data)
{
CERTOCSPRequest *request;
ocspTBSRequest *tbsRequest;
int level = 0;
- PORT_Assert (out_file != NULL);
- PORT_Assert (data != NULL);
+ PORT_Assert(out_file != NULL);
+ PORT_Assert(data != NULL);
if (out_file == NULL || data == NULL) {
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
- request = CERT_DecodeOCSPRequest (data);
+ request = CERT_DecodeOCSPRequest(data);
if (request == NULL || request->tbsRequest == NULL)
- return SECFailure;
+ return SECFailure;
tbsRequest = request->tbsRequest;
- fprintf (out_file, "TBS Request:\n");
+ fprintf(out_file, "TBS Request:\n");
level++;
- print_ocsp_version (out_file, &(tbsRequest->version), level);
+ print_ocsp_version(out_file, &(tbsRequest->version), level);
/*
* XXX Probably should be an interface to get the signer name
* without looking inside the tbsRequest at all.
*/
if (tbsRequest->requestorName != NULL) {
- SECU_Indent (out_file, level);
- fprintf (out_file, "XXX print the requestorName\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "XXX print the requestorName\n");
} else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No Requestor Name.\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "No Requestor Name.\n");
}
if (tbsRequest->requestList != NULL) {
- int i;
-
- for (i = 0; tbsRequest->requestList[i] != NULL; i++) {
- SECU_Indent (out_file, level);
- fprintf (out_file, "Request %d:\n", i);
- print_single_request (out_file, tbsRequest->requestList[i],
- level + 1);
- }
+ int i;
+
+ for (i = 0; tbsRequest->requestList[i] != NULL; i++) {
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Request %d:\n", i);
+ print_single_request(out_file, tbsRequest->requestList[i],
+ level + 1);
+ }
} else {
- fprintf (out_file, "Request list is empty.\n");
+ fprintf(out_file, "Request list is empty.\n");
}
- print_ocsp_extensions (out_file, tbsRequest->requestExtensions,
- "Request Extensions", level);
+ print_ocsp_extensions(out_file, tbsRequest->requestExtensions,
+ "Request Extensions", level);
if (request->optionalSignature != NULL) {
- ocspSignature *whole_sig;
- SECItem rawsig;
+ ocspSignature *whole_sig;
+ SECItem rawsig;
- fprintf (out_file, "Signature:\n");
+ fprintf(out_file, "Signature:\n");
- whole_sig = request->optionalSignature;
- SECU_PrintAlgorithmID (out_file, &(whole_sig->signatureAlgorithm),
- "Signature Algorithm", level);
+ whole_sig = request->optionalSignature;
+ SECU_PrintAlgorithmID(out_file, &(whole_sig->signatureAlgorithm),
+ "Signature Algorithm", level);
- rawsig = whole_sig->signature;
- DER_ConvertBitString (&rawsig);
- SECU_PrintAsHex (out_file, &rawsig, "Signature", level);
+ rawsig = whole_sig->signature;
+ DER_ConvertBitString(&rawsig);
+ SECU_PrintAsHex(out_file, &rawsig, "Signature", level);
- print_raw_certificates (out_file, whole_sig->derCerts, level);
+ print_raw_certificates(out_file, whole_sig->derCerts, level);
- fprintf (out_file, "XXX verify the sig and print result\n");
+ fprintf(out_file, "XXX verify the sig and print result\n");
} else {
- fprintf (out_file, "No Signature\n");
+ fprintf(out_file, "No Signature\n");
}
- CERT_DestroyOCSPRequest (request);
+ CERT_DestroyOCSPRequest(request);
return SECSuccess;
}
-
static void
-print_revoked_info (FILE *out_file, ocspRevokedInfo *revoked_info, int level)
+print_revoked_info(FILE *out_file, ocspRevokedInfo *revoked_info, int level)
{
- SECU_PrintGeneralizedTime (out_file, &(revoked_info->revocationTime),
- "Revocation Time", level);
+ SECU_PrintGeneralizedTime(out_file, &(revoked_info->revocationTime),
+ "Revocation Time", level);
if (revoked_info->revocationReason != NULL) {
- SECU_PrintAsHex (out_file, revoked_info->revocationReason,
- "Revocation Reason", level);
+ SECU_PrintAsHex(out_file, revoked_info->revocationReason,
+ "Revocation Reason", level);
} else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No Revocation Reason.\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "No Revocation Reason.\n");
}
}
-
static void
-print_cert_status (FILE *out_file, ocspCertStatus *status, int level)
+print_cert_status(FILE *out_file, ocspCertStatus *status, int level)
{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Status: ");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Status: ");
switch (status->certStatusType) {
- case ocspCertStatus_good:
- fprintf (out_file, "Cert is good.\n");
- break;
- case ocspCertStatus_revoked:
- fprintf (out_file, "Cert has been revoked.\n");
- print_revoked_info (out_file, status->certStatusInfo.revokedInfo,
- level + 1);
- break;
- case ocspCertStatus_unknown:
- fprintf (out_file, "Cert is unknown to responder.\n");
- break;
- default:
- fprintf (out_file, "Unrecognized status.\n");
- break;
+ case ocspCertStatus_good:
+ fprintf(out_file, "Cert is good.\n");
+ break;
+ case ocspCertStatus_revoked:
+ fprintf(out_file, "Cert has been revoked.\n");
+ print_revoked_info(out_file, status->certStatusInfo.revokedInfo,
+ level + 1);
+ break;
+ case ocspCertStatus_unknown:
+ fprintf(out_file, "Cert is unknown to responder.\n");
+ break;
+ default:
+ fprintf(out_file, "Unrecognized status.\n");
+ break;
}
}
-
static void
-print_single_response (FILE *out_file, CERTOCSPSingleResponse *single,
- int level)
+print_single_response(FILE *out_file, CERTOCSPSingleResponse *single,
+ int level)
{
- print_ocsp_cert_id (out_file, single->certID, level);
+ print_ocsp_cert_id(out_file, single->certID, level);
- print_cert_status (out_file, single->certStatus, level);
+ print_cert_status(out_file, single->certStatus, level);
- SECU_PrintGeneralizedTime (out_file, &(single->thisUpdate),
- "This Update", level);
+ SECU_PrintGeneralizedTime(out_file, &(single->thisUpdate),
+ "This Update", level);
if (single->nextUpdate != NULL) {
- SECU_PrintGeneralizedTime (out_file, single->nextUpdate,
- "Next Update", level);
+ SECU_PrintGeneralizedTime(out_file, single->nextUpdate,
+ "Next Update", level);
} else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No Next Update\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "No Next Update\n");
}
- print_ocsp_extensions (out_file, single->singleExtensions,
- "Single Response Extensions", level);
+ print_ocsp_extensions(out_file, single->singleExtensions,
+ "Single Response Extensions", level);
}
-
static void
-print_responder_id (FILE *out_file, ocspResponderID *responderID, int level)
+print_responder_id(FILE *out_file, ocspResponderID *responderID, int level)
{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Responder ID ");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Responder ID ");
switch (responderID->responderIDType) {
- case ocspResponderID_byName:
- fprintf (out_file, "(byName):\n");
- SECU_PrintName (out_file, &(responderID->responderIDValue.name),
- "Name", level + 1);
- break;
- case ocspResponderID_byKey:
- fprintf (out_file, "(byKey):\n");
- SECU_PrintAsHex (out_file, &(responderID->responderIDValue.keyHash),
- "Key Hash", level + 1);
- break;
- default:
- fprintf (out_file, "Unrecognized Responder ID Type\n");
- break;
+ case ocspResponderID_byName:
+ fprintf(out_file, "(byName):\n");
+ SECU_PrintName(out_file, &(responderID->responderIDValue.name),
+ "Name", level + 1);
+ break;
+ case ocspResponderID_byKey:
+ fprintf(out_file, "(byKey):\n");
+ SECU_PrintAsHex(out_file, &(responderID->responderIDValue.keyHash),
+ "Key Hash", level + 1);
+ break;
+ default:
+ fprintf(out_file, "Unrecognized Responder ID Type\n");
+ break;
}
}
-
static void
-print_response_data (FILE *out_file, ocspResponseData *responseData, int level)
+print_response_data(FILE *out_file, ocspResponseData *responseData, int level)
{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Response Data:\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Response Data:\n");
level++;
- print_ocsp_version (out_file, &(responseData->version), level);
+ print_ocsp_version(out_file, &(responseData->version), level);
- print_responder_id (out_file, responseData->responderID, level);
+ print_responder_id(out_file, responseData->responderID, level);
- SECU_PrintGeneralizedTime (out_file, &(responseData->producedAt),
- "Produced At", level);
+ SECU_PrintGeneralizedTime(out_file, &(responseData->producedAt),
+ "Produced At", level);
if (responseData->responses != NULL) {
- int i;
-
- for (i = 0; responseData->responses[i] != NULL; i++) {
- SECU_Indent (out_file, level);
- fprintf (out_file, "Response %d:\n", i);
- print_single_response (out_file, responseData->responses[i],
- level + 1);
- }
+ int i;
+
+ for (i = 0; responseData->responses[i] != NULL; i++) {
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Response %d:\n", i);
+ print_single_response(out_file, responseData->responses[i],
+ level + 1);
+ }
} else {
- fprintf (out_file, "Response list is empty.\n");
+ fprintf(out_file, "Response list is empty.\n");
}
- print_ocsp_extensions (out_file, responseData->responseExtensions,
- "Response Extensions", level);
+ print_ocsp_extensions(out_file, responseData->responseExtensions,
+ "Response Extensions", level);
}
-
static void
-print_basic_response (FILE *out_file, ocspBasicOCSPResponse *basic, int level)
+print_basic_response(FILE *out_file, ocspBasicOCSPResponse *basic, int level)
{
SECItem rawsig;
- SECU_Indent (out_file, level);
- fprintf (out_file, "Basic OCSP Response:\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Basic OCSP Response:\n");
level++;
- print_response_data (out_file, basic->tbsResponseData, level);
+ print_response_data(out_file, basic->tbsResponseData, level);
- SECU_PrintAlgorithmID (out_file,
- &(basic->responseSignature.signatureAlgorithm),
- "Signature Algorithm", level);
+ SECU_PrintAlgorithmID(out_file,
+ &(basic->responseSignature.signatureAlgorithm),
+ "Signature Algorithm", level);
rawsig = basic->responseSignature.signature;
- DER_ConvertBitString (&rawsig);
- SECU_PrintAsHex (out_file, &rawsig, "Signature", level);
+ DER_ConvertBitString(&rawsig);
+ SECU_PrintAsHex(out_file, &rawsig, "Signature", level);
- print_raw_certificates (out_file, basic->responseSignature.derCerts, level);
+ print_raw_certificates(out_file, basic->responseSignature.derCerts, level);
}
-
/*
* Note this must match (exactly) the enumeration ocspResponseStatus.
*/
@@ -834,142 +815,140 @@ static char *responseStatusNames[] = {
* and pretty-print the subfields.
*/
static SECStatus
-print_response (FILE *out_file, SECItem *data, CERTCertDBHandle *handle)
+print_response(FILE *out_file, SECItem *data, CERTCertDBHandle *handle)
{
CERTOCSPResponse *response;
int level = 0;
- PORT_Assert (out_file != NULL);
- PORT_Assert (data != NULL);
+ PORT_Assert(out_file != NULL);
+ PORT_Assert(data != NULL);
if (out_file == NULL || data == NULL) {
- PORT_SetError (SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
- response = CERT_DecodeOCSPResponse (data);
+ response = CERT_DecodeOCSPResponse(data);
if (response == NULL)
- return SECFailure;
+ return SECFailure;
if (response->statusValue >= ocspResponse_min &&
- response->statusValue <= ocspResponse_max) {
- fprintf (out_file, "Response Status: %s\n",
- responseStatusNames[response->statusValue]);
+ response->statusValue <= ocspResponse_max) {
+ fprintf(out_file, "Response Status: %s\n",
+ responseStatusNames[response->statusValue]);
} else {
- fprintf (out_file,
- "Response Status: other (Status value %d out of defined range)\n",
- (int)response->statusValue);
+ fprintf(out_file,
+ "Response Status: other (Status value %d out of defined range)\n",
+ (int)response->statusValue);
}
if (response->statusValue == ocspResponse_successful) {
- ocspResponseBytes *responseBytes = response->responseBytes;
- SECStatus sigStatus;
- CERTCertificate *signerCert = NULL;
-
- PORT_Assert (responseBytes != NULL);
-
- level++;
- fprintf (out_file, "Response Bytes:\n");
- SECU_PrintObjectID (out_file, &(responseBytes->responseType),
- "Response Type", level);
- switch (response->responseBytes->responseTypeTag) {
- case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
- print_basic_response (out_file,
- responseBytes->decodedResponse.basic,
- level);
- break;
- default:
- SECU_Indent (out_file, level);
- fprintf (out_file, "Unknown response syntax\n");
- break;
- }
-
- sigStatus = CERT_VerifyOCSPResponseSignature (response, handle,
- NULL, &signerCert, NULL);
- SECU_Indent (out_file, level);
- fprintf (out_file, "Signature verification ");
- if (sigStatus != SECSuccess) {
- fprintf (out_file, "failed: %s\n", SECU_Strerror (PORT_GetError()));
- } else {
- fprintf (out_file, "succeeded.\n");
- if (signerCert != NULL) {
- SECU_PrintName (out_file, &signerCert->subject, "Signer",
- level);
- CERT_DestroyCertificate (signerCert);
- } else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No signer cert returned?\n");
- }
- }
+ ocspResponseBytes *responseBytes = response->responseBytes;
+ SECStatus sigStatus;
+ CERTCertificate *signerCert = NULL;
+
+ PORT_Assert(responseBytes != NULL);
+
+ level++;
+ fprintf(out_file, "Response Bytes:\n");
+ SECU_PrintObjectID(out_file, &(responseBytes->responseType),
+ "Response Type", level);
+ switch (response->responseBytes->responseTypeTag) {
+ case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
+ print_basic_response(out_file,
+ responseBytes->decodedResponse.basic,
+ level);
+ break;
+ default:
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Unknown response syntax\n");
+ break;
+ }
+
+ sigStatus = CERT_VerifyOCSPResponseSignature(response, handle,
+ NULL, &signerCert, NULL);
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Signature verification ");
+ if (sigStatus != SECSuccess) {
+ fprintf(out_file, "failed: %s\n", SECU_Strerror(PORT_GetError()));
+ } else {
+ fprintf(out_file, "succeeded.\n");
+ if (signerCert != NULL) {
+ SECU_PrintName(out_file, &signerCert->subject, "Signer",
+ level);
+ CERT_DestroyCertificate(signerCert);
+ } else {
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "No signer cert returned?\n");
+ }
+ }
} else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "Unsuccessful response, no more information.\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Unsuccessful response, no more information.\n");
}
- CERT_DestroyOCSPResponse (response);
+ CERT_DestroyOCSPResponse(response);
return SECSuccess;
}
-#endif /* NO_PP */
-
+#endif /* NO_PP */
static SECStatus
-cert_usage_from_char (const char *cert_usage_str, SECCertUsage *cert_usage)
+cert_usage_from_char(const char *cert_usage_str, SECCertUsage *cert_usage)
{
- PORT_Assert (cert_usage_str != NULL);
- PORT_Assert (cert_usage != NULL);
+ PORT_Assert(cert_usage_str != NULL);
+ PORT_Assert(cert_usage != NULL);
- if (PORT_Strlen (cert_usage_str) != 1)
- return SECFailure;
+ if (PORT_Strlen(cert_usage_str) != 1)
+ return SECFailure;
switch (*cert_usage_str) {
- case 'c':
- *cert_usage = certUsageSSLClient;
- break;
- case 's':
- *cert_usage = certUsageSSLServer;
- break;
- case 'e':
- *cert_usage = certUsageEmailRecipient;
- break;
- case 'E':
- *cert_usage = certUsageEmailSigner;
- break;
- case 'S':
- *cert_usage = certUsageObjectSigner;
- break;
- case 'C':
- *cert_usage = certUsageVerifyCA;
- break;
- default:
- return SECFailure;
+ case 'c':
+ *cert_usage = certUsageSSLClient;
+ break;
+ case 's':
+ *cert_usage = certUsageSSLServer;
+ break;
+ case 'e':
+ *cert_usage = certUsageEmailRecipient;
+ break;
+ case 'E':
+ *cert_usage = certUsageEmailSigner;
+ break;
+ case 'S':
+ *cert_usage = certUsageObjectSigner;
+ break;
+ case 'C':
+ *cert_usage = certUsageVerifyCA;
+ break;
+ default:
+ return SECFailure;
}
return SECSuccess;
}
-
int
-main (int argc, char **argv)
+main(int argc, char **argv)
{
- int retval;
- PRFileDesc *in_file;
- FILE *out_file; /* not PRFileDesc until SECU accepts it */
- int crequest, dresponse;
- int prequest, presponse;
- int ccert, vcert;
- const char *db_dir, *date_str, *cert_usage_str, *name;
- const char *responder_name, *responder_url, *signer_name;
- PRBool add_acceptable_responses, add_service_locator;
- SECItem *data = NULL;
- PLOptState *optstate;
- SECStatus rv;
+ int retval;
+ PRFileDesc *in_file;
+ FILE *out_file; /* not PRFileDesc until SECU accepts it */
+ int crequest, dresponse;
+ int prequest, presponse;
+ int ccert, vcert;
+ const char *db_dir, *date_str, *cert_usage_str, *name;
+ const char *responder_name, *responder_url, *signer_name;
+ PRBool add_acceptable_responses, add_service_locator;
+ SECItem *data = NULL;
+ PLOptState *optstate;
+ SECStatus rv;
CERTCertDBHandle *handle = NULL;
SECCertUsage cert_usage = certUsageSSLClient;
- PRTime verify_time;
+ PRTime verify_time;
CERTCertificate *cert = NULL;
PRBool ascii = PR_FALSE;
- retval = -1; /* what we return/exit with on error */
+ retval = -1; /* what we return/exit with on error */
program_name = PL_strrchr(argv[0], '/');
program_name = program_name ? (program_name + 1) : argv[0];
@@ -995,250 +974,250 @@ main (int argc, char **argv)
add_acceptable_responses = PR_FALSE;
add_service_locator = PR_FALSE;
- optstate = PL_CreateOptState (argc, argv, "AHLPR:S:V:d:l:pr:s:t:u:w:");
+ optstate = PL_CreateOptState(argc, argv, "AHLPR:S:V:d:l:pr:s:t:u:w:");
if (optstate == NULL) {
- SECU_PrintError (program_name, "PL_CreateOptState failed");
- return retval;
+ SECU_PrintError(program_name, "PL_CreateOptState failed");
+ return retval;
}
- while (PL_GetNextOpt (optstate) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- short_usage (program_name);
- return retval;
-
- case 'A':
- add_acceptable_responses = PR_TRUE;
- break;
-
- case 'H':
- long_usage (program_name);
- return retval;
-
- case 'L':
- add_service_locator = PR_TRUE;
- break;
-
- case 'P':
- presponse = 1;
- break;
-
- case 'R':
- dresponse = 1;
- name = optstate->value;
- break;
-
- case 'S':
- ccert = 1;
- name = optstate->value;
- break;
-
- case 'V':
- vcert = 1;
- name = optstate->value;
- break;
-
- case 'a':
- ascii = PR_TRUE;
- break;
-
- case 'd':
- db_dir = optstate->value;
- break;
-
- case 'l':
- responder_url = optstate->value;
- break;
-
- case 'p':
- prequest = 1;
- break;
-
- case 'r':
- crequest = 1;
- name = optstate->value;
- break;
-
- case 's':
- signer_name = optstate->value;
- break;
-
- case 't':
- responder_name = optstate->value;
- break;
-
- case 'u':
- cert_usage_str = optstate->value;
- break;
-
- case 'w':
- date_str = optstate->value;
- break;
- }
+ while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
+ switch (optstate->option) {
+ case '?':
+ short_usage(program_name);
+ return retval;
+
+ case 'A':
+ add_acceptable_responses = PR_TRUE;
+ break;
+
+ case 'H':
+ long_usage(program_name);
+ return retval;
+
+ case 'L':
+ add_service_locator = PR_TRUE;
+ break;
+
+ case 'P':
+ presponse = 1;
+ break;
+
+ case 'R':
+ dresponse = 1;
+ name = optstate->value;
+ break;
+
+ case 'S':
+ ccert = 1;
+ name = optstate->value;
+ break;
+
+ case 'V':
+ vcert = 1;
+ name = optstate->value;
+ break;
+
+ case 'a':
+ ascii = PR_TRUE;
+ break;
+
+ case 'd':
+ db_dir = optstate->value;
+ break;
+
+ case 'l':
+ responder_url = optstate->value;
+ break;
+
+ case 'p':
+ prequest = 1;
+ break;
+
+ case 'r':
+ crequest = 1;
+ name = optstate->value;
+ break;
+
+ case 's':
+ signer_name = optstate->value;
+ break;
+
+ case 't':
+ responder_name = optstate->value;
+ break;
+
+ case 'u':
+ cert_usage_str = optstate->value;
+ break;
+
+ case 'w':
+ date_str = optstate->value;
+ break;
+ }
}
PL_DestroyOptState(optstate);
if ((crequest + dresponse + prequest + presponse + ccert + vcert) != 1) {
- PR_fprintf (PR_STDERR, "%s: must specify exactly one command\n\n",
- program_name);
- short_usage (program_name);
- return retval;
+ PR_fprintf(PR_STDERR, "%s: must specify exactly one command\n\n",
+ program_name);
+ short_usage(program_name);
+ return retval;
}
if (vcert) {
- if (cert_usage_str == NULL) {
- PR_fprintf (PR_STDERR, "%s: verification requires cert usage\n\n",
- program_name);
- short_usage (program_name);
- return retval;
- }
-
- rv = cert_usage_from_char (cert_usage_str, &cert_usage);
- if (rv != SECSuccess) {
- PR_fprintf (PR_STDERR, "%s: invalid cert usage (\"%s\")\n\n",
- program_name, cert_usage_str);
- long_usage (program_name);
- return retval;
- }
+ if (cert_usage_str == NULL) {
+ PR_fprintf(PR_STDERR, "%s: verification requires cert usage\n\n",
+ program_name);
+ short_usage(program_name);
+ return retval;
+ }
+
+ rv = cert_usage_from_char(cert_usage_str, &cert_usage);
+ if (rv != SECSuccess) {
+ PR_fprintf(PR_STDERR, "%s: invalid cert usage (\"%s\")\n\n",
+ program_name, cert_usage_str);
+ long_usage(program_name);
+ return retval;
+ }
}
if (ccert + vcert) {
- if (responder_url != NULL || responder_name != NULL) {
- /*
- * To do a full status check, both the URL and the cert name
- * of the responder must be specified if either one is.
- */
- if (responder_url == NULL || responder_name == NULL) {
- if (responder_url == NULL)
- PR_fprintf (PR_STDERR,
- "%s: must also specify responder location\n\n",
- program_name);
- else
- PR_fprintf (PR_STDERR,
- "%s: must also specify responder name\n\n",
- program_name);
- short_usage (program_name);
- return retval;
- }
- }
-
- if (date_str != NULL) {
- rv = DER_AsciiToTime (&verify_time, (char *) date_str);
- if (rv != SECSuccess) {
- SECU_PrintError (program_name, "error converting time string");
- PR_fprintf (PR_STDERR, "\n");
- long_usage (program_name);
- return retval;
- }
- } else {
- verify_time = PR_Now();
- }
+ if (responder_url != NULL || responder_name != NULL) {
+ /*
+ * To do a full status check, both the URL and the cert name
+ * of the responder must be specified if either one is.
+ */
+ if (responder_url == NULL || responder_name == NULL) {
+ if (responder_url == NULL)
+ PR_fprintf(PR_STDERR,
+ "%s: must also specify responder location\n\n",
+ program_name);
+ else
+ PR_fprintf(PR_STDERR,
+ "%s: must also specify responder name\n\n",
+ program_name);
+ short_usage(program_name);
+ return retval;
+ }
+ }
+
+ if (date_str != NULL) {
+ rv = DER_AsciiToTime(&verify_time, (char *)date_str);
+ if (rv != SECSuccess) {
+ SECU_PrintError(program_name, "error converting time string");
+ PR_fprintf(PR_STDERR, "\n");
+ long_usage(program_name);
+ return retval;
+ }
+ } else {
+ verify_time = PR_Now();
+ }
}
- retval = -2; /* errors change from usage to runtime */
+ retval = -2; /* errors change from usage to runtime */
/*
* Initialize the NSPR and Security libraries.
*/
- PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- db_dir = SECU_ConfigDirectory (db_dir);
- rv = NSS_Init (db_dir);
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+ db_dir = SECU_ConfigDirectory(db_dir);
+ rv = NSS_Init(db_dir);
if (rv != SECSuccess) {
- SECU_PrintError (program_name, "NSS_Init failed");
- goto prdone;
+ SECU_PrintError(program_name, "NSS_Init failed");
+ goto prdone;
}
SECU_RegisterDynamicOids();
if (prequest + presponse) {
- MAKE_FILE_BINARY(stdin);
- data = read_file_into_item (in_file, siBuffer);
- if (data == NULL) {
- SECU_PrintError (program_name, "problem reading input");
- goto nssdone;
- }
+ MAKE_FILE_BINARY(stdin);
+ data = read_file_into_item(in_file, siBuffer);
+ if (data == NULL) {
+ SECU_PrintError(program_name, "problem reading input");
+ goto nssdone;
+ }
}
if (crequest + dresponse + presponse + ccert + vcert) {
- handle = CERT_GetDefaultCertDB();
- if (handle == NULL) {
- SECU_PrintError (program_name, "problem getting certdb handle");
- goto nssdone;
- }
-
- /*
- * It would be fine to do the enable for all of these commands,
- * but this way we check that everything but an overall verify
- * can be done without it. That is, that the individual pieces
- * work on their own.
- */
- if (vcert) {
- rv = CERT_EnableOCSPChecking (handle);
- if (rv != SECSuccess) {
- SECU_PrintError (program_name, "error enabling OCSP checking");
- goto nssdone;
- }
- }
-
- if ((ccert + vcert) && (responder_name != NULL)) {
- rv = CERT_SetOCSPDefaultResponder (handle, responder_url,
- responder_name);
- if (rv != SECSuccess) {
- SECU_PrintError (program_name,
- "error setting default responder");
- goto nssdone;
- }
-
- rv = CERT_EnableOCSPDefaultResponder (handle);
- if (rv != SECSuccess) {
- SECU_PrintError (program_name,
- "error enabling default responder");
- goto nssdone;
- }
- }
+ handle = CERT_GetDefaultCertDB();
+ if (handle == NULL) {
+ SECU_PrintError(program_name, "problem getting certdb handle");
+ goto nssdone;
+ }
+
+ /*
+ * It would be fine to do the enable for all of these commands,
+ * but this way we check that everything but an overall verify
+ * can be done without it. That is, that the individual pieces
+ * work on their own.
+ */
+ if (vcert) {
+ rv = CERT_EnableOCSPChecking(handle);
+ if (rv != SECSuccess) {
+ SECU_PrintError(program_name, "error enabling OCSP checking");
+ goto nssdone;
+ }
+ }
+
+ if ((ccert + vcert) && (responder_name != NULL)) {
+ rv = CERT_SetOCSPDefaultResponder(handle, responder_url,
+ responder_name);
+ if (rv != SECSuccess) {
+ SECU_PrintError(program_name,
+ "error setting default responder");
+ goto nssdone;
+ }
+
+ rv = CERT_EnableOCSPDefaultResponder(handle);
+ if (rv != SECSuccess) {
+ SECU_PrintError(program_name,
+ "error enabling default responder");
+ goto nssdone;
+ }
+ }
}
-#define NOTYET(opt) \
- { \
- PR_fprintf (PR_STDERR, "%s not yet working\n", opt); \
- exit (-1); \
- }
+#define NOTYET(opt) \
+ { \
+ PR_fprintf(PR_STDERR, "%s not yet working\n", opt); \
+ exit(-1); \
+ }
if (name) {
cert = find_certificate(handle, name, ascii);
}
if (crequest) {
- if (signer_name != NULL) {
- NOTYET("-s");
- }
- rv = create_request (out_file, handle, cert, add_service_locator,
- add_acceptable_responses);
+ if (signer_name != NULL) {
+ NOTYET("-s");
+ }
+ rv = create_request(out_file, handle, cert, add_service_locator,
+ add_acceptable_responses);
} else if (dresponse) {
- if (signer_name != NULL) {
- NOTYET("-s");
- }
- rv = dump_response (out_file, handle, cert, responder_url);
+ if (signer_name != NULL) {
+ NOTYET("-s");
+ }
+ rv = dump_response(out_file, handle, cert, responder_url);
} else if (prequest) {
- rv = print_request (out_file, data);
+ rv = print_request(out_file, data);
} else if (presponse) {
- rv = print_response (out_file, data, handle);
+ rv = print_response(out_file, data, handle);
} else if (ccert) {
- if (signer_name != NULL) {
- NOTYET("-s");
- }
- rv = get_cert_status (out_file, handle, cert, name, verify_time);
+ if (signer_name != NULL) {
+ NOTYET("-s");
+ }
+ rv = get_cert_status(out_file, handle, cert, name, verify_time);
} else if (vcert) {
- if (signer_name != NULL) {
- NOTYET("-s");
- }
- rv = verify_cert (out_file, handle, cert, name, cert_usage, verify_time);
+ if (signer_name != NULL) {
+ NOTYET("-s");
+ }
+ rv = verify_cert(out_file, handle, cert, name, cert_usage, verify_time);
}
if (rv != SECSuccess)
- SECU_PrintError (program_name, "error performing requested operation");
+ SECU_PrintError(program_name, "error performing requested operation");
else
- retval = 0;
+ retval = 0;
nssdone:
if (cert) {
@@ -1246,19 +1225,19 @@ nssdone:
}
if (data != NULL) {
- SECITEM_FreeItem (data, PR_TRUE);
+ SECITEM_FreeItem(data, PR_TRUE);
}
if (handle != NULL) {
- CERT_DisableOCSPDefaultResponder(handle);
- CERT_DisableOCSPChecking (handle);
+ CERT_DisableOCSPDefaultResponder(handle);
+ CERT_DisableOCSPChecking(handle);
}
- if (NSS_Shutdown () != SECSuccess) {
- retval = 1;
+ if (NSS_Shutdown() != SECSuccess) {
+ retval = 1;
}
prdone:
- PR_Cleanup ();
+ PR_Cleanup();
return retval;
}
diff --git a/cmd/ocspresp/ocspresp.c b/cmd/ocspresp/ocspresp.c
index cbc826929..632623c97 100644
--- a/cmd/ocspresp/ocspresp.c
+++ b/cmd/ocspresp/ocspresp.c
@@ -23,7 +23,7 @@
#include <stdio.h>
#include <string.h>
-secuPWData pwdata = { PW_NONE, 0 };
+secuPWData pwdata = { PW_NONE, 0 };
static PRBool
getCaAndSubjectCert(CERTCertDBHandle *certHandle,
@@ -48,17 +48,17 @@ encode(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
return NULL;
nextUpdate = now + 10 * PR_USEC_PER_SEC; /* in the future */
-
+
sr = CERT_CreateOCSPSingleResponseGood(arena, cid, now, &nextUpdate);
/* meaning of value 2: one entry + one end marker */
- responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2);
+ responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
if (responses == NULL)
return NULL;
-
+
responses[0] = sr;
responses[1] = NULL;
-
+
response = CERT_CreateEncodedOCSPSuccessResponse(
arena, ca, ocspResponderID_byName, now, responses, &pwdata);
@@ -83,7 +83,7 @@ encodeRevoked(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
revocationTime, NULL);
/* meaning of value 2: one entry + one end marker */
- responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2);
+ responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
if (responses == NULL)
return NULL;
@@ -96,23 +96,24 @@ encodeRevoked(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
return response;
}
-int Usage(void)
+int
+Usage(void)
{
PRFileDesc *pr_stderr = PR_STDERR;
- PR_fprintf (pr_stderr, "ocspresp runs an internal selftest for OCSP response creation");
- PR_fprintf (pr_stderr, "Usage:");
- PR_fprintf (pr_stderr,
- "\tocspresp <dbdir> <CA-nick> <EE-nick> [-p <pass>] [-f <file>]\n");
- PR_fprintf (pr_stderr,
- "\tdbdir: Find security databases in \"dbdir\"\n");
- PR_fprintf (pr_stderr,
- "\tCA-nick: nickname of a trusted CA certificate with private key\n");
- PR_fprintf (pr_stderr,
- "\tEE-nick: nickname of a entity cert issued by CA\n");
- PR_fprintf (pr_stderr,
- "\t-p: a password for db\n");
- PR_fprintf (pr_stderr,
- "\t-f: a filename containing the password for db\n");
+ PR_fprintf(pr_stderr, "ocspresp runs an internal selftest for OCSP response creation");
+ PR_fprintf(pr_stderr, "Usage:");
+ PR_fprintf(pr_stderr,
+ "\tocspresp <dbdir> <CA-nick> <EE-nick> [-p <pass>] [-f <file>]\n");
+ PR_fprintf(pr_stderr,
+ "\tdbdir: Find security databases in \"dbdir\"\n");
+ PR_fprintf(pr_stderr,
+ "\tCA-nick: nickname of a trusted CA certificate with private key\n");
+ PR_fprintf(pr_stderr,
+ "\tEE-nick: nickname of a entity cert issued by CA\n");
+ PR_fprintf(pr_stderr,
+ "\t-p: a password for db\n");
+ PR_fprintf(pr_stderr,
+ "\t-f: a filename containing the password for db\n");
return -1;
}
@@ -126,13 +127,13 @@ main(int argc, char **argv)
CERTOCSPCertID *cid = NULL;
PLArenaPool *arena = NULL;
PRTime now = PR_Now();
-
+
SECItem *encoded = NULL;
CERTOCSPResponse *decoded = NULL;
SECItem *encodedRev = NULL;
CERTOCSPResponse *decodedRev = NULL;
-
+
SECItem *encodedFail = NULL;
CERTOCSPResponse *decodedFail = NULL;
@@ -146,12 +147,10 @@ main(int argc, char **argv)
if (!strcmp(argv[4], "-p")) {
pwdata.source = PW_PLAINTEXT;
pwdata.data = PORT_Strdup(argv[5]);
- }
- else if (!strcmp(argv[4], "-f")) {
+ } else if (!strcmp(argv[4], "-f")) {
pwdata.source = PW_FROMFILE;
pwdata.data = PORT_Strdup(argv[5]);
- }
- else
+ } else
return Usage();
}
@@ -159,15 +158,15 @@ main(int argc, char **argv)
/*rv = NSS_Init(SECU_ConfigDirectory(NULL));*/
rv = NSS_Init(argv[1]);
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(argv[0]);
- goto loser;
+ SECU_PrintPRandOSError(argv[0]);
+ goto loser;
}
PK11_SetPasswordFunc(SECU_GetModulePassword);
certHandle = CERT_GetDefaultCertDB();
if (!certHandle)
- goto loser;
+ goto loser;
if (!getCaAndSubjectCert(certHandle, argv[2], argv[3], &caCert, &cert))
goto loser;
@@ -181,9 +180,9 @@ main(int argc, char **argv)
PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decoded));
PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata,
- &obtainedSignerCert, caCert));
+ &obtainedSignerCert, caCert));
PORT_CheckSuccess(CERT_GetOCSPStatusForCertID(certHandle, decoded, cid,
- obtainedSignerCert, now));
+ obtainedSignerCert, now));
CERT_DestroyCertificate(obtainedSignerCert);
encodedRev = encodeRevoked(arena, cid, caCert);
@@ -192,7 +191,7 @@ main(int argc, char **argv)
PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decodedRev));
PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata,
- &obtainedSignerCert, caCert));
+ &obtainedSignerCert, caCert));
#ifdef DEBUG
{
SECStatus rv = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
@@ -205,7 +204,7 @@ main(int argc, char **argv)
obtainedSignerCert, now);
#endif
CERT_DestroyCertificate(obtainedSignerCert);
-
+
encodedFail = CERT_CreateEncodedOCSPErrorResponse(
arena, SEC_ERROR_OCSP_TRY_SERVER_LATER);
PORT_Assert(encodedFail);
@@ -223,7 +222,7 @@ main(int argc, char **argv)
loser:
if (retval != 0)
SECU_PrintError(argv[0], "tests failed");
-
+
if (cid)
CERT_DestroyOCSPCertID(cid);
if (cert)
@@ -241,7 +240,7 @@ loser:
if (pwdata.data) {
PORT_Free(pwdata.data);
}
-
+
if (NSS_Shutdown() != SECSuccess) {
SECU_PrintError(argv[0], "NSS shutdown:");
if (retval == 0)
diff --git a/cmd/oidcalc/oidcalc.c b/cmd/oidcalc/oidcalc.c
index c767099a4..46ef56c41 100644
--- a/cmd/oidcalc/oidcalc.c
+++ b/cmd/oidcalc/oidcalc.c
@@ -16,73 +16,71 @@ main(int argc, char **argv)
unsigned int val;
unsigned char buf[5];
int count;
-
- if ( argc != 2 ) {
- fprintf(stderr, "wrong number of args\n");
- exit(-1);
+
+ if (argc != 2) {
+ fprintf(stderr, "wrong number of args\n");
+ exit(-1);
}
-
+
curstr = argv[1];
-
+
nextstr = strchr(curstr, '.');
-
- if ( nextstr == NULL ) {
- fprintf(stderr, "only one component\n");
- exit(-1);
+
+ if (nextstr == NULL) {
+ fprintf(stderr, "only one component\n");
+ exit(-1);
}
-
+
*nextstr = '\0';
firstval = atoi(curstr);
curstr = nextstr + 1;
-
+
nextstr = strchr(curstr, '.');
- if ( nextstr ) {
- *nextstr = '\0';
+ if (nextstr) {
+ *nextstr = '\0';
}
secondval = atoi(curstr);
-
- if ( firstval > 2 ) {
- fprintf(stderr, "first component out of range\n");
- exit(-1);
-
+
+ if (firstval > 2) {
+ fprintf(stderr, "first component out of range\n");
+ exit(-1);
}
-
- if ( secondval > 39 ) {
- fprintf(stderr, "second component out of range\n");
- exit(-1);
+
+ if (secondval > 39) {
+ fprintf(stderr, "second component out of range\n");
+ exit(-1);
}
-
- printf("0x%x, ", ( firstval * 40 ) + secondval );
- while ( nextstr ) {
- curstr = nextstr + 1;
-
- nextstr = strchr(curstr, '.');
-
- if ( nextstr ) {
- *nextstr = '\0';
- }
-
- memset(buf, 0, sizeof(buf));
- val = atoi(curstr);
- count = 0;
- while ( val ) {
- buf[count] = ( val & 0x7f );
- val = val >> 7;
- count++;
- }
-
- while ( count-- ) {
- if ( count ) {
- printf("0x%x, ", buf[count] | 0x80 );
- } else {
- printf("0x%x, ", buf[count] );
- }
- }
+
+ printf("0x%x, ", (firstval * 40) + secondval);
+ while (nextstr) {
+ curstr = nextstr + 1;
+
+ nextstr = strchr(curstr, '.');
+
+ if (nextstr) {
+ *nextstr = '\0';
+ }
+
+ memset(buf, 0, sizeof(buf));
+ val = atoi(curstr);
+ count = 0;
+ while (val) {
+ buf[count] = (val & 0x7f);
+ val = val >> 7;
+ count++;
+ }
+
+ while (count--) {
+ if (count) {
+ printf("0x%x, ", buf[count] | 0x80);
+ } else {
+ printf("0x%x, ", buf[count]);
+ }
+ }
}
printf("\n");
return 0;
}
-
diff --git a/cmd/p7content/p7content.c b/cmd/p7content/p7content.c
index 15f725397..a396c70bf 100644
--- a/cmd/p7content/p7content.c
+++ b/cmd/p7content/p7content.c
@@ -23,38 +23,36 @@
#include <string.h>
#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
-extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fwrite(char *, size_t, size_t, FILE *);
extern int fprintf(FILE *, char *, ...);
#endif
-
-
static void
Usage(char *progName)
{
fprintf(stderr,
- "Usage: %s [-d dbdir] [-i input] [-o output]\n",
- progName);
+ "Usage: %s [-d dbdir] [-i input] [-o output]\n",
+ progName);
fprintf(stderr,
- "%-20s Key/Cert database directory (default is ~/.netscape)\n",
- "-d dbdir");
+ "%-20s Key/Cert database directory (default is ~/.netscape)\n",
+ "-d dbdir");
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
+ "-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
+ "-o output");
exit(-1);
}
static PRBool saw_content;
-static secuPWData pwdata = { PW_NONE, 0 };
+static secuPWData pwdata = { PW_NONE, 0 };
static void
PrintBytes(void *arg, const char *buf, unsigned long len)
{
FILE *out;
- out = arg;
- fwrite (buf, len, 1, out);
+ out = arg;
+ fwrite(buf, len, 1, out);
saw_content = PR_TRUE;
}
@@ -80,82 +78,82 @@ DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
if (SECU_ReadDERFromFile(&derdata, in, PR_FALSE, PR_FALSE)) {
SECU_PrintError(progName, "error converting der");
- return -1;
+ return -1;
}
fprintf(out,
- "Content printed between bars (newline added before second bar):");
+ "Content printed between bars (newline added before second bar):");
fprintf(out, "\n---------------------------------------------\n");
saw_content = PR_FALSE;
dcx = SEC_PKCS7DecoderStart(PrintBytes, out, NULL, &pwdata,
- NULL, NULL, decryption_allowed);
+ NULL, NULL, decryption_allowed);
if (dcx != NULL) {
-#if 0 /* Test that decoder works when data is really streaming in. */
- {
- unsigned long i;
- for (i = 0; i < derdata.len; i++)
- SEC_PKCS7DecoderUpdate(dcx, derdata.data + i, 1);
- }
+#if 0 /* Test that decoder works when data is really streaming in. */
+ {
+ unsigned long i;
+ for (i = 0; i < derdata.len; i++)
+ SEC_PKCS7DecoderUpdate(dcx, derdata.data + i, 1);
+ }
#else
- SEC_PKCS7DecoderUpdate(dcx, (char *)derdata.data, derdata.len);
+ SEC_PKCS7DecoderUpdate(dcx, (char *)derdata.data, derdata.len);
#endif
- cinfo = SEC_PKCS7DecoderFinish(dcx);
+ cinfo = SEC_PKCS7DecoderFinish(dcx);
}
fprintf(out, "\n---------------------------------------------\n");
if (cinfo == NULL)
- return -1;
+ return -1;
fprintf(out, "Content was%s encrypted.\n",
- SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not");
+ SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not");
if (SEC_PKCS7ContentIsSigned(cinfo)) {
- char *signer_cname, *signer_ename;
- SECItem *signing_time;
-
- if (saw_content) {
- fprintf(out, "Signature is ");
- PORT_SetError(0);
- if (SEC_PKCS7VerifySignature(cinfo, certUsageEmailSigner, PR_FALSE))
- fprintf(out, "valid.\n");
- else
- fprintf(out, "invalid (Reason: %s).\n",
- SECU_Strerror(PORT_GetError()));
- } else {
- fprintf(out,
- "Content is detached; signature cannot be verified.\n");
- }
-
- signer_cname = SEC_PKCS7GetSignerCommonName(cinfo);
- if (signer_cname != NULL) {
- fprintf(out, "The signer's common name is %s\n", signer_cname);
- PORT_Free(signer_cname);
- } else {
- fprintf(out, "No signer common name.\n");
- }
-
- signer_ename = SEC_PKCS7GetSignerEmailAddress(cinfo);
- if (signer_ename != NULL) {
- fprintf(out, "The signer's email address is %s\n", signer_ename);
- PORT_Free(signer_ename);
- } else {
- fprintf(out, "No signer email address.\n");
- }
-
- signing_time = SEC_PKCS7GetSigningTime(cinfo);
- if (signing_time != NULL) {
- SECU_PrintTimeChoice(out, signing_time, "Signing time", 0);
- } else {
- fprintf(out, "No signing time included.\n");
- }
+ char *signer_cname, *signer_ename;
+ SECItem *signing_time;
+
+ if (saw_content) {
+ fprintf(out, "Signature is ");
+ PORT_SetError(0);
+ if (SEC_PKCS7VerifySignature(cinfo, certUsageEmailSigner, PR_FALSE))
+ fprintf(out, "valid.\n");
+ else
+ fprintf(out, "invalid (Reason: %s).\n",
+ SECU_Strerror(PORT_GetError()));
+ } else {
+ fprintf(out,
+ "Content is detached; signature cannot be verified.\n");
+ }
+
+ signer_cname = SEC_PKCS7GetSignerCommonName(cinfo);
+ if (signer_cname != NULL) {
+ fprintf(out, "The signer's common name is %s\n", signer_cname);
+ PORT_Free(signer_cname);
+ } else {
+ fprintf(out, "No signer common name.\n");
+ }
+
+ signer_ename = SEC_PKCS7GetSignerEmailAddress(cinfo);
+ if (signer_ename != NULL) {
+ fprintf(out, "The signer's email address is %s\n", signer_ename);
+ PORT_Free(signer_ename);
+ } else {
+ fprintf(out, "No signer email address.\n");
+ }
+
+ signing_time = SEC_PKCS7GetSigningTime(cinfo);
+ if (signing_time != NULL) {
+ SECU_PrintTimeChoice(out, signing_time, "Signing time", 0);
+ } else {
+ fprintf(out, "No signing time included.\n");
+ }
} else {
- fprintf(out, "Content was not signed.\n");
+ fprintf(out, "Content was not signed.\n");
}
fprintf(out, "There were%s certs or crls included.\n",
- SEC_PKCS7ContainsCertsOrCrls(cinfo) ? "" : " no");
+ SEC_PKCS7ContainsCertsOrCrls(cinfo) ? "" : " no");
SEC_PKCS7DestroyContentInfo(cinfo);
return 0;
@@ -176,7 +174,7 @@ main(int argc, char **argv)
SECStatus rv;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
inFile = NULL;
outFile = NULL;
@@ -186,65 +184,67 @@ main(int argc, char **argv)
*/
optstate = PL_CreateOptState(argc, argv, "d:i:o:p:f:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'i':
- inFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'p':
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = PORT_Strdup (optstate->value);
- break;
-
- case 'f':
- pwdata.source = PW_FROMFILE;
- pwdata.data = PORT_Strdup (optstate->value);
- break;
-
- default:
- Usage(progName);
- break;
- }
+ switch (optstate->option) {
+ case 'd':
+ SECU_ConfigDirectory(optstate->value);
+ break;
+
+ case 'i':
+ inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+ if (!inFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'o':
+ outFile = fopen(optstate->value, "w");
+ if (!outFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'p':
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
+
+ case 'f':
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
+
+ default:
+ Usage(progName);
+ break;
+ }
}
if (status == PL_OPT_BAD)
- Usage(progName);
+ Usage(progName);
- if (!inFile) inFile = PR_STDIN;
- if (!outFile) outFile = stdout;
+ if (!inFile)
+ inFile = PR_STDIN;
+ if (!outFile)
+ outFile = stdout;
/* Call the initialization routines */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_Init(SECU_ConfigDirectory(NULL));
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- return -1;
+ SECU_PrintPRandOSError(progName);
+ return -1;
}
PK11_SetPasswordFunc(SECU_GetModulePassword);
if (DecodeAndPrintFile(outFile, inFile, progName)) {
- SECU_PrintError(progName, "problem decoding data");
- return -1;
+ SECU_PrintError(progName, "problem decoding data");
+ return -1;
}
-
+
if (NSS_Shutdown() != SECSuccess) {
exit(1);
}
diff --git a/cmd/p7env/p7env.c b/cmd/p7env/p7env.c
index 338f9cf30..b798101ef 100644
--- a/cmd/p7env/p7env.c
+++ b/cmd/p7env/p7env.c
@@ -22,26 +22,25 @@
#include <string.h>
#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
extern int fprintf(FILE *, char *, ...);
#endif
-
static void
Usage(char *progName)
{
fprintf(stderr,
- "Usage: %s -r recipient [-d dbdir] [-i input] [-o output]\n",
- progName);
+ "Usage: %s -r recipient [-d dbdir] [-i input] [-o output]\n",
+ progName);
fprintf(stderr, "%-20s Nickname of cert to use for encryption\n",
- "-r recipient");
+ "-r recipient");
fprintf(stderr, "%-20s Cert database directory (default is ~/.netscape)\n",
- "-d dbdir");
+ "-d dbdir");
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
+ "-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
+ "-o output");
exit(-1);
}
@@ -54,15 +53,15 @@ struct recipient {
static void
EncryptOut(void *arg, const char *buf, unsigned long len)
{
- FILE *out;
+ FILE *out;
- out = arg;
- fwrite (buf, len, 1, out);
+ out = arg;
+ fwrite(buf, len, 1, out);
}
static int
EncryptFile(FILE *outFile, FILE *inFile, struct recipient *recipients,
- char *progName)
+ char *progName)
{
SEC_PKCS7ContentInfo *cinfo;
SEC_PKCS7EncoderContext *ecx;
@@ -70,57 +69,57 @@ EncryptFile(FILE *outFile, FILE *inFile, struct recipient *recipients,
SECStatus rv;
if (outFile == NULL || inFile == NULL || recipients == NULL)
- return -1;
+ return -1;
/* XXX Need a better way to handle that certUsage stuff! */
/* XXX keysize? */
- cinfo = SEC_PKCS7CreateEnvelopedData (recipients->cert,
- certUsageEmailRecipient,
- NULL, SEC_OID_DES_EDE3_CBC, 0,
- NULL, NULL);
+ cinfo = SEC_PKCS7CreateEnvelopedData(recipients->cert,
+ certUsageEmailRecipient,
+ NULL, SEC_OID_DES_EDE3_CBC, 0,
+ NULL, NULL);
if (cinfo == NULL)
- return -1;
+ return -1;
for (rcpt = recipients->next; rcpt != NULL; rcpt = rcpt->next) {
- rv = SEC_PKCS7AddRecipient (cinfo, rcpt->cert, certUsageEmailRecipient,
- NULL);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "error adding recipient \"%s\"",
- rcpt->nickname);
- return -1;
- }
+ rv = SEC_PKCS7AddRecipient(cinfo, rcpt->cert, certUsageEmailRecipient,
+ NULL);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "error adding recipient \"%s\"",
+ rcpt->nickname);
+ return -1;
+ }
}
- ecx = SEC_PKCS7EncoderStart (cinfo, EncryptOut, outFile, NULL);
+ ecx = SEC_PKCS7EncoderStart(cinfo, EncryptOut, outFile, NULL);
if (ecx == NULL)
- return -1;
+ return -1;
for (;;) {
- char ibuf[1024];
- int nb;
-
- if (feof(inFile))
- break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- rv = SECFailure;
- }
- break;
- }
- rv = SEC_PKCS7EncoderUpdate(ecx, ibuf, nb);
- if (rv != SECSuccess)
- break;
+ char ibuf[1024];
+ int nb;
+
+ if (feof(inFile))
+ break;
+ nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+ if (nb == 0) {
+ if (ferror(inFile)) {
+ PORT_SetError(SEC_ERROR_IO);
+ rv = SECFailure;
+ }
+ break;
+ }
+ rv = SEC_PKCS7EncoderUpdate(ecx, ibuf, nb);
+ if (rv != SECSuccess)
+ break;
}
if (SEC_PKCS7EncoderFinish(ecx, NULL, NULL) != SECSuccess)
- rv = SECFailure;
+ rv = SECFailure;
- SEC_PKCS7DestroyContentInfo (cinfo);
+ SEC_PKCS7DestroyContentInfo(cinfo);
if (rv != SECSuccess)
- return -1;
+ return -1;
return 0;
}
@@ -137,7 +136,7 @@ main(int argc, char **argv)
SECStatus rv;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
inFile = NULL;
outFile = NULL;
@@ -152,85 +151,88 @@ main(int argc, char **argv)
*/
optstate = PL_CreateOptState(argc, argv, "d:i:o:r:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'i':
- inFile = fopen(optstate->value, "r");
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "wb");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'r':
- if (rcpt == NULL) {
- recipients = rcpt = PORT_Alloc (sizeof(struct recipient));
- } else {
- rcpt->next = PORT_Alloc (sizeof(struct recipient));
- rcpt = rcpt->next;
- }
- if (rcpt == NULL) {
- fprintf(stderr, "%s: unable to allocate recipient struct\n",
- progName);
- return -1;
- }
- rcpt->nickname = strdup(optstate->value);
- rcpt->cert = NULL;
- rcpt->next = NULL;
- break;
- }
+ switch (optstate->option) {
+ case '?':
+ Usage(progName);
+ break;
+
+ case 'd':
+ SECU_ConfigDirectory(optstate->value);
+ break;
+
+ case 'i':
+ inFile = fopen(optstate->value, "r");
+ if (!inFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'o':
+ outFile = fopen(optstate->value, "wb");
+ if (!outFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'r':
+ if (rcpt == NULL) {
+ recipients = rcpt = PORT_Alloc(sizeof(struct recipient));
+ } else {
+ rcpt->next = PORT_Alloc(sizeof(struct recipient));
+ rcpt = rcpt->next;
+ }
+ if (rcpt == NULL) {
+ fprintf(stderr, "%s: unable to allocate recipient struct\n",
+ progName);
+ return -1;
+ }
+ rcpt->nickname = strdup(optstate->value);
+ rcpt->cert = NULL;
+ rcpt->next = NULL;
+ break;
+ }
}
- if (!recipients) Usage(progName);
+ if (!recipients)
+ Usage(progName);
- if (!inFile) inFile = stdin;
- if (!outFile) outFile = stdout;
+ if (!inFile)
+ inFile = stdin;
+ if (!outFile)
+ outFile = stdout;
/* Call the NSS initialization routines */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_Init(SECU_ConfigDirectory(NULL));
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- return -1;
+ SECU_PrintPRandOSError(progName);
+ return -1;
}
/* open cert database */
certHandle = CERT_GetDefaultCertDB();
if (certHandle == NULL) {
- return -1;
+ return -1;
}
/* find certs */
for (rcpt = recipients; rcpt != NULL; rcpt = rcpt->next) {
- rcpt->cert = CERT_FindCertByNickname(certHandle, rcpt->nickname);
- if (rcpt->cert == NULL) {
- SECU_PrintError(progName,
- "the cert for name \"%s\" not found in database",
- rcpt->nickname);
- return -1;
- }
+ rcpt->cert = CERT_FindCertByNickname(certHandle, rcpt->nickname);
+ if (rcpt->cert == NULL) {
+ SECU_PrintError(progName,
+ "the cert for name \"%s\" not found in database",
+ rcpt->nickname);
+ return -1;
+ }
}
if (EncryptFile(outFile, inFile, recipients, progName)) {
- SECU_PrintError(progName, "problem encrypting data");
- return -1;
+ SECU_PrintError(progName, "problem encrypting data");
+ return -1;
}
return 0;
diff --git a/cmd/p7sign/p7sign.c b/cmd/p7sign/p7sign.c
index d41e1c762..605eee415 100644
--- a/cmd/p7sign/p7sign.c
+++ b/cmd/p7sign/p7sign.c
@@ -13,7 +13,7 @@
#include "secpkcs7.h"
#include "cert.h"
#include "certdb.h"
-#include "sechash.h" /* for HASH_GetHashObject() */
+#include "sechash.h" /* for HASH_GetHashObject() */
#include "nss.h"
#include "pk11func.h"
@@ -25,29 +25,29 @@
#include <string.h>
#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
extern int fprintf(FILE *, char *, ...);
#endif
-static secuPWData pwdata = { PW_NONE, 0 };
+static secuPWData pwdata = { PW_NONE, 0 };
static void
Usage(char *progName)
{
fprintf(stderr,
- "Usage: %s -k keyname [-d keydir] [-i input] [-o output]\n",
- progName);
+ "Usage: %s -k keyname [-d keydir] [-i input] [-o output]\n",
+ progName);
fprintf(stderr, "%-20s Nickname of key to use for signature\n",
- "-k keyname");
+ "-k keyname");
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
- "-d keydir");
+ "-d keydir");
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
+ "-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
+ "-o output");
fprintf(stderr, "%-20s Encapsulate content in signature message\n",
- "-e");
+ "-e");
fprintf(stderr, "%-20s Password to the key databse\n", "-p");
fprintf(stderr, "%-20s password file\n", "-f");
exit(-1);
@@ -56,10 +56,10 @@ Usage(char *progName)
static void
SignOut(void *arg, const char *buf, unsigned long len)
{
- FILE *out;
+ FILE *out;
- out = (FILE*) arg;
- fwrite (buf, len, 1, out);
+ out = (FILE *)arg;
+ fwrite(buf, len, 1, out);
}
static int
@@ -71,19 +71,19 @@ CreateDigest(SECItem *data, char *digestdata, unsigned int *len, unsigned int ma
/* XXX probably want to extend interface to allow other hash algorithms */
hashObj = HASH_GetHashObject(HASH_AlgSHA1);
- hashcx = (* hashObj->create)();
+ hashcx = (*hashObj->create)();
if (hashcx == NULL)
- return -1;
+ return -1;
- (* hashObj->begin)(hashcx);
- (* hashObj->update)(hashcx, data->data, data->len);
- (* hashObj->end)(hashcx, (unsigned char *)digestdata, len, maxlen);
- (* hashObj->destroy)(hashcx, PR_TRUE);
+ (*hashObj->begin)(hashcx);
+ (*hashObj->update)(hashcx, data->data, data->len);
+ (*hashObj->end)(hashcx, (unsigned char *)digestdata, len, maxlen);
+ (*hashObj->destroy)(hashcx, PR_TRUE);
return 0;
}
static int
-SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert,
+SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert,
PRBool encapsulated)
{
char digestdata[32];
@@ -93,49 +93,49 @@ SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert,
SECStatus rv;
if (outFile == NULL || inFile == NULL || cert == NULL)
- return -1;
+ return -1;
/* suck the file in */
- if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE,
- PR_FALSE) != SECSuccess)
- return -1;
+ if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE,
+ PR_FALSE) != SECSuccess)
+ return -1;
if (!encapsulated) {
- /* unfortunately, we must create the digest ourselves */
- /* SEC_PKCS7CreateSignedData should have a flag to not include */
- /* the content for non-encapsulated content at encode time, but */
- /* should always compute the hash itself */
- if (CreateDigest(&data2sign, digestdata, &len, 32) < 0)
- return -1;
- digest.data = (unsigned char *)digestdata;
- digest.len = len;
+ /* unfortunately, we must create the digest ourselves */
+ /* SEC_PKCS7CreateSignedData should have a flag to not include */
+ /* the content for non-encapsulated content at encode time, but */
+ /* should always compute the hash itself */
+ if (CreateDigest(&data2sign, digestdata, &len, 32) < 0)
+ return -1;
+ digest.data = (unsigned char *)digestdata;
+ digest.len = len;
}
/* XXX Need a better way to handle that usage stuff! */
- cinfo = SEC_PKCS7CreateSignedData (cert, certUsageEmailSigner, NULL,
- SEC_OID_SHA1,
- encapsulated ? NULL : &digest,
- NULL, NULL);
+ cinfo = SEC_PKCS7CreateSignedData(cert, certUsageEmailSigner, NULL,
+ SEC_OID_SHA1,
+ encapsulated ? NULL : &digest,
+ NULL, NULL);
if (cinfo == NULL)
- return -1;
+ return -1;
if (encapsulated) {
- SEC_PKCS7SetContent(cinfo, (char *)data2sign.data, data2sign.len);
+ SEC_PKCS7SetContent(cinfo, (char *)data2sign.data, data2sign.len);
}
- rv = SEC_PKCS7IncludeCertChain (cinfo, NULL);
+ rv = SEC_PKCS7IncludeCertChain(cinfo, NULL);
if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return -1;
+ SEC_PKCS7DestroyContentInfo(cinfo);
+ return -1;
}
- rv = SEC_PKCS7Encode (cinfo, SignOut, outFile, NULL,
- NULL, &pwdata);
+ rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL,
+ NULL, &pwdata);
- SEC_PKCS7DestroyContentInfo (cinfo);
+ SEC_PKCS7DestroyContentInfo(cinfo);
if (rv != SECSuccess)
- return -1;
+ return -1;
return 0;
}
@@ -155,7 +155,7 @@ main(int argc, char **argv)
SECStatus rv;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
inFile = NULL;
outFile = NULL;
@@ -166,64 +166,67 @@ main(int argc, char **argv)
*/
optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:p:f:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'e':
- /* create a message with the signed content encapsulated */
- encapsulated = PR_TRUE;
- break;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'i':
- inFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'k':
- keyName = strdup(optstate->value);
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "wb");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
- case 'p':
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = strdup (optstate->value);
- break;
-
- case 'f':
- pwdata.source = PW_FROMFILE;
- pwdata.data = PORT_Strdup (optstate->value);
- break;
- }
+ switch (optstate->option) {
+ case '?':
+ Usage(progName);
+ break;
+
+ case 'e':
+ /* create a message with the signed content encapsulated */
+ encapsulated = PR_TRUE;
+ break;
+
+ case 'd':
+ SECU_ConfigDirectory(optstate->value);
+ break;
+
+ case 'i':
+ inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+ if (!inFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'k':
+ keyName = strdup(optstate->value);
+ break;
+
+ case 'o':
+ outFile = fopen(optstate->value, "wb");
+ if (!outFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+ case 'p':
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = strdup(optstate->value);
+ break;
+
+ case 'f':
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
+ }
}
- if (!keyName) Usage(progName);
+ if (!keyName)
+ Usage(progName);
- if (!inFile) inFile = PR_STDIN;
- if (!outFile) outFile = stdout;
+ if (!inFile)
+ inFile = PR_STDIN;
+ if (!outFile)
+ outFile = stdout;
/* Call the initialization routines */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_Init(SECU_ConfigDirectory(NULL));
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- goto loser;
+ SECU_PrintPRandOSError(progName);
+ goto loser;
}
PK11_SetPasswordFunc(SECU_GetModulePassword);
@@ -231,24 +234,24 @@ main(int argc, char **argv)
/* open cert database */
certHandle = CERT_GetDefaultCertDB();
if (certHandle == NULL) {
- rv = SECFailure;
- goto loser;
+ rv = SECFailure;
+ goto loser;
}
/* find cert */
cert = CERT_FindCertByNickname(certHandle, keyName);
if (cert == NULL) {
- SECU_PrintError(progName,
- "the corresponding cert for key \"%s\" does not exist",
- keyName);
- rv = SECFailure;
- goto loser;
+ SECU_PrintError(progName,
+ "the corresponding cert for key \"%s\" does not exist",
+ keyName);
+ rv = SECFailure;
+ goto loser;
}
if (SignFile(outFile, inFile, cert, encapsulated)) {
- SECU_PrintError(progName, "problem signing data");
- rv = SECFailure;
- goto loser;
+ SECU_PrintError(progName, "problem signing data");
+ rv = SECFailure;
+ goto loser;
}
loser:
diff --git a/cmd/p7verify/p7verify.c b/cmd/p7verify/p7verify.c
index 1d87ac39e..bb92f990f 100644
--- a/cmd/p7verify/p7verify.c
+++ b/cmd/p7verify/p7verify.c
@@ -13,7 +13,7 @@
#include "cert.h"
#include "certdb.h"
#include "secoid.h"
-#include "sechash.h" /* for HASH_GetHashObject() */
+#include "sechash.h" /* for HASH_GetHashObject() */
#include "nss.h"
#if defined(XP_UNIX)
@@ -24,11 +24,10 @@
#include <string.h>
#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
-extern int fread(char *, size_t, size_t, FILE*);
+extern int fread(char *, size_t, size_t, FILE *);
extern int fprintf(FILE *, char *, ...);
#endif
-
static HASH_HashType
AlgorithmToHashType(SECAlgorithmID *digestAlgorithms)
{
@@ -36,23 +35,23 @@ AlgorithmToHashType(SECAlgorithmID *digestAlgorithms)
SECOidTag tag;
tag = SECOID_GetAlgorithmTag(digestAlgorithms);
-
+
switch (tag) {
- case SEC_OID_MD2:
- return HASH_AlgMD2;
- case SEC_OID_MD5:
- return HASH_AlgMD5;
- case SEC_OID_SHA1:
- return HASH_AlgSHA1;
- default:
- fprintf(stderr, "should never get here\n");
- return HASH_AlgNULL;
+ case SEC_OID_MD2:
+ return HASH_AlgMD2;
+ case SEC_OID_MD5:
+ return HASH_AlgMD5;
+ case SEC_OID_SHA1:
+ return HASH_AlgSHA1;
+ default:
+ fprintf(stderr, "should never get here\n");
+ return HASH_AlgNULL;
}
}
static int
DigestFile(unsigned char *digest, unsigned int *len, unsigned int maxLen,
- FILE *inFile, HASH_HashType hashType)
+ FILE *inFile, HASH_HashType hashType)
{
int nb;
unsigned char ibuf[4096];
@@ -61,51 +60,51 @@ DigestFile(unsigned char *digest, unsigned int *len, unsigned int maxLen,
hashObj = HASH_GetHashObject(hashType);
- hashcx = (* hashObj->create)();
+ hashcx = (*hashObj->create)();
if (hashcx == NULL)
- return -1;
+ return -1;
- (* hashObj->begin)(hashcx);
+ (*hashObj->begin)(hashcx);
for (;;) {
- if (feof(inFile)) break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb != sizeof(ibuf)) {
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- (* hashObj->destroy)(hashcx, PR_TRUE);
- return -1;
- }
- /* eof */
- break;
- }
- }
- (* hashObj->update)(hashcx, ibuf, nb);
+ if (feof(inFile))
+ break;
+ nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+ if (nb != sizeof(ibuf)) {
+ if (nb == 0) {
+ if (ferror(inFile)) {
+ PORT_SetError(SEC_ERROR_IO);
+ (*hashObj->destroy)(hashcx, PR_TRUE);
+ return -1;
+ }
+ /* eof */
+ break;
+ }
+ }
+ (*hashObj->update)(hashcx, ibuf, nb);
}
- (* hashObj->end)(hashcx, digest, len, maxLen);
- (* hashObj->destroy)(hashcx, PR_TRUE);
+ (*hashObj->end)(hashcx, digest, len, maxLen);
+ (*hashObj->destroy)(hashcx, PR_TRUE);
return 0;
}
-
static void
Usage(char *progName)
{
fprintf(stderr,
- "Usage: %s -c content -s signature [-d dbdir] [-u certusage]\n",
- progName);
+ "Usage: %s -c content -s signature [-d dbdir] [-u certusage]\n",
+ progName);
fprintf(stderr, "%-20s content file that was signed\n",
- "-c content");
+ "-c content");
fprintf(stderr, "%-20s file containing signature for that content\n",
- "-s signature");
+ "-s signature");
fprintf(stderr,
- "%-20s Key/Cert database directory (default is ~/.netscape)\n",
- "-d dbdir");
+ "%-20s Key/Cert database directory (default is ~/.netscape)\n",
+ "-d dbdir");
fprintf(stderr, "%-20s Define the type of certificate usage (default is certUsageEmailSigner)\n",
- "-u certusage");
+ "-u certusage");
fprintf(stderr, "%-25s 0 - certUsageSSLClient\n", " ");
fprintf(stderr, "%-25s 1 - certUsageSSLServer\n", " ");
fprintf(stderr, "%-25s 2 - certUsageSSLServerWithStepUp\n", " ");
@@ -124,7 +123,7 @@ Usage(char *progName)
static int
HashDecodeAndVerify(FILE *out, FILE *content, PRFileDesc *signature,
- SECCertUsage usage, char *progName)
+ SECCertUsage usage, char *progName)
{
SECItem derdata;
SEC_PKCS7ContentInfo *cinfo;
@@ -135,18 +134,18 @@ HashDecodeAndVerify(FILE *out, FILE *content, PRFileDesc *signature,
if (SECU_ReadDERFromFile(&derdata, signature, PR_FALSE,
PR_FALSE) != SECSuccess) {
- SECU_PrintError(progName, "error reading signature file");
- return -1;
+ SECU_PrintError(progName, "error reading signature file");
+ return -1;
}
cinfo = SEC_PKCS7DecodeItem(&derdata, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL);
+ NULL, NULL, NULL);
if (cinfo == NULL)
- return -1;
+ return -1;
- if (! SEC_PKCS7ContentIsSigned(cinfo)) {
- fprintf (out, "Signature file is pkcs7 data, but not signed.\n");
- return -1;
+ if (!SEC_PKCS7ContentIsSigned(cinfo)) {
+ fprintf(out, "Signature file is pkcs7 data, but not signed.\n");
+ return -1;
}
signedData = cinfo->content.signedData;
@@ -154,29 +153,28 @@ HashDecodeAndVerify(FILE *out, FILE *content, PRFileDesc *signature,
/* assume that there is only one digest algorithm for now */
digestType = AlgorithmToHashType(signedData->digestAlgorithms[0]);
if (digestType == HASH_AlgNULL) {
- fprintf (out, "Invalid hash algorithmID\n");
- return -1;
+ fprintf(out, "Invalid hash algorithmID\n");
+ return -1;
}
digest.data = buffer;
- if (DigestFile (digest.data, &digest.len, 32, content, digestType)) {
- SECU_PrintError (progName, "problem computing message digest");
- return -1;
+ if (DigestFile(digest.data, &digest.len, 32, content, digestType)) {
+ SECU_PrintError(progName, "problem computing message digest");
+ return -1;
}
fprintf(out, "Signature is ");
- if (SEC_PKCS7VerifyDetachedSignature (cinfo, usage, &digest, digestType,
- PR_FALSE))
- fprintf(out, "valid.\n");
+ if (SEC_PKCS7VerifyDetachedSignature(cinfo, usage, &digest, digestType,
+ PR_FALSE))
+ fprintf(out, "valid.\n");
else
- fprintf(out, "invalid (Reason: %s).\n",
- SECU_Strerror(PORT_GetError()));
+ fprintf(out, "invalid (Reason: %s).\n",
+ SECU_Strerror(PORT_GetError()));
SEC_PKCS7DestroyContentInfo(cinfo);
return 0;
}
-
int
main(int argc, char **argv)
{
@@ -189,7 +187,7 @@ main(int argc, char **argv)
SECStatus rv;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
contentFile = NULL;
signatureFile = NULL;
@@ -200,71 +198,73 @@ main(int argc, char **argv)
*/
optstate = PL_CreateOptState(argc, argv, "c:d:o:s:u:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'c':
- contentFile = fopen(optstate->value, "r");
- if (!contentFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 's':
- signatureFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!signatureFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'u': {
- int usageType;
-
- usageType = atoi (strdup(optstate->value));
- if (usageType < certUsageSSLClient || usageType > certUsageAnyCA)
- return -1;
- certUsage = (SECCertUsage)usageType;
- break;
- }
-
- }
+ switch (optstate->option) {
+ case '?':
+ Usage(progName);
+ break;
+
+ case 'c':
+ contentFile = fopen(optstate->value, "r");
+ if (!contentFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'd':
+ SECU_ConfigDirectory(optstate->value);
+ break;
+
+ case 'o':
+ outFile = fopen(optstate->value, "w");
+ if (!outFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 's':
+ signatureFile = PR_Open(optstate->value, PR_RDONLY, 0);
+ if (!signatureFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'u': {
+ int usageType;
+
+ usageType = atoi(strdup(optstate->value));
+ if (usageType < certUsageSSLClient || usageType > certUsageAnyCA)
+ return -1;
+ certUsage = (SECCertUsage)usageType;
+ break;
+ }
+ }
}
- if (!contentFile) Usage (progName);
- if (!signatureFile) Usage (progName);
- if (!outFile) outFile = stdout;
+ if (!contentFile)
+ Usage(progName);
+ if (!signatureFile)
+ Usage(progName);
+ if (!outFile)
+ outFile = stdout;
/* Call the NSS initialization routines */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_Init(SECU_ConfigDirectory(NULL));
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- return -1;
+ SECU_PrintPRandOSError(progName);
+ return -1;
}
if (HashDecodeAndVerify(outFile, contentFile, signatureFile,
- certUsage, progName)) {
- SECU_PrintError(progName, "problem decoding/verifying signature");
- return -1;
+ certUsage, progName)) {
+ SECU_PrintError(progName, "problem decoding/verifying signature");
+ return -1;
}
if (NSS_Shutdown() != SECSuccess) {
diff --git a/cmd/pk11gcmtest/pk11gcmtest.c b/cmd/pk11gcmtest/pk11gcmtest.c
index 63f4b330b..1b8bff5e4 100644
--- a/cmd/pk11gcmtest/pk11gcmtest.c
+++ b/cmd/pk11gcmtest/pk11gcmtest.c
@@ -16,19 +16,19 @@ hex_to_byteval(const char *c2, unsigned char *byteval)
int i;
unsigned char offset;
*byteval = 0;
- for (i=0; i<2; i++) {
- if (c2[i] >= '0' && c2[i] <= '9') {
- offset = c2[i] - '0';
- *byteval |= offset << 4*(1-i);
- } else if (c2[i] >= 'a' && c2[i] <= 'f') {
- offset = c2[i] - 'a';
- *byteval |= (offset + 10) << 4*(1-i);
- } else if (c2[i] >= 'A' && c2[i] <= 'F') {
- offset = c2[i] - 'A';
- *byteval |= (offset + 10) << 4*(1-i);
- } else {
- return SECFailure;
- }
+ for (i = 0; i < 2; i++) {
+ if (c2[i] >= '0' && c2[i] <= '9') {
+ offset = c2[i] - '0';
+ *byteval |= offset << 4 * (1 - i);
+ } else if (c2[i] >= 'a' && c2[i] <= 'f') {
+ offset = c2[i] - 'a';
+ *byteval |= (offset + 10) << 4 * (1 - i);
+ } else if (c2[i] >= 'A' && c2[i] <= 'F') {
+ offset = c2[i] - 'A';
+ *byteval |= (offset + 10) << 4 * (1 - i);
+ } else {
+ return SECFailure;
+ }
}
return SECSuccess;
}
@@ -43,47 +43,47 @@ aes_encrypt_buf(
{
SECStatus rv = SECFailure;
SECItem key_item;
- PK11SlotInfo* slot = NULL;
+ PK11SlotInfo *slot = NULL;
PK11SymKey *symKey = NULL;
CK_GCM_PARAMS gcm_params;
SECItem param;
/* Import key into NSS. */
key_item.type = siBuffer;
- key_item.data = (unsigned char *) key; /* const cast */
+ key_item.data = (unsigned char *)key; /* const cast */
key_item.len = keysize;
slot = PK11_GetInternalSlot();
symKey = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap,
- CKA_ENCRYPT, &key_item, NULL);
+ CKA_ENCRYPT, &key_item, NULL);
PK11_FreeSlot(slot);
slot = NULL;
if (!symKey) {
- fprintf(stderr, "PK11_ImportSymKey failed\n");
- goto loser;
+ fprintf(stderr, "PK11_ImportSymKey failed\n");
+ goto loser;
}
- gcm_params.pIv = (unsigned char *) iv; /* const cast */
+ gcm_params.pIv = (unsigned char *)iv; /* const cast */
gcm_params.ulIvLen = ivsize;
- gcm_params.pAAD = (unsigned char *) aad; /* const cast */
+ gcm_params.pAAD = (unsigned char *)aad; /* const cast */
gcm_params.ulAADLen = aadlen;
gcm_params.ulTagBits = tagsize * 8;
param.type = siBuffer;
- param.data = (unsigned char *) &gcm_params;
+ param.data = (unsigned char *)&gcm_params;
param.len = sizeof(gcm_params);
if (PK11_Encrypt(symKey, CKM_AES_GCM, &param,
- output, outputlen, maxoutputlen,
- input, inputlen) != SECSuccess) {
- fprintf(stderr, "PK11_Encrypt failed\n");
- goto loser;
+ output, outputlen, maxoutputlen,
+ input, inputlen) != SECSuccess) {
+ fprintf(stderr, "PK11_Encrypt failed\n");
+ goto loser;
}
rv = SECSuccess;
loser:
if (symKey != NULL) {
- PK11_FreeSymKey(symKey);
+ PK11_FreeSymKey(symKey);
}
return rv;
}
@@ -98,7 +98,7 @@ aes_decrypt_buf(
const unsigned char *tag, unsigned int tagsize)
{
SECStatus rv = SECFailure;
- unsigned char concatenated[11*16]; /* 1 to 11 blocks */
+ unsigned char concatenated[11 * 16]; /* 1 to 11 blocks */
SECItem key_item;
PK11SlotInfo *slot = NULL;
PK11SymKey *symKey = NULL;
@@ -106,47 +106,47 @@ aes_decrypt_buf(
SECItem param;
if (inputlen + tagsize > sizeof(concatenated)) {
- fprintf(stderr, "aes_decrypt_buf: local buffer too small\n");
- goto loser;
+ fprintf(stderr, "aes_decrypt_buf: local buffer too small\n");
+ goto loser;
}
memcpy(concatenated, input, inputlen);
memcpy(concatenated + inputlen, tag, tagsize);
/* Import key into NSS. */
key_item.type = siBuffer;
- key_item.data = (unsigned char *) key; /* const cast */
+ key_item.data = (unsigned char *)key; /* const cast */
key_item.len = keysize;
slot = PK11_GetInternalSlot();
symKey = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap,
- CKA_DECRYPT, &key_item, NULL);
+ CKA_DECRYPT, &key_item, NULL);
PK11_FreeSlot(slot);
slot = NULL;
if (!symKey) {
- fprintf(stderr, "PK11_ImportSymKey failed\n");
- goto loser;
+ fprintf(stderr, "PK11_ImportSymKey failed\n");
+ goto loser;
}
- gcm_params.pIv = (unsigned char *) iv;
+ gcm_params.pIv = (unsigned char *)iv;
gcm_params.ulIvLen = ivsize;
- gcm_params.pAAD = (unsigned char *) aad;
+ gcm_params.pAAD = (unsigned char *)aad;
gcm_params.ulAADLen = aadlen;
gcm_params.ulTagBits = tagsize * 8;
param.type = siBuffer;
- param.data = (unsigned char *) &gcm_params;
+ param.data = (unsigned char *)&gcm_params;
param.len = sizeof(gcm_params);
if (PK11_Decrypt(symKey, CKM_AES_GCM, &param,
- output, outputlen, maxoutputlen,
- concatenated, inputlen + tagsize) != SECSuccess) {
- goto loser;
+ output, outputlen, maxoutputlen,
+ concatenated, inputlen + tagsize) != SECSuccess) {
+ goto loser;
}
rv = SECSuccess;
loser:
if (symKey != NULL) {
- PK11_FreeSymKey(symKey);
+ PK11_FreeSymKey(symKey);
}
return rv;
}
@@ -159,28 +159,28 @@ loser:
static void
aes_gcm_kat(const char *respfn)
{
- char buf[512]; /* holds one line from the input REQUEST file.
+ char buf[512]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "CIPHERTEXT = <320 hex digits>\n".
*/
- FILE *aesresp; /* input stream from the RESPONSE file */
+ FILE *aesresp; /* input stream from the RESPONSE file */
int i, j;
unsigned int test_group = 0;
unsigned int num_tests = 0;
PRBool is_encrypt;
- unsigned char key[32]; /* 128, 192, or 256 bits */
+ unsigned char key[32]; /* 128, 192, or 256 bits */
unsigned int keysize = 16;
- unsigned char iv[10*16]; /* 1 to 10 blocks */
+ unsigned char iv[10 * 16]; /* 1 to 10 blocks */
unsigned int ivsize = 12;
- unsigned char plaintext[10*16]; /* 1 to 10 blocks */
+ unsigned char plaintext[10 * 16]; /* 1 to 10 blocks */
unsigned int plaintextlen = 0;
- unsigned char aad[10*16]; /* 1 to 10 blocks */
+ unsigned char aad[10 * 16]; /* 1 to 10 blocks */
unsigned int aadlen = 0;
- unsigned char ciphertext[10*16]; /* 1 to 10 blocks */
+ unsigned char ciphertext[10 * 16]; /* 1 to 10 blocks */
unsigned int ciphertextlen = 0;
unsigned char tag[16];
unsigned int tagsize = 16;
- unsigned char output[10*16]; /* 1 to 10 blocks */
+ unsigned char output[10 * 16]; /* 1 to 10 blocks */
unsigned int outputlen = 0;
unsigned int expected_keylen = 0;
@@ -191,241 +191,242 @@ aes_gcm_kat(const char *respfn)
SECStatus rv;
if (strstr(respfn, "Encrypt") != NULL) {
- is_encrypt = PR_TRUE;
+ is_encrypt = PR_TRUE;
} else if (strstr(respfn, "Decrypt") != NULL) {
- is_encrypt = PR_FALSE;
+ is_encrypt = PR_FALSE;
} else {
- fprintf(stderr, "Input file name must contain Encrypt or Decrypt\n");
- exit(1);
+ fprintf(stderr, "Input file name must contain Encrypt or Decrypt\n");
+ exit(1);
}
aesresp = fopen(respfn, "r");
if (aesresp == NULL) {
- fprintf(stderr, "Cannot open input file %s\n", respfn);
- exit(1);
+ fprintf(stderr, "Cannot open input file %s\n", respfn);
+ exit(1);
}
while (fgets(buf, sizeof buf, aesresp) != NULL) {
- /* a comment or blank line */
- if (buf[0] == '#' || buf[0] == '\n') {
- continue;
- }
- /* [Keylen = ...], [IVlen = ...], etc. */
- if (buf[0] == '[') {
- if (strncmp(&buf[1], "Keylen = ", 9) == 0) {
- expected_keylen = atoi(&buf[10]);
- } else if (strncmp(&buf[1], "IVlen = ", 8) == 0) {
- expected_ivlen = atoi(&buf[9]);
- } else if (strncmp(&buf[1], "PTlen = ", 8) == 0) {
- expected_ptlen = atoi(&buf[9]);
- } else if (strncmp(&buf[1], "AADlen = ", 9) == 0) {
- expected_aadlen = atoi(&buf[10]);
- } else if (strncmp(&buf[1], "Taglen = ", 9) == 0) {
- expected_taglen = atoi(&buf[10]);
+ /* a comment or blank line */
+ if (buf[0] == '#' || buf[0] == '\n') {
+ continue;
+ }
+ /* [Keylen = ...], [IVlen = ...], etc. */
+ if (buf[0] == '[') {
+ if (strncmp(&buf[1], "Keylen = ", 9) == 0) {
+ expected_keylen = atoi(&buf[10]);
+ } else if (strncmp(&buf[1], "IVlen = ", 8) == 0) {
+ expected_ivlen = atoi(&buf[9]);
+ } else if (strncmp(&buf[1], "PTlen = ", 8) == 0) {
+ expected_ptlen = atoi(&buf[9]);
+ } else if (strncmp(&buf[1], "AADlen = ", 9) == 0) {
+ expected_aadlen = atoi(&buf[10]);
+ } else if (strncmp(&buf[1], "Taglen = ", 9) == 0) {
+ expected_taglen = atoi(&buf[10]);
- test_group++;
- if (test_group > 1) {
- /* Report num_tests for the previous test group. */
- printf("%u tests\n", num_tests);
- }
- num_tests = 0;
- printf("Keylen = %u, IVlen = %u, PTlen = %u, AADlen = %u, "
- "Taglen = %u: ", expected_keylen, expected_ivlen,
- expected_ptlen, expected_aadlen, expected_taglen);
- /* Convert lengths in bits to lengths in bytes. */
- PORT_Assert(expected_keylen % 8 == 0);
- expected_keylen /= 8;
- PORT_Assert(expected_ivlen % 8 == 0);
- expected_ivlen /= 8;
- PORT_Assert(expected_ptlen % 8 == 0);
- expected_ptlen /= 8;
- PORT_Assert(expected_aadlen % 8 == 0);
- expected_aadlen /= 8;
- PORT_Assert(expected_taglen % 8 == 0);
- expected_taglen /= 8;
- } else {
- fprintf(stderr, "Unexpected input line: %s\n", buf);
- exit(1);
- }
- continue;
- }
- /* "Count = x" begins a new data set */
- if (strncmp(buf, "Count", 5) == 0) {
- /* zeroize the variables for the test with this data set */
- memset(key, 0, sizeof key);
- keysize = 0;
- memset(iv, 0, sizeof iv);
- ivsize = 0;
- memset(plaintext, 0, sizeof plaintext);
- plaintextlen = 0;
- memset(aad, 0, sizeof aad);
- aadlen = 0;
- memset(ciphertext, 0, sizeof ciphertext);
- ciphertextlen = 0;
- memset(output, 0, sizeof output);
- outputlen = 0;
- num_tests++;
- continue;
- }
- /* Key = ... */
- if (strncmp(buf, "Key", 3) == 0) {
- i = 3;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
- hex_to_byteval(&buf[i], &key[j]);
- }
- keysize = j;
- if (keysize != expected_keylen) {
- fprintf(stderr, "Unexpected key length: %u vs. %u\n",
- keysize, expected_keylen);
- exit(1);
- }
- continue;
- }
- /* IV = ... */
- if (strncmp(buf, "IV", 2) == 0) {
- i = 2;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
- hex_to_byteval(&buf[i], &iv[j]);
- }
- ivsize = j;
- if (ivsize != expected_ivlen) {
- fprintf(stderr, "Unexpected IV length: %u vs. %u\n",
- ivsize, expected_ivlen);
- exit(1);
- }
- continue;
- }
- /* PT = ... */
- if (strncmp(buf, "PT", 2) == 0) {
- i = 2;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
- hex_to_byteval(&buf[i], &plaintext[j]);
- }
- plaintextlen = j;
- if (plaintextlen != expected_ptlen) {
- fprintf(stderr, "Unexpected PT length: %u vs. %u\n",
- plaintextlen, expected_ptlen);
- exit(1);
- }
+ test_group++;
+ if (test_group > 1) {
+ /* Report num_tests for the previous test group. */
+ printf("%u tests\n", num_tests);
+ }
+ num_tests = 0;
+ printf("Keylen = %u, IVlen = %u, PTlen = %u, AADlen = %u, "
+ "Taglen = %u: ",
+ expected_keylen, expected_ivlen,
+ expected_ptlen, expected_aadlen, expected_taglen);
+ /* Convert lengths in bits to lengths in bytes. */
+ PORT_Assert(expected_keylen % 8 == 0);
+ expected_keylen /= 8;
+ PORT_Assert(expected_ivlen % 8 == 0);
+ expected_ivlen /= 8;
+ PORT_Assert(expected_ptlen % 8 == 0);
+ expected_ptlen /= 8;
+ PORT_Assert(expected_aadlen % 8 == 0);
+ expected_aadlen /= 8;
+ PORT_Assert(expected_taglen % 8 == 0);
+ expected_taglen /= 8;
+ } else {
+ fprintf(stderr, "Unexpected input line: %s\n", buf);
+ exit(1);
+ }
+ continue;
+ }
+ /* "Count = x" begins a new data set */
+ if (strncmp(buf, "Count", 5) == 0) {
+ /* zeroize the variables for the test with this data set */
+ memset(key, 0, sizeof key);
+ keysize = 0;
+ memset(iv, 0, sizeof iv);
+ ivsize = 0;
+ memset(plaintext, 0, sizeof plaintext);
+ plaintextlen = 0;
+ memset(aad, 0, sizeof aad);
+ aadlen = 0;
+ memset(ciphertext, 0, sizeof ciphertext);
+ ciphertextlen = 0;
+ memset(output, 0, sizeof output);
+ outputlen = 0;
+ num_tests++;
+ continue;
+ }
+ /* Key = ... */
+ if (strncmp(buf, "Key", 3) == 0) {
+ i = 3;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+ hex_to_byteval(&buf[i], &key[j]);
+ }
+ keysize = j;
+ if (keysize != expected_keylen) {
+ fprintf(stderr, "Unexpected key length: %u vs. %u\n",
+ keysize, expected_keylen);
+ exit(1);
+ }
+ continue;
+ }
+ /* IV = ... */
+ if (strncmp(buf, "IV", 2) == 0) {
+ i = 2;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+ hex_to_byteval(&buf[i], &iv[j]);
+ }
+ ivsize = j;
+ if (ivsize != expected_ivlen) {
+ fprintf(stderr, "Unexpected IV length: %u vs. %u\n",
+ ivsize, expected_ivlen);
+ exit(1);
+ }
+ continue;
+ }
+ /* PT = ... */
+ if (strncmp(buf, "PT", 2) == 0) {
+ i = 2;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+ hex_to_byteval(&buf[i], &plaintext[j]);
+ }
+ plaintextlen = j;
+ if (plaintextlen != expected_ptlen) {
+ fprintf(stderr, "Unexpected PT length: %u vs. %u\n",
+ plaintextlen, expected_ptlen);
+ exit(1);
+ }
- if (!is_encrypt) {
- rv = aes_decrypt_buf(key, keysize, iv, ivsize,
- output, &outputlen, sizeof output,
- ciphertext, ciphertextlen, aad, aadlen, tag, tagsize);
- if (rv != SECSuccess) {
- fprintf(stderr, "aes_decrypt_buf failed\n");
- goto loser;
- }
- if (outputlen != plaintextlen) {
- fprintf(stderr, "aes_decrypt_buf: wrong output size\n");
- goto loser;
- }
- if (memcmp(output, plaintext, plaintextlen) != 0) {
- fprintf(stderr, "aes_decrypt_buf: wrong plaintext\n");
- goto loser;
- }
- }
- continue;
- }
- /* FAIL */
- if (strncmp(buf, "FAIL", 4) == 0) {
- plaintextlen = 0;
+ if (!is_encrypt) {
+ rv = aes_decrypt_buf(key, keysize, iv, ivsize,
+ output, &outputlen, sizeof output,
+ ciphertext, ciphertextlen, aad, aadlen, tag, tagsize);
+ if (rv != SECSuccess) {
+ fprintf(stderr, "aes_decrypt_buf failed\n");
+ goto loser;
+ }
+ if (outputlen != plaintextlen) {
+ fprintf(stderr, "aes_decrypt_buf: wrong output size\n");
+ goto loser;
+ }
+ if (memcmp(output, plaintext, plaintextlen) != 0) {
+ fprintf(stderr, "aes_decrypt_buf: wrong plaintext\n");
+ goto loser;
+ }
+ }
+ continue;
+ }
+ /* FAIL */
+ if (strncmp(buf, "FAIL", 4) == 0) {
+ plaintextlen = 0;
- PORT_Assert(!is_encrypt);
- rv = aes_decrypt_buf(key, keysize, iv, ivsize,
- output, &outputlen, sizeof output,
- ciphertext, ciphertextlen, aad, aadlen, tag, tagsize);
- if (rv != SECFailure) {
- fprintf(stderr, "aes_decrypt_buf succeeded unexpectedly\n");
- goto loser;
- }
- if (PORT_GetError() != SEC_ERROR_BAD_DATA) {
- fprintf(stderr, "aes_decrypt_buf failed with incorrect "
- "error code\n");
- goto loser;
- }
- continue;
- }
- /* AAD = ... */
- if (strncmp(buf, "AAD", 3) == 0) {
- i = 3;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
- hex_to_byteval(&buf[i], &aad[j]);
- }
- aadlen = j;
- if (aadlen != expected_aadlen) {
- fprintf(stderr, "Unexpected AAD length: %u vs. %u\n",
- aadlen, expected_aadlen);
- exit(1);
- }
- continue;
- }
- /* CT = ... */
- if (strncmp(buf, "CT", 2) == 0) {
- i = 2;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
- hex_to_byteval(&buf[i], &ciphertext[j]);
- }
- ciphertextlen = j;
- if (ciphertextlen != expected_ptlen) {
- fprintf(stderr, "Unexpected CT length: %u vs. %u\n",
- ciphertextlen, expected_ptlen);
- exit(1);
- }
- continue;
- }
- /* Tag = ... */
- if (strncmp(buf, "Tag", 3) == 0) {
- i = 3;
- while (isspace(buf[i]) || buf[i] == '=') {
- i++;
- }
- for (j=0; isxdigit(buf[i]); i+=2,j++) {
- hex_to_byteval(&buf[i], &tag[j]);
- }
- tagsize = j;
- if (tagsize != expected_taglen) {
- fprintf(stderr, "Unexpected tag length: %u vs. %u\n",
- tagsize, expected_taglen);
- exit(1);
- }
+ PORT_Assert(!is_encrypt);
+ rv = aes_decrypt_buf(key, keysize, iv, ivsize,
+ output, &outputlen, sizeof output,
+ ciphertext, ciphertextlen, aad, aadlen, tag, tagsize);
+ if (rv != SECFailure) {
+ fprintf(stderr, "aes_decrypt_buf succeeded unexpectedly\n");
+ goto loser;
+ }
+ if (PORT_GetError() != SEC_ERROR_BAD_DATA) {
+ fprintf(stderr, "aes_decrypt_buf failed with incorrect "
+ "error code\n");
+ goto loser;
+ }
+ continue;
+ }
+ /* AAD = ... */
+ if (strncmp(buf, "AAD", 3) == 0) {
+ i = 3;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+ hex_to_byteval(&buf[i], &aad[j]);
+ }
+ aadlen = j;
+ if (aadlen != expected_aadlen) {
+ fprintf(stderr, "Unexpected AAD length: %u vs. %u\n",
+ aadlen, expected_aadlen);
+ exit(1);
+ }
+ continue;
+ }
+ /* CT = ... */
+ if (strncmp(buf, "CT", 2) == 0) {
+ i = 2;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+ hex_to_byteval(&buf[i], &ciphertext[j]);
+ }
+ ciphertextlen = j;
+ if (ciphertextlen != expected_ptlen) {
+ fprintf(stderr, "Unexpected CT length: %u vs. %u\n",
+ ciphertextlen, expected_ptlen);
+ exit(1);
+ }
+ continue;
+ }
+ /* Tag = ... */
+ if (strncmp(buf, "Tag", 3) == 0) {
+ i = 3;
+ while (isspace(buf[i]) || buf[i] == '=') {
+ i++;
+ }
+ for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+ hex_to_byteval(&buf[i], &tag[j]);
+ }
+ tagsize = j;
+ if (tagsize != expected_taglen) {
+ fprintf(stderr, "Unexpected tag length: %u vs. %u\n",
+ tagsize, expected_taglen);
+ exit(1);
+ }
- if (is_encrypt) {
- rv = aes_encrypt_buf(key, keysize, iv, ivsize,
- output, &outputlen, sizeof output,
- plaintext, plaintextlen, aad, aadlen, tagsize);
- if (rv != SECSuccess) {
- fprintf(stderr, "aes_encrypt_buf failed\n");
- goto loser;
- }
- if (outputlen != plaintextlen + tagsize) {
- fprintf(stderr, "aes_encrypt_buf: wrong output size\n");
- goto loser;
- }
- if (memcmp(output, ciphertext, plaintextlen) != 0) {
- fprintf(stderr, "aes_encrypt_buf: wrong ciphertext\n");
- goto loser;
- }
- if (memcmp(output + plaintextlen, tag, tagsize) != 0) {
- fprintf(stderr, "aes_encrypt_buf: wrong tag\n");
- goto loser;
- }
- }
- continue;
- }
+ if (is_encrypt) {
+ rv = aes_encrypt_buf(key, keysize, iv, ivsize,
+ output, &outputlen, sizeof output,
+ plaintext, plaintextlen, aad, aadlen, tagsize);
+ if (rv != SECSuccess) {
+ fprintf(stderr, "aes_encrypt_buf failed\n");
+ goto loser;
+ }
+ if (outputlen != plaintextlen + tagsize) {
+ fprintf(stderr, "aes_encrypt_buf: wrong output size\n");
+ goto loser;
+ }
+ if (memcmp(output, ciphertext, plaintextlen) != 0) {
+ fprintf(stderr, "aes_encrypt_buf: wrong ciphertext\n");
+ goto loser;
+ }
+ if (memcmp(output + plaintextlen, tag, tagsize) != 0) {
+ fprintf(stderr, "aes_encrypt_buf: wrong tag\n");
+ goto loser;
+ }
+ }
+ continue;
+ }
}
/* Report num_tests for the last test group. */
printf("%u tests\n", num_tests);
@@ -435,9 +436,11 @@ loser:
fclose(aesresp);
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
- if (argc < 2) exit(1);
+ if (argc < 2)
+ exit(1);
NSS_NoDB_Init(NULL);
@@ -445,11 +448,11 @@ int main(int argc, char **argv)
/* AES */
/*************/
if (strcmp(argv[1], "aes") == 0) {
- /* argv[2]=kat argv[3]=gcm argv[4]=<test name>.rsp */
- if (strcmp(argv[2], "kat") == 0) {
- /* Known Answer Test (KAT) */
- aes_gcm_kat(argv[4]);
- }
+ /* argv[2]=kat argv[3]=gcm argv[4]=<test name>.rsp */
+ if (strcmp(argv[2], "kat") == 0) {
+ /* Known Answer Test (KAT) */
+ aes_gcm_kat(argv[4]);
+ }
}
NSS_Shutdown();
diff --git a/cmd/pk11mode/pk11mode.c b/cmd/pk11mode/pk11mode.c
index 335d173b7..0c5781eed 100644
--- a/cmd/pk11mode/pk11mode.c
+++ b/cmd/pk11mode/pk11mode.c
@@ -10,7 +10,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
@@ -37,7 +36,7 @@
#include "pk11table.h"
-#define NUM_ELEM(array) (sizeof(array)/sizeof(array[0]))
+#define NUM_ELEM(array) (sizeof(array) / sizeof(array[0]))
#ifndef NULL_PTR
#define NULL_PTR 0
@@ -47,13 +46,15 @@
* Returns "unknown error" if errNum is unknown.
*/
const char *
-PKM_CK_RVtoStr(CK_RV errNum) {
- const char * err;
+PKM_CK_RVtoStr(CK_RV errNum)
+{
+ const char *err;
err = getName(errNum, ConstResult);
-
- if (err) return err;
-
+
+ if (err)
+ return err;
+
return "unknown error";
}
@@ -94,12 +95,12 @@ int MODE = FIPSMODE;
CK_BBOOL true = CK_TRUE;
CK_BBOOL false = CK_FALSE;
-static const CK_BYTE PLAINTEXT[] = {"Firefox Rules!"};
-static const CK_BYTE PLAINTEXT_PAD[] =
- {"Firefox and thunderbird rule the world!"};
+static const CK_BYTE PLAINTEXT[] = { "Firefox Rules!" };
+static const CK_BYTE PLAINTEXT_PAD[] =
+ { "Firefox and thunderbird rule the world!" };
CK_ULONG NUMTESTS = 0;
-static const char * slotFlagName[] = {
+static const char *slotFlagName[] = {
"CKF_TOKEN_PRESENT",
"CKF_REMOVABLE_DEVICE",
"CKF_HW_SLOT",
@@ -134,7 +135,7 @@ static const char * slotFlagName[] = {
"unknown token flag 0x80000000"
};
-static const char * tokenFlagName[] = {
+static const char *tokenFlagName[] = {
"CKF_PKM_RNG",
"CKF_WRITE_PROTECTED",
"CKF_LOGIN_REQUIRED",
@@ -198,13 +199,12 @@ dumpToHash64(const unsigned char *buf, unsigned int bufLen)
if (i % 32 == 0)
printf("\n");
printf(" 0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,",
- buf[i ], buf[i+1], buf[i+2], buf[i+3],
- buf[i+4], buf[i+5], buf[i+6], buf[i+7]);
+ buf[i], buf[i + 1], buf[i + 2], buf[i + 3],
+ buf[i + 4], buf[i + 5], buf[i + 6], buf[i + 7]);
}
printf("\n");
}
-
#ifdef _WIN32
HMODULE hModule;
#else
@@ -223,8 +223,8 @@ CK_RV PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList,
CK_SLOT_ID *pSlotList, CK_ULONG slotID,
CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID);
-CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID * pSlotList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID);
+CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
CK_ULONG slotID);
CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
CK_SLOT_ID *pSlotList, CK_ULONG slotID,
@@ -233,17 +233,17 @@ CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
-CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
CK_C_INITIALIZE_ARGS_NSS *initArgs);
CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
CK_RV PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
CK_SLOT_ID *pSlotList, CK_ULONG slotID,
CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
@@ -256,67 +256,68 @@ CK_RV PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList,
CK_FLAGS flags, CK_BBOOL check_sizes,
CK_ULONG minkeysize, CK_ULONG maxkeysize);
CK_RV PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
- CK_MECHANISM_TYPE mechType, enum_random_t rnd);
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+ CK_MECHANISM_TYPE mechType, enum_random_t rnd);
CK_RV PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
- CK_MECHANISM_TYPE mechType,
- enum_random_t rnd);
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+ CK_MECHANISM_TYPE mechType,
+ enum_random_t rnd);
CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID *pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SESSION_HANDLE hRwSession,
- CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
- CK_MECHANISM *sigMech, CK_OBJECT_HANDLE secretKey,
- CK_MECHANISM *cryptMech,
- const CK_BYTE * pData, CK_ULONG pDataLen);
+ CK_SESSION_HANDLE hRwSession,
+ CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
+ CK_MECHANISM *sigMech, CK_OBJECT_HANDLE secretKey,
+ CK_MECHANISM *cryptMech,
+ const CK_BYTE *pData, CK_ULONG pDataLen);
CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
- CK_OBJECT_HANDLE hSecKeyDigest,
- CK_MECHANISM *digestMech,
- const CK_BYTE * pData, CK_ULONG pDataLen);
-CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
+ CK_OBJECT_HANDLE hSecKeyDigest,
+ CK_MECHANISM *digestMech,
+ const CK_BYTE *pData, CK_ULONG pDataLen);
+CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
CK_SESSION_HANDLE hRwSession,
CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
- CK_MECHANISM *signMech, const CK_BYTE * pData,
+ CK_MECHANISM *signMech, const CK_BYTE *pData,
CK_ULONG dataLen);
-CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
+CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech,
- const CK_BYTE * pData, CK_ULONG dataLen);
+ const CK_BYTE *pData, CK_ULONG dataLen);
CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
- const CK_BYTE * pData, CK_ULONG pDataLen);
-CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
+ const CK_BYTE *pData, CK_ULONG pDataLen);
+CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
CK_SESSION_HANDLE hRwSession,
CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey,
- const CK_BYTE * pData, CK_ULONG pDataLen);
+ const CK_BYTE *pData, CK_ULONG pDataLen);
CK_RV PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hPublicKey,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hPublicKey,
CK_OBJECT_HANDLE hPrivateKey,
CK_MECHANISM *wrapMechanism,
CK_OBJECT_HANDLE hSecretKey,
CK_ATTRIBUTE *sKeyTemplate,
CK_ULONG skeyTempSize);
-CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
- CK_MECHANISM *signMech, const CK_BYTE * pData,
- CK_ULONG pDataLen);
+CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
+ CK_MECHANISM *signMech, const CK_BYTE *pData,
+ CK_ULONG pDataLen);
CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
- PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs);
+ PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs);
-void PKM_Help();
-void PKM_CheckPath(char *string);
-char *PKM_FilePasswd(char *pwFile);
+void PKM_Help();
+void PKM_CheckPath(char *string);
+char *PKM_FilePasswd(char *pwFile);
static PRBool verbose = PR_FALSE;
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
CK_C_GetFunctionList pC_GetFunctionList;
CK_FUNCTION_LIST_PTR pFunctionList;
@@ -336,38 +337,40 @@ int main(int argc, char **argv)
PLOptStatus os;
PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:Fd:p:");
- while (PL_OPT_EOL != (os = PL_GetNextOpt(opt)))
- {
- if (PL_OPT_BAD == os) continue;
- switch (opt->option)
- {
- case 'F': /* disable fork tests */
- doForkTests = PR_FALSE;
- break;
- case 'n': /* non fips mode */
- MODE = NONFIPSMODE;
- slotID = 1;
- break;
- case 'f': /* password file */
- pwd = (CK_UTF8CHAR *) PKM_FilePasswd((char *)opt->value);
- if (!pwd) PKM_Help();
- break;
- case 'd': /* opt_CertDir */
- if (!opt->value) PKM_Help();
- configDir = strdup(opt->value);
- PKM_CheckPath(configDir);
- break;
- case 'p': /* opt_DBPrefix */
- if (!opt->value) PKM_Help();
- dbPrefix = strdup(opt->value);
- break;
- case 'v':
- verbose = PR_TRUE;
- break;
- case 'h': /* help message */
- default:
- PKM_Help();
- break;
+ while (PL_OPT_EOL != (os = PL_GetNextOpt(opt))) {
+ if (PL_OPT_BAD == os)
+ continue;
+ switch (opt->option) {
+ case 'F': /* disable fork tests */
+ doForkTests = PR_FALSE;
+ break;
+ case 'n': /* non fips mode */
+ MODE = NONFIPSMODE;
+ slotID = 1;
+ break;
+ case 'f': /* password file */
+ pwd = (CK_UTF8CHAR *)PKM_FilePasswd((char *)opt->value);
+ if (!pwd)
+ PKM_Help();
+ break;
+ case 'd': /* opt_CertDir */
+ if (!opt->value)
+ PKM_Help();
+ configDir = strdup(opt->value);
+ PKM_CheckPath(configDir);
+ break;
+ case 'p': /* opt_DBPrefix */
+ if (!opt->value)
+ PKM_Help();
+ dbPrefix = strdup(opt->value);
+ break;
+ case 'v':
+ verbose = PR_TRUE;
+ break;
+ case 'h': /* help message */
+ default:
+ PKM_Help();
+ break;
}
}
PL_DestroyOptState(opt);
@@ -375,7 +378,7 @@ int main(int argc, char **argv)
if (!pwd) {
pwd = (CK_UTF8CHAR *)strdup("1Mozilla");
}
- pwdLen = strlen((const char*)pwd);
+ pwdLen = strlen((const char *)pwd);
if (!configDir) {
configDir = strdup(".");
}
@@ -383,8 +386,7 @@ int main(int argc, char **argv)
dbPrefix = strdup("");
}
- if (doForkTests)
- {
+ if (doForkTests) {
/* first, try to fork without softoken loaded to make sure
* everything is OK */
crv = PKM_ForkCheck(123, NULL, PR_FALSE, NULL);
@@ -392,44 +394,43 @@ int main(int argc, char **argv)
goto cleanup;
}
-
#ifdef _WIN32
hModule = LoadLibrary(LIB_NAME);
if (hModule == NULL) {
- PKM_Error( "cannot load %s\n", LIB_NAME);
+ PKM_Error("cannot load %s\n", LIB_NAME);
goto cleanup;
}
if (MODE == FIPSMODE) {
/* FIPS mode == FC_GetFunctionList */
pC_GetFunctionList = (CK_C_GetFunctionList)
- GetProcAddress(hModule, "FC_GetFunctionList");
+ GetProcAddress(hModule, "FC_GetFunctionList");
} else {
/* NON FIPS mode == C_GetFunctionList */
pC_GetFunctionList = (CK_C_GetFunctionList)
- GetProcAddress(hModule, "C_GetFunctionList");
- }
+ GetProcAddress(hModule, "C_GetFunctionList");
+ }
if (pC_GetFunctionList == NULL) {
- PKM_Error( "cannot load %s\n", LIB_NAME);
+ PKM_Error("cannot load %s\n", LIB_NAME);
goto cleanup;
}
#else
{
- char *libname = NULL;
- /* Get the platform-dependent library name of the NSS cryptographic module */
- libname = PR_GetLibraryName(NULL, "softokn3");
- assert(libname != NULL);
- lib = PR_LoadLibrary(libname);
- assert(lib != NULL);
- PR_FreeLibraryName(libname);
- }
+ char *libname = NULL;
+ /* Get the platform-dependent library name of the NSS cryptographic module */
+ libname = PR_GetLibraryName(NULL, "softokn3");
+ assert(libname != NULL);
+ lib = PR_LoadLibrary(libname);
+ assert(lib != NULL);
+ PR_FreeLibraryName(libname);
+ }
if (MODE == FIPSMODE) {
- pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
- "FC_GetFunctionList");
+ pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
+ "FC_GetFunctionList");
assert(pC_GetFunctionList != NULL);
slotID = 0;
} else {
- pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
- "C_GetFunctionList");
+ pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
+ "C_GetFunctionList");
assert(pC_GetFunctionList != NULL);
slotID = 1;
}
@@ -437,25 +438,23 @@ int main(int argc, char **argv)
if (MODE == FIPSMODE) {
printf("Loaded FC_GetFunctionList for FIPS MODE; slotID %d \n",
- (int) slotID);
+ (int)slotID);
} else {
printf("loaded C_GetFunctionList for NON FIPS MODE; slotID %d \n",
- (int) slotID);
+ (int)slotID);
}
crv = (*pC_GetFunctionList)(&pFunctionList);
assert(crv == CKR_OK);
-
- if (doForkTests)
- {
+ if (doForkTests) {
/* now, try to fork with softoken loaded, but not initialized */
crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED, pFunctionList,
- PR_TRUE, NULL);
+ PR_TRUE, NULL);
if (crv != CKR_OK)
goto cleanup;
}
-
+
initArgs.CreateMutex = NULL;
initArgs.DestroyMutex = NULL;
initArgs.LockMutex = NULL;
@@ -464,7 +463,7 @@ int main(int argc, char **argv)
moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' "
"keyPrefix='%s' secmod='secmod.db' flags= ",
configDir, dbPrefix, dbPrefix);
- initArgs.LibraryParameters = (CK_CHAR_PTR *) moduleSpec;
+ initArgs.LibraryParameters = (CK_CHAR_PTR *)moduleSpec;
initArgs.pReserved = NULL;
/*DebugBreak();*/
@@ -477,13 +476,12 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("C_Initialize succeeded\n");
} else {
- PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
- if (doForkTests)
- {
+ if (doForkTests) {
/* Disable core on fork for this test, since we are testing the
* pathological case, and if enabled, the child process would dump
* core in C_GetTokenInfo .
@@ -496,8 +494,7 @@ int main(int argc, char **argv)
goto cleanup;
}
- if (doForkTests)
- {
+ if (doForkTests) {
/* In this next test, we fork and try to re-initialize softoken in
* the child. This should now work because softoken has the ability
* to hard reset.
@@ -512,55 +509,55 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("PKM_ShowInfo succeeded\n");
} else {
- PKM_Error( "PKM_ShowInfo failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_ShowInfo failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
pSlotList = PKM_GetSlotList(pFunctionList, slotID);
if (pSlotList == NULL) {
- PKM_Error( "PKM_GetSlotList failed with \n");
+ PKM_Error("PKM_GetSlotList failed with \n");
goto cleanup;
}
crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo);
if (crv == CKR_OK) {
PKM_LogIt("C_GetTokenInfo succeeded\n\n");
} else {
- PKM_Error( "C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
if (!(tokenInfo.flags & CKF_USER_PIN_INITIALIZED)) {
PKM_LogIt("Initing PW for DB\n");
crv = PKM_InitPWforDB(pFunctionList, pSlotList, slotID,
- pwd, pwdLen);
+ pwd, pwdLen);
if (crv == CKR_OK) {
PKM_LogIt("PKM_InitPWforDB succeeded\n\n");
} else {
- PKM_Error( "PKM_InitPWforDB failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_InitPWforDB failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
} else {
PKM_LogIt("using existing DB\n");
}
- /* general mechanism by token */
+ /* general mechanism by token */
crv = PKM_Mechanism(pFunctionList, pSlotList, slotID);
if (crv == CKR_OK) {
PKM_LogIt("PKM_Mechanism succeeded\n\n");
} else {
- PKM_Error( "PKM_Mechanism failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_Mechanism failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
- }
+ }
/* RNG example without Login */
crv = PKM_RNG(pFunctionList, pSlotList, slotID);
if (crv == CKR_OK) {
PKM_LogIt("PKM_RNG succeeded\n\n");
} else {
- PKM_Error( "PKM_RNG failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_RNG failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
@@ -569,33 +566,33 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("PKM_SessionLogin succeeded\n\n");
} else {
- PKM_Error( "PKM_SessionLogin failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_SessionLogin failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
/*
- * PKM_KeyTest creates RSA,DSA public keys
+ * PKM_KeyTest creates RSA,DSA public keys
* and AES, DES3 secret keys.
- * then does digest, hmac, encrypt/decrypt, signing operations.
+ * then does digest, hmac, encrypt/decrypt, signing operations.
*/
crv = PKM_KeyTests(pFunctionList, pSlotList, slotID,
- pwd, pwdLen);
+ pwd, pwdLen);
if (crv == CKR_OK) {
PKM_LogIt("PKM_KeyTests succeeded\n\n");
} else {
- PKM_Error( "PKM_KeyTest failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_KeyTest failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
- crv = PKM_SecretKey(pFunctionList, pSlotList, slotID, pwd,
+ crv = PKM_SecretKey(pFunctionList, pSlotList, slotID, pwd,
pwdLen);
if (crv == CKR_OK) {
PKM_LogIt("PKM_SecretKey succeeded\n\n");
} else {
- PKM_Error( "PKM_SecretKey failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_SecretKey failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
@@ -604,8 +601,8 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("PKM_PublicKey succeeded\n\n");
} else {
- PKM_Error( "PKM_PublicKey failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_PublicKey failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
crv = PKM_OperationalState(pFunctionList, pSlotList, slotID,
@@ -613,8 +610,8 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("PKM_OperationalState succeeded\n\n");
} else {
- PKM_Error( "PKM_OperationalState failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_OperationalState failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
crv = PKM_MultiObjectManagement(pFunctionList, pSlotList, slotID,
@@ -622,8 +619,8 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("PKM_MultiObjectManagement succeeded\n\n");
} else {
- PKM_Error( "PKM_MultiObjectManagement failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_MultiObjectManagement failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
crv = PKM_LegacyFunctions(pFunctionList, pSlotList, slotID,
@@ -631,8 +628,8 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("PKM_LegacyFunctions succeeded\n\n");
} else {
- PKM_Error( "PKM_LegacyFunctions failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_LegacyFunctions failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
crv = PKM_TLSKeyAndMacDerive(pFunctionList, pSlotList, slotID,
@@ -642,8 +639,8 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("PKM_TLSKeyAndMacDerive succeeded\n\n");
} else {
- PKM_Error( "PKM_TLSKeyAndMacDerive failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_TLSKeyAndMacDerive failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
@@ -653,8 +650,8 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
} else {
- PKM_Error( "PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
@@ -664,8 +661,8 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
} else {
- PKM_Error( "PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
crv = PKM_FindAllObjects(pFunctionList, pSlotList, slotID,
@@ -673,29 +670,29 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("PKM_FindAllObjects succeeded\n\n");
} else {
- PKM_Error( "PKM_FindAllObjects failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_FindAllObjects failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
crv = pFunctionList->C_Finalize(NULL);
if (crv == CKR_OK) {
PKM_LogIt("C_Finalize succeeded\n");
} else {
- PKM_Error( "C_Finalize failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Finalize failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
- if (doForkTests)
- {
+ if (doForkTests) {
/* try to fork with softoken still loaded, but de-initialized */
crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED, pFunctionList,
- PR_TRUE, NULL);
+ PR_TRUE, NULL);
if (crv != CKR_OK)
goto cleanup;
}
- if (pSlotList) free(pSlotList);
+ if (pSlotList)
+ free(pSlotList);
/* demonstrate how an application can be in Hybrid mode */
/* PKM_HybridMode shows how to switch between NONFIPS */
@@ -706,8 +703,8 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("PKM_HybridMode succeeded\n");
} else {
- PKM_Error( "PKM_HybridMode failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_HybridMode failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
@@ -718,16 +715,16 @@ int main(int argc, char **argv)
if (crv == CKR_OK) {
PKM_LogIt("C_Initialize succeeded\n");
} else {
- PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
crv = pFunctionList->C_Finalize(NULL);
if (crv == CKR_OK) {
PKM_LogIt("C_Finalize succeeded\n");
} else {
- PKM_Error( "C_Finalize failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Finalize failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
goto cleanup;
}
/* try to C_Initialize / C_Finalize in child. This should succeed */
@@ -764,8 +761,8 @@ cleanup:
crv = PKM_ForkCheck(123, NULL, PR_TRUE, NULL);
}
- printf("**** Total number of TESTS ran in %s is %d. ****\n",
- ((MODE == FIPSMODE) ? "FIPS MODE" : "NON FIPS MODE"), (int) NUMTESTS);
+ printf("**** Total number of TESTS ran in %s is %d. ****\n",
+ ((MODE == FIPSMODE) ? "FIPS MODE" : "NON FIPS MODE"), (int)NUMTESTS);
if (CKR_OK == crv) {
printf("**** ALL TESTS PASSED ****\n");
}
@@ -779,40 +776,42 @@ cleanup:
*
*/
-CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
+CK_RV
+PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
CK_SESSION_HANDLE hRwSession;
CK_RV crv = CKR_OK;
-/*** DSA Key ***/
+ /*** DSA Key ***/
CK_MECHANISM dsaParamGenMech;
CK_ULONG primeBits = 1024;
- CK_ATTRIBUTE dsaParamGenTemplate[1];
+ CK_ATTRIBUTE dsaParamGenTemplate[1];
CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE;
CK_BYTE DSA_P[128];
CK_BYTE DSA_Q[20];
CK_BYTE DSA_G[128];
CK_MECHANISM dsaKeyPairGenMech;
- CK_ATTRIBUTE dsaPubKeyTemplate[5];
- CK_ATTRIBUTE dsaPrivKeyTemplate[5];
+ CK_ATTRIBUTE dsaPubKeyTemplate[5];
+ CK_ATTRIBUTE dsaPrivKeyTemplate[5];
CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;
-/**** RSA Key ***/
+ /**** RSA Key ***/
CK_KEY_TYPE rsatype = CKK_RSA;
CK_MECHANISM rsaKeyPairGenMech;
- CK_BYTE subject[] = {"RSA Private Key"};
+ CK_BYTE subject[] = { "RSA Private Key" };
CK_ULONG modulusBits = 1024;
- CK_BYTE publicExponent[] = {0x01, 0x00, 0x01};
- CK_BYTE id[] = {"RSA123"};
- CK_ATTRIBUTE rsaPubKeyTemplate[9];
- CK_ATTRIBUTE rsaPrivKeyTemplate[11];
+ CK_BYTE publicExponent[] = { 0x01, 0x00, 0x01 };
+ CK_BYTE id[] = { "RSA123" };
+ CK_ATTRIBUTE rsaPubKeyTemplate[9];
+ CK_ATTRIBUTE rsaPrivKeyTemplate[11];
CK_OBJECT_HANDLE hRSApubKey = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hRSAprivKey = CK_INVALID_HANDLE;
- /*** AES Key ***/
+ /*** AES Key ***/
CK_MECHANISM sAESKeyMech = {
CKM_AES_KEY_GEN, NULL, 0
};
@@ -820,10 +819,10 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
CK_KEY_TYPE keyAESType = CKK_AES;
CK_UTF8CHAR AESlabel[] = "An AES secret key object";
CK_ULONG AESvalueLen = 32;
- CK_ATTRIBUTE sAESKeyTemplate[9];
+ CK_ATTRIBUTE sAESKeyTemplate[9];
CK_OBJECT_HANDLE hAESSecKey;
-/*** DES3 Key ***/
+ /*** DES3 Key ***/
CK_KEY_TYPE keyDES3Type = CKK_DES3;
CK_UTF8CHAR DES3label[] = "An Triple DES secret key object";
CK_ULONG DES3valueLen = 56;
@@ -832,43 +831,43 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
};
CK_ATTRIBUTE sDES3KeyTemplate[9];
CK_OBJECT_HANDLE hDES3SecKey;
-
+
CK_MECHANISM dsaWithSha1Mech = {
CKM_DSA_SHA1, NULL, 0
};
CK_BYTE IV[16];
- CK_MECHANISM mech_DES3_CBC;
- CK_MECHANISM mech_DES3_CBC_PAD;
+ CK_MECHANISM mech_DES3_CBC;
+ CK_MECHANISM mech_DES3_CBC_PAD;
CK_MECHANISM mech_AES_CBC_PAD;
CK_MECHANISM mech_AES_CBC;
struct mech_str {
- CK_ULONG mechanism;
+ CK_ULONG mechanism;
const char *mechanismStr;
};
typedef struct mech_str mech_str;
mech_str digestMechs[] = {
- {CKM_SHA_1, "CKM_SHA_1 "},
- {CKM_SHA224, "CKM_SHA224"},
- {CKM_SHA256, "CKM_SHA256"},
- {CKM_SHA384, "CKM_SHA384"},
- {CKM_SHA512, "CKM_SHA512"}
+ { CKM_SHA_1, "CKM_SHA_1 " },
+ { CKM_SHA224, "CKM_SHA224" },
+ { CKM_SHA256, "CKM_SHA256" },
+ { CKM_SHA384, "CKM_SHA384" },
+ { CKM_SHA512, "CKM_SHA512" }
};
mech_str hmacMechs[] = {
- {CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"},
- {CKM_SHA224_HMAC, "CKM_SHA224_HMAC"},
- {CKM_SHA256_HMAC, "CKM_SHA256_HMAC"},
- {CKM_SHA384_HMAC, "CKM_SHA384_HMAC"},
- {CKM_SHA512_HMAC, "CKM_SHA512_HMAC"}
+ { CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC" },
+ { CKM_SHA224_HMAC, "CKM_SHA224_HMAC" },
+ { CKM_SHA256_HMAC, "CKM_SHA256_HMAC" },
+ { CKM_SHA384_HMAC, "CKM_SHA384_HMAC" },
+ { CKM_SHA512_HMAC, "CKM_SHA512_HMAC" }
};
mech_str sigRSAMechs[] = {
- {CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"},
- {CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"},
- {CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"},
- {CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"},
- {CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"}
+ { CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS" },
+ { CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS" },
+ { CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS" },
+ { CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS" },
+ { CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS" }
};
CK_ULONG digestMechsSZ = NUM_ELEM(digestMechs);
@@ -881,195 +880,195 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
NUMTESTS++; /* increment NUMTESTS */
/* DSA key init */
- dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN;
- dsaParamGenMech.pParameter = NULL_PTR;
+ dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN;
+ dsaParamGenMech.pParameter = NULL_PTR;
dsaParamGenMech.ulParameterLen = 0;
- dsaParamGenTemplate[0].type = CKA_PRIME_BITS;
- dsaParamGenTemplate[0].pValue = &primeBits;
+ dsaParamGenTemplate[0].type = CKA_PRIME_BITS;
+ dsaParamGenTemplate[0].pValue = &primeBits;
dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits);
- dsaPubKeyTemplate[0].type = CKA_PRIME;
- dsaPubKeyTemplate[0].pValue = DSA_P;
+ dsaPubKeyTemplate[0].type = CKA_PRIME;
+ dsaPubKeyTemplate[0].pValue = DSA_P;
dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P);
- dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
+ dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
dsaPubKeyTemplate[1].pValue = DSA_Q;
dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q);
- dsaPubKeyTemplate[2].type = CKA_BASE;
- dsaPubKeyTemplate[2].pValue = DSA_G;
+ dsaPubKeyTemplate[2].type = CKA_BASE;
+ dsaPubKeyTemplate[2].pValue = DSA_G;
dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G);
- dsaPubKeyTemplate[3].type = CKA_TOKEN;
- dsaPubKeyTemplate[3].pValue = &true;
+ dsaPubKeyTemplate[3].type = CKA_TOKEN;
+ dsaPubKeyTemplate[3].pValue = &true;
dsaPubKeyTemplate[3].ulValueLen = sizeof(true);
- dsaPubKeyTemplate[4].type = CKA_VERIFY;
- dsaPubKeyTemplate[4].pValue = &true;
+ dsaPubKeyTemplate[4].type = CKA_VERIFY;
+ dsaPubKeyTemplate[4].pValue = &true;
dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
- dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
+ dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
dsaKeyPairGenMech.pParameter = NULL_PTR;
dsaKeyPairGenMech.ulParameterLen = 0;
- dsaPrivKeyTemplate[0].type = CKA_TOKEN;
- dsaPrivKeyTemplate[0].pValue = &true;
+ dsaPrivKeyTemplate[0].type = CKA_TOKEN;
+ dsaPrivKeyTemplate[0].pValue = &true;
dsaPrivKeyTemplate[0].ulValueLen = sizeof(true);
- dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
- dsaPrivKeyTemplate[1].pValue = &true;
+ dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
+ dsaPrivKeyTemplate[1].pValue = &true;
dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
- dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
- dsaPrivKeyTemplate[2].pValue = &true;
+ dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
+ dsaPrivKeyTemplate[2].pValue = &true;
dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
- dsaPrivKeyTemplate[3].type = CKA_SIGN,
- dsaPrivKeyTemplate[3].pValue = &true;
+ dsaPrivKeyTemplate[3].type = CKA_SIGN,
+ dsaPrivKeyTemplate[3].pValue = &true;
dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
- dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
- dsaPrivKeyTemplate[4].pValue = &true;
+ dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
+ dsaPrivKeyTemplate[4].pValue = &true;
dsaPrivKeyTemplate[4].ulValueLen = sizeof(true);
/* RSA key init */
- rsaKeyPairGenMech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
+ rsaKeyPairGenMech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
rsaKeyPairGenMech.pParameter = NULL_PTR;
rsaKeyPairGenMech.ulParameterLen = 0;
- rsaPubKeyTemplate[0].type = CKA_KEY_TYPE;
- rsaPubKeyTemplate[0].pValue = &rsatype;
+ rsaPubKeyTemplate[0].type = CKA_KEY_TYPE;
+ rsaPubKeyTemplate[0].pValue = &rsatype;
rsaPubKeyTemplate[0].ulValueLen = sizeof(rsatype);
- rsaPubKeyTemplate[1].type = CKA_PRIVATE;
- rsaPubKeyTemplate[1].pValue = &true;
+ rsaPubKeyTemplate[1].type = CKA_PRIVATE;
+ rsaPubKeyTemplate[1].pValue = &true;
rsaPubKeyTemplate[1].ulValueLen = sizeof(true);
- rsaPubKeyTemplate[2].type = CKA_ENCRYPT;
- rsaPubKeyTemplate[2].pValue = &true;
+ rsaPubKeyTemplate[2].type = CKA_ENCRYPT;
+ rsaPubKeyTemplate[2].pValue = &true;
rsaPubKeyTemplate[2].ulValueLen = sizeof(true);
- rsaPubKeyTemplate[3].type = CKA_DECRYPT;
- rsaPubKeyTemplate[3].pValue = &true;
+ rsaPubKeyTemplate[3].type = CKA_DECRYPT;
+ rsaPubKeyTemplate[3].pValue = &true;
rsaPubKeyTemplate[3].ulValueLen = sizeof(true);
- rsaPubKeyTemplate[4].type = CKA_VERIFY;
- rsaPubKeyTemplate[4].pValue = &true;
+ rsaPubKeyTemplate[4].type = CKA_VERIFY;
+ rsaPubKeyTemplate[4].pValue = &true;
rsaPubKeyTemplate[4].ulValueLen = sizeof(true);
- rsaPubKeyTemplate[5].type = CKA_SIGN;
- rsaPubKeyTemplate[5].pValue = &true;
+ rsaPubKeyTemplate[5].type = CKA_SIGN;
+ rsaPubKeyTemplate[5].pValue = &true;
rsaPubKeyTemplate[5].ulValueLen = sizeof(true);
- rsaPubKeyTemplate[6].type = CKA_WRAP;
- rsaPubKeyTemplate[6].pValue = &true;
+ rsaPubKeyTemplate[6].type = CKA_WRAP;
+ rsaPubKeyTemplate[6].pValue = &true;
rsaPubKeyTemplate[6].ulValueLen = sizeof(true);
- rsaPubKeyTemplate[7].type = CKA_MODULUS_BITS;
- rsaPubKeyTemplate[7].pValue = &modulusBits;
+ rsaPubKeyTemplate[7].type = CKA_MODULUS_BITS;
+ rsaPubKeyTemplate[7].pValue = &modulusBits;
rsaPubKeyTemplate[7].ulValueLen = sizeof(modulusBits);
- rsaPubKeyTemplate[8].type = CKA_PUBLIC_EXPONENT;
- rsaPubKeyTemplate[8].pValue = publicExponent;
- rsaPubKeyTemplate[8].ulValueLen = sizeof (publicExponent);
+ rsaPubKeyTemplate[8].type = CKA_PUBLIC_EXPONENT;
+ rsaPubKeyTemplate[8].pValue = publicExponent;
+ rsaPubKeyTemplate[8].ulValueLen = sizeof(publicExponent);
- rsaPrivKeyTemplate[0].type = CKA_KEY_TYPE;
- rsaPrivKeyTemplate[0].pValue = &rsatype;
+ rsaPrivKeyTemplate[0].type = CKA_KEY_TYPE;
+ rsaPrivKeyTemplate[0].pValue = &rsatype;
rsaPrivKeyTemplate[0].ulValueLen = sizeof(rsatype);
- rsaPrivKeyTemplate[1].type = CKA_TOKEN;
- rsaPrivKeyTemplate[1].pValue = &true;
+ rsaPrivKeyTemplate[1].type = CKA_TOKEN;
+ rsaPrivKeyTemplate[1].pValue = &true;
rsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
- rsaPrivKeyTemplate[2].type = CKA_PRIVATE;
- rsaPrivKeyTemplate[2].pValue = &true;
+ rsaPrivKeyTemplate[2].type = CKA_PRIVATE;
+ rsaPrivKeyTemplate[2].pValue = &true;
rsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
- rsaPrivKeyTemplate[3].type = CKA_SUBJECT;
- rsaPrivKeyTemplate[3].pValue = subject;
+ rsaPrivKeyTemplate[3].type = CKA_SUBJECT;
+ rsaPrivKeyTemplate[3].pValue = subject;
rsaPrivKeyTemplate[3].ulValueLen = sizeof(subject);
- rsaPrivKeyTemplate[4].type = CKA_ID;
- rsaPrivKeyTemplate[4].pValue = id;
+ rsaPrivKeyTemplate[4].type = CKA_ID;
+ rsaPrivKeyTemplate[4].pValue = id;
rsaPrivKeyTemplate[4].ulValueLen = sizeof(id);
- rsaPrivKeyTemplate[5].type = CKA_SENSITIVE;
- rsaPrivKeyTemplate[5].pValue = &true;
+ rsaPrivKeyTemplate[5].type = CKA_SENSITIVE;
+ rsaPrivKeyTemplate[5].pValue = &true;
rsaPrivKeyTemplate[5].ulValueLen = sizeof(true);
- rsaPrivKeyTemplate[6].type = CKA_ENCRYPT;
- rsaPrivKeyTemplate[6].pValue = &true;
+ rsaPrivKeyTemplate[6].type = CKA_ENCRYPT;
+ rsaPrivKeyTemplate[6].pValue = &true;
rsaPrivKeyTemplate[6].ulValueLen = sizeof(true);
- rsaPrivKeyTemplate[7].type = CKA_DECRYPT;
- rsaPrivKeyTemplate[7].pValue = &true;
+ rsaPrivKeyTemplate[7].type = CKA_DECRYPT;
+ rsaPrivKeyTemplate[7].pValue = &true;
rsaPrivKeyTemplate[7].ulValueLen = sizeof(true);
- rsaPrivKeyTemplate[8].type = CKA_VERIFY;
- rsaPrivKeyTemplate[8].pValue = &true;
+ rsaPrivKeyTemplate[8].type = CKA_VERIFY;
+ rsaPrivKeyTemplate[8].pValue = &true;
rsaPrivKeyTemplate[8].ulValueLen = sizeof(true);
- rsaPrivKeyTemplate[9].type = CKA_SIGN;
- rsaPrivKeyTemplate[9].pValue = &true;
+ rsaPrivKeyTemplate[9].type = CKA_SIGN;
+ rsaPrivKeyTemplate[9].pValue = &true;
rsaPrivKeyTemplate[9].ulValueLen = sizeof(true);
- rsaPrivKeyTemplate[10].type = CKA_UNWRAP;
- rsaPrivKeyTemplate[10].pValue = &true;
+ rsaPrivKeyTemplate[10].type = CKA_UNWRAP;
+ rsaPrivKeyTemplate[10].pValue = &true;
rsaPrivKeyTemplate[10].ulValueLen = sizeof(true);
-
+
/* AES key template */
- sAESKeyTemplate[0].type = CKA_CLASS;
- sAESKeyTemplate[0].pValue = &class;
+ sAESKeyTemplate[0].type = CKA_CLASS;
+ sAESKeyTemplate[0].pValue = &class;
sAESKeyTemplate[0].ulValueLen = sizeof(class);
- sAESKeyTemplate[1].type = CKA_KEY_TYPE;
- sAESKeyTemplate[1].pValue = &keyAESType;
+ sAESKeyTemplate[1].type = CKA_KEY_TYPE;
+ sAESKeyTemplate[1].pValue = &keyAESType;
sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
- sAESKeyTemplate[2].type = CKA_LABEL;
- sAESKeyTemplate[2].pValue = AESlabel;
- sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel)-1;
- sAESKeyTemplate[3].type = CKA_ENCRYPT;
- sAESKeyTemplate[3].pValue = &true;
+ sAESKeyTemplate[2].type = CKA_LABEL;
+ sAESKeyTemplate[2].pValue = AESlabel;
+ sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1;
+ sAESKeyTemplate[3].type = CKA_ENCRYPT;
+ sAESKeyTemplate[3].pValue = &true;
sAESKeyTemplate[3].ulValueLen = sizeof(true);
- sAESKeyTemplate[4].type = CKA_DECRYPT;
- sAESKeyTemplate[4].pValue = &true;
+ sAESKeyTemplate[4].type = CKA_DECRYPT;
+ sAESKeyTemplate[4].pValue = &true;
sAESKeyTemplate[4].ulValueLen = sizeof(true);
- sAESKeyTemplate[5].type = CKA_SIGN;
- sAESKeyTemplate[5].pValue = &true;
- sAESKeyTemplate[5].ulValueLen = sizeof (true);
- sAESKeyTemplate[6].type = CKA_VERIFY;
- sAESKeyTemplate[6].pValue = &true;
+ sAESKeyTemplate[5].type = CKA_SIGN;
+ sAESKeyTemplate[5].pValue = &true;
+ sAESKeyTemplate[5].ulValueLen = sizeof(true);
+ sAESKeyTemplate[6].type = CKA_VERIFY;
+ sAESKeyTemplate[6].pValue = &true;
sAESKeyTemplate[6].ulValueLen = sizeof(true);
- sAESKeyTemplate[7].type = CKA_UNWRAP;
- sAESKeyTemplate[7].pValue = &true;
+ sAESKeyTemplate[7].type = CKA_UNWRAP;
+ sAESKeyTemplate[7].pValue = &true;
sAESKeyTemplate[7].ulValueLen = sizeof(true);
- sAESKeyTemplate[8].type = CKA_VALUE_LEN;
- sAESKeyTemplate[8].pValue = &AESvalueLen;
+ sAESKeyTemplate[8].type = CKA_VALUE_LEN;
+ sAESKeyTemplate[8].pValue = &AESvalueLen;
sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
/* DES3 key template */
- sDES3KeyTemplate[0].type = CKA_CLASS;
- sDES3KeyTemplate[0].pValue = &class;
+ sDES3KeyTemplate[0].type = CKA_CLASS;
+ sDES3KeyTemplate[0].pValue = &class;
sDES3KeyTemplate[0].ulValueLen = sizeof(class);
- sDES3KeyTemplate[1].type = CKA_KEY_TYPE;
- sDES3KeyTemplate[1].pValue = &keyDES3Type;
+ sDES3KeyTemplate[1].type = CKA_KEY_TYPE;
+ sDES3KeyTemplate[1].pValue = &keyDES3Type;
sDES3KeyTemplate[1].ulValueLen = sizeof(keyDES3Type);
- sDES3KeyTemplate[2].type = CKA_LABEL;
- sDES3KeyTemplate[2].pValue = DES3label;
- sDES3KeyTemplate[2].ulValueLen = sizeof(DES3label)-1;
- sDES3KeyTemplate[3].type = CKA_ENCRYPT;
- sDES3KeyTemplate[3].pValue = &true;
+ sDES3KeyTemplate[2].type = CKA_LABEL;
+ sDES3KeyTemplate[2].pValue = DES3label;
+ sDES3KeyTemplate[2].ulValueLen = sizeof(DES3label) - 1;
+ sDES3KeyTemplate[3].type = CKA_ENCRYPT;
+ sDES3KeyTemplate[3].pValue = &true;
sDES3KeyTemplate[3].ulValueLen = sizeof(true);
- sDES3KeyTemplate[4].type = CKA_DECRYPT;
- sDES3KeyTemplate[4].pValue = &true;
+ sDES3KeyTemplate[4].type = CKA_DECRYPT;
+ sDES3KeyTemplate[4].pValue = &true;
sDES3KeyTemplate[4].ulValueLen = sizeof(true);
- sDES3KeyTemplate[5].type = CKA_UNWRAP;
- sDES3KeyTemplate[5].pValue = &true;
+ sDES3KeyTemplate[5].type = CKA_UNWRAP;
+ sDES3KeyTemplate[5].pValue = &true;
sDES3KeyTemplate[5].ulValueLen = sizeof(true);
- sDES3KeyTemplate[6].type = CKA_SIGN,
- sDES3KeyTemplate[6].pValue = &true;
- sDES3KeyTemplate[6].ulValueLen = sizeof (true);
- sDES3KeyTemplate[7].type = CKA_VERIFY;
- sDES3KeyTemplate[7].pValue = &true;
+ sDES3KeyTemplate[6].type = CKA_SIGN,
+ sDES3KeyTemplate[6].pValue = &true;
+ sDES3KeyTemplate[6].ulValueLen = sizeof(true);
+ sDES3KeyTemplate[7].type = CKA_VERIFY;
+ sDES3KeyTemplate[7].pValue = &true;
sDES3KeyTemplate[7].ulValueLen = sizeof(true);
- sDES3KeyTemplate[8].type = CKA_VALUE_LEN;
- sDES3KeyTemplate[8].pValue = &DES3valueLen;
+ sDES3KeyTemplate[8].type = CKA_VALUE_LEN;
+ sDES3KeyTemplate[8].pValue = &DES3valueLen;
sDES3KeyTemplate[8].ulValueLen = sizeof(DES3valueLen);
-
+
/* mech init */
memset(IV, 0x01, sizeof(IV));
- mech_DES3_CBC.mechanism = CKM_DES3_CBC;
- mech_DES3_CBC.pParameter = IV;
+ mech_DES3_CBC.mechanism = CKM_DES3_CBC;
+ mech_DES3_CBC.pParameter = IV;
mech_DES3_CBC.ulParameterLen = sizeof(IV);
- mech_DES3_CBC_PAD.mechanism = CKM_DES3_CBC_PAD;
- mech_DES3_CBC_PAD.pParameter = IV;
+ mech_DES3_CBC_PAD.mechanism = CKM_DES3_CBC_PAD;
+ mech_DES3_CBC_PAD.pParameter = IV;
mech_DES3_CBC_PAD.ulParameterLen = sizeof(IV);
- mech_AES_CBC.mechanism = CKM_AES_CBC;
- mech_AES_CBC.pParameter = IV;
+ mech_AES_CBC.mechanism = CKM_AES_CBC;
+ mech_AES_CBC.pParameter = IV;
mech_AES_CBC.ulParameterLen = sizeof(IV);
- mech_AES_CBC_PAD.mechanism = CKM_AES_CBC_PAD;
- mech_AES_CBC_PAD.pParameter = IV;
+ mech_AES_CBC_PAD.mechanism = CKM_AES_CBC_PAD;
+ mech_AES_CBC_PAD.pParameter = IV;
mech_AES_CBC_PAD.ulParameterLen = sizeof(IV);
-
crv = pFunctionList->C_OpenSession(pSlotList[slotID],
CKF_RW_SESSION | CKF_SERIAL_SESSION,
NULL, NULL, &hRwSession);
if (crv == CKR_OK) {
PKM_LogIt("Opening a read/write session succeeded\n");
} else {
- PKM_Error( "Opening a read/write session failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("Opening a read/write session failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -1083,7 +1082,8 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
return CKR_GENERAL_ERROR;
} else {
PKM_LogIt("C_GenerateKey returned as EXPECTED with 0x%08X, %-26s\n"
- "since not logged in\n", crv, PKM_CK_RVtoStr(crv));
+ "since not logged in\n",
+ crv, PKM_CK_RVtoStr(crv));
}
crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech,
rsaPubKeyTemplate,
@@ -1096,7 +1096,8 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
return CKR_GENERAL_ERROR;
} else {
PKM_LogIt("C_GenerateKeyPair returned as EXPECTED with 0x%08X, "
- "%-26s\n since not logged in\n", crv,
+ "%-26s\n since not logged in\n",
+ crv,
PKM_CK_RVtoStr(crv));
}
}
@@ -1106,7 +1107,8 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
PKM_LogIt("C_Login with correct password succeeded\n");
} else {
PKM_Error("C_Login with correct password failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -1119,13 +1121,13 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_GenerateKey AES succeeded\n");
} else {
- PKM_Error( "C_GenerateKey AES failed with 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
-
+
PKM_LogIt("Generate an 3DES key ...\n");
- /* generate an 3DES Secret Key */
+ /* generate an 3DES Secret Key */
crv = pFunctionList->C_GenerateKey(hRwSession, &sDES3KeyGenMechanism,
sDES3KeyTemplate,
NUM_ELEM(sDES3KeyTemplate),
@@ -1133,8 +1135,8 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_GenerateKey DES3 succeeded\n");
} else {
- PKM_Error( "C_GenerateKey failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -1147,8 +1149,9 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("DSA domain parameter generation succeeded\n");
} else {
- PKM_Error( "DSA domain parameter generation failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("DSA domain parameter generation failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_GetAttributeValue(hRwSession, hDsaParams,
@@ -1156,19 +1159,21 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("Getting DSA domain parameters succeeded\n");
} else {
- PKM_Error( "Getting DSA domain parameters failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("Getting DSA domain parameters failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_DestroyObject(hRwSession, hDsaParams);
if (crv == CKR_OK) {
PKM_LogIt("Destroying DSA domain parameters succeeded\n");
} else {
- PKM_Error( "Destroying DSA domain parameters failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("Destroying DSA domain parameters failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
-
+
PKM_LogIt("Generate a DSA key pair ... \n");
/* Generate a persistent DSA key pair */
crv = pFunctionList->C_GenerateKeyPair(hRwSession, &dsaKeyPairGenMech,
@@ -1180,11 +1185,12 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("DSA key pair generation succeeded\n");
} else {
- PKM_Error( "DSA key pair generation failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("DSA key pair generation failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
-
+
PKM_LogIt("Generate a RSA key pair ... \n");
/*** GEN RSA Key ***/
crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech,
@@ -1197,355 +1203,371 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
PKM_LogIt("C_GenerateKeyPair created an RSA key pair. \n");
} else {
PKM_Error("C_GenerateKeyPair failed to create an RSA key pair.\n"
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
PKM_LogIt("**** Generation of keys completed ***** \n");
-
+
mech.mechanism = CKM_RSA_PKCS;
mech.pParameter = NULL;
mech.ulParameterLen = 0;
crv = PKM_wrapUnwrap(pFunctionList,
- hRwSession,
- hRSApubKey, hRSAprivKey,
- &mech,
- hAESSecKey,
- sAESKeyTemplate,
- NUM_ELEM(sAESKeyTemplate));
-
- if (crv == CKR_OK) {
+ hRwSession,
+ hRSApubKey, hRSAprivKey,
+ &mech,
+ hAESSecKey,
+ sAESKeyTemplate,
+ NUM_ELEM(sAESKeyTemplate));
+
+ if (crv == CKR_OK) {
PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap AES key "
"succeeded\n\n");
} else {
- PKM_Error( "PKM_wrapUnwrap using RSA keypair to wrap AES key failed "
- "with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_wrapUnwrap using RSA keypair to wrap AES key failed "
+ "with 0x%08X, %-26s\n",
+ crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_wrapUnwrap(pFunctionList,
- hRwSession,
- hRSApubKey, hRSAprivKey,
- &mech,
- hDES3SecKey,
- sDES3KeyTemplate,
- NUM_ELEM(sDES3KeyTemplate));
-
- if (crv == CKR_OK) {
+ hRwSession,
+ hRSApubKey, hRSAprivKey,
+ &mech,
+ hDES3SecKey,
+ sDES3KeyTemplate,
+ NUM_ELEM(sDES3KeyTemplate));
+
+ if (crv == CKR_OK) {
PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap DES3 key "
"succeeded\n\n");
} else {
- PKM_Error( "PKM_wrapUnwrap using RSA keypair to wrap DES3 key "
- "failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_wrapUnwrap using RSA keypair to wrap DES3 key "
+ "failed with 0x%08X, %-26s\n",
+ crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
- hAESSecKey, &mech_AES_CBC_PAD,
- PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+ hAESSecKey, &mech_AES_CBC_PAD,
+ PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
if (crv == CKR_OK) {
PKM_LogIt("PKM_SecKeyCrypt succeeded \n\n");
} else {
- PKM_Error( "PKM_SecKeyCrypt failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_SecKeyCrypt failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
-
+
crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
- hAESSecKey, &mech_AES_CBC,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hAESSecKey, &mech_AES_CBC,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
PKM_LogIt("PKM_SecKeyCrypt AES succeeded \n\n");
} else {
- PKM_Error( "PKM_SecKeyCrypt failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_SecKeyCrypt failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
- hDES3SecKey, &mech_DES3_CBC,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hDES3SecKey, &mech_DES3_CBC,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n");
} else {
- PKM_Error( "PKM_SecKeyCrypt DES3 failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_SecKeyCrypt DES3 failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
- hDES3SecKey, &mech_DES3_CBC_PAD,
- PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+ hDES3SecKey, &mech_DES3_CBC_PAD,
+ PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
if (crv == CKR_OK) {
PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n\n");
} else {
- PKM_Error( "PKM_SecKeyCrypt DES3 failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_SecKeyCrypt DES3 failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
-
+
mech.mechanism = CKM_RSA_PKCS;
crv = PKM_RecoverFunctions(pFunctionList, hRwSession,
- hRSApubKey, hRSAprivKey,
- &mech,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hRSApubKey, hRSAprivKey,
+ &mech,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
PKM_LogIt("PKM_RecoverFunctions for CKM_RSA_PKCS succeeded\n\n");
} else {
- PKM_Error( "PKM_RecoverFunctions failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_RecoverFunctions failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
mech.pParameter = NULL;
mech.ulParameterLen = 0;
- for (i=0; i < sigRSAMechsSZ; i++) {
+ for (i = 0; i < sigRSAMechsSZ; i++) {
mech.mechanism = sigRSAMechs[i].mechanism;
crv = PKM_PubKeySign(pFunctionList, hRwSession,
- hRSApubKey, hRSAprivKey,
- &mech,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hRSApubKey, hRSAprivKey,
+ &mech,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
- PKM_LogIt("PKM_PubKeySign succeeded for %-10s\n\n",
- sigRSAMechs[i].mechanismStr );
+ PKM_LogIt("PKM_PubKeySign succeeded for %-10s\n\n",
+ sigRSAMechs[i].mechanismStr);
} else {
- PKM_Error( "PKM_PubKeySign failed for %-10s "
- "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_PubKeySign failed for %-10s "
+ "with 0x%08X, %-26s\n",
+ sigRSAMechs[i].mechanismStr, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_DualFuncSign(pFunctionList, hRwSession,
- hRSApubKey, hRSAprivKey,
- &mech,
- hAESSecKey, &mech_AES_CBC,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hRSApubKey, hRSAprivKey,
+ &mech,
+ hAESSecKey, &mech_AES_CBC,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded "
- "for %-10s\n\n",
- sigRSAMechs[i].mechanismStr );
+ "for %-10s\n\n",
+ sigRSAMechs[i].mechanismStr);
} else {
- PKM_Error( "PKM_DualFuncSign with AES secret key failed "
- "for %-10s "
- "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_DualFuncSign with AES secret key failed "
+ "for %-10s "
+ "with 0x%08X, %-26s\n",
+ sigRSAMechs[i].mechanismStr, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_DualFuncSign(pFunctionList, hRwSession,
- hRSApubKey, hRSAprivKey,
- &mech,
- hDES3SecKey, &mech_DES3_CBC,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hRSApubKey, hRSAprivKey,
+ &mech,
+ hDES3SecKey, &mech_DES3_CBC,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded "
- "for %-10s\n\n",
- sigRSAMechs[i].mechanismStr );
+ "for %-10s\n\n",
+ sigRSAMechs[i].mechanismStr);
} else {
- PKM_Error( "PKM_DualFuncSign with DES3 secret key failed "
- "for %-10s "
- "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_DualFuncSign with DES3 secret key failed "
+ "for %-10s "
+ "with 0x%08X, %-26s\n",
+ sigRSAMechs[i].mechanismStr, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_DualFuncSign(pFunctionList, hRwSession,
- hRSApubKey, hRSAprivKey,
- &mech,
- hAESSecKey, &mech_AES_CBC_PAD,
- PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+ hRSApubKey, hRSAprivKey,
+ &mech,
+ hAESSecKey, &mech_AES_CBC_PAD,
+ PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
if (crv == CKR_OK) {
PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD "
- "succeeded for %-10s\n\n",
- sigRSAMechs[i].mechanismStr );
+ "succeeded for %-10s\n\n",
+ sigRSAMechs[i].mechanismStr);
} else {
- PKM_Error( "PKM_DualFuncSign with AES secret key CBC_PAD "
- "failed for %-10s "
- "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_DualFuncSign with AES secret key CBC_PAD "
+ "failed for %-10s "
+ "with 0x%08X, %-26s\n",
+ sigRSAMechs[i].mechanismStr, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_DualFuncSign(pFunctionList, hRwSession,
- hRSApubKey, hRSAprivKey,
- &mech,
- hDES3SecKey, &mech_DES3_CBC_PAD,
- PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+ hRSApubKey, hRSAprivKey,
+ &mech,
+ hDES3SecKey, &mech_DES3_CBC_PAD,
+ PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
if (crv == CKR_OK) {
PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD "
- "succeeded for %-10s\n\n",
- sigRSAMechs[i].mechanismStr );
+ "succeeded for %-10s\n\n",
+ sigRSAMechs[i].mechanismStr);
} else {
- PKM_Error( "PKM_DualFuncSign with DES3 secret key CBC_PAD "
- "failed for %-10s "
- "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_DualFuncSign with DES3 secret key CBC_PAD "
+ "failed for %-10s "
+ "with 0x%08X, %-26s\n",
+ sigRSAMechs[i].mechanismStr, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
} /* end of RSA for loop */
crv = PKM_PubKeySign(pFunctionList, hRwSession,
- hDSApubKey, hDSAprivKey,
- &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
+ hDSApubKey, hDSAprivKey,
+ &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
PKM_LogIt("PKM_PubKeySign for DSAwithSHA1 succeeded \n\n");
} else {
- PKM_Error( "PKM_PubKeySign failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_PubKeySign failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_DualFuncSign(pFunctionList, hRwSession,
- hDSApubKey, hDSAprivKey,
- &dsaWithSha1Mech,
- hAESSecKey, &mech_AES_CBC,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hDSApubKey, hDSAprivKey,
+ &dsaWithSha1Mech,
+ hAESSecKey, &mech_AES_CBC,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded "
- "for DSAWithSHA1\n\n");
+ "for DSAWithSHA1\n\n");
} else {
- PKM_Error( "PKM_DualFuncSign with AES secret key failed "
- "for DSAWithSHA1 with 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
- return crv;
+ PKM_Error("PKM_DualFuncSign with AES secret key failed "
+ "for DSAWithSHA1 with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
+ return crv;
}
crv = PKM_DualFuncSign(pFunctionList, hRwSession,
- hDSApubKey, hDSAprivKey,
- &dsaWithSha1Mech,
- hDES3SecKey, &mech_DES3_CBC,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hDSApubKey, hDSAprivKey,
+ &dsaWithSha1Mech,
+ hDES3SecKey, &mech_DES3_CBC,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded "
- "for DSAWithSHA1\n\n");
+ "for DSAWithSHA1\n\n");
} else {
- PKM_Error( "PKM_DualFuncSign with DES3 secret key failed "
- "for DSAWithSHA1 with 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
- return crv;
+ PKM_Error("PKM_DualFuncSign with DES3 secret key failed "
+ "for DSAWithSHA1 with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
+ return crv;
}
crv = PKM_DualFuncSign(pFunctionList, hRwSession,
- hDSApubKey, hDSAprivKey,
- &dsaWithSha1Mech,
- hAESSecKey, &mech_AES_CBC_PAD,
- PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+ hDSApubKey, hDSAprivKey,
+ &dsaWithSha1Mech,
+ hAESSecKey, &mech_AES_CBC_PAD,
+ PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
if (crv == CKR_OK) {
PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD succeeded "
- "for DSAWithSHA1\n\n");
+ "for DSAWithSHA1\n\n");
} else {
- PKM_Error( "PKM_DualFuncSign with AES secret key CBC_PAD failed "
- "for DSAWithSHA1 with 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
- return crv;
+ PKM_Error("PKM_DualFuncSign with AES secret key CBC_PAD failed "
+ "for DSAWithSHA1 with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
+ return crv;
}
crv = PKM_DualFuncSign(pFunctionList, hRwSession,
- hDSApubKey, hDSAprivKey,
- &dsaWithSha1Mech,
- hDES3SecKey, &mech_DES3_CBC_PAD,
- PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+ hDSApubKey, hDSAprivKey,
+ &dsaWithSha1Mech,
+ hDES3SecKey, &mech_DES3_CBC_PAD,
+ PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
if (crv == CKR_OK) {
PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD succeeded "
- "for DSAWithSHA1\n\n");
+ "for DSAWithSHA1\n\n");
} else {
- PKM_Error( "PKM_DualFuncSign with DES3 secret key CBC_PAD failed "
- "for DSAWithSHA1 with 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
- return crv;
+ PKM_Error("PKM_DualFuncSign with DES3 secret key CBC_PAD failed "
+ "for DSAWithSHA1 with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
+ return crv;
}
-
- for (i=0; i < digestMechsSZ; i++) {
+ for (i = 0; i < digestMechsSZ; i++) {
mech.mechanism = digestMechs[i].mechanism;
crv = PKM_Digest(pFunctionList, hRwSession,
- &mech, hAESSecKey,
- PLAINTEXT, sizeof(PLAINTEXT));
+ &mech, hAESSecKey,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
- PKM_LogIt("PKM_Digest with AES secret key succeeded for %-10s\n\n",
- digestMechs[i].mechanismStr);
+ PKM_LogIt("PKM_Digest with AES secret key succeeded for %-10s\n\n",
+ digestMechs[i].mechanismStr);
} else {
- PKM_Error( "PKM_Digest with AES secret key failed for "
- "%-10s with 0x%08X, %-26s\n",
- digestMechs[i].mechanismStr, crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_Digest with AES secret key failed for "
+ "%-10s with 0x%08X, %-26s\n",
+ digestMechs[i].mechanismStr, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_DualFuncDigest(pFunctionList, hRwSession,
- hAESSecKey, &mech_AES_CBC,
- 0,&mech,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hAESSecKey, &mech_AES_CBC,
+ 0, &mech,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
PKM_LogIt("PKM_DualFuncDigest with AES secret key succeeded\n\n");
} else {
- PKM_Error( "PKM_DualFuncDigest with AES secret key "
- "failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_DualFuncDigest with AES secret key "
+ "failed with 0x%08X, %-26s\n",
+ crv,
+ PKM_CK_RVtoStr(crv));
}
crv = PKM_Digest(pFunctionList, hRwSession,
- &mech, hDES3SecKey,
- PLAINTEXT, sizeof(PLAINTEXT));
+ &mech, hDES3SecKey,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
- PKM_LogIt("PKM_Digest with DES3 secret key succeeded for %-10s\n\n",
- digestMechs[i].mechanismStr);
+ PKM_LogIt("PKM_Digest with DES3 secret key succeeded for %-10s\n\n",
+ digestMechs[i].mechanismStr);
} else {
- PKM_Error( "PKM_Digest with DES3 secret key failed for "
- "%-10s with 0x%08X, %-26s\n",
- digestMechs[i].mechanismStr, crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_Digest with DES3 secret key failed for "
+ "%-10s with 0x%08X, %-26s\n",
+ digestMechs[i].mechanismStr, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_DualFuncDigest(pFunctionList, hRwSession,
- hDES3SecKey, &mech_DES3_CBC,
- 0,&mech,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hDES3SecKey, &mech_DES3_CBC,
+ 0, &mech,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
PKM_LogIt("PKM_DualFuncDigest DES3 secret key succeeded\n\n");
} else {
- PKM_Error( "PKM_DualFuncDigest DES3 secret key "
- "failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_DualFuncDigest DES3 secret key "
+ "failed with 0x%08X, %-26s\n",
+ crv,
+ PKM_CK_RVtoStr(crv));
}
crv = PKM_Digest(pFunctionList, hRwSession,
- &mech, 0,
- PLAINTEXT, sizeof(PLAINTEXT));
+ &mech, 0,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
- PKM_LogIt("PKM_Digest with no secret key succeeded for %-10s\n\n",
- digestMechs[i].mechanismStr );
+ PKM_LogIt("PKM_Digest with no secret key succeeded for %-10s\n\n",
+ digestMechs[i].mechanismStr);
} else {
- PKM_Error( "PKM_Digest with no secret key failed for %-10s "
- "with 0x%08X, %-26s\n", digestMechs[i].mechanismStr, crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_Digest with no secret key failed for %-10s "
+ "with 0x%08X, %-26s\n",
+ digestMechs[i].mechanismStr, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
} /* end of digest loop */
- for (i=0; i < hmacMechsSZ; i++) {
+ for (i = 0; i < hmacMechsSZ; i++) {
mech.mechanism = hmacMechs[i].mechanism;
crv = PKM_Hmac(pFunctionList, hRwSession,
- hAESSecKey, &mech,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hAESSecKey, &mech,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
- PKM_LogIt("PKM_Hmac with AES secret key succeeded for %-10s\n\n",
- hmacMechs[i].mechanismStr);
+ PKM_LogIt("PKM_Hmac with AES secret key succeeded for %-10s\n\n",
+ hmacMechs[i].mechanismStr);
} else {
- PKM_Error( "PKM_Hmac with AES secret key failed for %-10s "
- "with 0x%08X, %-26s\n",
- hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_Hmac with AES secret key failed for %-10s "
+ "with 0x%08X, %-26s\n",
+ hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
return crv;
}
- if ((MODE == FIPSMODE) && (mech.mechanism == CKM_SHA512_HMAC)) break;
+ if ((MODE == FIPSMODE) && (mech.mechanism == CKM_SHA512_HMAC))
+ break;
crv = PKM_Hmac(pFunctionList, hRwSession,
- hDES3SecKey, &mech,
- PLAINTEXT, sizeof(PLAINTEXT));
+ hDES3SecKey, &mech,
+ PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
- PKM_LogIt("PKM_Hmac with DES3 secret key succeeded for %-10s\n\n",
- hmacMechs[i].mechanismStr);
+ PKM_LogIt("PKM_Hmac with DES3 secret key succeeded for %-10s\n\n",
+ hmacMechs[i].mechanismStr);
} else {
- PKM_Error( "PKM_Hmac with DES3 secret key failed for %-10s "
- "with 0x%08X, %-26s\n",
- hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_Hmac with DES3 secret key failed for %-10s "
+ "with 0x%08X, %-26s\n",
+ hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -1555,42 +1577,45 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_Logout succeeded\n");
} else {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseSession(hRwSession);
if (crv != CKR_OK) {
- PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
return crv;
-
}
-void PKM_LogIt(const char *fmt, ...) {
+void
+PKM_LogIt(const char *fmt, ...)
+{
va_list args;
-
+
if (verbose) {
- va_start (args, fmt);
+ va_start(args, fmt);
if (MODE == FIPSMODE) {
printf("FIPS MODE: ");
} else if (MODE == NONFIPSMODE) {
printf("NON FIPS MODE: ");
} else if (MODE == HYBRIDMODE) {
printf("Hybrid MODE: ");
- }
+ }
vprintf(fmt, args);
va_end(args);
}
}
-void PKM_Error(const char *fmt, ...) {
+void
+PKM_Error(const char *fmt, ...)
+{
va_list args;
- va_start (args, fmt);
+ va_start(args, fmt);
if (MODE == FIPSMODE) {
fprintf(stderr, "\nFIPS MODE PKM_Error: ");
@@ -1598,158 +1623,167 @@ void PKM_Error(const char *fmt, ...) {
fprintf(stderr, "NON FIPS MODE PKM_Error: ");
} else if (MODE == HYBRIDMODE) {
fprintf(stderr, "Hybrid MODE PKM_Error: ");
- } else fprintf(stderr, "NOMODE PKM_Error: ");
+ } else
+ fprintf(stderr, "NOMODE PKM_Error: ");
vfprintf(stderr, fmt, args);
va_end(args);
}
-CK_SLOT_ID *PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_ULONG slotID) {
+CK_SLOT_ID *
+PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_ULONG slotID)
+{
CK_RV crv = CKR_OK;
CK_SLOT_ID *pSlotList = NULL;
CK_ULONG slotCount;
-
+
NUMTESTS++; /* increment NUMTESTS */
/* Get slot list */
crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
NULL, &slotCount);
if (crv != CKR_OK) {
- PKM_Error( "C_GetSlotList failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GetSlotList failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return NULL;
}
PKM_LogIt("C_GetSlotList reported there are %lu slots\n", slotCount);
pSlotList = (CK_SLOT_ID *)malloc(slotCount * sizeof(CK_SLOT_ID));
if (!pSlotList) {
- PKM_Error( "failed to allocate slot list\n");
+ PKM_Error("failed to allocate slot list\n");
return NULL;
}
crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
pSlotList, &slotCount);
if (crv != CKR_OK) {
- PKM_Error( "C_GetSlotList failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
- if (pSlotList) free(pSlotList);
+ PKM_Error("C_GetSlotList failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
+ if (pSlotList)
+ free(pSlotList);
return NULL;
}
return pSlotList;
}
-CK_RV PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
+CK_RV
+PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
CK_RV crv = CKR_OK;
CK_SESSION_HANDLE hSession;
- static const CK_UTF8CHAR testPin[] = {"0Mozilla"};
- static const CK_UTF8CHAR weakPin[] = {"mozilla"};
+ static const CK_UTF8CHAR testPin[] = { "0Mozilla" };
+ static const CK_UTF8CHAR weakPin[] = { "mozilla" };
crv = pFunctionList->C_OpenSession(pSlotList[slotID],
CKF_RW_SESSION | CKF_SERIAL_SESSION,
NULL, NULL, &hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER);
+ PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER);
crv = pFunctionList->C_Login(hSession, CKU_SO, NULL, 0);
if (crv != CKR_OK) {
- PKM_Error( "C_Login failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Login failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
if (MODE == FIPSMODE) {
- crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *) weakPin,
+ crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *)weakPin,
strlen((char *)weakPin));
if (crv == CKR_OK) {
- PKM_Error( "C_InitPIN with a weak password succeeded\n");
+ PKM_Error("C_InitPIN with a weak password succeeded\n");
return crv;
} else {
PKM_LogIt("C_InitPIN with a weak password failed with "
- "0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ "0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
}
}
- crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *) testPin,
+ crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *)testPin,
strlen((char *)testPin));
if (crv == CKR_OK) {
PKM_LogIt("C_InitPIN succeeded\n");
} else {
- PKM_Error( "C_InitPIN failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_InitPIN failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_Logout(hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseSession(hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
-
crv = pFunctionList->C_OpenSession(pSlotList[slotID],
CKF_RW_SESSION | CKF_SERIAL_SESSION,
NULL, NULL, &hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER);
+ PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER);
- crv = pFunctionList->C_Login(hSession, CKU_USER, (CK_UTF8CHAR *) testPin,
+ crv = pFunctionList->C_Login(hSession, CKU_USER, (CK_UTF8CHAR *)testPin,
strlen((const char *)testPin));
if (crv != CKR_OK) {
- PKM_Error( "C_Login failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Login failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
if (MODE == FIPSMODE) {
crv = pFunctionList->C_SetPIN(
- hSession, (CK_UTF8CHAR *) testPin,
- strlen((const char *)testPin),
- (CK_UTF8CHAR *) weakPin,
- strlen((const char *)weakPin));
+ hSession, (CK_UTF8CHAR *)testPin,
+ strlen((const char *)testPin),
+ (CK_UTF8CHAR *)weakPin,
+ strlen((const char *)weakPin));
if (crv == CKR_OK) {
- PKM_Error( "C_SetPIN with a weak password succeeded\n");
+ PKM_Error("C_SetPIN with a weak password succeeded\n");
return crv;
} else {
PKM_LogIt("C_SetPIN with a weak password returned with "
- "0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ "0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
}
}
crv = pFunctionList->C_SetPIN(
- hSession, (CK_UTF8CHAR *) testPin,
- strlen((const char *)testPin),
- pwd, pwdLen);
+ hSession, (CK_UTF8CHAR *)testPin,
+ strlen((const char *)testPin),
+ pwd, pwdLen);
if (crv != CKR_OK) {
- PKM_Error( "C_CSetPin failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CSetPin failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_Logout(hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseSession(hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
return crv;
}
-CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) {
+CK_RV
+PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID)
+{
CK_RV crv = CKR_OK;
CK_INFO info;
CK_SLOT_ID *pSlotList = NULL;
@@ -1758,16 +1792,15 @@ CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) {
CK_SLOT_INFO slotInfo;
CK_TOKEN_INFO tokenInfo;
CK_FLAGS bitflag;
-
- NUMTESTS++; /* increment NUMTESTS */
+ NUMTESTS++; /* increment NUMTESTS */
crv = pFunctionList->C_GetInfo(&info);
if (crv == CKR_OK) {
PKM_LogIt("C_GetInfo succeeded\n");
} else {
- PKM_Error( "C_GetInfo failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GetInfo failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
PKM_LogIt("General information about the PKCS #11 library:\n");
@@ -1784,15 +1817,15 @@ CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) {
/* Get slot list */
pSlotList = PKM_GetSlotList(pFunctionList, slotID);
if (pSlotList == NULL) {
- PKM_Error( "PKM_GetSlotList failed with \n");
+ PKM_Error("PKM_GetSlotList failed with \n");
return crv;
}
crv = pFunctionList->C_GetSlotInfo(pSlotList[slotID], &slotInfo);
if (crv == CKR_OK) {
PKM_LogIt("C_GetSlotInfo succeeded\n");
} else {
- PKM_Error( "C_GetSlotInfo failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GetSlotInfo failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
PKM_LogIt("Information about slot %lu:\n", pSlotList[slotID]);
@@ -1800,7 +1833,7 @@ CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) {
PKM_LogIt(" slot manufacturer ID: %.32s\n", slotInfo.manufacturerID);
PKM_LogIt(" flags: 0x%08lX\n", slotInfo.flags);
bitflag = 1;
- for (i = 0; i < sizeof(slotFlagName)/sizeof(slotFlagName[0]); i++) {
+ for (i = 0; i < sizeof(slotFlagName) / sizeof(slotFlagName[0]); i++) {
if (slotInfo.flags & bitflag) {
PKM_LogIt(" %s\n", slotFlagName[i]);
}
@@ -1818,8 +1851,8 @@ CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) {
if (crv == CKR_OK) {
PKM_LogIt("C_GetTokenInfo succeeded\n");
} else {
- PKM_Error( "C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
PKM_LogIt("Information about the token in slot %lu:\n",
@@ -1831,7 +1864,7 @@ CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) {
PKM_LogIt(" device serial number: %.16s\n", tokenInfo.serialNumber);
PKM_LogIt(" flags: 0x%08lX\n", tokenInfo.flags);
bitflag = 1;
- for (i = 0; i < sizeof(tokenFlagName)/sizeof(tokenFlagName[0]); i++) {
+ for (i = 0; i < sizeof(tokenFlagName) / sizeof(tokenFlagName[0]); i++) {
if (tokenInfo.flags & bitflag) {
PKM_LogIt(" %s\n", tokenFlagName[i]);
}
@@ -1864,7 +1897,8 @@ CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) {
PKM_LogIt(" current time: %.16s\n", tokenInfo.utcTime);
}
PKM_LogIt("PKM_ShowInfo done \n\n");
- if (pSlotList) free(pSlotList);
+ if (pSlotList)
+ free(pSlotList);
return crv;
}
@@ -1877,10 +1911,12 @@ CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) {
/* is inactive. */
/* PKM_HybridMode demostrates how an application can switch between the */
/* two modes: FIPS Approved mode and NONFIPS mode. */
-CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
- CK_C_INITIALIZE_ARGS_NSS *initArgs) {
+CK_RV
+PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+ CK_C_INITIALIZE_ARGS_NSS *initArgs)
+{
- CK_C_GetFunctionList pC_GetFunctionList; /* NONFIPSMode */
+ CK_C_GetFunctionList pC_GetFunctionList; /* NONFIPSMode */
CK_FUNCTION_LIST_PTR pC_FunctionList;
CK_SLOT_ID *pC_SlotList = NULL;
CK_ULONG slotID_C = 1;
@@ -1890,22 +1926,22 @@ CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
CK_ULONG slotID_FC = 0;
CK_RV crv = CKR_OK;
CK_SESSION_HANDLE hSession;
- int origMode = MODE; /* remember the orginal MODE value */
+ int origMode = MODE; /* remember the orginal MODE value */
NUMTESTS++; /* increment NUMTESTS */
MODE = NONFIPSMODE;
#ifdef _WIN32
/* NON FIPS mode == C_GetFunctionList */
pC_GetFunctionList = (CK_C_GetFunctionList)
- GetProcAddress(hModule, "C_GetFunctionList");
+ GetProcAddress(hModule, "C_GetFunctionList");
if (pC_GetFunctionList == NULL) {
- PKM_Error( "cannot load %s\n", LIB_NAME);
+ PKM_Error("cannot load %s\n", LIB_NAME);
return crv;
}
#else
- pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
- "C_GetFunctionList");
- assert(pC_GetFunctionList != NULL);
+ pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
+ "C_GetFunctionList");
+ assert(pC_GetFunctionList != NULL);
#endif
PKM_LogIt("loading C_GetFunctionList for Non FIPS Mode; slotID %d \n",
slotID_C);
@@ -1917,14 +1953,14 @@ CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
if (crv == CKR_OK) {
PKM_LogIt("C_Initialize succeeded\n");
} else {
- PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
pC_SlotList = PKM_GetSlotList(pC_FunctionList, slotID_C);
if (pC_SlotList == NULL) {
- PKM_Error( "PKM_GetSlotList failed with \n");
+ PKM_Error("PKM_GetSlotList failed with \n");
return crv;
}
crv = pC_FunctionList->C_OpenSession(pC_SlotList[slotID_C],
@@ -1933,8 +1969,9 @@ CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
if (crv == CKR_OK) {
PKM_LogIt("NONFIPS C_OpenSession succeeded\n");
} else {
- PKM_Error( "C_OpenSession failed for NONFIPS token "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_OpenSession failed for NONFIPS token "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -1942,8 +1979,9 @@ CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
if (crv == CKR_OK) {
PKM_LogIt("able to login in NONFIPS token\n");
} else {
- PKM_Error( "Unable to login in to NONFIPS token "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("Unable to login in to NONFIPS token "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -1951,8 +1989,8 @@ CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
if (crv == CKR_OK) {
PKM_LogIt("C_Logout succeeded\n");
} else {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -1961,21 +1999,21 @@ CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
/* Now load the FIPS token */
/* FIPS mode == FC_GetFunctionList */
- pFC_GetFunctionList = NULL;
+ pFC_GetFunctionList = NULL;
#ifdef _WIN32
pFC_GetFunctionList = (CK_C_GetFunctionList)
- GetProcAddress(hModule, "FC_GetFunctionList");
+ GetProcAddress(hModule, "FC_GetFunctionList");
#else
- pFC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
- "FC_GetFunctionList");
- assert(pFC_GetFunctionList != NULL);
+ pFC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
+ "FC_GetFunctionList");
+ assert(pFC_GetFunctionList != NULL);
#endif
PKM_LogIt("loading FC_GetFunctionList for FIPS Mode; slotID %d \n",
slotID_FC);
PKM_LogIt("pFC_FunctionList->C_Foo == pFC_FunctionList->FC_Foo\n");
if (pFC_GetFunctionList == NULL) {
- PKM_Error( "unable to load pFC_GetFunctionList\n");
+ PKM_Error("unable to load pFC_GetFunctionList\n");
return crv;
}
@@ -1987,15 +2025,15 @@ CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
if (crv == CKR_OK) {
PKM_LogIt("FC_Initialize succeeded\n");
} else {
- PKM_Error( "FC_Initialize failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("FC_Initialize failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
PKM_ShowInfo(pFC_FunctionList, slotID_FC);
pFC_SlotList = PKM_GetSlotList(pFC_FunctionList, slotID_FC);
if (pFC_SlotList == NULL) {
- PKM_Error( "PKM_GetSlotList failed with \n");
+ PKM_Error("PKM_GetSlotList failed with \n");
return crv;
}
@@ -2010,8 +2048,9 @@ CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
if (crv == CKR_OK) {
PKM_LogIt("NONFIPS pC_CloseSession succeeded\n");
} else {
- PKM_Error( "pC_CloseSession failed for NONFIPS token "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("pC_CloseSession failed for NONFIPS token "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -2019,16 +2058,16 @@ CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
"only when the NONFIPS Approved mode is inactive by \n"
"calling C_Finalize on the NONFIPS token.\n");
-
/* to go in FIPSMODE you must Finalize the NONFIPS mode pointer */
crv = pC_FunctionList->C_Finalize(NULL);
if (crv == CKR_OK) {
PKM_LogIt("C_Finalize of NONFIPS Token succeeded\n");
MODE = FIPSMODE;
} else {
- PKM_Error( "C_Finalize of NONFIPS Token failed with "
- "0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Finalize of NONFIPS Token failed with "
+ "0x%08X, %-26s\n",
+ crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -2041,27 +2080,31 @@ CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
PKM_LogIt("Exiting FIPSMODE by caling FC_Finalize.\n");
MODE = NOMODE;
} else {
- PKM_Error( "FC_Finalize failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("FC_Finalize failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- if (pC_SlotList) free(pC_SlotList);
- if (pFC_SlotList) free(pFC_SlotList);
+ if (pC_SlotList)
+ free(pC_SlotList);
+ if (pFC_SlotList)
+ free(pFC_SlotList);
MODE = origMode; /* set the mode back to the orginal Mode value */
PKM_LogIt("PKM_HybridMode test Completed\n\n");
return crv;
}
-CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID) {
+CK_RV
+PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID)
+{
CK_RV crv = CKR_OK;
CK_MECHANISM_TYPE *pMechanismList;
CK_ULONG mechanismCount;
CK_ULONG i;
- const char * mechName = NULL;
+ const char *mechName = NULL;
NUMTESTS++; /* increment NUMTESTS */
@@ -2069,23 +2112,23 @@ CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_GetMechanismList(pSlotList[slotID],
NULL, &mechanismCount);
if (crv != CKR_OK) {
- PKM_Error( "C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
PKM_LogIt("C_GetMechanismList reported there are %lu mechanisms\n",
mechanismCount);
pMechanismList = (CK_MECHANISM_TYPE *)
- malloc(mechanismCount * sizeof(CK_MECHANISM_TYPE));
+ malloc(mechanismCount * sizeof(CK_MECHANISM_TYPE));
if (!pMechanismList) {
- PKM_Error( "failed to allocate mechanism list\n");
+ PKM_Error("failed to allocate mechanism list\n");
return crv;
}
crv = pFunctionList->C_GetMechanismList(pSlotList[slotID],
pMechanismList, &mechanismCount);
if (crv != CKR_OK) {
- PKM_Error( "C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
PKM_LogIt("C_GetMechanismList returned the mechanism types:\n");
@@ -2096,87 +2139,91 @@ CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
/* output two mechanism name on each line */
/* currently the longest known mechansim name length is 37 */
if (mechName) {
- printf("%-40s",mechName);
+ printf("%-40s", mechName);
} else {
printf("Unknown mechanism: 0x%08lX ", pMechanismList[i]);
- }
- if ((i % 2) == 1 ) printf("\n");
+ }
+ if ((i % 2) == 1)
+ printf("\n");
}
printf("\n\n");
}
- for ( i = 0; i < mechanismCount; i++ ) {
+ for (i = 0; i < mechanismCount; i++) {
CK_MECHANISM_INFO minfo;
memset(&minfo, 0, sizeof(CK_MECHANISM_INFO));
crv = pFunctionList->C_GetMechanismInfo(pSlotList[slotID],
pMechanismList[i], &minfo);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_GetMechanismInfo(%lu, %lu) returned 0x%08X, %-26s\n",
- pSlotList[slotID], pMechanismList[i], crv,
- PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_GetMechanismInfo(%lu, %lu) returned 0x%08X, %-26s\n",
+ pSlotList[slotID], pMechanismList[i], crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
mechName = getName(pMechanismList[i], ConstMechanism);
- if (!mechName) mechName = "Unknown mechanism";
- PKM_LogIt( " [%lu]: CK_MECHANISM_TYPE = %s 0x%08lX\n", (i+1),
- mechName,
- pMechanismList[i]);
- PKM_LogIt( " ulMinKeySize = %lu\n", minfo.ulMinKeySize);
- PKM_LogIt( " ulMaxKeySize = %lu\n", minfo.ulMaxKeySize);
- PKM_LogIt( " flags = 0x%08x\n", minfo.flags);
- PKM_LogIt( " -> HW = %s\n", minfo.flags & CKF_HW ?
- "TRUE" : "FALSE");
- PKM_LogIt( " -> ENCRYPT = %s\n", minfo.flags & CKF_ENCRYPT ?
- "TRUE" : "FALSE");
- PKM_LogIt( " -> DECRYPT = %s\n", minfo.flags & CKF_DECRYPT ?
- "TRUE" : "FALSE");
- PKM_LogIt( " -> DIGEST = %s\n", minfo.flags & CKF_DIGEST ?
- "TRUE" : "FALSE");
- PKM_LogIt( " -> SIGN = %s\n", minfo.flags & CKF_SIGN ?
- "TRUE" : "FALSE");
- PKM_LogIt( " -> SIGN_RECOVER = %s\n", minfo.flags &
- CKF_SIGN_RECOVER ? "TRUE" : "FALSE");
- PKM_LogIt( " -> VERIFY = %s\n", minfo.flags & CKF_VERIFY ?
- "TRUE" : "FALSE");
- PKM_LogIt( " -> VERIFY_RECOVER = %s\n",
- minfo.flags & CKF_VERIFY_RECOVER ? "TRUE" : "FALSE");
- PKM_LogIt( " -> GENERATE = %s\n", minfo.flags & CKF_GENERATE ?
- "TRUE" : "FALSE");
- PKM_LogIt( " -> GENERATE_KEY_PAIR = %s\n",
- minfo.flags & CKF_GENERATE_KEY_PAIR ? "TRUE" : "FALSE");
- PKM_LogIt( " -> WRAP = %s\n", minfo.flags & CKF_WRAP ?
- "TRUE" : "FALSE");
- PKM_LogIt( " -> UNWRAP = %s\n", minfo.flags & CKF_UNWRAP ?
- "TRUE" : "FALSE");
- PKM_LogIt( " -> DERIVE = %s\n", minfo.flags & CKF_DERIVE ?
- "TRUE" : "FALSE");
- PKM_LogIt( " -> EXTENSION = %s\n", minfo.flags & CKF_EXTENSION ?
- "TRUE" : "FALSE");
-
- PKM_LogIt( "\n");
+ if (!mechName)
+ mechName = "Unknown mechanism";
+ PKM_LogIt(" [%lu]: CK_MECHANISM_TYPE = %s 0x%08lX\n", (i + 1),
+ mechName,
+ pMechanismList[i]);
+ PKM_LogIt(" ulMinKeySize = %lu\n", minfo.ulMinKeySize);
+ PKM_LogIt(" ulMaxKeySize = %lu\n", minfo.ulMaxKeySize);
+ PKM_LogIt(" flags = 0x%08x\n", minfo.flags);
+ PKM_LogIt(" -> HW = %s\n", minfo.flags & CKF_HW ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> ENCRYPT = %s\n", minfo.flags & CKF_ENCRYPT ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> DECRYPT = %s\n", minfo.flags & CKF_DECRYPT ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> DIGEST = %s\n", minfo.flags & CKF_DIGEST ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> SIGN = %s\n", minfo.flags & CKF_SIGN ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> SIGN_RECOVER = %s\n", minfo.flags &
+ CKF_SIGN_RECOVER
+ ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> VERIFY = %s\n", minfo.flags & CKF_VERIFY ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> VERIFY_RECOVER = %s\n",
+ minfo.flags & CKF_VERIFY_RECOVER ? "TRUE" : "FALSE");
+ PKM_LogIt(" -> GENERATE = %s\n", minfo.flags & CKF_GENERATE ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> GENERATE_KEY_PAIR = %s\n",
+ minfo.flags & CKF_GENERATE_KEY_PAIR ? "TRUE" : "FALSE");
+ PKM_LogIt(" -> WRAP = %s\n", minfo.flags & CKF_WRAP ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> UNWRAP = %s\n", minfo.flags & CKF_UNWRAP ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> DERIVE = %s\n", minfo.flags & CKF_DERIVE ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> EXTENSION = %s\n", minfo.flags & CKF_EXTENSION ? "TRUE"
+ : "FALSE");
+
+ PKM_LogIt("\n");
}
-
return crv;
-
}
-CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID * pSlotList,
- CK_ULONG slotID) {
+CK_RV
+PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
+ CK_ULONG slotID)
+{
CK_SESSION_HANDLE hSession;
CK_RV crv = CKR_OK;
CK_BYTE randomData[16];
- CK_BYTE seed[] = {0x01, 0x03, 0x35, 0x55, 0xFF};
+ CK_BYTE seed[] = { 0x01, 0x03, 0x35, 0x55, 0xFF };
NUMTESTS++; /* increment NUMTESTS */
crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
NULL, NULL, &hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -2185,16 +2232,18 @@ CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID * pSlotList,
if (crv == CKR_OK) {
PKM_LogIt("C_GenerateRandom without login succeeded\n");
} else {
- PKM_Error( "C_GenerateRandom without login failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GenerateRandom without login failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_SeedRandom(hSession, seed, sizeof(seed));
if (crv == CKR_OK) {
PKM_LogIt("C_SeedRandom without login succeeded\n");
} else {
- PKM_Error( "C_SeedRandom without login failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SeedRandom without login failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_GenerateRandom(hSession,
@@ -2202,70 +2251,74 @@ CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID * pSlotList,
if (crv == CKR_OK) {
PKM_LogIt("C_GenerateRandom without login succeeded\n");
} else {
- PKM_Error( "C_GenerateRandom without login failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GenerateRandom without login failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseSession(hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
return crv;
-
}
-CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID *pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
+CK_RV
+PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
CK_SESSION_HANDLE hSession;
CK_RV crv = CKR_OK;
-
+
NUMTESTS++; /* increment NUMTESTS */
crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
NULL, NULL, &hSession);
if (crv != CKR_OK) {
- PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- crv = pFunctionList->C_Login(hSession, CKU_USER, (unsigned char *)
- "netscape", 8);
+ crv = pFunctionList->C_Login(hSession, CKU_USER, (unsigned char *)"netscape", 8);
if (crv == CKR_OK) {
PKM_Error("C_Login with wrong password succeeded\n");
return CKR_FUNCTION_FAILED;
} else {
PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
- "%-26s.\n ", crv, PKM_CK_RVtoStr(crv));
+ "%-26s.\n ",
+ crv, PKM_CK_RVtoStr(crv));
}
- crv = pFunctionList->C_Login(hSession, CKU_USER, (unsigned char *)
- "red hat", 7);
+ crv = pFunctionList->C_Login(hSession, CKU_USER, (unsigned char *)"red hat", 7);
if (crv == CKR_OK) {
PKM_Error("C_Login with wrong password succeeded\n");
return CKR_FUNCTION_FAILED;
} else {
PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
- "%-26s.\n ", crv, PKM_CK_RVtoStr(crv));
+ "%-26s.\n ",
+ crv, PKM_CK_RVtoStr(crv));
}
- crv = pFunctionList->C_Login(hSession, CKU_USER,
- (unsigned char *) "sun", 3);
+ crv = pFunctionList->C_Login(hSession, CKU_USER,
+ (unsigned char *)"sun", 3);
if (crv == CKR_OK) {
PKM_Error("C_Login with wrong password succeeded\n");
return CKR_FUNCTION_FAILED;
} else {
PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
- "%-26s.\n ", crv, PKM_CK_RVtoStr(crv));
+ "%-26s.\n ",
+ crv, PKM_CK_RVtoStr(crv));
}
crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
if (crv == CKR_OK) {
PKM_LogIt("C_Login with correct password succeeded\n");
} else {
PKM_Error("C_Login with correct password failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -2273,20 +2326,19 @@ CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_Logout succeeded\n");
} else {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseSession(hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
return crv;
-
}
/*
@@ -2303,9 +2355,11 @@ CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
* value CKR_FUNCTION_NOT_PARALLEL.
*
*/
-CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
+CK_RV
+PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
CK_SESSION_HANDLE hSession;
CK_RV crv = CKR_OK;
NUMTESTS++; /* increment NUMTESTS */
@@ -2313,8 +2367,8 @@ CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
NULL, NULL, &hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -2322,8 +2376,9 @@ CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_Login with correct password succeeded\n");
} else {
- PKM_Error( "C_Login with correct password failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Login with correct password failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -2332,8 +2387,9 @@ CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
PKM_LogIt("C_GetFunctionStatus correctly"
"returned CKR_FUNCTION_NOT_PARALLEL \n");
} else {
- PKM_Error( "C_GetFunctionStatus failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GetFunctionStatus failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -2342,8 +2398,9 @@ CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
PKM_LogIt("C_CancelFunction correctly "
"returned CKR_FUNCTION_NOT_PARALLEL \n");
} else {
- PKM_Error( "C_CancelFunction failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CancelFunction failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -2351,20 +2408,19 @@ CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_Logout succeeded\n");
} else {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseSession(hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
return crv;
-
}
/*
@@ -2377,12 +2433,14 @@ CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
*
*/
-CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
- CK_OBJECT_HANDLE hSecKeyDigest,
- CK_MECHANISM *digestMech,
- const CK_BYTE * pData, CK_ULONG pDataLen) {
+CK_RV
+PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
+ CK_OBJECT_HANDLE hSecKeyDigest,
+ CK_MECHANISM *digestMech,
+ const CK_BYTE *pData, CK_ULONG pDataLen)
+{
CK_RV crv = CKR_OK;
CK_BYTE eDigest[MAX_DIGEST_SZ];
CK_BYTE dDigest[MAX_DIGEST_SZ];
@@ -2405,44 +2463,43 @@ CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
*/
crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSecKey);
if (crv != CKR_OK) {
- PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_DigestInit(hSession, digestMech);
if (crv != CKR_OK) {
- PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
ciphertextLen = sizeof(ciphertext);
- crv = pFunctionList->C_DigestEncryptUpdate(hSession, (CK_BYTE * ) pData,
+ crv = pFunctionList->C_DigestEncryptUpdate(hSession, (CK_BYTE *)pData,
pDataLen,
ciphertext, &ciphertextLen);
if (crv != CKR_OK) {
- PKM_Error( "C_DigestEncryptUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DigestEncryptUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
ulDigestLen = sizeof(eDigest);
crv = pFunctionList->C_DigestFinal(hSession, eDigest, &ulDigestLen);
if (crv != CKR_OK) {
- PKM_Error( "C_DigestFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
-
/* get the last piece of ciphertext (length should be 0 */
lastLen = sizeof(ciphertext) - ciphertextLen;
crv = pFunctionList->C_EncryptFinal(hSession,
- (CK_BYTE * )&ciphertext[ciphertextLen],
- &lastLen);
+ (CK_BYTE *)&ciphertext[ciphertextLen],
+ &lastLen);
if (crv != CKR_OK) {
- PKM_Error( "C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
ciphertextLen = ciphertextLen + lastLen;
@@ -2462,14 +2519,14 @@ CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
/* Decrypt the text */
crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSecKey);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_DigestInit(hSession, digestMech);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -2479,18 +2536,18 @@ CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
plaintext,
&plaintextLen);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptDigestUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptDigestUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
lastLen = sizeof(plaintext) - plaintextLen;
crv = pFunctionList->C_DecryptFinal(hSession,
- (CK_BYTE * )&plaintext[plaintextLen],
+ (CK_BYTE *)&plaintext[plaintextLen],
&lastLen);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
plaintextLen = plaintextLen + lastLen;
@@ -2498,16 +2555,16 @@ CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
ulDigestLen = sizeof(dDigest);
crv = pFunctionList->C_DigestFinal(hSession, dDigest, &ulDigestLen);
if (crv != CKR_OK) {
- PKM_Error( "C_DigestFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
if (plaintextLen != pDataLen) {
- PKM_Error( "plaintextLen is %lu\n", plaintextLen);
+ PKM_Error("plaintextLen is %lu\n", plaintextLen);
return crv;
}
-
+
if (verbose) {
printf("plaintext = ");
for (i = 0; i < plaintextLen; i++) {
@@ -2520,22 +2577,21 @@ CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
}
printf("\n");
}
-
+
if (memcmp(eDigest, dDigest, ulDigestLen) == 0) {
PKM_LogIt("Encrypted Digest equals Decrypted Digest\n");
} else {
- PKM_Error( "Digests don't match\n");
+ PKM_Error("Digests don't match\n");
}
if ((plaintextLen == pDataLen) &&
- (memcmp(plaintext, pData, pDataLen)) == 0) {
+ (memcmp(plaintext, pData, pDataLen)) == 0) {
PKM_LogIt("DualFuncDigest decrypt test case passed\n");
} else {
- PKM_Error( "DualFuncDigest derypt test case failed\n");
+ PKM_Error("DualFuncDigest derypt test case failed\n");
}
return crv;
-
}
/*
@@ -2543,19 +2599,21 @@ CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
*
*/
-CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech,
- const CK_BYTE * pData, CK_ULONG dataLen) {
+CK_RV
+PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech,
+ const CK_BYTE *pData, CK_ULONG dataLen)
+{
CK_RV crv = CKR_OK;
CK_BYTE cipher1[MAX_CIPHER_SZ];
CK_BYTE cipher2[MAX_CIPHER_SZ];
CK_BYTE data1[MAX_DATA_SZ];
CK_BYTE data2[MAX_DATA_SZ];
- CK_ULONG cipher1Len =0, cipher2Len =0, lastLen =0;
- CK_ULONG data1Len =0, data2Len =0;
-
+ CK_ULONG cipher1Len = 0, cipher2Len = 0, lastLen = 0;
+ CK_ULONG data1Len = 0, data2Len = 0;
+
NUMTESTS++; /* increment NUMTESTS */
memset(cipher1, 0, sizeof(cipher1));
@@ -2566,70 +2624,70 @@ CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
/* C_Encrypt */
crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey);
if (crv != CKR_OK) {
- PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
cipher1Len = sizeof(cipher1);
- crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE * ) pData, dataLen,
+ crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *)pData, dataLen,
cipher1, &cipher1Len);
if (crv != CKR_OK) {
- PKM_Error( "C_Encrypt failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
/* C_EncryptUpdate */
crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey);
if (crv != CKR_OK) {
- PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
cipher2Len = sizeof(cipher2);
- crv = pFunctionList->C_EncryptUpdate (hSession, (CK_BYTE * ) pData,
- dataLen,
- cipher2, &cipher2Len);
+ crv = pFunctionList->C_EncryptUpdate(hSession, (CK_BYTE *)pData,
+ dataLen,
+ cipher2, &cipher2Len);
if (crv != CKR_OK) {
- PKM_Error( "C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
lastLen = sizeof(cipher2) - cipher2Len;
crv = pFunctionList->C_EncryptFinal(hSession,
- (CK_BYTE * )&cipher2[cipher2Len],
- &lastLen);
+ (CK_BYTE *)&cipher2[cipher2Len],
+ &lastLen);
cipher2Len = cipher2Len + lastLen;
- if ( (cipher1Len == cipher2Len) &&
- (memcmp(cipher1, cipher2, sizeof(cipher1Len)) == 0) ) {
+ if ((cipher1Len == cipher2Len) &&
+ (memcmp(cipher1, cipher2, sizeof(cipher1Len)) == 0)) {
PKM_LogIt("encrypt test case passed\n");
} else {
- PKM_Error( "encrypt test case failed\n");
+ PKM_Error("encrypt test case failed\n");
return CKR_GENERAL_ERROR;
}
/* C_Decrypt */
crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
data1Len = sizeof(data1);
crv = pFunctionList->C_Decrypt(hSession, cipher1, cipher1Len,
data1, &data1Len);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
/* now use C_DecryptUpdate the text */
crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
data2Len = sizeof(data2);
@@ -2637,40 +2695,39 @@ CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
cipher2Len,
data2, &data2Len);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
lastLen = sizeof(data2) - data2Len;
crv = pFunctionList->C_DecryptFinal(hSession,
- (CK_BYTE * )&data2[data2Len],
+ (CK_BYTE *)&data2[data2Len],
&lastLen);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
data2Len = data2Len + lastLen;
-
/* Comparison of Decrypt data */
- if ( (data1Len == data2Len) && (dataLen == data1Len) &&
- (memcmp(data1, pData, dataLen) == 0) &&
- (memcmp(data2, pData, dataLen) == 0) ) {
+ if ((data1Len == data2Len) && (dataLen == data1Len) &&
+ (memcmp(data1, pData, dataLen) == 0) &&
+ (memcmp(data2, pData, dataLen) == 0)) {
PKM_LogIt("decrypt test case passed\n");
} else {
- PKM_Error( "derypt test case failed\n");
+ PKM_Error("derypt test case failed\n");
}
return crv;
-
}
-
-CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
+CK_RV
+PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
CK_SESSION_HANDLE hSession;
CK_RV crv = CKR_OK;
CK_MECHANISM sAESKeyMech = {
@@ -2680,14 +2737,14 @@ CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
CK_KEY_TYPE keyAESType = CKK_AES;
CK_UTF8CHAR AESlabel[] = "An AES secret key object";
CK_ULONG AESvalueLen = 16;
- CK_ATTRIBUTE sAESKeyTemplate[9];
+ CK_ATTRIBUTE sAESKeyTemplate[9];
CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
CK_BYTE KEY[16];
CK_BYTE IV[16];
static const CK_BYTE CIPHERTEXT[] = {
- 0x7e,0x6a,0x3f,0x3b,0x39,0x3c,0xf2,0x4b,
- 0xce,0xcc,0x23,0x6d,0x80,0xfd,0xe0,0xff
+ 0x7e, 0x6a, 0x3f, 0x3b, 0x39, 0x3c, 0xf2, 0x4b,
+ 0xce, 0xcc, 0x23, 0x6d, 0x80, 0xfd, 0xe0, 0xff
};
CK_BYTE ciphertext[64];
CK_BYTE ciphertext2[64];
@@ -2709,45 +2766,45 @@ CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
memset(ciphertext2, 0, sizeof(ciphertext2));
memset(IV, 0x00, sizeof(IV));
memset(KEY, 0x00, sizeof(KEY));
-
- mech_AES_CBC.mechanism = CKM_AES_CBC;
- mech_AES_CBC.pParameter = IV;
+
+ mech_AES_CBC.mechanism = CKM_AES_CBC;
+ mech_AES_CBC.pParameter = IV;
mech_AES_CBC.ulParameterLen = sizeof(IV);
/* AES key template */
- sAESKeyTemplate[0].type = CKA_CLASS;
- sAESKeyTemplate[0].pValue = &class;
+ sAESKeyTemplate[0].type = CKA_CLASS;
+ sAESKeyTemplate[0].pValue = &class;
sAESKeyTemplate[0].ulValueLen = sizeof(class);
- sAESKeyTemplate[1].type = CKA_KEY_TYPE;
- sAESKeyTemplate[1].pValue = &keyAESType;
+ sAESKeyTemplate[1].type = CKA_KEY_TYPE;
+ sAESKeyTemplate[1].pValue = &keyAESType;
sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
- sAESKeyTemplate[2].type = CKA_LABEL;
- sAESKeyTemplate[2].pValue = AESlabel;
- sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel)-1;
- sAESKeyTemplate[3].type = CKA_ENCRYPT;
- sAESKeyTemplate[3].pValue = &true;
+ sAESKeyTemplate[2].type = CKA_LABEL;
+ sAESKeyTemplate[2].pValue = AESlabel;
+ sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1;
+ sAESKeyTemplate[3].type = CKA_ENCRYPT;
+ sAESKeyTemplate[3].pValue = &true;
sAESKeyTemplate[3].ulValueLen = sizeof(true);
- sAESKeyTemplate[4].type = CKA_DECRYPT;
- sAESKeyTemplate[4].pValue = &true;
+ sAESKeyTemplate[4].type = CKA_DECRYPT;
+ sAESKeyTemplate[4].pValue = &true;
sAESKeyTemplate[4].ulValueLen = sizeof(true);
- sAESKeyTemplate[5].type = CKA_SIGN;
- sAESKeyTemplate[5].pValue = &true;
- sAESKeyTemplate[5].ulValueLen = sizeof (true);
- sAESKeyTemplate[6].type = CKA_VERIFY;
- sAESKeyTemplate[6].pValue = &true;
+ sAESKeyTemplate[5].type = CKA_SIGN;
+ sAESKeyTemplate[5].pValue = &true;
+ sAESKeyTemplate[5].ulValueLen = sizeof(true);
+ sAESKeyTemplate[6].type = CKA_VERIFY;
+ sAESKeyTemplate[6].pValue = &true;
sAESKeyTemplate[6].ulValueLen = sizeof(true);
- sAESKeyTemplate[7].type = CKA_UNWRAP;
- sAESKeyTemplate[7].pValue = &true;
+ sAESKeyTemplate[7].type = CKA_UNWRAP;
+ sAESKeyTemplate[7].pValue = &true;
sAESKeyTemplate[7].ulValueLen = sizeof(true);
- sAESKeyTemplate[8].type = CKA_VALUE_LEN;
- sAESKeyTemplate[8].pValue = &AESvalueLen;
+ sAESKeyTemplate[8].type = CKA_VALUE_LEN;
+ sAESKeyTemplate[8].pValue = &AESvalueLen;
sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
NULL, NULL, &hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -2755,8 +2812,9 @@ CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_Login with correct password succeeded\n");
} else {
- PKM_Error( "C_Login with correct password failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Login with correct password failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -2769,27 +2827,27 @@ CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_GenerateKey AES succeeded\n");
} else {
- PKM_Error( "C_GenerateKey AES failed with 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_EncryptInit(hSession, &aesEcbMech, hKey);
if (crv != CKR_OK) {
- PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
wrappedKeyLen = sizeof(wrappedKey);
crv = pFunctionList->C_Encrypt(hSession, KEY, sizeof(KEY),
wrappedKey, &wrappedKeyLen);
if (crv != CKR_OK) {
- PKM_Error( "C_Encrypt failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
if (wrappedKeyLen != sizeof(wrappedKey)) {
- PKM_Error( "wrappedKeyLen is %lu\n", wrappedKeyLen);
+ PKM_Error("wrappedKeyLen is %lu\n", wrappedKeyLen);
return crv;
}
/* Import an encrypted key */
@@ -2799,93 +2857,93 @@ CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
NUM_ELEM(sAESKeyTemplate),
&hTestKey);
if (crv != CKR_OK) {
- PKM_Error( "C_UnwraPKey failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_UnwraPKey failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
/* AES Encrypt the text */
crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey);
if (crv != CKR_OK) {
- PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
ciphertextLen = sizeof(ciphertext);
- crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *) PLAINTEXT,
+ crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *)PLAINTEXT,
sizeof(PLAINTEXT),
ciphertext, &ciphertextLen);
if (crv != CKR_OK) {
- PKM_Error( "C_Encrypt failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- if ( (ciphertextLen == sizeof(CIPHERTEXT)) &&
- (memcmp(ciphertext, CIPHERTEXT, ciphertextLen) == 0)) {
+ if ((ciphertextLen == sizeof(CIPHERTEXT)) &&
+ (memcmp(ciphertext, CIPHERTEXT, ciphertextLen) == 0)) {
PKM_LogIt("AES CBCVarKey128 encrypt test case 1 passed\n");
} else {
- PKM_Error( "AES CBCVarKey128 encrypt test case 1 failed\n");
+ PKM_Error("AES CBCVarKey128 encrypt test case 1 failed\n");
return crv;
}
/* now use EncryptUpdate the text */
crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey);
if (crv != CKR_OK) {
- PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
ciphertext2Len = sizeof(ciphertext2);
- crv = pFunctionList->C_EncryptUpdate (hSession, (CK_BYTE *) PLAINTEXT,
- sizeof(PLAINTEXT),
- ciphertext2, &ciphertext2Len);
+ crv = pFunctionList->C_EncryptUpdate(hSession, (CK_BYTE *)PLAINTEXT,
+ sizeof(PLAINTEXT),
+ ciphertext2, &ciphertext2Len);
if (crv != CKR_OK) {
- PKM_Error( "C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
lastLen = sizeof(ciphertext2) - ciphertext2Len;
crv = pFunctionList->C_EncryptFinal(hSession,
- (CK_BYTE * )&ciphertext2[ciphertext2Len],
- &lastLen);
+ (CK_BYTE *)&ciphertext2[ciphertext2Len],
+ &lastLen);
ciphertext2Len = ciphertext2Len + lastLen;
- if ( (ciphertextLen == ciphertext2Len) &&
- (memcmp(ciphertext, ciphertext2, sizeof(CIPHERTEXT)) == 0) &&
- (memcmp(ciphertext2, CIPHERTEXT, sizeof(CIPHERTEXT)) == 0)) {
+ if ((ciphertextLen == ciphertext2Len) &&
+ (memcmp(ciphertext, ciphertext2, sizeof(CIPHERTEXT)) == 0) &&
+ (memcmp(ciphertext2, CIPHERTEXT, sizeof(CIPHERTEXT)) == 0)) {
PKM_LogIt("AES CBCVarKey128 encrypt test case 2 passed\n");
} else {
- PKM_Error( "AES CBCVarKey128 encrypt test case 2 failed\n");
+ PKM_Error("AES CBCVarKey128 encrypt test case 2 failed\n");
return CKR_GENERAL_ERROR;
}
/* AES CBC Decrypt the text */
crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
plaintextLen = sizeof(plaintext);
crv = pFunctionList->C_Decrypt(hSession, ciphertext, ciphertextLen,
plaintext, &plaintextLen);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- if ((plaintextLen == sizeof(PLAINTEXT))
- && (memcmp(plaintext, PLAINTEXT, plaintextLen) == 0)) {
+ if ((plaintextLen == sizeof(PLAINTEXT)) &&
+ (memcmp(plaintext, PLAINTEXT, plaintextLen) == 0)) {
PKM_LogIt("AES CBCVarKey128 decrypt test case 1 passed\n");
} else {
- PKM_Error( "AES CBCVarKey128 derypt test case 1 failed\n");
+ PKM_Error("AES CBCVarKey128 derypt test case 1 failed\n");
}
/* now use DecryptUpdate the text */
crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
plaintext2Len = sizeof(plaintext2);
@@ -2893,22 +2951,22 @@ CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
ciphertext2Len,
plaintext2, &plaintext2Len);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
lastLen = sizeof(plaintext2) - plaintext2Len;
crv = pFunctionList->C_DecryptFinal(hSession,
- (CK_BYTE * )&plaintext2[plaintext2Len],
- &lastLen);
+ (CK_BYTE *)&plaintext2[plaintext2Len],
+ &lastLen);
plaintext2Len = plaintext2Len + lastLen;
- if ( (plaintextLen == plaintext2Len) &&
- (memcmp(plaintext, plaintext2, plaintext2Len) == 0) &&
- (memcmp(plaintext2, PLAINTEXT, sizeof(PLAINTEXT)) == 0)) {
+ if ((plaintextLen == plaintext2Len) &&
+ (memcmp(plaintext, plaintext2, plaintext2Len) == 0) &&
+ (memcmp(plaintext2, PLAINTEXT, sizeof(PLAINTEXT)) == 0)) {
PKM_LogIt("AES CBCVarKey128 decrypt test case 2 passed\n");
} else {
- PKM_Error( "AES CBCVarKey128 decrypt test case 2 failed\n");
+ PKM_Error("AES CBCVarKey128 decrypt test case 2 failed\n");
return CKR_GENERAL_ERROR;
}
@@ -2916,69 +2974,69 @@ CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_Logout succeeded\n");
} else {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseSession(hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
-
return crv;
-
}
-CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SESSION_HANDLE hRwSession,
- CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
- CK_MECHANISM *signMech, const CK_BYTE * pData,
- CK_ULONG pDataLen) {
+CK_RV
+PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SESSION_HANDLE hRwSession,
+ CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
+ CK_MECHANISM *signMech, const CK_BYTE *pData,
+ CK_ULONG pDataLen)
+{
CK_RV crv = CKR_OK;
CK_BYTE sig[MAX_SIG_SZ];
- CK_ULONG sigLen = 0 ;
-
+ CK_ULONG sigLen = 0;
+
NUMTESTS++; /* increment NUMTESTS */
memset(sig, 0, sizeof(sig));
/* C_Sign */
crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey);
if (crv != CKR_OK) {
- PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
sigLen = sizeof(sig);
- crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE * ) pData, pDataLen,
+ crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE *)pData, pDataLen,
sig, &sigLen);
if (crv != CKR_OK) {
- PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
/* C_Verify the signature */
crv = pFunctionList->C_VerifyInit(hRwSession, signMech, hPubKey);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- crv = pFunctionList->C_Verify(hRwSession, (CK_BYTE * ) pData, pDataLen,
+ crv = pFunctionList->C_Verify(hRwSession, (CK_BYTE *)pData, pDataLen,
sig, sigLen);
if (crv == CKR_OK) {
PKM_LogIt("C_Verify succeeded\n");
} else {
- PKM_Error( "C_Verify failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- /* Check that the mechanism is Multi-part */
- if (signMech->mechanism == CKM_DSA ||
+ /* Check that the mechanism is Multi-part */
+ if (signMech->mechanism == CKM_DSA ||
signMech->mechanism == CKM_RSA_PKCS) {
return crv;
}
@@ -2987,22 +3045,22 @@ CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
/* SignUpdate */
crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey);
if (crv != CKR_OK) {
- PKM_Error( "C_SignInit failed with 0x%08lX %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SignInit failed with 0x%08lX %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- crv = pFunctionList->C_SignUpdate(hRwSession, (CK_BYTE * ) pData, pDataLen);
+ crv = pFunctionList->C_SignUpdate(hRwSession, (CK_BYTE *)pData, pDataLen);
if (crv != CKR_OK) {
- PKM_Error( "C_Sign failed with 0x%08lX %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Sign failed with 0x%08lX %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
sigLen = sizeof(sig);
crv = pFunctionList->C_SignFinal(hRwSession, sig, &sigLen);
if (crv != CKR_OK) {
- PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -3010,50 +3068,51 @@ CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_VerifyInit(hRwSession, signMech,
hPubKey);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- crv = pFunctionList->C_VerifyUpdate(hRwSession, (CK_BYTE * ) pData,
+ crv = pFunctionList->C_VerifyUpdate(hRwSession, (CK_BYTE *)pData,
pDataLen);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_VerifyFinal(hRwSession, sig, sigLen);
if (crv == CKR_OK) {
PKM_LogIt("C_VerifyFinal succeeded\n");
} else {
- PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
return crv;
-
}
-CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList,
- CK_ULONG slotID, CK_UTF8CHAR_PTR pwd,
- CK_ULONG pwdLen){
+CK_RV
+PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList,
+ CK_ULONG slotID, CK_UTF8CHAR_PTR pwd,
+ CK_ULONG pwdLen)
+{
CK_SESSION_HANDLE hSession;
CK_RV crv = CKR_OK;
-/*** DSA Key ***/
+ /*** DSA Key ***/
CK_MECHANISM dsaParamGenMech;
CK_ULONG primeBits = 1024;
- CK_ATTRIBUTE dsaParamGenTemplate[1];
+ CK_ATTRIBUTE dsaParamGenTemplate[1];
CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE;
CK_BYTE DSA_P[128];
CK_BYTE DSA_Q[20];
CK_BYTE DSA_G[128];
CK_MECHANISM dsaKeyPairGenMech;
- CK_ATTRIBUTE dsaPubKeyTemplate[5];
- CK_ATTRIBUTE dsaPrivKeyTemplate[5];
+ CK_ATTRIBUTE dsaPubKeyTemplate[5];
+ CK_ATTRIBUTE dsaPrivKeyTemplate[5];
CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;
-
+
/* From SHA1ShortMsg.req, Len = 136 */
CK_BYTE MSG[] = {
0xba, 0x33, 0x95, 0xfb,
@@ -3087,52 +3146,52 @@ CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
NUMTESTS++; /* increment NUMTESTS */
/* DSA key init */
- dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN;
- dsaParamGenMech.pParameter = NULL_PTR;
+ dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN;
+ dsaParamGenMech.pParameter = NULL_PTR;
dsaParamGenMech.ulParameterLen = 0;
- dsaParamGenTemplate[0].type = CKA_PRIME_BITS;
- dsaParamGenTemplate[0].pValue = &primeBits;
+ dsaParamGenTemplate[0].type = CKA_PRIME_BITS;
+ dsaParamGenTemplate[0].pValue = &primeBits;
dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits);
- dsaPubKeyTemplate[0].type = CKA_PRIME;
- dsaPubKeyTemplate[0].pValue = DSA_P;
+ dsaPubKeyTemplate[0].type = CKA_PRIME;
+ dsaPubKeyTemplate[0].pValue = DSA_P;
dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P);
- dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
+ dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
dsaPubKeyTemplate[1].pValue = DSA_Q;
dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q);
- dsaPubKeyTemplate[2].type = CKA_BASE;
- dsaPubKeyTemplate[2].pValue = DSA_G;
+ dsaPubKeyTemplate[2].type = CKA_BASE;
+ dsaPubKeyTemplate[2].pValue = DSA_G;
dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G);
- dsaPubKeyTemplate[3].type = CKA_TOKEN;
- dsaPubKeyTemplate[3].pValue = &true;
+ dsaPubKeyTemplate[3].type = CKA_TOKEN;
+ dsaPubKeyTemplate[3].pValue = &true;
dsaPubKeyTemplate[3].ulValueLen = sizeof(true);
- dsaPubKeyTemplate[4].type = CKA_VERIFY;
- dsaPubKeyTemplate[4].pValue = &true;
+ dsaPubKeyTemplate[4].type = CKA_VERIFY;
+ dsaPubKeyTemplate[4].pValue = &true;
dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
- dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
+ dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
dsaKeyPairGenMech.pParameter = NULL_PTR;
dsaKeyPairGenMech.ulParameterLen = 0;
- dsaPrivKeyTemplate[0].type = CKA_TOKEN;
- dsaPrivKeyTemplate[0].pValue = &true;
+ dsaPrivKeyTemplate[0].type = CKA_TOKEN;
+ dsaPrivKeyTemplate[0].pValue = &true;
dsaPrivKeyTemplate[0].ulValueLen = sizeof(true);
- dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
- dsaPrivKeyTemplate[1].pValue = &true;
+ dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
+ dsaPrivKeyTemplate[1].pValue = &true;
dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
- dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
- dsaPrivKeyTemplate[2].pValue = &true;
+ dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
+ dsaPrivKeyTemplate[2].pValue = &true;
dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
- dsaPrivKeyTemplate[3].type = CKA_SIGN,
- dsaPrivKeyTemplate[3].pValue = &true;
+ dsaPrivKeyTemplate[3].type = CKA_SIGN,
+ dsaPrivKeyTemplate[3].pValue = &true;
dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
- dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
- dsaPrivKeyTemplate[4].pValue = &true;
+ dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
+ dsaPrivKeyTemplate[4].pValue = &true;
dsaPrivKeyTemplate[4].ulValueLen = sizeof(true);
crv = pFunctionList->C_OpenSession(pSlotList[slotID],
CKF_RW_SESSION | CKF_SERIAL_SESSION,
NULL, NULL, &hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -3140,8 +3199,9 @@ CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_Login with correct password succeeded\n");
} else {
- PKM_Error( "C_Login with correct password failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Login with correct password failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -3154,8 +3214,9 @@ CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("DSA domain parameter generation succeeded\n");
} else {
- PKM_Error( "DSA domain parameter generation failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("DSA domain parameter generation failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_GetAttributeValue(hSession, hDsaParams,
@@ -3163,19 +3224,21 @@ CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("Getting DSA domain parameters succeeded\n");
} else {
- PKM_Error( "Getting DSA domain parameters failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("Getting DSA domain parameters failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_DestroyObject(hSession, hDsaParams);
if (crv == CKR_OK) {
PKM_LogIt("Destroying DSA domain parameters succeeded\n");
} else {
- PKM_Error( "Destroying DSA domain parameters failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("Destroying DSA domain parameters failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
-
+
PKM_LogIt("Generate a DSA key pair ... \n");
/* Generate a persistent DSA key pair */
crv = pFunctionList->C_GenerateKeyPair(hSession, &dsaKeyPairGenMech,
@@ -3187,79 +3250,82 @@ CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("DSA key pair generation succeeded\n");
} else {
- PKM_Error( "DSA key pair generation failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("DSA key pair generation failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
/* Compute SHA-1 digest */
crv = pFunctionList->C_DigestInit(hSession, &sha1Mech);
if (crv != CKR_OK) {
- PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
sha1DigestLen = sizeof(sha1Digest);
crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG),
sha1Digest, &sha1DigestLen);
if (crv != CKR_OK) {
- PKM_Error( "C_Digest failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
if (sha1DigestLen != sizeof(sha1Digest)) {
- PKM_Error( "sha1DigestLen is %lu\n", sha1DigestLen);
+ PKM_Error("sha1DigestLen is %lu\n", sha1DigestLen);
return crv;
}
if (memcmp(sha1Digest, MD, sizeof(MD)) == 0) {
PKM_LogIt("SHA-1 SHA1ShortMsg test case Len = 136 passed\n");
} else {
- PKM_Error( "SHA-1 SHA1ShortMsg test case Len = 136 failed\n");
+ PKM_Error("SHA-1 SHA1ShortMsg test case Len = 136 failed\n");
}
crv = PKM_PubKeySign(pFunctionList, hSession,
- hDSApubKey, hDSAprivKey,
- &dsaMech, sha1Digest, sizeof(sha1Digest));
+ hDSApubKey, hDSAprivKey,
+ &dsaMech, sha1Digest, sizeof(sha1Digest));
if (crv == CKR_OK) {
PKM_LogIt("PKM_PubKeySign CKM_DSA succeeded \n");
} else {
- PKM_Error( "PKM_PubKeySign failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_PubKeySign failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = PKM_PubKeySign(pFunctionList, hSession,
- hDSApubKey, hDSAprivKey,
- &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
+ hDSApubKey, hDSAprivKey,
+ &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
if (crv == CKR_OK) {
PKM_LogIt("PKM_PubKeySign CKM_DSA_SHA1 succeeded \n");
} else {
- PKM_Error( "PKM_PubKeySign failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_PubKeySign failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
/* Sign with DSA */
crv = pFunctionList->C_SignInit(hSession, &dsaMech, hDSAprivKey);
if (crv != CKR_OK) {
- PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
dsaSigLen = sizeof(dsaSig);
crv = pFunctionList->C_Sign(hSession, sha1Digest, sha1DigestLen,
dsaSig, &dsaSigLen);
if (crv != CKR_OK) {
- PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
/* Verify the DSA signature */
crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen,
@@ -3267,8 +3333,8 @@ CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_Verify succeeded\n");
} else {
- PKM_Error( "C_Verify failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -3276,28 +3342,28 @@ CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech,
hDSApubKey);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- crv = pFunctionList->C_VerifyUpdate(hSession, MSG+1, sizeof(MSG)-1);
+ crv = pFunctionList->C_VerifyUpdate(hSession, MSG + 1, sizeof(MSG) - 1);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen);
if (crv == CKR_OK) {
PKM_LogIt("C_VerifyFinal succeeded\n");
} else {
- PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -3305,28 +3371,28 @@ CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech,
hDSApubKey);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
- crv = pFunctionList->C_VerifyUpdate(hSession, MSG+1, sizeof(MSG)-1);
+ crv = pFunctionList->C_VerifyUpdate(hSession, MSG + 1, sizeof(MSG) - 1);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen);
if (crv == CKR_OK) {
PKM_LogIt("C_VerifyFinal of multi update succeeded.\n");
} else {
- PKM_Error("C_VerifyFinal of multi update failed with 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyFinal of multi update failed with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
/* Now modify the data */
@@ -3334,57 +3400,59 @@ CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
/* Compute SHA-1 digest */
crv = pFunctionList->C_DigestInit(hSession, &sha1Mech);
if (crv != CKR_OK) {
- PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
sha1DigestLen = sizeof(sha1Digest);
crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG),
sha1Digest, &sha1DigestLen);
if (crv != CKR_OK) {
- PKM_Error( "C_Digest failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen,
dsaSig, dsaSigLen);
if (crv != CKR_SIGNATURE_INVALID) {
- PKM_Error( "C_Verify of modified data succeeded\n");
+ PKM_Error("C_Verify of modified data succeeded\n");
return crv;
} else {
PKM_LogIt("C_Verify of modified data returned as EXPECTED "
- " with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ " with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
}
crv = pFunctionList->C_Logout(hSession);
if (crv == CKR_OK) {
PKM_LogIt("C_Logout succeeded\n");
} else {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseSession(hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
return crv;
-
}
-CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
- const CK_BYTE * pData, CK_ULONG pDataLen) {
+CK_RV
+PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
+ const CK_BYTE *pData, CK_ULONG pDataLen)
+{
CK_RV crv = CKR_OK;
@@ -3395,27 +3463,27 @@ CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
memset(hmac1, 0, sizeof(hmac1));
memset(hmac2, 0, sizeof(hmac2));
-
+
NUMTESTS++; /* increment NUMTESTS */
crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey);
if (crv == CKR_OK) {
PKM_LogIt("C_SignInit succeeded\n");
} else {
- PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
hmac1Len = sizeof(hmac1);
- crv = pFunctionList->C_Sign(hSession, (CK_BYTE * )pData,
+ crv = pFunctionList->C_Sign(hSession, (CK_BYTE *)pData,
pDataLen,
- (CK_BYTE * )hmac1, &hmac1Len);
+ (CK_BYTE *)hmac1, &hmac1Len);
if (crv == CKR_OK) {
PKM_LogIt("C_Sign succeeded\n");
} else {
- PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -3423,82 +3491,84 @@ CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
if (crv == CKR_OK) {
PKM_LogIt("C_SignInit succeeded\n");
} else {
- PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- crv = pFunctionList->C_SignUpdate(hSession, (CK_BYTE * )pData,
+ crv = pFunctionList->C_SignUpdate(hSession, (CK_BYTE *)pData,
pDataLen);
if (crv == CKR_OK) {
PKM_LogIt("C_SignUpdate succeeded\n");
} else {
- PKM_Error( "C_SignUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SignUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
hmac2Len = sizeof(hmac2);
- crv = pFunctionList->C_SignFinal(hSession, (CK_BYTE * )hmac2, &hmac2Len);
+ crv = pFunctionList->C_SignFinal(hSession, (CK_BYTE *)hmac2, &hmac2Len);
if (crv == CKR_OK) {
PKM_LogIt("C_SignFinal succeeded\n");
} else {
- PKM_Error( "C_SignFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SignFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- if ((hmac1Len == hmac2Len) && (memcmp(hmac1, hmac2, hmac1Len) == 0) ) {
+ if ((hmac1Len == hmac2Len) && (memcmp(hmac1, hmac2, hmac1Len) == 0)) {
PKM_LogIt("hmacs are equal!\n");
} else {
PKM_Error("hmacs are not equal!\n");
}
crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- crv = pFunctionList->C_Verify(hSession, (CK_BYTE * )pData,
+ crv = pFunctionList->C_Verify(hSession, (CK_BYTE *)pData,
pDataLen,
- (CK_BYTE * ) hmac2, hmac2Len);
+ (CK_BYTE *)hmac2, hmac2Len);
if (crv == CKR_OK) {
PKM_LogIt("C_Verify of hmac succeeded\n");
} else {
- PKM_Error( "C_Verify failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- crv = pFunctionList->C_VerifyUpdate(hSession, (CK_BYTE * )pData,
- pDataLen);
+ crv = pFunctionList->C_VerifyUpdate(hSession, (CK_BYTE *)pData,
+ pDataLen);
if (crv == CKR_OK) {
PKM_LogIt("C_VerifyUpdate of hmac succeeded\n");
} else {
- PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- crv = pFunctionList->C_VerifyFinal(hSession, (CK_BYTE * ) hmac1,
+ crv = pFunctionList->C_VerifyFinal(hSession, (CK_BYTE *)hmac1,
hmac1Len);
if (crv == CKR_OK) {
PKM_LogIt("C_VerifyFinal of hmac succeeded\n");
} else {
- PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
return crv;
}
-CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
+CK_RV
+PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
CK_RV crv = CKR_OK;
CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
@@ -3507,69 +3577,78 @@ CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
CK_ULONG tnObjects = 0;
int curMode;
unsigned int i;
- unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute);
+ unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute);
NUMTESTS++; /* increment NUMTESTS */
crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
NULL, NULL, &h);
- if ( CKR_OK != crv ) {
+ if (CKR_OK != crv) {
PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
- "returned 0x%08X, %-26s\n", pSlotList[slotID], crv,
+ "returned 0x%08X, %-26s\n",
+ pSlotList[slotID], crv,
PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt( " Opened a session: handle = 0x%08x\n", h);
+ PKM_LogIt(" Opened a session: handle = 0x%08x\n", h);
(void)memset(&sinfo, 0, sizeof(CK_SESSION_INFO));
crv = pFunctionList->C_GetSessionInfo(h, &sinfo);
- if ( CKR_OK != crv ) {
- PKM_LogIt( "C_GetSessionInfo(%lu, ) returned 0x%08X, %-26s\n", h, crv,
- PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_LogIt("C_GetSessionInfo(%lu, ) returned 0x%08X, %-26s\n", h, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt( " SESSION INFO:\n");
- PKM_LogIt( " slotID = %lu\n", sinfo.slotID);
- PKM_LogIt( " state = %lu\n", sinfo.state);
- PKM_LogIt( " flags = 0x%08x\n", sinfo.flags);
+ PKM_LogIt(" SESSION INFO:\n");
+ PKM_LogIt(" slotID = %lu\n", sinfo.slotID);
+ PKM_LogIt(" state = %lu\n", sinfo.state);
+ PKM_LogIt(" flags = 0x%08x\n", sinfo.flags);
#ifdef CKF_EXCLUSIVE_SESSION
- PKM_LogIt( " -> EXCLUSIVE SESSION = %s\n", sinfo.flags &
- CKF_EXCLUSIVE_SESSION ? "TRUE" : "FALSE");
+ PKM_LogIt(" -> EXCLUSIVE SESSION = %s\n", sinfo.flags &
+ CKF_EXCLUSIVE_SESSION
+ ? "TRUE"
+ : "FALSE");
#endif /* CKF_EXCLUSIVE_SESSION */
- PKM_LogIt( " -> RW SESSION = %s\n", sinfo.flags &
- CKF_RW_SESSION ? "TRUE" : "FALSE");
- PKM_LogIt( " -> SERIAL SESSION = %s\n", sinfo.flags &
- CKF_SERIAL_SESSION ? "TRUE" : "FALSE");
+ PKM_LogIt(" -> RW SESSION = %s\n", sinfo.flags &
+ CKF_RW_SESSION
+ ? "TRUE"
+ : "FALSE");
+ PKM_LogIt(" -> SERIAL SESSION = %s\n", sinfo.flags &
+ CKF_SERIAL_SESSION
+ ? "TRUE"
+ : "FALSE");
#ifdef CKF_INSERTION_CALLBACK
- PKM_LogIt( " -> INSERTION CALLBACK = %s\n", sinfo.flags &
- CKF_INSERTION_CALLBACK ? "TRUE" : "FALSE");
+ PKM_LogIt(" -> INSERTION CALLBACK = %s\n", sinfo.flags &
+ CKF_INSERTION_CALLBACK
+ ? "TRUE"
+ : "FALSE");
#endif /* CKF_INSERTION_CALLBACK */
- PKM_LogIt( " ulDeviceError = %lu\n", sinfo.ulDeviceError);
- PKM_LogIt( "\n");
+ PKM_LogIt(" ulDeviceError = %lu\n", sinfo.ulDeviceError);
+ PKM_LogIt("\n");
crv = pFunctionList->C_FindObjectsInit(h, NULL, 0);
- if ( CKR_OK != crv ) {
- PKM_LogIt( "C_FindObjectsInit(%lu, NULL, 0) returned "
- "0x%08X, %-26s\n",
- h, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_LogIt("C_FindObjectsInit(%lu, NULL, 0) returned "
+ "0x%08X, %-26s\n",
+ h, crv, PKM_CK_RVtoStr(crv));
return crv;
}
pTemplate = (CK_ATTRIBUTE_PTR)calloc(number_of_all_known_attribute_types,
sizeof(CK_ATTRIBUTE));
- if ( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) {
- PKM_Error( "[pTemplate memory allocation of %lu bytes failed]\n",
- number_of_all_known_attribute_types *
- sizeof(CK_ATTRIBUTE));
+ if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) {
+ PKM_Error("[pTemplate memory allocation of %lu bytes failed]\n",
+ number_of_all_known_attribute_types *
+ sizeof(CK_ATTRIBUTE));
return crv;
}
- PKM_LogIt( " All objects:\n");
+ PKM_LogIt(" All objects:\n");
/* Printing table set to NOMODE */
curMode = MODE;
- MODE = NOMODE;
+ MODE = NOMODE;
while (1) {
CK_OBJECT_HANDLE o = (CK_OBJECT_HANDLE)0;
@@ -3578,29 +3657,29 @@ CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
CK_ULONG nAttributes = 0;
CK_ATTRIBUTE_PTR pT2;
CK_ULONG l;
- const char * attName = NULL;
+ const char *attName = NULL;
crv = pFunctionList->C_FindObjects(h, &o, 1, &nObjects);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_FindObjects(%lu, , 1, ) returned 0x%08X, %-26s\n",
- h, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_FindObjects(%lu, , 1, ) returned 0x%08X, %-26s\n",
+ h, crv, PKM_CK_RVtoStr(crv));
return crv;
}
- if ( 0 == nObjects ) {
- PKM_LogIt( "\n");
+ if (0 == nObjects) {
+ PKM_LogIt("\n");
break;
}
tnObjects++;
- PKM_LogIt( " OBJECT HANDLE %lu:\n", o);
+ PKM_LogIt(" OBJECT HANDLE %lu:\n", o);
k = 0;
- for (i=0; i < constCount; i++) {
+ for (i = 0; i < constCount; i++) {
if (consts[i].type == ConstAttribute) {
pTemplate[k].type = consts[i].value;
- pTemplate[k].pValue = (CK_VOID_PTR) NULL;
+ pTemplate[k].pValue = (CK_VOID_PTR)NULL;
pTemplate[k].ulValueLen = 0;
k++;
}
@@ -3608,123 +3687,125 @@ CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
}
crv = pFunctionList->C_GetAttributeValue(h, o, pTemplate,
- number_of_all_known_attribute_types);
- switch ( crv ) {
- case CKR_OK:
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_BUFFER_TOO_SMALL:
- break;
- default:
- PKM_Error( "C_GetAtributeValue(%lu, %lu, {all attribute types},"
- "%lu) returned 0x%08X, %-26s\n",
- h, o, number_of_all_known_attribute_types, crv,
- PKM_CK_RVtoStr(crv));
- return crv;
+ number_of_all_known_attribute_types);
+ switch (crv) {
+ case CKR_OK:
+ case CKR_ATTRIBUTE_SENSITIVE:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_BUFFER_TOO_SMALL:
+ break;
+ default:
+ PKM_Error("C_GetAtributeValue(%lu, %lu, {all attribute types},"
+ "%lu) returned 0x%08X, %-26s\n",
+ h, o, number_of_all_known_attribute_types, crv,
+ PKM_CK_RVtoStr(crv));
+ return crv;
}
- for ( k = 0; k < (CK_ULONG) number_of_all_known_attribute_types; k++) {
- if ( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
+ for (k = 0; k < (CK_ULONG)number_of_all_known_attribute_types; k++) {
+ if (-1 != (CK_LONG)pTemplate[k].ulValueLen) {
nAttributes++;
}
}
-
- PKM_LogIt( " %lu attributes:\n", nAttributes);
- for ( k = 0; k < (CK_ULONG) number_of_all_known_attribute_types;
- k++ ) {
- if ( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
+
+ PKM_LogIt(" %lu attributes:\n", nAttributes);
+ for (k = 0; k < (CK_ULONG)number_of_all_known_attribute_types;
+ k++) {
+ if (-1 != (CK_LONG)pTemplate[k].ulValueLen) {
attName = getNameFromAttribute(pTemplate[k].type);
if (!attName) {
PKM_Error("Unable to find attribute name update pk11table.c\n");
}
- PKM_LogIt( " %s 0x%08x (len = %lu)\n",
+ PKM_LogIt(" %s 0x%08x (len = %lu)\n",
attName,
pTemplate[k].type,
pTemplate[k].ulValueLen);
}
}
- PKM_LogIt( "\n");
-
+ PKM_LogIt("\n");
+
pT2 = (CK_ATTRIBUTE_PTR)calloc(nAttributes, sizeof(CK_ATTRIBUTE));
- if ( (CK_ATTRIBUTE_PTR)NULL == pT2 ) {
- PKM_Error( "[pT2 memory allocation of %lu bytes failed]\n",
- nAttributes * sizeof(CK_ATTRIBUTE));
+ if ((CK_ATTRIBUTE_PTR)NULL == pT2) {
+ PKM_Error("[pT2 memory allocation of %lu bytes failed]\n",
+ nAttributes * sizeof(CK_ATTRIBUTE));
return crv;
}
/* allocate memory for the attribute values */
- for ( l = 0, k = 0; k < (CK_ULONG) number_of_all_known_attribute_types;
- k++ ) {
- if ( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
+ for (l = 0, k = 0; k < (CK_ULONG)number_of_all_known_attribute_types;
+ k++) {
+ if (-1 != (CK_LONG)pTemplate[k].ulValueLen) {
pT2[l].type = pTemplate[k].type;
pT2[l].ulValueLen = pTemplate[k].ulValueLen;
if (pT2[l].ulValueLen > 0) {
pT2[l].pValue = (CK_VOID_PTR)malloc(pT2[l].ulValueLen);
- if ( (CK_VOID_PTR)NULL == pT2[l].pValue ) {
- PKM_Error( "pValue memory allocation of %lu bytes failed]\n",
+ if ((CK_VOID_PTR)NULL == pT2[l].pValue) {
+ PKM_Error("pValue memory allocation of %lu bytes failed]\n",
pT2[l].ulValueLen);
return crv;
}
- } else pT2[l].pValue = (CK_VOID_PTR) NULL;
+ } else
+ pT2[l].pValue = (CK_VOID_PTR)NULL;
l++;
}
}
- assert( l == nAttributes );
+ assert(l == nAttributes);
crv = pFunctionList->C_GetAttributeValue(h, o, pT2, nAttributes);
- switch ( crv ) {
- case CKR_OK:
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_BUFFER_TOO_SMALL:
- break;
- default:
- PKM_Error( "C_GetAtributeValue(%lu, %lu, {existent attribute"
- " types}, %lu) returned 0x%08X, %-26s\n",
- h, o, nAttributes, crv, PKM_CK_RVtoStr(crv));
- return crv;
+ switch (crv) {
+ case CKR_OK:
+ case CKR_ATTRIBUTE_SENSITIVE:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_BUFFER_TOO_SMALL:
+ break;
+ default:
+ PKM_Error("C_GetAtributeValue(%lu, %lu, {existent attribute"
+ " types}, %lu) returned 0x%08X, %-26s\n",
+ h, o, nAttributes, crv, PKM_CK_RVtoStr(crv));
+ return crv;
}
- for ( l = 0; l < nAttributes; l++ ) {
+ for (l = 0; l < nAttributes; l++) {
attName = getNameFromAttribute(pT2[l].type);
- if (!attName) attName = "unknown attribute";
- PKM_LogIt( " type = %s len = %ld",
- attName, (CK_LONG)pT2[l].ulValueLen);
+ if (!attName)
+ attName = "unknown attribute";
+ PKM_LogIt(" type = %s len = %ld",
+ attName, (CK_LONG)pT2[l].ulValueLen);
- if ( -1 == (CK_LONG)pT2[l].ulValueLen ) {
+ if (-1 == (CK_LONG)pT2[l].ulValueLen) {
;
} else {
CK_ULONG m;
- if ( pT2[l].ulValueLen <= 8 ) {
- PKM_LogIt( ", value = ");
+ if (pT2[l].ulValueLen <= 8) {
+ PKM_LogIt(", value = ");
} else {
- PKM_LogIt( ", value = \n ");
+ PKM_LogIt(", value = \n ");
}
- for ( m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++ ) {
- PKM_LogIt( "%02x", (CK_ULONG)(0xff &
- ((CK_CHAR_PTR)pT2[l].pValue)[m]));
+ for (m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++) {
+ PKM_LogIt("%02x", (CK_ULONG)(0xff &
+ ((CK_CHAR_PTR)pT2[l].pValue)[m]));
}
- PKM_LogIt( " ");
+ PKM_LogIt(" ");
- for ( m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++ ) {
+ for (m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++) {
CK_CHAR c = ((CK_CHAR_PTR)pT2[l].pValue)[m];
- if ( (c < 0x20) || (c >= 0x7f) ) {
+ if ((c < 0x20) || (c >= 0x7f)) {
c = '.';
}
- PKM_LogIt( "%c", c);
+ PKM_LogIt("%c", c);
}
}
- PKM_LogIt( "\n");
+ PKM_LogIt("\n");
}
- PKM_LogIt( "\n");
+ PKM_LogIt("\n");
- for ( l = 0; l < nAttributes; l++ ) {
+ for (l = 0; l < nAttributes; l++) {
if (pT2[l].pValue) {
free(pT2[l].pValue);
}
@@ -3733,29 +3814,31 @@ CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
} /* while(1) */
MODE = curMode; /* reset the logging MODE */
-
+
crv = pFunctionList->C_FindObjectsFinal(h);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h, crv,
- PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt( " (%lu objects total)\n", tnObjects);
+ PKM_LogIt(" (%lu objects total)\n", tnObjects);
crv = pFunctionList->C_CloseSession(h);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_CloseSession(%lu) returned 0x%08X, %-26s\n", h, crv,
- PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_CloseSession(%lu) returned 0x%08X, %-26s\n", h, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
return crv;
}
/* session to create, find, and delete a couple session objects */
-CK_RV PKM_MultiObjectManagement (CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
+CK_RV
+PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
CK_RV crv = CKR_OK;
@@ -3764,47 +3847,47 @@ CK_RV PKM_MultiObjectManagement (CK_FUNCTION_LIST_PTR pFunctionList,
CK_ATTRIBUTE one[7], two[7], three[7], delta[1], mask[1];
CK_OBJECT_CLASS cko_data = CKO_DATA;
char *key = "TEST PROGRAM";
- CK_ULONG key_len = 0;
+ CK_ULONG key_len = 0;
CK_OBJECT_HANDLE hOneIn = (CK_OBJECT_HANDLE)0;
CK_OBJECT_HANDLE hTwoIn = (CK_OBJECT_HANDLE)0;
CK_OBJECT_HANDLE hThreeIn = (CK_OBJECT_HANDLE)0;
CK_OBJECT_HANDLE hDeltaIn = (CK_OBJECT_HANDLE)0;
CK_OBJECT_HANDLE found[10];
CK_ULONG nFound;
- CK_ULONG hDeltaLen, hThreeLen = 0;
+ CK_ULONG hDeltaLen, hThreeLen = 0;
CK_TOKEN_INFO tinfo;
-
+
NUMTESTS++; /* increment NUMTESTS */
key_len = sizeof(key);
crv = pFunctionList->C_OpenSession(pSlotList[slotID],
CKF_SERIAL_SESSION, NULL, NULL, &h);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
- "returned 0x%08X, %-26s\n", pSlotList[slotID], crv,
- PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
+ "returned 0x%08X, %-26s\n",
+ pSlotList[slotID], crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_Login(h, CKU_USER, pwd, pwdLen);
if (crv == CKR_OK) {
PKM_LogIt("C_Login with correct password succeeded\n");
} else {
- PKM_Error( "C_Login with correct password failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Login with correct password failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
-
(void)memset(&tinfo, 0, sizeof(CK_TOKEN_INFO));
crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tinfo);
- if ( CKR_OK != crv ) {
+ if (CKR_OK != crv) {
PKM_Error("C_GetTokenInfo(%lu, ) returned 0x%08X, %-26s\n",
pSlotList[slotID], crv, PKM_CK_RVtoStr(crv));
return crv;
}
-
- PKM_LogIt( " Opened a session: handle = 0x%08x\n", h);
+ PKM_LogIt(" Opened a session: handle = 0x%08x\n", h);
one[0].type = CKA_CLASS;
one[0].pValue = &cko_data;
@@ -3873,27 +3956,27 @@ CK_RV PKM_MultiObjectManagement (CK_FUNCTION_LIST_PTR pFunctionList,
three[6].ulValueLen = strlen(three[6].pValue);
crv = pFunctionList->C_CreateObject(h, one, 7, &hOneIn);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_CreateObject(%lu, one, 7, ) returned 0x%08X, %-26s\n",
- h, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_CreateObject(%lu, one, 7, ) returned 0x%08X, %-26s\n",
+ h, crv, PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt( " Created object one: handle = %lu\n", hOneIn);
+ PKM_LogIt(" Created object one: handle = %lu\n", hOneIn);
crv = pFunctionList->C_CreateObject(h, two, 7, &hTwoIn);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_CreateObject(%lu, two, 7, ) returned 0x%08X, %-26s\n",
- h, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_CreateObject(%lu, two, 7, ) returned 0x%08X, %-26s\n",
+ h, crv, PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt( " Created object two: handle = %lu\n", hTwoIn);
+ PKM_LogIt(" Created object two: handle = %lu\n", hTwoIn);
crv = pFunctionList->C_CreateObject(h, three, 7, &hThreeIn);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_CreateObject(%lu, three, 7, ) returned 0x%08x\n",
- h, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_CreateObject(%lu, three, 7, ) returned 0x%08x\n",
+ h, crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_GetObjectSize(h, hThreeIn, &hThreeLen);
@@ -3901,21 +3984,22 @@ CK_RV PKM_MultiObjectManagement (CK_FUNCTION_LIST_PTR pFunctionList,
PKM_LogIt("C_GetObjectSize succeeded\n");
} else {
PKM_Error("C_GetObjectSize failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt( " Created object three: handle = %lu\n", hThreeIn);
+ PKM_LogIt(" Created object three: handle = %lu\n", hThreeIn);
delta[0].type = CKA_VALUE;
delta[0].pValue = "Copied object";
delta[0].ulValueLen = strlen(delta[0].pValue);
crv = pFunctionList->C_CopyObject(h, hThreeIn, delta, 1, &hDeltaIn);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_CopyObject(%lu, %lu, delta, 1, ) returned "
- "0x%08X, %-26s\n",
- h, hThreeIn, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_CopyObject(%lu, %lu, delta, 1, ) returned "
+ "0x%08X, %-26s\n",
+ h, hThreeIn, crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_GetObjectSize(h, hDeltaIn, &hDeltaLen);
@@ -3923,7 +4007,8 @@ CK_RV PKM_MultiObjectManagement (CK_FUNCTION_LIST_PTR pFunctionList,
PKM_LogIt("C_GetObjectSize succeeded\n");
} else {
PKM_Error("C_GetObjectSize failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -3934,132 +4019,135 @@ CK_RV PKM_MultiObjectManagement (CK_FUNCTION_LIST_PTR pFunctionList,
return CKR_DEVICE_ERROR;
}
- PKM_LogIt( " Copied object three: new handle = %lu\n", hDeltaIn);
+ PKM_LogIt(" Copied object three: new handle = %lu\n", hDeltaIn);
mask[0].type = CKA_APPLICATION;
mask[0].pValue = key;
mask[0].ulValueLen = key_len;
crv = pFunctionList->C_FindObjectsInit(h, mask, 1);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
- h, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
+ h, crv, PKM_CK_RVtoStr(crv));
return crv;
}
(void)memset(&found, 0, sizeof(found));
nFound = 0;
crv = pFunctionList->C_FindObjects(h, found, 10, &nFound);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
- h, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
+ h, crv, PKM_CK_RVtoStr(crv));
return crv;
}
- if ( 4 != nFound ) {
- PKM_Error( "Found %lu objects, not 4.\n", nFound);
+ if (4 != nFound) {
+ PKM_Error("Found %lu objects, not 4.\n", nFound);
return crv;
}
- PKM_LogIt( " Found 4 objects: %lu, %lu, %lu, %lu\n",
- found[0], found[1], found[2], found[3]);
+ PKM_LogIt(" Found 4 objects: %lu, %lu, %lu, %lu\n",
+ found[0], found[1], found[2], found[3]);
crv = pFunctionList->C_FindObjectsFinal(h);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n",
- h, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n",
+ h, crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_DestroyObject(h, hThreeIn);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_DestroyObject(%lu, %lu) returned 0x%08X, %-26s\n", h,
- hThreeIn, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_DestroyObject(%lu, %lu) returned 0x%08X, %-26s\n", h,
+ hThreeIn, crv, PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt( " Destroyed object three (handle = %lu)\n", hThreeIn);
+ PKM_LogIt(" Destroyed object three (handle = %lu)\n", hThreeIn);
delta[0].type = CKA_APPLICATION;
delta[0].pValue = "Changed application";
delta[0].ulValueLen = strlen(delta[0].pValue);
crv = pFunctionList->C_SetAttributeValue(h, hTwoIn, delta, 1);
- if ( CKR_OK != crv ) {
+ if (CKR_OK != crv) {
PKM_Error("C_SetAttributeValue(%lu, %lu, delta, 1) returned "
"0x%08X, %-26s\n",
h, hTwoIn, crv, PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt( " Changed object two (handle = %lu).\n", hTwoIn);
+ PKM_LogIt(" Changed object two (handle = %lu).\n", hTwoIn);
/* Can another session find these session objects? */
crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
NULL, NULL, &h2);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
- " returned 0x%08X, %-26s\n", pSlotList[slotID], crv,
- PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
+ " returned 0x%08X, %-26s\n",
+ pSlotList[slotID], crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt( " Opened a second session: handle = 0x%08x\n", h2);
+ PKM_LogIt(" Opened a second session: handle = 0x%08x\n", h2);
/* mask is still the same */
crv = pFunctionList->C_FindObjectsInit(h2, mask, 1);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
- h2, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
+ h2, crv, PKM_CK_RVtoStr(crv));
return crv;
}
(void)memset(&found, 0, sizeof(found));
nFound = 0;
crv = pFunctionList->C_FindObjects(h2, found, 10, &nFound);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
- h2, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
+ h2, crv, PKM_CK_RVtoStr(crv));
return crv;
}
- if ( 2 != nFound ) {
- PKM_Error( "Found %lu objects, not 2.\n", nFound);
+ if (2 != nFound) {
+ PKM_Error("Found %lu objects, not 2.\n", nFound);
return crv;
}
- PKM_LogIt( " Found 2 objects: %lu, %lu\n",
- found[0], found[1]);
+ PKM_LogIt(" Found 2 objects: %lu, %lu\n",
+ found[0], found[1]);
crv = pFunctionList->C_FindObjectsFinal(h2);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h2, crv,
- PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h2, crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_Logout(h);
if (crv == CKR_OK) {
PKM_LogIt("C_Logout succeeded\n");
} else {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseAllSessions(pSlotList[slotID]);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_CloseAllSessions(%lu) returned 0x%08X, %-26s\n",
- pSlotList[slotID], crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_CloseAllSessions(%lu) returned 0x%08X, %-26s\n",
+ pSlotList[slotID], crv, PKM_CK_RVtoStr(crv));
return crv;
}
- PKM_LogIt( "\n");
+ PKM_LogIt("\n");
return crv;
}
-CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
+CK_RV
+PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
CK_SESSION_HANDLE hSession;
CK_RV crv = CKR_OK;
CK_MECHANISM sAESKeyMech = {
@@ -4069,51 +4157,49 @@ CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
CK_KEY_TYPE keyAESType = CKK_AES;
CK_UTF8CHAR AESlabel[] = "An AES secret key object";
CK_ULONG AESvalueLen = 16;
- CK_ATTRIBUTE sAESKeyTemplate[9];
+ CK_ATTRIBUTE sAESKeyTemplate[9];
CK_OBJECT_HANDLE sKey = CK_INVALID_HANDLE;
- CK_BYTE_PTR pstate = NULL;
+ CK_BYTE_PTR pstate = NULL;
CK_ULONG statelen, digestlen, plainlen, plainlen_1, plainlen_2, slen;
static const CK_UTF8CHAR *plaintext = (CK_UTF8CHAR *)"Firefox rules.";
static const CK_UTF8CHAR *plaintext_1 = (CK_UTF8CHAR *)"Thunderbird rules.";
- static const CK_UTF8CHAR *plaintext_2 = (CK_UTF8CHAR *)
- "Firefox and Thunderbird.";
+ static const CK_UTF8CHAR *plaintext_2 = (CK_UTF8CHAR *)"Firefox and Thunderbird.";
- char digest[MAX_DIGEST_SZ], digest_1[MAX_DIGEST_SZ];
- char sign[MAX_SIG_SZ];
+ char digest[MAX_DIGEST_SZ], digest_1[MAX_DIGEST_SZ];
+ char sign[MAX_SIG_SZ];
CK_MECHANISM signmech;
CK_MECHANISM digestmech;
NUMTESTS++; /* increment NUMTESTS */
-
/* AES key template */
- sAESKeyTemplate[0].type = CKA_CLASS;
- sAESKeyTemplate[0].pValue = &class;
+ sAESKeyTemplate[0].type = CKA_CLASS;
+ sAESKeyTemplate[0].pValue = &class;
sAESKeyTemplate[0].ulValueLen = sizeof(class);
- sAESKeyTemplate[1].type = CKA_KEY_TYPE;
- sAESKeyTemplate[1].pValue = &keyAESType;
+ sAESKeyTemplate[1].type = CKA_KEY_TYPE;
+ sAESKeyTemplate[1].pValue = &keyAESType;
sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
- sAESKeyTemplate[2].type = CKA_LABEL;
- sAESKeyTemplate[2].pValue = AESlabel;
- sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel)-1;
- sAESKeyTemplate[3].type = CKA_ENCRYPT;
- sAESKeyTemplate[3].pValue = &true;
+ sAESKeyTemplate[2].type = CKA_LABEL;
+ sAESKeyTemplate[2].pValue = AESlabel;
+ sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1;
+ sAESKeyTemplate[3].type = CKA_ENCRYPT;
+ sAESKeyTemplate[3].pValue = &true;
sAESKeyTemplate[3].ulValueLen = sizeof(true);
- sAESKeyTemplate[4].type = CKA_DECRYPT;
- sAESKeyTemplate[4].pValue = &true;
+ sAESKeyTemplate[4].type = CKA_DECRYPT;
+ sAESKeyTemplate[4].pValue = &true;
sAESKeyTemplate[4].ulValueLen = sizeof(true);
- sAESKeyTemplate[5].type = CKA_SIGN;
- sAESKeyTemplate[5].pValue = &true;
- sAESKeyTemplate[5].ulValueLen = sizeof (true);
- sAESKeyTemplate[6].type = CKA_VERIFY;
- sAESKeyTemplate[6].pValue = &true;
+ sAESKeyTemplate[5].type = CKA_SIGN;
+ sAESKeyTemplate[5].pValue = &true;
+ sAESKeyTemplate[5].ulValueLen = sizeof(true);
+ sAESKeyTemplate[6].type = CKA_VERIFY;
+ sAESKeyTemplate[6].pValue = &true;
sAESKeyTemplate[6].ulValueLen = sizeof(true);
- sAESKeyTemplate[7].type = CKA_UNWRAP;
- sAESKeyTemplate[7].pValue = &true;
+ sAESKeyTemplate[7].type = CKA_UNWRAP;
+ sAESKeyTemplate[7].pValue = &true;
sAESKeyTemplate[7].ulValueLen = sizeof(true);
- sAESKeyTemplate[8].type = CKA_VALUE_LEN;
- sAESKeyTemplate[8].pValue = &AESvalueLen;
+ sAESKeyTemplate[8].type = CKA_VALUE_LEN;
+ sAESKeyTemplate[8].pValue = &AESvalueLen;
sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
signmech.mechanism = CKM_SHA_1_HMAC;
@@ -4123,18 +4209,16 @@ CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
digestmech.pParameter = NULL;
digestmech.ulParameterLen = 0;
-
plainlen = strlen((char *)plaintext);
plainlen_1 = strlen((char *)plaintext_1);
plainlen_2 = strlen((char *)plaintext_2);
digestlen = MAX_DIGEST_SZ;
-
crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
NULL, NULL, &hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -4142,8 +4226,9 @@ CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_Login with correct password succeeded\n");
} else {
- PKM_Error( "C_Login with correct password failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Login with correct password failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -4156,14 +4241,14 @@ CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_GenerateKey AES succeeded\n");
} else {
- PKM_Error( "C_GenerateKey AES failed with 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_SignInit(hSession, &signmech, sKey);
if (crv != CKR_OK) {
- PKM_Error("C_SignInit failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_SignInit failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
@@ -4172,14 +4257,14 @@ CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_Sign(hSession, (CK_BYTE_PTR)plaintext, plainlen,
(CK_BYTE_PTR)sign, &slen);
if (crv != CKR_OK) {
- PKM_Error("C_Sign failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_Sign failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_DestroyObject(hSession, sKey);
if (crv != CKR_OK) {
- PKM_Error("C_DestroyObject failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_DestroyObject failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
@@ -4187,29 +4272,29 @@ CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
digestlen = MAX_DIGEST_SZ;
crv = pFunctionList->C_DigestInit(hSession, &digestmech);
if (crv != CKR_OK) {
- PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext,
plainlen);
if (crv != CKR_OK) {
- PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_GetOperationState(hSession, NULL, &statelen);
if (crv != CKR_OK) {
- PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
- pstate = (CK_BYTE_PTR) malloc(statelen * sizeof (CK_BYTE_PTR));
+ pstate = (CK_BYTE_PTR)malloc(statelen * sizeof(CK_BYTE_PTR));
crv = pFunctionList->C_GetOperationState(hSession, pstate, &statelen);
if (crv != CKR_OK) {
- PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
@@ -4217,14 +4302,14 @@ CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_1,
plainlen_1);
if (crv != CKR_OK) {
- PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_2,
plainlen_2);
if (crv != CKR_OK) {
- PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
@@ -4236,28 +4321,28 @@ CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_SetOperationState(hSession, pstate, statelen,
0, 0);
if (crv != CKR_OK) {
- PKM_Error("C_SetOperationState failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_SetOperationState failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_DigestFinal(hSession, (CK_BYTE_PTR)digest,
&digestlen);
if (crv != CKR_OK) {
- PKM_Error("C_DigestFinal failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_DigestFinal failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
digestlen = MAX_DIGEST_SZ;
crv = pFunctionList->C_DigestInit(hSession, &digestmech);
if (crv != CKR_OK) {
- PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_Digest(hSession, (CK_BYTE_PTR)plaintext, plainlen,
(CK_BYTE_PTR)digest_1, &digestlen);
if (crv != CKR_OK) {
- PKM_Error("C_Digest failed returned 0x%08X, %-26s\n", crv,
+ PKM_Error("C_Digest failed returned 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
return crv;
}
@@ -4270,37 +4355,38 @@ CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_Logout succeeded\n");
} else {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseSession(hSession);
- if ( CKR_OK != crv ) {
- PKM_Error( "C_CloseSession(%lu) returned 0x%08X, %-26s\n",
- hSession, crv, PKM_CK_RVtoStr(crv));
+ if (CKR_OK != crv) {
+ PKM_Error("C_CloseSession(%lu) returned 0x%08X, %-26s\n",
+ hSession, crv, PKM_CK_RVtoStr(crv));
return crv;
}
return crv;
}
-
/*
* Recover Functions
*/
-CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
- CK_MECHANISM *signMech, const CK_BYTE * pData,
- CK_ULONG pDataLen) {
+CK_RV
+PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
+ CK_MECHANISM *signMech, const CK_BYTE *pData,
+ CK_ULONG pDataLen)
+{
CK_RV crv = CKR_OK;
CK_BYTE sig[MAX_SIG_SZ];
CK_ULONG sigLen = MAX_SIG_SZ;
CK_BYTE recover[MAX_SIG_SZ];
CK_ULONG recoverLen = MAX_SIG_SZ;
-
+
NUMTESTS++; /* increment NUMTESTS */
-
+
/* initializes a signature operation,
* where the data can be recovered from the signature
*/
@@ -4310,21 +4396,23 @@ CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
PKM_LogIt("C_SignRecoverInit succeeded. \n");
} else {
PKM_Error("C_SignRecoverInit failed.\n"
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
/* signs single-part data,
* where the data can be recovered from the signature
*/
- crv = pFunctionList->C_SignRecover(hSession, (CK_BYTE * )pData,
+ crv = pFunctionList->C_SignRecover(hSession, (CK_BYTE *)pData,
pDataLen,
- (CK_BYTE * )sig, &sigLen);
+ (CK_BYTE *)sig, &sigLen);
if (crv == CKR_OK) {
PKM_LogIt("C_SignRecover succeeded. \n");
} else {
PKM_Error("C_SignRecoverInit failed to create an RSA key pair.\n"
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -4338,7 +4426,8 @@ CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
PKM_LogIt("C_VerifyRecoverInit succeeded. \n");
} else {
PKM_Error("C_VerifyRecoverInit failed.\n"
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
@@ -4346,22 +4435,23 @@ CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
* verifies a signature on single-part data,
* where the data is recovered from the signature
*/
- crv = pFunctionList->C_VerifyRecover(hSession, (CK_BYTE * )sig,
+ crv = pFunctionList->C_VerifyRecover(hSession, (CK_BYTE *)sig,
sigLen,
- (CK_BYTE * )recover, &recoverLen);
+ (CK_BYTE *)recover, &recoverLen);
if (crv == CKR_OK) {
PKM_LogIt("C_VerifyRecover succeeded. \n");
} else {
PKM_Error("C_VerifyRecover failed.\n"
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
- if ((recoverLen == pDataLen)
- && (memcmp(recover, pData, pDataLen) == 0)) {
+ if ((recoverLen == pDataLen) &&
+ (memcmp(recover, pData, pDataLen) == 0)) {
PKM_LogIt("VerifyRecover test case passed\n");
} else {
- PKM_Error( "VerifyRecover test case failed\n");
+ PKM_Error("VerifyRecover test case failed\n");
}
return crv;
@@ -4371,14 +4461,16 @@ CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
* wrap the secretkey with the public key.
* unwrap the secretkey with the private key.
*/
-CK_RV PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hPublicKey,
- CK_OBJECT_HANDLE hPrivateKey,
- CK_MECHANISM *wrapMechanism,
- CK_OBJECT_HANDLE hSecretKey,
- CK_ATTRIBUTE *sKeyTemplate,
- CK_ULONG skeyTempSize) {
+CK_RV
+PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hPublicKey,
+ CK_OBJECT_HANDLE hPrivateKey,
+ CK_MECHANISM *wrapMechanism,
+ CK_OBJECT_HANDLE hSecretKey,
+ CK_ATTRIBUTE *sKeyTemplate,
+ CK_ULONG skeyTempSize)
+{
CK_RV crv = CKR_OK;
CK_OBJECT_HANDLE hSecretKeyUnwrapped = CK_INVALID_HANDLE;
CK_BYTE wrappedKey[128];
@@ -4388,26 +4480,26 @@ CK_RV PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
ulWrappedKeyLen = sizeof(wrappedKey);
crv = pFunctionList->C_WrapKey(
- hSession, wrapMechanism,
- hPublicKey, hSecretKey,
- wrappedKey, &ulWrappedKeyLen);
+ hSession, wrapMechanism,
+ hPublicKey, hSecretKey,
+ wrappedKey, &ulWrappedKeyLen);
if (crv == CKR_OK) {
PKM_LogIt("C_WrapKey succeeded\n");
} else {
- PKM_Error( "C_WrapKey failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_WrapKey failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_UnwrapKey(
- hSession, wrapMechanism, hPrivateKey,
- wrappedKey, ulWrappedKeyLen, sKeyTemplate,
- skeyTempSize,
- &hSecretKeyUnwrapped);
+ hSession, wrapMechanism, hPrivateKey,
+ wrappedKey, ulWrappedKeyLen, sKeyTemplate,
+ skeyTempSize,
+ &hSecretKeyUnwrapped);
if ((crv == CKR_OK) && (hSecretKeyUnwrapped != CK_INVALID_HANDLE)) {
PKM_LogIt("C_UnwrapKey succeeded\n");
} else {
- PKM_Error( "C_UnwrapKey failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_UnwrapKey failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -4426,11 +4518,11 @@ PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList,
CK_RV crv;
CK_ATTRIBUTE_PTR tmp_attrs;
unsigned int i;
-
+
NUMTESTS++; /* increment NUMTESTS */
/* First duplicate the themplate */
- tmp_attrs = malloc(expected_attrs_count * sizeof (CK_ATTRIBUTE));
+ tmp_attrs = malloc(expected_attrs_count * sizeof(CK_ATTRIBUTE));
if (tmp_attrs == NULL) {
PKM_Error("Internal test memory failure\n");
@@ -4459,8 +4551,8 @@ PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_GetAttributeValue(hSession, obj, tmp_attrs,
expected_attrs_count);
if (crv != CKR_OK) {
- PKM_Error( "C_GetAttributeValue failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GetAttributeValue failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
crv = CKR_FUNCTION_FAILED;
goto out;
}
@@ -4470,15 +4562,15 @@ PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList,
if (memcmp(tmp_attrs[i].pValue, expected_attrs[i].pValue,
expected_attrs[i].ulValueLen) != 0) {
- PKM_LogIt("comparing attribute type 0x%x with expected 0x%x\n",
+ PKM_LogIt("comparing attribute type 0x%x with expected 0x%x\n",
tmp_attrs[i].type, expected_attrs[i].type);
- PKM_LogIt("comparing attribute type value 0x%x with expected 0x%x\n",
+ PKM_LogIt("comparing attribute type value 0x%x with expected 0x%x\n",
tmp_attrs[i].pValue, expected_attrs[i].pValue);
- /* don't report error at this time */
+ /* don't report error at this time */
}
}
- out:
+out:
for (i = 0; i < expected_attrs_count; i++)
free(tmp_attrs[i].pValue);
free(tmp_attrs);
@@ -4493,29 +4585,28 @@ PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
CK_MECHANISM_TYPE mechType, CK_FLAGS flags,
CK_BBOOL check_sizes, CK_ULONG minkeysize, CK_ULONG maxkeysize)
{
- CK_SESSION_INFO sess_info;
- CK_MECHANISM_INFO mech_info;
- CK_RV crv;
+ CK_SESSION_INFO sess_info;
+ CK_MECHANISM_INFO mech_info;
+ CK_RV crv;
NUMTESTS++; /* increment NUMTESTS */
- if ((crv = pFunctionList->C_GetSessionInfo(hSession, &sess_info))
- != CKR_OK) {
- PKM_Error( "C_GetSessionInfo failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ if ((crv = pFunctionList->C_GetSessionInfo(hSession, &sess_info)) !=
+ CKR_OK) {
+ PKM_Error("C_GetSessionInfo failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return (CKR_FUNCTION_FAILED);
}
crv = pFunctionList->C_GetMechanismInfo(0, mechType,
&mech_info);
-
crv = pFunctionList->C_GetMechanismInfo(sess_info.slotID, mechType,
&mech_info);
if (crv != CKR_OK) {
- PKM_Error( "C_GetMechanismInfo failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GetMechanismInfo failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return (CKR_FUNCTION_FAILED);
}
@@ -4539,10 +4630,6 @@ PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
return (CKR_OK);
}
-
-
-
-
/*
* Can be called with a non-null premaster_key_len for the
* *_DH mechanisms. In that case, no checking for the matching of
@@ -4550,89 +4637,90 @@ PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
* The rnd argument tells which correct/bogus randomInfo to use.
*/
CK_RV
-PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
- CK_MECHANISM_TYPE mechType,
- enum_random_t rnd) {
+PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+ CK_MECHANISM_TYPE mechType,
+ enum_random_t rnd)
+{
CK_SESSION_HANDLE hSession;
CK_RV crv;
- CK_MECHANISM mk_mech;
- CK_VERSION version;
- CK_OBJECT_CLASS class = CKO_SECRET_KEY;
- CK_KEY_TYPE type = CKK_GENERIC_SECRET;
- CK_BBOOL derive_bool = true;
- CK_ATTRIBUTE attrs[4];
- CK_ULONG attrs_count = 4;
- CK_OBJECT_HANDLE pmk_obj = CK_INVALID_HANDLE;
- CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE;
+ CK_MECHANISM mk_mech;
+ CK_VERSION version;
+ CK_OBJECT_CLASS class = CKO_SECRET_KEY;
+ CK_KEY_TYPE type = CKK_GENERIC_SECRET;
+ CK_BBOOL derive_bool = true;
+ CK_ATTRIBUTE attrs[4];
+ CK_ULONG attrs_count = 4;
+ CK_OBJECT_HANDLE pmk_obj = CK_INVALID_HANDLE;
+ CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE;
CK_SSL3_MASTER_KEY_DERIVE_PARAMS mkd_params;
- CK_MECHANISM skmd_mech;
+ CK_MECHANISM skmd_mech;
CK_BBOOL isDH = false;
-
+
NUMTESTS++; /* increment NUMTESTS */
- attrs[0].type = CKA_CLASS;
- attrs[0].pValue = &class;
- attrs[0].ulValueLen = sizeof (class);
- attrs[1].type = CKA_KEY_TYPE;
- attrs[1].pValue = &type;
- attrs[1].ulValueLen = sizeof (type);
- attrs[2].type = CKA_DERIVE;
- attrs[2].pValue = &derive_bool;
- attrs[2].ulValueLen = sizeof (derive_bool);
- attrs[3].type = CKA_VALUE;
- attrs[3].pValue = NULL;
+ attrs[0].type = CKA_CLASS;
+ attrs[0].pValue = &class;
+ attrs[0].ulValueLen = sizeof(class);
+ attrs[1].type = CKA_KEY_TYPE;
+ attrs[1].pValue = &type;
+ attrs[1].ulValueLen = sizeof(type);
+ attrs[2].type = CKA_DERIVE;
+ attrs[2].pValue = &derive_bool;
+ attrs[2].ulValueLen = sizeof(derive_bool);
+ attrs[3].type = CKA_VALUE;
+ attrs[3].pValue = NULL;
attrs[3].ulValueLen = 0;
-
crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
NULL, NULL, &hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
if (crv == CKR_OK) {
PKM_LogIt("C_Login with correct password succeeded\n");
} else {
- PKM_Error( "C_Login with correct password failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Login with correct password failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
/* Before all, check if the mechanism is supported correctly */
if (MODE == FIPSMODE) {
- crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE, false,
- 0, 0);
- if (crv != CKR_OK) {
- PKM_Error( "PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
- return (crv);
- }
+ crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE, false,
+ 0, 0);
+ if (crv != CKR_OK) {
+ PKM_Error("PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
+ return (crv);
+ }
}
mk_mech.mechanism = mechType;
mk_mech.pParameter = &mkd_params;
- mk_mech.ulParameterLen = sizeof (mkd_params);
+ mk_mech.ulParameterLen = sizeof(mkd_params);
switch (mechType) {
- case CKM_TLS_MASTER_KEY_DERIVE_DH:
- isDH = true;
+ case CKM_TLS_MASTER_KEY_DERIVE_DH:
+ isDH = true;
/* FALLTHRU */
- case CKM_TLS_MASTER_KEY_DERIVE:
- attrs[3].pValue = NULL;
- attrs[3].ulValueLen = 0;
-
- mkd_params.RandomInfo.pClientRandom = (unsigned char * ) TLSClientRandom;
- mkd_params.RandomInfo.ulClientRandomLen =
- sizeof (TLSClientRandom);
- mkd_params.RandomInfo.pServerRandom = (unsigned char * ) TLSServerRandom;
- mkd_params.RandomInfo.ulServerRandomLen =
- sizeof (TLSServerRandom);
- break;
+ case CKM_TLS_MASTER_KEY_DERIVE:
+ attrs[3].pValue = NULL;
+ attrs[3].ulValueLen = 0;
+
+ mkd_params.RandomInfo.pClientRandom = (unsigned char *)TLSClientRandom;
+ mkd_params.RandomInfo.ulClientRandomLen =
+ sizeof(TLSClientRandom);
+ mkd_params.RandomInfo.pServerRandom = (unsigned char *)TLSServerRandom;
+ mkd_params.RandomInfo.ulServerRandomLen =
+ sizeof(TLSServerRandom);
+ break;
}
mkd_params.pVersion = (!isDH) ? &version : NULL;
@@ -4640,8 +4728,7 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList,
skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN;
skmd_mech.pParameter = &mkd_params;
- skmd_mech.ulParameterLen = sizeof (mkd_params);
-
+ skmd_mech.ulParameterLen = sizeof(mkd_params);
crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech,
attrs,
@@ -4650,97 +4737,93 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_GenerateKey succeeded\n");
} else {
- PKM_Error( "C_GenerateKey failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
-
}
/* Test the bad cases */
switch (rnd) {
- case CORRECT:
- goto correct;
+ case CORRECT:
+ goto correct;
- case BOGUS_CLIENT_RANDOM:
- mkd_params.RandomInfo.pClientRandom = NULL;
- break;
+ case BOGUS_CLIENT_RANDOM:
+ mkd_params.RandomInfo.pClientRandom = NULL;
+ break;
- case BOGUS_CLIENT_RANDOM_LEN:
- mkd_params.RandomInfo.ulClientRandomLen = 0;
- break;
+ case BOGUS_CLIENT_RANDOM_LEN:
+ mkd_params.RandomInfo.ulClientRandomLen = 0;
+ break;
- case BOGUS_SERVER_RANDOM:
- mkd_params.RandomInfo.pServerRandom = NULL;
- break;
+ case BOGUS_SERVER_RANDOM:
+ mkd_params.RandomInfo.pServerRandom = NULL;
+ break;
- case BOGUS_SERVER_RANDOM_LEN:
- mkd_params.RandomInfo.ulServerRandomLen = 0;
- break;
+ case BOGUS_SERVER_RANDOM_LEN:
+ mkd_params.RandomInfo.ulServerRandomLen = 0;
+ break;
}
crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL, 0,
&mk_obj);
if (crv != CKR_MECHANISM_PARAM_INVALID) {
- PKM_LogIt( "C_DeriveKey returned as EXPECTED with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_LogIt("C_DeriveKey returned as EXPECTED with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
} else {
- PKM_Error( "C_DeriveKey did not fail with bad data \n" );
+ PKM_Error("C_DeriveKey did not fail with bad data \n");
}
goto out;
-
- correct:
+correct:
/* Now derive the master secret key */
crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL, 0,
&mk_obj);
if (crv == CKR_OK) {
PKM_LogIt("C_DeriveKey succeeded\n");
} else {
- PKM_Error( "C_DeriveKey failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DeriveKey failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
-
}
- out:
+out:
if (pmk_obj != CK_INVALID_HANDLE)
- (void) pFunctionList->C_DestroyObject(hSession, pmk_obj);
+ (void)pFunctionList->C_DestroyObject(hSession, pmk_obj);
if (mk_obj != CK_INVALID_HANDLE)
- (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
+ (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
crv = pFunctionList->C_Logout(hSession);
if (crv == CKR_OK) {
PKM_LogIt("C_Logout succeeded\n");
} else {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseSession(hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
return (crv);
}
-
CK_RV
-PKM_TLSKeyAndMacDerive( CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SLOT_ID * pSlotList, CK_ULONG slotID,
- CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
- CK_MECHANISM_TYPE mechType, enum_random_t rnd)
+PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+ CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+ CK_MECHANISM_TYPE mechType, enum_random_t rnd)
{
CK_SESSION_HANDLE hSession;
CK_RV crv;
- CK_MECHANISM kmd_mech;
- CK_MECHANISM skmd_mech;
- CK_OBJECT_CLASS class = CKO_SECRET_KEY;
- CK_KEY_TYPE type = CKK_GENERIC_SECRET;
- CK_BBOOL derive_bool = true;
- CK_BBOOL sign_bool = true, verify_bool = true;
- CK_BBOOL encrypt_bool = true, decrypt_bool = true;
- CK_ULONG value_len;
+ CK_MECHANISM kmd_mech;
+ CK_MECHANISM skmd_mech;
+ CK_OBJECT_CLASS class = CKO_SECRET_KEY;
+ CK_KEY_TYPE type = CKK_GENERIC_SECRET;
+ CK_BBOOL derive_bool = true;
+ CK_BBOOL sign_bool = true, verify_bool = true;
+ CK_BBOOL encrypt_bool = true, decrypt_bool = true;
+ CK_ULONG value_len;
/*
* We arrange this template so that:
@@ -4748,79 +4831,79 @@ PKM_TLSKeyAndMacDerive( CK_FUNCTION_LIST_PTR pFunctionList,
* . Attributes 2-5 are good for the master key creation template.
* . Attributes 3-8 are good for a cipher key comparison template.
*/
- CK_ATTRIBUTE attrs[9];
+ CK_ATTRIBUTE attrs[9];
- CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE;
+ CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE;
CK_SSL3_KEY_MAT_PARAMS km_params;
CK_SSL3_KEY_MAT_OUT kmo;
- CK_BYTE IVClient[8];
- CK_BYTE IVServer[8];
+ CK_BYTE IVClient[8];
+ CK_BYTE IVServer[8];
NUMTESTS++; /* increment NUMTESTS */
- attrs[0].type = CKA_SIGN;
- attrs[0].pValue = &sign_bool;
- attrs[0].ulValueLen = sizeof (sign_bool);
- attrs[1].type = CKA_VERIFY;
- attrs[1].pValue = &verify_bool;
- attrs[1].ulValueLen = sizeof (verify_bool);
- attrs[2].type = CKA_KEY_TYPE;
- attrs[2].pValue = &type;
- attrs[2].ulValueLen = sizeof (type);
- attrs[3].type = CKA_CLASS;
- attrs[3].pValue = &class;
- attrs[3].ulValueLen = sizeof (class);
- attrs[4].type = CKA_DERIVE;
- attrs[4].pValue = &derive_bool;
- attrs[4].ulValueLen = sizeof (derive_bool);
- attrs[5].type = CKA_VALUE;
- attrs[5].pValue = NULL;
+ attrs[0].type = CKA_SIGN;
+ attrs[0].pValue = &sign_bool;
+ attrs[0].ulValueLen = sizeof(sign_bool);
+ attrs[1].type = CKA_VERIFY;
+ attrs[1].pValue = &verify_bool;
+ attrs[1].ulValueLen = sizeof(verify_bool);
+ attrs[2].type = CKA_KEY_TYPE;
+ attrs[2].pValue = &type;
+ attrs[2].ulValueLen = sizeof(type);
+ attrs[3].type = CKA_CLASS;
+ attrs[3].pValue = &class;
+ attrs[3].ulValueLen = sizeof(class);
+ attrs[4].type = CKA_DERIVE;
+ attrs[4].pValue = &derive_bool;
+ attrs[4].ulValueLen = sizeof(derive_bool);
+ attrs[5].type = CKA_VALUE;
+ attrs[5].pValue = NULL;
attrs[5].ulValueLen = 0;
- attrs[6].type = CKA_VALUE_LEN;
- attrs[6].pValue = &value_len;
- attrs[6].ulValueLen = sizeof (value_len);
- attrs[7].type = CKA_ENCRYPT;
- attrs[7].pValue = &encrypt_bool;
- attrs[7].ulValueLen = sizeof (encrypt_bool);
- attrs[8].type = CKA_DECRYPT;
- attrs[8].pValue = &decrypt_bool;
- attrs[8].ulValueLen = sizeof (decrypt_bool);
+ attrs[6].type = CKA_VALUE_LEN;
+ attrs[6].pValue = &value_len;
+ attrs[6].ulValueLen = sizeof(value_len);
+ attrs[7].type = CKA_ENCRYPT;
+ attrs[7].pValue = &encrypt_bool;
+ attrs[7].ulValueLen = sizeof(encrypt_bool);
+ attrs[8].type = CKA_DECRYPT;
+ attrs[8].pValue = &decrypt_bool;
+ attrs[8].ulValueLen = sizeof(decrypt_bool);
crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
NULL, NULL, &hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
if (crv == CKR_OK) {
PKM_LogIt("C_Login with correct password succeeded\n");
} else {
- PKM_Error( "C_Login with correct password failed "
- "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Login with correct password failed "
+ "with 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
return crv;
}
-
/* Before all, check if the mechanism is supported correctly */
if (MODE == FIPSMODE) {
crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE,
CK_TRUE, 48, 48);
if (crv != CKR_OK) {
- PKM_Error( "PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return (crv);
}
}
kmd_mech.mechanism = mechType;
kmd_mech.pParameter = &km_params;
- kmd_mech.ulParameterLen = sizeof (km_params);
+ kmd_mech.ulParameterLen = sizeof(km_params);
- km_params.ulMacSizeInBits = 128; /* an MD5 based MAC */
- km_params.ulKeySizeInBits = 192; /* 3DES key size */
- km_params.ulIVSizeInBits = 64; /* 3DES block size */
+ km_params.ulMacSizeInBits = 128; /* an MD5 based MAC */
+ km_params.ulKeySizeInBits = 192; /* 3DES key size */
+ km_params.ulIVSizeInBits = 64; /* 3DES block size */
km_params.pReturnedKeyMaterial = &kmo;
km_params.bIsExport = false;
kmo.hClientMacSecret = CK_INVALID_HANDLE;
@@ -4832,8 +4915,7 @@ PKM_TLSKeyAndMacDerive( CK_FUNCTION_LIST_PTR pFunctionList,
skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN;
skmd_mech.pParameter = &km_params;
- skmd_mech.ulParameterLen = sizeof (km_params);
-
+ skmd_mech.ulParameterLen = sizeof(km_params);
crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech,
&attrs[2],
@@ -4842,54 +4924,54 @@ PKM_TLSKeyAndMacDerive( CK_FUNCTION_LIST_PTR pFunctionList,
if (crv == CKR_OK) {
PKM_LogIt("C_GenerateKey succeeded\n");
} else {
- PKM_Error( "C_GenerateKey failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- attrs[5].pValue = NULL;
- attrs[5].ulValueLen = 0;
+ attrs[5].pValue = NULL;
+ attrs[5].ulValueLen = 0;
- km_params.RandomInfo.pClientRandom = (unsigned char *) TLSClientRandom;
+ km_params.RandomInfo.pClientRandom = (unsigned char *)TLSClientRandom;
km_params.RandomInfo.ulClientRandomLen =
- sizeof (TLSClientRandom);
- km_params.RandomInfo.pServerRandom = (unsigned char *) TLSServerRandom;
+ sizeof(TLSClientRandom);
+ km_params.RandomInfo.pServerRandom = (unsigned char *)TLSServerRandom;
km_params.RandomInfo.ulServerRandomLen =
- sizeof (TLSServerRandom);
+ sizeof(TLSServerRandom);
/* Test the bad cases */
switch (rnd) {
- case CORRECT:
- goto correct;
+ case CORRECT:
+ goto correct;
- case BOGUS_CLIENT_RANDOM:
- km_params.RandomInfo.pClientRandom = NULL;
- break;
+ case BOGUS_CLIENT_RANDOM:
+ km_params.RandomInfo.pClientRandom = NULL;
+ break;
- case BOGUS_CLIENT_RANDOM_LEN:
- km_params.RandomInfo.ulClientRandomLen = 0;
- break;
+ case BOGUS_CLIENT_RANDOM_LEN:
+ km_params.RandomInfo.ulClientRandomLen = 0;
+ break;
- case BOGUS_SERVER_RANDOM:
- km_params.RandomInfo.pServerRandom = NULL;
- break;
+ case BOGUS_SERVER_RANDOM:
+ km_params.RandomInfo.pServerRandom = NULL;
+ break;
- case BOGUS_SERVER_RANDOM_LEN:
- km_params.RandomInfo.ulServerRandomLen = 0;
- break;
+ case BOGUS_SERVER_RANDOM_LEN:
+ km_params.RandomInfo.ulServerRandomLen = 0;
+ break;
}
crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL, 0,
NULL);
if (crv != CKR_MECHANISM_PARAM_INVALID) {
- PKM_Error( "key materials derivation returned unexpected "
- "error 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
- (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
+ PKM_Error("key materials derivation returned unexpected "
+ "error 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
+ (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
return (CKR_FUNCTION_FAILED);
-
}
return (CKR_OK);
- correct:
+correct:
/*
* Then use the master key and the client 'n server random data to
* derive the key materials
@@ -4897,52 +4979,54 @@ PKM_TLSKeyAndMacDerive( CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL, 0,
NULL);
if (crv != CKR_OK) {
- PKM_Error( "Cannot derive the key materials, crv 0x%08X, %-26s\n",
- crv, PKM_CK_RVtoStr(crv));
- (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
+ PKM_Error("Cannot derive the key materials, crv 0x%08X, %-26s\n",
+ crv, PKM_CK_RVtoStr(crv));
+ (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
return (crv);
}
if (mk_obj != CK_INVALID_HANDLE)
- (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
+ (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
if (kmo.hClientMacSecret != CK_INVALID_HANDLE)
- (void) pFunctionList->C_DestroyObject(hSession, kmo.hClientMacSecret);
+ (void)pFunctionList->C_DestroyObject(hSession, kmo.hClientMacSecret);
if (kmo.hServerMacSecret != CK_INVALID_HANDLE)
- (void) pFunctionList->C_DestroyObject(hSession, kmo.hServerMacSecret);
+ (void)pFunctionList->C_DestroyObject(hSession, kmo.hServerMacSecret);
if (kmo.hClientKey != CK_INVALID_HANDLE)
- (void) pFunctionList->C_DestroyObject(hSession, kmo.hClientKey);
+ (void)pFunctionList->C_DestroyObject(hSession, kmo.hClientKey);
if (kmo.hServerKey != CK_INVALID_HANDLE)
- (void) pFunctionList->C_DestroyObject(hSession, kmo.hServerKey);
+ (void)pFunctionList->C_DestroyObject(hSession, kmo.hServerKey);
crv = pFunctionList->C_Logout(hSession);
if (crv == CKR_OK) {
PKM_LogIt("C_Logout succeeded\n");
} else {
- PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_CloseSession(hSession);
if (crv != CKR_OK) {
- PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
return (crv);
}
-CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SESSION_HANDLE hRwSession,
- CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
- CK_MECHANISM *sigMech,
- CK_OBJECT_HANDLE secretKey, CK_MECHANISM *cryptMech,
- const CK_BYTE * pData, CK_ULONG pDataLen) {
+CK_RV
+PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SESSION_HANDLE hRwSession,
+ CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
+ CK_MECHANISM *sigMech,
+ CK_OBJECT_HANDLE secretKey, CK_MECHANISM *cryptMech,
+ const CK_BYTE *pData, CK_ULONG pDataLen)
+{
CK_RV crv = CKR_OK;
CK_BYTE encryptedData[MAX_CIPHER_SZ];
CK_ULONG ulEncryptedDataLen = 0;
- CK_ULONG ulLastUpdateSize = 0 ;
+ CK_ULONG ulLastUpdateSize = 0;
CK_BYTE sig[MAX_SIG_SZ];
CK_ULONG ulSigLen = 0;
CK_BYTE data[MAX_DATA_SZ];
@@ -4956,8 +5040,8 @@ CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
/* Check that the mechanism is Multi-part */
if (sigMech->mechanism == CKM_DSA || sigMech->mechanism == CKM_RSA_PKCS) {
- PKM_Error( "PKM_DualFuncSign must be called with a Multi-part "
- "operation mechanism\n");
+ PKM_Error("PKM_DualFuncSign must be called with a Multi-part "
+ "operation mechanism\n");
return CKR_DEVICE_ERROR;
}
@@ -4965,51 +5049,50 @@ CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
if (privateKey == 0 && publicKey == 0) {
crv = pFunctionList->C_SignInit(hRwSession, sigMech, secretKey);
if (crv != CKR_OK) {
- PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
} else {
crv = pFunctionList->C_SignInit(hRwSession, sigMech, privateKey);
if (crv != CKR_OK) {
- PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- }
+ }
crv = pFunctionList->C_EncryptInit(hRwSession, cryptMech, secretKey);
if (crv != CKR_OK) {
- PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
-
ulEncryptedDataLen = sizeof(encryptedData);
- crv = pFunctionList->C_SignEncryptUpdate(hRwSession, (CK_BYTE * ) pData,
+ crv = pFunctionList->C_SignEncryptUpdate(hRwSession, (CK_BYTE *)pData,
pDataLen,
encryptedData,
&ulEncryptedDataLen);
if (crv != CKR_OK) {
- PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
ulLastUpdateSize = sizeof(encryptedData) - ulEncryptedDataLen;
crv = pFunctionList->C_EncryptFinal(hRwSession,
- (CK_BYTE * )&encryptedData[ulEncryptedDataLen], &ulLastUpdateSize);
+ (CK_BYTE *)&encryptedData[ulEncryptedDataLen], &ulLastUpdateSize);
if (crv != CKR_OK) {
- PKM_Error( "C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- ulEncryptedDataLen = ulEncryptedDataLen + ulLastUpdateSize;
+ ulEncryptedDataLen = ulEncryptedDataLen + ulLastUpdateSize;
ulSigLen = sizeof(sig);
crv = pFunctionList->C_SignFinal(hRwSession, sig, &ulSigLen);
if (crv != CKR_OK) {
- PKM_Error( "C_SignFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SignFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -5017,15 +5100,15 @@ CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_DecryptInit(hRwSession, cryptMech, secretKey);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
crv = pFunctionList->C_VerifyInit(hRwSession, sigMech,
publicKey);
if (crv != CKR_OK) {
- PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
@@ -5035,8 +5118,8 @@ CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
ulEncryptedDataLen,
data, &ulDataLen);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptVerifyUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptVerifyUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
ulLastUpdateSize = sizeof(data) - ulDataLen;
@@ -5044,51 +5127,52 @@ CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_DecryptFinal(hRwSession, &data[ulDataLen],
&ulLastUpdateSize);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
-
+
if (ulLastUpdateSize != 0) {
crv = pFunctionList->C_VerifyUpdate(hRwSession, &data[ulDataLen],
- ulLastUpdateSize);
+ ulLastUpdateSize);
if (crv != CKR_OK) {
- PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
}
- ulDataLen = ulDataLen + ulLastUpdateSize;
+ ulDataLen = ulDataLen + ulLastUpdateSize;
/* input for the verify operation is the decrypted data */
crv = pFunctionList->C_VerifyFinal(hRwSession, sig, ulSigLen);
if (crv == CKR_OK) {
PKM_LogIt("C_VerifyFinal succeeded\n");
} else {
- PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
/* Comparison of Decrypted data with inputed data */
- if ( (ulDataLen == pDataLen) &&
- (memcmp(data, pData, pDataLen) == 0) ) {
+ if ((ulDataLen == pDataLen) &&
+ (memcmp(data, pData, pDataLen) == 0)) {
PKM_LogIt("PKM_DualFuncSign decrypt test case passed\n");
} else {
- PKM_Error( "PKM_DualFuncSign derypt test case failed\n");
+ PKM_Error("PKM_DualFuncSign derypt test case failed\n");
}
return crv;
-
}
-CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey,
- const CK_BYTE * pData, CK_ULONG pDataLen) {
+CK_RV
+PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
+ CK_SESSION_HANDLE hSession,
+ CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey,
+ const CK_BYTE *pData, CK_ULONG pDataLen)
+{
CK_RV crv = CKR_OK;
CK_BYTE digest1[MAX_DIGEST_SZ];
- CK_ULONG digest1Len = 0 ;
+ CK_ULONG digest1Len = 0;
CK_BYTE digest2[MAX_DIGEST_SZ];
CK_ULONG digest2Len = 0;
@@ -5096,46 +5180,45 @@ CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
memset(digest1, 0, sizeof(digest1));
memset(digest2, 0, sizeof(digest2));
-
+
NUMTESTS++; /* increment NUMTESTS */
crv = pFunctionList->C_DigestInit(hSession, digestMech);
if (crv != CKR_OK) {
- PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
digest1Len = sizeof(digest1);
- crv = pFunctionList->C_Digest(hSession, (CK_BYTE * ) pData, pDataLen,
- digest1, &digest1Len);
+ crv = pFunctionList->C_Digest(hSession, (CK_BYTE *)pData, pDataLen,
+ digest1, &digest1Len);
if (crv != CKR_OK) {
- PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
-
crv = pFunctionList->C_DigestInit(hSession, digestMech);
if (crv != CKR_OK) {
- PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE * ) pData, pDataLen);
+ crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE *)pData, pDataLen);
if (crv != CKR_OK) {
- PKM_Error( "C_DigestUpdate failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DigestUpdate failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
-
+
/* C_DigestKey continues a multiple-part message-digesting operation by*/
/* digesting the value of a secret key. (only used with C_DigestUpdate)*/
if (hSecretKey != 0) {
crv = pFunctionList->C_DigestKey(hSession, hSecretKey);
if (crv != CKR_OK) {
- PKM_Error( "C_DigestKey failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DigestKey failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
}
@@ -5143,37 +5226,36 @@ CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
digest2Len = sizeof(digest2);
crv = pFunctionList->C_DigestFinal(hSession, digest2, &digest2Len);
if (crv != CKR_OK) {
- PKM_Error( "C_DigestFinal failed with 0x%08X, %-26s\n", crv,
- PKM_CK_RVtoStr(crv));
+ PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv,
+ PKM_CK_RVtoStr(crv));
return crv;
}
- if (hSecretKey == 0){
- /* did not digest a secret key so digests should equal */
- if ( (digest1Len == digest2Len)
- && (memcmp(digest1, digest2, digest1Len) == 0) ) {
- PKM_LogIt("Single and Multiple-part message digest "
- "operations successful\n");
- } else {
- PKM_Error("Single and Multiple-part message digest "
- "operations failed\n");
- }
+ if (hSecretKey == 0) {
+ /* did not digest a secret key so digests should equal */
+ if ((digest1Len == digest2Len) &&
+ (memcmp(digest1, digest2, digest1Len) == 0)) {
+ PKM_LogIt("Single and Multiple-part message digest "
+ "operations successful\n");
+ } else {
+ PKM_Error("Single and Multiple-part message digest "
+ "operations failed\n");
+ }
} else {
- if (digest1Len == digest2Len) {
+ if (digest1Len == digest2Len) {
PKM_LogIt("PKM_Digest Single and Multiple-part message digest "
- "operations successful\n");
+ "operations successful\n");
} else {
PKM_Error("PKM_Digest Single and Multiple-part message digest "
- "operations failed\n");
+ "operations failed\n");
}
-
}
return crv;
-
}
-char * PKM_FilePasswd(char *pwFile)
+char *
+PKM_FilePasswd(char *pwFile)
{
unsigned char phrase[200];
PRFileDesc *fd;
@@ -5190,20 +5272,22 @@ char * PKM_FilePasswd(char *pwFile)
}
nb = PR_Read(fd, phrase, sizeof(phrase));
-
+
PR_Close(fd);
/* handle the Windows EOL case */
i = 0;
- while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb) i++;
+ while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb)
+ i++;
phrase[i] = '\0';
if (nb == 0) {
- fprintf(stderr,"password file contains no data\n");
+ fprintf(stderr, "password file contains no data\n");
return NULL;
}
- return (char*) strdup((char*)phrase);
+ return (char *)strdup((char *)phrase);
}
-void PKM_Help()
+void
+PKM_Help()
{
PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
PR_fprintf(debug_out, "pk11mode test program usage:\n");
@@ -5217,29 +5301,30 @@ void PKM_Help()
exit(1);
}
-void PKM_CheckPath(char *string)
+void
+PKM_CheckPath(char *string)
{
- char *src;
- char *dest;
+ char *src;
+ char *dest;
- /*
+ /*
* windows support convert any back slashes to
* forward slashes.
*/
- for (src=string, dest=string; *src; src++,dest++) {
- if (*src == '\\') {
- *dest = '/';
- }
- }
- dest--;
- /* if the last char is a / set it to 0 */
- if (*dest == '/')
- *dest = 0;
-
+ for (src = string, dest = string; *src; src++, dest++) {
+ if (*src == '\\') {
+ *dest = '/';
+ }
+ }
+ dest--;
+ /* if the last char is a / set it to 0 */
+ if (*dest == '/')
+ *dest = 0;
}
-CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
- PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs)
+CK_RV
+PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
+ PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs)
{
CK_RV crv = CKR_OK;
#ifndef NO_FORK_CHECK
@@ -5247,59 +5332,58 @@ CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
pid_t child, ret;
NUMTESTS++; /* increment NUMTESTS */
if (forkAssert) {
- putenv("NSS_STRICT_NOFORK=1");
+ putenv("NSS_STRICT_NOFORK=1");
} else {
- putenv("NSS_STRICT_NOFORK=0");
+ putenv("NSS_STRICT_NOFORK=0");
}
child = fork();
switch (child) {
- case -1:
- PKM_Error("Fork failed.\n");
- crv = CKR_DEVICE_ERROR;
- break;
- case 0:
- if (fList) {
- if (!initArgs) {
- /* If softoken is loaded, make a PKCS#11 call to C_GetTokenInfo
+ case -1:
+ PKM_Error("Fork failed.\n");
+ crv = CKR_DEVICE_ERROR;
+ break;
+ case 0:
+ if (fList) {
+ if (!initArgs) {
+ /* If softoken is loaded, make a PKCS#11 call to C_GetTokenInfo
* in the child. This call should always fail.
* If softoken is uninitialized,
* it fails with CKR_CRYPTOKI_NOT_INITIALIZED.
* If it was initialized in the parent, the fork check should
* kick in, and make it return CKR_DEVICE_ERROR.
*/
- CK_RV child_crv = fList->C_GetTokenInfo(0, NULL);
- exit(child_crv & 255);
- } else {
- /* If softoken is loaded, make a PKCS#11 call to C_Initialize
+ CK_RV child_crv = fList->C_GetTokenInfo(0, NULL);
+ exit(child_crv & 255);
+ } else {
+ /* If softoken is loaded, make a PKCS#11 call to C_Initialize
* in the child. This call should always fail.
* If softoken is uninitialized, this should succeed.
* If it was initialized in the parent, the fork check should
* kick in, and make it return CKR_DEVICE_ERROR.
*/
- CK_RV child_crv = fList->C_Initialize(initArgs);
- if (CKR_OK == child_crv) {
- child_crv = fList->C_Finalize(NULL);
+ CK_RV child_crv = fList->C_Initialize(initArgs);
+ if (CKR_OK == child_crv) {
+ child_crv = fList->C_Finalize(NULL);
+ }
+ exit(child_crv & 255);
}
- exit(child_crv & 255);
}
- }
- exit(expected & 255);
- default:
- PKM_LogIt("Fork succeeded.\n");
- ret = wait(&rc);
- if (ret != child || (!WIFEXITED(rc)) ||
- ( (expected & 255) != (WEXITSTATUS(rc) & 255)) ) {
- int retStatus = -1;
- if (WIFEXITED(rc)) {
- retStatus = WEXITSTATUS(rc);
+ exit(expected & 255);
+ default:
+ PKM_LogIt("Fork succeeded.\n");
+ ret = wait(&rc);
+ if (ret != child || (!WIFEXITED(rc)) ||
+ ((expected & 255) != (WEXITSTATUS(rc) & 255))) {
+ int retStatus = -1;
+ if (WIFEXITED(rc)) {
+ retStatus = WEXITSTATUS(rc);
+ }
+ PKM_Error("Child misbehaved.\n");
+ printf("Child return status : %d.\n", retStatus & 255);
+ crv = CKR_DEVICE_ERROR;
}
- PKM_Error("Child misbehaved.\n");
- printf("Child return status : %d.\n", retStatus & 255);
- crv = CKR_DEVICE_ERROR;
- }
- break;
+ break;
}
#endif
return crv;
}
-
diff --git a/cmd/pk11util/pk11util.c b/cmd/pk11util/pk11util.c
index 5640f10aa..78278d317 100644
--- a/cmd/pk11util/pk11util.c
+++ b/cmd/pk11util/pk11util.c
@@ -2,7 +2,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#include <stdio.h>
#include <string.h>
@@ -18,7 +17,6 @@
#include "secutil.h"
-
#include "nspr.h"
#include "prtypes.h"
#include "prtime.h"
@@ -70,52 +68,53 @@ isSize(char *var, int *isArray)
char *end;
int array = 0;
- if (PL_strncasecmp(var,"sizeof(",/*)*/ 7) == 0) {
- ptr = var + 7;
- } else if (PL_strncasecmp(var,"size(",/*)*/ 5) == 0) {
- ptr = var + 5;
- } else if (PL_strncasecmp(var,"sizeofarray(",/*)*/ 12) == 0) {
- ptr = var + 12;
- array = 1;
- } else if (PL_strncasecmp(var,"sizea(",/*)*/ 6) == 0) {
- ptr = var + 6;
- array = 1;
+ if (PL_strncasecmp(var, "sizeof(", /*)*/ 7) == 0) {
+ ptr = var + 7;
+ } else if (PL_strncasecmp(var, "size(", /*)*/ 5) == 0) {
+ ptr = var + 5;
+ } else if (PL_strncasecmp(var, "sizeofarray(", /*)*/ 12) == 0) {
+ ptr = var + 12;
+ array = 1;
+ } else if (PL_strncasecmp(var, "sizea(", /*)*/ 6) == 0) {
+ ptr = var + 6;
+ array = 1;
} else {
- return NULL;
+ return NULL;
}
- end = strchr(ptr,/*(*/ ')') ;
+ end = strchr(ptr, /*(*/ ')');
if (end == NULL) {
- return NULL;
+ return NULL;
}
- if (isArray) *isArray = array;
+ if (isArray)
+ *isArray = array;
*end = 0;
return ptr;
}
-
+
void
printConst(CK_ULONG value, ConstType type, int newLine)
{
int i;
- for (i=0; i < constCount; i++) {
- if (consts[i].type == type && consts[i].value == value) {
- printf("%s",consts[i].name);
- break;
- }
- if (type == ConstNone && consts[i].value == value) {
- printf("%s",consts[i].name);
- break;
- }
+ for (i = 0; i < constCount; i++) {
+ if (consts[i].type == type && consts[i].value == value) {
+ printf("%s", consts[i].name);
+ break;
+ }
+ if (type == ConstNone && consts[i].value == value) {
+ printf("%s", consts[i].name);
+ break;
+ }
}
if (i == constCount) {
- if ((type == ConstAvailableSizes) || (type == ConstCurrentSize)) {
- printf("%lu",value);
- } else {
- printf("Unknown %s (%lu:0x%lx)",constTypeString[type],value,value);
- }
+ if ((type == ConstAvailableSizes) || (type == ConstCurrentSize)) {
+ printf("%lu", value);
+ } else {
+ printf("Unknown %s (%lu:0x%lx)", constTypeString[type], value, value);
+ }
}
if (newLine) {
- printf("\n");
+ printf("\n");
}
}
@@ -124,10 +123,10 @@ getConstFromAttribute(CK_ATTRIBUTE_TYPE type)
{
int i;
- for (i=0; i < constCount; i++) {
- if (consts[i].type == ConstAttribute && consts[i].value == type) {
- return consts[i].attrType;
- }
+ for (i = 0; i < constCount; i++) {
+ if (consts[i].type == ConstAttribute && consts[i].value == type) {
+ return consts[i].attrType;
+ }
}
return ConstNone;
}
@@ -136,41 +135,42 @@ void
printChars(const char *name, CK_ULONG size)
{
CK_ULONG i;
- for (i=0; i < size; i++) {
- if (name[i] == 0) {
- break;
- }
- printf("%c",name[i]);
+ for (i = 0; i < size; i++) {
+ if (name[i] == 0) {
+ break;
+ }
+ printf("%c", name[i]);
}
printf("\n");
}
#define DUMP_LEN 16
-void printDump(const unsigned char *buf, int size)
+void
+printDump(const unsigned char *buf, int size)
{
- int i,j;
-
- for(i=0; i < size; i+= DUMP_LEN) {
- printf(" ");
- for (j=0; j< DUMP_LEN; j++) {
- if (i+j < size) {
- printf("%02x ",buf[i+j]);
- } else {
- printf(" ");
- }
- }
- for (j=0; j< DUMP_LEN; j++) {
- if (i+j < size) {
- if (buf[i+j] < ' ' || buf[i+j] >= 0x7f) {
- printf(".");
- } else {
- printf("%c",buf[i+j]);
- }
- } else {
- printf(" ");
- }
- }
- printf("\n");
+ int i, j;
+
+ for (i = 0; i < size; i += DUMP_LEN) {
+ printf(" ");
+ for (j = 0; j < DUMP_LEN; j++) {
+ if (i + j < size) {
+ printf("%02x ", buf[i + j]);
+ } else {
+ printf(" ");
+ }
+ }
+ for (j = 0; j < DUMP_LEN; j++) {
+ if (i + j < size) {
+ if (buf[i + j] < ' ' || buf[i + j] >= 0x7f) {
+ printf(".");
+ } else {
+ printf("%c", buf[i + j]);
+ }
+ } else {
+ printf(" ");
+ }
+ }
+ printf("\n");
}
}
@@ -181,21 +181,21 @@ void
argFreeData(Value *arg)
{
if (arg->data && ((arg->type & ArgStatic) == 0)) {
- if ((arg->type & ArgMask) == ArgAttribute) {
- int i;
- CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)arg->data;
-
- for (i=0; i < arg->arraySize; i++) {
- free(template[i].pValue);
- }
- }
- if ((arg->type & ArgMask) == ArgInitializeArgs) {
- CK_C_INITIALIZE_ARGS *init = (CK_C_INITIALIZE_ARGS *)arg->data;
+ if ((arg->type & ArgMask) == ArgAttribute) {
+ int i;
+ CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)arg->data;
+
+ for (i = 0; i < arg->arraySize; i++) {
+ free(template[i].pValue);
+ }
+ }
+ if ((arg->type & ArgMask) == ArgInitializeArgs) {
+ CK_C_INITIALIZE_ARGS *init = (CK_C_INITIALIZE_ARGS *)arg->data;
if (init->LibraryParameters) {
- free(init->LibraryParameters);
- }
- }
- free(arg->data);
+ free(init->LibraryParameters);
+ }
+ }
+ free(arg->data);
}
arg->type &= ~ArgStatic;
arg->data = NULL;
@@ -204,15 +204,16 @@ argFreeData(Value *arg)
void
argFree(Value *arg)
{
- if (arg == NULL) return;
+ if (arg == NULL)
+ return;
arg->reference--;
if (arg->reference == 0) {
- if (arg->type & ArgFile) {
- free(arg->filename);
- }
- argFreeData(arg);
- free (arg);
+ if (arg->type & ArgFile) {
+ free(arg->filename);
+ }
+ argFreeData(arg);
+ free(arg);
}
}
@@ -223,8 +224,8 @@ void
parseFree(Value **ap)
{
int i;
- for (i=0 ; i < MAX_ARGS; i++) {
- argFree(ap[i]);
+ for (i = 0; i < MAX_ARGS; i++) {
+ argFree(ap[i]);
}
}
@@ -237,21 +238,22 @@ getEnd(const char *bp)
int count = 0;
while (*bp) {
- if (*bp == ' ' || *bp == '\t' || *bp == '\n') return count;
- count++;
- bp++;
+ if (*bp == ' ' || *bp == '\t' || *bp == '\n')
+ return count;
+ count++;
+ bp++;
}
return (count);
}
-
/*
* strip: return the first none white space character
*/
const char *
strip(const char *bp)
{
- while (*bp && (*bp == ' ' || *bp == '\t' || *bp == '\n')) bp++;
+ while (*bp && (*bp == ' ' || *bp == '\t' || *bp == '\n'))
+ bp++;
return bp;
}
@@ -259,45 +261,47 @@ strip(const char *bp)
* read in the next argument into dp ... don't overflow
*/
const char *
-readChars(const char *bp, char *dp, int max )
+readChars(const char *bp, char *dp, int max)
{
int count = 1;
while (*bp) {
- if (*bp == ' ' || *bp == '\t' || *bp == '\n' ) {
- *dp = 0;
- return bp;
- }
- *dp++ = *bp++;
- if (++count == max) break;
- }
- while (*bp && (*bp != ' ' && *bp != '\t' && *bp != '\n')) bp++;
+ if (*bp == ' ' || *bp == '\t' || *bp == '\n') {
+ *dp = 0;
+ return bp;
+ }
+ *dp++ = *bp++;
+ if (++count == max)
+ break;
+ }
+ while (*bp && (*bp != ' ' && *bp != '\t' && *bp != '\n'))
+ bp++;
*dp = 0;
return (bp);
}
-Value * varLookup(const char *bp, char *vname, int max, int *error);
+Value *varLookup(const char *bp, char *vname, int max, int *error);
CK_ULONG
getValue(const char *v, int *error)
{
- Value * varVal = NULL;
+ Value *varVal = NULL;
CK_ULONG retVal = 0;
ConstType type;
char tvar[512];
*error = 0;
- varVal = varLookup( v, tvar, sizeof(tvar), error);
+ varVal = varLookup(v, tvar, sizeof(tvar), error);
if (varVal) {
- if ((varVal->type & ArgMask) == ArgULong) {
- retVal = *(CK_ULONG *)varVal->data;
- } else {
- fprintf(stderr,"%s: is not a ulong\n", v);
- *error = 1;
- }
- argFree(varVal);
- return retVal;
+ if ((varVal->type & ArgMask) == ArgULong) {
+ retVal = *(CK_ULONG *)varVal->data;
+ } else {
+ fprintf(stderr, "%s: is not a ulong\n", v);
+ *error = 1;
+ }
+ argFree(varVal);
+ return retVal;
}
constLookup(v, &retVal, &type);
return retVal;
@@ -309,18 +313,19 @@ NewValue(ArgType type, CK_ULONG arraySize)
Value *value;
value = (Value *)malloc(sizeof(Value));
- if (!value) return NULL;
- value->size = ArgSize(type)*arraySize;
+ if (!value)
+ return NULL;
+ value->size = ArgSize(type) * arraySize;
value->type = type;
value->filename = NULL;
value->constType = ConstNone;
value->data = (void *)malloc(value->size);
if (!value->data) {
- free(value);
- return NULL;
+ free(value);
+ return NULL;
}
value->reference = 1;
- value->arraySize = (type == ArgChar) ? 1: arraySize;
+ value->arraySize = (type == ArgChar) ? 1 : arraySize;
memset(value->data, 0, value->size);
return value;
@@ -334,24 +339,24 @@ handleArray(char *vname, int *error)
char *bracket;
CK_ULONG index = INVALID_INDEX;
- if ((bracket = strchr(vname,'[')) != 0) {
- char *tmpv = bracket+1;
- *bracket = 0;
- bracket = strchr(tmpv,']');
-
- if (bracket == 0) {
- fprintf(stderr,"%s: missing closing brace\n", vname);
- return INVALID_INDEX;
- }
- *bracket = 0;
-
- index = getValue(tmpv, error);
- if (*error == 1) {
- return INVALID_INDEX;
- } else if (index == INVALID_INDEX) {
- fprintf(stderr, "%s: 0x%lx is an invalid index\n",vname,index);
- *error = 1;
- }
+ if ((bracket = strchr(vname, '[')) != 0) {
+ char *tmpv = bracket + 1;
+ *bracket = 0;
+ bracket = strchr(tmpv, ']');
+
+ if (bracket == 0) {
+ fprintf(stderr, "%s: missing closing brace\n", vname);
+ return INVALID_INDEX;
+ }
+ *bracket = 0;
+
+ index = getValue(tmpv, error);
+ if (*error == 1) {
+ return INVALID_INDEX;
+ } else if (index == INVALID_INDEX) {
+ fprintf(stderr, "%s: 0x%lx is an invalid index\n", vname, index);
+ *error = 1;
+ }
}
return index;
}
@@ -359,17 +364,17 @@ handleArray(char *vname, int *error)
void *
makeArrayTarget(const char *vname, const Value *value, CK_ULONG index)
{
- char * target;
+ char *target;
CK_ULONG elementSize;
if (index >= (CK_ULONG)value->arraySize) {
- fprintf(stderr, "%s[%lu]: index larger than array size (%d)\n",
- vname, index, value->arraySize);
- return NULL;
+ fprintf(stderr, "%s[%lu]: index larger than array size (%d)\n",
+ vname, index, value->arraySize);
+ return NULL;
}
target = (char *)value->data;
- elementSize = value->size/value->arraySize;
+ elementSize = value->size / value->arraySize;
target += index * elementSize;
return target;
}
@@ -388,86 +393,86 @@ varLookup(const char *bp, char *vname, int max, int *error)
*error = 0;
if (bp != NULL) {
- readChars(bp, vname, max);
- }
+ readChars(bp, vname, max);
+ }
/* don't make numbers into variables */
if (isNum(vname[0])) {
- return NULL;
+ return NULL;
}
/* nor consts */
if (isConst(vname)) {
- return NULL;
+ return NULL;
}
/* handle sizeof() */
if ((ptr = isSize(vname, &isArray)) != NULL) {
- CK_ULONG size;
- Value *targetValue = NULL;
- Value *sourceValue = varLookup(NULL, ptr, 0, error);
- if (!sourceValue) {
- if (*error == 0) {
- /* just didn't find it */
- *error = 1;
- fprintf(stderr,"Couldn't find variable %s to take size of\n",
- ptr);
- return NULL;
- }
- }
- size = isArray ? sourceValue->arraySize : sourceValue->size;
- targetValue = NewValue(ArgULong,1);
- memcpy(targetValue->data, &size, sizeof(size));
-
- return targetValue;
+ CK_ULONG size;
+ Value *targetValue = NULL;
+ Value *sourceValue = varLookup(NULL, ptr, 0, error);
+ if (!sourceValue) {
+ if (*error == 0) {
+ /* just didn't find it */
+ *error = 1;
+ fprintf(stderr, "Couldn't find variable %s to take size of\n",
+ ptr);
+ return NULL;
+ }
+ }
+ size = isArray ? sourceValue->arraySize : sourceValue->size;
+ targetValue = NewValue(ArgULong, 1);
+ memcpy(targetValue->data, &size, sizeof(size));
+
+ return targetValue;
}
/* modifies vname */
index = handleArray(vname, error);
if (*error == 1) {
- return NULL;
+ return NULL;
}
for (current = varHead; current; current = current->next) {
- if (PL_strcasecmp(current->vname, vname) == 0) {
- char *target;
- if (index == INVALID_INDEX) {
- (current->value->reference)++;
- return current->value;
- }
- target = makeArrayTarget(vname, current->value, index);
- if (target) {
- Value *element = NewValue(current->value->type, 1);
- if (!element) {
- fprintf(stderr, "MEMORY ERROR!\n");
- *error = 1;
- }
- argFreeData(element);
- element->data = target;
- element->type |= ArgStatic;
- return element;
- }
- *error = 1;
- return NULL;
- }
+ if (PL_strcasecmp(current->vname, vname) == 0) {
+ char *target;
+ if (index == INVALID_INDEX) {
+ (current->value->reference)++;
+ return current->value;
+ }
+ target = makeArrayTarget(vname, current->value, index);
+ if (target) {
+ Value *element = NewValue(current->value->type, 1);
+ if (!element) {
+ fprintf(stderr, "MEMORY ERROR!\n");
+ *error = 1;
+ }
+ argFreeData(element);
+ element->data = target;
+ element->type |= ArgStatic;
+ return element;
+ }
+ *error = 1;
+ return NULL;
+ }
}
return NULL;
}
-static CK_RV
+static CK_RV
list(void)
{
Variable *current;
if (varHead) {
- printf(" %10s\t%16s\t%8s\tSize\tElements\n","Name","Type","Const");
+ printf(" %10s\t%16s\t%8s\tSize\tElements\n", "Name", "Type", "Const");
} else {
- printf(" no variables set\n");
+ printf(" no variables set\n");
}
for (current = varHead; current; current = current->next) {
- printf(" %10s\t%16s\t%8s\t%d\t%d\n", current->vname,
- valueString[current->value->type&ArgMask],
- constTypeString[current->value->constType],
- current->value->size, current->value->arraySize);
+ printf(" %10s\t%16s\t%8s\t%d\t%d\n", current->vname,
+ valueString[current->value->type & ArgMask],
+ constTypeString[current->value->constType],
+ current->value->size, current->value->arraySize);
}
return CKR_OK;
}
@@ -478,16 +483,16 @@ printFlags(const char *s, CK_ULONG flags, ConstType type)
CK_ULONG i;
int needComma = 0;
- printf("%s",s);
- for (i=1; i ; i=i << 1) {
- if (flags & i) {
- printf("%s",needComma?",":"");
- printConst(i, type, 0);
- needComma=1;
- }
+ printf("%s", s);
+ for (i = 1; i; i = i << 1) {
+ if (flags & i) {
+ printf("%s", needComma ? "," : "");
+ printConst(i, type, 0);
+ needComma = 1;
+ }
}
if (!needComma) {
- printf("Empty");
+ printf("Empty");
}
printf("\n");
return CKR_OK;
@@ -505,62 +510,60 @@ AddVariable(const char *bp, Value **ptr)
int size;
int error = 0;
- bp = readChars(bp,vname,sizeof(vname));
+ bp = readChars(bp, vname, sizeof(vname));
/* don't make numbers into variables */
if (isNum(vname[0])) {
- return bp;
+ return bp;
}
/* or consts */
if (isConst(vname)) {
- return bp;
+ return bp;
}
/* or NULLs */
if (vname[0] == 0) {
- return bp;
+ return bp;
}
/* or sizeof */
if (isSize(vname, NULL)) {
- return bp;
+ return bp;
}
/* arrays values should be written back to the original */
index = handleArray(vname, &error);
if (error == 1) {
- return bp;
+ return bp;
}
-
for (current = varHead; current; current = current->next) {
- if (PL_strcasecmp(current->vname,vname) == 0) {
- char *target;
- /* found a complete object, return the found one */
- if (index == INVALID_INDEX) {
- argFree(*ptr);
- *ptr = current->value;
- return bp;
- }
- /* found an array, update the array element */
- target = makeArrayTarget(vname, current->value, index);
- if (target) {
- memcpy(target, (*ptr)->data, (*ptr)->size);
- argFreeData(*ptr);
- (*ptr)->data = target;
- (*ptr)->type |= ArgStatic;
- }
- return bp;
- }
+ if (PL_strcasecmp(current->vname, vname) == 0) {
+ char *target;
+ /* found a complete object, return the found one */
+ if (index == INVALID_INDEX) {
+ argFree(*ptr);
+ *ptr = current->value;
+ return bp;
+ }
+ /* found an array, update the array element */
+ target = makeArrayTarget(vname, current->value, index);
+ if (target) {
+ memcpy(target, (*ptr)->data, (*ptr)->size);
+ argFreeData(*ptr);
+ (*ptr)->data = target;
+ (*ptr)->type |= ArgStatic;
+ }
+ return bp;
+ }
}
/* we are looking for an array and didn't find one */
if (index != INVALID_INDEX) {
- return bp;
+ return bp;
}
-
current = (Variable *)malloc(sizeof(Variable));
size = strlen(vname);
- current->vname = (char *)malloc(size+1);
- strcpy(current->vname,vname);
+ current->vname = (char *)malloc(size + 1);
+ strcpy(current->vname, vname);
current->value = *ptr;
(*ptr)->reference++;
@@ -574,20 +577,20 @@ FindTypeByName(const char *typeName)
{
int i;
- for (i=0; i < valueCount; i++) {
- if (PL_strcasecmp(typeName,valueString[i]) == 0) {
- return (ArgType) i;
- }
- if (valueString[i][0] == 'C' && valueString[i][1] == 'K' &&
- valueString[i][2] == '_' &&
- (PL_strcasecmp(typeName,&valueString[i][3]) == 0)) {
- return (ArgType) i;
- }
+ for (i = 0; i < valueCount; i++) {
+ if (PL_strcasecmp(typeName, valueString[i]) == 0) {
+ return (ArgType)i;
+ }
+ if (valueString[i][0] == 'C' && valueString[i][1] == 'K' &&
+ valueString[i][2] == '_' &&
+ (PL_strcasecmp(typeName, &valueString[i][3]) == 0)) {
+ return (ArgType)i;
+ }
}
return ArgNone;
}
-CK_RV
+CK_RV
ArrayVariable(const char *bp, const char *typeName, CK_ULONG count)
{
ArgType type;
@@ -595,17 +598,17 @@ ArrayVariable(const char *bp, const char *typeName, CK_ULONG count)
type = FindTypeByName(typeName);
if (type == ArgNone) {
- fprintf(stderr,"Invalid type (%s)\n", typeName);
- return CKR_FUNCTION_FAILED;
+ fprintf(stderr, "Invalid type (%s)\n", typeName);
+ return CKR_FUNCTION_FAILED;
}
value = NewValue(type, count);
- (void) AddVariable(bp, &value);
+ (void)AddVariable(bp, &value);
return CKR_OK;
}
#define MAX_TEMPLATE 25
-CK_RV
+CK_RV
ArrayTemplate(const char *bp, char *attributes)
{
char aname[512];
@@ -615,31 +618,31 @@ ArrayTemplate(const char *bp, char *attributes)
char *ap;
int i, count = 0;
- memcpy(aname,attributes,strlen(attributes)+1);
+ memcpy(aname, attributes, strlen(attributes) + 1);
for (ap = aname, count = 0; ap && *ap && count < MAX_TEMPLATE; count++) {
- char *cur = ap;
- ConstType type;
+ char *cur = ap;
+ ConstType type;
- ap = strchr(ap,',');
- if (ap) {
- *ap++ = 0;
- }
+ ap = strchr(ap, ',');
+ if (ap) {
+ *ap++ = 0;
+ }
- (void)constLookup(cur, &attributeTypes[count], &type);
- if ((type != ConstAttribute) && (type != ConstNone)) {
- fprintf(stderr, "Unknown Attribute %s\n", cur);
- return CKR_FUNCTION_FAILED;
- }
+ (void)constLookup(cur, &attributeTypes[count], &type);
+ if ((type != ConstAttribute) && (type != ConstNone)) {
+ fprintf(stderr, "Unknown Attribute %s\n", cur);
+ return CKR_FUNCTION_FAILED;
+ }
}
value = NewValue(ArgAttribute, count);
template = (CK_ATTRIBUTE *)value->data;
- for (i=0; i < count ; i++) {
- template[i].type = attributeTypes[i];
+ for (i = 0; i < count; i++) {
+ template[i].type = attributeTypes[i];
}
- (void) AddVariable(bp, &value);
+ (void)AddVariable(bp, &value);
return CKR_OK;
}
@@ -649,11 +652,12 @@ BuildTemplate(Value *vp)
CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)vp->data;
int i;
- for (i=0; i < vp->arraySize; i++) {
- if (((signed long)template[i].ulValueLen) > 0) {
- if (template[i].pValue) free(template[i].pValue);
- template[i].pValue = malloc(template[i].ulValueLen);
- }
+ for (i = 0; i < vp->arraySize; i++) {
+ if (((signed long)template[i].ulValueLen) > 0) {
+ if (template[i].pValue)
+ free(template[i].pValue);
+ template[i].pValue = malloc(template[i].ulValueLen);
+ }
}
return CKR_OK;
}
@@ -666,33 +670,32 @@ SetTemplate(Value *vp, CK_ULONG index, CK_ULONG value)
CK_ULONG len;
ConstType attrType;
- if (index >= (CK_ULONG) vp->arraySize) {
- fprintf(stderr,"index (%lu) greater than array (%d)\n",
- index, vp->arraySize);
- return CKR_ARGUMENTS_BAD;
+ if (index >= (CK_ULONG)vp->arraySize) {
+ fprintf(stderr, "index (%lu) greater than array (%d)\n",
+ index, vp->arraySize);
+ return CKR_ARGUMENTS_BAD;
}
- attrType = getConstFromAttribute(template[index].type);
+ attrType = getConstFromAttribute(template[index].type);
if (attrType == ConstNone) {
- fprintf(stderr,"can't set index (%lu) because ", index);
- printConst(template[index].type,ConstAttribute, 0);
- fprintf(stderr, " is not a CK_BBOOL or CK_ULONG\n");
- return CKR_ARGUMENTS_BAD;
+ fprintf(stderr, "can't set index (%lu) because ", index);
+ printConst(template[index].type, ConstAttribute, 0);
+ fprintf(stderr, " is not a CK_BBOOL or CK_ULONG\n");
+ return CKR_ARGUMENTS_BAD;
}
isbool = (attrType == ConstBool);
- len = isbool ? sizeof (CK_BBOOL) : sizeof(CK_ULONG);
+ len = isbool ? sizeof(CK_BBOOL) : sizeof(CK_ULONG);
if ((template[index].ulValueLen != len) || (template[index].pValue)) {
- free(template[index].pValue);
- template[index].pValue = malloc(len);
- template[index].ulValueLen = len;
+ free(template[index].pValue);
+ template[index].pValue = malloc(len);
+ template[index].ulValueLen = len;
}
if (isbool) {
- *(CK_BBOOL *)template[index].pValue = (CK_BBOOL) value;
+ *(CK_BBOOL *)template[index].pValue = (CK_BBOOL)value;
} else {
- *(CK_ULONG *)template[index].pValue = (CK_ULONG) value;
+ *(CK_ULONG *)template[index].pValue = (CK_ULONG)value;
}
return CKR_OK;
-
}
CK_RV
@@ -706,7 +709,7 @@ NewMechanism(const char *bp, CK_ULONG mechType)
mechanism->mechanism = mechType;
mechanism->pParameter = NULL;
mechanism->ulParameterLen = 0;
- (void) AddVariable(bp, &value);
+ (void)AddVariable(bp, &value);
return CKR_OK;
}
@@ -722,7 +725,7 @@ NewInitializeArgs(const char *bp, CK_ULONG flags, const char *param)
if (strcmp(param, "null") != 0) {
init->LibraryParameters = (CK_CHAR_PTR *)strdup(param);
}
- (void) AddVariable(bp, &value);
+ (void)AddVariable(bp, &value);
return CKR_OK;
}
@@ -735,59 +738,58 @@ DeleteVariable(const char *bp)
char vname[512];
Variable **current;
- bp = readChars(bp,vname,sizeof(vname));
+ bp = readChars(bp, vname, sizeof(vname));
for (current = &varHead; *current; current = &(*current)->next) {
- if (PL_strcasecmp((*current)->vname,vname) == 0) {
- argFree((*current)->value);
- *current = (*current)->next;
- break;
- }
+ if (PL_strcasecmp((*current)->vname, vname) == 0) {
+ argFree((*current)->value);
+ *current = (*current)->next;
+ break;
+ }
}
return CKR_OK;
}
/*
* convert an octal value to integer
- */
+ */
CK_ULONG
otoi(const char *o)
{
CK_ULONG value = 0;
while (*o) {
- if ((*o >= '0') && (*o <= '7')) {
- value = (value << 3) | (unsigned)(*o - '0');
- } else {
- break;
- }
+ if ((*o >= '0') && (*o <= '7')) {
+ value = (value << 3) | (unsigned)(*o - '0');
+ } else {
+ break;
+ }
}
return value;
}
/*
* convert a hex value to integer
- */
+ */
CK_ULONG
htoi(const char *x)
{
CK_ULONG value = 0;
while (*x) {
- if ((*x >= '0') && (*x <= '9')) {
- value = (value << 4) | (unsigned)(*x - '0');
- } else if ((*x >= 'a') && (*x <= 'f')) {
- value = (value << 4) | (unsigned)(*x - 'a');
- } else if ((*x >= 'A') && (*x <= 'F')) {
- value = (value << 4) | (unsigned)(*x - 'A');
- } else {
- break;
- }
+ if ((*x >= '0') && (*x <= '9')) {
+ value = (value << 4) | (unsigned)(*x - '0');
+ } else if ((*x >= 'a') && (*x <= 'f')) {
+ value = (value << 4) | (unsigned)(*x - 'a');
+ } else if ((*x >= 'A') && (*x <= 'F')) {
+ value = (value << 4) | (unsigned)(*x - 'A');
+ } else {
+ break;
+ }
}
return value;
}
-
/*
* look up or decode a constant value
*/
@@ -797,24 +799,24 @@ constLookup(const char *bp, CK_ULONG *value, ConstType *type)
char vname[512];
int i;
- bp = readChars(bp,vname,sizeof(vname));
+ bp = readChars(bp, vname, sizeof(vname));
- for (i=0; i < constCount; i++) {
- if ((PL_strcasecmp(consts[i].name,vname) == 0) ||
- PL_strcasecmp(consts[i].name+5,vname) == 0) {
- *value = consts[i].value;
- *type = consts[i].type;
- return bp;
- }
+ for (i = 0; i < constCount; i++) {
+ if ((PL_strcasecmp(consts[i].name, vname) == 0) ||
+ PL_strcasecmp(consts[i].name + 5, vname) == 0) {
+ *value = consts[i].value;
+ *type = consts[i].type;
+ return bp;
+ }
}
*type = ConstNone;
if (vname[0] == '0' && vname[1] == 'X') {
- *value = htoi(&vname[2]);
+ *value = htoi(&vname[2]);
} else if (vname[0] == '0') {
- *value = otoi(&vname[1]);
+ *value = otoi(&vname[1]);
} else {
- *value = atoi(vname);
+ *value = atoi(vname);
}
return bp;
}
@@ -822,103 +824,103 @@ constLookup(const char *bp, CK_ULONG *value, ConstType *type)
int
ArgSize(ArgType type)
{
- int size=0;
- type &= ArgMask;
-
- switch (type) {
- case ArgNone:
- size = 0;
- break;
- case ArgULong:
- size = sizeof(CK_ULONG);
- break;
- case ArgVar:
- size = 1; /* get's changed later */
- break;
- case ArgChar:
- case ArgUTF8:
- size = 1;
- break;
- case ArgInfo:
- size = sizeof(CK_INFO);
- break;
- case ArgSlotInfo:
- size = sizeof(CK_SLOT_INFO);
- break;
- case ArgTokenInfo:
- size = sizeof(CK_TOKEN_INFO);
- break;
- case ArgSessionInfo:
- size = sizeof(CK_SESSION_INFO);
- break;
- case ArgAttribute:
- size = sizeof(CK_ATTRIBUTE);
- break;
- case ArgMechanism:
- size = sizeof(CK_MECHANISM);
- break;
- case ArgMechanismInfo:
- size = sizeof(CK_MECHANISM_INFO);
- break;
- case ArgInitializeArgs:
- size = sizeof(CK_C_INITIALIZE_ARGS);
- break;
- case ArgFunctionList:
- size = sizeof(CK_FUNCTION_LIST);
- break;
- default:
- break;
- }
-
- return (size);
+ int size = 0;
+ type &= ArgMask;
+
+ switch (type) {
+ case ArgNone:
+ size = 0;
+ break;
+ case ArgULong:
+ size = sizeof(CK_ULONG);
+ break;
+ case ArgVar:
+ size = 1; /* get's changed later */
+ break;
+ case ArgChar:
+ case ArgUTF8:
+ size = 1;
+ break;
+ case ArgInfo:
+ size = sizeof(CK_INFO);
+ break;
+ case ArgSlotInfo:
+ size = sizeof(CK_SLOT_INFO);
+ break;
+ case ArgTokenInfo:
+ size = sizeof(CK_TOKEN_INFO);
+ break;
+ case ArgSessionInfo:
+ size = sizeof(CK_SESSION_INFO);
+ break;
+ case ArgAttribute:
+ size = sizeof(CK_ATTRIBUTE);
+ break;
+ case ArgMechanism:
+ size = sizeof(CK_MECHANISM);
+ break;
+ case ArgMechanismInfo:
+ size = sizeof(CK_MECHANISM_INFO);
+ break;
+ case ArgInitializeArgs:
+ size = sizeof(CK_C_INITIALIZE_ARGS);
+ break;
+ case ArgFunctionList:
+ size = sizeof(CK_FUNCTION_LIST);
+ break;
+ default:
+ break;
+ }
+
+ return (size);
}
CK_RV
-restore(const char *filename,Value *ptr)
+restore(const char *filename, Value *ptr)
{
- int fd,size;
+ int fd, size;
- fd = open(filename,O_RDONLY|O_BINARY);
+ fd = open(filename, O_RDONLY | O_BINARY);
if (fd < 0) {
- perror(filename);
- return CKR_FUNCTION_FAILED;
+ perror(filename);
+ return CKR_FUNCTION_FAILED;
}
- size = read(fd,ptr->data,ptr->size);
+ size = read(fd, ptr->data, ptr->size);
if (systemFlags & FLAG_VerifyFile) {
- printDump(ptr->data,ptr->size);
+ printDump(ptr->data, ptr->size);
}
if (size < 0) {
- perror(filename);
- return CKR_FUNCTION_FAILED;
+ perror(filename);
+ return CKR_FUNCTION_FAILED;
} else if (size != ptr->size) {
- fprintf(stderr,"%s: only read %d bytes, needed to read %d bytes\n",
- filename,size,ptr->size);
- return CKR_FUNCTION_FAILED;
+ fprintf(stderr, "%s: only read %d bytes, needed to read %d bytes\n",
+ filename, size, ptr->size);
+ return CKR_FUNCTION_FAILED;
}
close(fd);
return CKR_OK;
}
CK_RV
-save(const char *filename,Value *ptr)
+save(const char *filename, Value *ptr)
{
- int fd,size;
+ int fd, size;
- fd = open(filename,O_WRONLY|O_BINARY|O_CREAT,0666);
+ fd = open(filename, O_WRONLY | O_BINARY | O_CREAT, 0666);
if (fd < 0) {
- perror(filename);
- return CKR_FUNCTION_FAILED;
+ perror(filename);
+ return CKR_FUNCTION_FAILED;
}
- size = write(fd,ptr->data,ptr->size);
+ size = write(fd, ptr->data, ptr->size);
if (size < 0) {
- perror(filename);
- return CKR_FUNCTION_FAILED;
+ perror(filename);
+ return CKR_FUNCTION_FAILED;
} else if (size != ptr->size) {
- fprintf(stderr,"%s: only wrote %d bytes, need to write %d bytes\n",
- filename,size,ptr->size);
- return CKR_FUNCTION_FAILED;
+ fprintf(stderr, "%s: only wrote %d bytes, need to write %d bytes\n",
+ filename, size, ptr->size);
+ return CKR_FUNCTION_FAILED;
}
close(fd);
return CKR_OK;
@@ -928,7 +930,7 @@ static CK_RV
increment(Value *ptr, CK_ULONG value)
{
if ((ptr->type & ArgMask) != ArgULong) {
- return CKR_ARGUMENTS_BAD;
+ return CKR_ARGUMENTS_BAD;
}
*(CK_ULONG *)ptr->data += value;
return CKR_OK;
@@ -938,407 +940,414 @@ static CK_RV
decrement(Value *ptr, CK_ULONG value)
{
if ((ptr->type & ArgMask) != ArgULong) {
- return CKR_ARGUMENTS_BAD;
+ return CKR_ARGUMENTS_BAD;
}
*(CK_ULONG *)ptr->data -= value;
return CKR_OK;
}
CK_RV
-printArg(Value *ptr,int arg_number)
+printArg(Value *ptr, int arg_number)
{
ArgType type = ptr->type & ArgMask;
CK_INFO *info;
- CK_SLOT_INFO *slotInfo;
- CK_TOKEN_INFO *tokenInfo;
+ CK_SLOT_INFO *slotInfo;
+ CK_TOKEN_INFO *tokenInfo;
CK_SESSION_INFO *sessionInfo;
- CK_ATTRIBUTE *attribute;
- CK_MECHANISM *mechanism;
- CK_MECHANISM_INFO *mechanismInfo;
+ CK_ATTRIBUTE *attribute;
+ CK_MECHANISM *mechanism;
+ CK_MECHANISM_INFO *mechanismInfo;
CK_C_INITIALIZE_ARGS *initArgs;
CK_FUNCTION_LIST *functionList;
CK_RV ckrv = CKR_OK;
ConstType constType;
if (arg_number) {
- printf("Arg %d: \n",arg_number);
+ printf("Arg %d: \n", arg_number);
}
if (ptr->arraySize > 1) {
- Value element;
- int i;
- int elementSize = ptr->size/ptr->arraySize;
- char *dp = (char *)ptr->data;
-
- /* build a temporary Value to hold a single element */
- element.type = type;
- element.constType = ptr->constType;
- element.size = elementSize;
- element.filename = ptr->filename;
- element.reference = 1;
- element.arraySize = 1;
- for (i=0; i < ptr->arraySize; i++) {
- printf(" -----[ %d ] -----\n", i);
- element.data = (void *) &dp[i*elementSize];
- (void) printArg(&element, 0);
- }
- return ckrv;
+ Value element;
+ int i;
+ int elementSize = ptr->size / ptr->arraySize;
+ char *dp = (char *)ptr->data;
+
+ /* build a temporary Value to hold a single element */
+ element.type = type;
+ element.constType = ptr->constType;
+ element.size = elementSize;
+ element.filename = ptr->filename;
+ element.reference = 1;
+ element.arraySize = 1;
+ for (i = 0; i < ptr->arraySize; i++) {
+ printf(" -----[ %d ] -----\n", i);
+ element.data = (void *)&dp[i * elementSize];
+ (void)printArg(&element, 0);
+ }
+ return ckrv;
}
if (ptr->data == NULL) {
- printf(" NULL ptr to a %s\n", valueString[type]);
- return ckrv;
+ printf(" NULL ptr to a %s\n", valueString[type]);
+ return ckrv;
}
switch (type) {
- case ArgNone:
- printf(" None\n");
- break;
- case ArgULong:
- printf(" %lu (0x%lx)\n", *((CK_ULONG *)ptr->data),
- *((CK_ULONG *)ptr->data));
- if (ptr->constType != ConstNone) {
- printf(" ");
- printConst(*(CK_ULONG *)ptr->data,ptr->constType,1);
- }
- break;
- case ArgVar:
- printf(" %s\n",(char *)ptr->data);
- break;
- case ArgUTF8:
- printf(" %s\n",(char *)ptr->data);
- break;
- case ArgChar:
- printDump(ptr->data,ptr->size);
- break;
- case ArgInfo:
+ case ArgNone:
+ printf(" None\n");
+ break;
+ case ArgULong:
+ printf(" %lu (0x%lx)\n", *((CK_ULONG *)ptr->data),
+ *((CK_ULONG *)ptr->data));
+ if (ptr->constType != ConstNone) {
+ printf(" ");
+ printConst(*(CK_ULONG *)ptr->data, ptr->constType, 1);
+ }
+ break;
+ case ArgVar:
+ printf(" %s\n", (char *)ptr->data);
+ break;
+ case ArgUTF8:
+ printf(" %s\n", (char *)ptr->data);
+ break;
+ case ArgChar:
+ printDump(ptr->data, ptr->size);
+ break;
+ case ArgInfo:
#define VERSION(x) (x).major, (x).minor
- info = (CK_INFO *)ptr->data;
- printf(" Cryptoki Version: %d.%02d\n",
- VERSION(info->cryptokiVersion));
- printf(" Manufacturer ID: ");
- printChars((char *)info->manufacturerID,
- sizeof(info->manufacturerID));
- printFlags(" Flags: ", info->flags, ConstInfoFlags);
- printf(" Library Description: ");
- printChars((char *)info->libraryDescription,
- sizeof(info->libraryDescription));
- printf(" Library Version: %d.%02d\n",
- VERSION(info->libraryVersion));
- break;
- case ArgSlotInfo:
- slotInfo = (CK_SLOT_INFO *)ptr->data;
- printf(" Slot Description: ");
- printChars((char *)slotInfo->slotDescription,
- sizeof(slotInfo->slotDescription));
- printf(" Manufacturer ID: ");
- printChars((char *)slotInfo->manufacturerID,
- sizeof(slotInfo->manufacturerID));
- printFlags(" Flags: ", slotInfo->flags, ConstSlotFlags);
- printf(" Hardware Version: %d.%02d\n",
- VERSION(slotInfo->hardwareVersion));
- printf(" Firmware Version: %d.%02d\n",
- VERSION(slotInfo->firmwareVersion));
- break;
- case ArgTokenInfo:
- tokenInfo = (CK_TOKEN_INFO *)ptr->data;
- printf(" Label: ");
- printChars((char *) tokenInfo->label,sizeof(tokenInfo->label));
- printf(" Manufacturer ID: ");
- printChars((char *)tokenInfo->manufacturerID,
- sizeof(tokenInfo->manufacturerID));
- printf(" Model: ");
- printChars((char *)tokenInfo->model,sizeof(tokenInfo->model));
- printf(" Serial Number: ");
- printChars((char *)tokenInfo->serialNumber,
- sizeof(tokenInfo->serialNumber));
- printFlags(" Flags: ", tokenInfo->flags, ConstTokenFlags);
- printf(" Max Session Count: ");
- printConst(tokenInfo->ulMaxSessionCount, ConstAvailableSizes, 1);
- printf(" Session Count: ");
- printConst(tokenInfo->ulSessionCount, ConstCurrentSize, 1);
- printf(" RW Session Count: ");
- printConst(tokenInfo->ulMaxRwSessionCount, ConstAvailableSizes, 1);
- printf(" Max Pin Length : ");
- printConst(tokenInfo->ulMaxPinLen, ConstCurrentSize, 1);
- printf(" Min Pin Length : ");
- printConst(tokenInfo->ulMinPinLen, ConstCurrentSize, 1);
- printf(" Total Public Memory: ");
- printConst(tokenInfo->ulTotalPublicMemory, ConstAvailableSizes, 1);
- printf(" Free Public Memory: ");
- printConst(tokenInfo->ulFreePublicMemory, ConstCurrentSize, 1);
- printf(" Total Private Memory: ");
- printConst(tokenInfo->ulTotalPrivateMemory, ConstAvailableSizes, 1);
- printf(" Free Private Memory: ");
- printConst(tokenInfo->ulFreePrivateMemory, ConstCurrentSize, 1);
- printf(" Hardware Version: %d.%02d\n",
- VERSION(tokenInfo->hardwareVersion));
- printf(" Firmware Version: %d.%02d\n",
- VERSION(tokenInfo->firmwareVersion));
- printf(" UTC Time: ");
- printChars((char *)tokenInfo->utcTime,sizeof(tokenInfo->utcTime));
- break;
- case ArgSessionInfo:
- sessionInfo = (CK_SESSION_INFO *)ptr->data;
- printf(" SlotID: 0x%08lx\n", sessionInfo->slotID);
- printf(" State: ");
- printConst(sessionInfo->state, ConstSessionState, 1);
- printFlags(" Flags: ", sessionInfo->flags, ConstSessionFlags);
- printf(" Device error: %lu 0x%08lx\n",sessionInfo->ulDeviceError,
- sessionInfo->ulDeviceError);
- break;
- case ArgAttribute:
- attribute = (CK_ATTRIBUTE *)ptr->data;
- printf(" Attribute Type: ");
- printConst(attribute->type, ConstAttribute, 1);
- printf(" Attribute Data: ");
- if (attribute->pValue == NULL) {
- printf("NULL\n");
- printf("Attribute Len: %lu\n",attribute->ulValueLen);
- } else {
- constType = getConstFromAttribute(attribute->type);
- if (constType != ConstNone) {
- CK_ULONG value = (constType == ConstBool) ?
- *(CK_BBOOL *)attribute->pValue :
- *(CK_ULONG *)attribute->pValue;
- printConst(value, constType, 1);
- } else {
- printf("\n");
- printDump(attribute->pValue, attribute->ulValueLen);
- }
- }
- break;
- case ArgMechanism:
- mechanism = (CK_MECHANISM *)ptr->data;
- printf(" Mechanism Type: ");
- printConst(mechanism->mechanism, ConstMechanism, 1);
- printf(" Mechanism Data:\n");
- printDump(mechanism->pParameter, mechanism->ulParameterLen);
- break;
- case ArgMechanismInfo:
- mechanismInfo = (CK_MECHANISM_INFO *)ptr->data;
- printf(" Minimum Key Size: %ld\n",mechanismInfo->ulMinKeySize);
- printf(" Maximum Key Size: %ld\n",mechanismInfo->ulMaxKeySize);
- printFlags(" Flags: ", mechanismInfo->flags, ConstMechanismFlags);
- break;
- case ArgInitializeArgs:
- initArgs = (CK_C_INITIALIZE_ARGS *)ptr->data;
- printFlags(" Flags: ", initArgs->flags, ConstInitializeFlags);
- if (initArgs->LibraryParameters) {
- printf("Params: %s\n",(char *)initArgs->LibraryParameters);
- }
- case ArgFunctionList:
- functionList = (CK_FUNCTION_LIST *)ptr->data;
- printf(" Version: %d.%02d\n", VERSION(functionList->version));
+ info = (CK_INFO *)ptr->data;
+ printf(" Cryptoki Version: %d.%02d\n",
+ VERSION(info->cryptokiVersion));
+ printf(" Manufacturer ID: ");
+ printChars((char *)info->manufacturerID,
+ sizeof(info->manufacturerID));
+ printFlags(" Flags: ", info->flags, ConstInfoFlags);
+ printf(" Library Description: ");
+ printChars((char *)info->libraryDescription,
+ sizeof(info->libraryDescription));
+ printf(" Library Version: %d.%02d\n",
+ VERSION(info->libraryVersion));
+ break;
+ case ArgSlotInfo:
+ slotInfo = (CK_SLOT_INFO *)ptr->data;
+ printf(" Slot Description: ");
+ printChars((char *)slotInfo->slotDescription,
+ sizeof(slotInfo->slotDescription));
+ printf(" Manufacturer ID: ");
+ printChars((char *)slotInfo->manufacturerID,
+ sizeof(slotInfo->manufacturerID));
+ printFlags(" Flags: ", slotInfo->flags, ConstSlotFlags);
+ printf(" Hardware Version: %d.%02d\n",
+ VERSION(slotInfo->hardwareVersion));
+ printf(" Firmware Version: %d.%02d\n",
+ VERSION(slotInfo->firmwareVersion));
+ break;
+ case ArgTokenInfo:
+ tokenInfo = (CK_TOKEN_INFO *)ptr->data;
+ printf(" Label: ");
+ printChars((char *)tokenInfo->label, sizeof(tokenInfo->label));
+ printf(" Manufacturer ID: ");
+ printChars((char *)tokenInfo->manufacturerID,
+ sizeof(tokenInfo->manufacturerID));
+ printf(" Model: ");
+ printChars((char *)tokenInfo->model, sizeof(tokenInfo->model));
+ printf(" Serial Number: ");
+ printChars((char *)tokenInfo->serialNumber,
+ sizeof(tokenInfo->serialNumber));
+ printFlags(" Flags: ", tokenInfo->flags, ConstTokenFlags);
+ printf(" Max Session Count: ");
+ printConst(tokenInfo->ulMaxSessionCount, ConstAvailableSizes, 1);
+ printf(" Session Count: ");
+ printConst(tokenInfo->ulSessionCount, ConstCurrentSize, 1);
+ printf(" RW Session Count: ");
+ printConst(tokenInfo->ulMaxRwSessionCount, ConstAvailableSizes, 1);
+ printf(" Max Pin Length : ");
+ printConst(tokenInfo->ulMaxPinLen, ConstCurrentSize, 1);
+ printf(" Min Pin Length : ");
+ printConst(tokenInfo->ulMinPinLen, ConstCurrentSize, 1);
+ printf(" Total Public Memory: ");
+ printConst(tokenInfo->ulTotalPublicMemory, ConstAvailableSizes, 1);
+ printf(" Free Public Memory: ");
+ printConst(tokenInfo->ulFreePublicMemory, ConstCurrentSize, 1);
+ printf(" Total Private Memory: ");
+ printConst(tokenInfo->ulTotalPrivateMemory, ConstAvailableSizes, 1);
+ printf(" Free Private Memory: ");
+ printConst(tokenInfo->ulFreePrivateMemory, ConstCurrentSize, 1);
+ printf(" Hardware Version: %d.%02d\n",
+ VERSION(tokenInfo->hardwareVersion));
+ printf(" Firmware Version: %d.%02d\n",
+ VERSION(tokenInfo->firmwareVersion));
+ printf(" UTC Time: ");
+ printChars((char *)tokenInfo->utcTime, sizeof(tokenInfo->utcTime));
+ break;
+ case ArgSessionInfo:
+ sessionInfo = (CK_SESSION_INFO *)ptr->data;
+ printf(" SlotID: 0x%08lx\n", sessionInfo->slotID);
+ printf(" State: ");
+ printConst(sessionInfo->state, ConstSessionState, 1);
+ printFlags(" Flags: ", sessionInfo->flags, ConstSessionFlags);
+ printf(" Device error: %lu 0x%08lx\n", sessionInfo->ulDeviceError,
+ sessionInfo->ulDeviceError);
+ break;
+ case ArgAttribute:
+ attribute = (CK_ATTRIBUTE *)ptr->data;
+ printf(" Attribute Type: ");
+ printConst(attribute->type, ConstAttribute, 1);
+ printf(" Attribute Data: ");
+ if (attribute->pValue == NULL) {
+ printf("NULL\n");
+ printf("Attribute Len: %lu\n", attribute->ulValueLen);
+ } else {
+ constType = getConstFromAttribute(attribute->type);
+ if (constType != ConstNone) {
+ CK_ULONG value = (constType == ConstBool) ?
+ *(CK_BBOOL *)attribute->pValue
+ :
+ *(CK_ULONG *)attribute->pValue;
+ printConst(value, constType, 1);
+ } else {
+ printf("\n");
+ printDump(attribute->pValue, attribute->ulValueLen);
+ }
+ }
+ break;
+ case ArgMechanism:
+ mechanism = (CK_MECHANISM *)ptr->data;
+ printf(" Mechanism Type: ");
+ printConst(mechanism->mechanism, ConstMechanism, 1);
+ printf(" Mechanism Data:\n");
+ printDump(mechanism->pParameter, mechanism->ulParameterLen);
+ break;
+ case ArgMechanismInfo:
+ mechanismInfo = (CK_MECHANISM_INFO *)ptr->data;
+ printf(" Minimum Key Size: %ld\n", mechanismInfo->ulMinKeySize);
+ printf(" Maximum Key Size: %ld\n", mechanismInfo->ulMaxKeySize);
+ printFlags(" Flags: ", mechanismInfo->flags, ConstMechanismFlags);
+ break;
+ case ArgInitializeArgs:
+ initArgs = (CK_C_INITIALIZE_ARGS *)ptr->data;
+ printFlags(" Flags: ", initArgs->flags, ConstInitializeFlags);
+ if (initArgs->LibraryParameters) {
+ printf("Params: %s\n", (char *)initArgs->LibraryParameters);
+ }
+ case ArgFunctionList:
+ functionList = (CK_FUNCTION_LIST *)ptr->data;
+ printf(" Version: %d.%02d\n", VERSION(functionList->version));
#ifdef notdef
#undef CK_NEED_ARG_LIST
#define CK_PKCS11_FUNCTION_INFO(func) \
- printf(" %s: 0x%08lx\n", #func, (unsigned long) functionList->func );
+ printf(" %s: 0x%08lx\n", #func, (unsigned long)functionList->func);
#include "pkcs11f.h"
#undef CK_NEED_ARG_LIST
#undef CK_PKCS11_FUNCTION_INFO
#endif
- default:
- ckrv = CKR_ARGUMENTS_BAD;
- break;
+ default:
+ ckrv = CKR_ARGUMENTS_BAD;
+ break;
}
return ckrv;
}
-
/*
* Feeling ambitious? turn this whole thing into lexx yacc parser
* with full expressions.
*/
Value **
-parseArgs(int index, const char * bp)
+parseArgs(int index, const char *bp)
{
const Commands *cp = &commands[index];
int size = strlen(cp->fname);
int i;
CK_ULONG value;
char vname[512];
- Value **argList,*possible;
+ Value **argList, *possible;
ConstType constType;
/*
* skip pass the command
*/
if ((cp->fname[0] == 'C') && (cp->fname[1] == '_') && (bp[1] != '_')) {
- size -= 2;
+ size -= 2;
}
bp += size;
/*
* Initialize our argument list
*/
- argList = (Value **)malloc(sizeof(Value*)*MAX_ARGS);
- for (i=0; i < MAX_ARGS; i++) { argList[i] = NULL; }
+ argList = (Value **)malloc(sizeof(Value *) * MAX_ARGS);
+ for (i = 0; i < MAX_ARGS; i++) {
+ argList[i] = NULL;
+ }
/*
* Walk the argument list parsing it...
*/
- for (i=0 ;i < MAX_ARGS; i++) {
- ArgType type = cp->args[i] & ArgMask;
- int error;
+ for (i = 0; i < MAX_ARGS; i++) {
+ ArgType type = cp->args[i] & ArgMask;
+ int error;
/* strip blanks */
bp = strip(bp);
- /* if we hit ArgNone, we've nabbed all the arguments we need */
- if (type == ArgNone) {
- break;
- }
-
- /* if we run out of space in the line, we weren't given enough
- * arguments... */
- if (*bp == '\0') {
- /* we're into optional arguments, ok to quit now */
- if (cp->args[i] & ArgOpt) {
- break;
- }
- fprintf(stderr,"%s: only %d args found,\n",cp->fname,i);
- parseFree(argList);
- return NULL;
- }
-
- /* collect all the rest of the command line and send
- * it as a single argument */
- if (cp->args[i] & ArgFull) {
- int size = strlen(bp)+1;
- argList[i] = NewValue(type, size);
- memcpy(argList[i]->data, bp, size);
- break;
- }
-
- /*
- * look up the argument in our variable list first... only
- * exception is the new argument type for set...
- */
- error = 0;
- if ((cp->args[i] != (ArgVar|ArgNew)) &&
- (possible = varLookup(bp,vname,sizeof(vname),&error))) {
- /* ints are only compatible with other ints... all other types
- * are interchangeable... */
- if (type != ArgVar) { /* ArgVar's match anyone */
- if ((type == ArgULong) ^
- ((possible->type & ArgMask) == ArgULong)) {
- fprintf(stderr,"%s: Arg %d incompatible type with <%s>\n",
- cp->fname,i+1,vname);
- argFree(possible);
- parseFree(argList);
- return NULL;
- }
- /*
- * ... that is as long as they are big enough...
- */
- if (ArgSize(type) > possible->size) {
- fprintf(stderr,
- "%s: Arg %d %s is too small (%d bytes needs to be %d bytes)\n",
- cp->fname,i+1,vname,possible->size,ArgSize(type));
- argFree(possible);
- parseFree(argList);
- return NULL;
- }
- }
-
- /* everything looks kosher here, use it */
- argList[i] = possible;
-
- bp = readChars(bp,vname,sizeof(vname));
- if (cp->args[i] & ArgOut) {
- possible->type |= ArgOut;
- }
- continue;
- }
-
- if (error == 1) {
- parseFree(argList);
- return NULL;
- }
-
- /* create space for our argument */
- argList[i] = NewValue(type, 1);
-
- if ((PL_strncasecmp(bp, "null", 4) == 0) && ((bp[4] == 0)
- || (bp[4] == ' ') || (bp[4] =='\t') || (bp[4] =='\n'))) {
- if (cp->args[i] == ArgULong) {
- fprintf(stderr, "%s: Arg %d CK_ULONG can't be NULL\n",
- cp->fname,i+1);
- parseFree(argList);
- return NULL;
- }
- argFreeData(argList[i]);
- argList[i]->data = NULL;
- argList[i]->size = 0;
- bp += 4;
- if (*bp) bp++;
- continue;
+ /* if we hit ArgNone, we've nabbed all the arguments we need */
+ if (type == ArgNone) {
+ break;
+ }
+
+ /* if we run out of space in the line, we weren't given enough
+ * arguments... */
+ if (*bp == '\0') {
+ /* we're into optional arguments, ok to quit now */
+ if (cp->args[i] & ArgOpt) {
+ break;
+ }
+ fprintf(stderr, "%s: only %d args found,\n", cp->fname, i);
+ parseFree(argList);
+ return NULL;
}
- /* if we're an output variable, we need to add it */
- if (cp->args[i] & ArgOut) {
- if (PL_strncasecmp(bp,"file(",5) == 0 /* ) */ ) {
- char filename[512];
- bp = readChars(bp+5,filename,sizeof(filename));
- size = PL_strlen(filename);
- if ((size > 0) && (/* ( */filename[size-1] == ')')) {
- filename[size-1] = 0;
- }
- filename[size] = 0;
- argList[i]->filename = (char *)malloc(size+1);
-
- PL_strcpy(argList[i]->filename,filename);
-
- argList[i]->type |= ArgOut|ArgFile;
- break;
- }
- bp = AddVariable(bp,&argList[i]);
- argList[i]->type |= ArgOut;
- continue;
- }
-
- if (PL_strncasecmp(bp, "file(", 5) == 0 /* ) */ ) {
- char filename[512];
-
- bp = readChars(bp+5,filename,sizeof(filename));
- size = PL_strlen(filename);
- if ((size > 0) && ( /* ( */ filename[size-1] == ')')) {
- filename[size-1] = 0;
- }
-
- if (restore(filename,argList[i]) != CKR_OK) {
- parseFree(argList);
- return NULL;
- }
- continue;
- }
-
- switch (type) {
- case ArgULong:
- bp = constLookup(bp, &value, &constType);
- *(int *)argList[i]->data = value;
- argList[i]->constType = constType;
- break;
- case ArgVar:
- argFreeData(argList[i]);
- size = getEnd(bp)+1;
- argList[i]->data = (void *)malloc(size);
- argList[i]->size = size;
- /* fall through */
- case ArgInfo:
- case ArgSlotInfo:
- case ArgTokenInfo:
- case ArgSessionInfo:
- case ArgAttribute:
- case ArgMechanism:
- case ArgMechanismInfo:
- case ArgInitializeArgs:
- case ArgUTF8:
- case ArgChar:
- bp = readChars(bp,(char *)argList[i]->data,argList[i]->size);
- case ArgNone:
- default:
- break;
- }
+ /* collect all the rest of the command line and send
+ * it as a single argument */
+ if (cp->args[i] & ArgFull) {
+ int size = strlen(bp) + 1;
+ argList[i] = NewValue(type, size);
+ memcpy(argList[i]->data, bp, size);
+ break;
+ }
+
+ /*
+ * look up the argument in our variable list first... only
+ * exception is the new argument type for set...
+ */
+ error = 0;
+ if ((cp->args[i] != (ArgVar | ArgNew)) &&
+ (possible = varLookup(bp, vname, sizeof(vname), &error))) {
+ /* ints are only compatible with other ints... all other types
+ * are interchangeable... */
+ if (type != ArgVar) { /* ArgVar's match anyone */
+ if ((type == ArgULong) ^
+ ((possible->type & ArgMask) == ArgULong)) {
+ fprintf(stderr, "%s: Arg %d incompatible type with <%s>\n",
+ cp->fname, i + 1, vname);
+ argFree(possible);
+ parseFree(argList);
+ return NULL;
+ }
+ /*
+ * ... that is as long as they are big enough...
+ */
+ if (ArgSize(type) > possible->size) {
+ fprintf(stderr,
+ "%s: Arg %d %s is too small (%d bytes needs to be %d bytes)\n",
+ cp->fname, i + 1, vname, possible->size, ArgSize(type));
+ argFree(possible);
+ parseFree(argList);
+ return NULL;
+ }
+ }
+
+ /* everything looks kosher here, use it */
+ argList[i] = possible;
+
+ bp = readChars(bp, vname, sizeof(vname));
+ if (cp->args[i] & ArgOut) {
+ possible->type |= ArgOut;
+ }
+ continue;
+ }
+
+ if (error == 1) {
+ parseFree(argList);
+ return NULL;
+ }
+
+ /* create space for our argument */
+ argList[i] = NewValue(type, 1);
+
+ if ((PL_strncasecmp(bp, "null", 4) == 0) && ((bp[4] == 0) ||
+ (bp[4] ==
+ ' ') ||
+ (bp[4] ==
+ '\t') ||
+ (bp[4] == '\n'))) {
+ if (cp->args[i] == ArgULong) {
+ fprintf(stderr, "%s: Arg %d CK_ULONG can't be NULL\n",
+ cp->fname, i + 1);
+ parseFree(argList);
+ return NULL;
+ }
+ argFreeData(argList[i]);
+ argList[i]->data = NULL;
+ argList[i]->size = 0;
+ bp += 4;
+ if (*bp)
+ bp++;
+ continue;
+ }
+
+ /* if we're an output variable, we need to add it */
+ if (cp->args[i] & ArgOut) {
+ if (PL_strncasecmp(bp, "file(", 5) == 0 /* ) */) {
+ char filename[512];
+ bp = readChars(bp + 5, filename, sizeof(filename));
+ size = PL_strlen(filename);
+ if ((size > 0) && (/* ( */ filename[size - 1] == ')')) {
+ filename[size - 1] = 0;
+ }
+ filename[size] = 0;
+ argList[i]->filename = (char *)malloc(size + 1);
+
+ PL_strcpy(argList[i]->filename, filename);
+
+ argList[i]->type |= ArgOut | ArgFile;
+ break;
+ }
+ bp = AddVariable(bp, &argList[i]);
+ argList[i]->type |= ArgOut;
+ continue;
+ }
+
+ if (PL_strncasecmp(bp, "file(", 5) == 0 /* ) */) {
+ char filename[512];
+
+ bp = readChars(bp + 5, filename, sizeof(filename));
+ size = PL_strlen(filename);
+ if ((size > 0) && (/* ( */ filename[size - 1] == ')')) {
+ filename[size - 1] = 0;
+ }
+
+ if (restore(filename, argList[i]) != CKR_OK) {
+ parseFree(argList);
+ return NULL;
+ }
+ continue;
+ }
+
+ switch (type) {
+ case ArgULong:
+ bp = constLookup(bp, &value, &constType);
+ *(int *)argList[i]->data = value;
+ argList[i]->constType = constType;
+ break;
+ case ArgVar:
+ argFreeData(argList[i]);
+ size = getEnd(bp) + 1;
+ argList[i]->data = (void *)malloc(size);
+ argList[i]->size = size;
+ /* fall through */
+ case ArgInfo:
+ case ArgSlotInfo:
+ case ArgTokenInfo:
+ case ArgSessionInfo:
+ case ArgAttribute:
+ case ArgMechanism:
+ case ArgMechanismInfo:
+ case ArgInitializeArgs:
+ case ArgUTF8:
+ case ArgChar:
+ bp = readChars(bp, (char *)argList[i]->data, argList[i]->size);
+ case ArgNone:
+ default:
+ break;
+ }
}
return argList;
@@ -1348,27 +1357,27 @@ parseArgs(int index, const char * bp)
int
lookup(const char *buf)
{
- int size,i;
+ int size, i;
int buflen;
buflen = PL_strlen(buf);
- for ( i = 0; i < commandCount; i++) {
- size = PL_strlen(commands[i].fname);
-
- if (size <= buflen) {
- if (PL_strncasecmp(buf,commands[i].fname,size) == 0) {
- return i;
- }
- }
- if (size-2 <= buflen) {
- if (commands[i].fname[0] == 'C' && commands[i].fname[1] == '_' &&
- (PL_strncasecmp(buf,&commands[i].fname[2],size-2) == 0)) {
- return i;
- }
- }
- }
- fprintf(stderr,"Can't find command %s\n",buf);
+ for (i = 0; i < commandCount; i++) {
+ size = PL_strlen(commands[i].fname);
+
+ if (size <= buflen) {
+ if (PL_strncasecmp(buf, commands[i].fname, size) == 0) {
+ return i;
+ }
+ }
+ if (size - 2 <= buflen) {
+ if (commands[i].fname[0] == 'C' && commands[i].fname[1] == '_' &&
+ (PL_strncasecmp(buf, &commands[i].fname[2], size - 2) == 0)) {
+ return i;
+ }
+ }
+ }
+ fprintf(stderr, "Can't find command %s\n", buf);
return -1;
}
@@ -1377,28 +1386,29 @@ putOutput(Value **ptr)
{
int i;
- for (i=0; i < MAX_ARGS; i++) {
- ArgType type;
+ for (i = 0; i < MAX_ARGS; i++) {
+ ArgType type;
- if (ptr[i] == NULL) break;
+ if (ptr[i] == NULL)
+ break;
- type = ptr[i]->type;
+ type = ptr[i]->type;
- ptr[i]->type &= ~ArgOut;
- if (type == ArgNone) {
- break;
- }
- if (type & ArgOut) {
- (void) printArg(ptr[i],i+1);
- }
- if (type & ArgFile) {
- save(ptr[i]->filename,ptr[i]);
- free(ptr[i]->filename);
- ptr[i]->filename= NULL; /* paranoia */
- }
+ ptr[i]->type &= ~ArgOut;
+ if (type == ArgNone) {
+ break;
+ }
+ if (type & ArgOut) {
+ (void)printArg(ptr[i], i + 1);
+ }
+ if (type & ArgFile) {
+ save(ptr[i]->filename, ptr[i]);
+ free(ptr[i]->filename);
+ ptr[i]->filename = NULL; /* paranoia */
+ }
}
}
-
+
CK_RV
unloadModule(Module *module)
{
@@ -1407,7 +1417,7 @@ unloadModule(Module *module)
disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
if (module->library && !disableUnload) {
- PR_UnloadLibrary(module->library);
+ PR_UnloadLibrary(module->library);
}
module->library = NULL;
@@ -1419,36 +1429,36 @@ unloadModule(Module *module)
CK_RV
loadModule(Module *module, char *library)
{
- PRLibrary *newLibrary;
- CK_C_GetFunctionList getFunctionList;
- CK_FUNCTION_LIST *functionList;
- CK_RV ckrv;
-
- newLibrary = PR_LoadLibrary(library);
- if (!newLibrary) {
- fprintf(stderr,"Couldn't load library %s\n",library);
- return CKR_FUNCTION_FAILED;
- }
- getFunctionList = (CK_C_GetFunctionList)
- PR_FindSymbol(newLibrary,"C_GetFunctionList");
- if (!getFunctionList) {
- fprintf(stderr,"Couldn't find \"C_GetFunctionList\" in %s\n",library);
- return CKR_FUNCTION_FAILED;
- }
-
- ckrv = (*getFunctionList)(&functionList);
- if (ckrv != CKR_OK) {
- return ckrv;
- }
-
- if (module->library) {
- PR_UnloadLibrary(module->library);
- }
-
- module->library = newLibrary;
- module->functionList = functionList;
-
- return CKR_OK;
+ PRLibrary *newLibrary;
+ CK_C_GetFunctionList getFunctionList;
+ CK_FUNCTION_LIST *functionList;
+ CK_RV ckrv;
+
+ newLibrary = PR_LoadLibrary(library);
+ if (!newLibrary) {
+ fprintf(stderr, "Couldn't load library %s\n", library);
+ return CKR_FUNCTION_FAILED;
+ }
+ getFunctionList = (CK_C_GetFunctionList)
+ PR_FindSymbol(newLibrary, "C_GetFunctionList");
+ if (!getFunctionList) {
+ fprintf(stderr, "Couldn't find \"C_GetFunctionList\" in %s\n", library);
+ return CKR_FUNCTION_FAILED;
+ }
+
+ ckrv = (*getFunctionList)(&functionList);
+ if (ckrv != CKR_OK) {
+ return ckrv;
+ }
+
+ if (module->library) {
+ PR_UnloadLibrary(module->library);
+ }
+
+ module->library = newLibrary;
+ module->functionList = functionList;
+
+ return CKR_OK;
}
static void
@@ -1456,44 +1466,44 @@ printHelp(int index, int full)
{
int j;
printf(" %s", commands[index].fname);
- for (j=0; j < MAX_ARGS; j++) {
- ArgType type = commands[index].args[j] & ArgMask;
- if (type == ArgNone) {
- break;
- }
- printf(" %s", valueString[type]);
+ for (j = 0; j < MAX_ARGS; j++) {
+ ArgType type = commands[index].args[j] & ArgMask;
+ if (type == ArgNone) {
+ break;
+ }
+ printf(" %s", valueString[type]);
}
printf("\n");
- printf(" %s\n",commands[index].helpString);
+ printf(" %s\n", commands[index].helpString);
}
/* add Topical help here ! */
static CK_RV
printTopicHelp(char *topic)
{
- int size,i;
+ int size, i;
int topicLen;
topicLen = PL_strlen(topic);
- for ( i = 0; i < topicCount; i++) {
- size = PL_strlen(topics[i].name);
+ for (i = 0; i < topicCount; i++) {
+ size = PL_strlen(topics[i].name);
- if (size <= topicLen) {
- if (PL_strncasecmp(topic,topics[i].name,size) == 0) {
- break;
- }
- }
+ if (size <= topicLen) {
+ if (PL_strncasecmp(topic, topics[i].name, size) == 0) {
+ break;
+ }
+ }
}
if (i == topicCount) {
- fprintf(stderr,"Can't find topic '%s'\n", topic);
- return CKR_DATA_INVALID;
+ fprintf(stderr, "Can't find topic '%s'\n", topic);
+ return CKR_DATA_INVALID;
}
printf(" %s", topic);
printf("\n");
- printf(" %s\n",topics[i].helpString);
+ printf(" %s\n", topics[i].helpString);
return CKR_OK;
}
@@ -1502,36 +1512,38 @@ printGeneralHelp(void)
{
int i;
printf(" To get help on commands, select from the list below:");
- for ( i = 0; i < commandCount; i++) {
- if (i % 5 == 0) printf("\n");
- printf("%s,", commands[i].fname);
+ for (i = 0; i < commandCount; i++) {
+ if (i % 5 == 0)
+ printf("\n");
+ printf("%s,", commands[i].fname);
}
printf("\n");
/* print help topics */
printf(" To get help on a topic, select from the list below:");
- for ( i = 0; i < topicCount; i++) {
- if (i % 5 == 0) printf("\n");
- printf("%s,", topics[i].name);
+ for (i = 0; i < topicCount; i++) {
+ if (i % 5 == 0)
+ printf("\n");
+ printf("%s,", topics[i].name);
}
printf("\n");
- return CKR_OK;
+ return CKR_OK;
}
static CK_RV
quitIf(CK_ULONG a, const char *cmp, CK_ULONG b)
{
if (strcmp(cmp, "<") == 0) {
- return (a < b) ? CKR_QUIT : CKR_OK;
+ return (a < b) ? CKR_QUIT : CKR_OK;
} else if (strcmp(cmp, ">") == 0) {
- return (a > b) ? CKR_QUIT : CKR_OK;
+ return (a > b) ? CKR_QUIT : CKR_OK;
} else if (strcmp(cmp, "<=") == 0) {
- return (a <= b) ? CKR_QUIT : CKR_OK;
+ return (a <= b) ? CKR_QUIT : CKR_OK;
} else if (strcmp(cmp, ">=") == 0) {
- return (a >= b) ? CKR_QUIT : CKR_OK;
+ return (a >= b) ? CKR_QUIT : CKR_OK;
} else if (strcmp(cmp, "=") == 0) {
- return (a == b) ? CKR_QUIT : CKR_OK;
+ return (a == b) ? CKR_QUIT : CKR_OK;
} else if (strcmp(cmp, "!=") == 0) {
- return (a != b) ? CKR_QUIT : CKR_OK;
+ return (a != b) ? CKR_QUIT : CKR_OK;
}
printf("Unkown integer comparator: '%s'\n", cmp);
return CKR_ARGUMENTS_BAD;
@@ -1542,18 +1554,18 @@ quitIfString(const char *a, const char *cmp, const char *b)
{
if (strcmp(cmp, "=") == 0) {
- return (strcmp(a,b) == 0) ? CKR_QUIT : CKR_OK;
+ return (strcmp(a, b) == 0) ? CKR_QUIT : CKR_OK;
} else if (strcmp(cmp, "!=") == 0) {
- return (strcmp(a,b) != 0) ? CKR_QUIT : CKR_OK;
+ return (strcmp(a, b) != 0) ? CKR_QUIT : CKR_OK;
}
printf("Unkown string comparator: '%s'\n", cmp);
return CKR_ARGUMENTS_BAD;
}
-CK_RV run(const char *);
-CK_RV timeCommand(const char *);
-CK_RV loop(const char *filename, const char *var,
- CK_ULONG start, CK_ULONG end, CK_ULONG step) ;
+CK_RV run(const char *);
+CK_RV timeCommand(const char *);
+CK_RV loop(const char *filename, const char *var,
+ CK_ULONG start, CK_ULONG end, CK_ULONG step);
/*
* Actually dispatch the function... Bad things happen
@@ -1563,472 +1575,540 @@ CK_RV
do_func(int index, Value **a)
{
int value, helpIndex;
- static Module module = { NULL, NULL} ;
+ static Module module = { NULL, NULL };
CK_FUNCTION_LIST *func = module.functionList;
switch (commands[index].fType) {
- case F_C_Initialize:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_Initialize((void *)a[0]->data);
- case F_C_Finalize:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_Finalize((void *)a[0]->data);
- case F_C_GetInfo:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GetInfo((CK_INFO *)a[0]->data);
- case F_C_GetFunctionList:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GetFunctionList((CK_FUNCTION_LIST **)a[0]->data);
- case F_C_GetSlotList:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GetSlotList((CK_BBOOL)*(CK_ULONG *)a[0]->data,
- (CK_SLOT_ID *)a[1]->data,
- (CK_ULONG *)a[2]->data);
- case F_C_GetSlotInfo:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GetSlotInfo(*(CK_ULONG *)a[0]->data,
- (CK_SLOT_INFO *)a[1]->data);
- case F_C_GetTokenInfo:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GetTokenInfo(*(CK_ULONG *)a[0]->data,
- (CK_TOKEN_INFO *)a[1]->data);
- case F_C_GetMechanismList:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- if (a[1]->data) {
- a[1]->constType = ConstMechanism;
- }
- return func->C_GetMechanismList(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM_TYPE*)a[1]->data,
- (CK_ULONG *)a[2]->data);
- case F_C_GetMechanismInfo:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GetMechanismInfo(*(CK_ULONG *)a[0]->data,
- *(CK_ULONG *)a[1]->data,
- (CK_MECHANISM_INFO *)a[2]->data);
- case F_C_InitToken:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_InitToken(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data);
- case F_C_InitPIN:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_InitPIN(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_SetPIN:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_SetPIN(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- *(CK_ULONG *)a[4]->data);
- case F_C_OpenSession:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_OpenSession(*(CK_ULONG *)a[0]->data,
- *(CK_ULONG *)a[1]->data,
- (void *)NULL,
- (CK_NOTIFY) NULL,
- (CK_ULONG *)a[2]->data);
- case F_C_CloseSession:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_CloseSession(*(CK_ULONG *)a[0]->data);
- case F_C_CloseAllSessions:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_CloseAllSessions(*(CK_ULONG *)a[0]->data);
- case F_C_GetSessionInfo:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GetSessionInfo(*(CK_ULONG *)a[0]->data,
- (CK_SESSION_INFO *)a[1]->data);
- case F_C_GetOperationState:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GetOperationState(*(CK_ULONG *)a[0]->data,
- (CK_BYTE *)a[1]->data,
- (CK_ULONG *)a[2]->data);
- case F_C_SetOperationState:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_SetOperationState(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- *(CK_ULONG *)a[3]->data,
- *(CK_ULONG *)a[4]->data);
- case F_C_Login:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_Login(*(CK_ULONG *)a[0]->data,
- *(CK_ULONG *)a[1]->data,
- (CK_CHAR *)a[2]->data,
- *(CK_ULONG *)a[3]->data);
- case F_C_Logout:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_Logout(*(CK_ULONG *)a[0]->data);
- case F_C_CreateObject:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_CreateObject(*(CK_ULONG *)a[0]->data,
- (CK_ATTRIBUTE *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_ULONG *)a[3]->data);
- case F_C_CopyObject:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_CopyObject(*(CK_ULONG *)a[0]->data,
- *(CK_ULONG *)a[0]->data,
- (CK_ATTRIBUTE *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_ULONG *)a[3]->data);
- case F_C_DestroyObject:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DestroyObject(*(CK_ULONG *)a[0]->data,
- *(CK_ULONG *)a[1]->data);
- case F_C_GetObjectSize:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GetObjectSize(*(CK_ULONG *)a[0]->data,
- *(CK_ULONG *)a[1]->data,
- (CK_ULONG *)a[2]->data);
- case F_C_GetAttributeValue:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GetAttributeValue(*(CK_ULONG *)a[0]->data,
- *(CK_ULONG *)a[1]->data,
- (CK_ATTRIBUTE *)a[2]->data,
- *(CK_ULONG *)a[3]->data);
- case F_C_SetAttributeValue:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_SetAttributeValue(*(CK_ULONG *)a[0]->data,
- *(CK_ULONG *)a[1]->data,
- (CK_ATTRIBUTE *)a[2]->data,
- *(CK_ULONG *)a[3]->data);
- case F_C_FindObjectsInit:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_FindObjectsInit(*(CK_ULONG *)a[0]->data,
- (CK_ATTRIBUTE *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_FindObjects:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_FindObjects(*(CK_ULONG *)a[0]->data,
- (CK_ULONG *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_ULONG *)a[3]->data);
- case F_C_FindObjectsFinal:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_FindObjectsFinal(*(CK_ULONG *)a[0]->data);
- case F_C_EncryptInit:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_EncryptInit(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_Encrypt:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_Encrypt(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_EncryptUpdate:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_EncryptUpdate(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_EncryptFinal:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_EncryptFinal(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- (CK_ULONG *)a[2]->data);
- case F_C_DecryptInit:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DecryptInit(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_Decrypt:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_Decrypt(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_DecryptUpdate:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DecryptUpdate(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_DecryptFinal:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DecryptFinal(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- (CK_ULONG *)a[2]->data);
- case F_C_DigestInit:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DigestInit(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data);
- case F_C_Digest:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_Digest(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_DigestUpdate:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DigestUpdate(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_DigestKey:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DigestKey(*(CK_ULONG *)a[0]->data,
- *(CK_ULONG *)a[1]->data);
- case F_C_DigestFinal:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DigestFinal(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- (CK_ULONG *)a[2]->data);
- case F_C_SignInit:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_SignInit(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_Sign:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_Sign(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_SignUpdate:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_SignUpdate(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_SignFinal:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_SignFinal(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- (CK_ULONG *)a[2]->data);
-
- case F_C_SignRecoverInit:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_SignRecoverInit(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_SignRecover:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_SignRecover(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_VerifyInit:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_VerifyInit(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_Verify:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_Verify(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- *(CK_ULONG *)a[4]->data);
- case F_C_VerifyUpdate:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_VerifyUpdate(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_VerifyFinal:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_VerifyFinal(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
-
- case F_C_VerifyRecoverInit:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_VerifyRecoverInit(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_VerifyRecover:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_VerifyRecover(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_DigestEncryptUpdate:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DigestEncryptUpdate(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_DecryptDigestUpdate:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DecryptDigestUpdate(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_SignEncryptUpdate:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_SignEncryptUpdate(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_DecryptVerifyUpdate:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DecryptVerifyUpdate(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_GenerateKey:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GenerateKey(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data,
- (CK_ATTRIBUTE *)a[2]->data,
- *(CK_ULONG *)a[3]->data,
- (CK_ULONG *)a[4]->data);
- case F_C_GenerateKeyPair:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GenerateKeyPair(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data,
- (CK_ATTRIBUTE *)a[2]->data,
- *(CK_ULONG *)a[3]->data,
- (CK_ATTRIBUTE *)a[4]->data,
- *(CK_ULONG *)a[5]->data,
- (CK_ULONG *)a[6]->data,
- (CK_ULONG *)a[7]->data);
- case F_C_WrapKey:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_WrapKey(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- *(CK_ULONG *)a[3]->data,
- (CK_CHAR *)a[5]->data,
- (CK_ULONG *)a[6]->data);
- case F_C_UnwrapKey:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_UnwrapKey(*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_CHAR *)a[3]->data,
- *(CK_ULONG *)a[4]->data,
- (CK_ATTRIBUTE *)a[5]->data,
- *(CK_ULONG *)a[6]->data,
- (CK_ULONG *)a[7]->data);
- case F_C_DeriveKey:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_DeriveKey (*(CK_ULONG *)a[0]->data,
- (CK_MECHANISM *)a[1]->data,
- *(CK_ULONG *)a[2]->data,
- (CK_ATTRIBUTE *)a[3]->data,
- *(CK_ULONG *)a[4]->data,
- (CK_ULONG *)a[5]->data);
- case F_C_SeedRandom:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_SeedRandom(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_GenerateRandom:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GenerateRandom(*(CK_ULONG *)a[0]->data,
- (CK_CHAR *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_C_GetFunctionStatus:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_GetFunctionStatus(*(CK_ULONG *)a[0]->data);
- case F_C_CancelFunction:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_CancelFunction(*(CK_ULONG *)a[0]->data);
- case F_C_WaitForSlotEvent:
- if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED;
- return func->C_WaitForSlotEvent(*(CK_ULONG *)a[0]->data,
- (CK_ULONG *)a[1]->data,
- (void *)a[2]->data);
- /* set a variable */
- case F_SetVar:
- case F_SetStringVar:
- (void) DeleteVariable(a[0]->data);
- (void) AddVariable(a[0]->data,&a[1]);
- return CKR_OK;
- /* print a value */
- case F_Print:
- return printArg(a[0],0);
- case F_SaveVar:
- return save(a[0]->data,a[1]);
- case F_RestoreVar:
- return restore(a[0]->data,a[1]);
- case F_Delete:
- return DeleteVariable(a[0]->data);
- case F_Increment:
- return increment(a[0], *(CK_ULONG *)a[1]->data);
- case F_Decrement:
- return decrement(a[0], *(CK_ULONG *)a[1]->data);
- case F_List:
- return list();
- case F_Run:
- return run(a[0]->data);
- case F_Time:
- return timeCommand(a[0]->data);
- case F_Load:
- return loadModule(&module,a[0]->data);
- case F_Unload:
- return unloadModule(&module);
- case F_NewArray:
- (void) DeleteVariable(a[0]->data);
- return ArrayVariable(a[0]->data,a[1]->data,*(CK_ULONG *)a[2]->data);
- case F_NewTemplate:
- (void) DeleteVariable(a[0]->data);
- return ArrayTemplate(a[0]->data,a[1]->data);
- case F_BuildTemplate:
- return BuildTemplate(a[0]);
- case F_SetTemplate:
- return SetTemplate(a[0],
- *(CK_ULONG *)a[1]->data,
- *(CK_ULONG *)a[2]->data);
- case F_NewMechanism:
- (void) DeleteVariable(a[0]->data);
- return NewMechanism(a[0]->data,*(CK_ULONG *)a[1]->data);
- case F_NewInitializeArgs:
- (void) DeleteVariable(a[0]->data);
- return NewInitializeArgs(a[0]->data,*(CK_ULONG *)a[1]->data,a[2]->data);
- case F_System:
- value = *(int *)a[0]->data;
- if (value & 0x80000000) {
- systemFlags &= ~value;
- } else {
- systemFlags |= value;
- }
- return CKR_OK;
- case F_Loop:
- return loop(a[0]->data,a[1]->data,*(CK_ULONG *)a[2]->data,
- *(CK_ULONG *)a[3]->data,*(CK_ULONG *)a[4]->data);
- case F_Help:
- if (a[0]) {
- helpIndex = lookup(a[0]->data);
- if (helpIndex < 0) {
- return printTopicHelp(a[0]->data);
- }
- printHelp(helpIndex, 1);
- return CKR_OK;
- }
- return printGeneralHelp();
- case F_QuitIfString:
- return quitIfString(a[0]->data,a[1]->data,a[2]->data);
- case F_QuitIf:
- return quitIf(*(CK_ULONG *)a[0]->data,a[1]->data,*(CK_ULONG *)a[2]->data);
- case F_Quit:
- return CKR_QUIT;
- default:
- fprintf(stderr,
- "Function %s not yet supported\n",commands[index].fname );
- return CKR_OK;
+ case F_C_Initialize:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_Initialize((void *)a[0]->data);
+ case F_C_Finalize:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_Finalize((void *)a[0]->data);
+ case F_C_GetInfo:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GetInfo((CK_INFO *)a[0]->data);
+ case F_C_GetFunctionList:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GetFunctionList((CK_FUNCTION_LIST **)a[0]->data);
+ case F_C_GetSlotList:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GetSlotList((CK_BBOOL) * (CK_ULONG *)a[0]->data,
+ (CK_SLOT_ID *)a[1]->data,
+ (CK_ULONG *)a[2]->data);
+ case F_C_GetSlotInfo:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GetSlotInfo(*(CK_ULONG *)a[0]->data,
+ (CK_SLOT_INFO *)a[1]->data);
+ case F_C_GetTokenInfo:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GetTokenInfo(*(CK_ULONG *)a[0]->data,
+ (CK_TOKEN_INFO *)a[1]->data);
+ case F_C_GetMechanismList:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ if (a[1]->data) {
+ a[1]->constType = ConstMechanism;
+ }
+ return func->C_GetMechanismList(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM_TYPE *)a[1]->data,
+ (CK_ULONG *)a[2]->data);
+ case F_C_GetMechanismInfo:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GetMechanismInfo(*(CK_ULONG *)a[0]->data,
+ *(CK_ULONG *)a[1]->data,
+ (CK_MECHANISM_INFO *)a[2]->data);
+ case F_C_InitToken:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_InitToken(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data);
+ case F_C_InitPIN:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_InitPIN(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_SetPIN:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_SetPIN(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ *(CK_ULONG *)a[4]->data);
+ case F_C_OpenSession:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_OpenSession(*(CK_ULONG *)a[0]->data,
+ *(CK_ULONG *)a[1]->data,
+ (void *)NULL,
+ (CK_NOTIFY)NULL,
+ (CK_ULONG *)a[2]->data);
+ case F_C_CloseSession:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_CloseSession(*(CK_ULONG *)a[0]->data);
+ case F_C_CloseAllSessions:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_CloseAllSessions(*(CK_ULONG *)a[0]->data);
+ case F_C_GetSessionInfo:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GetSessionInfo(*(CK_ULONG *)a[0]->data,
+ (CK_SESSION_INFO *)a[1]->data);
+ case F_C_GetOperationState:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GetOperationState(*(CK_ULONG *)a[0]->data,
+ (CK_BYTE *)a[1]->data,
+ (CK_ULONG *)a[2]->data);
+ case F_C_SetOperationState:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_SetOperationState(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ *(CK_ULONG *)a[3]->data,
+ *(CK_ULONG *)a[4]->data);
+ case F_C_Login:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_Login(*(CK_ULONG *)a[0]->data,
+ *(CK_ULONG *)a[1]->data,
+ (CK_CHAR *)a[2]->data,
+ *(CK_ULONG *)a[3]->data);
+ case F_C_Logout:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_Logout(*(CK_ULONG *)a[0]->data);
+ case F_C_CreateObject:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_CreateObject(*(CK_ULONG *)a[0]->data,
+ (CK_ATTRIBUTE *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_ULONG *)a[3]->data);
+ case F_C_CopyObject:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_CopyObject(*(CK_ULONG *)a[0]->data,
+ *(CK_ULONG *)a[0]->data,
+ (CK_ATTRIBUTE *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_ULONG *)a[3]->data);
+ case F_C_DestroyObject:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DestroyObject(*(CK_ULONG *)a[0]->data,
+ *(CK_ULONG *)a[1]->data);
+ case F_C_GetObjectSize:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GetObjectSize(*(CK_ULONG *)a[0]->data,
+ *(CK_ULONG *)a[1]->data,
+ (CK_ULONG *)a[2]->data);
+ case F_C_GetAttributeValue:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GetAttributeValue(*(CK_ULONG *)a[0]->data,
+ *(CK_ULONG *)a[1]->data,
+ (CK_ATTRIBUTE *)a[2]->data,
+ *(CK_ULONG *)a[3]->data);
+ case F_C_SetAttributeValue:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_SetAttributeValue(*(CK_ULONG *)a[0]->data,
+ *(CK_ULONG *)a[1]->data,
+ (CK_ATTRIBUTE *)a[2]->data,
+ *(CK_ULONG *)a[3]->data);
+ case F_C_FindObjectsInit:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_FindObjectsInit(*(CK_ULONG *)a[0]->data,
+ (CK_ATTRIBUTE *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_FindObjects:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_FindObjects(*(CK_ULONG *)a[0]->data,
+ (CK_ULONG *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_ULONG *)a[3]->data);
+ case F_C_FindObjectsFinal:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_FindObjectsFinal(*(CK_ULONG *)a[0]->data);
+ case F_C_EncryptInit:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_EncryptInit(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_Encrypt:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_Encrypt(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_EncryptUpdate:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_EncryptUpdate(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_EncryptFinal:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_EncryptFinal(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ (CK_ULONG *)a[2]->data);
+ case F_C_DecryptInit:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DecryptInit(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_Decrypt:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_Decrypt(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_DecryptUpdate:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DecryptUpdate(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_DecryptFinal:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DecryptFinal(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ (CK_ULONG *)a[2]->data);
+ case F_C_DigestInit:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DigestInit(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data);
+ case F_C_Digest:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_Digest(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_DigestUpdate:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DigestUpdate(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_DigestKey:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DigestKey(*(CK_ULONG *)a[0]->data,
+ *(CK_ULONG *)a[1]->data);
+ case F_C_DigestFinal:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DigestFinal(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ (CK_ULONG *)a[2]->data);
+ case F_C_SignInit:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_SignInit(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_Sign:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_Sign(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_SignUpdate:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_SignUpdate(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_SignFinal:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_SignFinal(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ (CK_ULONG *)a[2]->data);
+
+ case F_C_SignRecoverInit:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_SignRecoverInit(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_SignRecover:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_SignRecover(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_VerifyInit:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_VerifyInit(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_Verify:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_Verify(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ *(CK_ULONG *)a[4]->data);
+ case F_C_VerifyUpdate:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_VerifyUpdate(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_VerifyFinal:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_VerifyFinal(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+
+ case F_C_VerifyRecoverInit:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_VerifyRecoverInit(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_VerifyRecover:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_VerifyRecover(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_DigestEncryptUpdate:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DigestEncryptUpdate(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_DecryptDigestUpdate:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DecryptDigestUpdate(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_SignEncryptUpdate:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_SignEncryptUpdate(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_DecryptVerifyUpdate:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DecryptVerifyUpdate(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_GenerateKey:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GenerateKey(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data,
+ (CK_ATTRIBUTE *)a[2]->data,
+ *(CK_ULONG *)a[3]->data,
+ (CK_ULONG *)a[4]->data);
+ case F_C_GenerateKeyPair:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GenerateKeyPair(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data,
+ (CK_ATTRIBUTE *)a[2]->data,
+ *(CK_ULONG *)a[3]->data,
+ (CK_ATTRIBUTE *)a[4]->data,
+ *(CK_ULONG *)a[5]->data,
+ (CK_ULONG *)a[6]->data,
+ (CK_ULONG *)a[7]->data);
+ case F_C_WrapKey:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_WrapKey(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ *(CK_ULONG *)a[3]->data,
+ (CK_CHAR *)a[5]->data,
+ (CK_ULONG *)a[6]->data);
+ case F_C_UnwrapKey:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_UnwrapKey(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_CHAR *)a[3]->data,
+ *(CK_ULONG *)a[4]->data,
+ (CK_ATTRIBUTE *)a[5]->data,
+ *(CK_ULONG *)a[6]->data,
+ (CK_ULONG *)a[7]->data);
+ case F_C_DeriveKey:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_DeriveKey(*(CK_ULONG *)a[0]->data,
+ (CK_MECHANISM *)a[1]->data,
+ *(CK_ULONG *)a[2]->data,
+ (CK_ATTRIBUTE *)a[3]->data,
+ *(CK_ULONG *)a[4]->data,
+ (CK_ULONG *)a[5]->data);
+ case F_C_SeedRandom:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_SeedRandom(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_GenerateRandom:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GenerateRandom(*(CK_ULONG *)a[0]->data,
+ (CK_CHAR *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_C_GetFunctionStatus:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_GetFunctionStatus(*(CK_ULONG *)a[0]->data);
+ case F_C_CancelFunction:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_CancelFunction(*(CK_ULONG *)a[0]->data);
+ case F_C_WaitForSlotEvent:
+ if (!func)
+ return CKR_CRYPTOKI_NOT_INITIALIZED;
+ return func->C_WaitForSlotEvent(*(CK_ULONG *)a[0]->data,
+ (CK_ULONG *)a[1]->data,
+ (void *)a[2]->data);
+ /* set a variable */
+ case F_SetVar:
+ case F_SetStringVar:
+ (void)DeleteVariable(a[0]->data);
+ (void)AddVariable(a[0]->data, &a[1]);
+ return CKR_OK;
+ /* print a value */
+ case F_Print:
+ return printArg(a[0], 0);
+ case F_SaveVar:
+ return save(a[0]->data, a[1]);
+ case F_RestoreVar:
+ return restore(a[0]->data, a[1]);
+ case F_Delete:
+ return DeleteVariable(a[0]->data);
+ case F_Increment:
+ return increment(a[0], *(CK_ULONG *)a[1]->data);
+ case F_Decrement:
+ return decrement(a[0], *(CK_ULONG *)a[1]->data);
+ case F_List:
+ return list();
+ case F_Run:
+ return run(a[0]->data);
+ case F_Time:
+ return timeCommand(a[0]->data);
+ case F_Load:
+ return loadModule(&module, a[0]->data);
+ case F_Unload:
+ return unloadModule(&module);
+ case F_NewArray:
+ (void)DeleteVariable(a[0]->data);
+ return ArrayVariable(a[0]->data, a[1]->data, *(CK_ULONG *)a[2]->data);
+ case F_NewTemplate:
+ (void)DeleteVariable(a[0]->data);
+ return ArrayTemplate(a[0]->data, a[1]->data);
+ case F_BuildTemplate:
+ return BuildTemplate(a[0]);
+ case F_SetTemplate:
+ return SetTemplate(a[0],
+ *(CK_ULONG *)a[1]->data,
+ *(CK_ULONG *)a[2]->data);
+ case F_NewMechanism:
+ (void)DeleteVariable(a[0]->data);
+ return NewMechanism(a[0]->data, *(CK_ULONG *)a[1]->data);
+ case F_NewInitializeArgs:
+ (void)DeleteVariable(a[0]->data);
+ return NewInitializeArgs(a[0]->data, *(CK_ULONG *)a[1]->data, a[2]->data);
+ case F_System:
+ value = *(int *)a[0]->data;
+ if (value & 0x80000000) {
+ systemFlags &= ~value;
+ } else {
+ systemFlags |= value;
+ }
+ return CKR_OK;
+ case F_Loop:
+ return loop(a[0]->data, a[1]->data, *(CK_ULONG *)a[2]->data,
+ *(CK_ULONG *)a[3]->data, *(CK_ULONG *)a[4]->data);
+ case F_Help:
+ if (a[0]) {
+ helpIndex = lookup(a[0]->data);
+ if (helpIndex < 0) {
+ return printTopicHelp(a[0]->data);
+ }
+ printHelp(helpIndex, 1);
+ return CKR_OK;
+ }
+ return printGeneralHelp();
+ case F_QuitIfString:
+ return quitIfString(a[0]->data, a[1]->data, a[2]->data);
+ case F_QuitIf:
+ return quitIf(*(CK_ULONG *)a[0]->data, a[1]->data, *(CK_ULONG *)a[2]->data);
+ case F_Quit:
+ return CKR_QUIT;
+ default:
+ fprintf(stderr,
+ "Function %s not yet supported\n", commands[index].fname);
+ return CKR_OK;
}
/* Not Reached */
return CKR_OK;
}
CK_RV
-processCommand(const char * buf)
+processCommand(const char *buf)
{
CK_RV error = CKR_OK;
int index;
@@ -2037,27 +2117,27 @@ processCommand(const char * buf)
bp = strip(buf);
/* allow comments and blank lines in scripts */
- if ((*bp == '#') || (*bp == 0) || (*bp == '\n')){
- return CKR_OK;
+ if ((*bp == '#') || (*bp == 0) || (*bp == '\n')) {
+ return CKR_OK;
}
index = lookup(bp);
if (index < 0) {
- return CKR_OK;
+ return CKR_OK;
}
- arglist = parseArgs(index,bp);
+ arglist = parseArgs(index, bp);
if (arglist == NULL) {
- return CKR_OK;
+ return CKR_OK;
}
- error = do_func(index,arglist);
+ error = do_func(index, arglist);
if (error == CKR_OK) {
- putOutput(arglist);
+ putOutput(arglist);
} else if (error != CKR_QUIT) {
- printf(">> Error : ");
- printConst(error, ConstResult, 1);
+ printf(">> Error : ");
+ printConst(error, ConstResult, 1);
}
parseFree(arglist);
@@ -2065,7 +2145,7 @@ processCommand(const char * buf)
}
CK_RV
-timeCommand(const char *command)
+timeCommand(const char *command)
{
CK_RV ckrv;
PRIntervalTime startTime = PR_IntervalNow();
@@ -2076,50 +2156,53 @@ timeCommand(const char *command)
endTime = PR_IntervalNow();
elapsedTime = endTime - startTime;
- printf("Time -- %d msec \n",
- PR_IntervalToMilliseconds(elapsedTime));
-
+ printf("Time -- %d msec \n",
+ PR_IntervalToMilliseconds(elapsedTime));
+
return ckrv;
}
-
-
CK_RV
-process(FILE *inFile,int user)
+process(FILE *inFile, int user)
{
char buf[2048];
CK_RV error;
CK_RV ckrv = CKR_OK;
- if (user) { printf("pkcs11> "); fflush(stdout); }
+ if (user) {
+ printf("pkcs11> ");
+ fflush(stdout);
+ }
- while (fgets(buf,2048,inFile) != NULL) {
+ while (fgets(buf, 2048, inFile) != NULL) {
- if (!user) printf("* %s",buf);
- error = processCommand(buf);
- if (error == CKR_QUIT) {
- break;
- } else if (error != CKR_OK) {
- ckrv = error;
- }
- if (user) {
- printf("pkcs11> "); fflush(stdout);
- }
+ if (!user)
+ printf("* %s", buf);
+ error = processCommand(buf);
+ if (error == CKR_QUIT) {
+ break;
+ } else if (error != CKR_OK) {
+ ckrv = error;
+ }
+ if (user) {
+ printf("pkcs11> ");
+ fflush(stdout);
+ }
}
return ckrv;
}
CK_RV
-run(const char *filename)
+run(const char *filename)
{
FILE *infile;
CK_RV ckrv;
- infile = fopen(filename,"r");
+ infile = fopen(filename, "r");
if (infile == NULL) {
- perror(filename);
- return CKR_FUNCTION_FAILED;
+ perror(filename);
+ return CKR_FUNCTION_FAILED;
}
ckrv = process(infile, 0);
@@ -2129,24 +2212,23 @@ run(const char *filename)
}
CK_RV
-loop(const char *filename, const char *var,
- CK_ULONG start, CK_ULONG end, CK_ULONG step)
+loop(const char *filename, const char *var,
+ CK_ULONG start, CK_ULONG end, CK_ULONG step)
{
CK_ULONG i = 0;
Value *value = 0;
CK_RV ckrv;
- for (i=start; i < end; i += step)
- {
+ for (i = start; i < end; i += step) {
value = NewValue(ArgULong, 1);
- *(CK_ULONG *)value->data = i;
- DeleteVariable(var);
- AddVariable(var, &value);
- ckrv = run(filename);
- argFree(value);
- if (ckrv == CKR_QUIT) {
- break;
- }
+ *(CK_ULONG *)value->data = i;
+ DeleteVariable(var);
+ AddVariable(var, &value);
+ ckrv = run(filename);
+ argFree(value);
+ if (ckrv == CKR_QUIT) {
+ break;
+ }
}
return ckrv;
}
@@ -2155,6 +2237,6 @@ int
main(int argc, char **argv)
{
/* I suppose that some day we could parse some arguments */
- (void) process(stdin, 1);
+ (void)process(stdin, 1);
return 0;
}
diff --git a/cmd/pk12util/pk12util.c b/cmd/pk12util/pk12util.c
index 398c0f843..91f8cadca 100644
--- a/cmd/pk12util/pk12util.c
+++ b/cmd/pk12util/pk12util.c
@@ -18,7 +18,7 @@
#include "secpkcs5.h"
#include "certdb.h"
-#define PKCS12_IN_BUFFER_SIZE 200
+#define PKCS12_IN_BUFFER_SIZE 200
static char *progName;
PRBool pk12_debugging = PR_FALSE;
@@ -53,22 +53,22 @@ Usage(char *progName)
static PRBool
p12u_OpenFile(p12uContext *p12cxt, PRBool fileRead)
{
- if(!p12cxt || !p12cxt->filename) {
- return PR_FALSE;
+ if (!p12cxt || !p12cxt->filename) {
+ return PR_FALSE;
}
- if(fileRead) {
- p12cxt->file = PR_Open(p12cxt->filename,
- PR_RDONLY, 0400);
+ if (fileRead) {
+ p12cxt->file = PR_Open(p12cxt->filename,
+ PR_RDONLY, 0400);
} else {
- p12cxt->file = PR_Open(p12cxt->filename,
- PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE,
- 0600);
+ p12cxt->file = PR_Open(p12cxt->filename,
+ PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE,
+ 0600);
}
- if(!p12cxt->file) {
- p12cxt->error = PR_TRUE;
- return PR_FALSE;
+ if (!p12cxt->file) {
+ p12cxt->error = PR_TRUE;
+ return PR_FALSE;
}
return PR_TRUE;
@@ -77,20 +77,20 @@ p12u_OpenFile(p12uContext *p12cxt, PRBool fileRead)
static void
p12u_DestroyContext(p12uContext **ppCtx, PRBool removeFile)
{
- if(!ppCtx || !(*ppCtx)) {
- return;
+ if (!ppCtx || !(*ppCtx)) {
+ return;
}
- if((*ppCtx)->file != NULL) {
- PR_Close((*ppCtx)->file);
+ if ((*ppCtx)->file != NULL) {
+ PR_Close((*ppCtx)->file);
}
- if((*ppCtx)->filename != NULL) {
- if(removeFile) {
- PR_Delete((*ppCtx)->filename);
- }
- PL_strfree((*ppCtx)->filename);
- (*ppCtx)->filename = NULL;
+ if ((*ppCtx)->filename != NULL) {
+ if (removeFile) {
+ PR_Delete((*ppCtx)->filename);
+ }
+ PL_strfree((*ppCtx)->filename);
+ (*ppCtx)->filename = NULL;
}
PR_Free(*ppCtx);
@@ -103,17 +103,17 @@ p12u_InitContext(PRBool fileImport, char *filename)
p12uContext *p12cxt;
p12cxt = PORT_ZNew(p12uContext);
- if(!p12cxt) {
- return NULL;
+ if (!p12cxt) {
+ return NULL;
}
p12cxt->error = PR_FALSE;
p12cxt->errorValue = 0;
p12cxt->filename = PL_strdup(filename);
- if(!p12u_OpenFile(p12cxt, fileImport)) {
- p12u_DestroyContext(&p12cxt, PR_FALSE);
- return NULL;
+ if (!p12u_OpenFile(p12cxt, fileImport)) {
+ p12u_DestroyContext(&p12cxt, PR_FALSE);
+ return NULL;
}
return p12cxt;
@@ -122,17 +122,17 @@ p12u_InitContext(PRBool fileImport, char *filename)
SECItem *
P12U_NicknameCollisionCallback(SECItem *old_nick, PRBool *cancel, void *wincx)
{
- char *nick = NULL;
- SECItem *ret_nick = NULL;
- CERTCertificate* cert = (CERTCertificate*)wincx;
+ char *nick = NULL;
+ SECItem *ret_nick = NULL;
+ CERTCertificate *cert = (CERTCertificate *)wincx;
if (!cancel || !cert) {
- pk12uErrno = PK12UERR_USER_CANCELLED;
- return NULL;
+ pk12uErrno = PK12UERR_USER_CANCELLED;
+ return NULL;
}
if (!old_nick)
- fprintf(stdout, "pk12util: no nickname for cert in PKCS12 file.\n");
+ fprintf(stdout, "pk12util: no nickname for cert in PKCS12 file.\n");
#if 0
/* XXX not handled yet */
@@ -141,24 +141,24 @@ P12U_NicknameCollisionCallback(SECItem *old_nick, PRBool *cancel, void *wincx)
#else
- nick = CERT_MakeCANickname(cert);
+ nick = CERT_MakeCANickname(cert);
if (!nick) {
- return NULL;
+ return NULL;
}
- if(old_nick && old_nick->data && old_nick->len &&
- PORT_Strlen(nick) == old_nick->len &&
- !PORT_Strncmp((char *)old_nick->data, nick, old_nick->len)) {
- PORT_Free(nick);
- PORT_SetError(SEC_ERROR_IO);
- return NULL;
+ if (old_nick && old_nick->data && old_nick->len &&
+ PORT_Strlen(nick) == old_nick->len &&
+ !PORT_Strncmp((char *)old_nick->data, nick, old_nick->len)) {
+ PORT_Free(nick);
+ PORT_SetError(SEC_ERROR_IO);
+ return NULL;
}
fprintf(stdout, "pk12util: using nickname: %s\n", nick);
ret_nick = PORT_ZNew(SECItem);
- if(ret_nick == NULL) {
- PORT_Free(nick);
- return NULL;
+ if (ret_nick == NULL) {
+ PORT_Free(nick);
+ return NULL;
}
ret_nick->data = (unsigned char *)nick;
@@ -173,25 +173,25 @@ p12u_SwapUnicodeBytes(SECItem *uniItem)
{
unsigned int i;
unsigned char a;
- if((uniItem == NULL) || (uniItem->len % 2)) {
- return SECFailure;
+ if ((uniItem == NULL) || (uniItem->len % 2)) {
+ return SECFailure;
}
- for(i = 0; i < uniItem->len; i += 2) {
- a = uniItem->data[i];
- uniItem->data[i] = uniItem->data[i+1];
- uniItem->data[i+1] = a;
+ for (i = 0; i < uniItem->len; i += 2) {
+ a = uniItem->data[i];
+ uniItem->data[i] = uniItem->data[i + 1];
+ uniItem->data[i + 1] = a;
}
return SECSuccess;
}
static PRBool
-p12u_ucs2_ascii_conversion_function(PRBool toUnicode,
- unsigned char *inBuf,
- unsigned int inBufLen,
- unsigned char *outBuf,
- unsigned int maxOutBufLen,
- unsigned int *outBufLen,
- PRBool swapBytes)
+p12u_ucs2_ascii_conversion_function(PRBool toUnicode,
+ unsigned char *inBuf,
+ unsigned int inBufLen,
+ unsigned char *outBuf,
+ unsigned int maxOutBufLen,
+ unsigned int *outBufLen,
+ PRBool swapBytes)
{
SECItem it = { 0 };
SECItem *dup = NULL;
@@ -199,13 +199,13 @@ p12u_ucs2_ascii_conversion_function(PRBool toUnicode,
#ifdef DEBUG_CONVERSION
if (pk12_debugging) {
- int i;
- printf("Converted from:\n");
- for (i=0; i<inBufLen; i++) {
- printf("%2x ", inBuf[i]);
- /*if (i%60 == 0) printf("\n");*/
- }
- printf("\n");
+ int i;
+ printf("Converted from:\n");
+ for (i = 0; i < inBufLen; i++) {
+ printf("%2x ", inBuf[i]);
+ /*if (i%60 == 0) printf("\n");*/
+ }
+ printf("\n");
}
#endif
it.data = inBuf;
@@ -215,26 +215,26 @@ p12u_ucs2_ascii_conversion_function(PRBool toUnicode,
* as neccessary.
*/
if (!toUnicode && swapBytes) {
- if (p12u_SwapUnicodeBytes(dup) != SECSuccess) {
- SECITEM_ZfreeItem(dup, PR_TRUE);
- return PR_FALSE;
- }
+ if (p12u_SwapUnicodeBytes(dup) != SECSuccess) {
+ SECITEM_ZfreeItem(dup, PR_TRUE);
+ return PR_FALSE;
+ }
}
/* Perform the conversion. */
ret = PORT_UCS2_UTF8Conversion(toUnicode, dup->data, dup->len,
outBuf, maxOutBufLen, outBufLen);
if (dup)
- SECITEM_ZfreeItem(dup, PR_TRUE);
+ SECITEM_ZfreeItem(dup, PR_TRUE);
#ifdef DEBUG_CONVERSION
if (pk12_debugging) {
- int i;
- printf("Converted to:\n");
- for (i=0; i<*outBufLen; i++) {
- printf("%2x ", outBuf[i]);
- /*if (i%60 == 0) printf("\n");*/
- }
- printf("\n");
+ int i;
+ printf("Converted to:\n");
+ for (i = 0; i < *outBufLen; i++) {
+ printf("%2x ", outBuf[i]);
+ /*if (i%60 == 0) printf("\n");*/
+ }
+ printf("\n");
}
#endif
return ret;
@@ -242,26 +242,26 @@ p12u_ucs2_ascii_conversion_function(PRBool toUnicode,
SECStatus
P12U_UnicodeConversion(PLArenaPool *arena, SECItem *dest, SECItem *src,
- PRBool toUnicode, PRBool swapBytes)
+ PRBool toUnicode, PRBool swapBytes)
{
unsigned int allocLen;
- if(!dest || !src) {
- return SECFailure;
+ if (!dest || !src) {
+ return SECFailure;
}
allocLen = ((toUnicode) ? (src->len << 2) : src->len);
- if(arena) {
- dest->data = PORT_ArenaZAlloc(arena, allocLen);
+ if (arena) {
+ dest->data = PORT_ArenaZAlloc(arena, allocLen);
} else {
- dest->data = PORT_ZAlloc(allocLen);
+ dest->data = PORT_ZAlloc(allocLen);
}
- if(PORT_UCS2_ASCIIConversion(toUnicode, src->data, src->len,
- dest->data, allocLen, &dest->len,
- swapBytes) == PR_FALSE) {
- if(!arena) {
- PORT_Free(dest->data);
- }
- dest->data = NULL;
- return SECFailure;
+ if (PORT_UCS2_ASCIIConversion(toUnicode, src->data, src->len,
+ dest->data, allocLen, &dest->len,
+ swapBytes) == PR_FALSE) {
+ if (!arena) {
+ PORT_Free(dest->data);
+ }
+ dest->data = NULL;
+ return SECFailure;
}
return SECSuccess;
}
@@ -276,29 +276,29 @@ P12U_GetP12FilePassword(PRBool confirmPw, secuPWData *p12FilePw)
SECItem *pwItem = NULL;
if (p12FilePw == NULL || p12FilePw->source == PW_NONE) {
- char *p1 = NULL;
- int rc;
- for (;;) {
- p0 = SECU_GetPasswordString(NULL,
- "Enter password for PKCS12 file: ");
- if (!confirmPw || p0 == NULL)
- break;
- p1 = SECU_GetPasswordString(NULL, "Re-enter password: ");
- if (p1 == NULL) {
- PORT_ZFree(p0, PL_strlen(p0));
- p0 = NULL;
- break;
- }
- rc = PL_strcmp(p0, p1);
- PORT_ZFree(p1, PL_strlen(p1));
- if (rc == 0)
- break;
- PORT_ZFree(p0, PL_strlen(p0));
- }
+ char *p1 = NULL;
+ int rc;
+ for (;;) {
+ p0 = SECU_GetPasswordString(NULL,
+ "Enter password for PKCS12 file: ");
+ if (!confirmPw || p0 == NULL)
+ break;
+ p1 = SECU_GetPasswordString(NULL, "Re-enter password: ");
+ if (p1 == NULL) {
+ PORT_ZFree(p0, PL_strlen(p0));
+ p0 = NULL;
+ break;
+ }
+ rc = PL_strcmp(p0, p1);
+ PORT_ZFree(p1, PL_strlen(p1));
+ if (rc == 0)
+ break;
+ PORT_ZFree(p0, PL_strlen(p0));
+ }
} else if (p12FilePw->source == PW_FROMFILE) {
- p0 = SECU_FilePasswd(NULL, PR_FALSE, p12FilePw->data);
+ p0 = SECU_FilePasswd(NULL, PR_FALSE, p12FilePw->data);
} else { /* Plaintext */
- p0 = PORT_Strdup(p12FilePw->data);
+ p0 = PORT_Strdup(p12FilePw->data);
}
if (p0 == NULL) {
@@ -319,22 +319,22 @@ P12U_InitSlot(PK11SlotInfo *slot, secuPWData *slotPw)
/* New databases, initialize keydb password. */
if (PK11_NeedUserInit(slot)) {
- rv = SECU_ChangePW(slot,
- (slotPw->source == PW_PLAINTEXT) ? slotPw->data : 0,
- (slotPw->source == PW_FROMFILE) ? slotPw->data : 0);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "Failed to initialize slot \"%s\"",
- PK11_GetSlotName(slot));
- return SECFailure;
- }
+ rv = SECU_ChangePW(slot,
+ (slotPw->source == PW_PLAINTEXT) ? slotPw->data : 0,
+ (slotPw->source == PW_FROMFILE) ? slotPw->data : 0);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "Failed to initialize slot \"%s\"",
+ PK11_GetSlotName(slot));
+ return SECFailure;
+ }
}
if (PK11_Authenticate(slot, PR_TRUE, slotPw) != SECSuccess) {
- SECU_PrintError(progName,
- "Failed to authenticate to PKCS11 slot");
- PORT_SetError(SEC_ERROR_USER_CANCELLED);
- pk12uErrno = PK12UERR_USER_CANCELLED;
- return SECFailure;
+ SECU_PrintError(progName,
+ "Failed to authenticate to PKCS11 slot");
+ PORT_SetError(SEC_ERROR_USER_CANCELLED);
+ pk12uErrno = PK12UERR_USER_CANCELLED;
+ return SECFailure;
}
return SECSuccess;
@@ -357,45 +357,45 @@ p12U_ReadPKCS12File(SECItem *uniPwp, char *in_file, PK11SlotInfo *slot,
PRBool swapUnicode = PR_FALSE;
PRBool trypw;
int error;
-
+
#ifdef IS_LITTLE_ENDIAN
swapUnicode = PR_TRUE;
#endif
p12cxt = p12u_InitContext(PR_TRUE, in_file);
- if(!p12cxt) {
- SECU_PrintError(progName,"File Open failed: %s", in_file);
- pk12uErrno = PK12UERR_INIT_FILE;
+ if (!p12cxt) {
+ SECU_PrintError(progName, "File Open failed: %s", in_file);
+ pk12uErrno = PK12UERR_INIT_FILE;
return NULL;
}
/* get the password */
pwitem = P12U_GetP12FilePassword(PR_FALSE, p12FilePw);
if (!pwitem) {
- pk12uErrno = PK12UERR_USER_CANCELLED;
- goto done;
+ pk12uErrno = PK12UERR_USER_CANCELLED;
+ goto done;
}
- if(P12U_UnicodeConversion(NULL, uniPwp, pwitem, PR_TRUE,
- swapUnicode) != SECSuccess) {
- SECU_PrintError(progName,"Unicode conversion failed");
- pk12uErrno = PK12UERR_UNICODECONV;
- goto done;
+ if (P12U_UnicodeConversion(NULL, uniPwp, pwitem, PR_TRUE,
+ swapUnicode) != SECSuccess) {
+ SECU_PrintError(progName, "Unicode conversion failed");
+ pk12uErrno = PK12UERR_UNICODECONV;
+ goto done;
}
rv = SECU_FileToItem(&p12file, p12cxt->file);
if (rv != SECSuccess) {
- SECU_PrintError(progName,"Failed to read from import file");
+ SECU_PrintError(progName, "Failed to read from import file");
goto done;
}
do {
- trypw = PR_FALSE; /* normally we do this once */
+ trypw = PR_FALSE; /* normally we do this once */
rv = SECFailure;
/* init the decoder context */
p12dcx = SEC_PKCS12DecoderStart(uniPwp, slot, slotPw,
NULL, NULL, NULL, NULL, NULL);
- if(!p12dcx) {
- SECU_PrintError(progName,"PKCS12 decoder start failed");
+ if (!p12dcx) {
+ SECU_PrintError(progName, "PKCS12 decoder start failed");
pk12uErrno = PK12UERR_PK12DECODESTART;
break;
}
@@ -403,35 +403,33 @@ p12U_ReadPKCS12File(SECItem *uniPwp, char *in_file, PK11SlotInfo *slot,
/* decode the item */
rv = SEC_PKCS12DecoderUpdate(p12dcx, p12file.data, p12file.len);
- if(rv != SECSuccess) {
+ if (rv != SECSuccess) {
error = PR_GetError();
- if(error == SEC_ERROR_DECRYPTION_DISALLOWED) {
+ if (error == SEC_ERROR_DECRYPTION_DISALLOWED) {
PR_SetError(error, 0);
break;
}
- SECU_PrintError(progName,"PKCS12 decoding failed");
+ SECU_PrintError(progName, "PKCS12 decoding failed");
pk12uErrno = PK12UERR_DECODE;
}
/* does the blob authenticate properly? */
rv = SEC_PKCS12DecoderVerify(p12dcx);
if (rv != SECSuccess) {
- if(uniPwp->len == 2) {
+ if (uniPwp->len == 2) {
/* this is a null PW, try once more with a zero-length PW
instead of a null string */
SEC_PKCS12DecoderFinish(p12dcx);
uniPwp->len = 0;
trypw = PR_TRUE;
- }
- else {
- SECU_PrintError(progName,"PKCS12 decode not verified");
+ } else {
+ SECU_PrintError(progName, "PKCS12 decode not verified");
pk12uErrno = PK12UERR_DECODEVERIFY;
break;
}
}
} while (trypw == PR_TRUE);
- /* rv has been set at this point */
-
+/* rv has been set at this point */
done:
if (rv != SECSuccess) {
@@ -450,7 +448,7 @@ done:
p12u_DestroyContext(&p12cxt, PR_FALSE);
if (pwitem) {
- SECITEM_ZfreeItem(pwitem, PR_TRUE);
+ SECITEM_ZfreeItem(pwitem, PR_TRUE);
}
SECITEM_ZfreeItem(&p12file, PR_FALSE);
return p12dcx;
@@ -466,7 +464,7 @@ done:
*/
PRIntn
P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
- secuPWData *slotPw, secuPWData *p12FilePw)
+ secuPWData *slotPw, secuPWData *p12FilePw)
{
SEC_PKCS12DecoderContext *p12dcx = NULL;
SECItem uniPwitem = { 0 };
@@ -474,37 +472,37 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
rv = P12U_InitSlot(slot, slotPw);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "Failed to authenticate to \"%s\"",
- PK11_GetSlotName(slot));
- pk12uErrno = PK12UERR_PK11GETSLOT;
- return rv;
+ SECU_PrintError(progName, "Failed to authenticate to \"%s\"",
+ PK11_GetSlotName(slot));
+ pk12uErrno = PK12UERR_PK11GETSLOT;
+ return rv;
}
rv = SECFailure;
p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw);
-
- if(p12dcx == NULL) {
+
+ if (p12dcx == NULL) {
goto loser;
}
-
+
/* make sure the bags are okey dokey -- nicknames correct, etc. */
rv = SEC_PKCS12DecoderValidateBags(p12dcx, P12U_NicknameCollisionCallback);
if (rv != SECSuccess) {
- if (PORT_GetError() == SEC_ERROR_PKCS12_DUPLICATE_DATA) {
- pk12uErrno = PK12UERR_CERTALREADYEXISTS;
- } else {
- pk12uErrno = PK12UERR_DECODEVALIBAGS;
- }
- SECU_PrintError(progName,"PKCS12 decode validate bags failed");
- goto loser;
+ if (PORT_GetError() == SEC_ERROR_PKCS12_DUPLICATE_DATA) {
+ pk12uErrno = PK12UERR_CERTALREADYEXISTS;
+ } else {
+ pk12uErrno = PK12UERR_DECODEVALIBAGS;
+ }
+ SECU_PrintError(progName, "PKCS12 decode validate bags failed");
+ goto loser;
}
/* stuff 'em in */
rv = SEC_PKCS12DecoderImportBags(p12dcx);
if (rv != SECSuccess) {
- SECU_PrintError(progName,"PKCS12 decode import bags failed");
- pk12uErrno = PK12UERR_DECODEIMPTBAGS;
- goto loser;
+ SECU_PrintError(progName, "PKCS12 decode import bags failed");
+ pk12uErrno = PK12UERR_DECODEIMPTBAGS;
+ goto loser;
}
fprintf(stdout, "%s: PKCS12 IMPORT SUCCESSFUL\n", progName);
@@ -512,13 +510,13 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
loser:
if (p12dcx) {
- SEC_PKCS12DecoderFinish(p12dcx);
+ SEC_PKCS12DecoderFinish(p12dcx);
}
-
+
if (uniPwitem.data) {
- SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
+ SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
}
-
+
return rv;
}
@@ -529,13 +527,13 @@ p12u_DoPKCS12ExportErrors()
error_value = PORT_GetError();
if ((error_value == SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY) ||
- (error_value == SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME) ||
- (error_value == SEC_ERROR_PKCS12_UNABLE_TO_WRITE)) {
- fputs(SECU_Strerror(error_value), stderr);
- } else if(error_value == SEC_ERROR_USER_CANCELLED) {
- ;
+ (error_value == SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME) ||
+ (error_value == SEC_ERROR_PKCS12_UNABLE_TO_WRITE)) {
+ fputs(SECU_Strerror(error_value), stderr);
+ } else if (error_value == SEC_ERROR_USER_CANCELLED) {
+ ;
} else {
- fputs(SECU_Strerror(SEC_ERROR_EXPORTING_CERTIFICATES), stderr);
+ fputs(SECU_Strerror(SEC_ERROR_EXPORTING_CERTIFICATES), stderr);
}
}
@@ -545,53 +543,52 @@ p12u_WriteToExportFile(void *arg, const char *buf, unsigned long len)
p12uContext *p12cxt = arg;
int writeLen;
- if(!p12cxt || (p12cxt->error == PR_TRUE)) {
- return;
+ if (!p12cxt || (p12cxt->error == PR_TRUE)) {
+ return;
}
- if(p12cxt->file == NULL) {
- p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
- p12cxt->error = PR_TRUE;
- return;
+ if (p12cxt->file == NULL) {
+ p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
+ p12cxt->error = PR_TRUE;
+ return;
}
writeLen = PR_Write(p12cxt->file, (unsigned char *)buf, (PRInt32)len);
- if(writeLen != (int)len) {
- PR_Close(p12cxt->file);
- PL_strfree(p12cxt->filename);
- p12cxt->filename = NULL;
- p12cxt->file = NULL;
- p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
- p12cxt->error = PR_TRUE;
+ if (writeLen != (int)len) {
+ PR_Close(p12cxt->file);
+ PL_strfree(p12cxt->filename);
+ p12cxt->filename = NULL;
+ p12cxt->file = NULL;
+ p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
+ p12cxt->error = PR_TRUE;
}
}
-
void
P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot,
- SECOidTag cipher, SECOidTag certCipher,
- secuPWData *slotPw, secuPWData *p12FilePw)
+ SECOidTag cipher, SECOidTag certCipher,
+ secuPWData *slotPw, secuPWData *p12FilePw)
{
SEC_PKCS12ExportContext *p12ecx = NULL;
SEC_PKCS12SafeInfo *keySafe = NULL, *certSafe = NULL;
SECItem *pwitem = NULL;
p12uContext *p12cxt = NULL;
- CERTCertList* certlist = NULL;
- CERTCertListNode* node = NULL;
- PK11SlotInfo* slot = NULL;
+ CERTCertList *certlist = NULL;
+ CERTCertListNode *node = NULL;
+ PK11SlotInfo *slot = NULL;
if (P12U_InitSlot(inSlot, slotPw) != SECSuccess) {
- SECU_PrintError(progName,"Failed to authenticate to \"%s\"",
- PK11_GetSlotName(inSlot));
- pk12uErrno = PK12UERR_PK11GETSLOT;
- goto loser;
+ SECU_PrintError(progName, "Failed to authenticate to \"%s\"",
+ PK11_GetSlotName(inSlot));
+ pk12uErrno = PK12UERR_PK11GETSLOT;
+ goto loser;
}
certlist = PK11_FindCertsFromNickname(nn, slotPw);
- if(!certlist) {
- SECU_PrintError(progName,"find user certs from nickname failed");
- pk12uErrno = PK12UERR_FINDCERTBYNN;
- return;
+ if (!certlist) {
+ SECU_PrintError(progName, "find user certs from nickname failed");
+ pk12uErrno = PK12UERR_FINDCERTBYNN;
+ return;
}
if ((SECSuccess != CERT_FilterCertListForUserCerts(certlist)) ||
@@ -604,19 +601,19 @@ P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot,
/* Password to use for PKCS12 file. */
pwitem = P12U_GetP12FilePassword(PR_TRUE, p12FilePw);
- if(!pwitem) {
- goto loser;
+ if (!pwitem) {
+ goto loser;
}
- p12cxt = p12u_InitContext(PR_FALSE, outfile);
- if(!p12cxt) {
- SECU_PrintError(progName,"Initialization failed: %s", outfile);
- pk12uErrno = PK12UERR_INIT_FILE;
- goto loser;
+ p12cxt = p12u_InitContext(PR_FALSE, outfile);
+ if (!p12cxt) {
+ SECU_PrintError(progName, "Initialization failed: %s", outfile);
+ pk12uErrno = PK12UERR_INIT_FILE;
+ goto loser;
}
if (certlist) {
- CERTCertificate* cert = NULL;
+ CERTCertificate *cert = NULL;
node = CERT_LIST_HEAD(certlist);
if (node) {
cert = node->cert;
@@ -627,63 +624,63 @@ P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot,
}
}
if (!slot) {
- SECU_PrintError(progName,"cert does not have a slot");
+ SECU_PrintError(progName, "cert does not have a slot");
pk12uErrno = PK12UERR_FINDCERTBYNN;
goto loser;
}
p12ecx = SEC_PKCS12CreateExportContext(NULL, NULL, slot, slotPw);
- if(!p12ecx) {
- SECU_PrintError(progName,"export context creation failed");
+ if (!p12ecx) {
+ SECU_PrintError(progName, "export context creation failed");
pk12uErrno = PK12UERR_EXPORTCXCREATE;
goto loser;
}
- if(SEC_PKCS12AddPasswordIntegrity(p12ecx, pwitem, SEC_OID_SHA1)
- != SECSuccess) {
- SECU_PrintError(progName,"PKCS12 add password integrity failed");
+ if (SEC_PKCS12AddPasswordIntegrity(p12ecx, pwitem, SEC_OID_SHA1) !=
+ SECSuccess) {
+ SECU_PrintError(progName, "PKCS12 add password integrity failed");
pk12uErrno = PK12UERR_PK12ADDPWDINTEG;
goto loser;
}
for (node = CERT_LIST_HEAD(certlist);
- !CERT_LIST_END(node,certlist);
- node=CERT_LIST_NEXT(node)) {
- CERTCertificate* cert = node->cert;
+ !CERT_LIST_END(node, certlist);
+ node = CERT_LIST_NEXT(node)) {
+ CERTCertificate *cert = node->cert;
if (!cert->slot) {
- SECU_PrintError(progName,"cert does not have a slot");
+ SECU_PrintError(progName, "cert does not have a slot");
pk12uErrno = PK12UERR_FINDCERTBYNN;
goto loser;
}
-
+
keySafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx);
- if(certCipher == SEC_OID_UNKNOWN) {
+ if (certCipher == SEC_OID_UNKNOWN) {
certSafe = keySafe;
} else {
- certSafe =
- SEC_PKCS12CreatePasswordPrivSafe(p12ecx, pwitem, certCipher);
+ certSafe =
+ SEC_PKCS12CreatePasswordPrivSafe(p12ecx, pwitem, certCipher);
}
-
- if(!certSafe || !keySafe) {
- SECU_PrintError(progName,"key or cert safe creation failed");
+
+ if (!certSafe || !keySafe) {
+ SECU_PrintError(progName, "key or cert safe creation failed");
pk12uErrno = PK12UERR_CERTKEYSAFE;
goto loser;
}
-
- if(SEC_PKCS12AddCertAndKey(p12ecx, certSafe, NULL, cert,
- CERT_GetDefaultCertDB(), keySafe, NULL, PR_TRUE, pwitem, cipher)
- != SECSuccess) {
- SECU_PrintError(progName,"add cert and key failed");
- pk12uErrno = PK12UERR_ADDCERTKEY;
- goto loser;
+
+ if (SEC_PKCS12AddCertAndKey(p12ecx, certSafe, NULL, cert,
+ CERT_GetDefaultCertDB(), keySafe, NULL, PR_TRUE, pwitem, cipher) !=
+ SECSuccess) {
+ SECU_PrintError(progName, "add cert and key failed");
+ pk12uErrno = PK12UERR_ADDCERTKEY;
+ goto loser;
}
}
CERT_DestroyCertList(certlist);
certlist = NULL;
- if(SEC_PKCS12Encode(p12ecx, p12u_WriteToExportFile, p12cxt)
- != SECSuccess) {
- SECU_PrintError(progName,"PKCS12 encode failed");
+ if (SEC_PKCS12Encode(p12ecx, p12u_WriteToExportFile, p12cxt) !=
+ SECSuccess) {
+ SECU_PrintError(progName, "PKCS12 encode failed");
pk12uErrno = PK12UERR_ENCODE;
goto loser;
}
@@ -701,20 +698,19 @@ loser:
if (certlist) {
CERT_DestroyCertList(certlist);
certlist = NULL;
- }
+ }
p12u_DestroyContext(&p12cxt, PR_TRUE);
- if(pwitem) {
+ if (pwitem) {
SECITEM_ZfreeItem(pwitem, PR_TRUE);
}
p12u_DoPKCS12ExportErrors();
return;
}
-
PRIntn
P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot,
- secuPWData *slotPw, secuPWData *p12FilePw)
+ secuPWData *slotPw, secuPWData *p12FilePw)
{
SEC_PKCS12DecoderContext *p12dcx = NULL;
SECItem uniPwitem = { 0 };
@@ -723,50 +719,52 @@ P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot,
p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw);
/* did the blob authenticate properly? */
- if(p12dcx == NULL) {
- SECU_PrintError(progName,"PKCS12 decode not verified");
- pk12uErrno = PK12UERR_DECODEVERIFY;
+ if (p12dcx == NULL) {
+ SECU_PrintError(progName, "PKCS12 decode not verified");
+ pk12uErrno = PK12UERR_DECODEVERIFY;
goto loser;
}
rv = SEC_PKCS12DecoderIterateInit(p12dcx);
- if(rv != SECSuccess) {
- SECU_PrintError(progName,"PKCS12 decode iterate bags failed");
- pk12uErrno = PK12UERR_DECODEIMPTBAGS;
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "PKCS12 decode iterate bags failed");
+ pk12uErrno = PK12UERR_DECODEIMPTBAGS;
rv = SECFailure;
} else {
- int fileCounter = 0;
+ int fileCounter = 0;
while (SEC_PKCS12DecoderIterateNext(p12dcx, &dip) == SECSuccess) {
switch (dip->type) {
case SEC_OID_PKCS12_V1_CERT_BAG_ID:
printf("Certificate");
- if (dumpRawFile) {
- PRFileDesc * fd;
- char fileName[20];
- sprintf(fileName, "file%04d.der", ++fileCounter);
- fd = PR_Open(fileName,
- PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE,
- 0600);
- if (!fd) {
- SECU_PrintError(progName,
- "Cannot create output file");
- } else {
- PR_Write(fd, dip->der->data, dip->der->len);
- PR_Close(fd);
- }
- } else
- if (SECU_PrintSignedData(stdout, dip->der,
- (dip->hasKey) ? "(has private key)" : "",
- 0, (SECU_PPFunc)SECU_PrintCertificate) != 0) {
- SECU_PrintError(progName,"PKCS12 print cert bag failed");
+ if (dumpRawFile) {
+ PRFileDesc *fd;
+ char fileName[20];
+ sprintf(fileName, "file%04d.der", ++fileCounter);
+ fd = PR_Open(fileName,
+ PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE,
+ 0600);
+ if (!fd) {
+ SECU_PrintError(progName,
+ "Cannot create output file");
+ } else {
+ PR_Write(fd, dip->der->data, dip->der->len);
+ PR_Close(fd);
+ }
+ } else if (SECU_PrintSignedData(stdout, dip->der,
+ (dip->hasKey) ?
+ "(has private key)"
+ : "",
+ 0, (SECU_PPFunc)SECU_PrintCertificate) !=
+ 0) {
+ SECU_PrintError(progName, "PKCS12 print cert bag failed");
}
if (dip->friendlyName != NULL) {
printf(" Friendly Name: %s\n\n",
- dip->friendlyName->data);
+ dip->friendlyName->data);
+ }
+ if (dip->shroudAlg) {
+ SECU_PrintAlgorithmID(stdout, dip->shroudAlg,
+ "Encryption algorithm", 1);
}
- if (dip->shroudAlg) {
- SECU_PrintAlgorithmID(stdout, dip->shroudAlg,
- "Encryption algorithm",1);
- }
break;
case SEC_OID_PKCS12_V1_KEY_BAG_ID:
case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
@@ -776,16 +774,16 @@ P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot,
printf(":\n");
if (dip->friendlyName != NULL) {
printf(" Friendly Name: %s\n\n",
- dip->friendlyName->data);
+ dip->friendlyName->data);
+ }
+ if (dip->shroudAlg) {
+ SECU_PrintAlgorithmID(stdout, dip->shroudAlg,
+ "Encryption algorithm", 1);
}
- if (dip->shroudAlg) {
- SECU_PrintAlgorithmID(stdout, dip->shroudAlg,
- "Encryption algorithm",1);
- }
break;
default:
printf("unknown bag type(%d): %s\n\n", dip->type,
- SECOID_FindOIDTagDescription(dip->type));
+ SECOID_FindOIDTagDescription(dip->type));
break;
}
}
@@ -793,15 +791,15 @@ P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot,
}
loser:
-
+
if (p12dcx) {
- SEC_PKCS12DecoderFinish(p12dcx);
+ SEC_PKCS12DecoderFinish(p12dcx);
}
-
+
if (uniPwitem.data) {
- SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
+ SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
}
-
+
return rv;
}
@@ -824,31 +822,31 @@ PKCS12U_MapCipherFromString(char *cipherString, int keyLen)
/* look for the oid tag by Description */
cipher = SEC_OID_UNKNOWN;
- for (tag=1; (oid=SECOID_FindOIDByTag(tag)) != NULL ; tag++) {
- /* only interested in oids that we actually understand */
- if (oid->mechanism == CKM_INVALID_MECHANISM) {
- continue;
- }
- if (PORT_Strcasecmp(oid->desc, cipherString) != 0) {
- continue;
- }
- /* we found a match... get the PBE version of this
+ for (tag = 1; (oid = SECOID_FindOIDByTag(tag)) != NULL; tag++) {
+ /* only interested in oids that we actually understand */
+ if (oid->mechanism == CKM_INVALID_MECHANISM) {
+ continue;
+ }
+ if (PORT_Strcasecmp(oid->desc, cipherString) != 0) {
+ continue;
+ }
+ /* we found a match... get the PBE version of this
* cipher... */
- if (!SEC_PKCS5IsAlgorithmPBEAlgTag(tag)) {
- cipher = SEC_PKCS5GetPBEAlgorithm(tag, keyLen);
- /* no eqivalent PKCS5/PKCS12 cipher, use the raw
+ if (!SEC_PKCS5IsAlgorithmPBEAlgTag(tag)) {
+ cipher = SEC_PKCS5GetPBEAlgorithm(tag, keyLen);
+ /* no eqivalent PKCS5/PKCS12 cipher, use the raw
* encryption tag we got and pass it directly in,
* pkcs12 will use the pkcsv5 mechanism */
- if (cipher == SEC_OID_PKCS5_PBES2) {
- cipher = tag;
- } else if (cipher == SEC_OID_PKCS5_PBMAC1) {
- /* make sure we have not macing ciphers here */
- cipher = SEC_OID_UNKNOWN;
- }
- } else {
- cipher = tag;
- }
- break;
+ if (cipher == SEC_OID_PKCS5_PBES2) {
+ cipher = tag;
+ } else if (cipher == SEC_OID_PKCS5_PBMAC1) {
+ /* make sure we have not macing ciphers here */
+ cipher = SEC_OID_UNKNOWN;
+ }
+ } else {
+ cipher = tag;
+ }
+ break;
}
return cipher;
}
@@ -874,12 +872,11 @@ P12U_Init(char *dir, char *dbprefix, PRBool listonly)
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
if (listonly && NSS_NoDB_Init("") == SECSuccess) {
rv = SECSuccess;
- }
- else {
- rv = NSS_Initialize(dir,dbprefix,dbprefix,"secmod.db",0);
+ } else {
+ rv = NSS_Initialize(dir, dbprefix, dbprefix, "secmod.db", 0);
}
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
+ SECU_PrintPRandOSError(progName);
exit(-1);
}
@@ -913,25 +910,25 @@ enum {
};
static secuCommandFlag pk12util_options[] =
-{
- { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
- { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE },
- { /* opt_Import */ 'i', PR_TRUE, 0, PR_FALSE },
- { /* opt_SlotPWFile */ 'k', PR_TRUE, 0, PR_FALSE },
- { /* opt_SlotPW */ 'K', PR_TRUE, 0, PR_FALSE },
- { /* opt_List */ 'l', PR_TRUE, 0, PR_FALSE },
- { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
- { /* opt_Export */ 'o', PR_TRUE, 0, PR_FALSE },
- { /* opt_Raw */ 'r', PR_FALSE, 0, PR_FALSE },
- { /* opt_P12FilePWFile */ 'w', PR_TRUE, 0, PR_FALSE },
- { /* opt_P12FilePW */ 'W', PR_TRUE, 0, PR_FALSE },
- { /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE },
- { /* opt_Debug */ 'v', PR_FALSE, 0, PR_FALSE },
- { /* opt_Cipher */ 'c', PR_TRUE, 0, PR_FALSE },
- { /* opt_CertCipher */ 'C', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeyLength */ 'm', PR_TRUE, 0, PR_FALSE, "key_len" },
- { /* opt_CertKeyLength */ 0, PR_TRUE, 0, PR_FALSE, "cert_key_len" }
-};
+ {
+ { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
+ { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Import */ 'i', PR_TRUE, 0, PR_FALSE },
+ { /* opt_SlotPWFile */ 'k', PR_TRUE, 0, PR_FALSE },
+ { /* opt_SlotPW */ 'K', PR_TRUE, 0, PR_FALSE },
+ { /* opt_List */ 'l', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Export */ 'o', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Raw */ 'r', PR_FALSE, 0, PR_FALSE },
+ { /* opt_P12FilePWFile */ 'w', PR_TRUE, 0, PR_FALSE },
+ { /* opt_P12FilePW */ 'W', PR_TRUE, 0, PR_FALSE },
+ { /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Debug */ 'v', PR_FALSE, 0, PR_FALSE },
+ { /* opt_Cipher */ 'c', PR_TRUE, 0, PR_FALSE },
+ { /* opt_CertCipher */ 'C', PR_TRUE, 0, PR_FALSE },
+ { /* opt_KeyLength */ 'm', PR_TRUE, 0, PR_FALSE, "key_len" },
+ { /* opt_CertKeyLength */ 0, PR_TRUE, 0, PR_FALSE, "cert_key_len" }
+ };
int
main(int argc, char **argv)
@@ -944,15 +941,15 @@ main(int argc, char **argv)
char *export_file = NULL;
char *dbprefix = "";
SECStatus rv;
- SECOidTag cipher =
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
+ SECOidTag cipher =
+ SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
SECOidTag certCipher;
int keyLen = 0;
int certKeyLen = 0;
secuCommand pk12util;
#ifdef _CRTDBG_MAP_ALLOC
- _CrtSetDbgFlag ( _CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF );
+ _CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF);
#endif
pk12util.numCommands = 0;
@@ -961,143 +958,143 @@ main(int argc, char **argv)
pk12util.options = pk12util_options;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
rv = SECU_ParseCommandLine(argc, argv, progName, &pk12util);
if (rv != SECSuccess)
- Usage(progName);
+ Usage(progName);
pk12_debugging = pk12util.options[opt_Debug].activated;
if ((pk12util.options[opt_Import].activated +
- pk12util.options[opt_Export].activated +
- pk12util.options[opt_List].activated) != 1) {
- Usage(progName);
+ pk12util.options[opt_Export].activated +
+ pk12util.options[opt_List].activated) != 1) {
+ Usage(progName);
}
if (pk12util.options[opt_Export].activated &&
- !pk12util.options[opt_Nickname].activated) {
- Usage(progName);
+ !pk12util.options[opt_Nickname].activated) {
+ Usage(progName);
}
slotname = SECU_GetOptionArg(&pk12util, opt_TokenName);
import_file = (pk12util.options[opt_List].activated) ?
- SECU_GetOptionArg(&pk12util, opt_List) :
- SECU_GetOptionArg(&pk12util, opt_Import);
+ SECU_GetOptionArg(&pk12util, opt_List)
+ :
+ SECU_GetOptionArg(&pk12util, opt_Import);
export_file = SECU_GetOptionArg(&pk12util, opt_Export);
if (pk12util.options[opt_P12FilePWFile].activated) {
- p12FilePw.source = PW_FROMFILE;
- p12FilePw.data = PORT_Strdup(pk12util.options[opt_P12FilePWFile].arg);
+ p12FilePw.source = PW_FROMFILE;
+ p12FilePw.data = PORT_Strdup(pk12util.options[opt_P12FilePWFile].arg);
}
if (pk12util.options[opt_P12FilePW].activated) {
- p12FilePw.source = PW_PLAINTEXT;
- p12FilePw.data = PORT_Strdup(pk12util.options[opt_P12FilePW].arg);
+ p12FilePw.source = PW_PLAINTEXT;
+ p12FilePw.data = PORT_Strdup(pk12util.options[opt_P12FilePW].arg);
}
if (pk12util.options[opt_SlotPWFile].activated) {
- slotPw.source = PW_FROMFILE;
- slotPw.data = PORT_Strdup(pk12util.options[opt_SlotPWFile].arg);
+ slotPw.source = PW_FROMFILE;
+ slotPw.data = PORT_Strdup(pk12util.options[opt_SlotPWFile].arg);
}
if (pk12util.options[opt_SlotPW].activated) {
- slotPw.source = PW_PLAINTEXT;
- slotPw.data = PORT_Strdup(pk12util.options[opt_SlotPW].arg);
+ slotPw.source = PW_PLAINTEXT;
+ slotPw.data = PORT_Strdup(pk12util.options[opt_SlotPW].arg);
}
if (pk12util.options[opt_CertDir].activated) {
- SECU_ConfigDirectory(pk12util.options[opt_CertDir].arg);
+ SECU_ConfigDirectory(pk12util.options[opt_CertDir].arg);
}
if (pk12util.options[opt_DBPrefix].activated) {
- dbprefix = pk12util.options[opt_DBPrefix].arg;
+ dbprefix = pk12util.options[opt_DBPrefix].arg;
}
if (pk12util.options[opt_Raw].activated) {
- dumpRawFile = PR_TRUE;
+ dumpRawFile = PR_TRUE;
}
if (pk12util.options[opt_KeyLength].activated) {
- keyLen = atoi(pk12util.options[opt_KeyLength].arg);
+ keyLen = atoi(pk12util.options[opt_KeyLength].arg);
}
if (pk12util.options[opt_CertKeyLength].activated) {
- certKeyLen = atoi(pk12util.options[opt_CertKeyLength].arg);
+ certKeyLen = atoi(pk12util.options[opt_CertKeyLength].arg);
}
-
+
P12U_Init(SECU_ConfigDirectory(NULL), dbprefix,
- pk12util.options[opt_List].activated);
+ pk12util.options[opt_List].activated);
if (!slotname || PL_strcmp(slotname, "internal") == 0)
- slot = PK11_GetInternalKeySlot();
+ slot = PK11_GetInternalKeySlot();
else
- slot = PK11_FindSlotByName(slotname);
+ slot = PK11_FindSlotByName(slotname);
if (!slot) {
- SECU_PrintError(progName,"Invalid slot \"%s\"", slotname);
- pk12uErrno = PK12UERR_PK11GETSLOT;
- goto done;
+ SECU_PrintError(progName, "Invalid slot \"%s\"", slotname);
+ pk12uErrno = PK12UERR_PK11GETSLOT;
+ goto done;
}
if (pk12util.options[opt_Cipher].activated) {
- char *cipherString = pk12util.options[opt_Cipher].arg;
+ char *cipherString = pk12util.options[opt_Cipher].arg;
- cipher = PKCS12U_MapCipherFromString(cipherString, keyLen);
- /* We only want encryption PBE's. make sure we don't have
+ cipher = PKCS12U_MapCipherFromString(cipherString, keyLen);
+ /* We only want encryption PBE's. make sure we don't have
* any MAC pbes */
- if (cipher == SEC_OID_UNKNOWN) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- SECU_PrintError(progName, "Algorithm: \"%s\"", cipherString);
- pk12uErrno = PK12UERR_INVALIDALGORITHM;
- goto done;
- }
+ if (cipher == SEC_OID_UNKNOWN) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ SECU_PrintError(progName, "Algorithm: \"%s\"", cipherString);
+ pk12uErrno = PK12UERR_INVALIDALGORITHM;
+ goto done;
+ }
}
certCipher = PK11_IsFIPS() ? SEC_OID_UNKNOWN :
- SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
+ SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
if (pk12util.options[opt_CertCipher].activated) {
- char *cipherString = pk12util.options[opt_CertCipher].arg;
+ char *cipherString = pk12util.options[opt_CertCipher].arg;
- if (PORT_Strcasecmp(cipherString, "none") == 0) {
- certCipher = SEC_OID_UNKNOWN;
- } else {
- certCipher = PKCS12U_MapCipherFromString(cipherString, certKeyLen);
- /* If the user requested a cipher and we didn't find it, then
+ if (PORT_Strcasecmp(cipherString, "none") == 0) {
+ certCipher = SEC_OID_UNKNOWN;
+ } else {
+ certCipher = PKCS12U_MapCipherFromString(cipherString, certKeyLen);
+ /* If the user requested a cipher and we didn't find it, then
* don't just silently not encrypt. */
- if (cipher == SEC_OID_UNKNOWN) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- SECU_PrintError(progName, "Algorithm: \"%s\"", cipherString);
- pk12uErrno = PK12UERR_INVALIDALGORITHM;
- goto done;
- }
- }
+ if (cipher == SEC_OID_UNKNOWN) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ SECU_PrintError(progName, "Algorithm: \"%s\"", cipherString);
+ pk12uErrno = PK12UERR_INVALIDALGORITHM;
+ goto done;
+ }
+ }
}
-
if (pk12util.options[opt_Import].activated) {
- P12U_ImportPKCS12Object(import_file, slot, &slotPw, &p12FilePw);
+ P12U_ImportPKCS12Object(import_file, slot, &slotPw, &p12FilePw);
} else if (pk12util.options[opt_Export].activated) {
- P12U_ExportPKCS12Object(pk12util.options[opt_Nickname].arg,
- export_file, slot, cipher, certCipher,
- &slotPw, &p12FilePw);
-
+ P12U_ExportPKCS12Object(pk12util.options[opt_Nickname].arg,
+ export_file, slot, cipher, certCipher,
+ &slotPw, &p12FilePw);
+
} else if (pk12util.options[opt_List].activated) {
- P12U_ListPKCS12File(import_file, slot, &slotPw, &p12FilePw);
-
+ P12U_ListPKCS12File(import_file, slot, &slotPw, &p12FilePw);
+
} else {
- Usage(progName);
- pk12uErrno = PK12UERR_USAGE;
+ Usage(progName);
+ pk12uErrno = PK12UERR_USAGE;
}
done:
if (slotPw.data != NULL)
- PORT_ZFree(slotPw.data, PL_strlen(slotPw.data));
+ PORT_ZFree(slotPw.data, PL_strlen(slotPw.data));
if (p12FilePw.data != NULL)
- PORT_ZFree(p12FilePw.data, PL_strlen(p12FilePw.data));
- if (slot)
- PK11_FreeSlot(slot);
+ PORT_ZFree(p12FilePw.data, PL_strlen(p12FilePw.data));
+ if (slot)
+ PK11_FreeSlot(slot);
if (NSS_Shutdown() != SECSuccess) {
- pk12uErrno = 1;
+ pk12uErrno = 1;
}
PL_ArenaFinish();
PR_Cleanup();
diff --git a/cmd/pk12util/pk12util.h b/cmd/pk12util/pk12util.h
index 72cbc7c40..d1588814e 100644
--- a/cmd/pk12util/pk12util.h
+++ b/cmd/pk12util/pk12util.h
@@ -31,11 +31,10 @@
#define PK12UERR_ENCODE 29
#define PK12UERR_INVALIDALGORITHM 30
-
/* additions for importing and exporting PKCS 12 files */
typedef struct p12uContextStr {
- char *filename; /* name of file */
- PRFileDesc *file; /* pointer to file */
- PRBool error; /* error occurred? */
- int errorValue; /* which error occurred? */
+ char *filename; /* name of file */
+ PRFileDesc *file; /* pointer to file */
+ PRBool error; /* error occurred? */
+ int errorValue; /* which error occurred? */
} p12uContext;
diff --git a/cmd/pk1sign/pk1sign.c b/cmd/pk1sign/pk1sign.c
index 69b8c520a..085aa1659 100644
--- a/cmd/pk1sign/pk1sign.c
+++ b/cmd/pk1sign/pk1sign.c
@@ -12,7 +12,7 @@
#include "secpkcs7.h"
#include "cert.h"
#include "certdb.h"
-#include "sechash.h" /* for HASH_GetHashObject() */
+#include "sechash.h" /* for HASH_GetHashObject() */
#include "nss.h"
#include "pk11func.h"
#include "cryptohi.h"
@@ -26,43 +26,41 @@
#include <string.h>
#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
extern int fprintf(FILE *, char *, ...);
#endif
-static secuPWData pwdata = { PW_NONE, 0 };
-
+static secuPWData pwdata = { PW_NONE, 0 };
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
SEC_ASN1Template CERTSignatureDataTemplate[] =
-{
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTSignedData) },
- { SEC_ASN1_INLINE,
- offsetof(CERTSignedData,signatureAlgorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_BIT_STRING,
- offsetof(CERTSignedData,signature) },
- { 0 }
-};
-
+ {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(CERTSignedData) },
+ { SEC_ASN1_INLINE,
+ offsetof(CERTSignedData, signatureAlgorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_BIT_STRING,
+ offsetof(CERTSignedData, signature) },
+ { 0 }
+ };
static void
Usage(char *progName)
{
fprintf(stderr,
- "Usage: %s -k keyname [-d keydir] [-i input] [-o output]\n",
- progName);
+ "Usage: %s -k keyname [-d keydir] [-i input] [-o output]\n",
+ progName);
fprintf(stderr, "%-20s Nickname of key to use for signature\n",
- "-k keyname");
+ "-k keyname");
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
- "-d keydir");
+ "-d keydir");
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
- "-i input");
+ "-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
+ "-o output");
fprintf(stderr, "%-20s Password to the key databse\n", "-p");
fprintf(stderr, "%-20s password file\n", "-f");
exit(-1);
@@ -87,7 +85,7 @@ ExportPublicKey(FILE *outFile, CERTCertificate *cert)
if (!item)
return -1;
- data = PL_Base64Encode((const char*)item->data, item->len, NULL);
+ data = PL_Base64Encode((const char *)item->data, item->len, NULL);
SECITEM_FreeItem(item, PR_TRUE);
if (!data)
return -1;
@@ -142,7 +140,7 @@ SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert)
rv = SEC_SignData(&(sd.signature), data2sign.data, data2sign.len, privKey, algID);
if (rv != SECSuccess) {
- fprintf (stderr, "Could not sign.\n");
+ fprintf(stderr, "Could not sign.\n");
returnValue = -1;
goto loser;
}
@@ -150,7 +148,7 @@ SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert)
rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, 0);
if (rv != SECSuccess) {
- fprintf (stderr, "Could not set alg id.\n");
+ fprintf(stderr, "Could not set alg id.\n");
returnValue = -1;
goto loser;
}
@@ -159,13 +157,13 @@ SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert)
SECITEM_FreeItem(&(sd.signature), PR_FALSE);
if (!result) {
- fprintf (stderr, "Could not encode.\n");
+ fprintf(stderr, "Could not encode.\n");
returnValue = -1;
goto loser;
}
- data = PL_Base64Encode((const char*)result->data, result->len, NULL);
- if (!data){
+ data = PL_Base64Encode((const char *)result->data, result->len, NULL);
+ if (!data) {
returnValue = -1;
goto loser;
}
@@ -201,7 +199,7 @@ main(int argc, char **argv)
SECStatus rv;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
inFile = NULL;
outFile = NULL;
@@ -212,59 +210,62 @@ main(int argc, char **argv)
*/
optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:p:f:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'i':
- inFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'k':
- keyName = strdup(optstate->value);
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "wb");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
- case 'p':
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = strdup (optstate->value);
- break;
-
- case 'f':
- pwdata.source = PW_FROMFILE;
- pwdata.data = PORT_Strdup (optstate->value);
- break;
- }
+ switch (optstate->option) {
+ case '?':
+ Usage(progName);
+ break;
+
+ case 'd':
+ SECU_ConfigDirectory(optstate->value);
+ break;
+
+ case 'i':
+ inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+ if (!inFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'k':
+ keyName = strdup(optstate->value);
+ break;
+
+ case 'o':
+ outFile = fopen(optstate->value, "wb");
+ if (!outFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+ case 'p':
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = strdup(optstate->value);
+ break;
+
+ case 'f':
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
+ }
}
- if (!keyName) Usage(progName);
+ if (!keyName)
+ Usage(progName);
- if (!inFile) inFile = PR_STDIN;
- if (!outFile) outFile = stdout;
+ if (!inFile)
+ inFile = PR_STDIN;
+ if (!outFile)
+ outFile = stdout;
/* Call the initialization routines */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_Init(SECU_ConfigDirectory(NULL));
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- goto loser;
+ SECU_PrintPRandOSError(progName);
+ goto loser;
}
PK11_SetPasswordFunc(SECU_GetModulePassword);
@@ -272,24 +273,24 @@ main(int argc, char **argv)
/* open cert database */
certHandle = CERT_GetDefaultCertDB();
if (certHandle == NULL) {
- rv = SECFailure;
- goto loser;
+ rv = SECFailure;
+ goto loser;
}
/* find cert */
cert = CERT_FindCertByNickname(certHandle, keyName);
if (cert == NULL) {
- SECU_PrintError(progName,
- "the corresponding cert for key \"%s\" does not exist",
- keyName);
- rv = SECFailure;
- goto loser;
+ SECU_PrintError(progName,
+ "the corresponding cert for key \"%s\" does not exist",
+ keyName);
+ rv = SECFailure;
+ goto loser;
}
if (SignFile(outFile, inFile, cert)) {
- SECU_PrintError(progName, "problem signing data");
- rv = SECFailure;
- goto loser;
+ SECU_PrintError(progName, "problem signing data");
+ rv = SECFailure;
+ goto loser;
}
loser:
diff --git a/cmd/pkix-errcodes/pkix-errcodes.c b/cmd/pkix-errcodes/pkix-errcodes.c
index 2f348ee11..ceff098ac 100644
--- a/cmd/pkix-errcodes/pkix-errcodes.c
+++ b/cmd/pkix-errcodes/pkix-errcodes.c
@@ -15,22 +15,21 @@
#include "pkix_error.h"
#undef PKIX_ERRORENTRY
-#define PKIX_ERRORENTRY(name,desc,plerr) #name
+#define PKIX_ERRORENTRY(name, desc, plerr) #name
-const char * const PKIX_ErrorNames[] =
-{
+const char *const PKIX_ErrorNames[] =
+ {
#include "pkix_errorstrings.h"
-};
+ };
#undef PKIX_ERRORENTRY
-
int
main(int argc, char **argv)
{
- int i = 0;
- for (; i < PKIX_NUMERRORCODES; ++i) {
- printf("code %d %s\n", i, PKIX_ErrorNames[i]);
- }
- return 0;
+ int i = 0;
+ for (; i < PKIX_NUMERRORCODES; ++i) {
+ printf("code %d %s\n", i, PKIX_ErrorNames[i]);
+ }
+ return 0;
}
diff --git a/cmd/pp/pp.c b/cmd/pp/pp.c
index 5a69a994e..7d298b7c7 100644
--- a/cmd/pp/pp.c
+++ b/cmd/pp/pp.c
@@ -19,11 +19,12 @@ extern int fprintf(FILE *, char *, ...);
#include "nspr.h"
#include "nss.h"
-static void Usage(char *progName)
+static void
+Usage(char *progName)
{
fprintf(stderr,
- "Usage: %s [-t type] [-a] [-i input] [-o output] [-w] [-u]\n",
- progName);
+ "Usage: %s [-t type] [-a] [-i input] [-o output] [-w] [-u]\n",
+ progName);
fprintf(stderr, "Pretty prints a file containing ASN.1 data in DER or ascii format.\n");
fprintf(stderr, "%-14s Specify input and display type:", "-t type");
#ifdef HAVE_EPV_TEMPLATE
@@ -31,24 +32,25 @@ static void Usage(char *progName)
#endif
fprintf(stderr, "\n");
fprintf(stderr, "%-14s %s (pk), %s (c), %s (cr),\n", "", SEC_CT_PUBLIC_KEY,
- SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST);
+ SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST);
fprintf(stderr, "%-14s %s (ci), %s (p7), %s or %s (n).\n", "", SEC_CT_CERTIFICATE_ID,
SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME);
fprintf(stderr, "%-14s (Use either the long type name or the shortcut.)\n", "");
fprintf(stderr, "%-14s Input is in ascii encoded form (RFC1113)\n",
- "-a");
+ "-a");
fprintf(stderr, "%-14s Define an input file to use (default is stdin)\n",
- "-i input");
+ "-i input");
fprintf(stderr, "%-14s Define an output file to use (default is stdout)\n",
- "-o output");
+ "-o output");
fprintf(stderr, "%-14s Don't wrap long output lines\n",
- "-w");
+ "-w");
fprintf(stderr, "%-14s Use UTF-8 (default is to show non-ascii as .)\n",
- "-u");
+ "-u");
exit(-1);
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
int rv, ascii;
char *progName;
@@ -60,73 +62,76 @@ int main(int argc, char **argv)
PRBool wrap = PR_TRUE;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
ascii = 0;
inFile = 0;
outFile = 0;
typeTag = 0;
optstate = PL_CreateOptState(argc, argv, "at:i:o:uw");
- while ( PL_GetNextOpt(optstate) == PL_OPT_OK ) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
-
- case 'a':
- ascii = 1;
- break;
-
- case 'i':
- inFile = PR_Open(optstate->value, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 'o':
- outFile = fopen(optstate->value, "w");
- if (!outFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- return -1;
- }
- break;
-
- case 't':
- typeTag = strdup(optstate->value);
- break;
-
- case 'u':
- SECU_EnableUtf8Display(PR_TRUE);
- break;
-
- case 'w':
- wrap = PR_FALSE;
- break;
- }
+ while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
+ switch (optstate->option) {
+ case '?':
+ Usage(progName);
+ break;
+
+ case 'a':
+ ascii = 1;
+ break;
+
+ case 'i':
+ inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+ if (!inFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 'o':
+ outFile = fopen(optstate->value, "w");
+ if (!outFile) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, optstate->value);
+ return -1;
+ }
+ break;
+
+ case 't':
+ typeTag = strdup(optstate->value);
+ break;
+
+ case 'u':
+ SECU_EnableUtf8Display(PR_TRUE);
+ break;
+
+ case 'w':
+ wrap = PR_FALSE;
+ break;
+ }
}
PL_DestroyOptState(optstate);
- if (!typeTag) Usage(progName);
+ if (!typeTag)
+ Usage(progName);
- if (!inFile) inFile = PR_STDIN;
- if (!outFile) outFile = stdout;
+ if (!inFile)
+ inFile = PR_STDIN;
+ if (!outFile)
+ outFile = stdout;
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_NoDB_Init(NULL);
if (rv != SECSuccess) {
- fprintf(stderr, "%s: NSS_NoDB_Init failed (%s)\n",
- progName, SECU_Strerror(PORT_GetError()));
- exit(1);
+ fprintf(stderr, "%s: NSS_NoDB_Init failed (%s)\n",
+ progName, SECU_Strerror(PORT_GetError()));
+ exit(1);
}
SECU_RegisterDynamicOids();
rv = SECU_ReadDERFromFile(&der, inFile, ascii, PR_FALSE);
if (rv != SECSuccess) {
- fprintf(stderr, "%s: SECU_ReadDERFromFile failed\n", progName);
- exit(1);
+ fprintf(stderr, "%s: SECU_ReadDERFromFile failed\n", progName);
+ exit(1);
}
/* Data is untyped, using the specified type */
@@ -138,51 +143,51 @@ int main(int argc, char **argv)
/* Pretty print it */
if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 ||
PORT_Strcmp(typeTag, "c") == 0) {
- rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0,
- (SECU_PPFunc)SECU_PrintCertificate);
+ rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0,
+ (SECU_PPFunc)SECU_PrintCertificate);
} else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 ||
PORT_Strcmp(typeTag, "ci") == 0) {
rv = SECU_PrintSignedContent(outFile, &data, 0, 0,
SECU_PrintDumpDerIssuerAndSerial);
} else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0 ||
PORT_Strcmp(typeTag, "cr") == 0) {
- rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0,
- SECU_PrintCertificateRequest);
+ rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0,
+ SECU_PrintCertificateRequest);
} else if (PORT_Strcmp(typeTag, SEC_CT_CRL) == 0) {
- rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl);
+ rv = SECU_PrintSignedData(outFile, &data, "CRL", 0, SECU_PrintCrl);
#ifdef HAVE_EPV_TEMPLATE
} else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0 ||
PORT_Strcmp(typeTag, "sk") == 0) {
- rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0);
+ rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0);
#endif
} else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0 ||
- PORT_Strcmp (typeTag, "pk") == 0) {
- rv = SECU_PrintSubjectPublicKeyInfo(outFile, &data, "Public Key", 0);
+ PORT_Strcmp(typeTag, "pk") == 0) {
+ rv = SECU_PrintSubjectPublicKeyInfo(outFile, &data, "Public Key", 0);
} else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0 ||
- PORT_Strcmp (typeTag, "p7") == 0) {
- rv = SECU_PrintPKCS7ContentInfo(outFile, &data,
- "PKCS #7 Content Info", 0);
+ PORT_Strcmp(typeTag, "p7") == 0) {
+ rv = SECU_PrintPKCS7ContentInfo(outFile, &data,
+ "PKCS #7 Content Info", 0);
} else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0 ||
- PORT_Strcmp (typeTag, "n") == 0) {
- rv = SECU_PrintDERName(outFile, &data, "Name", 0);
+ PORT_Strcmp(typeTag, "n") == 0) {
+ rv = SECU_PrintDERName(outFile, &data, "Name", 0);
} else {
- fprintf(stderr, "%s: don't know how to print out '%s' files\n",
- progName, typeTag);
- SECU_PrintAny(outFile, &data, "File contains", 0);
- return -1;
+ fprintf(stderr, "%s: don't know how to print out '%s' files\n",
+ progName, typeTag);
+ SECU_PrintAny(outFile, &data, "File contains", 0);
+ return -1;
}
if (inFile != PR_STDIN)
- PR_Close(inFile);
+ PR_Close(inFile);
PORT_Free(der.data);
if (rv) {
- fprintf(stderr, "%s: problem converting data (%s)\n",
- progName, SECU_Strerror(PORT_GetError()));
+ fprintf(stderr, "%s: problem converting data (%s)\n",
+ progName, SECU_Strerror(PORT_GetError()));
}
if (NSS_Shutdown() != SECSuccess) {
- fprintf(stderr, "%s: NSS_Shutdown failed (%s)\n",
- progName, SECU_Strerror(PORT_GetError()));
- rv = SECFailure;
+ fprintf(stderr, "%s: NSS_Shutdown failed (%s)\n",
+ progName, SECU_Strerror(PORT_GetError()));
+ rv = SECFailure;
}
PR_Cleanup();
return rv;
diff --git a/cmd/ppcertdata/ppcertdata.c b/cmd/ppcertdata/ppcertdata.c
index e1fb287b2..be12e9354 100644
--- a/cmd/ppcertdata/ppcertdata.c
+++ b/cmd/ppcertdata/ppcertdata.c
@@ -9,92 +9,91 @@
#include "secutil.h"
#include "nss.h"
-unsigned char binary_line[64 * 1024];
+unsigned char binary_line[64 * 1024];
int
-main(int argc, const char ** argv)
+main(int argc, const char** argv)
{
- int skip_count = 0;
- int bytes_read;
- char line[133];
+ int skip_count = 0;
+ int bytes_read;
+ char line[133];
if (argc > 1) {
- skip_count = atoi(argv[1]);
+ skip_count = atoi(argv[1]);
}
if (argc > 2 || skip_count < 0) {
printf("Usage: %s [ skip_columns ] \n", argv[0]);
- return 1;
+ return 1;
}
NSS_NoDB_Init(NULL);
- while (fgets(line, 132, stdin) && (bytes_read = strlen(line)) > 0 ) {
- int bytes_written;
- char * found;
- char * in = line + skip_count;
- int left = bytes_read - skip_count;
- int is_cert;
- int is_serial;
- int is_name;
- int is_hash;
- int use_pp = 0;
- int out = 0;
- SECItem der = {siBuffer, NULL, 0 };
+ while (fgets(line, 132, stdin) && (bytes_read = strlen(line)) > 0) {
+ int bytes_written;
+ char* found;
+ char* in = line + skip_count;
+ int left = bytes_read - skip_count;
+ int is_cert;
+ int is_serial;
+ int is_name;
+ int is_hash;
+ int use_pp = 0;
+ int out = 0;
+ SECItem der = { siBuffer, NULL, 0 };
- line[bytes_read] = 0;
- if (bytes_read <= skip_count)
- continue;
- fwrite(in, 1, left, stdout);
- found = strstr(in, "MULTILINE_OCTAL");
- if (!found)
- continue;
- fflush(stdout);
+ line[bytes_read] = 0;
+ if (bytes_read <= skip_count)
+ continue;
+ fwrite(in, 1, left, stdout);
+ found = strstr(in, "MULTILINE_OCTAL");
+ if (!found)
+ continue;
+ fflush(stdout);
- is_cert = (NULL != strstr(in, "CKA_VALUE"));
- is_serial = (NULL != strstr(in, "CKA_SERIAL_NUMBER"));
- is_name = (NULL != strstr(in, "CKA_ISSUER")) ||
- (NULL != strstr(in, "CKA_SUBJECT"));
- is_hash = (NULL != strstr(in, "_HASH"));
- while (fgets(line, 132, stdin) &&
- (bytes_read = strlen(line)) > 0 ) {
- in = line + skip_count;
- left = bytes_read - skip_count;
+ is_cert = (NULL != strstr(in, "CKA_VALUE"));
+ is_serial = (NULL != strstr(in, "CKA_SERIAL_NUMBER"));
+ is_name = (NULL != strstr(in, "CKA_ISSUER")) ||
+ (NULL != strstr(in, "CKA_SUBJECT"));
+ is_hash = (NULL != strstr(in, "_HASH"));
+ while (fgets(line, 132, stdin) &&
+ (bytes_read = strlen(line)) > 0) {
+ in = line + skip_count;
+ left = bytes_read - skip_count;
- if ((left >= 3) && !strncmp(in, "END", 3))
- break;
- while (left >= 4) {
- if (in[0] == '\\' && isdigit(in[1]) &&
- isdigit(in[2]) && isdigit(in[3])) {
- left -= 4;
- binary_line[out++] = ((in[1] - '0') << 6) |
- ((in[2] - '0') << 3) |
- (in[3] - '0');
- in += 4;
- } else
- break;
- }
- }
- der.data = binary_line;
- der.len = out;
- if (is_cert)
- SECU_PrintSignedData(stdout, &der, "Certificate", 0,
- SECU_PrintCertificate);
- else if (is_name)
- SECU_PrintDERName(stdout, &der, "Name", 0);
- else if (is_serial) {
- if (out > 2 && binary_line[0] == 2 &&
- out == 2 + binary_line[1]) {
- der.data += 2;
- der.len -= 2;
- SECU_PrintInteger(stdout, &der, "DER Serial Number", 0);
- } else
- SECU_PrintInteger(stdout, &der, "Raw Serial Number", 0);
- } else if (is_hash)
- SECU_PrintAsHex(stdout, &der, "Hash", 0);
- else
- SECU_PrintBuf(stdout, "Other", binary_line, out);
+ if ((left >= 3) && !strncmp(in, "END", 3))
+ break;
+ while (left >= 4) {
+ if (in[0] == '\\' && isdigit(in[1]) &&
+ isdigit(in[2]) && isdigit(in[3])) {
+ left -= 4;
+ binary_line[out++] = ((in[1] - '0') << 6) |
+ ((in[2] - '0') << 3) |
+ (in[3] - '0');
+ in += 4;
+ } else
+ break;
+ }
+ }
+ der.data = binary_line;
+ der.len = out;
+ if (is_cert)
+ SECU_PrintSignedData(stdout, &der, "Certificate", 0,
+ SECU_PrintCertificate);
+ else if (is_name)
+ SECU_PrintDERName(stdout, &der, "Name", 0);
+ else if (is_serial) {
+ if (out > 2 && binary_line[0] == 2 &&
+ out == 2 + binary_line[1]) {
+ der.data += 2;
+ der.len -= 2;
+ SECU_PrintInteger(stdout, &der, "DER Serial Number", 0);
+ } else
+ SECU_PrintInteger(stdout, &der, "Raw Serial Number", 0);
+ } else if (is_hash)
+ SECU_PrintAsHex(stdout, &der, "Hash", 0);
+ else
+ SECU_PrintBuf(stdout, "Other", binary_line, out);
}
NSS_Shutdown();
return 0;
}
-
diff --git a/cmd/pwdecrypt/pwdecrypt.c b/cmd/pwdecrypt/pwdecrypt.c
index ad7dc60aa..02a676e54 100644
--- a/cmd/pwdecrypt/pwdecrypt.c
+++ b/cmd/pwdecrypt/pwdecrypt.c
@@ -20,89 +20,88 @@
#define DEFAULT_VALUE "Test"
static void
-synopsis (char *program_name)
+synopsis(char *program_name)
{
PRFileDesc *pr_stderr;
pr_stderr = PR_STDERR;
- PR_fprintf (pr_stderr,
- "Usage:\t%s [-i <input-file>] [-o <output-file>] [-d <dir>]\n"
- " \t[-l logfile] [-p pwd] [-f pwfile]\n", program_name);
+ PR_fprintf(pr_stderr,
+ "Usage:\t%s [-i <input-file>] [-o <output-file>] [-d <dir>]\n"
+ " \t[-l logfile] [-p pwd] [-f pwfile]\n",
+ program_name);
}
-
static void
-short_usage (char *program_name)
+short_usage(char *program_name)
{
- PR_fprintf (PR_STDERR,
- "Type %s -H for more detailed descriptions\n",
- program_name);
- synopsis (program_name);
+ PR_fprintf(PR_STDERR,
+ "Type %s -H for more detailed descriptions\n",
+ program_name);
+ synopsis(program_name);
}
-
static void
-long_usage (char *program_name)
+long_usage(char *program_name)
{
PRFileDesc *pr_stderr;
pr_stderr = PR_STDERR;
- synopsis (program_name);
- PR_fprintf (pr_stderr, "\nDecode encrypted passwords (and other data).\n");
- PR_fprintf (pr_stderr,
- "This program reads in standard configuration files looking\n"
- "for base 64 encoded data. Data that looks like it's base 64 encode\n"
- "is decoded an passed to the NSS SDR code. If the decode and decrypt\n"
- "is successful, then decrypted data is outputted in place of the\n"
- "original base 64 data. If the decode or decrypt fails, the original\n"
- "data is written and the reason for failure is logged to the \n"
- "optional logfile.\n");
- PR_fprintf (pr_stderr,
- " %-13s Read stream including encrypted data from "
- "\"read_file\"\n",
- "-i read_file");
- PR_fprintf (pr_stderr,
- " %-13s Write results to \"write_file\"\n",
- "-o write_file");
- PR_fprintf (pr_stderr,
- " %-13s Find security databases in \"dbdir\"\n",
- "-d dbdir");
- PR_fprintf (pr_stderr,
- " %-13s Log failed decrypt/decode attempts to \"log_file\"\n",
- "-l log_file");
- PR_fprintf (pr_stderr,
- " %-13s Token password\n",
- "-p pwd");
- PR_fprintf (pr_stderr,
- " %-13s Password file\n",
- "-f pwfile");
+ synopsis(program_name);
+ PR_fprintf(pr_stderr, "\nDecode encrypted passwords (and other data).\n");
+ PR_fprintf(pr_stderr,
+ "This program reads in standard configuration files looking\n"
+ "for base 64 encoded data. Data that looks like it's base 64 encode\n"
+ "is decoded an passed to the NSS SDR code. If the decode and decrypt\n"
+ "is successful, then decrypted data is outputted in place of the\n"
+ "original base 64 data. If the decode or decrypt fails, the original\n"
+ "data is written and the reason for failure is logged to the \n"
+ "optional logfile.\n");
+ PR_fprintf(pr_stderr,
+ " %-13s Read stream including encrypted data from "
+ "\"read_file\"\n",
+ "-i read_file");
+ PR_fprintf(pr_stderr,
+ " %-13s Write results to \"write_file\"\n",
+ "-o write_file");
+ PR_fprintf(pr_stderr,
+ " %-13s Find security databases in \"dbdir\"\n",
+ "-d dbdir");
+ PR_fprintf(pr_stderr,
+ " %-13s Log failed decrypt/decode attempts to \"log_file\"\n",
+ "-l log_file");
+ PR_fprintf(pr_stderr,
+ " %-13s Token password\n",
+ "-p pwd");
+ PR_fprintf(pr_stderr,
+ " %-13s Password file\n",
+ "-f pwfile");
}
/*
- * base64 table only used to identify the end of a base64 string
+ * base64 table only used to identify the end of a base64 string
*/
static unsigned char b64[256] = {
-/* 00: */ 0, 0, 0, 0, 0, 0, 0, 0,
-/* 08: */ 0, 0, 0, 0, 0, 0, 0, 0,
-/* 10: */ 0, 0, 0, 0, 0, 0, 0, 0,
-/* 18: */ 0, 0, 0, 0, 0, 0, 0, 0,
-/* 20: */ 0, 0, 0, 0, 0, 0, 0, 0,
-/* 28: */ 0, 0, 0, 1, 0, 0, 0, 1,
-/* 30: */ 1, 1, 1, 1, 1, 1, 1, 1,
-/* 38: */ 1, 1, 0, 0, 0, 0, 0, 0,
-/* 40: */ 0, 1, 1, 1, 1, 1, 1, 1,
-/* 48: */ 1, 1, 1, 1, 1, 1, 1, 1,
-/* 50: */ 1, 1, 1, 1, 1, 1, 1, 1,
-/* 58: */ 1, 1, 1, 0, 0, 0, 0, 0,
-/* 60: */ 0, 1, 1, 1, 1, 1, 1, 1,
-/* 68: */ 1, 1, 1, 1, 1, 1, 1, 1,
-/* 70: */ 1, 1, 1, 1, 1, 1, 1, 1,
-/* 78: */ 1, 1, 1, 0, 0, 0, 0, 0,
+ /* 00: */ 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 08: */ 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 10: */ 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 18: */ 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 20: */ 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 28: */ 0, 0, 0, 1, 0, 0, 0, 1,
+ /* 30: */ 1, 1, 1, 1, 1, 1, 1, 1,
+ /* 38: */ 1, 1, 0, 0, 0, 0, 0, 0,
+ /* 40: */ 0, 1, 1, 1, 1, 1, 1, 1,
+ /* 48: */ 1, 1, 1, 1, 1, 1, 1, 1,
+ /* 50: */ 1, 1, 1, 1, 1, 1, 1, 1,
+ /* 58: */ 1, 1, 1, 0, 0, 0, 0, 0,
+ /* 60: */ 0, 1, 1, 1, 1, 1, 1, 1,
+ /* 68: */ 1, 1, 1, 1, 1, 1, 1, 1,
+ /* 70: */ 1, 1, 1, 1, 1, 1, 1, 1,
+ /* 78: */ 1, 1, 1, 0, 0, 0, 0, 0,
};
enum {
- false = 0,
- true = 1
+ false = 0,
+ true = 1
} bool;
#define isatobchar(c) (b64[c])
@@ -110,79 +109,79 @@ enum {
#define MAX_STRING 8192
int
-isBase64(char *inString)
+isBase64(char *inString)
{
unsigned int i;
unsigned char c;
- for (i = 0; (c = inString[i]) != 0 && isatobchar(c); ++i)
- ;
+ for (i = 0; (c = inString[i]) != 0 && isatobchar(c); ++i)
+ ;
if (c == '=') {
- while ((c = inString[++i]) == '=')
- ; /* skip trailing '=' characters */
+ while ((c = inString[++i]) == '=')
+ ; /* skip trailing '=' characters */
}
if (c && c != '\n' && c != '\r')
- return false;
+ return false;
if (i == 0 || i % 4)
- return false;
+ return false;
return true;
}
void
-doDecrypt(char * dataString, FILE *outFile, FILE *logFile, secuPWData *pwdata)
+doDecrypt(char *dataString, FILE *outFile, FILE *logFile, secuPWData *pwdata)
{
- int strLen = strlen(dataString);
- SECItem *decoded = NSSBase64_DecodeBuffer(NULL, NULL, dataString, strLen);
- SECStatus rv;
- int err;
- SECItem result = { siBuffer, NULL, 0 };
+ int strLen = strlen(dataString);
+ SECItem *decoded = NSSBase64_DecodeBuffer(NULL, NULL, dataString, strLen);
+ SECStatus rv;
+ int err;
+ SECItem result = { siBuffer, NULL, 0 };
if ((decoded == NULL) || (decoded->len == 0)) {
- if (logFile) {
- err = PORT_GetError();
- fprintf(logFile,"Base 64 decode failed on <%s>\n", dataString);
- fprintf(logFile," Error %d: %s\n", err, SECU_Strerror(err));
- }
- fputs(dataString, outFile);
- if (decoded)
- SECITEM_FreeItem(decoded, PR_TRUE);
- return;
+ if (logFile) {
+ err = PORT_GetError();
+ fprintf(logFile, "Base 64 decode failed on <%s>\n", dataString);
+ fprintf(logFile, " Error %d: %s\n", err, SECU_Strerror(err));
+ }
+ fputs(dataString, outFile);
+ if (decoded)
+ SECITEM_FreeItem(decoded, PR_TRUE);
+ return;
}
rv = PK11SDR_Decrypt(decoded, &result, pwdata);
SECITEM_ZfreeItem(decoded, PR_TRUE);
if (rv == SECSuccess) {
- /* result buffer has no extra space for a NULL */
- fprintf(outFile, "Decrypted: \"%.*s\"\n", result.len, result.data);
- SECITEM_ZfreeItem(&result, PR_FALSE);
- return;
+ /* result buffer has no extra space for a NULL */
+ fprintf(outFile, "Decrypted: \"%.*s\"\n", result.len, result.data);
+ SECITEM_ZfreeItem(&result, PR_FALSE);
+ return;
}
/* Encryption failed. output raw input. */
if (logFile) {
- err = PORT_GetError();
- fprintf(logFile,"SDR decrypt failed on <%s>\n", dataString);
- fprintf(logFile," Error %d: %s\n", err, SECU_Strerror(err));
+ err = PORT_GetError();
+ fprintf(logFile, "SDR decrypt failed on <%s>\n", dataString);
+ fprintf(logFile, " Error %d: %s\n", err, SECU_Strerror(err));
}
- fputs(dataString,outFile);
+ fputs(dataString, outFile);
}
void
-doDecode(char * dataString, FILE *outFile, FILE *logFile)
+doDecode(char *dataString, FILE *outFile, FILE *logFile)
{
- int strLen = strlen(dataString + 1);
- SECItem *decoded;
+ int strLen = strlen(dataString + 1);
+ SECItem *decoded;
decoded = NSSBase64_DecodeBuffer(NULL, NULL, dataString + 1, strLen);
if ((decoded == NULL) || (decoded->len == 0)) {
- if (logFile) {
- int err = PORT_GetError();
- fprintf(logFile,"Base 64 decode failed on <%s>\n", dataString + 1);
- fprintf(logFile," Error %d: %s\n", err, SECU_Strerror(err));
- }
- fputs(dataString, outFile);
- if (decoded)
- SECITEM_FreeItem(decoded, PR_TRUE);
- return;
+ if (logFile) {
+ int err = PORT_GetError();
+ fprintf(logFile, "Base 64 decode failed on <%s>\n", dataString + 1);
+ fprintf(logFile, " Error %d: %s\n", err, SECU_Strerror(err));
+ }
+ fputs(dataString, outFile);
+ if (decoded)
+ SECITEM_FreeItem(decoded, PR_TRUE);
+ return;
}
fprintf(outFile, "Decoded: \"%.*s\"\n", decoded->len, decoded->data);
SECITEM_ZfreeItem(decoded, PR_TRUE);
@@ -191,100 +190,98 @@ doDecode(char * dataString, FILE *outFile, FILE *logFile)
char dataString[MAX_STRING + 1];
int
-main (int argc, char **argv)
+main(int argc, char **argv)
{
- int retval = 0; /* 0 - test succeeded. -1 - test failed */
- SECStatus rv;
- PLOptState *optstate;
- char *program_name;
- char *input_file = NULL; /* read encrypted data from here (or create) */
- char *output_file = NULL; /* write new encrypted data here */
- char *log_file = NULL; /* write new encrypted data here */
- FILE *inFile = stdin;
- FILE *outFile = stdout;
- FILE *logFile = NULL;
+ int retval = 0; /* 0 - test succeeded. -1 - test failed */
+ SECStatus rv;
+ PLOptState *optstate;
+ char *program_name;
+ char *input_file = NULL; /* read encrypted data from here (or create) */
+ char *output_file = NULL; /* write new encrypted data here */
+ char *log_file = NULL; /* write new encrypted data here */
+ FILE *inFile = stdin;
+ FILE *outFile = stdout;
+ FILE *logFile = NULL;
PLOptStatus optstatus;
- secuPWData pwdata = { PW_NONE, NULL };
-
+ secuPWData pwdata = { PW_NONE, NULL };
program_name = PL_strrchr(argv[0], '/');
program_name = program_name ? (program_name + 1) : argv[0];
- optstate = PL_CreateOptState (argc, argv, "Hd:f:i:o:l:p:?");
+ optstate = PL_CreateOptState(argc, argv, "Hd:f:i:o:l:p:?");
if (optstate == NULL) {
- SECU_PrintError (program_name, "PL_CreateOptState failed");
- return 1;
+ SECU_PrintError(program_name, "PL_CreateOptState failed");
+ return 1;
}
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- short_usage (program_name);
- return 1;
-
- case 'H':
- long_usage (program_name);
- return 1;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'i':
- input_file = PL_strdup(optstate->value);
- break;
-
- case 'o':
- output_file = PL_strdup(optstate->value);
- break;
-
- case 'l':
- log_file = PL_strdup(optstate->value);
- break;
-
- case 'f':
- pwdata.source = PW_FROMFILE;
- pwdata.data = PL_strdup(optstate->value);
- break;
-
- case 'p':
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = PL_strdup(optstate->value);
- break;
-
- }
+ switch (optstate->option) {
+ case '?':
+ short_usage(program_name);
+ return 1;
+
+ case 'H':
+ long_usage(program_name);
+ return 1;
+
+ case 'd':
+ SECU_ConfigDirectory(optstate->value);
+ break;
+
+ case 'i':
+ input_file = PL_strdup(optstate->value);
+ break;
+
+ case 'o':
+ output_file = PL_strdup(optstate->value);
+ break;
+
+ case 'l':
+ log_file = PL_strdup(optstate->value);
+ break;
+
+ case 'f':
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = PL_strdup(optstate->value);
+ break;
+
+ case 'p':
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = PL_strdup(optstate->value);
+ break;
+ }
}
PL_DestroyOptState(optstate);
if (optstatus == PL_OPT_BAD) {
- short_usage (program_name);
- return 1;
+ short_usage(program_name);
+ return 1;
}
if (input_file) {
- inFile = fopen(input_file,"r");
+ inFile = fopen(input_file, "r");
if (inFile == NULL) {
- perror(input_file);
- return 1;
+ perror(input_file);
+ return 1;
}
PR_Free(input_file);
}
if (output_file) {
- outFile = fopen(output_file,"w+");
+ outFile = fopen(output_file, "w+");
if (outFile == NULL) {
- perror(output_file);
- return 1;
+ perror(output_file);
+ return 1;
}
PR_Free(output_file);
}
if (log_file) {
- if (log_file[0] == '-')
- logFile = stderr;
- else
- logFile = fopen(log_file,"w+");
- if (logFile == NULL) {
- perror(log_file);
- return 1;
- }
+ if (log_file[0] == '-')
+ logFile = stderr;
+ else
+ logFile = fopen(log_file, "w+");
+ if (logFile == NULL) {
+ perror(log_file);
+ return 1;
+ }
PR_Free(log_file);
}
@@ -294,40 +291,40 @@ main (int argc, char **argv)
PK11_SetPasswordFunc(SECU_GetModulePassword);
rv = NSS_Init(SECU_ConfigDirectory(NULL));
if (rv != SECSuccess) {
- SECU_PrintError (program_name, "NSS_Init failed");
- retval = 1;
- goto prdone;
+ SECU_PrintError(program_name, "NSS_Init failed");
+ retval = 1;
+ goto prdone;
}
/* Get the encrypted result, either from the input file
* or from encrypting the plaintext value
*/
while (fgets(dataString, sizeof dataString, inFile)) {
- unsigned char c = dataString[0];
+ unsigned char c = dataString[0];
- if (c == 'M' && isBase64(dataString)) {
- doDecrypt(dataString, outFile, logFile, &pwdata);
+ if (c == 'M' && isBase64(dataString)) {
+ doDecrypt(dataString, outFile, logFile, &pwdata);
} else if (c == '~' && isBase64(dataString + 1)) {
- doDecode(dataString, outFile, logFile);
- } else {
- fputs(dataString, outFile);
- }
+ doDecode(dataString, outFile, logFile);
+ } else {
+ fputs(dataString, outFile);
+ }
}
if (pwdata.data)
- PR_Free(pwdata.data);
+ PR_Free(pwdata.data);
fclose(outFile);
fclose(inFile);
if (logFile && logFile != stderr) {
- fclose(logFile);
+ fclose(logFile);
}
if (NSS_Shutdown() != SECSuccess) {
- SECU_PrintError (program_name, "NSS_Shutdown failed");
+ SECU_PrintError(program_name, "NSS_Shutdown failed");
exit(1);
}
prdone:
- PR_Cleanup ();
+ PR_Cleanup();
return retval;
}
diff --git a/cmd/rsaperf/defkey.c b/cmd/rsaperf/defkey.c
index eedd9f79a..3ca366fa7 100644
--- a/cmd/rsaperf/defkey.c
+++ b/cmd/rsaperf/defkey.c
@@ -13,234 +13,234 @@
#define CONST
static CONST unsigned char default_n1024[128] = {
-0xc2,0xae,0x96,0x89,0xaf,0xce,0xd0,0x7b,0x3b,0x35,0xfd,0x0f,0xb1,0xf4,0x7a,0xd1,
-0x3c,0x7d,0xb5,0x86,0xf2,0x68,0x36,0xc9,0x97,0xe6,0x82,0x94,0x86,0xaa,0x05,0x39,
-0xec,0x11,0x51,0xcc,0x5c,0xa1,0x59,0xba,0x29,0x18,0xf3,0x28,0xf1,0x9d,0xe3,0xae,
-0x96,0x5d,0x6d,0x87,0x73,0xf6,0xf6,0x1f,0xd0,0x2d,0xfb,0x2f,0x7a,0x13,0x7f,0xc8,
-0x0c,0x7a,0xe9,0x85,0xfb,0xce,0x74,0x86,0xf8,0xef,0x2f,0x85,0x37,0x73,0x0f,0x62,
-0x4e,0x93,0x17,0xb7,0x7e,0x84,0x9a,0x94,0x11,0x05,0xca,0x0d,0x31,0x4b,0x2a,0xc8,
-0xdf,0xfe,0xe9,0x0c,0x13,0xc7,0xf2,0xad,0x19,0x64,0x28,0x3c,0xb5,0x6a,0xc8,0x4b,
-0x79,0xea,0x7c,0xce,0x75,0x92,0x45,0x3e,0xa3,0x9d,0x64,0x6f,0x04,0x69,0x19,0x17
+ 0xc2, 0xae, 0x96, 0x89, 0xaf, 0xce, 0xd0, 0x7b, 0x3b, 0x35, 0xfd, 0x0f, 0xb1, 0xf4, 0x7a, 0xd1,
+ 0x3c, 0x7d, 0xb5, 0x86, 0xf2, 0x68, 0x36, 0xc9, 0x97, 0xe6, 0x82, 0x94, 0x86, 0xaa, 0x05, 0x39,
+ 0xec, 0x11, 0x51, 0xcc, 0x5c, 0xa1, 0x59, 0xba, 0x29, 0x18, 0xf3, 0x28, 0xf1, 0x9d, 0xe3, 0xae,
+ 0x96, 0x5d, 0x6d, 0x87, 0x73, 0xf6, 0xf6, 0x1f, 0xd0, 0x2d, 0xfb, 0x2f, 0x7a, 0x13, 0x7f, 0xc8,
+ 0x0c, 0x7a, 0xe9, 0x85, 0xfb, 0xce, 0x74, 0x86, 0xf8, 0xef, 0x2f, 0x85, 0x37, 0x73, 0x0f, 0x62,
+ 0x4e, 0x93, 0x17, 0xb7, 0x7e, 0x84, 0x9a, 0x94, 0x11, 0x05, 0xca, 0x0d, 0x31, 0x4b, 0x2a, 0xc8,
+ 0xdf, 0xfe, 0xe9, 0x0c, 0x13, 0xc7, 0xf2, 0xad, 0x19, 0x64, 0x28, 0x3c, 0xb5, 0x6a, 0xc8, 0x4b,
+ 0x79, 0xea, 0x7c, 0xce, 0x75, 0x92, 0x45, 0x3e, 0xa3, 0x9d, 0x64, 0x6f, 0x04, 0x69, 0x19, 0x17
};
-static CONST unsigned char default_e1024[3] = { 0x01,0x00,0x01 };
+static CONST unsigned char default_e1024[3] = { 0x01, 0x00, 0x01 };
static CONST unsigned char default_d1024[128] = {
-0x13,0xcb,0xbc,0xf2,0xf3,0x35,0x8c,0x6d,0x7b,0x6f,0xd9,0xf3,0xa6,0x9c,0xbd,0x80,
-0x59,0x2e,0x4f,0x2f,0x11,0xa7,0x17,0x2b,0x18,0x8f,0x0f,0xe8,0x1a,0x69,0x5f,0x6e,
-0xac,0x5a,0x76,0x7e,0xd9,0x4c,0x6e,0xdb,0x47,0x22,0x8a,0x57,0x37,0x7a,0x5e,0x94,
-0x7a,0x25,0xb5,0xe5,0x78,0x1d,0x3c,0x99,0xaf,0x89,0x7d,0x69,0x2e,0x78,0x9d,0x1d,
-0x84,0xc8,0xc1,0xd7,0x1a,0xb2,0x6d,0x2d,0x8a,0xd9,0xab,0x6b,0xce,0xae,0xb0,0xa0,
-0x58,0x55,0xad,0x5c,0x40,0x8a,0xd6,0x96,0x08,0x8a,0xe8,0x63,0xe6,0x3d,0x6c,0x20,
-0x49,0xc7,0xaf,0x0f,0x25,0x73,0xd3,0x69,0x43,0x3b,0xf2,0x32,0xf8,0x3d,0x5e,0xee,
-0x7a,0xca,0xd6,0x94,0x55,0xe5,0xbd,0x25,0x34,0x8d,0x63,0x40,0xb5,0x8a,0xc3,0x01
+ 0x13, 0xcb, 0xbc, 0xf2, 0xf3, 0x35, 0x8c, 0x6d, 0x7b, 0x6f, 0xd9, 0xf3, 0xa6, 0x9c, 0xbd, 0x80,
+ 0x59, 0x2e, 0x4f, 0x2f, 0x11, 0xa7, 0x17, 0x2b, 0x18, 0x8f, 0x0f, 0xe8, 0x1a, 0x69, 0x5f, 0x6e,
+ 0xac, 0x5a, 0x76, 0x7e, 0xd9, 0x4c, 0x6e, 0xdb, 0x47, 0x22, 0x8a, 0x57, 0x37, 0x7a, 0x5e, 0x94,
+ 0x7a, 0x25, 0xb5, 0xe5, 0x78, 0x1d, 0x3c, 0x99, 0xaf, 0x89, 0x7d, 0x69, 0x2e, 0x78, 0x9d, 0x1d,
+ 0x84, 0xc8, 0xc1, 0xd7, 0x1a, 0xb2, 0x6d, 0x2d, 0x8a, 0xd9, 0xab, 0x6b, 0xce, 0xae, 0xb0, 0xa0,
+ 0x58, 0x55, 0xad, 0x5c, 0x40, 0x8a, 0xd6, 0x96, 0x08, 0x8a, 0xe8, 0x63, 0xe6, 0x3d, 0x6c, 0x20,
+ 0x49, 0xc7, 0xaf, 0x0f, 0x25, 0x73, 0xd3, 0x69, 0x43, 0x3b, 0xf2, 0x32, 0xf8, 0x3d, 0x5e, 0xee,
+ 0x7a, 0xca, 0xd6, 0x94, 0x55, 0xe5, 0xbd, 0x25, 0x34, 0x8d, 0x63, 0x40, 0xb5, 0x8a, 0xc3, 0x01
};
static CONST unsigned char default_p1024[64] = {
-0xf6,0x3c,0x3f,0x56,0x58,0x4f,0xb3,0x82,0x0c,0xf0,0x5b,0x42,0x36,0x1c,0x93,0xde,
-0x9b,0x32,0x01,0xb1,0x48,0xf8,0x00,0x57,0x9b,0xc1,0xbe,0x66,0xc2,0xbb,0xea,0x7c,
-0x75,0x29,0x2c,0x22,0xaa,0x7c,0xaf,0xbd,0x0d,0x3f,0xb0,0x64,0x97,0xf0,0x88,0x25,
-0xcb,0x8d,0xc7,0x19,0x0a,0x75,0x44,0xa4,0x5a,0xc3,0xb5,0xb9,0x85,0xea,0x27,0xa7
+ 0xf6, 0x3c, 0x3f, 0x56, 0x58, 0x4f, 0xb3, 0x82, 0x0c, 0xf0, 0x5b, 0x42, 0x36, 0x1c, 0x93, 0xde,
+ 0x9b, 0x32, 0x01, 0xb1, 0x48, 0xf8, 0x00, 0x57, 0x9b, 0xc1, 0xbe, 0x66, 0xc2, 0xbb, 0xea, 0x7c,
+ 0x75, 0x29, 0x2c, 0x22, 0xaa, 0x7c, 0xaf, 0xbd, 0x0d, 0x3f, 0xb0, 0x64, 0x97, 0xf0, 0x88, 0x25,
+ 0xcb, 0x8d, 0xc7, 0x19, 0x0a, 0x75, 0x44, 0xa4, 0x5a, 0xc3, 0xb5, 0xb9, 0x85, 0xea, 0x27, 0xa7
};
static CONST unsigned char default_q1024[64] = {
-0xca,0x66,0xfa,0x18,0x6a,0x46,0x36,0x1c,0x46,0xfe,0x47,0xe9,0x7e,0x52,0x83,0x8a,
-0xbb,0x72,0x13,0xcc,0x83,0x56,0x3d,0x64,0x22,0xdd,0xfa,0x7c,0x61,0x99,0xea,0xa4,
-0xb3,0x0e,0x8f,0x79,0x10,0xab,0xba,0x4a,0x73,0xd1,0x48,0x40,0x34,0x34,0xd3,0xd2,
-0x54,0x92,0xbe,0xf5,0xc8,0xc4,0x60,0x5f,0xd3,0xf7,0xce,0xbe,0x60,0x3e,0xb1,0x11
+ 0xca, 0x66, 0xfa, 0x18, 0x6a, 0x46, 0x36, 0x1c, 0x46, 0xfe, 0x47, 0xe9, 0x7e, 0x52, 0x83, 0x8a,
+ 0xbb, 0x72, 0x13, 0xcc, 0x83, 0x56, 0x3d, 0x64, 0x22, 0xdd, 0xfa, 0x7c, 0x61, 0x99, 0xea, 0xa4,
+ 0xb3, 0x0e, 0x8f, 0x79, 0x10, 0xab, 0xba, 0x4a, 0x73, 0xd1, 0x48, 0x40, 0x34, 0x34, 0xd3, 0xd2,
+ 0x54, 0x92, 0xbe, 0xf5, 0xc8, 0xc4, 0x60, 0x5f, 0xd3, 0xf7, 0xce, 0xbe, 0x60, 0x3e, 0xb1, 0x11
};
static CONST unsigned char default_dModP1024[64] = {
-0x8e,0x80,0xbf,0x87,0x11,0x04,0xcf,0x36,0x6c,0x96,0x8d,0xb9,0xfb,0xe6,0xfe,0x0c,
-0xce,0x74,0x5a,0x56,0x67,0x8c,0x5f,0x66,0x54,0x56,0x04,0x03,0x24,0x9f,0xec,0x4c,
-0xaa,0xe1,0x71,0x11,0x7e,0xe9,0x3a,0x2b,0x87,0x07,0x5c,0xe6,0x5a,0xa8,0x71,0xa2,
-0xad,0xf3,0x17,0x4e,0x7e,0xa6,0xef,0x5a,0xce,0xcc,0x84,0xd7,0x21,0x91,0x29,0xf1
+ 0x8e, 0x80, 0xbf, 0x87, 0x11, 0x04, 0xcf, 0x36, 0x6c, 0x96, 0x8d, 0xb9, 0xfb, 0xe6, 0xfe, 0x0c,
+ 0xce, 0x74, 0x5a, 0x56, 0x67, 0x8c, 0x5f, 0x66, 0x54, 0x56, 0x04, 0x03, 0x24, 0x9f, 0xec, 0x4c,
+ 0xaa, 0xe1, 0x71, 0x11, 0x7e, 0xe9, 0x3a, 0x2b, 0x87, 0x07, 0x5c, 0xe6, 0x5a, 0xa8, 0x71, 0xa2,
+ 0xad, 0xf3, 0x17, 0x4e, 0x7e, 0xa6, 0xef, 0x5a, 0xce, 0xcc, 0x84, 0xd7, 0x21, 0x91, 0x29, 0xf1
};
static CONST unsigned char default_dModQ1024[64] = {
-0x87,0x60,0x1d,0x02,0xdb,0x82,0x1e,0x8b,0x07,0x48,0xe8,0x5c,0x59,0xeb,0x62,0xa4,
-0x15,0xff,0x95,0x12,0x82,0xfd,0xd9,0x8d,0xf2,0x6c,0x3a,0x2f,0x9b,0x30,0x51,0x6a,
-0xdb,0x80,0x6f,0xa1,0xef,0xee,0x8c,0x69,0x63,0xd1,0xa4,0xdb,0x9c,0x8f,0x80,0xe5,
-0xfb,0x3f,0x33,0x8e,0x3d,0x3c,0x6b,0xa1,0x6c,0xab,0x20,0x92,0xe0,0xd8,0xcd,0xa1
+ 0x87, 0x60, 0x1d, 0x02, 0xdb, 0x82, 0x1e, 0x8b, 0x07, 0x48, 0xe8, 0x5c, 0x59, 0xeb, 0x62, 0xa4,
+ 0x15, 0xff, 0x95, 0x12, 0x82, 0xfd, 0xd9, 0x8d, 0xf2, 0x6c, 0x3a, 0x2f, 0x9b, 0x30, 0x51, 0x6a,
+ 0xdb, 0x80, 0x6f, 0xa1, 0xef, 0xee, 0x8c, 0x69, 0x63, 0xd1, 0xa4, 0xdb, 0x9c, 0x8f, 0x80, 0xe5,
+ 0xfb, 0x3f, 0x33, 0x8e, 0x3d, 0x3c, 0x6b, 0xa1, 0x6c, 0xab, 0x20, 0x92, 0xe0, 0xd8, 0xcd, 0xa1
};
static CONST unsigned char default_qInvModP1024[64] = {
-0xce,0xcf,0x5a,0xad,0xc4,0x8c,0x44,0x91,0x3a,0xbc,0x7b,0xf8,0x80,0xf8,0x53,0xf5,
-0x12,0x84,0x8c,0x9c,0x6b,0x33,0x93,0x0d,0xa1,0x11,0xea,0xfa,0x4a,0xc1,0xeb,0x48,
-0xdc,0x44,0x86,0x93,0x1b,0x98,0xc7,0x82,0x22,0x68,0x30,0x44,0xd7,0x62,0x1b,0x90,
-0x54,0x07,0x4b,0x66,0xa7,0xc5,0x75,0x5a,0x72,0x77,0x92,0xdd,0x6c,0xf3,0x37,0xab
+ 0xce, 0xcf, 0x5a, 0xad, 0xc4, 0x8c, 0x44, 0x91, 0x3a, 0xbc, 0x7b, 0xf8, 0x80, 0xf8, 0x53, 0xf5,
+ 0x12, 0x84, 0x8c, 0x9c, 0x6b, 0x33, 0x93, 0x0d, 0xa1, 0x11, 0xea, 0xfa, 0x4a, 0xc1, 0xeb, 0x48,
+ 0xdc, 0x44, 0x86, 0x93, 0x1b, 0x98, 0xc7, 0x82, 0x22, 0x68, 0x30, 0x44, 0xd7, 0x62, 0x1b, 0x90,
+ 0x54, 0x07, 0x4b, 0x66, 0xa7, 0xc5, 0x75, 0x5a, 0x72, 0x77, 0x92, 0xdd, 0x6c, 0xf3, 0x37, 0xab
};
static CONST unsigned char default_n2048[256] = {
-0xb3,0x9b,0x57,0x2c,0x15,0xdf,0x6c,0x6b,0xfc,0x04,0x83,0x02,0xf5,0xb3,0x2c,0x87,
-0x1b,0x9c,0xbf,0x6c,0x46,0x1d,0xdd,0xe2,0xc0,0x6d,0xfe,0xf9,0x00,0xd1,0x85,0x91,
-0x17,0x0d,0x43,0x67,0xa1,0x1f,0x8b,0xcd,0x22,0x8a,0x93,0xdc,0x9f,0xf0,0x45,0x9e,
-0x58,0x0f,0x99,0x87,0xe6,0x60,0xdf,0x8c,0x1a,0xa3,0x8f,0xc3,0x6c,0xa0,0x49,0x3a,
-0xdb,0x7f,0xd0,0xda,0x48,0x47,0xe3,0xd6,0x1f,0x29,0xcb,0xf2,0x1d,0xf3,0x81,0xd0,
-0x4d,0xf1,0x64,0xcf,0x42,0x8e,0x0f,0xe0,0x10,0x18,0x4c,0x75,0xce,0x96,0x09,0x2e,
-0x52,0xa6,0x96,0xa9,0xe1,0xab,0x3e,0x6f,0xa5,0xd3,0xee,0xd8,0xb2,0x4f,0x17,0x08,
-0x6d,0x43,0xd4,0xb3,0x1c,0x8a,0x4a,0x43,0x06,0xb5,0xab,0xfb,0xf4,0x34,0x2f,0x2f,
-0xe1,0x43,0x7b,0xe0,0x93,0xd0,0xaa,0x42,0xa3,0xb7,0xb7,0x43,0x52,0xeb,0xf3,0x64,
-0x9a,0xbc,0xa7,0xf2,0x39,0xad,0xe4,0x62,0x7d,0xbc,0x31,0x8f,0xbf,0x59,0x93,0x62,
-0x88,0xc5,0xd1,0x62,0x2d,0xe3,0xc7,0x75,0xf9,0xb8,0x00,0x96,0xe0,0x05,0x87,0x35,
-0x86,0x5d,0xeb,0x7c,0x20,0xf6,0xb2,0xb1,0x65,0x1f,0xdc,0x74,0xec,0xf4,0x0e,0xd1,
-0xf2,0x2d,0x06,0x47,0x02,0xc5,0x18,0xdb,0x19,0xb9,0x1b,0x40,0x90,0xc8,0x74,0x5c,
-0xf6,0xe8,0x17,0x64,0xf4,0xcf,0xd3,0x17,0xeb,0xd6,0x0d,0x2b,0xec,0x2a,0x9b,0xcf,
-0xc4,0xf5,0xcc,0x9a,0xc3,0x5c,0x2e,0xf1,0x98,0x25,0x2b,0xe4,0x01,0x02,0x15,0x36,
-0xe1,0xe0,0x2b,0xbe,0xdf,0x23,0xf1,0xde,0x2f,0x1b,0xbb,0x44,0xa7,0x12,0x2c,0x9d
+ 0xb3, 0x9b, 0x57, 0x2c, 0x15, 0xdf, 0x6c, 0x6b, 0xfc, 0x04, 0x83, 0x02, 0xf5, 0xb3, 0x2c, 0x87,
+ 0x1b, 0x9c, 0xbf, 0x6c, 0x46, 0x1d, 0xdd, 0xe2, 0xc0, 0x6d, 0xfe, 0xf9, 0x00, 0xd1, 0x85, 0x91,
+ 0x17, 0x0d, 0x43, 0x67, 0xa1, 0x1f, 0x8b, 0xcd, 0x22, 0x8a, 0x93, 0xdc, 0x9f, 0xf0, 0x45, 0x9e,
+ 0x58, 0x0f, 0x99, 0x87, 0xe6, 0x60, 0xdf, 0x8c, 0x1a, 0xa3, 0x8f, 0xc3, 0x6c, 0xa0, 0x49, 0x3a,
+ 0xdb, 0x7f, 0xd0, 0xda, 0x48, 0x47, 0xe3, 0xd6, 0x1f, 0x29, 0xcb, 0xf2, 0x1d, 0xf3, 0x81, 0xd0,
+ 0x4d, 0xf1, 0x64, 0xcf, 0x42, 0x8e, 0x0f, 0xe0, 0x10, 0x18, 0x4c, 0x75, 0xce, 0x96, 0x09, 0x2e,
+ 0x52, 0xa6, 0x96, 0xa9, 0xe1, 0xab, 0x3e, 0x6f, 0xa5, 0xd3, 0xee, 0xd8, 0xb2, 0x4f, 0x17, 0x08,
+ 0x6d, 0x43, 0xd4, 0xb3, 0x1c, 0x8a, 0x4a, 0x43, 0x06, 0xb5, 0xab, 0xfb, 0xf4, 0x34, 0x2f, 0x2f,
+ 0xe1, 0x43, 0x7b, 0xe0, 0x93, 0xd0, 0xaa, 0x42, 0xa3, 0xb7, 0xb7, 0x43, 0x52, 0xeb, 0xf3, 0x64,
+ 0x9a, 0xbc, 0xa7, 0xf2, 0x39, 0xad, 0xe4, 0x62, 0x7d, 0xbc, 0x31, 0x8f, 0xbf, 0x59, 0x93, 0x62,
+ 0x88, 0xc5, 0xd1, 0x62, 0x2d, 0xe3, 0xc7, 0x75, 0xf9, 0xb8, 0x00, 0x96, 0xe0, 0x05, 0x87, 0x35,
+ 0x86, 0x5d, 0xeb, 0x7c, 0x20, 0xf6, 0xb2, 0xb1, 0x65, 0x1f, 0xdc, 0x74, 0xec, 0xf4, 0x0e, 0xd1,
+ 0xf2, 0x2d, 0x06, 0x47, 0x02, 0xc5, 0x18, 0xdb, 0x19, 0xb9, 0x1b, 0x40, 0x90, 0xc8, 0x74, 0x5c,
+ 0xf6, 0xe8, 0x17, 0x64, 0xf4, 0xcf, 0xd3, 0x17, 0xeb, 0xd6, 0x0d, 0x2b, 0xec, 0x2a, 0x9b, 0xcf,
+ 0xc4, 0xf5, 0xcc, 0x9a, 0xc3, 0x5c, 0x2e, 0xf1, 0x98, 0x25, 0x2b, 0xe4, 0x01, 0x02, 0x15, 0x36,
+ 0xe1, 0xe0, 0x2b, 0xbe, 0xdf, 0x23, 0xf1, 0xde, 0x2f, 0x1b, 0xbb, 0x44, 0xa7, 0x12, 0x2c, 0x9d
};
-static CONST unsigned char default_e2048[3] = { 0x01,0x00,0x01 };
+static CONST unsigned char default_e2048[3] = { 0x01, 0x00, 0x01 };
static CONST unsigned char default_d2048[256] = {
-0x0f,0x03,0x3f,0x08,0x1a,0x53,0xf0,0x96,0x1e,0x1c,0xaa,0x6e,0xc6,0xe6,0xd1,0x24,
-0x01,0xf4,0xda,0x33,0x4c,0xb1,0x16,0x68,0xeb,0xb8,0xc6,0x05,0x3e,0x42,0x45,0x2d,
-0xd9,0x85,0x6c,0x4a,0xef,0x36,0xd9,0xd2,0xad,0xbe,0x73,0x99,0x8f,0x6c,0xe0,0x04,
-0xda,0x4b,0x83,0x83,0xce,0x87,0xee,0x67,0xa1,0x9a,0x66,0x5b,0xe9,0x6a,0x84,0x74,
-0x7d,0x00,0x74,0x0e,0xaa,0xd8,0x07,0x7d,0x50,0x61,0x88,0x00,0x96,0xec,0x51,0xbf,
-0x7d,0xa4,0x5d,0xce,0xcd,0x3b,0x5e,0xac,0x55,0xec,0x12,0x08,0x0e,0xda,0x8f,0xad,
-0xe5,0x8e,0xb3,0x2d,0x44,0x05,0xb2,0x54,0x56,0xc2,0x1e,0x46,0xd2,0xb0,0xb5,0xb6,
-0x28,0x9b,0xf0,0xdd,0x7f,0xd7,0x37,0x59,0xde,0xe7,0xb4,0x96,0x7c,0xd5,0x17,0xd4,
-0x7e,0xe0,0xcb,0xb3,0x3c,0x5f,0x72,0x30,0xbe,0x3c,0x81,0x82,0x8e,0xb9,0xc6,0xa7,
-0x23,0x71,0xf5,0x6f,0xd7,0x56,0xe4,0xee,0x3b,0x2d,0x8f,0x3e,0x43,0x98,0xc8,0xe8,
-0x95,0xfd,0xc3,0x73,0xd3,0x8e,0x38,0x01,0xa5,0xc6,0xbe,0x0c,0x6b,0x6b,0x4f,0x13,
-0x2f,0x66,0x8b,0x85,0xe3,0x9e,0x12,0xc0,0x52,0x60,0xec,0x4a,0xcb,0xfa,0x7e,0x7c,
-0x20,0x9a,0x11,0x16,0x1a,0xb7,0x96,0xd6,0x00,0x7a,0x04,0x7b,0x17,0xcc,0x4c,0x43,
-0xdc,0xd0,0x64,0x45,0x45,0xd3,0x21,0x06,0x8b,0xd6,0xb0,0xf0,0xbf,0x20,0x56,0xfd,
-0x11,0x9c,0x1d,0x82,0xcd,0x34,0x16,0x75,0x63,0xac,0x51,0xd5,0x55,0xb4,0x35,0x0a,
-0xc3,0x8c,0x47,0x01,0x8e,0x99,0x95,0xc5,0x99,0x21,0x79,0x66,0x1a,0xa6,0xb0,0xe9
+ 0x0f, 0x03, 0x3f, 0x08, 0x1a, 0x53, 0xf0, 0x96, 0x1e, 0x1c, 0xaa, 0x6e, 0xc6, 0xe6, 0xd1, 0x24,
+ 0x01, 0xf4, 0xda, 0x33, 0x4c, 0xb1, 0x16, 0x68, 0xeb, 0xb8, 0xc6, 0x05, 0x3e, 0x42, 0x45, 0x2d,
+ 0xd9, 0x85, 0x6c, 0x4a, 0xef, 0x36, 0xd9, 0xd2, 0xad, 0xbe, 0x73, 0x99, 0x8f, 0x6c, 0xe0, 0x04,
+ 0xda, 0x4b, 0x83, 0x83, 0xce, 0x87, 0xee, 0x67, 0xa1, 0x9a, 0x66, 0x5b, 0xe9, 0x6a, 0x84, 0x74,
+ 0x7d, 0x00, 0x74, 0x0e, 0xaa, 0xd8, 0x07, 0x7d, 0x50, 0x61, 0x88, 0x00, 0x96, 0xec, 0x51, 0xbf,
+ 0x7d, 0xa4, 0x5d, 0xce, 0xcd, 0x3b, 0x5e, 0xac, 0x55, 0xec, 0x12, 0x08, 0x0e, 0xda, 0x8f, 0xad,
+ 0xe5, 0x8e, 0xb3, 0x2d, 0x44, 0x05, 0xb2, 0x54, 0x56, 0xc2, 0x1e, 0x46, 0xd2, 0xb0, 0xb5, 0xb6,
+ 0x28, 0x9b, 0xf0, 0xdd, 0x7f, 0xd7, 0x37, 0x59, 0xde, 0xe7, 0xb4, 0x96, 0x7c, 0xd5, 0x17, 0xd4,
+ 0x7e, 0xe0, 0xcb, 0xb3, 0x3c, 0x5f, 0x72, 0x30, 0xbe, 0x3c, 0x81, 0x82, 0x8e, 0xb9, 0xc6, 0xa7,
+ 0x23, 0x71, 0xf5, 0x6f, 0xd7, 0x56, 0xe4, 0xee, 0x3b, 0x2d, 0x8f, 0x3e, 0x43, 0x98, 0xc8, 0xe8,
+ 0x95, 0xfd, 0xc3, 0x73, 0xd3, 0x8e, 0x38, 0x01, 0xa5, 0xc6, 0xbe, 0x0c, 0x6b, 0x6b, 0x4f, 0x13,
+ 0x2f, 0x66, 0x8b, 0x85, 0xe3, 0x9e, 0x12, 0xc0, 0x52, 0x60, 0xec, 0x4a, 0xcb, 0xfa, 0x7e, 0x7c,
+ 0x20, 0x9a, 0x11, 0x16, 0x1a, 0xb7, 0x96, 0xd6, 0x00, 0x7a, 0x04, 0x7b, 0x17, 0xcc, 0x4c, 0x43,
+ 0xdc, 0xd0, 0x64, 0x45, 0x45, 0xd3, 0x21, 0x06, 0x8b, 0xd6, 0xb0, 0xf0, 0xbf, 0x20, 0x56, 0xfd,
+ 0x11, 0x9c, 0x1d, 0x82, 0xcd, 0x34, 0x16, 0x75, 0x63, 0xac, 0x51, 0xd5, 0x55, 0xb4, 0x35, 0x0a,
+ 0xc3, 0x8c, 0x47, 0x01, 0x8e, 0x99, 0x95, 0xc5, 0x99, 0x21, 0x79, 0x66, 0x1a, 0xa6, 0xb0, 0xe9
};
static CONST unsigned char default_p2048[128] = {
-0xd7,0xaa,0xb4,0x8d,0xb1,0x23,0x67,0x80,0x7b,0x98,0xf7,0xe6,0xfd,0x6d,0x5c,0x98,
-0x34,0x89,0x97,0xbd,0xa8,0x88,0xdd,0xb3,0xe6,0xbc,0x5f,0xb8,0xd6,0xa5,0x14,0x00,
-0x4a,0x54,0x1a,0xbf,0x65,0x64,0x7d,0x39,0x55,0xff,0x27,0x0f,0x2f,0x99,0x57,0xe6,
-0x69,0x89,0x1c,0xc4,0x89,0xff,0xe4,0x1f,0xa5,0x47,0xea,0x1e,0x47,0x07,0xf7,0x46,
-0xa5,0x3a,0x25,0x70,0x9e,0x6d,0xe3,0x83,0xc1,0x9d,0x75,0xf5,0x67,0xb5,0x7f,0x5c,
-0xf8,0x24,0xff,0x85,0x11,0x53,0xff,0x0e,0xbc,0x57,0x6f,0xc7,0x2a,0x36,0xbd,0xdd,
-0x0b,0xe5,0x25,0x04,0x1f,0x48,0xbc,0xdd,0xd6,0x13,0xb8,0xe9,0xfd,0x00,0xba,0x37,
-0x13,0x63,0xc2,0xd4,0x70,0xf8,0x4b,0x09,0x71,0xa8,0xbe,0xca,0x0d,0x68,0x16,0x5f
+ 0xd7, 0xaa, 0xb4, 0x8d, 0xb1, 0x23, 0x67, 0x80, 0x7b, 0x98, 0xf7, 0xe6, 0xfd, 0x6d, 0x5c, 0x98,
+ 0x34, 0x89, 0x97, 0xbd, 0xa8, 0x88, 0xdd, 0xb3, 0xe6, 0xbc, 0x5f, 0xb8, 0xd6, 0xa5, 0x14, 0x00,
+ 0x4a, 0x54, 0x1a, 0xbf, 0x65, 0x64, 0x7d, 0x39, 0x55, 0xff, 0x27, 0x0f, 0x2f, 0x99, 0x57, 0xe6,
+ 0x69, 0x89, 0x1c, 0xc4, 0x89, 0xff, 0xe4, 0x1f, 0xa5, 0x47, 0xea, 0x1e, 0x47, 0x07, 0xf7, 0x46,
+ 0xa5, 0x3a, 0x25, 0x70, 0x9e, 0x6d, 0xe3, 0x83, 0xc1, 0x9d, 0x75, 0xf5, 0x67, 0xb5, 0x7f, 0x5c,
+ 0xf8, 0x24, 0xff, 0x85, 0x11, 0x53, 0xff, 0x0e, 0xbc, 0x57, 0x6f, 0xc7, 0x2a, 0x36, 0xbd, 0xdd,
+ 0x0b, 0xe5, 0x25, 0x04, 0x1f, 0x48, 0xbc, 0xdd, 0xd6, 0x13, 0xb8, 0xe9, 0xfd, 0x00, 0xba, 0x37,
+ 0x13, 0x63, 0xc2, 0xd4, 0x70, 0xf8, 0x4b, 0x09, 0x71, 0xa8, 0xbe, 0xca, 0x0d, 0x68, 0x16, 0x5f
};
static CONST unsigned char default_q2048[128] = {
-0xd5,0x32,0x38,0x82,0x14,0xed,0xd1,0x90,0x51,0xef,0x17,0xa2,0x9b,0xc3,0xb0,0x45,
-0x86,0x64,0xbe,0xce,0x8f,0x85,0x78,0x18,0x7a,0xf8,0x3a,0xb7,0x17,0x7b,0x5d,0xf3,
-0xe9,0xd7,0x9d,0xb3,0x2f,0x96,0x35,0x96,0x60,0x38,0xe7,0x96,0xc3,0x08,0xe6,0xf1,
-0xb8,0x16,0xc0,0x1d,0xc9,0x6f,0xd3,0x99,0x14,0x8e,0xd3,0x6a,0x2b,0x6c,0x4d,0xd1,
-0x71,0x1c,0x4c,0x38,0x72,0x18,0x23,0xf9,0xd1,0x6c,0xa2,0x87,0xfe,0x33,0xc2,0x9d,
-0x6e,0xd0,0x80,0x62,0x44,0x7b,0x3a,0x4d,0x2f,0xff,0x5f,0x73,0xe5,0x53,0x32,0x18,
-0x14,0xb2,0xdb,0x6b,0x25,0x7b,0xac,0xb4,0x3b,0x1e,0x5e,0xcd,0xec,0x01,0x99,0xdb,
-0x0c,0x1f,0xc2,0xa6,0x50,0x1d,0x6d,0x7b,0x58,0x75,0x04,0x89,0x5d,0x87,0x86,0x83
+ 0xd5, 0x32, 0x38, 0x82, 0x14, 0xed, 0xd1, 0x90, 0x51, 0xef, 0x17, 0xa2, 0x9b, 0xc3, 0xb0, 0x45,
+ 0x86, 0x64, 0xbe, 0xce, 0x8f, 0x85, 0x78, 0x18, 0x7a, 0xf8, 0x3a, 0xb7, 0x17, 0x7b, 0x5d, 0xf3,
+ 0xe9, 0xd7, 0x9d, 0xb3, 0x2f, 0x96, 0x35, 0x96, 0x60, 0x38, 0xe7, 0x96, 0xc3, 0x08, 0xe6, 0xf1,
+ 0xb8, 0x16, 0xc0, 0x1d, 0xc9, 0x6f, 0xd3, 0x99, 0x14, 0x8e, 0xd3, 0x6a, 0x2b, 0x6c, 0x4d, 0xd1,
+ 0x71, 0x1c, 0x4c, 0x38, 0x72, 0x18, 0x23, 0xf9, 0xd1, 0x6c, 0xa2, 0x87, 0xfe, 0x33, 0xc2, 0x9d,
+ 0x6e, 0xd0, 0x80, 0x62, 0x44, 0x7b, 0x3a, 0x4d, 0x2f, 0xff, 0x5f, 0x73, 0xe5, 0x53, 0x32, 0x18,
+ 0x14, 0xb2, 0xdb, 0x6b, 0x25, 0x7b, 0xac, 0xb4, 0x3b, 0x1e, 0x5e, 0xcd, 0xec, 0x01, 0x99, 0xdb,
+ 0x0c, 0x1f, 0xc2, 0xa6, 0x50, 0x1d, 0x6d, 0x7b, 0x58, 0x75, 0x04, 0x89, 0x5d, 0x87, 0x86, 0x83
};
static CONST unsigned char default_dModP2048[128] = {
-0xc0,0xba,0x16,0x1b,0xc1,0x3e,0xc8,0x51,0xb3,0x22,0x21,0xf7,0x54,0x66,0x14,0xa7,
-0x17,0xdc,0x15,0xb4,0x31,0x16,0x0e,0x39,0xa4,0x6a,0x96,0x88,0x11,0x98,0xf7,0xe4,
-0xc2,0x87,0xa2,0x57,0x83,0xfe,0x67,0x41,0x83,0xae,0x3e,0x73,0x7d,0xaf,0xe5,0x33,
-0x4d,0x00,0x70,0xaa,0xda,0x3f,0xc8,0xd6,0xd6,0xd7,0x0b,0x4a,0xff,0x63,0x09,0x01,
-0x22,0xca,0x71,0x86,0xd0,0xad,0x96,0xf1,0xb9,0x66,0x43,0x71,0x88,0xba,0x53,0x14,
-0xfb,0xd3,0xe4,0x5c,0x3f,0xfd,0xf6,0x22,0x6f,0x01,0x1c,0x2c,0xb9,0x76,0xad,0xf9,
-0x09,0x96,0x3e,0x9c,0x0e,0x70,0xec,0x06,0xba,0x36,0x69,0xbb,0x00,0x93,0x53,0xd5,
-0xc0,0x08,0x18,0xa5,0xcc,0x46,0xb6,0x97,0xbb,0xf0,0x76,0x7f,0x0d,0xb8,0x04,0xb5
+ 0xc0, 0xba, 0x16, 0x1b, 0xc1, 0x3e, 0xc8, 0x51, 0xb3, 0x22, 0x21, 0xf7, 0x54, 0x66, 0x14, 0xa7,
+ 0x17, 0xdc, 0x15, 0xb4, 0x31, 0x16, 0x0e, 0x39, 0xa4, 0x6a, 0x96, 0x88, 0x11, 0x98, 0xf7, 0xe4,
+ 0xc2, 0x87, 0xa2, 0x57, 0x83, 0xfe, 0x67, 0x41, 0x83, 0xae, 0x3e, 0x73, 0x7d, 0xaf, 0xe5, 0x33,
+ 0x4d, 0x00, 0x70, 0xaa, 0xda, 0x3f, 0xc8, 0xd6, 0xd6, 0xd7, 0x0b, 0x4a, 0xff, 0x63, 0x09, 0x01,
+ 0x22, 0xca, 0x71, 0x86, 0xd0, 0xad, 0x96, 0xf1, 0xb9, 0x66, 0x43, 0x71, 0x88, 0xba, 0x53, 0x14,
+ 0xfb, 0xd3, 0xe4, 0x5c, 0x3f, 0xfd, 0xf6, 0x22, 0x6f, 0x01, 0x1c, 0x2c, 0xb9, 0x76, 0xad, 0xf9,
+ 0x09, 0x96, 0x3e, 0x9c, 0x0e, 0x70, 0xec, 0x06, 0xba, 0x36, 0x69, 0xbb, 0x00, 0x93, 0x53, 0xd5,
+ 0xc0, 0x08, 0x18, 0xa5, 0xcc, 0x46, 0xb6, 0x97, 0xbb, 0xf0, 0x76, 0x7f, 0x0d, 0xb8, 0x04, 0xb5
};
static CONST unsigned char default_dModQ2048[128] = {
-0xa9,0x18,0xfd,0x43,0x07,0xf0,0x9d,0x50,0x77,0xfc,0x48,0xe5,0xdb,0xe0,0x39,0xd6,
-0xdb,0x42,0xdb,0x28,0xa1,0x23,0x7e,0xdf,0x03,0xe2,0x11,0x48,0x19,0xa2,0xeb,0x21,
-0x44,0xaf,0x95,0x50,0x83,0x85,0x03,0x99,0xf3,0x56,0x0f,0x32,0x40,0x1d,0xb6,0x77,
-0xb0,0xc8,0xb2,0xb6,0xad,0x88,0x39,0xef,0xe8,0x23,0x64,0xc2,0x88,0x10,0x8e,0x24,
-0x7a,0x2f,0xb4,0xb0,0xec,0xa6,0x03,0x1a,0xe9,0xa5,0xdd,0xc0,0x39,0xba,0xba,0x38,
-0xfe,0xa4,0xf7,0xbf,0x79,0x8b,0xb7,0xf1,0x73,0x09,0x7d,0x9f,0x42,0x1c,0x5b,0xd6,
-0x47,0xcc,0x99,0x46,0x81,0xe3,0x77,0x57,0x38,0xb0,0xdd,0x07,0x3d,0x93,0x03,0x82,
-0x7f,0x3a,0x4d,0xbc,0x76,0x3c,0xf1,0x12,0x6d,0x55,0xdb,0x34,0x4c,0xef,0xea,0x9b
+ 0xa9, 0x18, 0xfd, 0x43, 0x07, 0xf0, 0x9d, 0x50, 0x77, 0xfc, 0x48, 0xe5, 0xdb, 0xe0, 0x39, 0xd6,
+ 0xdb, 0x42, 0xdb, 0x28, 0xa1, 0x23, 0x7e, 0xdf, 0x03, 0xe2, 0x11, 0x48, 0x19, 0xa2, 0xeb, 0x21,
+ 0x44, 0xaf, 0x95, 0x50, 0x83, 0x85, 0x03, 0x99, 0xf3, 0x56, 0x0f, 0x32, 0x40, 0x1d, 0xb6, 0x77,
+ 0xb0, 0xc8, 0xb2, 0xb6, 0xad, 0x88, 0x39, 0xef, 0xe8, 0x23, 0x64, 0xc2, 0x88, 0x10, 0x8e, 0x24,
+ 0x7a, 0x2f, 0xb4, 0xb0, 0xec, 0xa6, 0x03, 0x1a, 0xe9, 0xa5, 0xdd, 0xc0, 0x39, 0xba, 0xba, 0x38,
+ 0xfe, 0xa4, 0xf7, 0xbf, 0x79, 0x8b, 0xb7, 0xf1, 0x73, 0x09, 0x7d, 0x9f, 0x42, 0x1c, 0x5b, 0xd6,
+ 0x47, 0xcc, 0x99, 0x46, 0x81, 0xe3, 0x77, 0x57, 0x38, 0xb0, 0xdd, 0x07, 0x3d, 0x93, 0x03, 0x82,
+ 0x7f, 0x3a, 0x4d, 0xbc, 0x76, 0x3c, 0xf1, 0x12, 0x6d, 0x55, 0xdb, 0x34, 0x4c, 0xef, 0xea, 0x9b
};
static CONST unsigned char default_qInvModP2048[128] = {
-0x77,0xd9,0x45,0xd4,0xd2,0xd1,0x46,0xa8,0xaf,0x57,0x8f,0x5e,0x4f,0x6b,0x24,0x0f,
-0xb4,0xaa,0xff,0x92,0x86,0x78,0xa8,0xc1,0x69,0x9c,0x54,0xe9,0x81,0xa1,0x9c,0x26,
-0x11,0x5d,0xfa,0xff,0x70,0x9e,0xa3,0xf3,0xe3,0x78,0x41,0x2b,0x31,0x35,0x09,0xa2,
-0x5c,0x5f,0x6e,0x4d,0xad,0xeb,0x4a,0xe0,0xb1,0xce,0x2c,0x22,0x59,0x72,0x4c,0x17,
-0xad,0x71,0x5c,0x25,0xca,0x4f,0x00,0xc6,0xee,0x63,0x10,0x8e,0xf7,0xbe,0xa4,0x55,
-0x22,0x0d,0x2c,0xb9,0xe5,0xa9,0x72,0x07,0xa2,0xb1,0x29,0xf2,0x4a,0x9f,0xde,0x70,
-0x0c,0x28,0xb7,0x60,0x12,0x9d,0x4b,0x04,0xd7,0xe3,0xd7,0xc5,0x71,0xdf,0x5c,0xc0,
-0x65,0x75,0x6e,0xfb,0xc6,0x3e,0x61,0x4c,0xc2,0xdf,0xb3,0xd3,0xba,0x17,0x36,0x24
+ 0x77, 0xd9, 0x45, 0xd4, 0xd2, 0xd1, 0x46, 0xa8, 0xaf, 0x57, 0x8f, 0x5e, 0x4f, 0x6b, 0x24, 0x0f,
+ 0xb4, 0xaa, 0xff, 0x92, 0x86, 0x78, 0xa8, 0xc1, 0x69, 0x9c, 0x54, 0xe9, 0x81, 0xa1, 0x9c, 0x26,
+ 0x11, 0x5d, 0xfa, 0xff, 0x70, 0x9e, 0xa3, 0xf3, 0xe3, 0x78, 0x41, 0x2b, 0x31, 0x35, 0x09, 0xa2,
+ 0x5c, 0x5f, 0x6e, 0x4d, 0xad, 0xeb, 0x4a, 0xe0, 0xb1, 0xce, 0x2c, 0x22, 0x59, 0x72, 0x4c, 0x17,
+ 0xad, 0x71, 0x5c, 0x25, 0xca, 0x4f, 0x00, 0xc6, 0xee, 0x63, 0x10, 0x8e, 0xf7, 0xbe, 0xa4, 0x55,
+ 0x22, 0x0d, 0x2c, 0xb9, 0xe5, 0xa9, 0x72, 0x07, 0xa2, 0xb1, 0x29, 0xf2, 0x4a, 0x9f, 0xde, 0x70,
+ 0x0c, 0x28, 0xb7, 0x60, 0x12, 0x9d, 0x4b, 0x04, 0xd7, 0xe3, 0xd7, 0xc5, 0x71, 0xdf, 0x5c, 0xc0,
+ 0x65, 0x75, 0x6e, 0xfb, 0xc6, 0x3e, 0x61, 0x4c, 0xc2, 0xdf, 0xb3, 0xd3, 0xba, 0x17, 0x36, 0x24
};
static struct NSSLOWKEYPrivateKeyStr rsaPriv;
-NSSLOWKEYPrivateKey *
+NSSLOWKEYPrivateKey*
getDefaultRSAPrivateKey(int keysize)
{
if (rsaPriv.keyType != NSSLOWKEYRSAKey) {
- /* leaving arena uninitialized. It isn't used in this test. */
+ /* leaving arena uninitialized. It isn't used in this test. */
- rsaPriv.keyType = NSSLOWKEYRSAKey;
+ rsaPriv.keyType = NSSLOWKEYRSAKey;
- /* leaving arena uninitialized. It isn't used. */
- /* leaving version uninitialized. It isn't used. */
+ /* leaving arena uninitialized. It isn't used. */
+ /* leaving version uninitialized. It isn't used. */
if (keysize == 2048) {
- rsaPriv.u.rsa.modulus.data = default_n2048;
- rsaPriv.u.rsa.modulus.len = sizeof default_n2048;
- rsaPriv.u.rsa.publicExponent.data = default_e2048;
- rsaPriv.u.rsa.publicExponent.len = sizeof default_e2048;
- rsaPriv.u.rsa.privateExponent.data = default_d2048;
- rsaPriv.u.rsa.privateExponent.len = sizeof default_d2048;
- rsaPriv.u.rsa.prime1.data = default_p2048;
- rsaPriv.u.rsa.prime1.len = sizeof default_p2048;
- rsaPriv.u.rsa.prime2.data = default_q2048;
- rsaPriv.u.rsa.prime2.len = sizeof default_q2048;
- rsaPriv.u.rsa.exponent1.data = default_dModP2048;
- rsaPriv.u.rsa.exponent1.len = sizeof default_dModP2048;
- rsaPriv.u.rsa.exponent2.data = default_dModQ2048;
- rsaPriv.u.rsa.exponent2.len = sizeof default_dModQ2048;
- rsaPriv.u.rsa.coefficient.data = default_qInvModP2048;
- rsaPriv.u.rsa.coefficient.len = sizeof default_qInvModP2048;
- } else {
- rsaPriv.u.rsa.modulus.data = default_n1024;
- rsaPriv.u.rsa.modulus.len = sizeof default_n1024;
- rsaPriv.u.rsa.publicExponent.data = default_e1024;
- rsaPriv.u.rsa.publicExponent.len = sizeof default_e1024;
- rsaPriv.u.rsa.privateExponent.data = default_d1024;
- rsaPriv.u.rsa.privateExponent.len = sizeof default_d1024;
- rsaPriv.u.rsa.prime1.data = default_p1024;
- rsaPriv.u.rsa.prime1.len = sizeof default_p1024;
- rsaPriv.u.rsa.prime2.data = default_q1024;
- rsaPriv.u.rsa.prime2.len = sizeof default_q1024;
- rsaPriv.u.rsa.exponent1.data = default_dModP1024;
- rsaPriv.u.rsa.exponent1.len = sizeof default_dModP1024;
- rsaPriv.u.rsa.exponent2.data = default_dModQ1024;
- rsaPriv.u.rsa.exponent2.len = sizeof default_dModQ1024;
- rsaPriv.u.rsa.coefficient.data = default_qInvModP1024;
- rsaPriv.u.rsa.coefficient.len = sizeof default_qInvModP1024;
- }
+ rsaPriv.u.rsa.modulus.data = default_n2048;
+ rsaPriv.u.rsa.modulus.len = sizeof default_n2048;
+ rsaPriv.u.rsa.publicExponent.data = default_e2048;
+ rsaPriv.u.rsa.publicExponent.len = sizeof default_e2048;
+ rsaPriv.u.rsa.privateExponent.data = default_d2048;
+ rsaPriv.u.rsa.privateExponent.len = sizeof default_d2048;
+ rsaPriv.u.rsa.prime1.data = default_p2048;
+ rsaPriv.u.rsa.prime1.len = sizeof default_p2048;
+ rsaPriv.u.rsa.prime2.data = default_q2048;
+ rsaPriv.u.rsa.prime2.len = sizeof default_q2048;
+ rsaPriv.u.rsa.exponent1.data = default_dModP2048;
+ rsaPriv.u.rsa.exponent1.len = sizeof default_dModP2048;
+ rsaPriv.u.rsa.exponent2.data = default_dModQ2048;
+ rsaPriv.u.rsa.exponent2.len = sizeof default_dModQ2048;
+ rsaPriv.u.rsa.coefficient.data = default_qInvModP2048;
+ rsaPriv.u.rsa.coefficient.len = sizeof default_qInvModP2048;
+ } else {
+ rsaPriv.u.rsa.modulus.data = default_n1024;
+ rsaPriv.u.rsa.modulus.len = sizeof default_n1024;
+ rsaPriv.u.rsa.publicExponent.data = default_e1024;
+ rsaPriv.u.rsa.publicExponent.len = sizeof default_e1024;
+ rsaPriv.u.rsa.privateExponent.data = default_d1024;
+ rsaPriv.u.rsa.privateExponent.len = sizeof default_d1024;
+ rsaPriv.u.rsa.prime1.data = default_p1024;
+ rsaPriv.u.rsa.prime1.len = sizeof default_p1024;
+ rsaPriv.u.rsa.prime2.data = default_q1024;
+ rsaPriv.u.rsa.prime2.len = sizeof default_q1024;
+ rsaPriv.u.rsa.exponent1.data = default_dModP1024;
+ rsaPriv.u.rsa.exponent1.len = sizeof default_dModP1024;
+ rsaPriv.u.rsa.exponent2.data = default_dModQ1024;
+ rsaPriv.u.rsa.exponent2.len = sizeof default_dModQ1024;
+ rsaPriv.u.rsa.coefficient.data = default_qInvModP1024;
+ rsaPriv.u.rsa.coefficient.len = sizeof default_qInvModP1024;
+ }
}
return &rsaPriv;
}
static struct NSSLOWKEYPublicKeyStr rsaPub;
-NSSLOWKEYPublicKey *
+NSSLOWKEYPublicKey*
getDefaultRSAPublicKey(int keysize)
{
if (rsaPub.keyType != NSSLOWKEYRSAKey) {
- rsaPub.keyType = NSSLOWKEYRSAKey;
+ rsaPub.keyType = NSSLOWKEYRSAKey;
if (keysize == 2048) {
- rsaPub.u.rsa.modulus.data = default_n2048;
- rsaPub.u.rsa.modulus.len = sizeof default_n2048;
+ rsaPub.u.rsa.modulus.data = default_n2048;
+ rsaPub.u.rsa.modulus.len = sizeof default_n2048;
- rsaPub.u.rsa.publicExponent.data = default_e2048;
- rsaPub.u.rsa.publicExponent.len = sizeof default_e2048;
- } else {
- rsaPub.u.rsa.modulus.data = default_n1024;
- rsaPub.u.rsa.modulus.len = sizeof default_n1024;
+ rsaPub.u.rsa.publicExponent.data = default_e2048;
+ rsaPub.u.rsa.publicExponent.len = sizeof default_e2048;
+ } else {
+ rsaPub.u.rsa.modulus.data = default_n1024;
+ rsaPub.u.rsa.modulus.len = sizeof default_n1024;
- rsaPub.u.rsa.publicExponent.data = default_e1024;
- rsaPub.u.rsa.publicExponent.len = sizeof default_e1024;
- }
+ rsaPub.u.rsa.publicExponent.data = default_e1024;
+ rsaPub.u.rsa.publicExponent.len = sizeof default_e1024;
+ }
}
return &rsaPub;
}
diff --git a/cmd/rsaperf/rsaperf.c b/cmd/rsaperf/rsaperf.c
index 55503768f..556030f6a 100644
--- a/cmd/rsaperf/rsaperf.c
+++ b/cmd/rsaperf/rsaperf.c
@@ -12,18 +12,17 @@
#include "lowkeyi.h"
#include "pk11pub.h"
-
-#define DEFAULT_ITERS 10
-#define DEFAULT_DURATION 10
-#define DEFAULT_KEY_BITS 1024
-#define MIN_KEY_BITS 512
-#define MAX_KEY_BITS 65536
-#define BUFFER_BYTES MAX_KEY_BITS / 8
-#define DEFAULT_THREADS 1
-#define DEFAULT_EXPONENT 0x10001
-
-extern NSSLOWKEYPrivateKey * getDefaultRSAPrivateKey(void);
-extern NSSLOWKEYPublicKey * getDefaultRSAPublicKey(void);
+#define DEFAULT_ITERS 10
+#define DEFAULT_DURATION 10
+#define DEFAULT_KEY_BITS 1024
+#define MIN_KEY_BITS 512
+#define MAX_KEY_BITS 65536
+#define BUFFER_BYTES MAX_KEY_BITS / 8
+#define DEFAULT_THREADS 1
+#define DEFAULT_EXPONENT 0x10001
+
+extern NSSLOWKEYPrivateKey *getDefaultRSAPrivateKey(void);
+extern NSSLOWKEYPublicKey *getDefaultRSAPublicKey(void);
secuPWData pwData = { PW_NONE, NULL };
@@ -34,32 +33,40 @@ struct TimingContextStr {
PRTime end;
PRTime interval;
- long days;
- int hours;
- int minutes;
- int seconds;
- int millisecs;
+ long days;
+ int hours;
+ int minutes;
+ int seconds;
+ int millisecs;
};
-TimingContext *CreateTimingContext(void) {
+TimingContext *
+CreateTimingContext(void)
+{
return PORT_Alloc(sizeof(TimingContext));
}
-void DestroyTimingContext(TimingContext *ctx) {
+void
+DestroyTimingContext(TimingContext *ctx)
+{
PORT_Free(ctx);
}
-void TimingBegin(TimingContext *ctx, PRTime begin) {
+void
+TimingBegin(TimingContext *ctx, PRTime begin)
+{
ctx->start = begin;
}
-static void timingUpdate(TimingContext *ctx) {
+static void
+timingUpdate(TimingContext *ctx)
+{
PRInt64 tmp, remaining;
- PRInt64 L1000,L60,L24;
+ PRInt64 L1000, L60, L24;
- LL_I2L(L1000,1000);
- LL_I2L(L60,60);
- LL_I2L(L24,24);
+ LL_I2L(L1000, 1000);
+ LL_I2L(L60, 60);
+ LL_I2L(L24, 24);
LL_DIV(remaining, ctx->interval, L1000);
LL_MOD(tmp, remaining, L1000);
@@ -77,14 +84,18 @@ static void timingUpdate(TimingContext *ctx) {
LL_L2I(ctx->days, remaining);
}
-void TimingEnd(TimingContext *ctx, PRTime end) {
+void
+TimingEnd(TimingContext *ctx, PRTime end)
+{
ctx->end = end;
LL_SUB(ctx->interval, ctx->end, ctx->start);
PORT_Assert(LL_GE_ZERO(ctx->interval));
timingUpdate(ctx);
}
-void TimingDivide(TimingContext *ctx, int divisor) {
+void
+TimingDivide(TimingContext *ctx, int divisor)
+{
PRInt64 tmp;
LL_I2L(tmp, divisor);
@@ -93,33 +104,38 @@ void TimingDivide(TimingContext *ctx, int divisor) {
timingUpdate(ctx);
}
-char *TimingGenerateString(TimingContext *ctx) {
+char *
+TimingGenerateString(TimingContext *ctx)
+{
char *buf = NULL;
if (ctx->days != 0) {
- buf = PR_sprintf_append(buf, "%d days", ctx->days);
+ buf = PR_sprintf_append(buf, "%d days", ctx->days);
}
if (ctx->hours != 0) {
- if (buf != NULL) buf = PR_sprintf_append(buf, ", ");
- buf = PR_sprintf_append(buf, "%d hours", ctx->hours);
+ if (buf != NULL)
+ buf = PR_sprintf_append(buf, ", ");
+ buf = PR_sprintf_append(buf, "%d hours", ctx->hours);
}
if (ctx->minutes != 0) {
- if (buf != NULL) buf = PR_sprintf_append(buf, ", ");
- buf = PR_sprintf_append(buf, "%d minutes", ctx->minutes);
+ if (buf != NULL)
+ buf = PR_sprintf_append(buf, ", ");
+ buf = PR_sprintf_append(buf, "%d minutes", ctx->minutes);
}
- if (buf != NULL) buf = PR_sprintf_append(buf, ", and ");
+ if (buf != NULL)
+ buf = PR_sprintf_append(buf, ", and ");
if (!buf && ctx->seconds == 0) {
- int interval;
- LL_L2I(interval, ctx->interval);
- if (ctx->millisecs < 100)
- buf = PR_sprintf_append(buf, "%d microseconds", interval);
- else
- buf = PR_sprintf_append(buf, "%d milliseconds", ctx->millisecs);
+ int interval;
+ LL_L2I(interval, ctx->interval);
+ if (ctx->millisecs < 100)
+ buf = PR_sprintf_append(buf, "%d microseconds", interval);
+ else
+ buf = PR_sprintf_append(buf, "%d milliseconds", ctx->millisecs);
} else if (ctx->millisecs == 0) {
- buf = PR_sprintf_append(buf, "%d seconds", ctx->seconds);
+ buf = PR_sprintf_append(buf, "%d seconds", ctx->seconds);
} else {
- buf = PR_sprintf_append(buf, "%d.%03d seconds",
- ctx->seconds, ctx->millisecs);
+ buf = PR_sprintf_append(buf, "%d.%03d seconds",
+ ctx->seconds, ctx->millisecs);
}
return buf;
}
@@ -128,19 +144,20 @@ void
Usage(char *progName)
{
fprintf(stderr, "Usage: %s [-s | -e] [-i iterations | -p period] "
- "[-t threads]\n[-n none [-k keylength] [ [-g] -x exponent] |\n"
- " -n token:nickname [-d certdir] [-w password] |\n"
- " -h token [-d certdir] [-w password] [-g] [-k keylength] "
- "[-x exponent] [-f pwfile]\n",
- progName);
+ "[-t threads]\n[-n none [-k keylength] [ [-g] -x exponent] |\n"
+ " -n token:nickname [-d certdir] [-w password] |\n"
+ " -h token [-d certdir] [-w password] [-g] [-k keylength] "
+ "[-x exponent] [-f pwfile]\n",
+ progName);
fprintf(stderr, "%-20s Cert database directory (default is ~/.netscape)\n",
- "-d certdir");
+ "-d certdir");
fprintf(stderr, "%-20s How many operations to perform\n", "-i iterations");
fprintf(stderr, "%-20s How many seconds to run\n", "-p period");
fprintf(stderr, "%-20s Perform signing (private key) operations\n", "-s");
- fprintf(stderr, "%-20s Perform encryption (public key) operations\n","-e");
+ fprintf(stderr, "%-20s Perform encryption (public key) operations\n", "-e");
fprintf(stderr, "%-20s Nickname of certificate or key, prefixed "
- "by optional token name\n", "-n nickname");
+ "by optional token name\n",
+ "-n nickname");
fprintf(stderr, "%-20s PKCS#11 token to perform operation with.\n",
"-h token");
fprintf(stderr, "%-20s key size in bits, from %d to %d\n", "-k keylength",
@@ -155,7 +172,7 @@ Usage(char *progName)
}
static void
-dumpBytes( unsigned char * b, int l)
+dumpBytes(unsigned char *b, int l)
{
int i;
if (l <= 0)
@@ -172,54 +189,55 @@ dumpBytes( unsigned char * b, int l)
}
static void
-dumpItem( SECItem * item, const char * description)
+dumpItem(SECItem *item, const char *description)
{
if (item->len & 1 && item->data[0] == 0) {
- printf("%s: (%d bytes)\n", description, item->len - 1);
- dumpBytes(item->data + 1, item->len - 1);
+ printf("%s: (%d bytes)\n", description, item->len - 1);
+ dumpBytes(item->data + 1, item->len - 1);
} else {
- printf("%s: (%d bytes)\n", description, item->len);
- dumpBytes(item->data, item->len);
+ printf("%s: (%d bytes)\n", description, item->len);
+ dumpBytes(item->data, item->len);
}
}
void
-printPrivKey(NSSLOWKEYPrivateKey * privKey)
+printPrivKey(NSSLOWKEYPrivateKey *privKey)
{
RSAPrivateKey *rsa = &privKey->u.rsa;
- dumpItem( &rsa->modulus, "n");
- dumpItem( &rsa->publicExponent, "e");
- dumpItem( &rsa->privateExponent, "d");
- dumpItem( &rsa->prime1, "P");
- dumpItem( &rsa->prime2, "Q");
- dumpItem( &rsa->exponent1, "d % (P-1)");
- dumpItem( &rsa->exponent2, "d % (Q-1)");
- dumpItem( &rsa->coefficient, "(Q ** -1) % P");
+ dumpItem(&rsa->modulus, "n");
+ dumpItem(&rsa->publicExponent, "e");
+ dumpItem(&rsa->privateExponent, "d");
+ dumpItem(&rsa->prime1, "P");
+ dumpItem(&rsa->prime2, "Q");
+ dumpItem(&rsa->exponent1, "d % (P-1)");
+ dumpItem(&rsa->exponent2, "d % (Q-1)");
+ dumpItem(&rsa->coefficient, "(Q ** -1) % P");
puts("");
}
-typedef SECStatus (* RSAOp)(void * key,
- unsigned char * output,
- unsigned char * input);
+typedef SECStatus (*RSAOp)(void *key,
+ unsigned char *output,
+ unsigned char *input);
typedef struct {
- SECKEYPublicKey* pubKey;
- SECKEYPrivateKey* privKey;
+ SECKEYPublicKey *pubKey;
+ SECKEYPrivateKey *privKey;
} PK11Keys;
-
-SECStatus PK11_PublicKeyOp (SECKEYPublicKey* key,
- unsigned char * output,
- unsigned char * input)
+SECStatus
+PK11_PublicKeyOp(SECKEYPublicKey *key,
+ unsigned char *output,
+ unsigned char *input)
{
return PK11_PubEncryptRaw(key, output, input, key->u.rsa.modulus.len,
NULL);
}
-SECStatus PK11_PrivateKeyOp (PK11Keys* keys,
- unsigned char * output,
- unsigned char * input)
+SECStatus
+PK11_PrivateKeyOp(PK11Keys *keys,
+ unsigned char *output,
+ unsigned char *input)
{
unsigned outLen = 0;
return PK11_PrivDecryptRaw(keys->privKey,
@@ -230,21 +248,21 @@ SECStatus PK11_PrivateKeyOp (PK11Keys* keys,
typedef struct ThreadRunDataStr ThreadRunData;
struct ThreadRunDataStr {
- const PRBool *doIters;
- const void *rsaKey;
+ const PRBool *doIters;
+ const void *rsaKey;
const unsigned char *buf;
- RSAOp fn;
- int seconds;
- long iters;
- long iterRes;
- PRErrorCode errNum;
- SECStatus status;
+ RSAOp fn;
+ int seconds;
+ long iters;
+ long iterRes;
+ PRErrorCode errNum;
+ SECStatus status;
};
-
-void ThreadExecFunction(void *data)
+void
+ThreadExecFunction(void *data)
{
- ThreadRunData *tdata = (ThreadRunData*)data;
+ ThreadRunData *tdata = (ThreadRunData *)data;
unsigned char buf2[BUFFER_BYTES];
tdata->status = SECSuccess;
@@ -252,8 +270,8 @@ void ThreadExecFunction(void *data)
long i = tdata->iters;
tdata->iterRes = 0;
while (i--) {
- SECStatus rv = tdata->fn((void*)tdata->rsaKey, buf2,
- (unsigned char*)tdata->buf);
+ SECStatus rv = tdata->fn((void *)tdata->rsaKey, buf2,
+ (unsigned char *)tdata->buf);
if (rv != SECSuccess) {
tdata->errNum = PORT_GetError();
tdata->status = rv;
@@ -266,8 +284,8 @@ void ThreadExecFunction(void *data)
PRIntervalTime start = PR_IntervalNow();
tdata->iterRes = 0;
while (PR_IntervalNow() - start < total) {
- SECStatus rv = tdata->fn((void*)tdata->rsaKey, buf2,
- (unsigned char*)tdata->buf);
+ SECStatus rv = tdata->fn((void *)tdata->rsaKey, buf2,
+ (unsigned char *)tdata->buf);
if (rv != SECSuccess) {
tdata->errNum = PORT_GetError();
tdata->status = rv;
@@ -278,152 +296,154 @@ void ThreadExecFunction(void *data)
}
}
-#define INT_ARG(arg,def) atol(arg)>0?atol(arg):def
+#define INT_ARG(arg, def) atol(arg) > 0 ? atol(arg) : def
int
main(int argc, char **argv)
{
- TimingContext * timeCtx = NULL;
- SECKEYPublicKey * pubHighKey = NULL;
- SECKEYPrivateKey * privHighKey = NULL;
- NSSLOWKEYPrivateKey * privKey = NULL;
- NSSLOWKEYPublicKey * pubKey = NULL;
- CERTCertificate * cert = NULL;
- char * progName = NULL;
- char * secDir = NULL;
- char * nickname = NULL;
- char * slotname = NULL;
- long keybits = 0;
- RSAOp fn;
- void * rsaKey = NULL;
- PLOptState * optstate;
- PLOptStatus optstatus;
- long iters = DEFAULT_ITERS;
- int i;
- PRBool doPriv = PR_FALSE;
- PRBool doPub = PR_FALSE;
- int rv;
- unsigned char buf[BUFFER_BYTES];
- unsigned char buf2[BUFFER_BYTES];
- int seconds = DEFAULT_DURATION;
- PRBool doIters = PR_FALSE;
- PRBool doTime = PR_FALSE;
- PRBool useTokenKey = PR_FALSE; /* use PKCS#11 token
+ TimingContext *timeCtx = NULL;
+ SECKEYPublicKey *pubHighKey = NULL;
+ SECKEYPrivateKey *privHighKey = NULL;
+ NSSLOWKEYPrivateKey *privKey = NULL;
+ NSSLOWKEYPublicKey *pubKey = NULL;
+ CERTCertificate *cert = NULL;
+ char *progName = NULL;
+ char *secDir = NULL;
+ char *nickname = NULL;
+ char *slotname = NULL;
+ long keybits = 0;
+ RSAOp fn;
+ void *rsaKey = NULL;
+ PLOptState *optstate;
+ PLOptStatus optstatus;
+ long iters = DEFAULT_ITERS;
+ int i;
+ PRBool doPriv = PR_FALSE;
+ PRBool doPub = PR_FALSE;
+ int rv;
+ unsigned char buf[BUFFER_BYTES];
+ unsigned char buf2[BUFFER_BYTES];
+ int seconds = DEFAULT_DURATION;
+ PRBool doIters = PR_FALSE;
+ PRBool doTime = PR_FALSE;
+ PRBool useTokenKey = PR_FALSE; /* use PKCS#11 token
object key */
- PRBool useSessionKey = PR_FALSE; /* use PKCS#11 session
+ PRBool useSessionKey = PR_FALSE; /* use PKCS#11 session
object key */
- PRBool useBLKey = PR_FALSE; /* use freebl */
- PK11SlotInfo* slot = NULL; /* slot for session
+ PRBool useBLKey = PR_FALSE; /* use freebl */
+ PK11SlotInfo *slot = NULL; /* slot for session
object key operations */
- PRBool doKeyGen = PR_FALSE;
- int publicExponent = DEFAULT_EXPONENT;
+ PRBool doKeyGen = PR_FALSE;
+ int publicExponent = DEFAULT_EXPONENT;
PK11Keys keys;
int peCount = 0;
CK_BYTE pubEx[4];
SECItem pe;
- RSAPublicKey pubKeyStr;
- int threadNum = DEFAULT_THREADS;
- ThreadRunData ** runDataArr = NULL;
- PRThread ** threadsArr = NULL;
- int calcThreads = 0;
+ RSAPublicKey pubKeyStr;
+ int threadNum = DEFAULT_THREADS;
+ ThreadRunData **runDataArr = NULL;
+ PRThread **threadsArr = NULL;
+ int calcThreads = 0;
progName = strrchr(argv[0], '/');
if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
+ progName = strrchr(argv[0], '\\');
+ progName = progName ? progName + 1 : argv[0];
optstate = PL_CreateOptState(argc, argv, "d:ef:gh:i:k:n:p:st:w:x:");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- Usage(progName);
- break;
- case 'd':
- secDir = PORT_Strdup(optstate->value);
- break;
- case 'i':
- iters = INT_ARG(optstate->value, DEFAULT_ITERS);
- doIters = PR_TRUE;
- break;
- case 's':
- doPriv = PR_TRUE;
- break;
- case 'e':
- doPub = PR_TRUE;
- break;
- case 'g':
- doKeyGen = PR_TRUE;
- break;
- case 'n':
- nickname = PORT_Strdup(optstate->value);
- /* for compatibility, nickname of "none" means go to freebl */
- if (nickname && strcmp(nickname, "none")) {
- useTokenKey = PR_TRUE;
- } else {
- useBLKey = PR_TRUE;
- }
- break;
- case 'p':
- seconds = INT_ARG(optstate->value, DEFAULT_DURATION);
- doTime = PR_TRUE;
- break;
- case 'h':
- slotname = PORT_Strdup(optstate->value);
- useSessionKey = PR_TRUE;
- break;
- case 'k':
- keybits = INT_ARG(optstate->value, DEFAULT_KEY_BITS);
- break;
- case 'w':
- pwData.data = PORT_Strdup(optstate->value);;
- pwData.source = PW_PLAINTEXT;
- break;
- case 'f':
- pwData.data = PORT_Strdup(optstate->value);
- pwData.source = PW_FROMFILE;
- break;
- case 'x':
- /* -x public exponent (for RSA keygen) */
- publicExponent = INT_ARG(optstate->value, DEFAULT_EXPONENT);
- break;
- case 't':
- threadNum = INT_ARG(optstate->value, DEFAULT_THREADS);
- break;
- }
+ switch (optstate->option) {
+ case '?':
+ Usage(progName);
+ break;
+ case 'd':
+ secDir = PORT_Strdup(optstate->value);
+ break;
+ case 'i':
+ iters = INT_ARG(optstate->value, DEFAULT_ITERS);
+ doIters = PR_TRUE;
+ break;
+ case 's':
+ doPriv = PR_TRUE;
+ break;
+ case 'e':
+ doPub = PR_TRUE;
+ break;
+ case 'g':
+ doKeyGen = PR_TRUE;
+ break;
+ case 'n':
+ nickname = PORT_Strdup(optstate->value);
+ /* for compatibility, nickname of "none" means go to freebl */
+ if (nickname && strcmp(nickname, "none")) {
+ useTokenKey = PR_TRUE;
+ } else {
+ useBLKey = PR_TRUE;
+ }
+ break;
+ case 'p':
+ seconds = INT_ARG(optstate->value, DEFAULT_DURATION);
+ doTime = PR_TRUE;
+ break;
+ case 'h':
+ slotname = PORT_Strdup(optstate->value);
+ useSessionKey = PR_TRUE;
+ break;
+ case 'k':
+ keybits = INT_ARG(optstate->value, DEFAULT_KEY_BITS);
+ break;
+ case 'w':
+ pwData.data = PORT_Strdup(optstate->value);
+ ;
+ pwData.source = PW_PLAINTEXT;
+ break;
+ case 'f':
+ pwData.data = PORT_Strdup(optstate->value);
+ pwData.source = PW_FROMFILE;
+ break;
+ case 'x':
+ /* -x public exponent (for RSA keygen) */
+ publicExponent = INT_ARG(optstate->value, DEFAULT_EXPONENT);
+ break;
+ case 't':
+ threadNum = INT_ARG(optstate->value, DEFAULT_THREADS);
+ break;
+ }
}
if (optstatus == PL_OPT_BAD)
- Usage(progName);
+ Usage(progName);
if ((doPriv && doPub) || (doIters && doTime) ||
((useTokenKey + useSessionKey + useBLKey) != PR_TRUE) ||
(useTokenKey && keybits) || (useTokenKey && doKeyGen) ||
- (keybits && (keybits<MIN_KEY_BITS || keybits>MAX_KEY_BITS))) {
+ (keybits && (keybits < MIN_KEY_BITS || keybits > MAX_KEY_BITS))) {
Usage(progName);
}
- if (doIters && doTime) Usage(progName);
+ if (doIters && doTime)
+ Usage(progName);
if (!doTime) {
doIters = PR_TRUE;
}
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
PK11_SetPasswordFunc(SECU_GetModulePassword);
secDir = SECU_ConfigDirectory(secDir);
if (useTokenKey || useSessionKey) {
- rv = NSS_Init(secDir);
- if (rv != SECSuccess) {
- fprintf(stderr, "NSS_Init failed.\n");
- exit(1);
- }
+ rv = NSS_Init(secDir);
+ if (rv != SECSuccess) {
+ fprintf(stderr, "NSS_Init failed.\n");
+ exit(1);
+ }
} else {
- rv = NSS_NoDB_Init(NULL);
- if (rv != SECSuccess) {
- fprintf(stderr, "NSS_NoDB_Init failed.\n");
- exit(1);
- }
+ rv = NSS_NoDB_Init(NULL);
+ if (rv != SECSuccess) {
+ fprintf(stderr, "NSS_NoDB_Init failed.\n");
+ exit(1);
+ }
}
if (useTokenKey) {
@@ -444,8 +464,8 @@ main(int argc, char **argv)
if (doPub) {
/* do public key ops */
fn = (RSAOp)PK11_PublicKeyOp;
- rsaKey = (void *) pubHighKey;
-
+ rsaKey = (void *)pubHighKey;
+
kh = PK11_ImportPublicKey(cert->slot, pubHighKey, PR_FALSE);
if (CK_INVALID_HANDLE == kh) {
fprintf(stderr,
@@ -464,21 +484,21 @@ main(int argc, char **argv)
"Can't find private key by name \"%s\"\n", nickname);
exit(1);
}
-
+
SECKEY_CacheStaticFlags(privHighKey);
fn = (RSAOp)PK11_PrivateKeyOp;
keys.privKey = privHighKey;
keys.pubKey = pubHighKey;
- rsaKey = (void *) &keys;
+ rsaKey = (void *)&keys;
printf("Using PKCS#11 for RSA decryption with token %s.\n",
PK11_GetTokenName(privHighKey->pkcs11Slot));
- }
+ }
} else
- if (useSessionKey) {
+ if (useSessionKey) {
/* use PKCS#11 session key objects */
- PK11RSAGenParams rsaparams;
- void * params;
+ PK11RSAGenParams rsaparams;
+ void *params;
slot = PK11_FindSlotByName(slotname); /* locate target slot */
if (!slot) {
@@ -498,11 +518,11 @@ main(int argc, char **argv)
rsaparams.pe = publicExponent;
params = &rsaparams;
- fprintf(stderr,"\nGenerating RSA key. This may take a few moments.\n");
+ fprintf(stderr, "\nGenerating RSA key. This may take a few moments.\n");
privHighKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN,
params, &pubHighKey, PR_FALSE,
- PR_FALSE, (void*)&pwData);
+ PR_FALSE, (void *)&pwData);
if (!privHighKey) {
fprintf(stderr,
"Key generation failed in token \"%s\"\n",
@@ -511,22 +531,22 @@ main(int argc, char **argv)
}
SECKEY_CacheStaticFlags(privHighKey);
-
- fprintf(stderr,"Keygen completed.\n");
+
+ fprintf(stderr, "Keygen completed.\n");
if (doPub) {
/* do public key operations */
fn = (RSAOp)PK11_PublicKeyOp;
- rsaKey = (void *) pubHighKey;
+ rsaKey = (void *)pubHighKey;
} else {
/* do private key operations */
fn = (RSAOp)PK11_PrivateKeyOp;
keys.privKey = privHighKey;
keys.pubKey = pubHighKey;
- rsaKey = (void *) &keys;
- }
+ rsaKey = (void *)&keys;
+ }
} else
-
+
{
/* use freebl directly */
if (!keybits) {
@@ -539,13 +559,14 @@ main(int argc, char **argv)
}
printf("Using freebl with %ld bits key.\n", keybits);
if (doKeyGen) {
- fprintf(stderr,"\nGenerating RSA key. "
- "This may take a few moments.\n");
- for (i=0; i < 4; i++) {
+ fprintf(stderr, "\nGenerating RSA key. "
+ "This may take a few moments.\n");
+ for (i = 0; i < 4; i++) {
if (peCount || (publicExponent & ((unsigned long)0xff000000L >>
- (i*8)))) {
- pubEx[peCount] = (CK_BYTE)((publicExponent >>
- (3-i)*8) & 0xff);
+ (i * 8)))) {
+ pubEx[peCount] = (CK_BYTE)((publicExponent >>
+ (3 - i) * 8) &
+ 0xff);
peCount++;
}
}
@@ -554,7 +575,7 @@ main(int argc, char **argv)
pe.type = siBuffer;
rsaKey = RSA_NewKey(keybits, &pe);
- fprintf(stderr,"Keygen completed.\n");
+ fprintf(stderr, "Keygen completed.\n");
} else {
/* use a hardcoded key */
printf("Using hardcoded %ld bits key.\n", keybits);
@@ -571,9 +592,9 @@ main(int argc, char **argv)
if (rsaKey) {
/* convert the RSAPrivateKey to RSAPublicKey */
pubKeyStr.arena = NULL;
- pubKeyStr.modulus = ((RSAPrivateKey*)rsaKey)->modulus;
+ pubKeyStr.modulus = ((RSAPrivateKey *)rsaKey)->modulus;
pubKeyStr.publicExponent =
- ((RSAPrivateKey*)rsaKey)->publicExponent;
+ ((RSAPrivateKey *)rsaKey)->publicExponent;
rsaKey = &pubKeyStr;
} else {
/* convert NSSLOWKeyPublicKey to RSAPublicKey */
@@ -594,65 +615,64 @@ main(int argc, char **argv)
memset(buf, 1, sizeof buf);
rv = fn(rsaKey, buf2, buf);
if (rv != SECSuccess) {
- PRErrorCode errNum;
- const char * errStr = NULL;
-
- errNum = PORT_GetError();
- if (errNum)
- errStr = SECU_Strerror(errNum);
- else
- errNum = rv;
- if (!errStr)
- errStr = "(null)";
- fprintf(stderr, "Error in RSA operation: %d : %s\n", errNum, errStr);
- exit(1);
+ PRErrorCode errNum;
+ const char *errStr = NULL;
+
+ errNum = PORT_GetError();
+ if (errNum)
+ errStr = SECU_Strerror(errNum);
+ else
+ errNum = rv;
+ if (!errStr)
+ errStr = "(null)";
+ fprintf(stderr, "Error in RSA operation: %d : %s\n", errNum, errStr);
+ exit(1);
}
- threadsArr = (PRThread**)PORT_Alloc(threadNum*sizeof(PRThread*));
- runDataArr = (ThreadRunData**)PORT_Alloc(threadNum*sizeof(ThreadRunData*));
+ threadsArr = (PRThread **)PORT_Alloc(threadNum * sizeof(PRThread *));
+ runDataArr = (ThreadRunData **)PORT_Alloc(threadNum * sizeof(ThreadRunData *));
timeCtx = CreateTimingContext();
TimingBegin(timeCtx, PR_Now());
- for (i = 0;i < threadNum;i++) {
- runDataArr[i] = (ThreadRunData*)PORT_Alloc(sizeof(ThreadRunData));
+ for (i = 0; i < threadNum; i++) {
+ runDataArr[i] = (ThreadRunData *)PORT_Alloc(sizeof(ThreadRunData));
runDataArr[i]->fn = fn;
runDataArr[i]->buf = buf;
runDataArr[i]->doIters = &doIters;
runDataArr[i]->rsaKey = rsaKey;
runDataArr[i]->seconds = seconds;
runDataArr[i]->iters = iters;
- threadsArr[i] =
+ threadsArr[i] =
PR_CreateThread(PR_USER_THREAD,
- ThreadExecFunction,
- (void*) runDataArr[i],
- PR_PRIORITY_NORMAL,
- PR_GLOBAL_THREAD,
- PR_JOINABLE_THREAD,
- 0);
+ ThreadExecFunction,
+ (void *)runDataArr[i],
+ PR_PRIORITY_NORMAL,
+ PR_GLOBAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
}
iters = 0;
calcThreads = 0;
- for (i = 0;i < threadNum;i++, calcThreads++)
- {
+ for (i = 0; i < threadNum; i++, calcThreads++) {
PR_JoinThread(threadsArr[i]);
if (runDataArr[i]->status != SECSuccess) {
- const char * errStr = SECU_Strerror(runDataArr[i]->errNum);
+ const char *errStr = SECU_Strerror(runDataArr[i]->errNum);
fprintf(stderr, "Thread %d: Error in RSA operation: %d : %s\n",
i, runDataArr[i]->errNum, errStr);
calcThreads -= 1;
} else {
iters += runDataArr[i]->iterRes;
}
- PORT_Free((void*)runDataArr[i]);
+ PORT_Free((void *)runDataArr[i]);
}
PORT_Free(runDataArr);
PORT_Free(threadsArr);
TimingEnd(timeCtx, PR_Now());
-
+
printf("%ld iterations in %s\n",
- iters, TimingGenerateString(timeCtx));
- printf("%.2f operations/s .\n", ((double)(iters)*(double)1000000.0) /
- (double)timeCtx->interval );
+ iters, TimingGenerateString(timeCtx));
+ printf("%.2f operations/s .\n", ((double)(iters) * (double)1000000.0) /
+ (double)timeCtx->interval);
TimingDivide(timeCtx, iters);
printf("one operation every %s\n", TimingGenerateString(timeCtx));
@@ -661,7 +681,7 @@ main(int argc, char **argv)
}
if (privHighKey) {
- SECKEY_DestroyPrivateKey(privHighKey);
+ SECKEY_DestroyPrivateKey(privHighKey);
}
if (cert) {
diff --git a/cmd/rsapoptst/rsapoptst.c b/cmd/rsapoptst/rsapoptst.c
index 302c4e404..81ddcd6c4 100644
--- a/cmd/rsapoptst/rsapoptst.c
+++ b/cmd/rsapoptst/rsapoptst.c
@@ -11,40 +11,40 @@
#include "secmodt.h"
#include "pk11pub.h"
-
struct test_args {
char *arg;
- int mask_value;
+ int mask_value;
char *description;
};
static const struct test_args test_array[] = {
- {"all", 0x1f, "run all the tests" },
- {"e_n_p", 0x01, "public exponent, modulus, prime1"},
- {"d_n_q", 0x02, "private exponent, modulus, prime2"},
- {"d_p_q", 0x04, "private exponent, prime1, prime2"},
- {"e_d_q", 0x08, "public exponent, private exponent, prime2"},
- {"e_d_n", 0x10, "public exponent, private exponent, moduls"}
+ { "all", 0x1f, "run all the tests" },
+ { "e_n_p", 0x01, "public exponent, modulus, prime1" },
+ { "d_n_q", 0x02, "private exponent, modulus, prime2" },
+ { "d_p_q", 0x04, "private exponent, prime1, prime2" },
+ { "e_d_q", 0x08, "public exponent, private exponent, prime2" },
+ { "e_d_n", 0x10, "public exponent, private exponent, moduls" }
};
-static const int test_array_size =
- (sizeof(test_array)/sizeof(struct test_args));
+static const int test_array_size =
+ (sizeof(test_array) / sizeof(struct test_args));
-static void Usage(char *progName)
+static void
+Usage(char *progName)
{
int i;
#define PRINTUSAGE(subject, option, predicate) \
fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate);
fprintf(stderr, "%s [-k keysize] [-e exp] [-r rounds] [-t tests]\n "
- "Test creating RSA private keys from Partial components\n",
- progName);
+ "Test creating RSA private keys from Partial components\n",
+ progName);
PRINTUSAGE("", "-k", "key size (in bit)");
PRINTUSAGE("", "-e", "rsa public exponent");
PRINTUSAGE("", "-r", "number times to repeat the test");
PRINTUSAGE("", "-t", "run the specified tests");
- for (i=0; i < test_array_size; i++) {
- PRINTUSAGE("", test_array[i].arg, test_array[i].description);
+ for (i = 0; i < test_array_size; i++) {
+ PRINTUSAGE("", test_array[i].arg, test_array[i].description);
}
- fprintf(stderr,"\n");
+ fprintf(stderr, "\n");
}
/*
@@ -53,47 +53,47 @@ static void Usage(char *progName)
*/
const static CK_ATTRIBUTE rsaTemplate[] = {
- {CKA_CLASS, NULL, 0 },
- {CKA_KEY_TYPE, NULL, 0 },
- {CKA_TOKEN, NULL, 0 },
- {CKA_SENSITIVE, NULL, 0 },
- {CKA_PRIVATE, NULL, 0 },
- {CKA_MODULUS, NULL, 0 },
- {CKA_PUBLIC_EXPONENT, NULL, 0 },
- {CKA_PRIVATE_EXPONENT, NULL, 0 },
- {CKA_PRIME_1, NULL, 0 },
- {CKA_PRIME_2, NULL, 0 },
- {CKA_EXPONENT_1, NULL, 0 },
- {CKA_EXPONENT_2, NULL, 0 },
- {CKA_COEFFICIENT, NULL, 0 },
+ { CKA_CLASS, NULL, 0 },
+ { CKA_KEY_TYPE, NULL, 0 },
+ { CKA_TOKEN, NULL, 0 },
+ { CKA_SENSITIVE, NULL, 0 },
+ { CKA_PRIVATE, NULL, 0 },
+ { CKA_MODULUS, NULL, 0 },
+ { CKA_PUBLIC_EXPONENT, NULL, 0 },
+ { CKA_PRIVATE_EXPONENT, NULL, 0 },
+ { CKA_PRIME_1, NULL, 0 },
+ { CKA_PRIME_2, NULL, 0 },
+ { CKA_EXPONENT_1, NULL, 0 },
+ { CKA_EXPONENT_2, NULL, 0 },
+ { CKA_COEFFICIENT, NULL, 0 },
};
#define RSA_SIZE (sizeof(rsaTemplate))
-#define RSA_ATTRIBUTES (sizeof(rsaTemplate)/sizeof(CK_ATTRIBUTE))
+#define RSA_ATTRIBUTES (sizeof(rsaTemplate) / sizeof(CK_ATTRIBUTE))
static void
resetTemplate(CK_ATTRIBUTE *attribute, int start, int end)
{
int i;
- for (i=start; i < end; i++) {
- if (attribute[i].pValue) {
- PORT_Free(attribute[i].pValue);
- }
- attribute[i].pValue = NULL;
- attribute[i].ulValueLen = 0;
+ for (i = start; i < end; i++) {
+ if (attribute[i].pValue) {
+ PORT_Free(attribute[i].pValue);
+ }
+ attribute[i].pValue = NULL;
+ attribute[i].ulValueLen = 0;
}
}
static SECStatus
-copyAttribute(PK11ObjectType objType, void *object, CK_ATTRIBUTE *template,
- int offset, CK_ATTRIBUTE_TYPE attrType)
+copyAttribute(PK11ObjectType objType, void *object, CK_ATTRIBUTE *template,
+ int offset, CK_ATTRIBUTE_TYPE attrType)
{
- SECItem attributeItem = {0, 0, 0};
+ SECItem attributeItem = { 0, 0, 0 };
SECStatus rv;
rv = PK11_ReadRawAttribute(objType, object, attrType, &attributeItem);
if (rv != SECSuccess) {
- return rv;
+ return rv;
}
template[offset].type = attrType;
template[offset].pValue = attributeItem.data;
@@ -103,16 +103,16 @@ copyAttribute(PK11ObjectType objType, void *object, CK_ATTRIBUTE *template,
static SECStatus
readKey(PK11ObjectType objType, void *object, CK_ATTRIBUTE *template,
- int start, int end)
+ int start, int end)
{
int i;
SECStatus rv;
- for (i=start; i < end; i++) {
- rv = copyAttribute(objType, object, template, i, template[i].type);
- if (rv != SECSuccess) {
- goto fail;
- }
+ for (i = start; i < end; i++) {
+ rv = copyAttribute(objType, object, template, i, template[i].type);
+ if (rv != SECSuccess) {
+ goto fail;
+ }
}
return SECSuccess;
@@ -126,43 +126,48 @@ fail:
void
dumpTemplate(CK_ATTRIBUTE *template, int start, int end)
{
- int i,j;
- for (i=0; i < end; i++) {
- unsigned char cval;
- CK_ULONG ulval;
- unsigned char *cpval;
-
- fprintf(stderr, "%s:", ATTR_STRING(template[i].type));
- switch (template[i].ulValueLen) {
- case 1:
- cval =*(unsigned char *)template[i].pValue;
- switch(cval) {
- case 0: fprintf(stderr, " false"); break;
- case 1: fprintf(stderr, " true"); break;
- default:
- fprintf(stderr, " %d (=0x%02x,'%c')",cval,cval,cval);
- break;
- }
- break;
- case sizeof(CK_ULONG):
- ulval = *(CK_ULONG *)template[i].pValue;
- fprintf(stderr," %ld (=0x%04lx)", ulval, ulval);
- break;
- default:
- cpval = (unsigned char *)template[i].pValue;
- for (j=0; j < template[i].ulValueLen; j++) {
- if ((j % 16) == 0) fprintf(stderr, "\n ");
- fprintf(stderr," %02x",cpval[j]);
- }
- break;
- }
- fprintf(stderr,"\n");
+ int i, j;
+ for (i = 0; i < end; i++) {
+ unsigned char cval;
+ CK_ULONG ulval;
+ unsigned char *cpval;
+
+ fprintf(stderr, "%s:", ATTR_STRING(template[i].type));
+ switch (template[i].ulValueLen) {
+ case 1:
+ cval = *(unsigned char *)template[i].pValue;
+ switch (cval) {
+ case 0:
+ fprintf(stderr, " false");
+ break;
+ case 1:
+ fprintf(stderr, " true");
+ break;
+ default:
+ fprintf(stderr, " %d (=0x%02x,'%c')", cval, cval, cval);
+ break;
+ }
+ break;
+ case sizeof(CK_ULONG):
+ ulval = *(CK_ULONG *)template[i].pValue;
+ fprintf(stderr, " %ld (=0x%04lx)", ulval, ulval);
+ break;
+ default:
+ cpval = (unsigned char *)template[i].pValue;
+ for (j = 0; j < template[i].ulValueLen; j++) {
+ if ((j % 16) == 0)
+ fprintf(stderr, "\n ");
+ fprintf(stderr, " %02x", cpval[j]);
+ }
+ break;
+ }
+ fprintf(stderr, "\n");
}
}
PRBool
-rsaKeysAreEqual(PK11ObjectType srcType, void *src,
- PK11ObjectType destType, void *dest)
+rsaKeysAreEqual(PK11ObjectType srcType, void *src,
+ PK11ObjectType destType, void *dest)
{
CK_ATTRIBUTE srcTemplate[RSA_ATTRIBUTES];
@@ -176,41 +181,41 @@ rsaKeysAreEqual(PK11ObjectType srcType, void *src,
rv = readKey(srcType, src, srcTemplate, 0, RSA_ATTRIBUTES);
if (rv != SECSuccess) {
- printf("Could read source key\n");
- return PR_FALSE;
+ printf("Could read source key\n");
+ return PR_FALSE;
}
readKey(destType, dest, destTemplate, 0, RSA_ATTRIBUTES);
if (rv != SECSuccess) {
- printf("Could read dest key\n");
- return PR_FALSE;
+ printf("Could read dest key\n");
+ return PR_FALSE;
}
- for (i=0; i < RSA_ATTRIBUTES; i++) {
- if (srcTemplate[i].ulValueLen != destTemplate[i].ulValueLen) {
- printf("key->%s not equal src_len = %ld, dest_len=%ld\n",
- ATTR_STRING(srcTemplate[i].type),
- srcTemplate[i].ulValueLen, destTemplate[i].ulValueLen);
- areEqual = 0;
- } else if (memcmp(srcTemplate[i].pValue, destTemplate[i].pValue,
- destTemplate[i].ulValueLen) != 0) {
- printf("key->%s not equal.\n", ATTR_STRING(srcTemplate[i].type));
- areEqual = 0;
- }
+ for (i = 0; i < RSA_ATTRIBUTES; i++) {
+ if (srcTemplate[i].ulValueLen != destTemplate[i].ulValueLen) {
+ printf("key->%s not equal src_len = %ld, dest_len=%ld\n",
+ ATTR_STRING(srcTemplate[i].type),
+ srcTemplate[i].ulValueLen, destTemplate[i].ulValueLen);
+ areEqual = 0;
+ } else if (memcmp(srcTemplate[i].pValue, destTemplate[i].pValue,
+ destTemplate[i].ulValueLen) != 0) {
+ printf("key->%s not equal.\n", ATTR_STRING(srcTemplate[i].type));
+ areEqual = 0;
+ }
}
if (!areEqual) {
- fprintf(stderr, "original key:\n");
- dumpTemplate(srcTemplate,0, RSA_ATTRIBUTES);
- fprintf(stderr, "created key:\n");
- dumpTemplate(destTemplate,0, RSA_ATTRIBUTES);
+ fprintf(stderr, "original key:\n");
+ dumpTemplate(srcTemplate, 0, RSA_ATTRIBUTES);
+ fprintf(stderr, "created key:\n");
+ dumpTemplate(destTemplate, 0, RSA_ATTRIBUTES);
}
return areEqual;
}
static int exp_exp_prime_fail_count = 0;
-
-static int
-doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
- int mask, void *pwarg)
+
+static int
+doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
+ int mask, void *pwarg)
{
SECKEYPrivateKey *rsaPrivKey;
SECKEYPublicKey *rsaPubKey;
@@ -229,17 +234,17 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
slot = PK11_GetInternalSlot();
if (slot == NULL) {
- fprintf(stderr, "Couldn't get the internal slot for the test \n");
- return -1;
+ fprintf(stderr, "Couldn't get the internal slot for the test \n");
+ return -1;
}
- rsaPrivKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN,
- &rsaParams, &rsaPubKey, PR_FALSE,
- PR_FALSE, pwarg);
+ rsaPrivKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN,
+ &rsaParams, &rsaPubKey, PR_FALSE,
+ PR_FALSE, pwarg);
if (rsaPrivKey == NULL) {
- fprintf(stderr, "RSA Key Gen failed");
- PK11_FreeSlot(slot);
- return -1;
+ fprintf(stderr, "RSA Key Gen failed");
+ PK11_FreeSlot(slot);
+ return -1;
}
memcpy(tstTemplate, rsaTemplate, RSA_SIZE);
@@ -257,132 +262,146 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
tstHeaderCount = 5;
if (mask & 1) {
- printf("%s\n",test_array[1].description);
- resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount, CKA_PUBLIC_EXPONENT);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount+1, CKA_MODULUS);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount+2, CKA_PRIME_1);
-
- tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
- tstHeaderCount+3, PR_FALSE);
- if (tstPrivKey == NULL) {
- fprintf(stderr, "RSA Populate failed: pubExp mod p\n");
- failed = 1;
- } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
- PK11_TypeGeneric, tstPrivKey)) {
- fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n");
- failed = 1;
- }
- if (tstPrivKey) PK11_DestroyGenericObject(tstPrivKey);
+ printf("%s\n", test_array[1].description);
+ resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount, CKA_PUBLIC_EXPONENT);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount + 1, CKA_MODULUS);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount + 2, CKA_PRIME_1);
+
+ tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+ tstHeaderCount +
+ 3,
+ PR_FALSE);
+ if (tstPrivKey == NULL) {
+ fprintf(stderr, "RSA Populate failed: pubExp mod p\n");
+ failed = 1;
+ } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
+ PK11_TypeGeneric, tstPrivKey)) {
+ fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n");
+ failed = 1;
+ }
+ if (tstPrivKey)
+ PK11_DestroyGenericObject(tstPrivKey);
}
if (mask & 2) {
- printf("%s\n",test_array[2].description);
- /* test the basic2 case, public exponent, modulus, prime2 */
- resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount, CKA_PUBLIC_EXPONENT);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount+1, CKA_MODULUS);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount+2, CKA_PRIME_2);
- /* test with q in the prime1 position */
- tstTemplate[tstHeaderCount+2].type = CKA_PRIME_1;
-
- tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
- tstHeaderCount+3, PR_FALSE);
- if (tstPrivKey == NULL) {
- fprintf(stderr, "RSA Populate failed: pubExp mod q\n");
- failed = 1;
- } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
- PK11_TypeGeneric, tstPrivKey)) {
- fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n");
- failed = 1;
- }
- if (tstPrivKey) PK11_DestroyGenericObject(tstPrivKey);
+ printf("%s\n", test_array[2].description);
+ /* test the basic2 case, public exponent, modulus, prime2 */
+ resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount, CKA_PUBLIC_EXPONENT);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount + 1, CKA_MODULUS);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount + 2, CKA_PRIME_2);
+ /* test with q in the prime1 position */
+ tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1;
+
+ tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+ tstHeaderCount +
+ 3,
+ PR_FALSE);
+ if (tstPrivKey == NULL) {
+ fprintf(stderr, "RSA Populate failed: pubExp mod q\n");
+ failed = 1;
+ } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
+ PK11_TypeGeneric, tstPrivKey)) {
+ fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n");
+ failed = 1;
+ }
+ if (tstPrivKey)
+ PK11_DestroyGenericObject(tstPrivKey);
}
if (mask & 4) {
- printf("%s\n",test_array[3].description);
- /* test the medium case, private exponent, prime1, prime2 */
- resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
-
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount, CKA_PRIVATE_EXPONENT);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount+1, CKA_PRIME_1);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount+2, CKA_PRIME_2);
- /* test with p & q swapped. Underlying code should swap these back */
- tstTemplate[tstHeaderCount+2].type = CKA_PRIME_1;
- tstTemplate[tstHeaderCount+1].type = CKA_PRIME_2;
-
- tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
- tstHeaderCount+3, PR_FALSE);
- if (tstPrivKey == NULL) {
- fprintf(stderr, "RSA Populate failed: privExp p q\n");
- failed = 1;
- } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
- PK11_TypeGeneric, tstPrivKey)) {
- fprintf(stderr, "RSA Populate key mismatch: privExp p q\n");
- failed = 1;
- }
- if (tstPrivKey) PK11_DestroyGenericObject(tstPrivKey);
+ printf("%s\n", test_array[3].description);
+ /* test the medium case, private exponent, prime1, prime2 */
+ resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
+
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount, CKA_PRIVATE_EXPONENT);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount + 1, CKA_PRIME_1);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount + 2, CKA_PRIME_2);
+ /* test with p & q swapped. Underlying code should swap these back */
+ tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1;
+ tstTemplate[tstHeaderCount + 1].type = CKA_PRIME_2;
+
+ tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+ tstHeaderCount +
+ 3,
+ PR_FALSE);
+ if (tstPrivKey == NULL) {
+ fprintf(stderr, "RSA Populate failed: privExp p q\n");
+ failed = 1;
+ } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
+ PK11_TypeGeneric, tstPrivKey)) {
+ fprintf(stderr, "RSA Populate key mismatch: privExp p q\n");
+ failed = 1;
+ }
+ if (tstPrivKey)
+ PK11_DestroyGenericObject(tstPrivKey);
}
if (mask & 8) {
- printf("%s\n",test_array[4].description);
- /* test the advanced case, public exponent, private exponent, prime2 */
- resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount, CKA_PRIVATE_EXPONENT);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount+1, CKA_PUBLIC_EXPONENT);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount+2, CKA_PRIME_2);
-
- tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
- tstHeaderCount+3, PR_FALSE);
- if (tstPrivKey == NULL) {
- fprintf(stderr, "RSA Populate failed: pubExp privExp q\n");
- fprintf(stderr, " this is expected periodically. It means we\n");
- fprintf(stderr, " had more than one key that meets the "
- "specification\n");
- exp_exp_prime_fail_count++;
- } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
- PK11_TypeGeneric, tstPrivKey)) {
- fprintf(stderr, "RSA Populate key mismatch: pubExp privExp q\n");
- failed = 1;
- }
- if (tstPrivKey) PK11_DestroyGenericObject(tstPrivKey);
+ printf("%s\n", test_array[4].description);
+ /* test the advanced case, public exponent, private exponent, prime2 */
+ resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount, CKA_PRIVATE_EXPONENT);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount + 1, CKA_PUBLIC_EXPONENT);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount + 2, CKA_PRIME_2);
+
+ tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+ tstHeaderCount +
+ 3,
+ PR_FALSE);
+ if (tstPrivKey == NULL) {
+ fprintf(stderr, "RSA Populate failed: pubExp privExp q\n");
+ fprintf(stderr, " this is expected periodically. It means we\n");
+ fprintf(stderr, " had more than one key that meets the "
+ "specification\n");
+ exp_exp_prime_fail_count++;
+ } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
+ PK11_TypeGeneric, tstPrivKey)) {
+ fprintf(stderr, "RSA Populate key mismatch: pubExp privExp q\n");
+ failed = 1;
+ }
+ if (tstPrivKey)
+ PK11_DestroyGenericObject(tstPrivKey);
}
if (mask & 16) {
- printf("%s\n",test_array[5].description);
- /* test the advanced case2, public exponent, private exponent, modulus
- */
- resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
-
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount, CKA_PRIVATE_EXPONENT);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount+1, CKA_PUBLIC_EXPONENT);
- copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
- tstHeaderCount+2, CKA_MODULUS);
-
- tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
- tstHeaderCount+3, PR_FALSE);
- if (tstPrivKey == NULL) {
- fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n");
- failed = 1;
- } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
- PK11_TypeGeneric, tstPrivKey)) {
- fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n");
- failed = 1;
- }
- if (tstPrivKey) PK11_DestroyGenericObject(tstPrivKey);
+ printf("%s\n", test_array[5].description);
+ /* test the advanced case2, public exponent, private exponent, modulus
+ */
+ resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
+
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount, CKA_PRIVATE_EXPONENT);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount + 1, CKA_PUBLIC_EXPONENT);
+ copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+ tstHeaderCount + 2, CKA_MODULUS);
+
+ tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+ tstHeaderCount +
+ 3,
+ PR_FALSE);
+ if (tstPrivKey == NULL) {
+ fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n");
+ failed = 1;
+ } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
+ PK11_TypeGeneric, tstPrivKey)) {
+ fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n");
+ failed = 1;
+ }
+ if (tstPrivKey)
+ PK11_DestroyGenericObject(tstPrivKey);
}
-
PK11_FreeSlot(slot);
return failed ? -1 : 0;
}
@@ -396,49 +415,50 @@ enum {
};
static secuCommandFlag populate_options[] =
-{
- { /* opt_Exponent */ 'e', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeySize */ 'k', PR_TRUE, 0, PR_FALSE },
- { /* opt_Repeat */ 'r', PR_TRUE, 0, PR_FALSE },
- { /* opt_Tests */ 't', PR_TRUE, 0, PR_FALSE },
-};
+ {
+ { /* opt_Exponent */ 'e', PR_TRUE, 0, PR_FALSE },
+ { /* opt_KeySize */ 'k', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Repeat */ 'r', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Tests */ 't', PR_TRUE, 0, PR_FALSE },
+ };
int
is_delimiter(char c)
{
- if ((c=='+') || (c==',') || (c=='|')) {
- return 1;
+ if ((c == '+') || (c == ',') || (c == '|')) {
+ return 1;
}
return 0;
}
-int
+int
parse_tests(char *test_string)
{
int mask = 0;
int i;
while (*test_string) {
- if (is_delimiter(*test_string)) {
- test_string++;
- }
- for (i=0; i < test_array_size; i++) {
- char *arg = test_array[i].arg;
- int len = strlen(arg);
- if (strncmp(test_string,arg,len) == 0) {
- test_string += len;
- mask |= test_array[i].mask_value;
- break;
- }
- }
- if (i == test_array_size) {
- break;
- }
+ if (is_delimiter(*test_string)) {
+ test_string++;
+ }
+ for (i = 0; i < test_array_size; i++) {
+ char *arg = test_array[i].arg;
+ int len = strlen(arg);
+ if (strncmp(test_string, arg, len) == 0) {
+ test_string += len;
+ mask |= test_array[i].mask_value;
+ break;
+ }
+ }
+ if (i == test_array_size) {
+ break;
+ }
}
return mask;
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
unsigned int keySize = 1024;
unsigned long exponent = 65537;
@@ -449,68 +469,67 @@ int main(int argc, char **argv)
int mask = 0xff;
populateArgs.numCommands = 0;
- populateArgs.numOptions = sizeof(populate_options) /
- sizeof(secuCommandFlag);
+ populateArgs.numOptions = sizeof(populate_options) /
+ sizeof(secuCommandFlag);
populateArgs.commands = NULL;
populateArgs.options = populate_options;
progName = strrchr(argv[0], '/');
- if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
+ if (!progName)
+ progName = strrchr(argv[0], '\\');
+ progName = progName ? progName + 1 : argv[0];
rv = NSS_NoDB_Init(NULL);
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- return -1;
+ SECU_PrintPRandOSError(progName);
+ return -1;
}
rv = SECU_ParseCommandLine(argc, argv, progName, &populateArgs);
if (rv == SECFailure) {
fprintf(stderr, "%s: command line parsing error!\n", progName);
Usage(progName);
- return -1;
+ return -1;
}
rv = SECFailure;
-
if (populateArgs.options[opt_KeySize].activated) {
- keySize = PORT_Atoi(populateArgs.options[opt_KeySize].arg);
+ keySize = PORT_Atoi(populateArgs.options[opt_KeySize].arg);
}
if (populateArgs.options[opt_Repeat].activated) {
- repeat = PORT_Atoi(populateArgs.options[opt_Repeat].arg);
+ repeat = PORT_Atoi(populateArgs.options[opt_Repeat].arg);
}
if (populateArgs.options[opt_Exponent].activated) {
- exponent = PORT_Atoi(populateArgs.options[opt_Exponent].arg);
+ exponent = PORT_Atoi(populateArgs.options[opt_Exponent].arg);
}
if (populateArgs.options[opt_Tests].activated) {
- char * test_string = populateArgs.options[opt_Tests].arg;
- mask = PORT_Atoi(test_string);
- if (mask == 0) {
- mask = parse_tests(test_string);
- }
- if (mask == 0) {
- Usage(progName);
- return -1;
- }
+ char *test_string = populateArgs.options[opt_Tests].arg;
+ mask = PORT_Atoi(test_string);
+ if (mask == 0) {
+ mask = parse_tests(test_string);
+ }
+ if (mask == 0) {
+ Usage(progName);
+ return -1;
+ }
}
exp_exp_prime_fail_count = 0;
- for (i=0; i < repeat; i++) {
- printf("Running RSA Populate test run %d\n",i);
- ret = doRSAPopulateTest(keySize, exponent, mask, NULL);
- if (ret != 0) {
- i++;
- break;
- }
+ for (i = 0; i < repeat; i++) {
+ printf("Running RSA Populate test run %d\n", i);
+ ret = doRSAPopulateTest(keySize, exponent, mask, NULL);
+ if (ret != 0) {
+ i++;
+ break;
+ }
}
if (ret != 0) {
- fprintf(stderr,"RSA Populate test round %d: FAILED\n",i);
+ fprintf(stderr, "RSA Populate test round %d: FAILED\n", i);
}
if (repeat > 1) {
- printf(" pub priv prime test: %d failures out of %d runs (%f %%)\n",
- exp_exp_prime_fail_count, i,
- (((double)exp_exp_prime_fail_count) * 100.0)/(double) i);
+ printf(" pub priv prime test: %d failures out of %d runs (%f %%)\n",
+ exp_exp_prime_fail_count, i,
+ (((double)exp_exp_prime_fail_count) * 100.0) / (double)i);
}
return ret;
}
diff --git a/cmd/sdrtest/sdrtest.c b/cmd/sdrtest/sdrtest.c
index ba6350624..651c63b24 100644
--- a/cmd/sdrtest/sdrtest.c
+++ b/cmd/sdrtest/sdrtest.c
@@ -21,217 +21,222 @@
static const char default_value[] = { DEFAULT_VALUE };
PRFileDesc *pr_stderr;
-PRBool verbose = PR_FALSE;
+PRBool verbose = PR_FALSE;
static void
-synopsis (char *program_name)
+synopsis(char *program_name)
{
- PR_fprintf (pr_stderr,
-"Usage: %s [<common>] -i <input-file>\n"
-" %s [<common>] -o <output-file>\n"
-" <common> [-d dir] [-v] [-t text] [-a] [-f pwfile | -p pwd]\n",
- program_name, program_name);
+ PR_fprintf(pr_stderr,
+ "Usage: %s [<common>] -i <input-file>\n"
+ " %s [<common>] -o <output-file>\n"
+ " <common> [-d dir] [-v] [-t text] [-a] [-f pwfile | -p pwd]\n",
+ program_name, program_name);
}
static void
-short_usage (char *program_name)
+short_usage(char *program_name)
{
- PR_fprintf (pr_stderr,
- "Type %s -H for more detailed descriptions\n",
- program_name);
- synopsis (program_name);
+ PR_fprintf(pr_stderr,
+ "Type %s -H for more detailed descriptions\n",
+ program_name);
+ synopsis(program_name);
}
-
static void
-long_usage (char *program_name)
+long_usage(char *program_name)
{
- synopsis (program_name);
- PR_fprintf (pr_stderr, "\nSecret Decoder Test:\n");
- PR_fprintf (pr_stderr,
- " %-13s Read encrypted data from \"file\"\n",
- "-i file");
- PR_fprintf (pr_stderr,
- " %-13s Write newly generated encrypted data to \"file\"\n",
- "-o file");
- PR_fprintf (pr_stderr,
- " %-13s Use \"text\" as the plaintext for encryption and verification\n",
- "-t text");
- PR_fprintf (pr_stderr,
- " %-13s Find security databases in \"dbdir\"\n",
- "-d dbdir");
- PR_fprintf (pr_stderr,
- " %-13s read the password from \"pwfile\"\n",
- "-f pwfile");
- PR_fprintf (pr_stderr,
- " %-13s supply \"password\" on the command line\n",
- "-p password");
+ synopsis(program_name);
+ PR_fprintf(pr_stderr, "\nSecret Decoder Test:\n");
+ PR_fprintf(pr_stderr,
+ " %-13s Read encrypted data from \"file\"\n",
+ "-i file");
+ PR_fprintf(pr_stderr,
+ " %-13s Write newly generated encrypted data to \"file\"\n",
+ "-o file");
+ PR_fprintf(pr_stderr,
+ " %-13s Use \"text\" as the plaintext for encryption and verification\n",
+ "-t text");
+ PR_fprintf(pr_stderr,
+ " %-13s Find security databases in \"dbdir\"\n",
+ "-d dbdir");
+ PR_fprintf(pr_stderr,
+ " %-13s read the password from \"pwfile\"\n",
+ "-f pwfile");
+ PR_fprintf(pr_stderr,
+ " %-13s supply \"password\" on the command line\n",
+ "-p password");
}
-int
-readStdin(SECItem * result)
+int
+readStdin(SECItem *result)
{
- unsigned int bufsize = 0;
- int cc;
- unsigned int wanted = 8192U;
-
- result->len = 0;
- result->data = NULL;
- do {
- if (bufsize < wanted) {
- unsigned char * tmpData = (unsigned char *)PR_Realloc(result->data, wanted);
- if (!tmpData) {
- if (verbose) PR_fprintf(pr_stderr, "Allocation of buffer failed\n");
- return -1;
- }
- result->data = tmpData;
- bufsize = wanted;
- }
- cc = PR_Read(PR_STDIN, result->data + result->len, bufsize - result->len);
- if (cc > 0) {
- result->len += (unsigned)cc;
- if (result->len >= wanted)
- wanted *= 2;
- }
- } while (cc > 0);
- return cc;
+ unsigned int bufsize = 0;
+ int cc;
+ unsigned int wanted = 8192U;
+
+ result->len = 0;
+ result->data = NULL;
+ do {
+ if (bufsize < wanted) {
+ unsigned char *tmpData = (unsigned char *)PR_Realloc(result->data, wanted);
+ if (!tmpData) {
+ if (verbose)
+ PR_fprintf(pr_stderr, "Allocation of buffer failed\n");
+ return -1;
+ }
+ result->data = tmpData;
+ bufsize = wanted;
+ }
+ cc = PR_Read(PR_STDIN, result->data + result->len, bufsize - result->len);
+ if (cc > 0) {
+ result->len += (unsigned)cc;
+ if (result->len >= wanted)
+ wanted *= 2;
+ }
+ } while (cc > 0);
+ return cc;
}
int
-readInputFile(const char * filename, SECItem * result)
+readInputFile(const char *filename, SECItem *result)
{
- PRFileDesc *file /* = PR_OpenFile(input_file, 0) */;
- PRFileInfo info;
- PRStatus s;
- PRInt32 count;
- int retval = -1;
-
- file = PR_Open(filename, PR_RDONLY, 0);
- if (!file) {
- if (verbose) PR_fprintf(pr_stderr, "Open of file %s failed\n", filename);
- goto loser;
- }
-
- s = PR_GetOpenFileInfo(file, &info);
- if (s != PR_SUCCESS) {
- if (verbose) PR_fprintf(pr_stderr, "File info operation failed\n");
- goto file_loser;
- }
-
- result->len = info.size;
- result->data = (unsigned char *)PR_Malloc(result->len);
- if (!result->data) {
- if (verbose) PR_fprintf(pr_stderr, "Allocation of buffer failed\n");
- goto file_loser;
- }
-
- count = PR_Read(file, result->data, result->len);
- if (count != result->len) {
- if (verbose) PR_fprintf(pr_stderr, "Read failed\n");
- goto file_loser;
- }
- retval = 0;
+ PRFileDesc *file /* = PR_OpenFile(input_file, 0) */;
+ PRFileInfo info;
+ PRStatus s;
+ PRInt32 count;
+ int retval = -1;
+
+ file = PR_Open(filename, PR_RDONLY, 0);
+ if (!file) {
+ if (verbose)
+ PR_fprintf(pr_stderr, "Open of file %s failed\n", filename);
+ goto loser;
+ }
+
+ s = PR_GetOpenFileInfo(file, &info);
+ if (s != PR_SUCCESS) {
+ if (verbose)
+ PR_fprintf(pr_stderr, "File info operation failed\n");
+ goto file_loser;
+ }
+
+ result->len = info.size;
+ result->data = (unsigned char *)PR_Malloc(result->len);
+ if (!result->data) {
+ if (verbose)
+ PR_fprintf(pr_stderr, "Allocation of buffer failed\n");
+ goto file_loser;
+ }
+
+ count = PR_Read(file, result->data, result->len);
+ if (count != result->len) {
+ if (verbose)
+ PR_fprintf(pr_stderr, "Read failed\n");
+ goto file_loser;
+ }
+ retval = 0;
file_loser:
- PR_Close(file);
+ PR_Close(file);
loser:
- return retval;
+ return retval;
}
int
-main (int argc, char **argv)
+main(int argc, char **argv)
{
- int retval = 0; /* 0 - test succeeded. -1 - test failed */
- SECStatus rv;
- PLOptState *optstate;
- PLOptStatus optstatus;
- char *program_name;
- const char *input_file = NULL; /* read encrypted data from here (or create) */
- const char *output_file = NULL; /* write new encrypted data here */
- const char *value = default_value; /* Use this for plaintext */
- SECItem data;
- SECItem result = {0, 0, 0};
- SECItem text;
- PRBool ascii = PR_FALSE;
- secuPWData pwdata = { PW_NONE, 0 };
+ int retval = 0; /* 0 - test succeeded. -1 - test failed */
+ SECStatus rv;
+ PLOptState *optstate;
+ PLOptStatus optstatus;
+ char *program_name;
+ const char *input_file = NULL; /* read encrypted data from here (or create) */
+ const char *output_file = NULL; /* write new encrypted data here */
+ const char *value = default_value; /* Use this for plaintext */
+ SECItem data;
+ SECItem result = { 0, 0, 0 };
+ SECItem text;
+ PRBool ascii = PR_FALSE;
+ secuPWData pwdata = { PW_NONE, 0 };
pr_stderr = PR_STDERR;
result.data = 0;
- text.data = 0; text.len = 0;
+ text.data = 0;
+ text.len = 0;
program_name = PL_strrchr(argv[0], '/');
program_name = program_name ? (program_name + 1) : argv[0];
- optstate = PL_CreateOptState (argc, argv, "?Had:i:o:t:vf:p:");
+ optstate = PL_CreateOptState(argc, argv, "?Had:i:o:t:vf:p:");
if (optstate == NULL) {
- SECU_PrintError (program_name, "PL_CreateOptState failed");
- return -1;
+ SECU_PrintError(program_name, "PL_CreateOptState failed");
+ return -1;
}
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- short_usage (program_name);
- return retval;
-
- case 'H':
- long_usage (program_name);
- return retval;
-
- case 'a':
- ascii = PR_TRUE;
- break;
-
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
-
- case 'i':
- input_file = optstate->value;
- break;
-
- case 'o':
- output_file = optstate->value;
- break;
-
- case 't':
- value = optstate->value;
- break;
-
- case 'f':
- if (pwdata.data) {
- PORT_Free(pwdata.data);
- short_usage(program_name);
- return -1;
- }
- pwdata.source = PW_FROMFILE;
- pwdata.data = PORT_Strdup(optstate->value);
- break;
-
- case 'p':
- if (pwdata.data) {
- PORT_Free(pwdata.data);
- short_usage(program_name);
- return -1;
- }
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = PORT_Strdup(optstate->value);
- break;
-
- case 'v':
- verbose = PR_TRUE;
- break;
- }
+ switch (optstate->option) {
+ case '?':
+ short_usage(program_name);
+ return retval;
+
+ case 'H':
+ long_usage(program_name);
+ return retval;
+
+ case 'a':
+ ascii = PR_TRUE;
+ break;
+
+ case 'd':
+ SECU_ConfigDirectory(optstate->value);
+ break;
+
+ case 'i':
+ input_file = optstate->value;
+ break;
+
+ case 'o':
+ output_file = optstate->value;
+ break;
+
+ case 't':
+ value = optstate->value;
+ break;
+
+ case 'f':
+ if (pwdata.data) {
+ PORT_Free(pwdata.data);
+ short_usage(program_name);
+ return -1;
+ }
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
+
+ case 'p':
+ if (pwdata.data) {
+ PORT_Free(pwdata.data);
+ short_usage(program_name);
+ return -1;
+ }
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
+
+ case 'v':
+ verbose = PR_TRUE;
+ break;
+ }
}
PL_DestroyOptState(optstate);
if (optstatus == PL_OPT_BAD) {
- short_usage (program_name);
- return -1;
+ short_usage(program_name);
+ return -1;
}
if (!output_file && !input_file && value == default_value) {
- short_usage (program_name);
- PR_fprintf (pr_stderr, "Must specify at least one of -t, -i or -o \n");
- return -1;
+ short_usage(program_name);
+ PR_fprintf(pr_stderr, "Must specify at least one of -t, -i or -o \n");
+ return -1;
}
/*
@@ -240,14 +245,14 @@ main (int argc, char **argv)
PK11_SetPasswordFunc(SECU_GetModulePassword);
if (output_file) {
- rv = NSS_InitReadWrite(SECU_ConfigDirectory(NULL));
+ rv = NSS_InitReadWrite(SECU_ConfigDirectory(NULL));
} else {
- rv = NSS_Init(SECU_ConfigDirectory(NULL));
+ rv = NSS_Init(SECU_ConfigDirectory(NULL));
}
if (rv != SECSuccess) {
- SECU_PrintError(program_name, "NSS_Init failed");
- retval = -1;
- goto prdone;
+ SECU_PrintError(program_name, "NSS_Init failed");
+ retval = -1;
+ goto prdone;
}
/* Convert value into an item */
@@ -257,161 +262,166 @@ main (int argc, char **argv)
/* Get the encrypted result, either from the input file
* or from encrypting the plaintext value
*/
- if (input_file)
- {
- if (verbose) printf("Reading data from %s\n", input_file);
-
- if (!strcmp(input_file, "-")) {
- retval = readStdin(&result);
- ascii = PR_TRUE;
- } else {
- retval = readInputFile(input_file, &result);
- }
- if (retval != 0)
- goto loser;
- if (ascii) {
- /* input was base64 encoded. Decode it. */
- SECItem newResult = {0, 0, 0};
- SECItem *ok = NSSBase64_DecodeBuffer(NULL, &newResult,
- (const char *)result.data, result.len);
- if (!ok) {
- SECU_PrintError(program_name, "Base 64 decode failed");
- retval = -1;
- goto loser;
- }
- SECITEM_ZfreeItem(&result, PR_FALSE);
- result = *ok;
- }
- }
- else
- {
- SECItem keyid = { 0, 0, 0 };
- SECItem outBuf = { 0, 0, 0 };
- PK11SlotInfo *slot = NULL;
-
- /* sigh, initialize the key database */
- slot = PK11_GetInternalKeySlot();
- if (slot && PK11_NeedUserInit(slot)) {
- switch (pwdata.source) {
- case PW_FROMFILE:
- rv = SECU_ChangePW(slot, 0, pwdata.data);
- break;
- case PW_PLAINTEXT:
- rv = SECU_ChangePW(slot, pwdata.data, 0);
- break;
- default:
- rv = SECU_ChangePW(slot, "", 0);
- break;
- }
- if (rv != SECSuccess) {
- SECU_PrintError(program_name, "Failed to initialize slot \"%s\"",
- PK11_GetSlotName(slot));
- return SECFailure;
+ if (input_file) {
+ if (verbose)
+ printf("Reading data from %s\n", input_file);
+
+ if (!strcmp(input_file, "-")) {
+ retval = readStdin(&result);
+ ascii = PR_TRUE;
+ } else {
+ retval = readInputFile(input_file, &result);
}
- }
- if (slot) {
- PK11_FreeSlot(slot);
- }
-
- rv = PK11SDR_Encrypt(&keyid, &data, &result, &pwdata);
- if (rv != SECSuccess) {
- if (verbose)
- SECU_PrintError(program_name, "Encrypt operation failed\n");
- retval = -1;
- goto loser;
- }
-
- if (verbose) printf("Encrypted result is %d bytes long\n", result.len);
-
- if (!strcmp(output_file, "-")) {
- ascii = PR_TRUE;
- }
-
- if (ascii) {
- /* base64 encode output. */
- char * newResult = NSSBase64_EncodeItem(NULL, NULL, 0, &result);
- if (!newResult) {
- SECU_PrintError(program_name, "Base 64 encode failed\n");
- retval = -1;
- goto loser;
- }
- outBuf.data = (unsigned char *)newResult;
- outBuf.len = strlen(newResult);
- if (verbose)
- printf("Base 64 encoded result is %d bytes long\n", outBuf.len);
- } else {
- outBuf = result;
- }
-
- /* -v printf("Result is %.*s\n", text.len, text.data); */
- if (output_file) {
- PRFileDesc *file;
- PRInt32 count;
-
- if (verbose) printf("Writing result to %s\n", output_file);
- if (!strcmp(output_file, "-")) {
- file = PR_STDOUT;
- } else {
- /* Write to file */
- file = PR_Open(output_file, PR_CREATE_FILE|PR_WRONLY, 0666);
- }
- if (!file) {
- if (verbose)
- SECU_PrintError(program_name,
- "Open of output file %s failed\n",
- output_file);
+ if (retval != 0)
+ goto loser;
+ if (ascii) {
+ /* input was base64 encoded. Decode it. */
+ SECItem newResult = { 0, 0, 0 };
+ SECItem *ok = NSSBase64_DecodeBuffer(NULL, &newResult,
+ (const char *)result.data, result.len);
+ if (!ok) {
+ SECU_PrintError(program_name, "Base 64 decode failed");
+ retval = -1;
+ goto loser;
+ }
+ SECITEM_ZfreeItem(&result, PR_FALSE);
+ result = *ok;
+ }
+ } else {
+ SECItem keyid = { 0, 0, 0 };
+ SECItem outBuf = { 0, 0, 0 };
+ PK11SlotInfo *slot = NULL;
+
+ /* sigh, initialize the key database */
+ slot = PK11_GetInternalKeySlot();
+ if (slot && PK11_NeedUserInit(slot)) {
+ switch (pwdata.source) {
+ case PW_FROMFILE:
+ rv = SECU_ChangePW(slot, 0, pwdata.data);
+ break;
+ case PW_PLAINTEXT:
+ rv = SECU_ChangePW(slot, pwdata.data, 0);
+ break;
+ default:
+ rv = SECU_ChangePW(slot, "", 0);
+ break;
+ }
+ if (rv != SECSuccess) {
+ SECU_PrintError(program_name, "Failed to initialize slot \"%s\"",
+ PK11_GetSlotName(slot));
+ return SECFailure;
+ }
+ }
+ if (slot) {
+ PK11_FreeSlot(slot);
+ }
+
+ rv = PK11SDR_Encrypt(&keyid, &data, &result, &pwdata);
+ if (rv != SECSuccess) {
+ if (verbose)
+ SECU_PrintError(program_name, "Encrypt operation failed\n");
retval = -1;
goto loser;
- }
-
- count = PR_Write(file, outBuf.data, outBuf.len);
-
- if (file == PR_STDOUT) {
- puts("");
- } else {
- PR_Close(file);
- }
-
- if (count != outBuf.len) {
- if (verbose) SECU_PrintError(program_name, "Write failed\n");
- retval = -1;
- goto loser;
- }
- if (ascii) {
- free(outBuf.data);
- }
- }
+ }
+
+ if (verbose)
+ printf("Encrypted result is %d bytes long\n", result.len);
+
+ if (!strcmp(output_file, "-")) {
+ ascii = PR_TRUE;
+ }
+
+ if (ascii) {
+ /* base64 encode output. */
+ char *newResult = NSSBase64_EncodeItem(NULL, NULL, 0, &result);
+ if (!newResult) {
+ SECU_PrintError(program_name, "Base 64 encode failed\n");
+ retval = -1;
+ goto loser;
+ }
+ outBuf.data = (unsigned char *)newResult;
+ outBuf.len = strlen(newResult);
+ if (verbose)
+ printf("Base 64 encoded result is %d bytes long\n", outBuf.len);
+ } else {
+ outBuf = result;
+ }
+
+ /* -v printf("Result is %.*s\n", text.len, text.data); */
+ if (output_file) {
+ PRFileDesc *file;
+ PRInt32 count;
+
+ if (verbose)
+ printf("Writing result to %s\n", output_file);
+ if (!strcmp(output_file, "-")) {
+ file = PR_STDOUT;
+ } else {
+ /* Write to file */
+ file = PR_Open(output_file, PR_CREATE_FILE | PR_WRONLY, 0666);
+ }
+ if (!file) {
+ if (verbose)
+ SECU_PrintError(program_name,
+ "Open of output file %s failed\n",
+ output_file);
+ retval = -1;
+ goto loser;
+ }
+
+ count = PR_Write(file, outBuf.data, outBuf.len);
+
+ if (file == PR_STDOUT) {
+ puts("");
+ } else {
+ PR_Close(file);
+ }
+
+ if (count != outBuf.len) {
+ if (verbose)
+ SECU_PrintError(program_name, "Write failed\n");
+ retval = -1;
+ goto loser;
+ }
+ if (ascii) {
+ free(outBuf.data);
+ }
+ }
}
/* Decrypt the value */
rv = PK11SDR_Decrypt(&result, &text, &pwdata);
if (rv != SECSuccess) {
- if (verbose) SECU_PrintError(program_name, "Decrypt operation failed\n");
- retval = -1;
- goto loser;
+ if (verbose)
+ SECU_PrintError(program_name, "Decrypt operation failed\n");
+ retval = -1;
+ goto loser;
}
- if (verbose) printf("Decrypted result is \"%.*s\"\n", text.len, text.data);
+ if (verbose)
+ printf("Decrypted result is \"%.*s\"\n", text.len, text.data);
/* Compare to required value */
- if (text.len != data.len || memcmp(data.data, text.data, text.len) != 0)
- {
- if (verbose) PR_fprintf(pr_stderr, "Comparison failed\n");
- retval = -1;
- goto loser;
+ if (text.len != data.len || memcmp(data.data, text.data, text.len) != 0) {
+ if (verbose)
+ PR_fprintf(pr_stderr, "Comparison failed\n");
+ retval = -1;
+ goto loser;
}
loser:
- if (text.data) SECITEM_ZfreeItem(&text, PR_FALSE);
- if (result.data) SECITEM_ZfreeItem(&result, PR_FALSE);
+ if (text.data)
+ SECITEM_ZfreeItem(&text, PR_FALSE);
+ if (result.data)
+ SECITEM_ZfreeItem(&result, PR_FALSE);
if (NSS_Shutdown() != SECSuccess) {
- exit(1);
+ exit(1);
}
prdone:
- PR_Cleanup ();
+ PR_Cleanup();
if (pwdata.data) {
- PORT_Free(pwdata.data);
+ PORT_Free(pwdata.data);
}
return retval;
}
diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c
index ca6d0eb10..bf85d1637 100644
--- a/cmd/selfserv/selfserv.c
+++ b/cmd/selfserv/selfserv.c
@@ -3,10 +3,10 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* -r flag is interepreted as follows:
- * 1 -r means request, not require, on initial handshake.
- * 2 -r's mean request and require, on initial handshake.
- * 3 -r's mean request, not require, on second handshake.
- * 4 -r's mean request and require, on second handshake.
+ * 1 -r means request, not require, on initial handshake.
+ * 2 -r's mean request and require, on initial handshake.
+ * 3 -r's mean request, not require, on second handshake.
+ * 4 -r's mean request and require, on second handshake.
*/
#include <stdio.h>
#include <string.h>
@@ -18,7 +18,7 @@
#endif
#if defined(_WINDOWS)
-#include <process.h> /* for getpid() */
+#include <process.h> /* for getpid() */
#endif
#include <signal.h>
@@ -56,17 +56,17 @@
int NumSidCacheEntries = 1024;
-static int handle_connection( PRFileDesc *, PRFileDesc *, int );
+static int handle_connection(PRFileDesc *, PRFileDesc *, int);
static const char envVarName[] = { SSL_ENV_VAR_NAME };
static const char inheritableSockName[] = { "SELFSERV_LISTEN_SOCKET" };
#define DEFAULT_BULK_TEST 16384
-#define MAX_BULK_TEST 1048576 /* 1 MB */
+#define MAX_BULK_TEST 1048576 /* 1 MB */
static PRBool testBulk;
-static PRUint32 testBulkSize = DEFAULT_BULK_TEST;
+static PRUint32 testBulkSize = DEFAULT_BULK_TEST;
static PRInt32 testBulkTotal;
-static char* testBulkBuf;
+static char *testBulkBuf;
static PRDescIdentity log_layer_id = PR_INVALID_IO_LAYER;
static PRFileDesc *loggingFD;
static PRIOMethods loggingMethods;
@@ -88,135 +88,143 @@ static enum ocspStaplingModeEnum {
osm_corrupted, /* supply a corrupted data block as the status */
osm_random, /* use a random response for each connection */
osm_ocsp /* retrieve ocsp status from external ocsp server,
- use empty status if server is unavailable */
+ use empty status if server is unavailable */
} ocspStaplingMode = osm_disabled;
typedef enum ocspStaplingModeEnum ocspStaplingModeType;
static char *ocspStaplingCA = NULL;
static SECItemArray *certStatus[kt_kea_size] = { NULL };
const int ssl3CipherSuites[] = {
- -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
- -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
- TLS_RSA_WITH_RC4_128_MD5, /* c */
- TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
- TLS_RSA_WITH_DES_CBC_SHA, /* e */
- TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
- -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
- TLS_RSA_WITH_NULL_MD5, /* i */
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
- SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
- TLS_RSA_WITH_RC4_128_SHA, /* n */
- TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
- TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
- TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
- TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
- TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
- TLS_RSA_WITH_NULL_SHA, /* z */
+ -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
+ TLS_RSA_WITH_RC4_128_MD5, /* c */
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
+ TLS_RSA_WITH_DES_CBC_SHA, /* e */
+ TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
+ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
+ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
+ TLS_RSA_WITH_NULL_MD5, /* i */
+ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
+ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
+ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
+ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
+ TLS_RSA_WITH_RC4_128_SHA, /* n */
+ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+ TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
+ TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
+ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
+ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
+ TLS_RSA_WITH_NULL_SHA, /* z */
0
};
/* data and structures for shutdown */
-static int stopping;
+static int stopping;
-static PRBool noDelay;
-static int requestCert;
-static int verbose;
-static SECItem bigBuf;
-static int configureDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/
+static PRBool noDelay;
+static int requestCert;
+static int verbose;
+static SECItem bigBuf;
+static int configureDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/
static int configureReuseECDHE = -1; /* -1: don't configure, 0 refresh, >=1 reuse*/
-static int configureWeakDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/
+static int configureWeakDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/
-static PRThread * acceptorThread;
+static PRThread *acceptorThread;
static PRLogModuleInfo *lm;
-#define PRINTF if (verbose) printf
-#define FPRINTF if (verbose) fprintf
-#define FLUSH if (verbose) { fflush(stdout); fflush(stderr); }
-#define VLOG(arg) PR_LOG(lm,PR_LOG_DEBUG,arg)
+#define PRINTF \
+ if (verbose) \
+ printf
+#define FPRINTF \
+ if (verbose) \
+ fprintf
+#define FLUSH \
+ if (verbose) { \
+ fflush(stdout); \
+ fflush(stderr); \
+ }
+#define VLOG(arg) PR_LOG(lm, PR_LOG_DEBUG, arg)
static void
PrintUsageHeader(const char *progName)
{
- fprintf(stderr,
-"Usage: %s -n rsa_nickname -p port [-BDENRbjlmrsuvx] [-w password]\n"
-" [-t threads] [-i pid_file] [-c ciphers] [-Y] [-d dbdir] [-g numblocks]\n"
-" [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
-" [-V [min-version]:[max-version]] [-a sni_name]\n"
-" [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n"
-" [-C SSLCacheEntries] [-S dsa_nickname]"
+ fprintf(stderr,
+ "Usage: %s -n rsa_nickname -p port [-BDENRbjlmrsuvx] [-w password]\n"
+ " [-t threads] [-i pid_file] [-c ciphers] [-Y] [-d dbdir] [-g numblocks]\n"
+ " [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
+ " [-V [min-version]:[max-version]] [-a sni_name]\n"
+ " [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n"
+ " [-C SSLCacheEntries] [-S dsa_nickname]"
#ifndef NSS_DISABLE_ECC
- " [-e ec_nickname]"
+ " [-e ec_nickname]"
#endif /* NSS_DISABLE_ECC */
-"\n"
-" -U [0|1] -H [0|1] -W [0|1]\n"
- ,progName);
+ "\n"
+ " -U [0|1] -H [0|1] -W [0|1]\n",
+ progName);
}
static void
PrintParameterUsage()
{
fputs(
-"-V [min]:[max] restricts the set of enabled SSL/TLS protocol versions.\n"
-" All versions are enabled by default.\n"
-" Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
-" Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
-"-B bypasses the PKCS11 layer for SSL encryption and MACing\n"
-"-q checks for bypassability\n"
-"-D means disable Nagle delays in TCP\n"
-"-E means disable export ciphersuites and SSL step down key gen\n"
-"-R means disable detection of rollback from TLS to SSL3\n"
-"-a configure server for SNI.\n"
-"-k expected name negotiated on server sockets\n"
-"-b means try binding to the port and exit\n"
-"-m means test the model-socket feature of SSL_ImportFD.\n"
-"-r flag is interepreted as follows:\n"
-" 1 -r means request, not require, cert on initial handshake.\n"
-" 2 -r's mean request and require, cert on initial handshake.\n"
-" 3 -r's mean request, not require, cert on second handshake.\n"
-" 4 -r's mean request and require, cert on second handshake.\n"
-"-s means disable SSL socket locking for performance\n"
-"-u means enable Session Ticket extension for TLS.\n"
-"-v means verbose output\n"
-"-x means use export policy.\n"
-"-z means enable compression.\n"
-"-L seconds means log statistics every 'seconds' seconds (default=30).\n"
-"-M maxProcs tells how many processes to run in a multi-process server\n"
-"-N means do NOT use the server session cache. Incompatible with -M.\n"
-"-t threads -- specify the number of threads to use for connections.\n"
-"-i pid_file file to write the process id of selfserve\n"
-"-l means use local threads instead of global threads\n"
-"-g numblocks means test throughput by sending total numblocks chunks\n"
-" of size 16kb to the client, 0 means unlimited (default=0)\n"
-"-j means measure TCP throughput (for use with -g option)\n"
-"-C SSLCacheEntries sets the maximum number of entries in the SSL\n"
-" session cache\n"
-"-T <mode> enable OCSP stapling. Possible modes:\n"
-" none: don't send cert status (default)\n"
-" good, revoked, unknown: Include locally signed response. Requires: -A\n"
-" failure: return a failure response (try later, unsigned)\n"
-" badsig: use a good status but with an invalid signature\n"
-" corrupted: stapled cert status is an invalid block of data\n"
-" random: each connection uses a random status from this list:\n"
-" good, revoked, unknown, failure, badsig, corrupted\n"
-" ocsp: fetch from external OCSP server using AIA, or none\n"
-"-A <ca> Nickname of a CA used to sign a stapled cert status\n"
-"-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n"
-"-H override default DHE server support, 0: disable, 1: enable\n"
-"-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
-"-c Restrict ciphers\n"
-"-Y prints cipher values allowed for parameter -c and exits\n"
-"-G enables the extended master secret extension [RFC7627]\n"
- , stderr);
+ "-V [min]:[max] restricts the set of enabled SSL/TLS protocol versions.\n"
+ " All versions are enabled by default.\n"
+ " Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
+ " Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
+ "-B bypasses the PKCS11 layer for SSL encryption and MACing\n"
+ "-q checks for bypassability\n"
+ "-D means disable Nagle delays in TCP\n"
+ "-E means disable export ciphersuites and SSL step down key gen\n"
+ "-R means disable detection of rollback from TLS to SSL3\n"
+ "-a configure server for SNI.\n"
+ "-k expected name negotiated on server sockets\n"
+ "-b means try binding to the port and exit\n"
+ "-m means test the model-socket feature of SSL_ImportFD.\n"
+ "-r flag is interepreted as follows:\n"
+ " 1 -r means request, not require, cert on initial handshake.\n"
+ " 2 -r's mean request and require, cert on initial handshake.\n"
+ " 3 -r's mean request, not require, cert on second handshake.\n"
+ " 4 -r's mean request and require, cert on second handshake.\n"
+ "-s means disable SSL socket locking for performance\n"
+ "-u means enable Session Ticket extension for TLS.\n"
+ "-v means verbose output\n"
+ "-x means use export policy.\n"
+ "-z means enable compression.\n"
+ "-L seconds means log statistics every 'seconds' seconds (default=30).\n"
+ "-M maxProcs tells how many processes to run in a multi-process server\n"
+ "-N means do NOT use the server session cache. Incompatible with -M.\n"
+ "-t threads -- specify the number of threads to use for connections.\n"
+ "-i pid_file file to write the process id of selfserve\n"
+ "-l means use local threads instead of global threads\n"
+ "-g numblocks means test throughput by sending total numblocks chunks\n"
+ " of size 16kb to the client, 0 means unlimited (default=0)\n"
+ "-j means measure TCP throughput (for use with -g option)\n"
+ "-C SSLCacheEntries sets the maximum number of entries in the SSL\n"
+ " session cache\n"
+ "-T <mode> enable OCSP stapling. Possible modes:\n"
+ " none: don't send cert status (default)\n"
+ " good, revoked, unknown: Include locally signed response. Requires: -A\n"
+ " failure: return a failure response (try later, unsigned)\n"
+ " badsig: use a good status but with an invalid signature\n"
+ " corrupted: stapled cert status is an invalid block of data\n"
+ " random: each connection uses a random status from this list:\n"
+ " good, revoked, unknown, failure, badsig, corrupted\n"
+ " ocsp: fetch from external OCSP server using AIA, or none\n"
+ "-A <ca> Nickname of a CA used to sign a stapled cert status\n"
+ "-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n"
+ "-H override default DHE server support, 0: disable, 1: enable\n"
+ "-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
+ "-c Restrict ciphers\n"
+ "-Y prints cipher values allowed for parameter -c and exits\n"
+ "-G enables the extended master secret extension [RFC7627]\n",
+ stderr);
}
static void
@@ -231,40 +239,40 @@ PrintCipherUsage(const char *progName)
{
PrintUsageHeader(progName);
fputs(
-"-c ciphers Letter(s) chosen from the following list\n"
-"c SSL3 RSA WITH RC4 128 MD5\n"
-"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
-"e SSL3 RSA WITH DES CBC SHA\n"
-"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
-"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
-"i SSL3 RSA WITH NULL MD5\n"
-"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
-"k SSL3 RSA FIPS WITH DES CBC SHA\n"
-"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
-"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n"
-"n SSL3 RSA WITH RC4 128 SHA\n"
-"o TLS_DHE_DSS_WITH_RC4_128_SHA\n"
-"p TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n"
-"q TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\n"
-"r TLS_DHE_RSA_WITH_DES_CBC_SHA\n"
-"s TLS_DHE_DSS_WITH_DES_CBC_SHA\n"
-"t TLS_DHE_DSS_WITH_AES_128_CBC_SHA\n"
-"u TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n"
-"v SSL3 RSA WITH AES 128 CBC SHA\n"
-"w TLS_DHE_DSS_WITH_AES_256_CBC_SHA\n"
-"x TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n"
-"y SSL3 RSA WITH AES 256 CBC SHA\n"
-"z SSL3 RSA WITH NULL SHA\n"
-"\n"
-":WXYZ Use cipher with hex code { 0xWX , 0xYZ } in TLS\n"
- , stderr);
+ "-c ciphers Letter(s) chosen from the following list\n"
+ "c SSL3 RSA WITH RC4 128 MD5\n"
+ "d SSL3 RSA WITH 3DES EDE CBC SHA\n"
+ "e SSL3 RSA WITH DES CBC SHA\n"
+ "f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
+ "g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
+ "i SSL3 RSA WITH NULL MD5\n"
+ "j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
+ "k SSL3 RSA FIPS WITH DES CBC SHA\n"
+ "l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
+ "m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n"
+ "n SSL3 RSA WITH RC4 128 SHA\n"
+ "o TLS_DHE_DSS_WITH_RC4_128_SHA\n"
+ "p TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n"
+ "q TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\n"
+ "r TLS_DHE_RSA_WITH_DES_CBC_SHA\n"
+ "s TLS_DHE_DSS_WITH_DES_CBC_SHA\n"
+ "t TLS_DHE_DSS_WITH_AES_128_CBC_SHA\n"
+ "u TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n"
+ "v SSL3 RSA WITH AES 128 CBC SHA\n"
+ "w TLS_DHE_DSS_WITH_AES_256_CBC_SHA\n"
+ "x TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n"
+ "y SSL3 RSA WITH AES 256 CBC SHA\n"
+ "z SSL3 RSA WITH NULL SHA\n"
+ "\n"
+ ":WXYZ Use cipher with hex code { 0xWX , 0xYZ } in TLS\n",
+ stderr);
}
static const char *
-errWarn(char * funcString)
+errWarn(char *funcString)
{
- PRErrorCode perr = PR_GetError();
- const char * errString = SECU_Strerror(perr);
+ PRErrorCode perr = PR_GetError();
+ const char *errString = SECU_Strerror(perr);
fprintf(stderr, "selfserv: %s returned error %d:\n%s\n",
funcString, perr, errString);
@@ -272,15 +280,14 @@ errWarn(char * funcString)
}
static void
-errExit(char * funcString)
+errExit(char *funcString)
{
errWarn(funcString);
exit(3);
}
-
/**************************************************************************
-**
+**
** Routines for disabling SSL ciphers.
**
**************************************************************************/
@@ -290,17 +297,17 @@ void
disableAllSSLCiphers(void)
{
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
- int i = SSL_NumImplementedCiphers;
- SECStatus rv;
+ int i = SSL_NumImplementedCiphers;
+ SECStatus rv;
while (--i >= 0) {
- PRUint16 suite = cipherSuites[i];
+ PRUint16 suite = cipherSuites[i];
rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
- if (rv != SECSuccess) {
- printf("SSL_CipherPrefSetDefault rejected suite 0x%04x (i = %d)\n",
- suite, i);
- errWarn("SSL_CipherPrefSetDefault");
- }
+ if (rv != SECSuccess) {
+ printf("SSL_CipherPrefSetDefault rejected suite 0x%04x (i = %d)\n",
+ suite, i);
+ errWarn("SSL_CipherPrefSetDefault");
+ }
}
}
@@ -309,52 +316,52 @@ SECStatus
disableExportSSLCiphers(void)
{
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
- int i = SSL_NumImplementedCiphers;
- SECStatus rv = SECSuccess;
+ int i = SSL_NumImplementedCiphers;
+ SECStatus rv = SECSuccess;
SSLCipherSuiteInfo info;
while (--i >= 0) {
- PRUint16 suite = cipherSuites[i];
- SECStatus status;
- status = SSL_GetCipherSuiteInfo(suite, &info, sizeof info);
- if (status != SECSuccess) {
- printf("SSL_GetCipherSuiteInfo rejected suite 0x%04x (i = %d)\n",
- suite, i);
- errWarn("SSL_GetCipherSuiteInfo");
- rv = SECFailure;
- continue;
- }
- if (info.cipherSuite != suite) {
- printf(
-"SSL_GetCipherSuiteInfo returned wrong suite! Wanted 0x%04x, Got 0x%04x\n",
- suite, i);
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- rv = SECFailure;
- continue;
- }
- /* should check here that info.length >= offsetof isExportable */
- if (info.isExportable) {
- status = SSL_CipherPolicySet(suite, SSL_NOT_ALLOWED);
- if (status != SECSuccess) {
- printf("SSL_CipherPolicySet rejected suite 0x%04x (i = %d)\n",
- suite, i);
- errWarn("SSL_CipherPolicySet");
- rv = SECFailure;
- }
- }
+ PRUint16 suite = cipherSuites[i];
+ SECStatus status;
+ status = SSL_GetCipherSuiteInfo(suite, &info, sizeof info);
+ if (status != SECSuccess) {
+ printf("SSL_GetCipherSuiteInfo rejected suite 0x%04x (i = %d)\n",
+ suite, i);
+ errWarn("SSL_GetCipherSuiteInfo");
+ rv = SECFailure;
+ continue;
+ }
+ if (info.cipherSuite != suite) {
+ printf(
+ "SSL_GetCipherSuiteInfo returned wrong suite! Wanted 0x%04x, Got 0x%04x\n",
+ suite, i);
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ rv = SECFailure;
+ continue;
+ }
+ /* should check here that info.length >= offsetof isExportable */
+ if (info.isExportable) {
+ status = SSL_CipherPolicySet(suite, SSL_NOT_ALLOWED);
+ if (status != SECSuccess) {
+ printf("SSL_CipherPolicySet rejected suite 0x%04x (i = %d)\n",
+ suite, i);
+ errWarn("SSL_CipherPolicySet");
+ rv = SECFailure;
+ }
+ }
}
return rv;
}
static SECStatus
mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
- PRBool isServer)
+ PRBool isServer)
{
SECStatus rv;
- CERTCertificate * peerCert;
+ CERTCertificate *peerCert;
peerCert = SSL_PeerCertificate(fd);
-
+
if (peerCert) {
PRINTF("selfserv: Subject: %s\nselfserv: Issuer : %s\n",
peerCert->subjectName, peerCert->issuerName);
@@ -364,63 +371,63 @@ mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
rv = SSL_AuthCertificate(arg, fd, checkSig, isServer);
if (rv == SECSuccess) {
- PRINTF("selfserv: -- SSL3: Certificate Validated.\n");
+ PRINTF("selfserv: -- SSL3: Certificate Validated.\n");
} else {
- int err = PR_GetError();
- FPRINTF(stderr, "selfserv: -- SSL3: Certificate Invalid, err %d.\n%s\n",
+ int err = PR_GetError();
+ FPRINTF(stderr, "selfserv: -- SSL3: Certificate Invalid, err %d.\n%s\n",
err, SECU_Strerror(err));
}
FLUSH;
- return rv;
+ return rv;
}
void
printSSLStatistics()
{
- SSL3Statistics * ssl3stats = SSL_GetStatistics();
+ SSL3Statistics *ssl3stats = SSL_GetStatistics();
printf(
- "selfserv: %ld cache hits; %ld cache misses, %ld cache not reusable\n"
- " %ld stateless resumes, %ld ticket parse failures\n",
- ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
- ssl3stats->hch_sid_cache_not_ok, ssl3stats->hch_sid_stateless_resumes,
- ssl3stats->hch_sid_ticket_parse_failures);
+ "selfserv: %ld cache hits; %ld cache misses, %ld cache not reusable\n"
+ " %ld stateless resumes, %ld ticket parse failures\n",
+ ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
+ ssl3stats->hch_sid_cache_not_ok, ssl3stats->hch_sid_stateless_resumes,
+ ssl3stats->hch_sid_ticket_parse_failures);
}
-void
+void
printSecurityInfo(PRFileDesc *fd)
{
- CERTCertificate * cert = NULL;
- SECStatus result;
- SSLChannelInfo channel;
+ CERTCertificate *cert = NULL;
+ SECStatus result;
+ SSLChannelInfo channel;
SSLCipherSuiteInfo suite;
if (verbose)
- printSSLStatistics();
+ printSSLStatistics();
result = SSL_GetChannelInfo(fd, &channel, sizeof channel);
- if (result == SECSuccess &&
- channel.length == sizeof channel &&
- channel.cipherSuite) {
- result = SSL_GetCipherSuiteInfo(channel.cipherSuite,
- &suite, sizeof suite);
- if (result == SECSuccess) {
- FPRINTF(stderr,
- "selfserv: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n",
- channel.protocolVersion >> 8, channel.protocolVersion & 0xff,
- suite.effectiveKeyBits, suite.symCipherName,
- suite.macBits, suite.macAlgorithmName);
- FPRINTF(stderr,
- "selfserv: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n"
- " Compression: %s, Extended Master Secret: %s\n",
- channel.authKeyBits, suite.authAlgorithmName,
- channel.keaKeyBits, suite.keaTypeName,
- channel.compressionMethodName,
- channel.extendedMasterSecretUsed ? "Yes": "No");
- }
+ if (result == SECSuccess &&
+ channel.length == sizeof channel &&
+ channel.cipherSuite) {
+ result = SSL_GetCipherSuiteInfo(channel.cipherSuite,
+ &suite, sizeof suite);
+ if (result == SECSuccess) {
+ FPRINTF(stderr,
+ "selfserv: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n",
+ channel.protocolVersion >> 8, channel.protocolVersion & 0xff,
+ suite.effectiveKeyBits, suite.symCipherName,
+ suite.macBits, suite.macAlgorithmName);
+ FPRINTF(stderr,
+ "selfserv: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n"
+ " Compression: %s, Extended Master Secret: %s\n",
+ channel.authKeyBits, suite.authAlgorithmName,
+ channel.keaKeyBits, suite.keaTypeName,
+ channel.compressionMethodName,
+ channel.extendedMasterSecretUsed ? "Yes" : "No");
+ }
}
if (verbose) {
- SECItem *hostInfo = SSL_GetNegotiatedHostInfo(fd);
+ SECItem *hostInfo = SSL_GetNegotiatedHostInfo(fd);
if (hostInfo) {
char namePref[] = "selfserv: Negotiated server name: ";
@@ -432,22 +439,22 @@ printSecurityInfo(PRFileDesc *fd)
}
}
if (requestCert)
- cert = SSL_PeerCertificate(fd);
+ cert = SSL_PeerCertificate(fd);
else
- cert = SSL_LocalCertificate(fd);
+ cert = SSL_LocalCertificate(fd);
if (cert) {
- char * ip = CERT_NameToAscii(&cert->issuer);
- char * sp = CERT_NameToAscii(&cert->subject);
+ char *ip = CERT_NameToAscii(&cert->issuer);
+ char *sp = CERT_NameToAscii(&cert->subject);
if (sp) {
- FPRINTF(stderr, "selfserv: subject DN: %s\n", sp);
- PORT_Free(sp);
- }
+ FPRINTF(stderr, "selfserv: subject DN: %s\n", sp);
+ PORT_Free(sp);
+ }
if (ip) {
- FPRINTF(stderr, "selfserv: issuer DN: %s\n", ip);
- PORT_Free(ip);
- }
- CERT_DestroyCertificate(cert);
- cert = NULL;
+ FPRINTF(stderr, "selfserv: issuer DN: %s\n", ip);
+ PORT_Free(ip);
+ }
+ CERT_DestroyCertificate(cert);
+ cert = NULL;
}
FLUSH;
}
@@ -455,41 +462,41 @@ printSecurityInfo(PRFileDesc *fd)
static int MakeCertOK;
static SECStatus
-myBadCertHandler( void *arg, PRFileDesc *fd)
+myBadCertHandler(void *arg, PRFileDesc *fd)
{
int err = PR_GetError();
if (!MakeCertOK)
- fprintf(stderr,
- "selfserv: -- SSL: Client Certificate Invalid, err %d.\n%s\n",
- err, SECU_Strerror(err));
+ fprintf(stderr,
+ "selfserv: -- SSL: Client Certificate Invalid, err %d.\n%s\n",
+ err, SECU_Strerror(err));
return (MakeCertOK ? SECSuccess : SECFailure);
}
-#define MAX_VIRT_SERVER_NAME_ARRAY_INDEX 10
+#define MAX_VIRT_SERVER_NAME_ARRAY_INDEX 10
/* Simple SNI socket config function that does not use SSL_ReconfigFD.
* Only uses one server name but verifies that the names match. */
-PRInt32
+PRInt32
mySSLSNISocketConfig(PRFileDesc *fd, const SECItem *sniNameArr,
PRUint32 sniNameArrSize, void *arg)
{
- PRInt32 i = 0;
+ PRInt32 i = 0;
const SECItem *current = sniNameArr;
- const char **nameArr = (const char**)arg;
+ const char **nameArr = (const char **)arg;
secuPWData *pwdata;
- CERTCertificate * cert = NULL;
- SECKEYPrivateKey * privKey = NULL;
+ CERTCertificate *cert = NULL;
+ SECKEYPrivateKey *privKey = NULL;
PORT_Assert(fd && sniNameArr);
if (!fd || !sniNameArr) {
- return SSL_SNI_SEND_ALERT;
+ return SSL_SNI_SEND_ALERT;
}
pwdata = SSL_RevealPinArg(fd);
- for (;current && (PRUint32)i < sniNameArrSize;i++) {
+ for (; current && (PRUint32)i < sniNameArrSize; i++) {
unsigned int j = 0;
- for (;j < MAX_VIRT_SERVER_NAME_ARRAY_INDEX && nameArr[j];j++) {
+ for (; j < MAX_VIRT_SERVER_NAME_ARRAY_INDEX && nameArr[j]; j++) {
if (!PORT_Strncmp(nameArr[j],
(const char *)current[i].data,
current[i].len) &&
@@ -529,7 +536,6 @@ loser:
return SSL_SNI_SEND_ALERT;
}
-
/**************************************************************************
** Begin thread management routines and data.
**************************************************************************/
@@ -537,24 +543,23 @@ loser:
#define DEFAULT_THREADS 8
#define MAX_THREADS 4096
#define MAX_PROCS 25
-static int maxThreads = DEFAULT_THREADS;
-
+static int maxThreads = DEFAULT_THREADS;
typedef struct jobStr {
- PRCList link;
+ PRCList link;
PRFileDesc *tcp_sock;
PRFileDesc *model_sock;
- int requestCert;
+ int requestCert;
} JOB;
-static PZLock * qLock; /* this lock protects all data immediately below */
-static PRLock * lastLoadedCrlLock; /* this lock protects lastLoadedCrl variable */
-static PZCondVar * jobQNotEmptyCv;
-static PZCondVar * freeListNotEmptyCv;
-static PZCondVar * threadCountChangeCv;
-static int threadCount;
-static PRCList jobQ;
-static PRCList freeJobs;
+static PZLock *qLock; /* this lock protects all data immediately below */
+static PRLock *lastLoadedCrlLock; /* this lock protects lastLoadedCrl variable */
+static PZCondVar *jobQNotEmptyCv;
+static PZCondVar *freeListNotEmptyCv;
+static PZCondVar *threadCountChangeCv;
+static int threadCount;
+static PRCList jobQ;
+static PRCList freeJobs;
static JOB *jobTable;
SECStatus
@@ -564,40 +569,42 @@ setupJobs(int maxJobs)
jobTable = (JOB *)PR_Calloc(maxJobs, sizeof(JOB));
if (!jobTable)
- return SECFailure;
+ return SECFailure;
PR_INIT_CLIST(&jobQ);
PR_INIT_CLIST(&freeJobs);
for (i = 0; i < maxJobs; ++i) {
- JOB * pJob = jobTable + i;
- PR_APPEND_LINK(&pJob->link, &freeJobs);
+ JOB *pJob = jobTable + i;
+ PR_APPEND_LINK(&pJob->link, &freeJobs);
}
return SECSuccess;
}
typedef int startFn(PRFileDesc *a, PRFileDesc *b, int c);
-typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState;
+typedef enum { rs_idle = 0,
+ rs_running = 1,
+ rs_zombie = 2 } runState;
typedef struct perThreadStr {
PRFileDesc *a;
PRFileDesc *b;
- int c;
- int rv;
- startFn * startFunc;
- PRThread * prThread;
- runState state;
+ int c;
+ int rv;
+ startFn *startFunc;
+ PRThread *prThread;
+ runState state;
} perThread;
static perThread *threads;
void
-thread_wrapper(void * arg)
+thread_wrapper(void *arg)
{
- perThread * slot = (perThread *)arg;
+ perThread *slot = (perThread *)arg;
- slot->rv = (* slot->startFunc)(slot->a, slot->b, slot->c);
+ slot->rv = (*slot->startFunc)(slot->a, slot->b, slot->c);
/* notify the thread exit handler. */
PZ_Lock(qLock);
@@ -607,103 +614,110 @@ thread_wrapper(void * arg)
PZ_Unlock(qLock);
}
-int
+int
jobLoop(PRFileDesc *a, PRFileDesc *b, int c)
{
- PRCList * myLink = 0;
- JOB * myJob;
+ PRCList *myLink = 0;
+ JOB *myJob;
PZ_Lock(qLock);
do {
- myLink = 0;
- while (PR_CLIST_IS_EMPTY(&jobQ) && !stopping) {
+ myLink = 0;
+ while (PR_CLIST_IS_EMPTY(&jobQ) && !stopping) {
PZ_WaitCondVar(jobQNotEmptyCv, PR_INTERVAL_NO_TIMEOUT);
- }
- if (!PR_CLIST_IS_EMPTY(&jobQ)) {
- myLink = PR_LIST_HEAD(&jobQ);
- PR_REMOVE_AND_INIT_LINK(myLink);
- }
- PZ_Unlock(qLock);
- myJob = (JOB *)myLink;
- /* myJob will be null when stopping is true and jobQ is empty */
- if (!myJob)
- break;
- handle_connection( myJob->tcp_sock, myJob->model_sock,
- myJob->requestCert);
- PZ_Lock(qLock);
- PR_APPEND_LINK(myLink, &freeJobs);
- PZ_NotifyCondVar(freeListNotEmptyCv);
+ }
+ if (!PR_CLIST_IS_EMPTY(&jobQ)) {
+ myLink = PR_LIST_HEAD(&jobQ);
+ PR_REMOVE_AND_INIT_LINK(myLink);
+ }
+ PZ_Unlock(qLock);
+ myJob = (JOB *)myLink;
+ /* myJob will be null when stopping is true and jobQ is empty */
+ if (!myJob)
+ break;
+ handle_connection(myJob->tcp_sock, myJob->model_sock,
+ myJob->requestCert);
+ PZ_Lock(qLock);
+ PR_APPEND_LINK(myLink, &freeJobs);
+ PZ_NotifyCondVar(freeListNotEmptyCv);
} while (PR_TRUE);
return 0;
}
-
SECStatus
launch_threads(
- startFn *startFunc,
+ startFn *startFunc,
PRFileDesc *a,
PRFileDesc *b,
- int c,
- PRBool local)
+ int c,
+ PRBool local)
{
int i;
SECStatus rv = SECSuccess;
/* create the thread management serialization structs */
- qLock = PZ_NewLock(nssILockSelfServ);
- jobQNotEmptyCv = PZ_NewCondVar(qLock);
- freeListNotEmptyCv = PZ_NewCondVar(qLock);
+ qLock = PZ_NewLock(nssILockSelfServ);
+ jobQNotEmptyCv = PZ_NewCondVar(qLock);
+ freeListNotEmptyCv = PZ_NewCondVar(qLock);
threadCountChangeCv = PZ_NewCondVar(qLock);
/* create monitor for crl reload procedure */
- lastLoadedCrlLock = PR_NewLock();
+ lastLoadedCrlLock = PR_NewLock();
/* allocate the array of thread slots */
threads = PR_Calloc(maxThreads, sizeof(perThread));
- if ( NULL == threads ) {
+ if (NULL == threads) {
fprintf(stderr, "Oh Drat! Can't allocate the perThread array\n");
return SECFailure;
}
- /* 5 is a little extra, intended to keep the jobQ from underflowing.
+ /* 5 is a little extra, intended to keep the jobQ from underflowing.
** That is, from going empty while not stopping and clients are still
** trying to contact us.
*/
rv = setupJobs(maxThreads + 5);
if (rv != SECSuccess)
- return rv;
+ return rv;
PZ_Lock(qLock);
for (i = 0; i < maxThreads; ++i) {
- perThread * slot = threads + i;
-
- slot->state = rs_running;
- slot->a = a;
- slot->b = b;
- slot->c = c;
- slot->startFunc = startFunc;
- slot->prThread = PR_CreateThread(PR_USER_THREAD,
- thread_wrapper, slot, PR_PRIORITY_NORMAL,
- (PR_TRUE==local)?PR_LOCAL_THREAD:PR_GLOBAL_THREAD,
- PR_UNJOINABLE_THREAD, 0);
- if (slot->prThread == NULL) {
- printf("selfserv: Failed to launch thread!\n");
- slot->state = rs_idle;
- rv = SECFailure;
- break;
- }
-
- ++threadCount;
- }
- PZ_Unlock(qLock);
+ perThread *slot = threads + i;
+
+ slot->state = rs_running;
+ slot->a = a;
+ slot->b = b;
+ slot->c = c;
+ slot->startFunc = startFunc;
+ slot->prThread = PR_CreateThread(PR_USER_THREAD,
+ thread_wrapper, slot, PR_PRIORITY_NORMAL,
+ (PR_TRUE ==
+ local)
+ ? PR_LOCAL_THREAD
+ : PR_GLOBAL_THREAD,
+ PR_UNJOINABLE_THREAD, 0);
+ if (slot->prThread == NULL) {
+ printf("selfserv: Failed to launch thread!\n");
+ slot->state = rs_idle;
+ rv = SECFailure;
+ break;
+ }
+
+ ++threadCount;
+ }
+ PZ_Unlock(qLock);
return rv;
}
-#define DESTROY_CONDVAR(name) if (name) { \
- PZ_DestroyCondVar(name); name = NULL; }
-#define DESTROY_LOCK(name) if (name) { \
- PZ_DestroyLock(name); name = NULL; }
-
+#define DESTROY_CONDVAR(name) \
+ if (name) { \
+ PZ_DestroyCondVar(name); \
+ name = NULL; \
+ }
+#define DESTROY_LOCK(name) \
+ if (name) { \
+ PZ_DestroyLock(name); \
+ name = NULL; \
+ }
void
terminateWorkerThreads(void)
@@ -712,11 +726,11 @@ terminateWorkerThreads(void)
PZ_Lock(qLock);
PZ_NotifyAllCondVar(jobQNotEmptyCv);
while (threadCount > 0) {
- PZ_WaitCondVar(threadCountChangeCv, PR_INTERVAL_NO_TIMEOUT);
+ PZ_WaitCondVar(threadCountChangeCv, PR_INTERVAL_NO_TIMEOUT);
}
/* The worker threads empty the jobQ before they terminate. */
PORT_Assert(PR_CLIST_IS_EMPTY(&jobQ));
- PZ_Unlock(qLock);
+ PZ_Unlock(qLock);
DESTROY_CONDVAR(jobQNotEmptyCv);
DESTROY_CONDVAR(freeListNotEmptyCv);
@@ -728,7 +742,7 @@ terminateWorkerThreads(void)
PR_Free(threads);
}
-static void
+static void
logger(void *arg)
{
PRFloat64 seconds;
@@ -747,12 +761,12 @@ logger(void *arg)
previousOps = loggerOps;
previousTime = PR_IntervalNow();
-
+
for (;;) {
- /* OK, implementing a new sleep algorithm here... always sleep
+ /* OK, implementing a new sleep algorithm here... always sleep
* for 1 second but print out info at the user-specified interval.
- * This way, we don't overflow all of our PR_Atomic* functions and
- * we don't have to use locks.
+ * This way, we don't overflow all of our PR_Atomic* functions and
+ * we don't have to use locks.
*/
PR_Sleep(logPeriodTicks);
secondsElapsed++;
@@ -762,13 +776,13 @@ logger(void *arg)
continue;
}
/* when we reach the user-specified logging interval, print out all
- * data
+ * data
*/
secondsElapsed = 0;
latestTime = PR_IntervalNow();
ops = loggerOps;
period = latestTime - previousTime;
- seconds = (PRFloat64) period*secondsPerTick;
+ seconds = (PRFloat64)period * secondsPerTick;
opsPerSec = (ops - previousOps) / seconds;
if (testBulk) {
@@ -780,17 +794,17 @@ logger(void *arg)
}
}
if (loggingLayer == PR_TRUE) {
- printf("%4.d %5.3f MB/s %5.3f MB/s\n", ops,
- totalPeriodBytes / (seconds * 1048576.0),
- totalPeriodBytesTCP / (seconds * 1048576.0));
+ printf("%4.d %5.3f MB/s %5.3f MB/s\n", ops,
+ totalPeriodBytes / (seconds * 1048576.0),
+ totalPeriodBytesTCP / (seconds * 1048576.0));
} else {
- printf("%4.d %5.3f MB/s\n", ops,
- totalPeriodBytes / (seconds * 1048576.0));
+ printf("%4.d %5.3f MB/s\n", ops,
+ totalPeriodBytes / (seconds * 1048576.0));
}
totalPeriodBytes = 0;
totalPeriodBytesTCP = 0;
/* Print the "legend" every 20 iterations */
- iterations = (iterations + 1) % 20;
+ iterations = (iterations + 1) % 20;
} else {
printf("%.2f ops/second, %d threads\n", opsPerSec, threadCount);
}
@@ -804,32 +818,30 @@ logger(void *arg)
}
}
-
/**************************************************************************
** End thread management routines.
**************************************************************************/
-PRBool useModelSocket = PR_FALSE;
+PRBool useModelSocket = PR_FALSE;
static SSLVersionRange enabledVersions;
PRBool disableRollBack = PR_FALSE;
-PRBool NoReuse = PR_FALSE;
-PRBool hasSidCache = PR_FALSE;
+PRBool NoReuse = PR_FALSE;
+PRBool hasSidCache = PR_FALSE;
PRBool disableStepDown = PR_FALSE;
-PRBool bypassPKCS11 = PR_FALSE;
-PRBool disableLocking = PR_FALSE;
-PRBool testbypass = PR_FALSE;
+PRBool bypassPKCS11 = PR_FALSE;
+PRBool disableLocking = PR_FALSE;
+PRBool testbypass = PR_FALSE;
PRBool enableSessionTickets = PR_FALSE;
-PRBool enableCompression = PR_FALSE;
-PRBool failedToNegotiateName = PR_FALSE;
+PRBool enableCompression = PR_FALSE;
+PRBool failedToNegotiateName = PR_FALSE;
PRBool enableExtendedMasterSecret = PR_FALSE;
-static char *virtServerNameArray[MAX_VIRT_SERVER_NAME_ARRAY_INDEX];
-static int virtServerNameIndex = 1;
-
+static char *virtServerNameArray[MAX_VIRT_SERVER_NAME_ARRAY_INDEX];
+static int virtServerNameIndex = 1;
static const char stopCmd[] = { "GET /stop " };
-static const char getCmd[] = { "GET " };
-static const char EOFmsg[] = { "EOF\r\n\r\n\r\n" };
+static const char getCmd[] = { "GET " };
+static const char EOFmsg[] = { "EOF\r\n\r\n\r\n" };
static const char outHeader[] = {
"HTTP/1.0 200 OK\r\n"
"Server: Generic Web Server\r\n"
@@ -837,7 +849,7 @@ static const char outHeader[] = {
"Content-type: text/plain\r\n"
"\r\n"
};
-static const char crlCacheErr[] = { "CRL ReCache Error: " };
+static const char crlCacheErr[] = { "CRL ReCache Error: " };
PRUint16 cipherlist[100];
int nciphers;
@@ -845,33 +857,32 @@ int nciphers;
void
savecipher(int c)
{
- if (nciphers < sizeof cipherlist / sizeof (cipherlist[0]))
- cipherlist[nciphers++] = (PRUint16)c;
+ if (nciphers < sizeof cipherlist / sizeof(cipherlist[0]))
+ cipherlist[nciphers++] = (PRUint16)c;
}
-
#ifdef FULL_DUPLEX_CAPABLE
struct lockedVarsStr {
- PZLock * lock;
- int count;
- int waiters;
- PZCondVar * condVar;
+ PZLock *lock;
+ int count;
+ int waiters;
+ PZCondVar *condVar;
};
typedef struct lockedVarsStr lockedVars;
-void
-lockedVars_Init( lockedVars * lv)
+void
+lockedVars_Init(lockedVars *lv)
{
- lv->count = 0;
+ lv->count = 0;
lv->waiters = 0;
- lv->lock = PZ_NewLock(nssILockSelfServ);
+ lv->lock = PZ_NewLock(nssILockSelfServ);
lv->condVar = PZ_NewCondVar(lv->lock);
}
void
-lockedVars_Destroy( lockedVars * lv)
+lockedVars_Destroy(lockedVars *lv)
{
PZ_DestroyCondVar(lv->condVar);
lv->condVar = NULL;
@@ -881,24 +892,24 @@ lockedVars_Destroy( lockedVars * lv)
}
void
-lockedVars_WaitForDone(lockedVars * lv)
+lockedVars_WaitForDone(lockedVars *lv)
{
PZ_Lock(lv->lock);
while (lv->count > 0) {
- PZ_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
+ PZ_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
}
PZ_Unlock(lv->lock);
}
-int /* returns count */
-lockedVars_AddToCount(lockedVars * lv, int addend)
+int /* returns count */
+ lockedVars_AddToCount(lockedVars *lv, int addend)
{
int rv;
PZ_Lock(lv->lock);
rv = lv->count += addend;
if (rv <= 0) {
- PZ_NotifyCondVar(lv->condVar);
+ PZ_NotifyCondVar(lv->condVar);
}
PZ_Unlock(lv->lock);
return rv;
@@ -906,28 +917,27 @@ lockedVars_AddToCount(lockedVars * lv, int addend)
int
do_writes(
- PRFileDesc * ssl_sock,
- PRFileDesc * model_sock,
- int requestCert
- )
+ PRFileDesc *ssl_sock,
+ PRFileDesc *model_sock,
+ int requestCert)
{
- int sent = 0;
- int count = 0;
- lockedVars * lv = (lockedVars *)model_sock;
+ int sent = 0;
+ int count = 0;
+ lockedVars *lv = (lockedVars *)model_sock;
VLOG(("selfserv: do_writes: starting"));
while (sent < bigBuf.len) {
- count = PR_Write(ssl_sock, bigBuf.data + sent, bigBuf.len - sent);
- if (count < 0) {
- errWarn("PR_Write bigBuf");
- break;
- }
- FPRINTF(stderr, "selfserv: PR_Write wrote %d bytes from bigBuf\n", count );
- sent += count;
+ count = PR_Write(ssl_sock, bigBuf.data + sent, bigBuf.len - sent);
+ if (count < 0) {
+ errWarn("PR_Write bigBuf");
+ break;
+ }
+ FPRINTF(stderr, "selfserv: PR_Write wrote %d bytes from bigBuf\n", count);
+ sent += count;
}
- if (count >= 0) { /* last write didn't fail. */
- PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND);
+ if (count >= 0) { /* last write didn't fail. */
+ PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND);
}
/* notify the reader that we're done. */
@@ -937,64 +947,62 @@ do_writes(
return (sent < bigBuf.len) ? SECFailure : SECSuccess;
}
-static int
+static int
handle_fdx_connection(
- PRFileDesc * tcp_sock,
- PRFileDesc * model_sock,
- int requestCert
- )
+ PRFileDesc *tcp_sock,
+ PRFileDesc *model_sock,
+ int requestCert)
{
- PRFileDesc * ssl_sock = NULL;
- SECStatus result;
- int firstTime = 1;
- lockedVars lv;
+ PRFileDesc *ssl_sock = NULL;
+ SECStatus result;
+ int firstTime = 1;
+ lockedVars lv;
PRSocketOptionData opt;
- char buf[10240];
-
+ char buf[10240];
VLOG(("selfserv: handle_fdx_connection: starting"));
- opt.option = PR_SockOpt_Nonblocking;
+ opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
PR_SetSocketOption(tcp_sock, &opt);
if (useModelSocket && model_sock) {
- SECStatus rv;
- ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
- if (!ssl_sock) {
- errWarn("SSL_ImportFD with model");
- goto cleanup;
- }
- rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 1);
- if (rv != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- goto cleanup;
- }
+ SECStatus rv;
+ ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
+ if (!ssl_sock) {
+ errWarn("SSL_ImportFD with model");
+ goto cleanup;
+ }
+ rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 1);
+ if (rv != SECSuccess) {
+ errWarn("SSL_ResetHandshake");
+ goto cleanup;
+ }
} else {
- ssl_sock = tcp_sock;
+ ssl_sock = tcp_sock;
}
lockedVars_Init(&lv);
lockedVars_AddToCount(&lv, 1);
/* Attempt to launch the writer thread. */
- result = launch_thread(do_writes, ssl_sock, (PRFileDesc *)&lv,
+ result = launch_thread(do_writes, ssl_sock, (PRFileDesc *)&lv,
requestCert);
- if (result == SECSuccess)
- do {
- /* do reads here. */
- int count;
- count = PR_Read(ssl_sock, buf, sizeof buf);
- if (count < 0) {
- errWarn("FDX PR_Read");
- break;
- }
- FPRINTF(stderr, "selfserv: FDX PR_Read read %d bytes.\n", count );
- if (firstTime) {
- firstTime = 0;
- printSecurityInfo(ssl_sock);
- }
- } while (lockedVars_AddToCount(&lv, 0) > 0);
+ if (result == SECSuccess)
+ do {
+ /* do reads here. */
+ int count;
+ count = PR_Read(ssl_sock, buf, sizeof buf);
+ if (count < 0) {
+ errWarn("FDX PR_Read");
+ break;
+ }
+ FPRINTF(stderr, "selfserv: FDX PR_Read read %d bytes.\n", count);
+ if (firstTime) {
+ firstTime = 0;
+ printSecurityInfo(ssl_sock);
+ }
+ } while (lockedVars_AddToCount(&lv, 0) > 0);
/* Wait for writer to finish */
lockedVars_WaitForDone(&lv);
@@ -1003,9 +1011,9 @@ handle_fdx_connection(
cleanup:
if (ssl_sock) {
- PR_Close(ssl_sock);
+ PR_Close(ssl_sock);
} else if (tcp_sock) {
- PR_Close(tcp_sock);
+ PR_Close(tcp_sock);
}
VLOG(("selfserv: handle_fdx_connection: exiting"));
@@ -1054,13 +1062,14 @@ reload_crl(PRFileDesc *crlFile)
lastLoadedCrl = tempItem;
}
- loser:
+loser:
PR_Unlock(lastLoadedCrlLock);
SECITEM_FreeItem(crlDer, PR_TRUE);
return rv;
}
-void stop_server()
+void
+stop_server()
{
stopping = 1;
PR_Interrupt(acceptorThread);
@@ -1074,13 +1083,13 @@ makeTryLaterOCSPResponse(PLArenaPool *arena)
SECItem *ocspResponse = NULL;
ocspResponse = CERT_CreateEncodedOCSPErrorResponse(arena,
- SEC_ERROR_OCSP_TRY_SERVER_LATER);
+ SEC_ERROR_OCSP_TRY_SERVER_LATER);
if (!ocspResponse)
- errExit("cannot created ocspResponse");
+ errExit("cannot created ocspResponse");
result = SECITEM_AllocArray(arena, NULL, 1);
if (!result)
- errExit("cannot allocate multiOcspResponses");
+ errExit("cannot allocate multiOcspResponses");
result->items[0].data = ocspResponse->data;
result->items[0].len = ocspResponse->len;
@@ -1096,11 +1105,11 @@ makeCorruptedOCSPResponse(PLArenaPool *arena)
ocspResponse = SECITEM_AllocItem(arena, NULL, 1);
if (!ocspResponse)
- errExit("cannot created ocspResponse");
+ errExit("cannot created ocspResponse");
result = SECITEM_AllocArray(arena, NULL, 1);
if (!result)
- errExit("cannot allocate multiOcspResponses");
+ errExit("cannot allocate multiOcspResponses");
result->items[0].data = ocspResponse->data;
result->items[0].len = ocspResponse->len;
@@ -1110,7 +1119,7 @@ makeCorruptedOCSPResponse(PLArenaPool *arena)
SECItemArray *
makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm,
- CERTCertificate *cert, secuPWData *pwdata)
+ CERTCertificate *cert, secuPWData *pwdata)
{
SECItemArray *result = NULL;
SECItem *ocspResponse = NULL;
@@ -1125,59 +1134,61 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm,
ca = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), ocspStaplingCA);
if (!ca)
- errExit("cannot find CA");
+ errExit("cannot find CA");
cid = CERT_CreateOCSPCertID(cert, now);
if (!cid)
- errExit("cannot created cid");
+ errExit("cannot created cid");
- nextUpdate = now + (PRTime)60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */
+ nextUpdate = now + (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC; /* plus 1 day */
switch (osm) {
- case osm_good:
- case osm_badsig:
- sr = CERT_CreateOCSPSingleResponseGood(arena, cid, now,
- &nextUpdate);
- break;
- case osm_unknown:
- sr = CERT_CreateOCSPSingleResponseUnknown(arena, cid, now,
- &nextUpdate);
- break;
- case osm_revoked:
- sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now,
- &nextUpdate,
- now - (PRTime)60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */
- NULL);
- break;
- default:
- PORT_Assert(0);
- break;
+ case osm_good:
+ case osm_badsig:
+ sr = CERT_CreateOCSPSingleResponseGood(arena, cid, now,
+ &nextUpdate);
+ break;
+ case osm_unknown:
+ sr = CERT_CreateOCSPSingleResponseUnknown(arena, cid, now,
+ &nextUpdate);
+ break;
+ case osm_revoked:
+ sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now,
+ &nextUpdate,
+ now - (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC, /* minus 1 day */
+ NULL);
+ break;
+ default:
+ PORT_Assert(0);
+ break;
}
if (!sr)
- errExit("cannot create sr");
+ errExit("cannot create sr");
/* meaning of value 2: one entry + one end marker */
- singleResponses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2);
+ singleResponses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
if (singleResponses == NULL)
- errExit("cannot allocate singleResponses");
+ errExit("cannot allocate singleResponses");
singleResponses[0] = sr;
singleResponses[1] = NULL;
ocspResponse = CERT_CreateEncodedOCSPSuccessResponse(arena,
- (osm == osm_badsig) ? NULL : ca,
- ocspResponderID_byName, now, singleResponses,
- &pwdata);
+ (osm == osm_badsig)
+ ? NULL
+ : ca,
+ ocspResponderID_byName, now, singleResponses,
+ &pwdata);
if (!ocspResponse)
- errExit("cannot created ocspResponse");
+ errExit("cannot created ocspResponse");
CERT_DestroyCertificate(ca);
ca = NULL;
result = SECITEM_AllocArray(arena, NULL, 1);
if (!result)
- errExit("cannot allocate multiOcspResponses");
+ errExit("cannot allocate multiOcspResponses");
result->items[0].data = ocspResponse->data;
result->items[0].len = ocspResponse->len;
@@ -1190,109 +1201,122 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm,
void
setupCertStatus(PLArenaPool *arena, enum ocspStaplingModeEnum ocspStaplingMode,
- CERTCertificate *cert, SSLKEAType kea, secuPWData *pwdata)
+ CERTCertificate *cert, SSLKEAType kea, secuPWData *pwdata)
{
if (ocspStaplingMode == osm_random) {
- /* 6 different responses */
- int r = rand() % 6;
- switch (r) {
- case 0: ocspStaplingMode = osm_good; break;
- case 1: ocspStaplingMode = osm_revoked; break;
- case 2: ocspStaplingMode = osm_unknown; break;
- case 3: ocspStaplingMode = osm_badsig; break;
- case 4: ocspStaplingMode = osm_corrupted; break;
- case 5: ocspStaplingMode = osm_failure; break;
- default: PORT_Assert(0); break;
- }
+ /* 6 different responses */
+ int r = rand() % 6;
+ switch (r) {
+ case 0:
+ ocspStaplingMode = osm_good;
+ break;
+ case 1:
+ ocspStaplingMode = osm_revoked;
+ break;
+ case 2:
+ ocspStaplingMode = osm_unknown;
+ break;
+ case 3:
+ ocspStaplingMode = osm_badsig;
+ break;
+ case 4:
+ ocspStaplingMode = osm_corrupted;
+ break;
+ case 5:
+ ocspStaplingMode = osm_failure;
+ break;
+ default:
+ PORT_Assert(0);
+ break;
+ }
}
if (ocspStaplingMode != osm_disabled) {
- SECItemArray *multiOcspResponses = NULL;
- switch (ocspStaplingMode) {
- case osm_good:
- case osm_revoked:
- case osm_unknown:
- case osm_badsig:
- multiOcspResponses =
- makeSignedOCSPResponse(arena, ocspStaplingMode, cert,
- pwdata);
- break;
- case osm_corrupted:
- multiOcspResponses = makeCorruptedOCSPResponse(arena);
- break;
- case osm_failure:
- multiOcspResponses = makeTryLaterOCSPResponse(arena);
- break;
- case osm_ocsp:
- errExit("stapling mode \"ocsp\" not implemented");
- break;
- break;
- default:
- break;
- }
- if (multiOcspResponses) {
- certStatus[kea] = multiOcspResponses;
- }
- }
+ SECItemArray *multiOcspResponses = NULL;
+ switch (ocspStaplingMode) {
+ case osm_good:
+ case osm_revoked:
+ case osm_unknown:
+ case osm_badsig:
+ multiOcspResponses =
+ makeSignedOCSPResponse(arena, ocspStaplingMode, cert,
+ pwdata);
+ break;
+ case osm_corrupted:
+ multiOcspResponses = makeCorruptedOCSPResponse(arena);
+ break;
+ case osm_failure:
+ multiOcspResponses = makeTryLaterOCSPResponse(arena);
+ break;
+ case osm_ocsp:
+ errExit("stapling mode \"ocsp\" not implemented");
+ break;
+ break;
+ default:
+ break;
+ }
+ if (multiOcspResponses) {
+ certStatus[kea] = multiOcspResponses;
+ }
+ }
}
int
-handle_connection(
+handle_connection(
PRFileDesc *tcp_sock,
PRFileDesc *model_sock,
- int requestCert
- )
+ int requestCert)
{
- PRFileDesc * ssl_sock = NULL;
- PRFileDesc * local_file_fd = NULL;
- char * post;
- char * pBuf; /* unused space at end of buf */
- const char * errString;
- PRStatus status;
- int bufRem; /* unused bytes at end of buf */
- int bufDat; /* characters received in buf */
- int newln = 0; /* # of consecutive newlns */
- int firstTime = 1;
- int reqLen;
- int rv;
- int numIOVs;
+ PRFileDesc *ssl_sock = NULL;
+ PRFileDesc *local_file_fd = NULL;
+ char *post;
+ char *pBuf; /* unused space at end of buf */
+ const char *errString;
+ PRStatus status;
+ int bufRem; /* unused bytes at end of buf */
+ int bufDat; /* characters received in buf */
+ int newln = 0; /* # of consecutive newlns */
+ int firstTime = 1;
+ int reqLen;
+ int rv;
+ int numIOVs;
PRSocketOptionData opt;
- PRIOVec iovs[16];
- char msgBuf[160];
- char buf[10240];
- char fileName[513];
- char proto[128];
- PRDescIdentity aboveLayer = PR_INVALID_IO_LAYER;
- SSLKEAType kea;
-
- pBuf = buf;
+ PRIOVec iovs[16];
+ char msgBuf[160];
+ char buf[10240];
+ char fileName[513];
+ char proto[128];
+ PRDescIdentity aboveLayer = PR_INVALID_IO_LAYER;
+ SSLKEAType kea;
+
+ pBuf = buf;
bufRem = sizeof buf;
VLOG(("selfserv: handle_connection: starting"));
- opt.option = PR_SockOpt_Nonblocking;
+ opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
PR_SetSocketOption(tcp_sock, &opt);
VLOG(("selfserv: handle_connection: starting\n"));
if (useModelSocket && model_sock) {
- SECStatus rv;
- ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
- if (!ssl_sock) {
- errWarn("SSL_ImportFD with model");
- goto cleanup;
- }
- rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 1);
- if (rv != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- goto cleanup;
- }
+ SECStatus rv;
+ ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
+ if (!ssl_sock) {
+ errWarn("SSL_ImportFD with model");
+ goto cleanup;
+ }
+ rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 1);
+ if (rv != SECSuccess) {
+ errWarn("SSL_ResetHandshake");
+ goto cleanup;
+ }
} else {
- ssl_sock = tcp_sock;
+ ssl_sock = tcp_sock;
}
for (kea = kt_rsa; kea < kt_kea_size; kea++) {
- if (certStatus[kea] != NULL) {
- SSL_SetStapledOCSPResponses(ssl_sock, certStatus[kea], kea);
- }
+ if (certStatus[kea] != NULL) {
+ SSL_SetStapledOCSPResponses(ssl_sock, certStatus[kea], kea);
+ }
}
if (loggingLayer) {
@@ -1313,254 +1337,255 @@ handle_connection(
}
if (noDelay) {
- opt.option = PR_SockOpt_NoDelay;
- opt.value.no_delay = PR_TRUE;
- status = PR_SetSocketOption(ssl_sock, &opt);
- if (status != PR_SUCCESS) {
- errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
+ opt.option = PR_SockOpt_NoDelay;
+ opt.value.no_delay = PR_TRUE;
+ status = PR_SetSocketOption(ssl_sock, &opt);
+ if (status != PR_SUCCESS) {
+ errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
if (ssl_sock) {
- PR_Close(ssl_sock);
+ PR_Close(ssl_sock);
}
- return SECFailure;
- }
+ return SECFailure;
+ }
}
while (1) {
- newln = 0;
- reqLen = 0;
- rv = PR_Read(ssl_sock, pBuf, bufRem - 1);
- if (rv == 0 ||
- (rv < 0 && PR_END_OF_FILE_ERROR == PR_GetError())) {
- if (verbose)
- errWarn("HDX PR_Read hit EOF");
- break;
- }
- if (rv < 0) {
- errWarn("HDX PR_Read");
- goto cleanup;
- }
- /* NULL termination */
- pBuf[rv] = 0;
- if (firstTime) {
- firstTime = 0;
- printSecurityInfo(ssl_sock);
- }
-
- pBuf += rv;
- bufRem -= rv;
- bufDat = pBuf - buf;
- /* Parse the input, starting at the beginning of the buffer.
- * Stop when we detect two consecutive \n's (or \r\n's)
- * as this signifies the end of the GET or POST portion.
- * The posted data follows.
- */
- while (reqLen < bufDat && newln < 2) {
- int octet = buf[reqLen++];
- if (octet == '\n') {
- newln++;
- } else if (octet != '\r') {
- newln = 0;
- }
- }
-
- /* came to the end of the buffer, or second newln
- * If we didn't get an empty line (CRLFCRLF) then keep on reading.
- */
- if (newln < 2)
- continue;
-
- /* we're at the end of the HTTP request.
- * If the request is a POST, then there will be one more
- * line of data.
- * This parsing is a hack, but ok for SSL test purposes.
- */
- post = PORT_Strstr(buf, "POST ");
- if (!post || *post != 'P')
- break;
-
- /* It's a post, so look for the next and final CR/LF. */
- /* We should parse content length here, but ... */
- while (reqLen < bufDat && newln < 3) {
- int octet = buf[reqLen++];
- if (octet == '\n') {
- newln++;
- }
- }
- if (newln == 3)
- break;
+ newln = 0;
+ reqLen = 0;
+ rv = PR_Read(ssl_sock, pBuf, bufRem - 1);
+ if (rv == 0 ||
+ (rv < 0 && PR_END_OF_FILE_ERROR == PR_GetError())) {
+ if (verbose)
+ errWarn("HDX PR_Read hit EOF");
+ break;
+ }
+ if (rv < 0) {
+ errWarn("HDX PR_Read");
+ goto cleanup;
+ }
+ /* NULL termination */
+ pBuf[rv] = 0;
+ if (firstTime) {
+ firstTime = 0;
+ printSecurityInfo(ssl_sock);
+ }
+
+ pBuf += rv;
+ bufRem -= rv;
+ bufDat = pBuf - buf;
+ /* Parse the input, starting at the beginning of the buffer.
+ * Stop when we detect two consecutive \n's (or \r\n's)
+ * as this signifies the end of the GET or POST portion.
+ * The posted data follows.
+ */
+ while (reqLen < bufDat && newln < 2) {
+ int octet = buf[reqLen++];
+ if (octet == '\n') {
+ newln++;
+ } else if (octet != '\r') {
+ newln = 0;
+ }
+ }
+
+ /* came to the end of the buffer, or second newln
+ * If we didn't get an empty line (CRLFCRLF) then keep on reading.
+ */
+ if (newln < 2)
+ continue;
+
+ /* we're at the end of the HTTP request.
+ * If the request is a POST, then there will be one more
+ * line of data.
+ * This parsing is a hack, but ok for SSL test purposes.
+ */
+ post = PORT_Strstr(buf, "POST ");
+ if (!post || *post != 'P')
+ break;
+
+ /* It's a post, so look for the next and final CR/LF. */
+ /* We should parse content length here, but ... */
+ while (reqLen < bufDat && newln < 3) {
+ int octet = buf[reqLen++];
+ if (octet == '\n') {
+ newln++;
+ }
+ }
+ if (newln == 3)
+ break;
} /* read loop */
bufDat = pBuf - buf;
- if (bufDat) do { /* just close if no data */
- /* Have either (a) a complete get, (b) a complete post, (c) EOF */
- if (reqLen > 0 && !strncmp(buf, getCmd, sizeof getCmd - 1)) {
- char * fnBegin = buf + 4;
- char * fnEnd;
- PRFileInfo info;
- /* try to open the file named.
- * If successful, then write it to the client.
- */
- fnEnd = strpbrk(fnBegin, " \r\n");
- if (fnEnd) {
- int fnLen = fnEnd - fnBegin;
- if (fnLen < sizeof fileName) {
- char *real_fileName = fileName;
- char *protoEnd = NULL;
- strncpy(fileName, fnBegin, fnLen);
- fileName[fnLen] = 0; /* null terminate */
- if ((protoEnd = strstr(fileName, "://")) != NULL) {
- int protoLen = PR_MIN(protoEnd - fileName, sizeof(proto) - 1);
- PL_strncpy(proto, fileName, protoLen);
- proto[protoLen] = 0;
- real_fileName= protoEnd + 3;
- } else {
- proto[0] = 0;
+ if (bufDat)
+ do { /* just close if no data */
+ /* Have either (a) a complete get, (b) a complete post, (c) EOF */
+ if (reqLen > 0 && !strncmp(buf, getCmd, sizeof getCmd - 1)) {
+ char *fnBegin = buf + 4;
+ char *fnEnd;
+ PRFileInfo info;
+ /* try to open the file named.
+ * If successful, then write it to the client.
+ */
+ fnEnd = strpbrk(fnBegin, " \r\n");
+ if (fnEnd) {
+ int fnLen = fnEnd - fnBegin;
+ if (fnLen < sizeof fileName) {
+ char *real_fileName = fileName;
+ char *protoEnd = NULL;
+ strncpy(fileName, fnBegin, fnLen);
+ fileName[fnLen] = 0; /* null terminate */
+ if ((protoEnd = strstr(fileName, "://")) != NULL) {
+ int protoLen = PR_MIN(protoEnd - fileName, sizeof(proto) - 1);
+ PL_strncpy(proto, fileName, protoLen);
+ proto[protoLen] = 0;
+ real_fileName = protoEnd + 3;
+ } else {
+ proto[0] = 0;
+ }
+ status = PR_GetFileInfo(real_fileName, &info);
+ if (status == PR_SUCCESS &&
+ info.type == PR_FILE_FILE &&
+ info.size >= 0) {
+ local_file_fd = PR_Open(real_fileName, PR_RDONLY, 0);
+ }
}
- status = PR_GetFileInfo(real_fileName, &info);
- if (status == PR_SUCCESS &&
- info.type == PR_FILE_FILE &&
- info.size >= 0 ) {
- local_file_fd = PR_Open(real_fileName, PR_RDONLY, 0);
- }
- }
- }
- }
- /* if user has requested client auth in a subsequent handshake,
- * do it here.
- */
- if (requestCert > 2) { /* request cert was 3 or 4 */
- CERTCertificate * cert = SSL_PeerCertificate(ssl_sock);
- if (cert) {
- CERT_DestroyCertificate(cert);
- } else {
- rv = SSL_OptionSet(ssl_sock, SSL_REQUEST_CERTIFICATE, 1);
- if (rv < 0) {
- errWarn("second SSL_OptionSet SSL_REQUEST_CERTIFICATE");
- break;
- }
- rv = SSL_OptionSet(ssl_sock, SSL_REQUIRE_CERTIFICATE,
- (requestCert == 4));
- if (rv < 0) {
- errWarn("second SSL_OptionSet SSL_REQUIRE_CERTIFICATE");
- break;
- }
- rv = SSL_ReHandshake(ssl_sock, PR_TRUE);
- if (rv != 0) {
- errWarn("SSL_ReHandshake");
- break;
- }
- rv = SSL_ForceHandshake(ssl_sock);
- if (rv < 0) {
- errWarn("SSL_ForceHandshake");
- break;
- }
- }
- }
-
- numIOVs = 0;
-
- iovs[numIOVs].iov_base = (char *)outHeader;
- iovs[numIOVs].iov_len = (sizeof(outHeader)) - 1;
- numIOVs++;
-
- if (local_file_fd) {
- PRInt32 bytes;
- int errLen;
- if (!PL_strlen(proto) || !PL_strcmp(proto, "file")) {
- bytes = PR_TransmitFile(ssl_sock, local_file_fd, outHeader,
- sizeof outHeader - 1,
- PR_TRANSMITFILE_KEEP_OPEN,
- PR_INTERVAL_NO_TIMEOUT);
- if (bytes >= 0) {
- bytes -= sizeof outHeader - 1;
- FPRINTF(stderr,
- "selfserv: PR_TransmitFile wrote %d bytes from %s\n",
- bytes, fileName);
- break;
}
- errString = errWarn("PR_TransmitFile");
- errLen = PORT_Strlen(errString);
- errLen = PR_MIN(errLen, sizeof msgBuf - 1);
- PORT_Memcpy(msgBuf, errString, errLen);
- msgBuf[errLen] = 0;
-
- iovs[numIOVs].iov_base = msgBuf;
- iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
- numIOVs++;
}
- if (!PL_strcmp(proto, "crl")) {
- if (reload_crl(local_file_fd) == SECFailure) {
- errString = errWarn("CERT_CacheCRL");
- if (!errString)
- errString = "Unknow error";
- PR_snprintf(msgBuf, sizeof(msgBuf), "%s%s ",
- crlCacheErr, errString);
-
- iovs[numIOVs].iov_base = msgBuf;
- iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
- numIOVs++;
+ /* if user has requested client auth in a subsequent handshake,
+ * do it here.
+ */
+ if (requestCert > 2) { /* request cert was 3 or 4 */
+ CERTCertificate *cert = SSL_PeerCertificate(ssl_sock);
+ if (cert) {
+ CERT_DestroyCertificate(cert);
} else {
- FPRINTF(stderr,
- "selfserv: CRL %s reloaded.\n",
- fileName);
- break;
+ rv = SSL_OptionSet(ssl_sock, SSL_REQUEST_CERTIFICATE, 1);
+ if (rv < 0) {
+ errWarn("second SSL_OptionSet SSL_REQUEST_CERTIFICATE");
+ break;
+ }
+ rv = SSL_OptionSet(ssl_sock, SSL_REQUIRE_CERTIFICATE,
+ (requestCert == 4));
+ if (rv < 0) {
+ errWarn("second SSL_OptionSet SSL_REQUIRE_CERTIFICATE");
+ break;
+ }
+ rv = SSL_ReHandshake(ssl_sock, PR_TRUE);
+ if (rv != 0) {
+ errWarn("SSL_ReHandshake");
+ break;
+ }
+ rv = SSL_ForceHandshake(ssl_sock);
+ if (rv < 0) {
+ errWarn("SSL_ForceHandshake");
+ break;
+ }
}
}
- } else if (reqLen <= 0) { /* hit eof */
- PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n",
- bufDat);
-
- iovs[numIOVs].iov_base = msgBuf;
- iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
- numIOVs++;
- } else if (reqLen < bufDat) {
- PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n",
- bufDat - reqLen);
-
- iovs[numIOVs].iov_base = msgBuf;
- iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
- numIOVs++;
- }
-
- if (reqLen > 0) {
- if (verbose > 1)
- fwrite(buf, 1, reqLen, stdout); /* display it */
-
- iovs[numIOVs].iov_base = buf;
- iovs[numIOVs].iov_len = reqLen;
- numIOVs++;
- }
-
- /* Don't add the EOF if we want to test bulk encryption */
- if (!testBulk) {
- iovs[numIOVs].iov_base = (char *)EOFmsg;
- iovs[numIOVs].iov_len = sizeof EOFmsg - 1;
+
+ numIOVs = 0;
+
+ iovs[numIOVs].iov_base = (char *)outHeader;
+ iovs[numIOVs].iov_len = (sizeof(outHeader)) - 1;
numIOVs++;
- }
- rv = PR_Writev(ssl_sock, iovs, numIOVs, PR_INTERVAL_NO_TIMEOUT);
- if (rv < 0) {
- errWarn("PR_Writev");
- break;
- }
+ if (local_file_fd) {
+ PRInt32 bytes;
+ int errLen;
+ if (!PL_strlen(proto) || !PL_strcmp(proto, "file")) {
+ bytes = PR_TransmitFile(ssl_sock, local_file_fd, outHeader,
+ sizeof outHeader - 1,
+ PR_TRANSMITFILE_KEEP_OPEN,
+ PR_INTERVAL_NO_TIMEOUT);
+ if (bytes >= 0) {
+ bytes -= sizeof outHeader - 1;
+ FPRINTF(stderr,
+ "selfserv: PR_TransmitFile wrote %d bytes from %s\n",
+ bytes, fileName);
+ break;
+ }
+ errString = errWarn("PR_TransmitFile");
+ errLen = PORT_Strlen(errString);
+ errLen = PR_MIN(errLen, sizeof msgBuf - 1);
+ PORT_Memcpy(msgBuf, errString, errLen);
+ msgBuf[errLen] = 0;
- /* Send testBulkTotal chunks to the client. Unlimited if 0. */
- if (testBulk) {
- while (0 < (rv = PR_Write(ssl_sock, testBulkBuf, testBulkSize))) {
- PR_ATOMIC_ADD(&loggerBytes, rv);
- PR_ATOMIC_INCREMENT(&bulkSentChunks);
- if ((bulkSentChunks > testBulkTotal) && (testBulkTotal != 0))
- break;
+ iovs[numIOVs].iov_base = msgBuf;
+ iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+ numIOVs++;
+ }
+ if (!PL_strcmp(proto, "crl")) {
+ if (reload_crl(local_file_fd) == SECFailure) {
+ errString = errWarn("CERT_CacheCRL");
+ if (!errString)
+ errString = "Unknow error";
+ PR_snprintf(msgBuf, sizeof(msgBuf), "%s%s ",
+ crlCacheErr, errString);
+
+ iovs[numIOVs].iov_base = msgBuf;
+ iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+ numIOVs++;
+ } else {
+ FPRINTF(stderr,
+ "selfserv: CRL %s reloaded.\n",
+ fileName);
+ break;
+ }
+ }
+ } else if (reqLen <= 0) { /* hit eof */
+ PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n",
+ bufDat);
+
+ iovs[numIOVs].iov_base = msgBuf;
+ iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+ numIOVs++;
+ } else if (reqLen < bufDat) {
+ PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n",
+ bufDat - reqLen);
+
+ iovs[numIOVs].iov_base = msgBuf;
+ iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+ numIOVs++;
}
- /* There was a write error, so close this connection. */
- if (bulkSentChunks <= testBulkTotal) {
- errWarn("PR_Write");
+ if (reqLen > 0) {
+ if (verbose > 1)
+ fwrite(buf, 1, reqLen, stdout); /* display it */
+
+ iovs[numIOVs].iov_base = buf;
+ iovs[numIOVs].iov_len = reqLen;
+ numIOVs++;
+ }
+
+ /* Don't add the EOF if we want to test bulk encryption */
+ if (!testBulk) {
+ iovs[numIOVs].iov_base = (char *)EOFmsg;
+ iovs[numIOVs].iov_len = sizeof EOFmsg - 1;
+ numIOVs++;
}
- PR_ATOMIC_DECREMENT(&loggerOps);
- break;
- }
- } while (0);
+
+ rv = PR_Writev(ssl_sock, iovs, numIOVs, PR_INTERVAL_NO_TIMEOUT);
+ if (rv < 0) {
+ errWarn("PR_Writev");
+ break;
+ }
+
+ /* Send testBulkTotal chunks to the client. Unlimited if 0. */
+ if (testBulk) {
+ while (0 < (rv = PR_Write(ssl_sock, testBulkBuf, testBulkSize))) {
+ PR_ATOMIC_ADD(&loggerBytes, rv);
+ PR_ATOMIC_INCREMENT(&bulkSentChunks);
+ if ((bulkSentChunks > testBulkTotal) && (testBulkTotal != 0))
+ break;
+ }
+
+ /* There was a write error, so close this connection. */
+ if (bulkSentChunks <= testBulkTotal) {
+ errWarn("PR_Write");
+ }
+ PR_ATOMIC_DECREMENT(&loggerOps);
+ break;
+ }
+ } while (0);
cleanup:
if (ssl_sock) {
@@ -1569,7 +1594,7 @@ cleanup:
PR_Close(tcp_sock);
}
if (local_file_fd)
- PR_Close(local_file_fd);
+ PR_Close(local_file_fd);
VLOG(("selfserv: handle_connection: exiting\n"));
/* do a nice shutdown if asked. */
@@ -1578,12 +1603,13 @@ cleanup:
stop_server();
}
VLOG(("selfserv: handle_connection: exiting"));
- return SECSuccess; /* success */
+ return SECSuccess; /* success */
}
#ifdef XP_UNIX
-void sigusr1_handler(int sig)
+void
+sigusr1_handler(int sig)
{
VLOG(("selfserv: sigusr1_handler: stop server"));
stop_server();
@@ -1595,17 +1621,16 @@ SECStatus
do_accepts(
PRFileDesc *listen_sock,
PRFileDesc *model_sock,
- int requestCert
- )
+ int requestCert)
{
- PRNetAddr addr;
- PRErrorCode perr;
+ PRNetAddr addr;
+ PRErrorCode perr;
#ifdef XP_UNIX
struct sigaction act;
#endif
VLOG(("selfserv: do_accepts: starting"));
- PR_SetThreadPriority( PR_GetCurrentThread(), PR_PRIORITY_HIGH);
+ PR_SetThreadPriority(PR_GetCurrentThread(), PR_PRIORITY_HIGH);
acceptorThread = PR_GetCurrentThread();
#ifdef XP_UNIX
@@ -1619,25 +1644,26 @@ do_accepts(
}
#endif
while (!stopping) {
- PRFileDesc *tcp_sock;
- PRCList *myLink;
-
- FPRINTF(stderr, "\n\n\nselfserv: About to call accept.\n");
- tcp_sock = PR_Accept(listen_sock, &addr, PR_INTERVAL_NO_TIMEOUT);
- if (tcp_sock == NULL) {
- perr = PR_GetError();
- if ((perr != PR_CONNECT_RESET_ERROR &&
- perr != PR_PENDING_INTERRUPT_ERROR) || verbose) {
- errWarn("PR_Accept");
- }
- if (perr == PR_CONNECT_RESET_ERROR) {
- FPRINTF(stderr,
- "Ignoring PR_CONNECT_RESET_ERROR error - continue\n");
- continue;
- }
- stopping = 1;
- break;
- }
+ PRFileDesc *tcp_sock;
+ PRCList *myLink;
+
+ FPRINTF(stderr, "\n\n\nselfserv: About to call accept.\n");
+ tcp_sock = PR_Accept(listen_sock, &addr, PR_INTERVAL_NO_TIMEOUT);
+ if (tcp_sock == NULL) {
+ perr = PR_GetError();
+ if ((perr != PR_CONNECT_RESET_ERROR &&
+ perr != PR_PENDING_INTERRUPT_ERROR) ||
+ verbose) {
+ errWarn("PR_Accept");
+ }
+ if (perr == PR_CONNECT_RESET_ERROR) {
+ FPRINTF(stderr,
+ "Ignoring PR_CONNECT_RESET_ERROR error - continue\n");
+ continue;
+ }
+ stopping = 1;
+ break;
+ }
VLOG(("selfserv: do_accept: Got connection\n"));
@@ -1645,32 +1671,32 @@ do_accepts(
PR_ATOMIC_INCREMENT(&loggerOps);
}
- PZ_Lock(qLock);
- while (PR_CLIST_IS_EMPTY(&freeJobs) && !stopping) {
+ PZ_Lock(qLock);
+ while (PR_CLIST_IS_EMPTY(&freeJobs) && !stopping) {
PZ_WaitCondVar(freeListNotEmptyCv, PR_INTERVAL_NO_TIMEOUT);
- }
- if (stopping) {
- PZ_Unlock(qLock);
+ }
+ if (stopping) {
+ PZ_Unlock(qLock);
if (tcp_sock) {
- PR_Close(tcp_sock);
+ PR_Close(tcp_sock);
}
- break;
- }
- myLink = PR_LIST_HEAD(&freeJobs);
- PR_REMOVE_AND_INIT_LINK(myLink);
- /* could release qLock here and reaquire it 7 lines below, but
- ** why bother for 4 assignment statements?
- */
- {
- JOB * myJob = (JOB *)myLink;
- myJob->tcp_sock = tcp_sock;
- myJob->model_sock = model_sock;
- myJob->requestCert = requestCert;
- }
-
- PR_APPEND_LINK(myLink, &jobQ);
- PZ_NotifyCondVar(jobQNotEmptyCv);
- PZ_Unlock(qLock);
+ break;
+ }
+ myLink = PR_LIST_HEAD(&freeJobs);
+ PR_REMOVE_AND_INIT_LINK(myLink);
+ /* could release qLock here and reaquire it 7 lines below, but
+ ** why bother for 4 assignment statements?
+ */
+ {
+ JOB *myJob = (JOB *)myLink;
+ myJob->tcp_sock = tcp_sock;
+ myJob->model_sock = model_sock;
+ myJob->requestCert = requestCert;
+ }
+
+ PR_APPEND_LINK(myLink, &jobQ);
+ PZ_NotifyCondVar(jobQNotEmptyCv);
+ PZ_Unlock(qLock);
}
FPRINTF(stderr, "selfserv: Closing listen socket.\n");
@@ -1684,19 +1710,19 @@ do_accepts(
PRFileDesc *
getBoundListenSocket(unsigned short port)
{
- PRFileDesc * listen_sock;
- int listenQueueDepth = 5 + (2 * maxThreads);
- PRStatus prStatus;
- PRNetAddr addr;
+ PRFileDesc *listen_sock;
+ int listenQueueDepth = 5 + (2 * maxThreads);
+ PRStatus prStatus;
+ PRNetAddr addr;
PRSocketOptionData opt;
addr.inet.family = PR_AF_INET;
- addr.inet.ip = PR_INADDR_ANY;
- addr.inet.port = PR_htons(port);
+ addr.inet.ip = PR_INADDR_ANY;
+ addr.inet.port = PR_htons(port);
listen_sock = PR_NewTCPSocket();
if (listen_sock == NULL) {
- errExit("PR_NewTCPSocket");
+ errExit("PR_NewTCPSocket");
}
opt.option = PR_SockOpt_Nonblocking;
@@ -1704,15 +1730,15 @@ getBoundListenSocket(unsigned short port)
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
- errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
+ errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
}
- opt.option=PR_SockOpt_Reuseaddr;
+ opt.option = PR_SockOpt_Reuseaddr;
opt.value.reuse_addr = PR_TRUE;
prStatus = PR_SetSocketOption(listen_sock, &opt);
if (prStatus < 0) {
PR_Close(listen_sock);
- errExit("PR_SetSocketOption(PR_SockOpt_Reuseaddr)");
+ errExit("PR_SetSocketOption(PR_SockOpt_Reuseaddr)");
}
#ifndef WIN95
@@ -1721,7 +1747,7 @@ getBoundListenSocket(unsigned short port)
* Don't do it in the WIN95 build configuration because clean shutdown is
* not implemented, and PR_SockOpt_Linger causes a hang in ssl.sh .
* See bug 332348 */
- opt.option=PR_SockOpt_Linger;
+ opt.option = PR_SockOpt_Linger;
opt.value.linger.polarity = PR_TRUE;
opt.value.linger.linger = PR_SecondsToInterval(1);
prStatus = PR_SetSocketOption(listen_sock, &opt);
@@ -1734,74 +1760,75 @@ getBoundListenSocket(unsigned short port)
prStatus = PR_Bind(listen_sock, &addr);
if (prStatus < 0) {
PR_Close(listen_sock);
- errExit("PR_Bind");
+ errExit("PR_Bind");
}
prStatus = PR_Listen(listen_sock, listenQueueDepth);
if (prStatus < 0) {
PR_Close(listen_sock);
- errExit("PR_Listen");
+ errExit("PR_Listen");
}
return listen_sock;
}
-PRInt32 PR_CALLBACK
-logWritev (
- PRFileDesc *fd,
- const PRIOVec *iov,
- PRInt32 size,
- PRIntervalTime timeout )
+PRInt32 PR_CALLBACK
+logWritev(
+ PRFileDesc *fd,
+ const PRIOVec *iov,
+ PRInt32 size,
+ PRIntervalTime timeout)
{
- PRInt32 rv = (fd->lower->methods->writev)(fd->lower, iov, size,
- timeout);
+ PRInt32 rv = (fd->lower->methods->writev)(fd->lower, iov, size,
+ timeout);
/* Add the amount written, but not if there's an error */
- if (rv > 0)
+ if (rv > 0)
PR_ATOMIC_ADD(&loggerBytesTCP, rv);
return rv;
}
-
-PRInt32 PR_CALLBACK
-logWrite (
- PRFileDesc *fd,
- const void *buf,
- PRInt32 amount)
-{
+
+PRInt32 PR_CALLBACK
+logWrite(
+ PRFileDesc *fd,
+ const void *buf,
+ PRInt32 amount)
+{
PRInt32 rv = (fd->lower->methods->write)(fd->lower, buf, amount);
/* Add the amount written, but not if there's an error */
- if (rv > 0)
+ if (rv > 0)
PR_ATOMIC_ADD(&loggerBytesTCP, rv);
-
+
return rv;
}
-PRInt32 PR_CALLBACK
-logSend (
- PRFileDesc *fd,
- const void *buf,
- PRInt32 amount,
- PRIntn flags,
- PRIntervalTime timeout)
+PRInt32 PR_CALLBACK
+logSend(
+ PRFileDesc *fd,
+ const void *buf,
+ PRInt32 amount,
+ PRIntn flags,
+ PRIntervalTime timeout)
{
- PRInt32 rv = (fd->lower->methods->send)(fd->lower, buf, amount,
- flags, timeout);
+ PRInt32 rv = (fd->lower->methods->send)(fd->lower, buf, amount,
+ flags, timeout);
/* Add the amount written, but not if there's an error */
- if (rv > 0)
+ if (rv > 0)
PR_ATOMIC_ADD(&loggerBytesTCP, rv);
return rv;
}
-
-void initLoggingLayer(void)
-{
+
+void
+initLoggingLayer(void)
+{
/* get a new layer ID */
log_layer_id = PR_GetUniqueIdentity("Selfserv Logging");
if (log_layer_id == PR_INVALID_IO_LAYER)
errExit("PR_GetUniqueIdentity");
-
+
/* setup the default IO methods with my custom write methods */
memcpy(&loggingMethods, PR_GetDefaultIOMethods(), sizeof(PRIOMethods));
loggingMethods.writev = logWritev;
- loggingMethods.write = logWrite;
- loggingMethods.send = logSend;
+ loggingMethods.write = logWrite;
+ loggingMethods.send = logSend;
}
void
@@ -1809,8 +1836,8 @@ handshakeCallback(PRFileDesc *fd, void *client_data)
{
const char *handshakeName = (const char *)client_data;
if (handshakeName && !failedToNegotiateName) {
- SECItem *hostInfo = SSL_GetNegotiatedHostInfo(fd);
- if (!hostInfo || PORT_Strncmp(handshakeName, (char*)hostInfo->data,
+ SECItem *hostInfo = SSL_GetNegotiatedHostInfo(fd);
+ if (!hostInfo || PORT_Strncmp(handshakeName, (char *)hostInfo->data,
hostInfo->len)) {
failedToNegotiateName = PR_TRUE;
}
@@ -1819,130 +1846,130 @@ handshakeCallback(PRFileDesc *fd, void *client_data)
void
server_main(
- PRFileDesc * listen_sock,
- int requestCert,
- SECKEYPrivateKey ** privKey,
- CERTCertificate ** cert,
+ PRFileDesc *listen_sock,
+ int requestCert,
+ SECKEYPrivateKey **privKey,
+ CERTCertificate **cert,
const char *expectedHostNameVal)
{
- PRFileDesc *model_sock = NULL;
- int rv;
- SSLKEAType kea;
- SECStatus secStatus;
+ PRFileDesc *model_sock = NULL;
+ int rv;
+ SSLKEAType kea;
+ SECStatus secStatus;
if (useModelSocket) {
- model_sock = PR_NewTCPSocket();
- if (model_sock == NULL) {
- errExit("PR_NewTCPSocket on model socket");
- }
- model_sock = SSL_ImportFD(NULL, model_sock);
- if (model_sock == NULL) {
- errExit("SSL_ImportFD");
- }
+ model_sock = PR_NewTCPSocket();
+ if (model_sock == NULL) {
+ errExit("PR_NewTCPSocket on model socket");
+ }
+ model_sock = SSL_ImportFD(NULL, model_sock);
+ if (model_sock == NULL) {
+ errExit("SSL_ImportFD");
+ }
} else {
- model_sock = listen_sock = SSL_ImportFD(NULL, listen_sock);
- if (listen_sock == NULL) {
- errExit("SSL_ImportFD");
- }
+ model_sock = listen_sock = SSL_ImportFD(NULL, listen_sock);
+ if (listen_sock == NULL) {
+ errExit("SSL_ImportFD");
+ }
}
/* do SSL configuration. */
rv = SSL_OptionSet(model_sock, SSL_SECURITY, enabledVersions.min != 0);
if (rv < 0) {
- errExit("SSL_OptionSet SSL_SECURITY");
+ errExit("SSL_OptionSet SSL_SECURITY");
}
rv = SSL_VersionRangeSet(model_sock, &enabledVersions);
if (rv != SECSuccess) {
- errExit("error setting SSL/TLS version range ");
+ errExit("error setting SSL/TLS version range ");
}
rv = SSL_OptionSet(model_sock, SSL_ROLLBACK_DETECTION, !disableRollBack);
if (rv != SECSuccess) {
- errExit("error enabling RollBack detection ");
+ errExit("error enabling RollBack detection ");
}
if (disableStepDown) {
- rv = SSL_OptionSet(model_sock, SSL_NO_STEP_DOWN, PR_TRUE);
- if (rv != SECSuccess) {
- errExit("error disabling SSL StepDown ");
- }
+ rv = SSL_OptionSet(model_sock, SSL_NO_STEP_DOWN, PR_TRUE);
+ if (rv != SECSuccess) {
+ errExit("error disabling SSL StepDown ");
+ }
}
if (bypassPKCS11) {
- rv = SSL_OptionSet(model_sock, SSL_BYPASS_PKCS11, PR_TRUE);
- if (rv != SECSuccess) {
- errExit("error enabling PKCS11 bypass ");
- }
+ rv = SSL_OptionSet(model_sock, SSL_BYPASS_PKCS11, PR_TRUE);
+ if (rv != SECSuccess) {
+ errExit("error enabling PKCS11 bypass ");
+ }
}
if (disableLocking) {
- rv = SSL_OptionSet(model_sock, SSL_NO_LOCKS, PR_TRUE);
- if (rv != SECSuccess) {
- errExit("error disabling SSL socket locking ");
- }
- }
+ rv = SSL_OptionSet(model_sock, SSL_NO_LOCKS, PR_TRUE);
+ if (rv != SECSuccess) {
+ errExit("error disabling SSL socket locking ");
+ }
+ }
if (enableSessionTickets) {
- rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
- if (rv != SECSuccess) {
- errExit("error enabling Session Ticket extension ");
- }
+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
+ if (rv != SECSuccess) {
+ errExit("error enabling Session Ticket extension ");
+ }
}
if (enableCompression) {
- rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
- if (rv != SECSuccess) {
- errExit("error enabling compression ");
- }
+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
+ if (rv != SECSuccess) {
+ errExit("error enabling compression ");
+ }
}
- if (virtServerNameIndex >1) {
+ if (virtServerNameIndex > 1) {
rv = SSL_SNISocketConfigHook(model_sock, mySSLSNISocketConfig,
- (void*)&virtServerNameArray);
+ (void *)&virtServerNameArray);
if (rv != SECSuccess) {
errExit("error enabling SNI extension ");
}
}
if (configureDHE > -1) {
- rv = SSL_OptionSet(model_sock, SSL_ENABLE_SERVER_DHE, (configureDHE > 0));
+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_SERVER_DHE, (configureDHE > 0));
if (rv != SECSuccess) {
errExit("error configuring server side DHE support");
}
}
if (configureReuseECDHE > -1) {
- rv = SSL_OptionSet(model_sock, SSL_REUSE_SERVER_ECDHE_KEY, (configureReuseECDHE > 0));
+ rv = SSL_OptionSet(model_sock, SSL_REUSE_SERVER_ECDHE_KEY, (configureReuseECDHE > 0));
if (rv != SECSuccess) {
errExit("error configuring server side reuse of ECDHE key");
}
}
if (configureWeakDHE > -1) {
- rv = SSL_EnableWeakDHEPrimeGroup(model_sock, (configureWeakDHE > 0));
+ rv = SSL_EnableWeakDHEPrimeGroup(model_sock, (configureWeakDHE > 0));
if (rv != SECSuccess) {
errExit("error configuring weak DHE prime group");
}
}
- if (enableExtendedMasterSecret) {
+ if (enableExtendedMasterSecret) {
rv = SSL_OptionSet(model_sock, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
- if (rv != SECSuccess) {
- errExit("error enabling extended master secret ");
- }
+ if (rv != SECSuccess) {
+ errExit("error enabling extended master secret ");
+ }
}
for (kea = kt_rsa; kea < kt_kea_size; kea++) {
- if (cert[kea] != NULL) {
- secStatus = SSL_ConfigSecureServer(model_sock,
- cert[kea], privKey[kea], kea);
- if (secStatus != SECSuccess)
- errExit("SSL_ConfigSecureServer");
- }
+ if (cert[kea] != NULL) {
+ secStatus = SSL_ConfigSecureServer(model_sock,
+ cert[kea], privKey[kea], kea);
+ if (secStatus != SECSuccess)
+ errExit("SSL_ConfigSecureServer");
+ }
}
if (bigBuf.data) { /* doing FDX */
- rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1);
- if (rv < 0) {
- errExit("SSL_OptionSet SSL_ENABLE_FDX");
- }
+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1);
+ if (rv < 0) {
+ errExit("SSL_OptionSet SSL_ENABLE_FDX");
+ }
}
if (NoReuse) {
@@ -1956,38 +1983,37 @@ server_main(
* would like it to be. Turn this cipher on.
*/
- secStatus = SSL_CipherPrefSetDefault( TLS_RSA_WITH_NULL_MD5, PR_TRUE);
- if ( secStatus != SECSuccess ) {
- errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5");
+ secStatus = SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE);
+ if (secStatus != SECSuccess) {
+ errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5");
}
if (expectedHostNameVal) {
SSL_HandshakeCallback(model_sock, handshakeCallback,
- (void*)expectedHostNameVal);
+ (void *)expectedHostNameVal);
}
if (requestCert) {
- SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
- (void *)CERT_GetDefaultCertDB());
- if (requestCert <= 2) {
- rv = SSL_OptionSet(model_sock, SSL_REQUEST_CERTIFICATE, 1);
- if (rv < 0) {
- errExit("first SSL_OptionSet SSL_REQUEST_CERTIFICATE");
- }
- rv = SSL_OptionSet(model_sock, SSL_REQUIRE_CERTIFICATE,
- (requestCert == 2));
- if (rv < 0) {
- errExit("first SSL_OptionSet SSL_REQUIRE_CERTIFICATE");
- }
- }
+ SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
+ (void *)CERT_GetDefaultCertDB());
+ if (requestCert <= 2) {
+ rv = SSL_OptionSet(model_sock, SSL_REQUEST_CERTIFICATE, 1);
+ if (rv < 0) {
+ errExit("first SSL_OptionSet SSL_REQUEST_CERTIFICATE");
+ }
+ rv = SSL_OptionSet(model_sock, SSL_REQUIRE_CERTIFICATE,
+ (requestCert == 2));
+ if (rv < 0) {
+ errExit("first SSL_OptionSet SSL_REQUIRE_CERTIFICATE");
+ }
+ }
}
if (MakeCertOK)
- SSL_BadCertHook(model_sock, myBadCertHandler, NULL);
+ SSL_BadCertHook(model_sock, myBadCertHandler, NULL);
/* end of ssl configuration. */
-
/* Now, do the accepting, here in the main thread. */
rv = do_accepts(listen_sock, model_sock, requestCert);
@@ -1998,43 +2024,42 @@ server_main(
PR_Close(model_sock);
}
}
-
}
SECStatus
-readBigFile(const char * fileName)
+readBigFile(const char *fileName)
{
- PRFileInfo info;
- PRStatus status;
- SECStatus rv = SECFailure;
- int count;
- int hdrLen;
+ PRFileInfo info;
+ PRStatus status;
+ SECStatus rv = SECFailure;
+ int count;
+ int hdrLen;
PRFileDesc *local_file_fd = NULL;
status = PR_GetFileInfo(fileName, &info);
if (status == PR_SUCCESS &&
- info.type == PR_FILE_FILE &&
- info.size > 0 &&
- NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) {
-
- hdrLen = PORT_Strlen(outHeader);
- bigBuf.len = hdrLen + info.size;
- bigBuf.data = PORT_Malloc(bigBuf.len + 4095);
- if (!bigBuf.data) {
- errWarn("PORT_Malloc");
- goto done;
- }
-
- PORT_Memcpy(bigBuf.data, outHeader, hdrLen);
-
- count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size);
- if (count != info.size) {
- errWarn("PR_Read local file");
- goto done;
- }
- rv = SECSuccess;
-done:
+ info.type == PR_FILE_FILE &&
+ info.size > 0 &&
+ NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) {
+
+ hdrLen = PORT_Strlen(outHeader);
+ bigBuf.len = hdrLen + info.size;
+ bigBuf.data = PORT_Malloc(bigBuf.len + 4095);
+ if (!bigBuf.data) {
+ errWarn("PORT_Malloc");
+ goto done;
+ }
+
+ PORT_Memcpy(bigBuf.data, outHeader, hdrLen);
+
+ count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size);
+ if (count != info.size) {
+ errWarn("PR_Read local file");
+ goto done;
+ }
+ rv = SECSuccess;
+ done:
if (local_file_fd) {
PR_Close(local_file_fd);
}
@@ -2042,112 +2067,113 @@ done:
return rv;
}
-int numChildren;
-PRProcess * child[MAX_PROCS];
+int numChildren;
+PRProcess *child[MAX_PROCS];
PRProcess *
-haveAChild(int argc, char **argv, PRProcessAttr * attr)
+haveAChild(int argc, char **argv, PRProcessAttr *attr)
{
- PRProcess * newProcess;
+ PRProcess *newProcess;
newProcess = PR_CreateProcess(argv[0], argv, NULL, attr);
if (!newProcess) {
- errWarn("Can't create new process.");
+ errWarn("Can't create new process.");
} else {
- child[numChildren++] = newProcess;
+ child[numChildren++] = newProcess;
}
return newProcess;
}
void
-beAGoodParent(int argc, char **argv, int maxProcs, PRFileDesc * listen_sock)
+beAGoodParent(int argc, char **argv, int maxProcs, PRFileDesc *listen_sock)
{
- PRProcess * newProcess;
- PRProcessAttr * attr;
- int i;
- PRInt32 exitCode;
- PRStatus rv;
+ PRProcess *newProcess;
+ PRProcessAttr *attr;
+ int i;
+ PRInt32 exitCode;
+ PRStatus rv;
rv = PR_SetFDInheritable(listen_sock, PR_TRUE);
if (rv != PR_SUCCESS)
- errExit("PR_SetFDInheritable");
+ errExit("PR_SetFDInheritable");
attr = PR_NewProcessAttr();
if (!attr)
- errExit("PR_NewProcessAttr");
+ errExit("PR_NewProcessAttr");
rv = PR_ProcessAttrSetInheritableFD(attr, listen_sock, inheritableSockName);
if (rv != PR_SUCCESS)
- errExit("PR_ProcessAttrSetInheritableFD");
+ errExit("PR_ProcessAttrSetInheritableFD");
for (i = 0; i < maxProcs; ++i) {
- newProcess = haveAChild(argc, argv, attr);
- if (!newProcess)
- break;
+ newProcess = haveAChild(argc, argv, attr);
+ if (!newProcess)
+ break;
}
rv = PR_SetFDInheritable(listen_sock, PR_FALSE);
if (rv != PR_SUCCESS)
- errExit("PR_SetFDInheritable");
+ errExit("PR_SetFDInheritable");
while (numChildren > 0) {
- newProcess = child[numChildren - 1];
- PR_WaitProcess(newProcess, &exitCode);
- fprintf(stderr, "Child %d exited with exit code %x\n",
- numChildren, exitCode);
- numChildren--;
+ newProcess = child[numChildren - 1];
+ PR_WaitProcess(newProcess, &exitCode);
+ fprintf(stderr, "Child %d exited with exit code %x\n",
+ numChildren, exitCode);
+ numChildren--;
}
exit(0);
}
-#define HEXCHAR_TO_INT(c, i) \
- if (((c) >= '0') && ((c) <= '9')) { \
- i = (c) - '0'; \
- } else if (((c) >= 'a') && ((c) <= 'f')) { \
- i = (c) - 'a' + 10; \
- } else if (((c) >= 'A') && ((c) <= 'F')) { \
- i = (c) - 'A' + 10; \
- } else if ((c) == '\0') { \
- fprintf(stderr, "Invalid length of cipher string (-c :WXYZ).\n"); \
- exit(9); \
- } else { \
- fprintf(stderr, "Non-hex char in cipher string (-c :WXYZ).\n"); \
- exit(9); \
- }
-
-SECStatus enableOCSPStapling(const char* mode)
+#define HEXCHAR_TO_INT(c, i) \
+ if (((c) >= '0') && ((c) <= '9')) { \
+ i = (c) - '0'; \
+ } else if (((c) >= 'a') && ((c) <= 'f')) { \
+ i = (c) - 'a' + 10; \
+ } else if (((c) >= 'A') && ((c) <= 'F')) { \
+ i = (c) - 'A' + 10; \
+ } else if ((c) == '\0') { \
+ fprintf(stderr, "Invalid length of cipher string (-c :WXYZ).\n"); \
+ exit(9); \
+ } else { \
+ fprintf(stderr, "Non-hex char in cipher string (-c :WXYZ).\n"); \
+ exit(9); \
+ }
+
+SECStatus
+enableOCSPStapling(const char *mode)
{
if (!strcmp(mode, "good")) {
- ocspStaplingMode = osm_good;
- return SECSuccess;
+ ocspStaplingMode = osm_good;
+ return SECSuccess;
}
if (!strcmp(mode, "unknown")) {
- ocspStaplingMode = osm_unknown;
- return SECSuccess;
+ ocspStaplingMode = osm_unknown;
+ return SECSuccess;
}
if (!strcmp(mode, "revoked")) {
- ocspStaplingMode = osm_revoked;
- return SECSuccess;
+ ocspStaplingMode = osm_revoked;
+ return SECSuccess;
}
if (!strcmp(mode, "badsig")) {
- ocspStaplingMode = osm_badsig;
- return SECSuccess;
+ ocspStaplingMode = osm_badsig;
+ return SECSuccess;
}
if (!strcmp(mode, "corrupted")) {
- ocspStaplingMode = osm_corrupted;
- return SECSuccess;
+ ocspStaplingMode = osm_corrupted;
+ return SECSuccess;
}
if (!strcmp(mode, "failure")) {
- ocspStaplingMode = osm_failure;
- return SECSuccess;
+ ocspStaplingMode = osm_failure;
+ return SECSuccess;
}
if (!strcmp(mode, "random")) {
- ocspStaplingMode = osm_random;
- return SECSuccess;
+ ocspStaplingMode = osm_random;
+ return SECSuccess;
}
if (!strcmp(mode, "ocsp")) {
- ocspStaplingMode = osm_ocsp;
- return SECSuccess;
+ ocspStaplingMode = osm_ocsp;
+ return SECSuccess;
}
return SECFailure;
}
@@ -2155,228 +2181,310 @@ SECStatus enableOCSPStapling(const char* mode)
int
main(int argc, char **argv)
{
- char * progName = NULL;
- char * nickName = NULL;
+ char *progName = NULL;
+ char *nickName = NULL;
#ifndef NSS_DISABLE_ECC
- char * ecNickName = NULL;
+ char *ecNickName = NULL;
#endif
- char * dsaNickName = NULL;
- const char * fileName = NULL;
- char * cipherString= NULL;
- const char * dir = ".";
- char * passwd = NULL;
- char * pwfile = NULL;
- const char * pidFile = NULL;
- char * tmp;
- char * envString;
- PRFileDesc * listen_sock;
- CERTCertificate * cert [kt_kea_size] = { NULL };
- SECKEYPrivateKey * privKey[kt_kea_size] = { NULL };
- int optionsFound = 0;
- int maxProcs = 1;
- unsigned short port = 0;
- SECStatus rv;
- PRStatus prStatus;
- PRBool bindOnly = PR_FALSE;
- PRBool useExportPolicy = PR_FALSE;
- PRBool useLocalThreads = PR_FALSE;
- PLOptState *optstate;
- PLOptStatus status;
- PRThread *loggerThread = NULL;
- PRBool debugCache = PR_FALSE; /* bug 90518 */
- char emptyString[] = { "" };
- char* certPrefix = emptyString;
- PRUint32 protos = 0;
- SSL3Statistics *ssl3stats;
- PRUint32 i;
- secuPWData pwdata = { PW_NONE, 0 };
- char *expectedHostNameVal = NULL;
- PLArenaPool *certStatusArena = NULL;
+ char *dsaNickName = NULL;
+ const char *fileName = NULL;
+ char *cipherString = NULL;
+ const char *dir = ".";
+ char *passwd = NULL;
+ char *pwfile = NULL;
+ const char *pidFile = NULL;
+ char *tmp;
+ char *envString;
+ PRFileDesc *listen_sock;
+ CERTCertificate *cert[kt_kea_size] = { NULL };
+ SECKEYPrivateKey *privKey[kt_kea_size] = { NULL };
+ int optionsFound = 0;
+ int maxProcs = 1;
+ unsigned short port = 0;
+ SECStatus rv;
+ PRStatus prStatus;
+ PRBool bindOnly = PR_FALSE;
+ PRBool useExportPolicy = PR_FALSE;
+ PRBool useLocalThreads = PR_FALSE;
+ PLOptState *optstate;
+ PLOptStatus status;
+ PRThread *loggerThread = NULL;
+ PRBool debugCache = PR_FALSE; /* bug 90518 */
+ char emptyString[] = { "" };
+ char *certPrefix = emptyString;
+ PRUint32 protos = 0;
+ SSL3Statistics *ssl3stats;
+ PRUint32 i;
+ secuPWData pwdata = { PW_NONE, 0 };
+ char *expectedHostNameVal = NULL;
+ PLArenaPool *certStatusArena = NULL;
tmp = strrchr(argv[0], '/');
tmp = tmp ? tmp + 1 : argv[0];
progName = strrchr(tmp, '\\');
progName = progName ? progName + 1 : tmp;
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
/* please keep this list of options in ASCII collating sequence.
- ** numbers, then capital letters, then lower case, alphabetical.
+ ** numbers, then capital letters, then lower case, alphabetical.
*/
- optstate = PL_CreateOptState(argc, argv,
- "2:A:BC:DEGH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz");
+ optstate = PL_CreateOptState(argc, argv,
+ "2:A:BC:DEGH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- ++optionsFound;
- switch(optstate->option) {
- case '2': fileName = optstate->value; break;
-
- case 'A': ocspStaplingCA = PORT_Strdup(optstate->value); break;
-
- case 'B': bypassPKCS11 = PR_TRUE; break;
-
- case 'C': if (optstate->value) NumSidCacheEntries = PORT_Atoi(optstate->value); break;
-
- case 'D': noDelay = PR_TRUE; break;
- case 'E': disableStepDown = PR_TRUE; break;
- case 'H': configureDHE = (PORT_Atoi(optstate->value) != 0); break;
-
- case 'G': enableExtendedMasterSecret = PR_TRUE; break;
-
- case 'I': /* reserved for OCSP multi-stapling */ break;
-
- case 'L':
- logStats = PR_TRUE;
- if (optstate->value == NULL) {
- logPeriod = 30;
- } else {
- logPeriod = PORT_Atoi(optstate->value);
- if (logPeriod <= 0) logPeriod = 30;
- }
- break;
-
- case 'M':
- maxProcs = PORT_Atoi(optstate->value);
- if (maxProcs < 1) maxProcs = 1;
- if (maxProcs > MAX_PROCS) maxProcs = MAX_PROCS;
- break;
-
- case 'N': NoReuse = PR_TRUE; break;
-
- case 'R': disableRollBack = PR_TRUE; break;
-
- case 'S': dsaNickName = PORT_Strdup(optstate->value); break;
+ ++optionsFound;
+ switch (optstate->option) {
+ case '2':
+ fileName = optstate->value;
+ break;
+
+ case 'A':
+ ocspStaplingCA = PORT_Strdup(optstate->value);
+ break;
+
+ case 'B':
+ bypassPKCS11 = PR_TRUE;
+ break;
+
+ case 'C':
+ if (optstate->value)
+ NumSidCacheEntries = PORT_Atoi(optstate->value);
+ break;
+
+ case 'D':
+ noDelay = PR_TRUE;
+ break;
+ case 'E':
+ disableStepDown = PR_TRUE;
+ break;
+ case 'H':
+ configureDHE = (PORT_Atoi(optstate->value) != 0);
+ break;
+
+ case 'G':
+ enableExtendedMasterSecret = PR_TRUE;
+ break;
+
+ case 'I': /* reserved for OCSP multi-stapling */
+ break;
+
+ case 'L':
+ logStats = PR_TRUE;
+ if (optstate->value == NULL) {
+ logPeriod = 30;
+ } else {
+ logPeriod = PORT_Atoi(optstate->value);
+ if (logPeriod <= 0)
+ logPeriod = 30;
+ }
+ break;
+
+ case 'M':
+ maxProcs = PORT_Atoi(optstate->value);
+ if (maxProcs < 1)
+ maxProcs = 1;
+ if (maxProcs > MAX_PROCS)
+ maxProcs = MAX_PROCS;
+ break;
+
+ case 'N':
+ NoReuse = PR_TRUE;
+ break;
+
+ case 'R':
+ disableRollBack = PR_TRUE;
+ break;
+
+ case 'S':
+ dsaNickName = PORT_Strdup(optstate->value);
+ break;
+
+ case 'T':
+ if (enableOCSPStapling(optstate->value) != SECSuccess) {
+ fprintf(stderr, "Invalid OCSP stapling mode.\n");
+ fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+ exit(53);
+ }
+ break;
- case 'T':
- if (enableOCSPStapling(optstate->value) != SECSuccess) {
- fprintf(stderr, "Invalid OCSP stapling mode.\n");
- fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
- exit(53);
- }
- break;
+ case 'U':
+ configureReuseECDHE = (PORT_Atoi(optstate->value) != 0);
+ break;
- case 'U': configureReuseECDHE = (PORT_Atoi(optstate->value) != 0); break;
+ case 'V':
+ if (SECU_ParseSSLVersionRangeString(optstate->value,
+ enabledVersions, &enabledVersions) !=
+ SECSuccess) {
+ Usage(progName);
+ }
+ break;
- case 'V': if (SECU_ParseSSLVersionRangeString(optstate->value,
- enabledVersions, &enabledVersions) != SECSuccess) {
- Usage(progName);
- }
- break;
+ case 'W':
+ configureWeakDHE = (PORT_Atoi(optstate->value) != 0);
+ break;
- case 'W': configureWeakDHE = (PORT_Atoi(optstate->value) != 0); break;
+ case 'Y':
+ PrintCipherUsage(progName);
+ exit(0);
+ break;
- case 'Y': PrintCipherUsage(progName); exit(0); break;
-
- case 'a': if (virtServerNameIndex >= MAX_VIRT_SERVER_NAME_ARRAY_INDEX) {
- Usage(progName); break;
- }
- virtServerNameArray[virtServerNameIndex++] =
- PORT_Strdup(optstate->value); break;
+ case 'a':
+ if (virtServerNameIndex >= MAX_VIRT_SERVER_NAME_ARRAY_INDEX) {
+ Usage(progName);
+ break;
+ }
+ virtServerNameArray[virtServerNameIndex++] =
+ PORT_Strdup(optstate->value);
+ break;
- case 'b': bindOnly = PR_TRUE; break;
+ case 'b':
+ bindOnly = PR_TRUE;
+ break;
- case 'c': cipherString = PORT_Strdup(optstate->value); break;
+ case 'c':
+ cipherString = PORT_Strdup(optstate->value);
+ break;
- case 'd': dir = optstate->value; break;
+ case 'd':
+ dir = optstate->value;
+ break;
#ifndef NSS_DISABLE_ECC
- case 'e': ecNickName = PORT_Strdup(optstate->value); break;
+ case 'e':
+ ecNickName = PORT_Strdup(optstate->value);
+ break;
#endif /* NSS_DISABLE_ECC */
- case 'f':
- pwdata.source = PW_FROMFILE;
- pwdata.data = pwfile = PORT_Strdup(optstate->value);
- break;
-
- case 'g':
- testBulk = PR_TRUE;
- testBulkTotal = PORT_Atoi(optstate->value);
- break;
-
- case 'h': Usage(progName); exit(0); break;
-
- case 'i': pidFile = optstate->value; break;
-
- case 'j':
- initLoggingLayer();
- loggingLayer = PR_TRUE;
- break;
-
- case 'k': expectedHostNameVal = PORT_Strdup(optstate->value);
- break;
-
- case 'l': useLocalThreads = PR_TRUE; break;
-
- case 'm': useModelSocket = PR_TRUE; break;
-
- case 'n': nickName = PORT_Strdup(optstate->value);
- virtServerNameArray[0] = PORT_Strdup(optstate->value);
- break;
-
- case 'P': certPrefix = PORT_Strdup(optstate->value); break;
-
- case 'o': MakeCertOK = 1; break;
-
- case 'p': port = PORT_Atoi(optstate->value); break;
-
- case 'q': testbypass = PR_TRUE; break;
-
- case 'r': ++requestCert; break;
-
- case 's': disableLocking = PR_TRUE; break;
-
- case 't':
- maxThreads = PORT_Atoi(optstate->value);
- if ( maxThreads > MAX_THREADS ) maxThreads = MAX_THREADS;
- if ( maxThreads < MIN_THREADS ) maxThreads = MIN_THREADS;
- break;
-
- case 'u': enableSessionTickets = PR_TRUE; break;
-
- case 'v': verbose++; break;
-
- case 'w':
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = passwd = PORT_Strdup(optstate->value);
- break;
-
- case 'x': useExportPolicy = PR_TRUE; break;
-
- case 'y': debugCache = PR_TRUE; break;
-
- case 'z': enableCompression = PR_TRUE; break;
-
- default:
- case '?':
- fprintf(stderr, "Unrecognized or bad option specified.\n");
- fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
- exit(4);
- break;
- }
+ case 'f':
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = pwfile = PORT_Strdup(optstate->value);
+ break;
+
+ case 'g':
+ testBulk = PR_TRUE;
+ testBulkTotal = PORT_Atoi(optstate->value);
+ break;
+
+ case 'h':
+ Usage(progName);
+ exit(0);
+ break;
+
+ case 'i':
+ pidFile = optstate->value;
+ break;
+
+ case 'j':
+ initLoggingLayer();
+ loggingLayer = PR_TRUE;
+ break;
+
+ case 'k':
+ expectedHostNameVal = PORT_Strdup(optstate->value);
+ break;
+
+ case 'l':
+ useLocalThreads = PR_TRUE;
+ break;
+
+ case 'm':
+ useModelSocket = PR_TRUE;
+ break;
+
+ case 'n':
+ nickName = PORT_Strdup(optstate->value);
+ virtServerNameArray[0] = PORT_Strdup(optstate->value);
+ break;
+
+ case 'P':
+ certPrefix = PORT_Strdup(optstate->value);
+ break;
+
+ case 'o':
+ MakeCertOK = 1;
+ break;
+
+ case 'p':
+ port = PORT_Atoi(optstate->value);
+ break;
+
+ case 'q':
+ testbypass = PR_TRUE;
+ break;
+
+ case 'r':
+ ++requestCert;
+ break;
+
+ case 's':
+ disableLocking = PR_TRUE;
+ break;
+
+ case 't':
+ maxThreads = PORT_Atoi(optstate->value);
+ if (maxThreads > MAX_THREADS)
+ maxThreads = MAX_THREADS;
+ if (maxThreads < MIN_THREADS)
+ maxThreads = MIN_THREADS;
+ break;
+
+ case 'u':
+ enableSessionTickets = PR_TRUE;
+ break;
+
+ case 'v':
+ verbose++;
+ break;
+
+ case 'w':
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = passwd = PORT_Strdup(optstate->value);
+ break;
+
+ case 'x':
+ useExportPolicy = PR_TRUE;
+ break;
+
+ case 'y':
+ debugCache = PR_TRUE;
+ break;
+
+ case 'z':
+ enableCompression = PR_TRUE;
+ break;
+
+ default:
+ case '?':
+ fprintf(stderr, "Unrecognized or bad option specified.\n");
+ fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+ exit(4);
+ break;
+ }
}
PL_DestroyOptState(optstate);
if (status == PL_OPT_BAD) {
- fprintf(stderr, "Unrecognized or bad option specified.\n");
- fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
- exit(5);
+ fprintf(stderr, "Unrecognized or bad option specified.\n");
+ fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+ exit(5);
}
if (!optionsFound) {
- Usage(progName);
- exit(51);
+ Usage(progName);
+ exit(51);
}
switch (ocspStaplingMode) {
- case osm_good:
- case osm_revoked:
- case osm_unknown:
- case osm_random:
- if (!ocspStaplingCA) {
- fprintf(stderr, "Selected stapling response requires the -A parameter.\n");
- fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
- exit(52);
- }
- break;
- default:
- break;
+ case osm_good:
+ case osm_revoked:
+ case osm_unknown:
+ case osm_random:
+ if (!ocspStaplingCA) {
+ fprintf(stderr, "Selected stapling response requires the -A parameter.\n");
+ fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+ exit(52);
+ }
+ break;
+ default:
+ break;
}
/* The -b (bindOnly) option is only used by the ssl.sh test
@@ -2384,45 +2492,45 @@ main(int argc, char **argv)
* process has fully died and freed the port. (Bug 129701)
*/
if (bindOnly) {
- listen_sock = getBoundListenSocket(port);
- if (!listen_sock) {
- exit(1);
- }
+ listen_sock = getBoundListenSocket(port);
+ if (!listen_sock) {
+ exit(1);
+ }
if (listen_sock) {
PR_Close(listen_sock);
}
- exit(0);
+ exit(0);
}
- if ((nickName == NULL)
- && (dsaNickName == NULL)
- #ifndef NSS_DISABLE_ECC
- && (ecNickName == NULL)
- #endif
- ) {
+ if ((nickName == NULL) &&
+ (dsaNickName == NULL)
+#ifndef NSS_DISABLE_ECC
+ && (ecNickName == NULL)
+#endif
+ ) {
- fprintf(stderr, "Required arg '-n' (rsa nickname) not supplied.\n");
- fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+ fprintf(stderr, "Required arg '-n' (rsa nickname) not supplied.\n");
+ fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
exit(6);
}
if (port == 0) {
- fprintf(stderr, "Required argument 'port' must be non-zero value\n");
- exit(7);
+ fprintf(stderr, "Required argument 'port' must be non-zero value\n");
+ exit(7);
}
if (NoReuse && maxProcs > 1) {
- fprintf(stderr, "-M and -N options are mutually exclusive.\n");
- exit(14);
+ fprintf(stderr, "-M and -N options are mutually exclusive.\n");
+ exit(14);
}
if (pidFile) {
- FILE *tmpfile=fopen(pidFile,"w+");
+ FILE *tmpfile = fopen(pidFile, "w+");
- if (tmpfile) {
- fprintf(tmpfile,"%d",getpid());
- fclose(tmpfile);
- }
+ if (tmpfile) {
+ fprintf(tmpfile, "%d", getpid());
+ fclose(tmpfile);
+ }
}
/* allocate and initialize app data for bulk encryption testing */
@@ -2437,59 +2545,59 @@ main(int argc, char **argv)
envString = PR_GetEnvSecure(envVarName);
tmp = PR_GetEnvSecure("TMP");
if (!tmp)
- tmp = PR_GetEnvSecure("TMPDIR");
+ tmp = PR_GetEnvSecure("TMPDIR");
if (!tmp)
- tmp = PR_GetEnvSecure("TEMP");
+ tmp = PR_GetEnvSecure("TEMP");
if (envString) {
- /* we're one of the children in a multi-process server. */
- listen_sock = PR_GetInheritedFD(inheritableSockName);
- if (!listen_sock)
- errExit("PR_GetInheritedFD");
+ /* we're one of the children in a multi-process server. */
+ listen_sock = PR_GetInheritedFD(inheritableSockName);
+ if (!listen_sock)
+ errExit("PR_GetInheritedFD");
#ifndef WINNT
- /* we can't do this on NT because it breaks NSPR and
- PR_Accept will fail on the socket in the child process if
- the socket state is change to non inheritable
- It is however a security issue to leave it accessible,
- but it is OK for a test server such as selfserv.
- NSPR should fix it eventually . see bugzilla 101617
- and 102077
- */
- prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
- if (prStatus != PR_SUCCESS)
- errExit("PR_SetFDInheritable");
+ /* we can't do this on NT because it breaks NSPR and
+ PR_Accept will fail on the socket in the child process if
+ the socket state is change to non inheritable
+ It is however a security issue to leave it accessible,
+ but it is OK for a test server such as selfserv.
+ NSPR should fix it eventually . see bugzilla 101617
+ and 102077
+ */
+ prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
+ if (prStatus != PR_SUCCESS)
+ errExit("PR_SetFDInheritable");
#endif
- rv = SSL_InheritMPServerSIDCache(envString);
- if (rv != SECSuccess)
- errExit("SSL_InheritMPServerSIDCache");
- hasSidCache = PR_TRUE;
+ rv = SSL_InheritMPServerSIDCache(envString);
+ if (rv != SECSuccess)
+ errExit("SSL_InheritMPServerSIDCache");
+ hasSidCache = PR_TRUE;
} else if (maxProcs > 1) {
- /* we're going to be the parent in a multi-process server. */
- listen_sock = getBoundListenSocket(port);
- rv = SSL_ConfigMPServerSIDCache(NumSidCacheEntries, 0, 0, tmp);
- if (rv != SECSuccess)
- errExit("SSL_ConfigMPServerSIDCache");
- hasSidCache = PR_TRUE;
- beAGoodParent(argc, argv, maxProcs, listen_sock);
- exit(99); /* should never get here */
+ /* we're going to be the parent in a multi-process server. */
+ listen_sock = getBoundListenSocket(port);
+ rv = SSL_ConfigMPServerSIDCache(NumSidCacheEntries, 0, 0, tmp);
+ if (rv != SECSuccess)
+ errExit("SSL_ConfigMPServerSIDCache");
+ hasSidCache = PR_TRUE;
+ beAGoodParent(argc, argv, maxProcs, listen_sock);
+ exit(99); /* should never get here */
} else {
- /* we're an ordinary single process server. */
- listen_sock = getBoundListenSocket(port);
- prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
- if (prStatus != PR_SUCCESS)
- errExit("PR_SetFDInheritable");
- if (!NoReuse) {
- rv = SSL_ConfigServerSessionIDCache(NumSidCacheEntries,
- 0, 0, tmp);
- if (rv != SECSuccess)
- errExit("SSL_ConfigServerSessionIDCache");
- hasSidCache = PR_TRUE;
- }
+ /* we're an ordinary single process server. */
+ listen_sock = getBoundListenSocket(port);
+ prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
+ if (prStatus != PR_SUCCESS)
+ errExit("PR_SetFDInheritable");
+ if (!NoReuse) {
+ rv = SSL_ConfigServerSessionIDCache(NumSidCacheEntries,
+ 0, 0, tmp);
+ if (rv != SECSuccess)
+ errExit("SSL_ConfigServerSessionIDCache");
+ hasSidCache = PR_TRUE;
+ }
}
lm = PR_NewLogModule("TestCase");
if (fileName)
- readBigFile(fileName);
+ readBigFile(fileName);
/* set our password function */
PK11_SetPasswordFunc(SECU_GetModulePassword);
@@ -2497,89 +2605,89 @@ main(int argc, char **argv)
/* Call the NSS initialization routines */
rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
if (rv != SECSuccess) {
- fputs("NSS_Init failed.\n", stderr);
- exit(8);
+ fputs("NSS_Init failed.\n", stderr);
+ exit(8);
}
/* set the policy bits true for all the cipher suites. */
if (useExportPolicy) {
- NSS_SetExportPolicy();
- if (disableStepDown) {
- fputs("selfserv: -x and -E options may not be used together\n",
- stderr);
- exit(98);
- }
+ NSS_SetExportPolicy();
+ if (disableStepDown) {
+ fputs("selfserv: -x and -E options may not be used together\n",
+ stderr);
+ exit(98);
+ }
} else {
- NSS_SetDomesticPolicy();
- if (disableStepDown) {
- rv = disableExportSSLCiphers();
- if (rv != SECSuccess) {
- errExit("error disabling export ciphersuites ");
- }
- }
+ NSS_SetDomesticPolicy();
+ if (disableStepDown) {
+ rv = disableExportSSLCiphers();
+ if (rv != SECSuccess) {
+ errExit("error disabling export ciphersuites ");
+ }
+ }
}
/* all SSL3 cipher suites are enabled by default. */
if (cipherString) {
- char *cstringSaved = cipherString;
- int ndx;
+ char *cstringSaved = cipherString;
+ int ndx;
- /* disable all the ciphers, then enable the ones we want. */
- disableAllSSLCiphers();
+ /* disable all the ciphers, then enable the ones we want. */
+ disableAllSSLCiphers();
- while (0 != (ndx = *cipherString++)) {
+ while (0 != (ndx = *cipherString++)) {
int cipher = 0;
- if (ndx == ':') {
- int ctmp;
-
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= (ctmp << 12);
- cipherString++;
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= (ctmp << 8);
- cipherString++;
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= (ctmp << 4);
- cipherString++;
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= ctmp;
- cipherString++;
- } else {
- if (! isalpha(ndx)) {
- fprintf(stderr,
- "Non-alphabetic char in cipher string (-c arg).\n");
- exit(9);
- }
+ if (ndx == ':') {
+ int ctmp;
+
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= (ctmp << 12);
+ cipherString++;
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= (ctmp << 8);
+ cipherString++;
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= (ctmp << 4);
+ cipherString++;
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= ctmp;
+ cipherString++;
+ } else {
+ if (!isalpha(ndx)) {
+ fprintf(stderr,
+ "Non-alphabetic char in cipher string (-c arg).\n");
+ exit(9);
+ }
ndx = tolower(ndx) - 'a';
if (ndx < PR_ARRAY_SIZE(ssl3CipherSuites)) {
cipher = ssl3CipherSuites[ndx];
}
- }
- if (cipher > 0) {
- SECStatus status;
- status = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
- if (status != SECSuccess)
- SECU_PrintError(progName, "SSL_CipherPrefSet()");
- } else {
- fprintf(stderr,
- "Invalid cipher specification (-c arg).\n");
- exit(9);
- }
- }
- PORT_Free(cstringSaved);
+ }
+ if (cipher > 0) {
+ SECStatus status;
+ status = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
+ if (status != SECSuccess)
+ SECU_PrintError(progName, "SSL_CipherPrefSet()");
+ } else {
+ fprintf(stderr,
+ "Invalid cipher specification (-c arg).\n");
+ exit(9);
+ }
+ }
+ PORT_Free(cstringSaved);
}
if (testbypass) {
- const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
- int i = SSL_NumImplementedCiphers;
- PRBool enabled;
-
- for (i=0; i < SSL_NumImplementedCiphers; i++, cipherSuites++) {
- if (SSL_CipherPrefGetDefault(*cipherSuites, &enabled) == SECSuccess
- && enabled)
- savecipher(*cipherSuites);
- }
+ const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
+ int i = SSL_NumImplementedCiphers;
+ PRBool enabled;
+
+ for (i = 0; i < SSL_NumImplementedCiphers; i++, cipherSuites++) {
+ if (SSL_CipherPrefGetDefault(*cipherSuites, &enabled) == SECSuccess &&
+ enabled)
+ savecipher(*cipherSuites);
+ }
protos = 0;
if (enabledVersions.min <= SSL_LIBRARY_VERSION_3_0 &&
enabledVersions.max >= SSL_LIBRARY_VERSION_3_0) {
@@ -2598,115 +2706,116 @@ main(int argc, char **argv)
certStatusArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!certStatusArena)
- errExit("cannot allocate certStatusArena");
+ errExit("cannot allocate certStatusArena");
if (nickName) {
- cert[kt_rsa] = PK11_FindCertFromNickname(nickName, &pwdata);
- if (cert[kt_rsa] == NULL) {
- fprintf(stderr, "selfserv: Can't find certificate %s\n", nickName);
- exit(10);
- }
- privKey[kt_rsa] = PK11_FindKeyByAnyCert(cert[kt_rsa], &pwdata);
- if (privKey[kt_rsa] == NULL) {
- fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n",
- nickName);
- exit(11);
- }
- if (testbypass) {
- PRBool bypassOK;
- if (SSL_CanBypass(cert[kt_rsa], privKey[kt_rsa], protos, cipherlist,
- nciphers, &bypassOK, &pwdata) != SECSuccess) {
- SECU_PrintError(progName, "Bypass test failed %s\n", nickName);
- exit(14);
- }
- fprintf(stderr, "selfserv: %s can%s bypass\n", nickName,
- bypassOK ? "" : "not");
- }
- setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa,
- &pwdata);
+ cert[kt_rsa] = PK11_FindCertFromNickname(nickName, &pwdata);
+ if (cert[kt_rsa] == NULL) {
+ fprintf(stderr, "selfserv: Can't find certificate %s\n", nickName);
+ exit(10);
+ }
+ privKey[kt_rsa] = PK11_FindKeyByAnyCert(cert[kt_rsa], &pwdata);
+ if (privKey[kt_rsa] == NULL) {
+ fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n",
+ nickName);
+ exit(11);
+ }
+ if (testbypass) {
+ PRBool bypassOK;
+ if (SSL_CanBypass(cert[kt_rsa], privKey[kt_rsa], protos, cipherlist,
+ nciphers, &bypassOK, &pwdata) != SECSuccess) {
+ SECU_PrintError(progName, "Bypass test failed %s\n", nickName);
+ exit(14);
+ }
+ fprintf(stderr, "selfserv: %s can%s bypass\n", nickName,
+ bypassOK ? "" : "not");
+ }
+ setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa,
+ &pwdata);
}
if (dsaNickName) {
- /* Investigate if ssl_kea_dh should be changed to ssl_auth_dsa.
- * See bug 102794.*/
- cert[ssl_kea_dh] = PK11_FindCertFromNickname(dsaNickName, &pwdata);
- if (cert[ssl_kea_dh] == NULL) {
- fprintf(stderr, "selfserv: Can't find certificate %s\n", dsaNickName);
- exit(12);
- }
- privKey[ssl_kea_dh] = PK11_FindKeyByAnyCert(cert[ssl_kea_dh], &pwdata);
- if (privKey[ssl_kea_dh] == NULL) {
- fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n",
- dsaNickName);
- exit(11);
- }
- if (testbypass) {
- PRBool bypassOK;
- if (SSL_CanBypass(cert[ssl_kea_dh], privKey[ssl_kea_dh], protos, cipherlist,
- nciphers, &bypassOK, &pwdata) != SECSuccess) {
- SECU_PrintError(progName, "Bypass test failed %s\n", nickName);
- exit(14);
- }
- fprintf(stderr, "selfserv: %s can%s bypass\n", nickName,
- bypassOK ? "" : "not");
- }
- setupCertStatus(certStatusArena, ocspStaplingMode, cert[ssl_kea_dh], ssl_kea_dh,
- &pwdata);
+ /* Investigate if ssl_kea_dh should be changed to ssl_auth_dsa.
+ * See bug 102794.*/
+ cert[ssl_kea_dh] = PK11_FindCertFromNickname(dsaNickName, &pwdata);
+ if (cert[ssl_kea_dh] == NULL) {
+ fprintf(stderr, "selfserv: Can't find certificate %s\n", dsaNickName);
+ exit(12);
+ }
+ privKey[ssl_kea_dh] = PK11_FindKeyByAnyCert(cert[ssl_kea_dh], &pwdata);
+ if (privKey[ssl_kea_dh] == NULL) {
+ fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n",
+ dsaNickName);
+ exit(11);
+ }
+ if (testbypass) {
+ PRBool bypassOK;
+ if (SSL_CanBypass(cert[ssl_kea_dh], privKey[ssl_kea_dh], protos, cipherlist,
+ nciphers, &bypassOK, &pwdata) != SECSuccess) {
+ SECU_PrintError(progName, "Bypass test failed %s\n", nickName);
+ exit(14);
+ }
+ fprintf(stderr, "selfserv: %s can%s bypass\n", nickName,
+ bypassOK ? "" : "not");
+ }
+ setupCertStatus(certStatusArena, ocspStaplingMode, cert[ssl_kea_dh], ssl_kea_dh,
+ &pwdata);
}
#ifndef NSS_DISABLE_ECC
if (ecNickName) {
- cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata);
- if (cert[kt_ecdh] == NULL) {
- fprintf(stderr, "selfserv: Can't find certificate %s\n",
- ecNickName);
- exit(13);
- }
- privKey[kt_ecdh] = PK11_FindKeyByAnyCert(cert[kt_ecdh], &pwdata);
- if (privKey[kt_ecdh] == NULL) {
- fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n",
- ecNickName);
- exit(11);
- }
- if (testbypass) {
- PRBool bypassOK;
- if (SSL_CanBypass(cert[kt_ecdh], privKey[kt_ecdh], protos, cipherlist,
- nciphers, &bypassOK, &pwdata) != SECSuccess) {
- SECU_PrintError(progName, "Bypass test failed %s\n", ecNickName);
- exit(15);
- }
- fprintf(stderr, "selfserv: %s can%s bypass\n", ecNickName,
- bypassOK ? "" : "not");
- }
- setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_ecdh], kt_ecdh,
- &pwdata);
+ cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata);
+ if (cert[kt_ecdh] == NULL) {
+ fprintf(stderr, "selfserv: Can't find certificate %s\n",
+ ecNickName);
+ exit(13);
+ }
+ privKey[kt_ecdh] = PK11_FindKeyByAnyCert(cert[kt_ecdh], &pwdata);
+ if (privKey[kt_ecdh] == NULL) {
+ fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n",
+ ecNickName);
+ exit(11);
+ }
+ if (testbypass) {
+ PRBool bypassOK;
+ if (SSL_CanBypass(cert[kt_ecdh], privKey[kt_ecdh], protos, cipherlist,
+ nciphers, &bypassOK, &pwdata) != SECSuccess) {
+ SECU_PrintError(progName, "Bypass test failed %s\n", ecNickName);
+ exit(15);
+ }
+ fprintf(stderr, "selfserv: %s can%s bypass\n", ecNickName,
+ bypassOK ? "" : "not");
+ }
+ setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_ecdh], kt_ecdh,
+ &pwdata);
}
#endif /* NSS_DISABLE_ECC */
if (testbypass)
- goto cleanup;
+ goto cleanup;
if (configureWeakDHE > 0) {
- fprintf(stderr, "selfserv: Creating dynamic weak DH parameters\n");
- rv = SSL_EnableWeakDHEPrimeGroup(NULL, PR_TRUE);
- fprintf(stderr, "selfserv: Done creating dynamic weak DH parameters\n");
+ fprintf(stderr, "selfserv: Creating dynamic weak DH parameters\n");
+ rv = SSL_EnableWeakDHEPrimeGroup(NULL, PR_TRUE);
+ fprintf(stderr, "selfserv: Done creating dynamic weak DH parameters\n");
}
-
-/* allocate the array of thread slots, and launch the worker threads. */
+ /* allocate the array of thread slots, and launch the worker threads. */
rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads);
if (rv == SECSuccess && logStats) {
- loggerThread = PR_CreateThread(PR_SYSTEM_THREAD,
- logger, NULL, PR_PRIORITY_NORMAL,
- useLocalThreads ? PR_LOCAL_THREAD:PR_GLOBAL_THREAD,
- PR_JOINABLE_THREAD, 0);
- if (loggerThread == NULL) {
- fprintf(stderr, "selfserv: Failed to launch logger thread!\n");
- rv = SECFailure;
- }
+ loggerThread = PR_CreateThread(PR_SYSTEM_THREAD,
+ logger, NULL, PR_PRIORITY_NORMAL,
+ useLocalThreads ?
+ PR_LOCAL_THREAD
+ : PR_GLOBAL_THREAD,
+ PR_JOINABLE_THREAD, 0);
+ if (loggerThread == NULL) {
+ fprintf(stderr, "selfserv: Failed to launch logger thread!\n");
+ rv = SECFailure;
+ }
}
if (rv == SECSuccess) {
- server_main(listen_sock, requestCert, privKey, cert,
+ server_main(listen_sock, requestCert, privKey, cert,
expectedHostNameVal);
}
@@ -2716,8 +2825,8 @@ cleanup:
printSSLStatistics();
ssl3stats = SSL_GetStatistics();
if (ssl3stats->hch_sid_ticket_parse_failures != 0) {
- fprintf(stderr, "selfserv: Experienced ticket parse failure(s)\n");
- exit(1);
+ fprintf(stderr, "selfserv: Experienced ticket parse failure(s)\n");
+ exit(1);
}
if (failedToNegotiateName) {
fprintf(stderr, "selfserv: Failed properly negotiate server name\n");
@@ -2725,22 +2834,22 @@ cleanup:
}
{
- int i;
- for (i=0; i<kt_kea_size; i++) {
- if (cert[i]) {
- CERT_DestroyCertificate(cert[i]);
- }
- if (privKey[i]) {
- SECKEY_DestroyPrivateKey(privKey[i]);
- }
- }
- for (i = 0;virtServerNameArray[i];i++) {
+ int i;
+ for (i = 0; i < kt_kea_size; i++) {
+ if (cert[i]) {
+ CERT_DestroyCertificate(cert[i]);
+ }
+ if (privKey[i]) {
+ SECKEY_DestroyPrivateKey(privKey[i]);
+ }
+ }
+ for (i = 0; virtServerNameArray[i]; i++) {
PORT_Free(virtServerNameArray[i]);
}
}
if (debugCache) {
- nss_DumpCertificateCacheInfo();
+ nss_DumpCertificateCacheInfo();
}
if (nickName) {
PORT_Free(nickName);
@@ -2754,28 +2863,28 @@ cleanup:
if (pwfile) {
PORT_Free(pwfile);
}
- if (certPrefix && certPrefix != emptyString) {
+ if (certPrefix && certPrefix != emptyString) {
PORT_Free(certPrefix);
}
- #ifndef NSS_DISABLE_ECC
+#ifndef NSS_DISABLE_ECC
if (ecNickName) {
PORT_Free(ecNickName);
}
- #endif
+#endif
if (hasSidCache) {
- SSL_ShutdownServerSessionIDCache();
+ SSL_ShutdownServerSessionIDCache();
}
if (certStatusArena) {
- PORT_FreeArena(certStatusArena, PR_FALSE);
+ PORT_FreeArena(certStatusArena, PR_FALSE);
}
if (NSS_Shutdown() != SECSuccess) {
- SECU_PrintError(progName, "NSS_Shutdown");
+ SECU_PrintError(progName, "NSS_Shutdown");
if (loggerThread) {
PR_JoinThread(loggerThread);
}
- PR_Cleanup();
- exit(1);
+ PR_Cleanup();
+ exit(1);
}
PR_Cleanup();
printf("selfserv: normal termination\n");
diff --git a/cmd/shlibsign/mangle/mangle.c b/cmd/shlibsign/mangle/mangle.c
index 3b7c7b918..e58bbee41 100644
--- a/cmd/shlibsign/mangle/mangle.c
+++ b/cmd/shlibsign/mangle/mangle.c
@@ -13,128 +13,127 @@
static PRFileDesc *pr_stderr;
static void
-usage (char *program_name)
+usage(char *program_name)
{
- PR_fprintf (pr_stderr, "Usage:");
- PR_fprintf (pr_stderr, "%s -i shared_library_name -o byte_offset -b bit\n", program_name);
+ PR_fprintf(pr_stderr, "Usage:");
+ PR_fprintf(pr_stderr, "%s -i shared_library_name -o byte_offset -b bit\n", program_name);
}
-
int
-main (int argc, char **argv)
+main(int argc, char **argv)
{
/* buffers and locals */
- PLOptState *optstate;
- char *programName;
- char cbuf;
+ PLOptState *optstate;
+ char *programName;
+ char cbuf;
/* parameter set variables */
- const char *libFile = NULL;
+ const char *libFile = NULL;
int bitOffset = -1;
/* return values */
- int retval = 2; /* 0 - test succeeded.
- * 1 - illegal args
- * 2 - function failed */
+ int retval = 2; /* 0 - test succeeded.
+ * 1 - illegal args
+ * 2 - function failed */
PRFileDesc *fd = NULL;
int bytesRead;
int bytesWritten;
- PROffset32 offset = -1;
- PROffset32 pos;
+ PROffset32 offset = -1;
+ PROffset32 pos;
programName = PL_strrchr(argv[0], '/');
programName = programName ? (programName + 1) : argv[0];
pr_stderr = PR_STDERR;
- optstate = PL_CreateOptState (argc, argv, "i:o:b:");
+ optstate = PL_CreateOptState(argc, argv, "i:o:b:");
if (optstate == NULL) {
- return 1;
+ return 1;
}
- while (PL_GetNextOpt (optstate) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'i':
- libFile = optstate->value;
- break;
+ while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
+ switch (optstate->option) {
+ case 'i':
+ libFile = optstate->value;
+ break;
- case 'o':
- offset = atoi(optstate->value);
- break;
+ case 'o':
+ offset = atoi(optstate->value);
+ break;
- case 'b':
- bitOffset = atoi(optstate->value);
- break;
- }
+ case 'b':
+ bitOffset = atoi(optstate->value);
+ break;
+ }
}
if (libFile == NULL) {
- usage(programName);
- return 1;
+ usage(programName);
+ return 1;
}
if ((bitOffset >= 8) || (bitOffset < 0)) {
- usage(programName);
- return 1;
+ usage(programName);
+ return 1;
}
/* open the target signature file */
- fd = PR_OpenFile(libFile,PR_RDWR,0666);
- if (fd == NULL ) {
- /* lperror(libFile); */
- PR_fprintf(pr_stderr,"Couldn't Open %s\n",libFile);
- goto loser;
+ fd = PR_OpenFile(libFile, PR_RDWR, 0666);
+ if (fd == NULL) {
+ /* lperror(libFile); */
+ PR_fprintf(pr_stderr, "Couldn't Open %s\n", libFile);
+ goto loser;
}
if (offset < 0) { /* convert to positive offset */
- pos = PR_Seek(fd, offset, PR_SEEK_END);
- if (pos == -1) {
- PR_fprintf(pr_stderr,"Seek for read on %s (to %d) failed\n",
- libFile, offset);
- goto loser;
- }
- offset = pos;
+ pos = PR_Seek(fd, offset, PR_SEEK_END);
+ if (pos == -1) {
+ PR_fprintf(pr_stderr, "Seek for read on %s (to %d) failed\n",
+ libFile, offset);
+ goto loser;
+ }
+ offset = pos;
}
/* read the byte */
pos = PR_Seek(fd, offset, PR_SEEK_SET);
if (pos != offset) {
- PR_fprintf(pr_stderr,"Seek for read on %s (to %d) failed\n",
- libFile, offset);
- goto loser;
+ PR_fprintf(pr_stderr, "Seek for read on %s (to %d) failed\n",
+ libFile, offset);
+ goto loser;
}
bytesRead = PR_Read(fd, &cbuf, 1);
if (bytesRead != 1) {
- PR_fprintf(pr_stderr,"Read on %s (to %d) failed\n", libFile, offset);
- goto loser;
+ PR_fprintf(pr_stderr, "Read on %s (to %d) failed\n", libFile, offset);
+ goto loser;
}
- PR_fprintf(pr_stderr,"Changing byte 0x%08x (%d): from %02x (%d) to ",
- offset, offset, (unsigned char)cbuf, (unsigned char)cbuf);
+ PR_fprintf(pr_stderr, "Changing byte 0x%08x (%d): from %02x (%d) to ",
+ offset, offset, (unsigned char)cbuf, (unsigned char)cbuf);
/* change it */
cbuf ^= 1 << bitOffset;
- PR_fprintf(pr_stderr,"%02x (%d)\n",
+ PR_fprintf(pr_stderr, "%02x (%d)\n",
(unsigned char)cbuf, (unsigned char)cbuf);
/* write it back out */
pos = PR_Seek(fd, offset, PR_SEEK_SET);
if (pos != offset) {
- PR_fprintf(pr_stderr,"Seek for write on %s (to %d) failed\n",
- libFile, offset);
- goto loser;
+ PR_fprintf(pr_stderr, "Seek for write on %s (to %d) failed\n",
+ libFile, offset);
+ goto loser;
}
bytesWritten = PR_Write(fd, &cbuf, 1);
if (bytesWritten != 1) {
- PR_fprintf(pr_stderr,"Write on %s (to %d) failed\n", libFile, offset);
- goto loser;
+ PR_fprintf(pr_stderr, "Write on %s (to %d) failed\n", libFile, offset);
+ goto loser;
}
retval = 0;
loser:
if (fd)
- PR_Close(fd);
- PR_Cleanup ();
+ PR_Close(fd);
+ PR_Cleanup();
return retval;
}
diff --git a/cmd/shlibsign/shlibsign.c b/cmd/shlibsign/shlibsign.c
index 63a48367f..6e0a8a6dd 100644
--- a/cmd/shlibsign/shlibsign.c
+++ b/cmd/shlibsign/shlibsign.c
@@ -4,7 +4,7 @@
/*
* shlibsign creates the checksum (.chk) files for the NSS libraries,
- * libsoftokn3/softokn3 and libfreebl/freebl (platforms can have
+ * libsoftokn3/softokn3 and libfreebl/freebl (platforms can have
* multiple freebl variants), that contain the NSS cryptograhic boundary.
*
* The generated .chk files must be put in the same directory as
@@ -49,27 +49,27 @@
/* freebl headers */
#include "shsign.h"
-#define NUM_ELEM(array) (sizeof(array)/sizeof(array[0]))
+#define NUM_ELEM(array) (sizeof(array) / sizeof(array[0]))
CK_BBOOL true = CK_TRUE;
CK_BBOOL false = CK_FALSE;
static PRBool verbose = PR_FALSE;
static void
-usage (const char *program_name)
+usage(const char *program_name)
{
PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
- PR_fprintf (debug_out,
- "type %s -H for more detail information.\n", program_name);
- PR_fprintf (debug_out,
- "Usage: %s [-v] [-V] [-o outfile] [-d dbdir] [-f pwfile]\n"
- " [-F] [-p pwd] -[P dbprefix ] "
- "-i shared_library_name\n",
- program_name);
+ PR_fprintf(debug_out,
+ "type %s -H for more detail information.\n", program_name);
+ PR_fprintf(debug_out,
+ "Usage: %s [-v] [-V] [-o outfile] [-d dbdir] [-f pwfile]\n"
+ " [-F] [-p pwd] -[P dbprefix ] "
+ "-i shared_library_name\n",
+ program_name);
exit(1);
}
-static void
-long_usage(const char *program_name)
+static void
+long_usage(const char *program_name)
{
PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
PR_fprintf(debug_out, "%s test program usage:\n", program_name);
@@ -78,7 +78,7 @@ long_usage(const char *program_name)
PR_fprintf(debug_out, "\t-d <path> database path location\n");
PR_fprintf(debug_out, "\t-P <prefix> database prefix\n");
PR_fprintf(debug_out, "\t-f <file> password File : echo pw > file \n");
- PR_fprintf(debug_out, "\t-F FIPS mode\n");
+ PR_fprintf(debug_out, "\t-F FIPS mode\n");
PR_fprintf(debug_out, "\t-p <pwd> password\n");
PR_fprintf(debug_out, "\t-v verbose output\n");
PR_fprintf(debug_out, "\t-V perform Verify operations\n");
@@ -93,43 +93,44 @@ long_usage(const char *program_name)
exit(1);
}
-static char *
+static char *
mkoutput(const char *input)
{
int in_len = strlen(input);
- char *output = PR_Malloc(in_len+sizeof(SGN_SUFFIX));
- int index = in_len + 1 - sizeof("."SHLIB_SUFFIX);
+ char *output = PR_Malloc(in_len + sizeof(SGN_SUFFIX));
+ int index = in_len + 1 - sizeof("." SHLIB_SUFFIX);
- if ((index > 0) &&
+ if ((index > 0) &&
(PL_strncmp(&input[index],
- "."SHLIB_SUFFIX,sizeof("."SHLIB_SUFFIX)) == 0)) {
+ "." SHLIB_SUFFIX, sizeof("." SHLIB_SUFFIX)) == 0)) {
in_len = index;
}
- memcpy(output,input,in_len);
- memcpy(&output[in_len],SGN_SUFFIX,sizeof(SGN_SUFFIX));
+ memcpy(output, input, in_len);
+ memcpy(&output[in_len], SGN_SUFFIX, sizeof(SGN_SUFFIX));
return output;
}
-static void
-lperror(const char *string) {
+static void
+lperror(const char *string)
+{
PRErrorCode errorcode;
errorcode = PR_GetError();
PR_fprintf(PR_STDERR, "%s: %d: %s\n", string, errorcode,
- PR_ErrorToString(errorcode, PR_LANGUAGE_I_DEFAULT));
+ PR_ErrorToString(errorcode, PR_LANGUAGE_I_DEFAULT));
}
static void
encodeInt(unsigned char *buf, int val)
{
buf[3] = (val >> 0) & 0xff;
- buf[2] = (val >> 8) & 0xff;
+ buf[2] = (val >> 8) & 0xff;
buf[1] = (val >> 16) & 0xff;
buf[0] = (val >> 24) & 0xff;
return;
}
-static PRStatus
+static PRStatus
writeItem(PRFileDesc *fd, CK_VOID_PTR pValue,
CK_ULONG ulValueLen, char *file)
{
@@ -140,8 +141,8 @@ writeItem(PRFileDesc *fd, CK_VOID_PTR pValue,
return PR_FAILURE;
}
- encodeInt(buf,ulValueLen);
- bytesWritten = PR_Write(fd,buf, 4);
+ encodeInt(buf, ulValueLen);
+ bytesWritten = PR_Write(fd, buf, 4);
if (bytesWritten != 4) {
lperror(file);
return PR_FAILURE;
@@ -155,168 +156,169 @@ writeItem(PRFileDesc *fd, CK_VOID_PTR pValue,
}
static const unsigned char prime[] = { 0x00,
- 0x97, 0x44, 0x1d, 0xcc, 0x0d, 0x39, 0x0d, 0x8d,
- 0xcb, 0x75, 0xdc, 0x24, 0x25, 0x6f, 0x01, 0x92,
- 0xa1, 0x11, 0x07, 0x6b, 0x70, 0xac, 0x73, 0xd7,
- 0x82, 0x28, 0xdf, 0xab, 0x82, 0x0c, 0x41, 0x0c,
- 0x95, 0xb3, 0x3c, 0x3d, 0xea, 0x8a, 0xe6, 0x44,
- 0x0a, 0xb8, 0xab, 0x90, 0x15, 0x41, 0x11, 0xe8,
- 0x48, 0x7b, 0x8d, 0xb0, 0x9c, 0xd3, 0xf2, 0x69,
- 0x66, 0xff, 0x66, 0x4b, 0x70, 0x2b, 0xbf, 0xfb,
- 0xd6, 0x68, 0x85, 0x76, 0x1e, 0x34, 0xaa, 0xc5,
- 0x57, 0x6e, 0x23, 0x02, 0x08, 0x60, 0x6e, 0xfd,
- 0x67, 0x76, 0xe1, 0x7c, 0xc8, 0xcb, 0x51, 0x77,
- 0xcf, 0xb1, 0x3b, 0x00, 0x2e, 0xfa, 0x21, 0xcd,
- 0x34, 0x76, 0x75, 0x01, 0x19, 0xfe, 0xf8, 0x5d,
- 0x43, 0xc5, 0x34, 0xf3, 0x7a, 0x95, 0xdc, 0xc2,
- 0x58, 0x07, 0x19, 0x2f, 0x1d, 0x6f, 0x9a, 0x77,
- 0x7e, 0x55, 0xaa, 0xe7, 0x5a, 0x50, 0x43, 0xd3 };
+ 0x97, 0x44, 0x1d, 0xcc, 0x0d, 0x39, 0x0d, 0x8d,
+ 0xcb, 0x75, 0xdc, 0x24, 0x25, 0x6f, 0x01, 0x92,
+ 0xa1, 0x11, 0x07, 0x6b, 0x70, 0xac, 0x73, 0xd7,
+ 0x82, 0x28, 0xdf, 0xab, 0x82, 0x0c, 0x41, 0x0c,
+ 0x95, 0xb3, 0x3c, 0x3d, 0xea, 0x8a, 0xe6, 0x44,
+ 0x0a, 0xb8, 0xab, 0x90, 0x15, 0x41, 0x11, 0xe8,
+ 0x48, 0x7b, 0x8d, 0xb0, 0x9c, 0xd3, 0xf2, 0x69,
+ 0x66, 0xff, 0x66, 0x4b, 0x70, 0x2b, 0xbf, 0xfb,
+ 0xd6, 0x68, 0x85, 0x76, 0x1e, 0x34, 0xaa, 0xc5,
+ 0x57, 0x6e, 0x23, 0x02, 0x08, 0x60, 0x6e, 0xfd,
+ 0x67, 0x76, 0xe1, 0x7c, 0xc8, 0xcb, 0x51, 0x77,
+ 0xcf, 0xb1, 0x3b, 0x00, 0x2e, 0xfa, 0x21, 0xcd,
+ 0x34, 0x76, 0x75, 0x01, 0x19, 0xfe, 0xf8, 0x5d,
+ 0x43, 0xc5, 0x34, 0xf3, 0x7a, 0x95, 0xdc, 0xc2,
+ 0x58, 0x07, 0x19, 0x2f, 0x1d, 0x6f, 0x9a, 0x77,
+ 0x7e, 0x55, 0xaa, 0xe7, 0x5a, 0x50, 0x43, 0xd3 };
static const unsigned char subprime[] = { 0x0,
- 0xd8, 0x16, 0x23, 0x34, 0x8a, 0x9e, 0x3a, 0xf5,
- 0xd9, 0x10, 0x13, 0x35, 0xaa, 0xf3, 0xf3, 0x54,
- 0x0b, 0x31, 0x24, 0xf1 };
-
-static const unsigned char base[] = {
- 0x03, 0x3a, 0xad, 0xfa, 0x3a, 0x0c, 0xea, 0x0a,
- 0x4e, 0x43, 0x32, 0x92, 0xbb, 0x87, 0xf1, 0x11,
- 0xc0, 0xad, 0x39, 0x38, 0x56, 0x1a, 0xdb, 0x23,
- 0x66, 0xb1, 0x08, 0xda, 0xb6, 0x19, 0x51, 0x42,
- 0x93, 0x4f, 0xc3, 0x44, 0x43, 0xa8, 0x05, 0xc1,
- 0xf8, 0x71, 0x62, 0x6f, 0x3d, 0xe2, 0xab, 0x6f,
- 0xd7, 0x80, 0x22, 0x6f, 0xca, 0x0d, 0xf6, 0x9f,
- 0x45, 0x27, 0x83, 0xec, 0x86, 0x0c, 0xda, 0xaa,
- 0xd6, 0xe0, 0xd0, 0x84, 0xfd, 0xb1, 0x4f, 0xdc,
- 0x08, 0xcd, 0x68, 0x3a, 0x77, 0xc2, 0xc5, 0xf1,
- 0x99, 0x0f, 0x15, 0x1b, 0x6a, 0x8c, 0x3d, 0x18,
- 0x2b, 0x6f, 0xdc, 0x2b, 0xd8, 0xb5, 0x9b, 0xb8,
- 0x2d, 0x57, 0x92, 0x1c, 0x46, 0x27, 0xaf, 0x6d,
- 0xe1, 0x45, 0xcf, 0x0b, 0x3f, 0xfa, 0x07, 0xcc,
- 0x14, 0x8e, 0xe7, 0xb8, 0xaa, 0xd5, 0xd1, 0x36,
- 0x1d, 0x7e, 0x5e, 0x7d, 0xfa, 0x5b, 0x77, 0x1f };
+ 0xd8, 0x16, 0x23, 0x34, 0x8a, 0x9e, 0x3a, 0xf5,
+ 0xd9, 0x10, 0x13, 0x35, 0xaa, 0xf3, 0xf3, 0x54,
+ 0x0b, 0x31, 0x24, 0xf1 };
+
+static const unsigned char base[] = {
+ 0x03, 0x3a, 0xad, 0xfa, 0x3a, 0x0c, 0xea, 0x0a,
+ 0x4e, 0x43, 0x32, 0x92, 0xbb, 0x87, 0xf1, 0x11,
+ 0xc0, 0xad, 0x39, 0x38, 0x56, 0x1a, 0xdb, 0x23,
+ 0x66, 0xb1, 0x08, 0xda, 0xb6, 0x19, 0x51, 0x42,
+ 0x93, 0x4f, 0xc3, 0x44, 0x43, 0xa8, 0x05, 0xc1,
+ 0xf8, 0x71, 0x62, 0x6f, 0x3d, 0xe2, 0xab, 0x6f,
+ 0xd7, 0x80, 0x22, 0x6f, 0xca, 0x0d, 0xf6, 0x9f,
+ 0x45, 0x27, 0x83, 0xec, 0x86, 0x0c, 0xda, 0xaa,
+ 0xd6, 0xe0, 0xd0, 0x84, 0xfd, 0xb1, 0x4f, 0xdc,
+ 0x08, 0xcd, 0x68, 0x3a, 0x77, 0xc2, 0xc5, 0xf1,
+ 0x99, 0x0f, 0x15, 0x1b, 0x6a, 0x8c, 0x3d, 0x18,
+ 0x2b, 0x6f, 0xdc, 0x2b, 0xd8, 0xb5, 0x9b, 0xb8,
+ 0x2d, 0x57, 0x92, 0x1c, 0x46, 0x27, 0xaf, 0x6d,
+ 0xe1, 0x45, 0xcf, 0x0b, 0x3f, 0xfa, 0x07, 0xcc,
+ 0x14, 0x8e, 0xe7, 0xb8, 0xaa, 0xd5, 0xd1, 0x36,
+ 0x1d, 0x7e, 0x5e, 0x7d, 0xfa, 0x5b, 0x77, 0x1f
+};
/*
* The constants h, seed, & counter aren't used in the code; they're provided
* here (commented-out) so that human readers can verify that our our PQG
* parameters were generated properly.
-static const unsigned char h[] = {
- 0x41, 0x87, 0x47, 0x79, 0xd8, 0xba, 0x4e, 0xac,
- 0x44, 0x4f, 0x6b, 0xd2, 0x16, 0x5e, 0x04, 0xc6,
- 0xc2, 0x29, 0x93, 0x5e, 0xbd, 0xc7, 0xa9, 0x8f,
- 0x23, 0xa1, 0xc8, 0xee, 0x80, 0x64, 0xd5, 0x67,
- 0x3c, 0xba, 0x59, 0x9a, 0x06, 0x0c, 0xcc, 0x29,
- 0x56, 0xc0, 0xb2, 0x21, 0xe0, 0x5b, 0x52, 0xcd,
- 0x84, 0x73, 0x57, 0xfd, 0xd8, 0xc3, 0x5b, 0x13,
- 0x54, 0xd7, 0x4a, 0x06, 0x86, 0x63, 0x09, 0xa5,
- 0xb0, 0x59, 0xe2, 0x32, 0x9e, 0x09, 0xa3, 0x9f,
- 0x49, 0x62, 0xcc, 0xa6, 0xf9, 0x54, 0xd5, 0xb2,
- 0xc3, 0x08, 0x71, 0x7e, 0xe3, 0x37, 0x50, 0xd6,
- 0x7b, 0xa7, 0xc2, 0x60, 0xc1, 0xeb, 0x51, 0x32,
- 0xfa, 0xad, 0x35, 0x25, 0x17, 0xf0, 0x7f, 0x23,
- 0xe5, 0xa8, 0x01, 0x52, 0xcf, 0x2f, 0xd9, 0xa9,
- 0xf6, 0x00, 0x21, 0x15, 0xf1, 0xf7, 0x70, 0xb7,
+static const unsigned char h[] = {
+ 0x41, 0x87, 0x47, 0x79, 0xd8, 0xba, 0x4e, 0xac,
+ 0x44, 0x4f, 0x6b, 0xd2, 0x16, 0x5e, 0x04, 0xc6,
+ 0xc2, 0x29, 0x93, 0x5e, 0xbd, 0xc7, 0xa9, 0x8f,
+ 0x23, 0xa1, 0xc8, 0xee, 0x80, 0x64, 0xd5, 0x67,
+ 0x3c, 0xba, 0x59, 0x9a, 0x06, 0x0c, 0xcc, 0x29,
+ 0x56, 0xc0, 0xb2, 0x21, 0xe0, 0x5b, 0x52, 0xcd,
+ 0x84, 0x73, 0x57, 0xfd, 0xd8, 0xc3, 0x5b, 0x13,
+ 0x54, 0xd7, 0x4a, 0x06, 0x86, 0x63, 0x09, 0xa5,
+ 0xb0, 0x59, 0xe2, 0x32, 0x9e, 0x09, 0xa3, 0x9f,
+ 0x49, 0x62, 0xcc, 0xa6, 0xf9, 0x54, 0xd5, 0xb2,
+ 0xc3, 0x08, 0x71, 0x7e, 0xe3, 0x37, 0x50, 0xd6,
+ 0x7b, 0xa7, 0xc2, 0x60, 0xc1, 0xeb, 0x51, 0x32,
+ 0xfa, 0xad, 0x35, 0x25, 0x17, 0xf0, 0x7f, 0x23,
+ 0xe5, 0xa8, 0x01, 0x52, 0xcf, 0x2f, 0xd9, 0xa9,
+ 0xf6, 0x00, 0x21, 0x15, 0xf1, 0xf7, 0x70, 0xb7,
0x57, 0x8a, 0xd0, 0x59, 0x6a, 0x82, 0xdc, 0x9c };
static const unsigned char seed[] = { 0x00,
- 0xcc, 0x4c, 0x69, 0x74, 0xf6, 0x72, 0x24, 0x68,
- 0x24, 0x4f, 0xd7, 0x50, 0x11, 0x40, 0x81, 0xed,
- 0x19, 0x3c, 0x8a, 0x25, 0xbc, 0x78, 0x0a, 0x85,
- 0x82, 0x53, 0x70, 0x20, 0xf6, 0x54, 0xa5, 0x1b,
- 0xf4, 0x15, 0xcd, 0xff, 0xc4, 0x88, 0xa7, 0x9d,
- 0xf3, 0x47, 0x1c, 0x0a, 0xbe, 0x10, 0x29, 0x83,
- 0xb9, 0x0f, 0x4c, 0xdf, 0x90, 0x16, 0x83, 0xa2,
- 0xb3, 0xe3, 0x2e, 0xc1, 0xc2, 0x24, 0x6a, 0xc4,
- 0x9d, 0x57, 0xba, 0xcb, 0x0f, 0x18, 0x75, 0x00,
- 0x33, 0x46, 0x82, 0xec, 0xd6, 0x94, 0x77, 0xc3,
- 0x4f, 0x4c, 0x58, 0x1c, 0x7f, 0x61, 0x3c, 0x36,
- 0xd5, 0x2f, 0xa5, 0x66, 0xd8, 0x2f, 0xce, 0x6e,
- 0x8e, 0x20, 0x48, 0x4a, 0xbb, 0xe3, 0xe0, 0xb2,
- 0x50, 0x33, 0x63, 0x8a, 0x5b, 0x2d, 0x6a, 0xbe,
- 0x4c, 0x28, 0x81, 0x53, 0x5b, 0xe4, 0xf6, 0xfc,
+ 0xcc, 0x4c, 0x69, 0x74, 0xf6, 0x72, 0x24, 0x68,
+ 0x24, 0x4f, 0xd7, 0x50, 0x11, 0x40, 0x81, 0xed,
+ 0x19, 0x3c, 0x8a, 0x25, 0xbc, 0x78, 0x0a, 0x85,
+ 0x82, 0x53, 0x70, 0x20, 0xf6, 0x54, 0xa5, 0x1b,
+ 0xf4, 0x15, 0xcd, 0xff, 0xc4, 0x88, 0xa7, 0x9d,
+ 0xf3, 0x47, 0x1c, 0x0a, 0xbe, 0x10, 0x29, 0x83,
+ 0xb9, 0x0f, 0x4c, 0xdf, 0x90, 0x16, 0x83, 0xa2,
+ 0xb3, 0xe3, 0x2e, 0xc1, 0xc2, 0x24, 0x6a, 0xc4,
+ 0x9d, 0x57, 0xba, 0xcb, 0x0f, 0x18, 0x75, 0x00,
+ 0x33, 0x46, 0x82, 0xec, 0xd6, 0x94, 0x77, 0xc3,
+ 0x4f, 0x4c, 0x58, 0x1c, 0x7f, 0x61, 0x3c, 0x36,
+ 0xd5, 0x2f, 0xa5, 0x66, 0xd8, 0x2f, 0xce, 0x6e,
+ 0x8e, 0x20, 0x48, 0x4a, 0xbb, 0xe3, 0xe0, 0xb2,
+ 0x50, 0x33, 0x63, 0x8a, 0x5b, 0x2d, 0x6a, 0xbe,
+ 0x4c, 0x28, 0x81, 0x53, 0x5b, 0xe4, 0xf6, 0xfc,
0x64, 0x06, 0x13, 0x51, 0xeb, 0x4a, 0x91, 0x9c };
static const unsigned int counter=1496;
*/
static const unsigned char prime2[] = { 0x00,
- 0xa4, 0xc2, 0x83, 0x4f, 0x36, 0xd3, 0x4f, 0xae,
- 0xa0, 0xb1, 0x47, 0x43, 0xa8, 0x15, 0xee, 0xad,
- 0xa3, 0x98, 0xa3, 0x29, 0x45, 0xae, 0x5c, 0xd9,
- 0x12, 0x99, 0x09, 0xdc, 0xef, 0x05, 0xb4, 0x98,
- 0x05, 0xaa, 0x07, 0xaa, 0x83, 0x89, 0xd7, 0xba,
- 0xd1, 0x25, 0x56, 0x58, 0xd1, 0x73, 0x3c, 0xd0,
- 0x91, 0x65, 0xbe, 0x27, 0x92, 0x94, 0x86, 0x95,
- 0xdb, 0xcf, 0x07, 0x13, 0xa0, 0x85, 0xd6, 0xaa,
- 0x6c, 0x1d, 0x63, 0xbf, 0xdd, 0xdf, 0xbc, 0x30,
- 0xeb, 0x42, 0x2f, 0x52, 0x11, 0xec, 0x6e, 0x65,
- 0xdf, 0x50, 0xbe, 0x28, 0x3d, 0xa4, 0xec, 0x45,
- 0x19, 0x4c, 0x13, 0x0f, 0x59, 0x74, 0x57, 0x69,
- 0x99, 0x4f, 0x4a, 0x74, 0x7f, 0x8c, 0x9e, 0xa2,
- 0xe7, 0x94, 0xc9, 0x70, 0x70, 0xd0, 0xc4, 0xda,
- 0x49, 0x5b, 0x7a, 0x7d, 0xd9, 0x71, 0x7c, 0x3b,
- 0xdc, 0xd2, 0x8a, 0x74, 0x5f, 0xce, 0x09, 0xa2,
- 0xdb, 0xec, 0xa4, 0xba, 0x75, 0xaa, 0x0a, 0x97,
- 0xa6, 0x82, 0x25, 0x90, 0x90, 0x37, 0xe4, 0x40,
- 0x05, 0x28, 0x8f, 0x98, 0x8e, 0x68, 0x01, 0xaf,
- 0x9b, 0x08, 0x2a, 0x9b, 0xd5, 0xb9, 0x8c, 0x14,
- 0xbf, 0xba, 0xcb, 0x5b, 0xda, 0x4c, 0x95, 0xb8,
- 0xdf, 0x67, 0xa6, 0x6b, 0x76, 0x8c, 0xad, 0x4f,
- 0xfd, 0x6a, 0xd6, 0xcc, 0x62, 0x71, 0x30, 0x30,
- 0xc1, 0x29, 0x84, 0xe4, 0x8e, 0x32, 0x51, 0xb6,
- 0xea, 0xfa, 0xba, 0x00, 0x99, 0x76, 0xea, 0x86,
- 0x90, 0xab, 0x2d, 0xe9, 0xfd, 0x1e, 0x8c, 0xcc,
- 0x3c, 0x2b, 0x5d, 0x13, 0x1b, 0x47, 0xb4, 0xf5,
- 0x09, 0x74, 0x1d, 0xd4, 0x78, 0xb2, 0x42, 0x19,
- 0xd6, 0x24, 0xd1, 0x68, 0xbf, 0x11, 0xf1, 0x38,
- 0xa0, 0x44, 0x9c, 0xc6, 0x51, 0x33, 0xaa, 0x42,
- 0x93, 0x9e, 0x30, 0x58, 0x9e, 0xc0, 0x70, 0xdf,
- 0x7e, 0x64, 0xb1, 0xd8, 0x68, 0x75, 0x98, 0xa7 };
+ 0xa4, 0xc2, 0x83, 0x4f, 0x36, 0xd3, 0x4f, 0xae,
+ 0xa0, 0xb1, 0x47, 0x43, 0xa8, 0x15, 0xee, 0xad,
+ 0xa3, 0x98, 0xa3, 0x29, 0x45, 0xae, 0x5c, 0xd9,
+ 0x12, 0x99, 0x09, 0xdc, 0xef, 0x05, 0xb4, 0x98,
+ 0x05, 0xaa, 0x07, 0xaa, 0x83, 0x89, 0xd7, 0xba,
+ 0xd1, 0x25, 0x56, 0x58, 0xd1, 0x73, 0x3c, 0xd0,
+ 0x91, 0x65, 0xbe, 0x27, 0x92, 0x94, 0x86, 0x95,
+ 0xdb, 0xcf, 0x07, 0x13, 0xa0, 0x85, 0xd6, 0xaa,
+ 0x6c, 0x1d, 0x63, 0xbf, 0xdd, 0xdf, 0xbc, 0x30,
+ 0xeb, 0x42, 0x2f, 0x52, 0x11, 0xec, 0x6e, 0x65,
+ 0xdf, 0x50, 0xbe, 0x28, 0x3d, 0xa4, 0xec, 0x45,
+ 0x19, 0x4c, 0x13, 0x0f, 0x59, 0x74, 0x57, 0x69,
+ 0x99, 0x4f, 0x4a, 0x74, 0x7f, 0x8c, 0x9e, 0xa2,
+ 0xe7, 0x94, 0xc9, 0x70, 0x70, 0xd0, 0xc4, 0xda,
+ 0x49, 0x5b, 0x7a, 0x7d, 0xd9, 0x71, 0x7c, 0x3b,
+ 0xdc, 0xd2, 0x8a, 0x74, 0x5f, 0xce, 0x09, 0xa2,
+ 0xdb, 0xec, 0xa4, 0xba, 0x75, 0xaa, 0x0a, 0x97,
+ 0xa6, 0x82, 0x25, 0x90, 0x90, 0x37, 0xe4, 0x40,
+ 0x05, 0x28, 0x8f, 0x98, 0x8e, 0x68, 0x01, 0xaf,
+ 0x9b, 0x08, 0x2a, 0x9b, 0xd5, 0xb9, 0x8c, 0x14,
+ 0xbf, 0xba, 0xcb, 0x5b, 0xda, 0x4c, 0x95, 0xb8,
+ 0xdf, 0x67, 0xa6, 0x6b, 0x76, 0x8c, 0xad, 0x4f,
+ 0xfd, 0x6a, 0xd6, 0xcc, 0x62, 0x71, 0x30, 0x30,
+ 0xc1, 0x29, 0x84, 0xe4, 0x8e, 0x32, 0x51, 0xb6,
+ 0xea, 0xfa, 0xba, 0x00, 0x99, 0x76, 0xea, 0x86,
+ 0x90, 0xab, 0x2d, 0xe9, 0xfd, 0x1e, 0x8c, 0xcc,
+ 0x3c, 0x2b, 0x5d, 0x13, 0x1b, 0x47, 0xb4, 0xf5,
+ 0x09, 0x74, 0x1d, 0xd4, 0x78, 0xb2, 0x42, 0x19,
+ 0xd6, 0x24, 0xd1, 0x68, 0xbf, 0x11, 0xf1, 0x38,
+ 0xa0, 0x44, 0x9c, 0xc6, 0x51, 0x33, 0xaa, 0x42,
+ 0x93, 0x9e, 0x30, 0x58, 0x9e, 0xc0, 0x70, 0xdf,
+ 0x7e, 0x64, 0xb1, 0xd8, 0x68, 0x75, 0x98, 0xa7 };
static const unsigned char subprime2[] = { 0x00,
- 0x8e, 0xab, 0xf4, 0xbe, 0x45, 0xeb, 0xa3, 0x58,
- 0x4e, 0x60, 0x15, 0x66, 0x5a, 0x4b, 0x25, 0xcf,
- 0x45, 0x77, 0x89, 0x3f, 0x73, 0x34, 0x4a, 0xe0,
- 0x9e, 0xac, 0xfd, 0xdc, 0xff, 0x9c, 0x8d, 0xe7 };
+ 0x8e, 0xab, 0xf4, 0xbe, 0x45, 0xeb, 0xa3, 0x58,
+ 0x4e, 0x60, 0x15, 0x66, 0x5a, 0x4b, 0x25, 0xcf,
+ 0x45, 0x77, 0x89, 0x3f, 0x73, 0x34, 0x4a, 0xe0,
+ 0x9e, 0xac, 0xfd, 0xdc, 0xff, 0x9c, 0x8d, 0xe7 };
static const unsigned char base2[] = { 0x00,
- 0x8d, 0x72, 0x32, 0x46, 0xa6, 0x5c, 0x80, 0xe3,
- 0x43, 0x0a, 0x9e, 0x94, 0x35, 0x86, 0xd4, 0x58,
- 0xa1, 0xca, 0x22, 0xb9, 0x73, 0x46, 0x0b, 0xfb,
- 0x3e, 0x33, 0xf1, 0xd5, 0xd3, 0xb4, 0x26, 0xbf,
- 0x50, 0xd7, 0xf2, 0x09, 0x33, 0x6e, 0xc0, 0x31,
- 0x1b, 0x6d, 0x07, 0x70, 0x86, 0xca, 0x57, 0xf7,
- 0x0b, 0x4a, 0x63, 0xf0, 0x6f, 0xc8, 0x8a, 0xed,
- 0x50, 0x60, 0xf3, 0x11, 0xc7, 0x44, 0xf3, 0xce,
- 0x4e, 0x50, 0x42, 0x2d, 0x85, 0x33, 0x54, 0x57,
- 0x03, 0x8d, 0xdc, 0x66, 0x4d, 0x61, 0x83, 0x17,
- 0x1c, 0x7b, 0x0d, 0x65, 0xbc, 0x8f, 0x2c, 0x19,
- 0x86, 0xfc, 0xe2, 0x9f, 0x5d, 0x67, 0xfc, 0xd4,
- 0xa5, 0xf8, 0x23, 0xa1, 0x1a, 0xa2, 0xe1, 0x11,
- 0x15, 0x84, 0x32, 0x01, 0xee, 0x88, 0xf1, 0x55,
- 0x30, 0xe9, 0x74, 0x3c, 0x1a, 0x2b, 0x54, 0x45,
- 0x2e, 0x39, 0xb9, 0x77, 0xe1, 0x32, 0xaf, 0x2d,
- 0x97, 0xe0, 0x21, 0xec, 0xf5, 0x58, 0xe1, 0xc7,
- 0x2e, 0xe0, 0x71, 0x3d, 0x29, 0xa4, 0xd6, 0xe2,
- 0x5f, 0x85, 0x9c, 0x05, 0x04, 0x46, 0x41, 0x89,
- 0x03, 0x3c, 0xfa, 0xb2, 0xcf, 0xfa, 0xd5, 0x67,
- 0xcc, 0xec, 0x68, 0xfc, 0x83, 0xd9, 0x1f, 0x2e,
- 0x4e, 0x9a, 0x5e, 0x77, 0xa1, 0xff, 0xe6, 0x6f,
- 0x04, 0x8b, 0xf9, 0x6b, 0x47, 0xc6, 0x49, 0xd2,
- 0x88, 0x6e, 0x29, 0xa3, 0x1b, 0xae, 0xe0, 0x4f,
- 0x72, 0x8a, 0x28, 0x94, 0x0c, 0x1d, 0x8c, 0x99,
- 0xa2, 0x6f, 0xf8, 0xba, 0x99, 0x90, 0xc7, 0xe5,
- 0xb1, 0x3c, 0x10, 0x34, 0x86, 0x6a, 0x6a, 0x1f,
- 0x39, 0x63, 0x58, 0xe1, 0x5e, 0x97, 0x95, 0x45,
- 0x40, 0x38, 0x45, 0x6f, 0x02, 0xb5, 0x86, 0x6e,
- 0xae, 0x2f, 0x32, 0x7e, 0xa1, 0x3a, 0x34, 0x2c,
- 0x1c, 0xd3, 0xff, 0x4e, 0x2c, 0x38, 0x1c, 0xaa,
- 0x2e, 0x66, 0xbe, 0x32, 0x3e, 0x3c, 0x06, 0x5f };
+ 0x8d, 0x72, 0x32, 0x46, 0xa6, 0x5c, 0x80, 0xe3,
+ 0x43, 0x0a, 0x9e, 0x94, 0x35, 0x86, 0xd4, 0x58,
+ 0xa1, 0xca, 0x22, 0xb9, 0x73, 0x46, 0x0b, 0xfb,
+ 0x3e, 0x33, 0xf1, 0xd5, 0xd3, 0xb4, 0x26, 0xbf,
+ 0x50, 0xd7, 0xf2, 0x09, 0x33, 0x6e, 0xc0, 0x31,
+ 0x1b, 0x6d, 0x07, 0x70, 0x86, 0xca, 0x57, 0xf7,
+ 0x0b, 0x4a, 0x63, 0xf0, 0x6f, 0xc8, 0x8a, 0xed,
+ 0x50, 0x60, 0xf3, 0x11, 0xc7, 0x44, 0xf3, 0xce,
+ 0x4e, 0x50, 0x42, 0x2d, 0x85, 0x33, 0x54, 0x57,
+ 0x03, 0x8d, 0xdc, 0x66, 0x4d, 0x61, 0x83, 0x17,
+ 0x1c, 0x7b, 0x0d, 0x65, 0xbc, 0x8f, 0x2c, 0x19,
+ 0x86, 0xfc, 0xe2, 0x9f, 0x5d, 0x67, 0xfc, 0xd4,
+ 0xa5, 0xf8, 0x23, 0xa1, 0x1a, 0xa2, 0xe1, 0x11,
+ 0x15, 0x84, 0x32, 0x01, 0xee, 0x88, 0xf1, 0x55,
+ 0x30, 0xe9, 0x74, 0x3c, 0x1a, 0x2b, 0x54, 0x45,
+ 0x2e, 0x39, 0xb9, 0x77, 0xe1, 0x32, 0xaf, 0x2d,
+ 0x97, 0xe0, 0x21, 0xec, 0xf5, 0x58, 0xe1, 0xc7,
+ 0x2e, 0xe0, 0x71, 0x3d, 0x29, 0xa4, 0xd6, 0xe2,
+ 0x5f, 0x85, 0x9c, 0x05, 0x04, 0x46, 0x41, 0x89,
+ 0x03, 0x3c, 0xfa, 0xb2, 0xcf, 0xfa, 0xd5, 0x67,
+ 0xcc, 0xec, 0x68, 0xfc, 0x83, 0xd9, 0x1f, 0x2e,
+ 0x4e, 0x9a, 0x5e, 0x77, 0xa1, 0xff, 0xe6, 0x6f,
+ 0x04, 0x8b, 0xf9, 0x6b, 0x47, 0xc6, 0x49, 0xd2,
+ 0x88, 0x6e, 0x29, 0xa3, 0x1b, 0xae, 0xe0, 0x4f,
+ 0x72, 0x8a, 0x28, 0x94, 0x0c, 0x1d, 0x8c, 0x99,
+ 0xa2, 0x6f, 0xf8, 0xba, 0x99, 0x90, 0xc7, 0xe5,
+ 0xb1, 0x3c, 0x10, 0x34, 0x86, 0x6a, 0x6a, 0x1f,
+ 0x39, 0x63, 0x58, 0xe1, 0x5e, 0x97, 0x95, 0x45,
+ 0x40, 0x38, 0x45, 0x6f, 0x02, 0xb5, 0x86, 0x6e,
+ 0xae, 0x2f, 0x32, 0x7e, 0xa1, 0x3a, 0x34, 0x2c,
+ 0x1c, 0xd3, 0xff, 0x4e, 0x2c, 0x38, 0x1c, 0xaa,
+ 0x2e, 0x66, 0xbe, 0x32, 0x3e, 0x3c, 0x06, 0x5f };
/*
* The constants h2, seed2, & counter2 aren't used in the code; they're provided
* here (commented-out) so that human readers can verify that our our PQG
* parameters were generated properly.
-static const unsigned char h2[] = {
+static const unsigned char h2[] = {
0x30, 0x91, 0xa1, 0x2e, 0x40, 0xa5, 0x7d, 0xf7,
0xdc, 0xed, 0xee, 0x05, 0xc2, 0x31, 0x91, 0x37,
0xda, 0xc5, 0xe3, 0x47, 0xb5, 0x35, 0x4b, 0xfd,
@@ -388,101 +390,101 @@ static const unsigned int counter2=210;
*/
struct tuple_str {
- CK_RV errNum;
- const char * errString;
+ CK_RV errNum;
+ const char *errString;
};
typedef struct tuple_str tuple_str;
static const tuple_str errStrings[] = {
-{CKR_OK , "CKR_OK "},
-{CKR_CANCEL , "CKR_CANCEL "},
-{CKR_HOST_MEMORY , "CKR_HOST_MEMORY "},
-{CKR_SLOT_ID_INVALID , "CKR_SLOT_ID_INVALID "},
-{CKR_GENERAL_ERROR , "CKR_GENERAL_ERROR "},
-{CKR_FUNCTION_FAILED , "CKR_FUNCTION_FAILED "},
-{CKR_ARGUMENTS_BAD , "CKR_ARGUMENTS_BAD "},
-{CKR_NO_EVENT , "CKR_NO_EVENT "},
-{CKR_NEED_TO_CREATE_THREADS , "CKR_NEED_TO_CREATE_THREADS "},
-{CKR_CANT_LOCK , "CKR_CANT_LOCK "},
-{CKR_ATTRIBUTE_READ_ONLY , "CKR_ATTRIBUTE_READ_ONLY "},
-{CKR_ATTRIBUTE_SENSITIVE , "CKR_ATTRIBUTE_SENSITIVE "},
-{CKR_ATTRIBUTE_TYPE_INVALID , "CKR_ATTRIBUTE_TYPE_INVALID "},
-{CKR_ATTRIBUTE_VALUE_INVALID , "CKR_ATTRIBUTE_VALUE_INVALID "},
-{CKR_DATA_INVALID , "CKR_DATA_INVALID "},
-{CKR_DATA_LEN_RANGE , "CKR_DATA_LEN_RANGE "},
-{CKR_DEVICE_ERROR , "CKR_DEVICE_ERROR "},
-{CKR_DEVICE_MEMORY , "CKR_DEVICE_MEMORY "},
-{CKR_DEVICE_REMOVED , "CKR_DEVICE_REMOVED "},
-{CKR_ENCRYPTED_DATA_INVALID , "CKR_ENCRYPTED_DATA_INVALID "},
-{CKR_ENCRYPTED_DATA_LEN_RANGE , "CKR_ENCRYPTED_DATA_LEN_RANGE "},
-{CKR_FUNCTION_CANCELED , "CKR_FUNCTION_CANCELED "},
-{CKR_FUNCTION_NOT_PARALLEL , "CKR_FUNCTION_NOT_PARALLEL "},
-{CKR_FUNCTION_NOT_SUPPORTED , "CKR_FUNCTION_NOT_SUPPORTED "},
-{CKR_KEY_HANDLE_INVALID , "CKR_KEY_HANDLE_INVALID "},
-{CKR_KEY_SIZE_RANGE , "CKR_KEY_SIZE_RANGE "},
-{CKR_KEY_TYPE_INCONSISTENT , "CKR_KEY_TYPE_INCONSISTENT "},
-{CKR_KEY_NOT_NEEDED , "CKR_KEY_NOT_NEEDED "},
-{CKR_KEY_CHANGED , "CKR_KEY_CHANGED "},
-{CKR_KEY_NEEDED , "CKR_KEY_NEEDED "},
-{CKR_KEY_INDIGESTIBLE , "CKR_KEY_INDIGESTIBLE "},
-{CKR_KEY_FUNCTION_NOT_PERMITTED , "CKR_KEY_FUNCTION_NOT_PERMITTED "},
-{CKR_KEY_NOT_WRAPPABLE , "CKR_KEY_NOT_WRAPPABLE "},
-{CKR_KEY_UNEXTRACTABLE , "CKR_KEY_UNEXTRACTABLE "},
-{CKR_MECHANISM_INVALID , "CKR_MECHANISM_INVALID "},
-{CKR_MECHANISM_PARAM_INVALID , "CKR_MECHANISM_PARAM_INVALID "},
-{CKR_OBJECT_HANDLE_INVALID , "CKR_OBJECT_HANDLE_INVALID "},
-{CKR_OPERATION_ACTIVE , "CKR_OPERATION_ACTIVE "},
-{CKR_OPERATION_NOT_INITIALIZED , "CKR_OPERATION_NOT_INITIALIZED "},
-{CKR_PIN_INCORRECT , "CKR_PIN_INCORRECT "},
-{CKR_PIN_INVALID , "CKR_PIN_INVALID "},
-{CKR_PIN_LEN_RANGE , "CKR_PIN_LEN_RANGE "},
-{CKR_PIN_EXPIRED , "CKR_PIN_EXPIRED "},
-{CKR_PIN_LOCKED , "CKR_PIN_LOCKED "},
-{CKR_SESSION_CLOSED , "CKR_SESSION_CLOSED "},
-{CKR_SESSION_COUNT , "CKR_SESSION_COUNT "},
-{CKR_SESSION_HANDLE_INVALID , "CKR_SESSION_HANDLE_INVALID "},
-{CKR_SESSION_PARALLEL_NOT_SUPPORTED , "CKR_SESSION_PARALLEL_NOT_SUPPORTED "},
-{CKR_SESSION_READ_ONLY , "CKR_SESSION_READ_ONLY "},
-{CKR_SESSION_EXISTS , "CKR_SESSION_EXISTS "},
-{CKR_SESSION_READ_ONLY_EXISTS , "CKR_SESSION_READ_ONLY_EXISTS "},
-{CKR_SESSION_READ_WRITE_SO_EXISTS , "CKR_SESSION_READ_WRITE_SO_EXISTS "},
-{CKR_SIGNATURE_INVALID , "CKR_SIGNATURE_INVALID "},
-{CKR_SIGNATURE_LEN_RANGE , "CKR_SIGNATURE_LEN_RANGE "},
-{CKR_TEMPLATE_INCOMPLETE , "CKR_TEMPLATE_INCOMPLETE "},
-{CKR_TEMPLATE_INCONSISTENT , "CKR_TEMPLATE_INCONSISTENT "},
-{CKR_TOKEN_NOT_PRESENT , "CKR_TOKEN_NOT_PRESENT "},
-{CKR_TOKEN_NOT_RECOGNIZED , "CKR_TOKEN_NOT_RECOGNIZED "},
-{CKR_TOKEN_WRITE_PROTECTED , "CKR_TOKEN_WRITE_PROTECTED "},
-{CKR_UNWRAPPING_KEY_HANDLE_INVALID , "CKR_UNWRAPPING_KEY_HANDLE_INVALID "},
-{CKR_UNWRAPPING_KEY_SIZE_RANGE , "CKR_UNWRAPPING_KEY_SIZE_RANGE "},
-{CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, "CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT"},
-{CKR_USER_ALREADY_LOGGED_IN , "CKR_USER_ALREADY_LOGGED_IN "},
-{CKR_USER_NOT_LOGGED_IN , "CKR_USER_NOT_LOGGED_IN "},
-{CKR_USER_PIN_NOT_INITIALIZED , "CKR_USER_PIN_NOT_INITIALIZED "},
-{CKR_USER_TYPE_INVALID , "CKR_USER_TYPE_INVALID "},
-{CKR_USER_ANOTHER_ALREADY_LOGGED_IN , "CKR_USER_ANOTHER_ALREADY_LOGGED_IN "},
-{CKR_USER_TOO_MANY_TYPES , "CKR_USER_TOO_MANY_TYPES "},
-{CKR_WRAPPED_KEY_INVALID , "CKR_WRAPPED_KEY_INVALID "},
-{CKR_WRAPPED_KEY_LEN_RANGE , "CKR_WRAPPED_KEY_LEN_RANGE "},
-{CKR_WRAPPING_KEY_HANDLE_INVALID , "CKR_WRAPPING_KEY_HANDLE_INVALID "},
-{CKR_WRAPPING_KEY_SIZE_RANGE , "CKR_WRAPPING_KEY_SIZE_RANGE "},
-{CKR_WRAPPING_KEY_TYPE_INCONSISTENT , "CKR_WRAPPING_KEY_TYPE_INCONSISTENT "},
-{CKR_RANDOM_SEED_NOT_SUPPORTED , "CKR_RANDOM_SEED_NOT_SUPPORTED "},
-{CKR_RANDOM_NO_RNG , "CKR_RANDOM_NO_RNG "},
-{CKR_DOMAIN_PARAMS_INVALID , "CKR_DOMAIN_PARAMS_INVALID "},
-{CKR_BUFFER_TOO_SMALL , "CKR_BUFFER_TOO_SMALL "},
-{CKR_SAVED_STATE_INVALID , "CKR_SAVED_STATE_INVALID "},
-{CKR_INFORMATION_SENSITIVE , "CKR_INFORMATION_SENSITIVE "},
-{CKR_STATE_UNSAVEABLE , "CKR_STATE_UNSAVEABLE "},
-{CKR_CRYPTOKI_NOT_INITIALIZED , "CKR_CRYPTOKI_NOT_INITIALIZED "},
-{CKR_CRYPTOKI_ALREADY_INITIALIZED , "CKR_CRYPTOKI_ALREADY_INITIALIZED "},
-{CKR_MUTEX_BAD , "CKR_MUTEX_BAD "},
-{CKR_MUTEX_NOT_LOCKED , "CKR_MUTEX_NOT_LOCKED "},
-{CKR_FUNCTION_REJECTED , "CKR_FUNCTION_REJECTED "},
-{CKR_VENDOR_DEFINED , "CKR_VENDOR_DEFINED "},
-{0xCE534351 , "CKR_NETSCAPE_CERTDB_FAILED "},
-{0xCE534352 , "CKR_NETSCAPE_KEYDB_FAILED "}
+ { CKR_OK, "CKR_OK " },
+ { CKR_CANCEL, "CKR_CANCEL " },
+ { CKR_HOST_MEMORY, "CKR_HOST_MEMORY " },
+ { CKR_SLOT_ID_INVALID, "CKR_SLOT_ID_INVALID " },
+ { CKR_GENERAL_ERROR, "CKR_GENERAL_ERROR " },
+ { CKR_FUNCTION_FAILED, "CKR_FUNCTION_FAILED " },
+ { CKR_ARGUMENTS_BAD, "CKR_ARGUMENTS_BAD " },
+ { CKR_NO_EVENT, "CKR_NO_EVENT " },
+ { CKR_NEED_TO_CREATE_THREADS, "CKR_NEED_TO_CREATE_THREADS " },
+ { CKR_CANT_LOCK, "CKR_CANT_LOCK " },
+ { CKR_ATTRIBUTE_READ_ONLY, "CKR_ATTRIBUTE_READ_ONLY " },
+ { CKR_ATTRIBUTE_SENSITIVE, "CKR_ATTRIBUTE_SENSITIVE " },
+ { CKR_ATTRIBUTE_TYPE_INVALID, "CKR_ATTRIBUTE_TYPE_INVALID " },
+ { CKR_ATTRIBUTE_VALUE_INVALID, "CKR_ATTRIBUTE_VALUE_INVALID " },
+ { CKR_DATA_INVALID, "CKR_DATA_INVALID " },
+ { CKR_DATA_LEN_RANGE, "CKR_DATA_LEN_RANGE " },
+ { CKR_DEVICE_ERROR, "CKR_DEVICE_ERROR " },
+ { CKR_DEVICE_MEMORY, "CKR_DEVICE_MEMORY " },
+ { CKR_DEVICE_REMOVED, "CKR_DEVICE_REMOVED " },
+ { CKR_ENCRYPTED_DATA_INVALID, "CKR_ENCRYPTED_DATA_INVALID " },
+ { CKR_ENCRYPTED_DATA_LEN_RANGE, "CKR_ENCRYPTED_DATA_LEN_RANGE " },
+ { CKR_FUNCTION_CANCELED, "CKR_FUNCTION_CANCELED " },
+ { CKR_FUNCTION_NOT_PARALLEL, "CKR_FUNCTION_NOT_PARALLEL " },
+ { CKR_FUNCTION_NOT_SUPPORTED, "CKR_FUNCTION_NOT_SUPPORTED " },
+ { CKR_KEY_HANDLE_INVALID, "CKR_KEY_HANDLE_INVALID " },
+ { CKR_KEY_SIZE_RANGE, "CKR_KEY_SIZE_RANGE " },
+ { CKR_KEY_TYPE_INCONSISTENT, "CKR_KEY_TYPE_INCONSISTENT " },
+ { CKR_KEY_NOT_NEEDED, "CKR_KEY_NOT_NEEDED " },
+ { CKR_KEY_CHANGED, "CKR_KEY_CHANGED " },
+ { CKR_KEY_NEEDED, "CKR_KEY_NEEDED " },
+ { CKR_KEY_INDIGESTIBLE, "CKR_KEY_INDIGESTIBLE " },
+ { CKR_KEY_FUNCTION_NOT_PERMITTED, "CKR_KEY_FUNCTION_NOT_PERMITTED " },
+ { CKR_KEY_NOT_WRAPPABLE, "CKR_KEY_NOT_WRAPPABLE " },
+ { CKR_KEY_UNEXTRACTABLE, "CKR_KEY_UNEXTRACTABLE " },
+ { CKR_MECHANISM_INVALID, "CKR_MECHANISM_INVALID " },
+ { CKR_MECHANISM_PARAM_INVALID, "CKR_MECHANISM_PARAM_INVALID " },
+ { CKR_OBJECT_HANDLE_INVALID, "CKR_OBJECT_HANDLE_INVALID " },
+ { CKR_OPERATION_ACTIVE, "CKR_OPERATION_ACTIVE " },
+ { CKR_OPERATION_NOT_INITIALIZED, "CKR_OPERATION_NOT_INITIALIZED " },
+ { CKR_PIN_INCORRECT, "CKR_PIN_INCORRECT " },
+ { CKR_PIN_INVALID, "CKR_PIN_INVALID " },
+ { CKR_PIN_LEN_RANGE, "CKR_PIN_LEN_RANGE " },
+ { CKR_PIN_EXPIRED, "CKR_PIN_EXPIRED " },
+ { CKR_PIN_LOCKED, "CKR_PIN_LOCKED " },
+ { CKR_SESSION_CLOSED, "CKR_SESSION_CLOSED " },
+ { CKR_SESSION_COUNT, "CKR_SESSION_COUNT " },
+ { CKR_SESSION_HANDLE_INVALID, "CKR_SESSION_HANDLE_INVALID " },
+ { CKR_SESSION_PARALLEL_NOT_SUPPORTED, "CKR_SESSION_PARALLEL_NOT_SUPPORTED " },
+ { CKR_SESSION_READ_ONLY, "CKR_SESSION_READ_ONLY " },
+ { CKR_SESSION_EXISTS, "CKR_SESSION_EXISTS " },
+ { CKR_SESSION_READ_ONLY_EXISTS, "CKR_SESSION_READ_ONLY_EXISTS " },
+ { CKR_SESSION_READ_WRITE_SO_EXISTS, "CKR_SESSION_READ_WRITE_SO_EXISTS " },
+ { CKR_SIGNATURE_INVALID, "CKR_SIGNATURE_INVALID " },
+ { CKR_SIGNATURE_LEN_RANGE, "CKR_SIGNATURE_LEN_RANGE " },
+ { CKR_TEMPLATE_INCOMPLETE, "CKR_TEMPLATE_INCOMPLETE " },
+ { CKR_TEMPLATE_INCONSISTENT, "CKR_TEMPLATE_INCONSISTENT " },
+ { CKR_TOKEN_NOT_PRESENT, "CKR_TOKEN_NOT_PRESENT " },
+ { CKR_TOKEN_NOT_RECOGNIZED, "CKR_TOKEN_NOT_RECOGNIZED " },
+ { CKR_TOKEN_WRITE_PROTECTED, "CKR_TOKEN_WRITE_PROTECTED " },
+ { CKR_UNWRAPPING_KEY_HANDLE_INVALID, "CKR_UNWRAPPING_KEY_HANDLE_INVALID " },
+ { CKR_UNWRAPPING_KEY_SIZE_RANGE, "CKR_UNWRAPPING_KEY_SIZE_RANGE " },
+ { CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, "CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT" },
+ { CKR_USER_ALREADY_LOGGED_IN, "CKR_USER_ALREADY_LOGGED_IN " },
+ { CKR_USER_NOT_LOGGED_IN, "CKR_USER_NOT_LOGGED_IN " },
+ { CKR_USER_PIN_NOT_INITIALIZED, "CKR_USER_PIN_NOT_INITIALIZED " },
+ { CKR_USER_TYPE_INVALID, "CKR_USER_TYPE_INVALID " },
+ { CKR_USER_ANOTHER_ALREADY_LOGGED_IN, "CKR_USER_ANOTHER_ALREADY_LOGGED_IN " },
+ { CKR_USER_TOO_MANY_TYPES, "CKR_USER_TOO_MANY_TYPES " },
+ { CKR_WRAPPED_KEY_INVALID, "CKR_WRAPPED_KEY_INVALID " },
+ { CKR_WRAPPED_KEY_LEN_RANGE, "CKR_WRAPPED_KEY_LEN_RANGE " },
+ { CKR_WRAPPING_KEY_HANDLE_INVALID, "CKR_WRAPPING_KEY_HANDLE_INVALID " },
+ { CKR_WRAPPING_KEY_SIZE_RANGE, "CKR_WRAPPING_KEY_SIZE_RANGE " },
+ { CKR_WRAPPING_KEY_TYPE_INCONSISTENT, "CKR_WRAPPING_KEY_TYPE_INCONSISTENT " },
+ { CKR_RANDOM_SEED_NOT_SUPPORTED, "CKR_RANDOM_SEED_NOT_SUPPORTED " },
+ { CKR_RANDOM_NO_RNG, "CKR_RANDOM_NO_RNG " },
+ { CKR_DOMAIN_PARAMS_INVALID, "CKR_DOMAIN_PARAMS_INVALID " },
+ { CKR_BUFFER_TOO_SMALL, "CKR_BUFFER_TOO_SMALL " },
+ { CKR_SAVED_STATE_INVALID, "CKR_SAVED_STATE_INVALID " },
+ { CKR_INFORMATION_SENSITIVE, "CKR_INFORMATION_SENSITIVE " },
+ { CKR_STATE_UNSAVEABLE, "CKR_STATE_UNSAVEABLE " },
+ { CKR_CRYPTOKI_NOT_INITIALIZED, "CKR_CRYPTOKI_NOT_INITIALIZED " },
+ { CKR_CRYPTOKI_ALREADY_INITIALIZED, "CKR_CRYPTOKI_ALREADY_INITIALIZED " },
+ { CKR_MUTEX_BAD, "CKR_MUTEX_BAD " },
+ { CKR_MUTEX_NOT_LOCKED, "CKR_MUTEX_NOT_LOCKED " },
+ { CKR_FUNCTION_REJECTED, "CKR_FUNCTION_REJECTED " },
+ { CKR_VENDOR_DEFINED, "CKR_VENDOR_DEFINED " },
+ { 0xCE534351, "CKR_NETSCAPE_CERTDB_FAILED " },
+ { 0xCE534352, "CKR_NETSCAPE_KEYDB_FAILED " }
};
@@ -492,8 +494,9 @@ static const CK_ULONG numStrings = sizeof(errStrings) / sizeof(tuple_str);
* Returns "unknown error" if errNum is unknown.
*/
static const char *
-CK_RVtoStr(CK_RV errNum) {
- CK_ULONG low = 1;
+CK_RVtoStr(CK_RV errNum)
+{
+ CK_ULONG low = 1;
CK_ULONG high = numStrings - 1;
CK_ULONG i;
CK_RV num;
@@ -508,12 +511,12 @@ CK_RVtoStr(CK_RV errNum) {
num = errStrings[i].errNum;
if (num <= lastNum) {
PR_fprintf(PR_STDERR,
- "sequence error in error strings at item %d\n"
- "error %d (%s)\n"
- "should come after \n"
- "error %d (%s)\n",
- (int) i, (int) lastNum, errStrings[i-1].errString,
- (int) num, errStrings[i].errString);
+ "sequence error in error strings at item %d\n"
+ "error %d (%s)\n"
+ "should come after \n"
+ "error %d (%s)\n",
+ (int)i, (int)lastNum, errStrings[i - 1].errString,
+ (int)num, errStrings[i].errString);
}
lastNum = num;
}
@@ -538,8 +541,9 @@ CK_RVtoStr(CK_RV errNum) {
return "unknown error";
}
-static void
-pk11error(const char *string, CK_RV crv) {
+static void
+pk11error(const char *string, CK_RV crv)
+{
PRErrorCode errorcode;
PR_fprintf(PR_STDERR, "%s: 0x%08lX, %-26s\n", string, crv, CK_RVtoStr(crv));
@@ -547,24 +551,26 @@ pk11error(const char *string, CK_RV crv) {
errorcode = PR_GetError();
if (errorcode) {
PR_fprintf(PR_STDERR, "NSPR error code: %d: %s\n", errorcode,
- PR_ErrorToString(errorcode, PR_LANGUAGE_I_DEFAULT));
+ PR_ErrorToString(errorcode, PR_LANGUAGE_I_DEFAULT));
}
}
-static void
-logIt(const char *fmt, ...) {
+static void
+logIt(const char *fmt, ...)
+{
va_list args;
if (verbose) {
- va_start (args, fmt);
+ va_start(args, fmt);
vprintf(fmt, args);
va_end(args);
}
}
-static CK_RV
-softokn_Init(CK_FUNCTION_LIST_PTR pFunctionList, const char * configDir,
- const char * dbPrefix) {
+static CK_RV
+softokn_Init(CK_FUNCTION_LIST_PTR pFunctionList, const char *configDir,
+ const char *dbPrefix)
+{
CK_RV crv = CKR_OK;
CK_C_INITIALIZE_ARGS initArgs;
@@ -577,8 +583,8 @@ softokn_Init(CK_FUNCTION_LIST_PTR pFunctionList, const char * configDir,
initArgs.flags = CKF_OS_LOCKING_OK;
if (configDir) {
moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' "
- "keyPrefix='%s' secmod='secmod.db' flags=ReadOnly ",
- configDir, dbPrefix, dbPrefix);
+ "keyPrefix='%s' secmod='secmod.db' flags=ReadOnly ",
+ configDir, dbPrefix, dbPrefix);
} else {
moduleSpec = PR_smprintf("configdir='' certPrefix='' keyPrefix='' "
"secmod='' flags=noCertDB, noModDB");
@@ -586,9 +592,9 @@ softokn_Init(CK_FUNCTION_LIST_PTR pFunctionList, const char * configDir,
if (!moduleSpec) {
PR_fprintf(PR_STDERR, "softokn_Init: out of memory error\n");
return CKR_HOST_MEMORY;
- }
+ }
logIt("moduleSpec %s\n", moduleSpec);
- initArgs.LibraryParameters = (CK_CHAR_PTR *) moduleSpec;
+ initArgs.LibraryParameters = (CK_CHAR_PTR *)moduleSpec;
initArgs.pReserved = NULL;
crv = pFunctionList->C_Initialize(&initArgs);
@@ -605,7 +611,7 @@ cleanup:
return crv;
}
-static char *
+static char *
filePasswd(char *pwFile)
{
unsigned char phrase[200];
@@ -627,16 +633,17 @@ filePasswd(char *pwFile)
PR_Close(fd);
/* handle the Windows EOL case */
i = 0;
- while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb) i++;
+ while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb)
+ i++;
phrase[i] = '\0';
if (nb == 0) {
- PR_fprintf(PR_STDERR,"password file contains no data\n");
+ PR_fprintf(PR_STDERR, "password file contains no data\n");
return NULL;
}
- return (char*) PL_strdup((char*)phrase);
+ return (char *)PL_strdup((char *)phrase);
}
-static void
+static void
checkPath(char *string)
{
char *src;
@@ -646,7 +653,7 @@ checkPath(char *string)
* windows support convert any back slashes to
* forward slashes.
*/
- for (src=string, dest=string; *src; src++,dest++) {
+ for (src = string, dest = string; *src; src++, dest++) {
if (*src == '\\') {
*dest = '/';
}
@@ -655,12 +662,12 @@ checkPath(char *string)
/* if the last char is a / set it to 0 */
if (*dest == '/')
*dest = 0;
-
}
static CK_SLOT_ID *
getSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
- CK_ULONG slotIndex) {
+ CK_ULONG slotIndex)
+{
CK_RV crv = CKR_OK;
CK_SLOT_ID *pSlotList = NULL;
CK_ULONG slotCount;
@@ -669,7 +676,7 @@ getSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
NULL, &slotCount);
if (crv != CKR_OK) {
- pk11error( "C_GetSlotList failed", crv);
+ pk11error("C_GetSlotList failed", crv);
return NULL;
}
@@ -686,14 +693,16 @@ getSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
pSlotList, &slotCount);
if (crv != CKR_OK) {
- pk11error( "C_GetSlotList failed", crv);
- if (pSlotList) PR_Free(pSlotList);
+ pk11error("C_GetSlotList failed", crv);
+ if (pSlotList)
+ PR_Free(pSlotList);
return NULL;
}
return pSlotList;
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
PLOptState *optstate;
char *program_name;
@@ -701,12 +710,12 @@ int main(int argc, char **argv)
PRLibrary *lib;
PRFileDesc *fd;
PRStatus rv = PR_SUCCESS;
- const char *input_file = NULL; /* read/create encrypted data from here */
- char *output_file = NULL; /* write new encrypted data here */
+ const char *input_file = NULL; /* read/create encrypted data from here */
+ char *output_file = NULL; /* write new encrypted data here */
int bytesRead;
int bytesWritten;
unsigned char file_buf[512];
- int count=0;
+ int count = 0;
unsigned int keySize = 0;
int i;
PRBool verify = PR_FALSE;
@@ -716,7 +725,7 @@ int main(int argc, char **argv)
#ifdef USES_LINKS
int ret;
struct stat stat_buf;
- char link_buf[MAXPATHLEN+1];
+ char link_buf[MAXPATHLEN + 1];
char *link_file = NULL;
#endif
@@ -731,12 +740,12 @@ int main(int argc, char **argv)
CK_RV crv = CKR_OK;
CK_SESSION_HANDLE hRwSession;
CK_SLOT_ID *pSlotList = NULL;
- CK_ULONG slotIndex = 0;
+ CK_ULONG slotIndex = 0;
CK_MECHANISM digestmech;
CK_ULONG digestLen = 0;
CK_BYTE digest[32]; /* SHA256_LENGTH */
CK_BYTE sign[64]; /* DSA SIGNATURE LENGTH */
- CK_ULONG signLen = 0 ;
+ CK_ULONG signLen = 0;
CK_MECHANISM signMech = {
CKM_DSA, NULL, 0
};
@@ -752,16 +761,15 @@ int main(int argc, char **argv)
CK_BYTE dsaPubKey[384];
CK_ATTRIBUTE dsaPubKeyValue;
-
program_name = strrchr(argv[0], '/');
program_name = program_name ? (program_name + 1) : argv[0];
- optstate = PL_CreateOptState (argc, argv, "i:o:f:Fd:hH?k:p:P:vVs:");
+ optstate = PL_CreateOptState(argc, argv, "i:o:f:Fd:hH?k:p:P:vVs:");
if (optstate == NULL) {
lperror("PL_CreateOptState failed");
return 1;
}
- while (PL_GetNextOpt (optstate) == PL_OPT_OK) {
+ while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
switch (optstate->option) {
case 'd':
@@ -773,7 +781,7 @@ int main(int argc, char **argv)
checkPath(configDir);
break;
- case 'i':
+ case 'i':
if (!optstate->value) {
PL_DestroyOptState(optstate);
usage(program_name);
@@ -781,7 +789,7 @@ int main(int argc, char **argv)
input_file = optstate->value;
break;
- case 'o':
+ case 'o':
if (!optstate->value) {
PL_DestroyOptState(optstate);
usage(program_name);
@@ -789,7 +797,7 @@ int main(int argc, char **argv)
output_file = PL_strdup(optstate->value);
break;
- case 'k':
+ case 'k':
if (!optstate->value) {
PL_DestroyOptState(optstate);
usage(program_name);
@@ -797,28 +805,29 @@ int main(int argc, char **argv)
keySize = atoi(optstate->value);
break;
- case 'f':
+ case 'f':
if (!optstate->value) {
PL_DestroyOptState(optstate);
usage(program_name);
}
pwd = filePasswd((char *)optstate->value);
- if (!pwd) usage(program_name);
+ if (!pwd)
+ usage(program_name);
break;
- case 'F':
+ case 'F':
FIPSMODE = PR_TRUE;
break;
- case 'p':
+ case 'p':
if (!optstate->value) {
PL_DestroyOptState(optstate);
usage(program_name);
}
- pwd = PL_strdup(optstate->value);
+ pwd = PL_strdup(optstate->value);
break;
- case 'P':
+ case 'P':
if (!optstate->value) {
PL_DestroyOptState(optstate);
usage(program_name);
@@ -826,23 +835,23 @@ int main(int argc, char **argv)
dbPrefix = PL_strdup(optstate->value);
break;
- case 'v':
+ case 'v':
verbose = PR_TRUE;
break;
- case 'V':
+ case 'V':
verify = PR_TRUE;
break;
- case 'H':
+ case 'H':
PL_DestroyOptState(optstate);
- long_usage (program_name);
+ long_usage(program_name);
return 1;
break;
- case 'h':
- case '?':
- default:
+ case 'h':
+ case '?':
+ default:
PL_DestroyOptState(optstate);
usage(program_name);
return 1;
@@ -865,24 +874,23 @@ int main(int argc, char **argv)
assert(lib != NULL);
PR_FreeLibraryName(libname);
-
if (FIPSMODE) {
/* FIPSMODE == FC_GetFunctionList */
/* library path must be set to an already signed softokn3/freebl */
pC_GetFunctionList = (CK_C_GetFunctionList)
- PR_FindFunctionSymbol(lib, "FC_GetFunctionList");
+ PR_FindFunctionSymbol(lib, "FC_GetFunctionList");
} else {
/* NON FIPS mode == C_GetFunctionList */
pC_GetFunctionList = (CK_C_GetFunctionList)
- PR_FindFunctionSymbol(lib, "C_GetFunctionList");
- }
+ PR_FindFunctionSymbol(lib, "C_GetFunctionList");
+ }
assert(pC_GetFunctionList != NULL);
crv = (*pC_GetFunctionList)(&pFunctionList);
assert(crv == CKR_OK);
if (configDir) {
- if (!dbPrefix) {
+ if (!dbPrefix) {
dbPrefix = PL_strdup("");
}
crv = softokn_Init(pFunctionList, configDir, dbPrefix);
@@ -896,7 +904,7 @@ int main(int argc, char **argv)
}
if (crv != CKR_OK) {
- pk11error( "Initiailzing softoken failed", crv);
+ pk11error("Initiailzing softoken failed", crv);
goto cleanup;
}
@@ -907,59 +915,59 @@ int main(int argc, char **argv)
}
if ((keySize == 0) || (keySize > 1024)) {
- CK_MECHANISM_INFO mechInfo;
- crv = pFunctionList->C_GetMechanismInfo(pSlotList[slotIndex],
- CKM_DSA, &mechInfo);
- if (crv != CKR_OK) {
- pk11error( "Couldn't get mechanism info for DSA", crv);
+ CK_MECHANISM_INFO mechInfo;
+ crv = pFunctionList->C_GetMechanismInfo(pSlotList[slotIndex],
+ CKM_DSA, &mechInfo);
+ if (crv != CKR_OK) {
+ pk11error("Couldn't get mechanism info for DSA", crv);
+ goto cleanup;
+ }
+
+ if (keySize && (mechInfo.ulMaxKeySize < keySize)) {
+ PR_fprintf(PR_STDERR,
+ "token doesn't support DSA2 (Max key size=%d)\n",
+ mechInfo.ulMaxKeySize);
goto cleanup;
- }
-
- if (keySize && (mechInfo.ulMaxKeySize < keySize)) {
- PR_fprintf(PR_STDERR,
- "token doesn't support DSA2 (Max key size=%d)\n",
- mechInfo.ulMaxKeySize);
- goto cleanup;
- }
-
- if ((keySize == 0) && mechInfo.ulMaxKeySize >=2048 ) {
- keySize = 2048;
- } else {
- keySize = 1024;
- }
+ }
+
+ if ((keySize == 0) && mechInfo.ulMaxKeySize >= 2048) {
+ keySize = 2048;
+ } else {
+ keySize = 1024;
+ }
}
/* DSA key init */
if (keySize == 1024) {
- dsaPubKeyTemplate[0].type = CKA_PRIME;
- dsaPubKeyTemplate[0].pValue = (CK_VOID_PTR) &prime;
- dsaPubKeyTemplate[0].ulValueLen = sizeof(prime);
- dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
- dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR) &subprime;
- dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime);
- dsaPubKeyTemplate[2].type = CKA_BASE;
- dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR) &base;
- dsaPubKeyTemplate[2].ulValueLen = sizeof(base);
- digestmech.mechanism = CKM_SHA_1;
- digestmech.pParameter = NULL;
- digestmech.ulParameterLen = 0;
+ dsaPubKeyTemplate[0].type = CKA_PRIME;
+ dsaPubKeyTemplate[0].pValue = (CK_VOID_PTR)&prime;
+ dsaPubKeyTemplate[0].ulValueLen = sizeof(prime);
+ dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
+ dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR)&subprime;
+ dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime);
+ dsaPubKeyTemplate[2].type = CKA_BASE;
+ dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR)&base;
+ dsaPubKeyTemplate[2].ulValueLen = sizeof(base);
+ digestmech.mechanism = CKM_SHA_1;
+ digestmech.pParameter = NULL;
+ digestmech.ulParameterLen = 0;
} else if (keySize == 2048) {
- dsaPubKeyTemplate[0].type = CKA_PRIME;
- dsaPubKeyTemplate[0].pValue = (CK_VOID_PTR) &prime2;
- dsaPubKeyTemplate[0].ulValueLen = sizeof(prime2);
- dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
- dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR) &subprime2;
- dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime2);
- dsaPubKeyTemplate[2].type = CKA_BASE;
- dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR) &base2;
- dsaPubKeyTemplate[2].ulValueLen = sizeof(base2);
- digestmech.mechanism = CKM_SHA256;
- digestmech.pParameter = NULL;
- digestmech.ulParameterLen = 0;
+ dsaPubKeyTemplate[0].type = CKA_PRIME;
+ dsaPubKeyTemplate[0].pValue = (CK_VOID_PTR)&prime2;
+ dsaPubKeyTemplate[0].ulValueLen = sizeof(prime2);
+ dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
+ dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR)&subprime2;
+ dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime2);
+ dsaPubKeyTemplate[2].type = CKA_BASE;
+ dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR)&base2;
+ dsaPubKeyTemplate[2].ulValueLen = sizeof(base2);
+ digestmech.mechanism = CKM_SHA256;
+ digestmech.pParameter = NULL;
+ digestmech.ulParameterLen = 0;
} else {
- /* future - generate pqg */
+ /* future - generate pqg */
PR_fprintf(PR_STDERR, "Only keysizes 1024 and 2048 are supported");
- goto cleanup;
+ goto cleanup;
}
dsaPubKeyTemplate[3].type = CKA_TOKEN;
dsaPubKeyTemplate[3].pValue = &false; /* session object */
@@ -967,44 +975,44 @@ int main(int argc, char **argv)
dsaPubKeyTemplate[4].type = CKA_VERIFY;
dsaPubKeyTemplate[4].pValue = &true;
dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
- dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
+ dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
dsaKeyPairGenMech.pParameter = NULL;
dsaKeyPairGenMech.ulParameterLen = 0;
- dsaPrivKeyTemplate[0].type = CKA_TOKEN;
- dsaPrivKeyTemplate[0].pValue = &false; /* session object */
+ dsaPrivKeyTemplate[0].type = CKA_TOKEN;
+ dsaPrivKeyTemplate[0].pValue = &false; /* session object */
dsaPrivKeyTemplate[0].ulValueLen = sizeof(false);
- dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
- dsaPrivKeyTemplate[1].pValue = &true;
+ dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
+ dsaPrivKeyTemplate[1].pValue = &true;
dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
- dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
- dsaPrivKeyTemplate[2].pValue = &true;
+ dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
+ dsaPrivKeyTemplate[2].pValue = &true;
dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
- dsaPrivKeyTemplate[3].type = CKA_SIGN,
- dsaPrivKeyTemplate[3].pValue = &true;
+ dsaPrivKeyTemplate[3].type = CKA_SIGN,
+ dsaPrivKeyTemplate[3].pValue = &true;
dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
- dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
- dsaPrivKeyTemplate[4].pValue = &false;
+ dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
+ dsaPrivKeyTemplate[4].pValue = &false;
dsaPrivKeyTemplate[4].ulValueLen = sizeof(false);
crv = pFunctionList->C_OpenSession(pSlotList[slotIndex],
CKF_RW_SESSION | CKF_SERIAL_SESSION,
NULL, NULL, &hRwSession);
if (crv != CKR_OK) {
- pk11error( "Opening a read/write session failed", crv);
+ pk11error("Opening a read/write session failed", crv);
goto cleanup;
}
/* check if a password is needed */
crv = pFunctionList->C_GetTokenInfo(pSlotList[slotIndex], &tokenInfo);
if (crv != CKR_OK) {
- pk11error( "C_GetTokenInfo failed", crv);
+ pk11error("C_GetTokenInfo failed", crv);
goto cleanup;
}
if (tokenInfo.flags & CKF_LOGIN_REQUIRED) {
if (pwd) {
- int pwdLen = strlen((const char*)pwd);
- crv = pFunctionList->C_Login(hRwSession, CKU_USER,
- (CK_UTF8CHAR_PTR) pwd, (CK_ULONG)pwdLen);
+ int pwdLen = strlen((const char *)pwd);
+ crv = pFunctionList->C_Login(hRwSession, CKU_USER,
+ (CK_UTF8CHAR_PTR)pwd, (CK_ULONG)pwdLen);
if (crv != CKR_OK) {
pk11error("C_Login failed", crv);
goto cleanup;
@@ -1031,8 +1039,8 @@ int main(int argc, char **argv)
}
/* open the shared library */
- fd = PR_OpenFile(input_file,PR_RDONLY,0);
- if (fd == NULL ) {
+ fd = PR_OpenFile(input_file, PR_RDONLY, 0);
+ if (fd == NULL) {
lperror(input_file);
goto cleanup;
}
@@ -1043,7 +1051,7 @@ int main(int argc, char **argv)
goto cleanup;
}
if (S_ISLNK(stat_buf.st_mode)) {
- char *dirpath,*dirend;
+ char *dirpath, *dirend;
ret = readlink(input_file, link_buf, sizeof(link_buf) - 1);
if (ret < 0) {
perror(input_file);
@@ -1067,8 +1075,8 @@ int main(int argc, char **argv)
/* get the basename of link_file */
dirend = strrchr(link_file, '/');
if (dirend) {
- char * tmp_file = NULL;
- tmp_file = PL_strdup(dirend +1 );
+ char *tmp_file = NULL;
+ tmp_file = PL_strdup(dirend + 1);
PL_strfree(link_file);
link_file = tmp_file;
}
@@ -1087,7 +1095,7 @@ int main(int argc, char **argv)
}
/* Digest the file */
- while ((bytesRead = PR_Read(fd,file_buf,sizeof(file_buf))) > 0) {
+ while ((bytesRead = PR_Read(fd, file_buf, sizeof(file_buf))) > 0) {
crv = pFunctionList->C_DigestUpdate(hRwSession, (CK_BYTE_PTR)file_buf,
bytesRead);
if (crv != CKR_OK) {
@@ -1115,7 +1123,8 @@ int main(int argc, char **argv)
if (digestLen != sizeof(digest)) {
PR_fprintf(PR_STDERR, "digestLen has incorrect length %lu "
- "it should be %lu \n",digestLen, sizeof(digest));
+ "it should be %lu \n",
+ digestLen, sizeof(digest));
goto cleanup;
}
@@ -1129,7 +1138,7 @@ int main(int argc, char **argv)
}
signLen = sizeof(sign);
- crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE * ) digest, digestLen,
+ crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE *)digest, digestLen,
sign, &signLen);
if (crv != CKR_OK) {
pk11error("C_Sign failed", crv);
@@ -1138,7 +1147,8 @@ int main(int argc, char **argv)
if (signLen != sizeof(sign)) {
PR_fprintf(PR_STDERR, "signLen has incorrect length %lu "
- "it should be %lu \n", signLen, sizeof(sign));
+ "it should be %lu \n",
+ signLen, sizeof(sign));
goto cleanup;
}
@@ -1158,35 +1168,35 @@ int main(int argc, char **argv)
if (verbose) {
int j;
- PR_fprintf(PR_STDERR,"Library File: %s %d bytes\n",input_file, count);
- PR_fprintf(PR_STDERR,"Check File: %s\n",output_file);
+ PR_fprintf(PR_STDERR, "Library File: %s %d bytes\n", input_file, count);
+ PR_fprintf(PR_STDERR, "Check File: %s\n", output_file);
#ifdef USES_LINKS
if (link_file) {
- PR_fprintf(PR_STDERR,"Link: %s\n",link_file);
+ PR_fprintf(PR_STDERR, "Link: %s\n", link_file);
}
#endif
- PR_fprintf(PR_STDERR," hash: %lu bytes\n", digestLen);
+ PR_fprintf(PR_STDERR, " hash: %lu bytes\n", digestLen);
#define STEP 10
- for (i=0; i < (int) digestLen; i += STEP) {
- PR_fprintf(PR_STDERR," ");
- for (j=0; j < STEP && (i+j) < (int) digestLen; j++) {
- PR_fprintf(PR_STDERR," %02x", digest[i+j]);
+ for (i = 0; i < (int)digestLen; i += STEP) {
+ PR_fprintf(PR_STDERR, " ");
+ for (j = 0; j < STEP && (i + j) < (int)digestLen; j++) {
+ PR_fprintf(PR_STDERR, " %02x", digest[i + j]);
}
- PR_fprintf(PR_STDERR,"\n");
+ PR_fprintf(PR_STDERR, "\n");
}
- PR_fprintf(PR_STDERR," signature: %lu bytes\n", signLen);
- for (i=0; i < (int) signLen; i += STEP) {
- PR_fprintf(PR_STDERR," ");
- for (j=0; j < STEP && (i+j) < (int) signLen; j++) {
- PR_fprintf(PR_STDERR," %02x", sign[i+j]);
+ PR_fprintf(PR_STDERR, " signature: %lu bytes\n", signLen);
+ for (i = 0; i < (int)signLen; i += STEP) {
+ PR_fprintf(PR_STDERR, " ");
+ for (j = 0; j < STEP && (i + j) < (int)signLen; j++) {
+ PR_fprintf(PR_STDERR, " %02x", sign[i + j]);
}
- PR_fprintf(PR_STDERR,"\n");
+ PR_fprintf(PR_STDERR, "\n");
}
}
/* open the target signature file */
- fd = PR_Open(output_file,PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE,0666);
- if (fd == NULL ) {
+ fd = PR_Open(output_file, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0666);
+ if (fd == NULL) {
lperror(output_file);
goto cleanup;
}
@@ -1203,9 +1213,9 @@ int main(int argc, char **argv)
file_buf[1] = NSS_SIGN_CHK_MAGIC2;
file_buf[2] = NSS_SIGN_CHK_MAJOR_VERSION;
file_buf[3] = NSS_SIGN_CHK_MINOR_VERSION;
- encodeInt(&file_buf[4],12); /* offset to data start */
- encodeInt(&file_buf[8],CKK_DSA);
- bytesWritten = PR_Write(fd,file_buf, 12);
+ encodeInt(&file_buf[4], 12); /* offset to data start */
+ encodeInt(&file_buf[8], CKK_DSA);
+ bytesWritten = PR_Write(fd, file_buf, 12);
if (bytesWritten != 12) {
lperror(output_file);
goto cleanup;
@@ -1213,8 +1223,8 @@ int main(int argc, char **argv)
/* get DSA Public KeyValue */
memset(dsaPubKey, 0, sizeof(dsaPubKey));
- dsaPubKeyValue.type =CKA_VALUE;
- dsaPubKeyValue.pValue = (CK_VOID_PTR) &dsaPubKey;
+ dsaPubKeyValue.type = CKA_VALUE;
+ dsaPubKeyValue.pValue = (CK_VOID_PTR)&dsaPubKey;
dsaPubKeyValue.ulValueLen = sizeof(dsaPubKey);
crv = pFunctionList->C_GetAttributeValue(hRwSession, hDSApubKey,
@@ -1225,24 +1235,29 @@ int main(int argc, char **argv)
}
/* CKA_PRIME */
- rv = writeItem(fd,dsaPubKeyTemplate[0].pValue,
+ rv = writeItem(fd, dsaPubKeyTemplate[0].pValue,
dsaPubKeyTemplate[0].ulValueLen, output_file);
- if (rv != PR_SUCCESS) goto cleanup;
+ if (rv != PR_SUCCESS)
+ goto cleanup;
/* CKA_SUBPRIME */
- rv = writeItem(fd,dsaPubKeyTemplate[1].pValue,
+ rv = writeItem(fd, dsaPubKeyTemplate[1].pValue,
dsaPubKeyTemplate[1].ulValueLen, output_file);
- if (rv != PR_SUCCESS) goto cleanup;
- /* CKA_BASE */
- rv = writeItem(fd,dsaPubKeyTemplate[2].pValue,
+ if (rv != PR_SUCCESS)
+ goto cleanup;
+ /* CKA_BASE */
+ rv = writeItem(fd, dsaPubKeyTemplate[2].pValue,
dsaPubKeyTemplate[2].ulValueLen, output_file);
- if (rv != PR_SUCCESS) goto cleanup;
+ if (rv != PR_SUCCESS)
+ goto cleanup;
/* DSA Public Key value */
- rv = writeItem(fd,dsaPubKeyValue.pValue,
+ rv = writeItem(fd, dsaPubKeyValue.pValue,
dsaPubKeyValue.ulValueLen, output_file);
- if (rv != PR_SUCCESS) goto cleanup;
+ if (rv != PR_SUCCESS)
+ goto cleanup;
/* DSA SIGNATURE */
- rv = writeItem(fd,&sign, signLen, output_file);
- if (rv != PR_SUCCESS) goto cleanup;
+ rv = writeItem(fd, &sign, signLen, output_file);
+ if (rv != PR_SUCCESS)
+ goto cleanup;
PR_Close(fd);
#ifdef USES_LINKS
@@ -1280,11 +1295,11 @@ cleanup:
PL_strfree(dbPrefix);
}
if (output_file) { /* allocated by mkoutput function */
- PL_strfree(output_file);
+ PL_strfree(output_file);
}
#ifdef USES_LINKS
if (link_file) { /* allocated by mkoutput function */
- PL_strfree(link_file);
+ PL_strfree(link_file);
}
#endif
@@ -1295,7 +1310,7 @@ cleanup:
PR_Cleanup();
if (crv != CKR_OK)
- return crv;
-
+ return crv;
+
return (successful) ? 0 : 1;
}
diff --git a/cmd/signtool/certgen.c b/cmd/signtool/certgen.c
index 5a645049c..6d870b741 100644
--- a/cmd/signtool/certgen.c
+++ b/cmd/signtool/certgen.c
@@ -8,24 +8,23 @@
#include "cryptohi.h"
#include "certdb.h"
-static char *GetSubjectFromUser(unsigned long serial);
-static CERTCertificate*GenerateSelfSignedObjectSigningCert(char *nickname,
- CERTCertDBHandle *db, char *subject, unsigned long serial, int keysize,
- char *token);
+static char *GetSubjectFromUser(unsigned long serial);
+static CERTCertificate *GenerateSelfSignedObjectSigningCert(char *nickname,
+ CERTCertDBHandle *db, char *subject, unsigned long serial, int keysize,
+ char *token);
static SECStatus ChangeTrustAttributes(CERTCertDBHandle *db,
- CERTCertificate *cert, char *trusts);
+ CERTCertificate *cert, char *trusts);
static SECStatus set_cert_type(CERTCertificate *cert, unsigned int type);
static SECItem *sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk);
-static CERTCertificate*install_cert(CERTCertDBHandle *db, SECItem *derCert,
- char *nickname);
+static CERTCertificate *install_cert(CERTCertDBHandle *db, SECItem *derCert,
+ char *nickname);
static SECStatus GenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk,
- SECKEYPrivateKey **privk, int keysize);
-static CERTCertificateRequest*make_cert_request(char *subject,
- SECKEYPublicKey *pubk);
+ SECKEYPrivateKey **privk, int keysize);
+static CERTCertificateRequest *make_cert_request(char *subject,
+ SECKEYPublicKey *pubk);
static CERTCertificate *make_cert(CERTCertificateRequest *req,
- unsigned long serial, CERTName *ca_subject);
-static void output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db);
-
+ unsigned long serial, CERTName *ca_subject);
+static void output_ca_cert(CERTCertificate *cert, CERTCertDBHandle *db);
/***********************************************************************
*
@@ -37,59 +36,59 @@ static void output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db);
int
GenerateCert(char *nickname, int keysize, char *token)
{
- CERTCertDBHandle * db;
- CERTCertificate * cert;
- char *subject;
- unsigned long serial;
- char stdinbuf[160];
+ CERTCertDBHandle *db;
+ CERTCertificate *cert;
+ char *subject;
+ unsigned long serial;
+ char stdinbuf[160];
/* Print warning about having the browser open */
PR_fprintf(PR_STDOUT /*always go to console*/,
- "\nWARNING: Performing this operation while the browser is running could cause"
- "\ncorruption of your security databases. If the browser is currently running,"
- "\nyou should exit the browser before continuing this operation. Enter "
- "\n\"y\" to continue, or anything else to abort: ");
+ "\nWARNING: Performing this operation while the browser is running could cause"
+ "\ncorruption of your security databases. If the browser is currently running,"
+ "\nyou should exit the browser before continuing this operation. Enter "
+ "\n\"y\" to continue, or anything else to abort: ");
pr_fgets(stdinbuf, 160, PR_STDIN);
PR_fprintf(PR_STDOUT, "\n");
if (tolower(stdinbuf[0]) != 'y') {
- PR_fprintf(errorFD, "Operation aborted at user's request.\n");
- errorCount++;
- return - 1;
+ PR_fprintf(errorFD, "Operation aborted at user's request.\n");
+ errorCount++;
+ return -1;
}
db = CERT_GetDefaultCertDB();
if (!db) {
- FatalError("Unable to open certificate database");
+ FatalError("Unable to open certificate database");
}
if (PK11_FindCertFromNickname(nickname, &pwdata)) {
- PR_fprintf(errorFD,
- "ERROR: Certificate with nickname \"%s\" already exists in database. You\n"
- "must choose a different nickname.\n", nickname);
- errorCount++;
- exit(ERRX);
+ PR_fprintf(errorFD,
+ "ERROR: Certificate with nickname \"%s\" already exists in database. You\n"
+ "must choose a different nickname.\n",
+ nickname);
+ errorCount++;
+ exit(ERRX);
}
LL_L2UI(serial, PR_Now());
subject = GetSubjectFromUser(serial);
if (!subject) {
- FatalError("Unable to get subject from user");
+ FatalError("Unable to get subject from user");
}
cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject,
- serial, keysize, token);
+ serial, keysize, token);
if (cert) {
- output_ca_cert(cert, db);
- CERT_DestroyCertificate(cert);
+ output_ca_cert(cert, db);
+ CERT_DestroyCertificate(cert);
}
PORT_Free(subject);
return 0;
}
-
#undef VERBOSE_PROMPTS
/*********************************************************************8
@@ -98,192 +97,191 @@ GenerateCert(char *nickname, int keysize, char *token)
* Construct the subject information line for a certificate by querying
* the user on stdin.
*/
-static char *
+static char *
GetSubjectFromUser(unsigned long serial)
{
- char buf[STDIN_BUF_SIZE];
- char common_name_buf[STDIN_BUF_SIZE];
- char *common_name, *state, *orgunit, *country, *org, *locality;
- char *email, *uid;
- char *subject;
- char *cp;
- int subjectlen = 0;
+ char buf[STDIN_BUF_SIZE];
+ char common_name_buf[STDIN_BUF_SIZE];
+ char *common_name, *state, *orgunit, *country, *org, *locality;
+ char *email, *uid;
+ char *subject;
+ char *cp;
+ int subjectlen = 0;
common_name = state = orgunit = country = org = locality = email =
uid = subject = NULL;
/* Get subject information */
PR_fprintf(PR_STDOUT,
- "\nEnter certificate information. All fields are optional. Acceptable\n"
- "characters are numbers, letters, spaces, and apostrophes.\n");
+ "\nEnter certificate information. All fields are optional. Acceptable\n"
+ "characters are numbers, letters, spaces, and apostrophes.\n");
#ifdef VERBOSE_PROMPTS
PR_fprintf(PR_STDOUT, "\nCOMMON NAME\n"
- "Enter the full name you want to give your certificate. (Example: Test-Only\n"
- "Object Signing Certificate)\n"
- "-->");
+ "Enter the full name you want to give your certificate. (Example: Test-Only\n"
+ "Object Signing Certificate)\n"
+ "-->");
#else
PR_fprintf(PR_STDOUT, "certificate common name: ");
#endif
if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
- return NULL;
+ return NULL;
}
cp = chop(buf);
if (*cp == '\0') {
- sprintf(common_name_buf, "%s (%lu)", DEFAULT_COMMON_NAME,
- serial);
- cp = common_name_buf;
+ sprintf(common_name_buf, "%s (%lu)", DEFAULT_COMMON_NAME,
+ serial);
+ cp = common_name_buf;
}
common_name = PORT_ZAlloc(strlen(cp) + 6);
if (!common_name) {
- out_of_memory();
+ out_of_memory();
}
sprintf(common_name, "CN=%s, ", cp);
subjectlen += strlen(common_name);
#ifdef VERBOSE_PROMPTS
PR_fprintf(PR_STDOUT, "\nORGANIZATION NAME\n"
- "Enter the name of your organization. For example, this could be the name\n"
- "of your company.\n"
- "-->");
+ "Enter the name of your organization. For example, this could be the name\n"
+ "of your company.\n"
+ "-->");
#else
PR_fprintf(PR_STDOUT, "organization: ");
#endif
if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
- return NULL;
+ return NULL;
}
cp = chop(buf);
if (*cp != '\0') {
- org = PORT_ZAlloc(strlen(cp) + 5);
- if (!org) {
- out_of_memory();
- }
- sprintf(org, "O=%s, ", cp);
- subjectlen += strlen(org);
+ org = PORT_ZAlloc(strlen(cp) + 5);
+ if (!org) {
+ out_of_memory();
+ }
+ sprintf(org, "O=%s, ", cp);
+ subjectlen += strlen(org);
}
#ifdef VERBOSE_PROMPTS
PR_fprintf(PR_STDOUT, "\nORGANIZATION UNIT\n"
- "Enter the name of your organization unit. For example, this could be the\n"
- "name of your department.\n"
- "-->");
+ "Enter the name of your organization unit. For example, this could be the\n"
+ "name of your department.\n"
+ "-->");
#else
PR_fprintf(PR_STDOUT, "organization unit: ");
#endif
if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
- return NULL;
+ return NULL;
}
cp = chop(buf);
if (*cp != '\0') {
- orgunit = PORT_ZAlloc(strlen(cp) + 6);
- if (!orgunit) {
- out_of_memory();
- }
- sprintf(orgunit, "OU=%s, ", cp);
- subjectlen += strlen(orgunit);
+ orgunit = PORT_ZAlloc(strlen(cp) + 6);
+ if (!orgunit) {
+ out_of_memory();
+ }
+ sprintf(orgunit, "OU=%s, ", cp);
+ subjectlen += strlen(orgunit);
}
#ifdef VERBOSE_PROMPTS
PR_fprintf(PR_STDOUT, "\nSTATE\n"
- "Enter the name of your state or province.\n"
- "-->");
+ "Enter the name of your state or province.\n"
+ "-->");
#else
PR_fprintf(PR_STDOUT, "state or province: ");
#endif
if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
- return NULL;
+ return NULL;
}
cp = chop(buf);
if (*cp != '\0') {
- state = PORT_ZAlloc(strlen(cp) + 6);
- if (!state) {
- out_of_memory();
- }
- sprintf(state, "ST=%s, ", cp);
- subjectlen += strlen(state);
+ state = PORT_ZAlloc(strlen(cp) + 6);
+ if (!state) {
+ out_of_memory();
+ }
+ sprintf(state, "ST=%s, ", cp);
+ subjectlen += strlen(state);
}
#ifdef VERBOSE_PROMPTS
PR_fprintf(PR_STDOUT, "\nCOUNTRY\n"
- "Enter the 2-character abbreviation for the name of your country.\n"
- "-->");
+ "Enter the 2-character abbreviation for the name of your country.\n"
+ "-->");
#else
PR_fprintf(PR_STDOUT, "country (must be exactly 2 characters): ");
#endif
if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
- return NULL;
+ return NULL;
}
cp = chop(cp);
if (strlen(cp) != 2) {
- *cp = '\0'; /* country code must be 2 chars */
+ *cp = '\0'; /* country code must be 2 chars */
}
if (*cp != '\0') {
- country = PORT_ZAlloc(strlen(cp) + 5);
- if (!country) {
- out_of_memory();
- }
- sprintf(country, "C=%s, ", cp);
- subjectlen += strlen(country);
+ country = PORT_ZAlloc(strlen(cp) + 5);
+ if (!country) {
+ out_of_memory();
+ }
+ sprintf(country, "C=%s, ", cp);
+ subjectlen += strlen(country);
}
#ifdef VERBOSE_PROMPTS
PR_fprintf(PR_STDOUT, "\nUSERNAME\n"
- "Enter your system username or UID\n"
- "-->");
+ "Enter your system username or UID\n"
+ "-->");
#else
PR_fprintf(PR_STDOUT, "username: ");
#endif
if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
- return NULL;
+ return NULL;
}
cp = chop(buf);
if (*cp != '\0') {
- uid = PORT_ZAlloc(strlen(cp) + 7);
- if (!uid) {
- out_of_memory();
- }
- sprintf(uid, "UID=%s, ", cp);
- subjectlen += strlen(uid);
+ uid = PORT_ZAlloc(strlen(cp) + 7);
+ if (!uid) {
+ out_of_memory();
+ }
+ sprintf(uid, "UID=%s, ", cp);
+ subjectlen += strlen(uid);
}
#ifdef VERBOSE_PROMPTS
PR_fprintf(PR_STDOUT, "\nEMAIL ADDRESS\n"
- "Enter your email address.\n"
- "-->");
+ "Enter your email address.\n"
+ "-->");
#else
PR_fprintf(PR_STDOUT, "email address: ");
#endif
if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
- return NULL;
+ return NULL;
}
cp = chop(buf);
if (*cp != '\0') {
- email = PORT_ZAlloc(strlen(cp) + 5);
- if (!email) {
- out_of_memory();
- }
- sprintf(email, "E=%s,", cp);
- subjectlen += strlen(email);
+ email = PORT_ZAlloc(strlen(cp) + 5);
+ if (!email) {
+ out_of_memory();
+ }
+ sprintf(email, "E=%s,", cp);
+ subjectlen += strlen(email);
}
subjectlen++;
subject = PORT_ZAlloc(subjectlen);
if (!subject) {
- out_of_memory();
+ out_of_memory();
}
sprintf(subject, "%s%s%s%s%s%s%s",
- common_name ? common_name : "",
- org ? org : "",
- orgunit ? orgunit : "",
- state ? state : "",
- country ? country : "",
- uid ? uid : "",
- email ? email : ""
- );
- if ( (strlen(subject) > 1) && (subject[strlen(subject)-1] == ' ') ) {
- subject[strlen(subject)-2] = '\0';
+ common_name ? common_name : "",
+ org ? org : "",
+ orgunit ? orgunit : "",
+ state ? state : "",
+ country ? country : "",
+ uid ? uid : "",
+ email ? email : "");
+ if ((strlen(subject) > 1) && (subject[strlen(subject) - 1] == ' ')) {
+ subject[strlen(subject) - 2] = '\0';
}
PORT_Free(common_name);
@@ -297,53 +295,53 @@ GetSubjectFromUser(unsigned long serial)
return subject;
}
-
/**************************************************************************
*
* G e n e r a t e S e l f S i g n e d O b j e c t S i g n i n g C e r t
* *phew*^
*
*/
-static CERTCertificate*
+static CERTCertificate *
GenerateSelfSignedObjectSigningCert(char *nickname, CERTCertDBHandle *db,
- char *subject, unsigned long serial, int keysize, char *token)
+ char *subject, unsigned long serial, int keysize, char *token)
{
- CERTCertificate * cert, *temp_cert;
- SECItem * derCert;
- CERTCertificateRequest * req;
+ CERTCertificate *cert, *temp_cert;
+ SECItem *derCert;
+ CERTCertificateRequest *req;
- PK11SlotInfo * slot = NULL;
- SECKEYPrivateKey * privk = NULL;
- SECKEYPublicKey * pubk = NULL;
+ PK11SlotInfo *slot = NULL;
+ SECKEYPrivateKey *privk = NULL;
+ SECKEYPublicKey *pubk = NULL;
- if ( token ) {
- slot = PK11_FindSlotByName(token);
+ if (token) {
+ slot = PK11_FindSlotByName(token);
} else {
- slot = PK11_GetInternalKeySlot();
+ slot = PK11_GetInternalKeySlot();
}
if (slot == NULL) {
- PR_fprintf(errorFD, "Can't find PKCS11 slot %s\n",
- token ? token : "");
- errorCount++;
- exit (ERRX);
+ PR_fprintf(errorFD, "Can't find PKCS11 slot %s\n",
+ token ? token : "");
+ errorCount++;
+ exit(ERRX);
}
- if ( GenerateKeyPair(slot, &pubk, &privk, keysize) != SECSuccess) {
- FatalError("Error generating keypair.");
+ if (GenerateKeyPair(slot, &pubk, &privk, keysize) != SECSuccess) {
+ FatalError("Error generating keypair.");
}
- req = make_cert_request (subject, pubk);
- temp_cert = make_cert (req, serial, &req->subject);
+ req = make_cert_request(subject, pubk);
+ temp_cert = make_cert(req, serial, &req->subject);
if (set_cert_type(temp_cert,
- NS_CERT_TYPE_OBJECT_SIGNING | NS_CERT_TYPE_OBJECT_SIGNING_CA)
- != SECSuccess) {
- FatalError("Unable to set cert type");
+ NS_CERT_TYPE_OBJECT_SIGNING |
+ NS_CERT_TYPE_OBJECT_SIGNING_CA) !=
+ SECSuccess) {
+ FatalError("Unable to set cert type");
}
- derCert = sign_cert (temp_cert, privk);
+ derCert = sign_cert(temp_cert, privk);
cert = install_cert(db, derCert, nickname);
if (ChangeTrustAttributes(db, cert, ",,uC") != SECSuccess) {
- FatalError("Unable to change trust on generated certificate");
+ FatalError("Unable to change trust on generated certificate");
}
/* !!! Free memory ? !!! */
@@ -354,7 +352,6 @@ GenerateSelfSignedObjectSigningCert(char *nickname, CERTCertDBHandle *db,
return cert;
}
-
/**************************************************************************
*
* C h a n g e T r u s t A t t r i b u t e s
@@ -363,37 +360,36 @@ static SECStatus
ChangeTrustAttributes(CERTCertDBHandle *db, CERTCertificate *cert, char *trusts)
{
- CERTCertTrust * trust;
+ CERTCertTrust *trust;
if (!db || !cert || !trusts) {
- PR_fprintf(errorFD, "ChangeTrustAttributes got incomplete arguments.\n");
- errorCount++;
- return SECFailure;
+ PR_fprintf(errorFD, "ChangeTrustAttributes got incomplete arguments.\n");
+ errorCount++;
+ return SECFailure;
}
- trust = (CERTCertTrust * ) PORT_ZAlloc(sizeof(CERTCertTrust));
+ trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
if (!trust) {
- PR_fprintf(errorFD, "ChangeTrustAttributes unable to allocate "
- "CERTCertTrust\n");
- errorCount++;
- return SECFailure;
+ PR_fprintf(errorFD, "ChangeTrustAttributes unable to allocate "
+ "CERTCertTrust\n");
+ errorCount++;
+ return SECFailure;
}
- if ( CERT_DecodeTrustString(trust, trusts) ) {
- return SECFailure;
+ if (CERT_DecodeTrustString(trust, trusts)) {
+ return SECFailure;
}
- if ( CERT_ChangeCertTrust(db, cert, trust) ) {
- PR_fprintf(errorFD, "unable to modify trust attributes for cert %s\n",
- cert->nickname ? cert->nickname : "");
- errorCount++;
- return SECFailure;
+ if (CERT_ChangeCertTrust(db, cert, trust)) {
+ PR_fprintf(errorFD, "unable to modify trust attributes for cert %s\n",
+ cert->nickname ? cert->nickname : "");
+ errorCount++;
+ return SECFailure;
}
return SECSuccess;
}
-
/*************************************************************************
*
* s e t _ c e r t _ t y p e
@@ -401,30 +397,30 @@ ChangeTrustAttributes(CERTCertDBHandle *db, CERTCertificate *cert, char *trusts)
static SECStatus
set_cert_type(CERTCertificate *cert, unsigned int type)
{
- void *context;
+ void *context;
SECStatus status = SECSuccess;
SECItem certType;
- char ctype;
+ char ctype;
context = CERT_StartCertExtensions(cert);
certType.type = siBuffer;
- certType.data = (unsigned char * ) &ctype;
+ certType.data = (unsigned char *)&ctype;
certType.len = 1;
ctype = (unsigned char)type;
if (CERT_EncodeAndAddBitStrExtension(context, SEC_OID_NS_CERT_EXT_CERT_TYPE,
- &certType, PR_TRUE /*critical*/) != SECSuccess) {
- status = SECFailure;
+ &certType, PR_TRUE /*critical*/) !=
+ SECSuccess) {
+ status = SECFailure;
}
if (CERT_FinishExtensions(context) != SECSuccess) {
- status = SECFailure;
+ status = SECFailure;
}
return status;
}
-
/********************************************************************
*
* s i g n _ c e r t
@@ -435,49 +431,47 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk)
SECStatus rv;
SECItem der2;
- SECItem * result2;
+ SECItem *result2;
SECOidTag alg = SEC_OID_UNKNOWN;
alg = SEC_GetSignatureAlgorithmOidTag(privk->keyType, SEC_OID_UNKNOWN);
if (alg == SEC_OID_UNKNOWN) {
- FatalError("Unknown key type");
+ FatalError("Unknown key type");
}
- rv = SECOID_SetAlgorithmID (cert->arena, &cert->signature, alg, 0);
+ rv = SECOID_SetAlgorithmID(cert->arena, &cert->signature, alg, 0);
if (rv != SECSuccess) {
- PR_fprintf(errorFD, "%s: unable to set signature alg id\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ PR_fprintf(errorFD, "%s: unable to set signature alg id\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
der2.len = 0;
der2.data = NULL;
- (void)SEC_ASN1EncodeItem
- (cert->arena, &der2, cert, SEC_ASN1_GET(CERT_CertificateTemplate));
+ (void)SEC_ASN1EncodeItem(cert->arena, &der2, cert, SEC_ASN1_GET(CERT_CertificateTemplate));
if (rv != SECSuccess) {
- PR_fprintf(errorFD, "%s: error encoding cert\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ PR_fprintf(errorFD, "%s: error encoding cert\n", PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
- result2 = (SECItem * ) PORT_ArenaZAlloc (cert->arena, sizeof (SECItem));
+ result2 = (SECItem *)PORT_ArenaZAlloc(cert->arena, sizeof(SECItem));
if (result2 == NULL)
- out_of_memory();
+ out_of_memory();
- rv = SEC_DerSignData
- (cert->arena, result2, der2.data, der2.len, privk, alg);
+ rv = SEC_DerSignData(cert->arena, result2, der2.data, der2.len, privk, alg);
if (rv != SECSuccess) {
- PR_fprintf(errorFD, "can't sign encoded certificate data\n");
- errorCount++;
- exit (ERRX);
+ PR_fprintf(errorFD, "can't sign encoded certificate data\n");
+ errorCount++;
+ exit(ERRX);
} else if (verbosity >= 0) {
- PR_fprintf(outputFD, "certificate has been signed\n");
+ PR_fprintf(outputFD, "certificate has been signed\n");
}
cert->derCert = *result2;
@@ -485,241 +479,231 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk)
return result2;
}
-
/*********************************************************************
*
* i n s t a l l _ c e r t
*
* Installs the cert in the permanent database.
*/
-static CERTCertificate*
+static CERTCertificate *
install_cert(CERTCertDBHandle *db, SECItem *derCert, char *nickname)
{
- CERTCertificate * newcert;
- PK11SlotInfo * newSlot;
-
+ CERTCertificate *newcert;
+ PK11SlotInfo *newSlot;
newSlot = PK11_ImportDERCertForKey(derCert, nickname, &pwdata);
- if ( newSlot == NULL ) {
- PR_fprintf(errorFD, "Unable to install certificate\n");
- errorCount++;
- exit(ERRX);
+ if (newSlot == NULL) {
+ PR_fprintf(errorFD, "Unable to install certificate\n");
+ errorCount++;
+ exit(ERRX);
}
newcert = PK11_FindCertFromDERCertItem(newSlot, derCert, &pwdata);
PK11_FreeSlot(newSlot);
if (newcert == NULL) {
- PR_fprintf(errorFD, "%s: can't find new certificate\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ PR_fprintf(errorFD, "%s: can't find new certificate\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
if (verbosity >= 0) {
- PR_fprintf(outputFD, "certificate \"%s\" added to database\n",
- nickname);
+ PR_fprintf(outputFD, "certificate \"%s\" added to database\n",
+ nickname);
}
return newcert;
}
-
/******************************************************************
*
* G e n e r a t e K e y P a i r
*/
static SECStatus
GenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk,
-SECKEYPrivateKey **privk, int keysize)
+ SECKEYPrivateKey **privk, int keysize)
{
PK11RSAGenParams rsaParams;
- if ( keysize == -1 ) {
- rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
+ if (keysize == -1) {
+ rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
} else {
- rsaParams.keySizeInBits = keysize;
+ rsaParams.keySizeInBits = keysize;
}
rsaParams.pe = 0x10001;
- if (PK11_Authenticate( slot, PR_FALSE /*loadCerts*/, &pwdata)
- != SECSuccess) {
- SECU_PrintError(progName, "failure authenticating to key database.\n");
- exit(ERRX);
+ if (PK11_Authenticate(slot, PR_FALSE /*loadCerts*/, &pwdata) !=
+ SECSuccess) {
+ SECU_PrintError(progName, "failure authenticating to key database.\n");
+ exit(ERRX);
}
- *privk = PK11_GenerateKeyPair (slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
-
- pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, &pwdata);
+ *privk = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
+
+ pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, &pwdata);
if (*privk != NULL && *pubk != NULL) {
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "generated public/private key pair\n");
- }
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "generated public/private key pair\n");
+ }
} else {
- SECU_PrintError(progName, "failure generating key pair\n");
- exit (ERRX);
+ SECU_PrintError(progName, "failure generating key pair\n");
+ exit(ERRX);
}
return SECSuccess;
}
-
-
/******************************************************************
*
* m a k e _ c e r t _ r e q u e s t
*/
-static CERTCertificateRequest*
+static CERTCertificateRequest *
make_cert_request(char *subject, SECKEYPublicKey *pubk)
{
- CERTName * subj;
- CERTSubjectPublicKeyInfo * spki;
+ CERTName *subj;
+ CERTSubjectPublicKeyInfo *spki;
- CERTCertificateRequest * req;
+ CERTCertificateRequest *req;
/* Create info about public key */
spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
if (!spki) {
- SECU_PrintError(progName, "unable to create subject public key");
- exit (ERRX);
+ SECU_PrintError(progName, "unable to create subject public key");
+ exit(ERRX);
}
- subj = CERT_AsciiToName (subject);
+ subj = CERT_AsciiToName(subject);
if (subj == NULL) {
- FatalError("Invalid data in certificate description");
+ FatalError("Invalid data in certificate description");
}
/* Generate certificate request */
req = CERT_CreateCertificateRequest(subj, spki, 0);
if (!req) {
- SECU_PrintError(progName, "unable to make certificate request");
- exit (ERRX);
+ SECU_PrintError(progName, "unable to make certificate request");
+ exit(ERRX);
}
SECKEY_DestroySubjectPublicKeyInfo(spki);
CERT_DestroyName(subj);
if (verbosity >= 0) {
- PR_fprintf(outputFD, "certificate request generated\n");
+ PR_fprintf(outputFD, "certificate request generated\n");
}
return req;
}
-
/******************************************************************
*
* m a k e _ c e r t
*/
static CERTCertificate *
make_cert(CERTCertificateRequest *req, unsigned long serial,
-CERTName *ca_subject)
+ CERTName *ca_subject)
{
- CERTCertificate * cert;
+ CERTCertificate *cert;
- CERTValidity * validity = NULL;
+ CERTValidity *validity = NULL;
PRTime now, after;
PRExplodedTime printableTime;
now = PR_Now();
- PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
+ PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
printableTime.tm_month += 3;
- after = PR_ImplodeTime (&printableTime);
+ after = PR_ImplodeTime(&printableTime);
- validity = CERT_CreateValidity (now, after);
+ validity = CERT_CreateValidity(now, after);
if (validity == NULL) {
- PR_fprintf(errorFD, "%s: error creating certificate validity\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ PR_fprintf(errorFD, "%s: error creating certificate validity\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
- cert = CERT_CreateCertificate
- (serial, ca_subject, validity, req);
+ cert = CERT_CreateCertificate(serial, ca_subject, validity, req);
if (cert == NULL) {
- /* should probably be more precise here */
- PR_fprintf(errorFD, "%s: error while generating certificate\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ /* should probably be more precise here */
+ PR_fprintf(errorFD, "%s: error while generating certificate\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
return cert;
}
-
/*************************************************************************
*
* o u t p u t _ c a _ c e r t
*/
-static void
-output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db)
+static void
+output_ca_cert(CERTCertificate *cert, CERTCertDBHandle *db)
{
- FILE * out;
+ FILE *out;
- SECItem * encodedCertChain;
- SEC_PKCS7ContentInfo * certChain;
- char *filename;
+ SECItem *encodedCertChain;
+ SEC_PKCS7ContentInfo *certChain;
+ char *filename;
/* the raw */
filename = PORT_ZAlloc(strlen(DEFAULT_X509_BASENAME) + 8);
- if (!filename)
- out_of_memory();
+ if (!filename)
+ out_of_memory();
sprintf(filename, "%s.raw", DEFAULT_X509_BASENAME);
- if ((out = fopen (filename, "wb")) == NULL) {
- PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME,
- filename);
- errorCount++;
- exit(ERRX);
+ if ((out = fopen(filename, "wb")) == NULL) {
+ PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME,
+ filename);
+ errorCount++;
+ exit(ERRX);
}
- certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, db);
- encodedCertChain
- = SEC_PKCS7EncodeItem (NULL, NULL, certChain, NULL, NULL, NULL);
- SEC_PKCS7DestroyContentInfo (certChain);
+ certChain = SEC_PKCS7CreateCertsOnly(cert, PR_TRUE, db);
+ encodedCertChain =
+ SEC_PKCS7EncodeItem(NULL, NULL, certChain, NULL, NULL, NULL);
+ SEC_PKCS7DestroyContentInfo(certChain);
if (encodedCertChain) {
- fprintf(out, "Content-type: application/x-x509-ca-cert\n\n");
- fwrite (encodedCertChain->data, 1, encodedCertChain->len,
- out);
- SECITEM_FreeItem(encodedCertChain, PR_TRUE);
+ fprintf(out, "Content-type: application/x-x509-ca-cert\n\n");
+ fwrite(encodedCertChain->data, 1, encodedCertChain->len,
+ out);
+ SECITEM_FreeItem(encodedCertChain, PR_TRUE);
} else {
- PR_fprintf(errorFD, "%s: Can't DER encode this certificate\n",
- PROGRAM_NAME);
- errorCount++;
- exit(ERRX);
+ PR_fprintf(errorFD, "%s: Can't DER encode this certificate\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
- fclose (out);
+ fclose(out);
/* and the cooked */
sprintf(filename, "%s.cacert", DEFAULT_X509_BASENAME);
- if ((out = fopen (filename, "wb")) == NULL) {
- PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME,
- filename);
- errorCount++;
- return;
+ if ((out = fopen(filename, "wb")) == NULL) {
+ PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME,
+ filename);
+ errorCount++;
+ return;
}
- fprintf (out, "%s\n%s\n%s\n",
- NS_CERT_HEADER,
- BTOA_DataToAscii (cert->derCert.data, cert->derCert.len),
- NS_CERT_TRAILER);
+ fprintf(out, "%s\n%s\n%s\n",
+ NS_CERT_HEADER,
+ BTOA_DataToAscii(cert->derCert.data, cert->derCert.len),
+ NS_CERT_TRAILER);
- fclose (out);
+ fclose(out);
if (verbosity >= 0) {
- PR_fprintf(outputFD, "Exported certificate to %s.raw and %s.cacert.\n",
- DEFAULT_X509_BASENAME, DEFAULT_X509_BASENAME);
+ PR_fprintf(outputFD, "Exported certificate to %s.raw and %s.cacert.\n",
+ DEFAULT_X509_BASENAME, DEFAULT_X509_BASENAME);
}
}
-
-
diff --git a/cmd/signtool/javascript.c b/cmd/signtool/javascript.c
index bbaa93999..f0d539628 100644
--- a/cmd/signtool/javascript.c
+++ b/cmd/signtool/javascript.c
@@ -7,18 +7,18 @@
#include <prio.h>
#include <prenv.h>
-static int javascript_fn(char *relpath, char *basedir, char *reldir,
-char *filename, void *arg);
-static int extract_js (char *filename);
-static int copyinto (char *from, char *to);
-static PRStatus ensureExists (char *base, char *path);
-static int make_dirs(char *path, PRInt32 file_perms);
-
-static char *jartree = NULL;
-static int idOrdinal;
+static int javascript_fn(char *relpath, char *basedir, char *reldir,
+ char *filename, void *arg);
+static int extract_js(char *filename);
+static int copyinto(char *from, char *to);
+static PRStatus ensureExists(char *base, char *path);
+static int make_dirs(char *path, PRInt32 file_perms);
+
+static char *jartree = NULL;
+static int idOrdinal;
static PRBool dumpParse = PR_FALSE;
-static char *event_handlers[] = {
+static char *event_handlers[] = {
"onAbort",
"onBlur",
"onChange",
@@ -44,8 +44,7 @@ static char *event_handlers[] = {
"onUnload"
};
-
-static int num_handlers = 23;
+static int num_handlers = 23;
/*
* I n l i n e J a v a S c r i p t
@@ -61,47 +60,45 @@ InlineJavaScript(char *dir, PRBool recurse)
{
jartree = dir;
if (verbosity >= 0) {
- PR_fprintf(outputFD, "\nGenerating inline signatures from HTML files in: %s\n",
- dir);
+ PR_fprintf(outputFD, "\nGenerating inline signatures from HTML files in: %s\n",
+ dir);
}
if (PR_GetEnvSecure("SIGNTOOL_DUMP_PARSE")) {
- dumpParse = PR_TRUE;
+ dumpParse = PR_TRUE;
}
- return foreach(dir, "", javascript_fn, recurse, PR_FALSE /*include dirs*/,
- (void * )NULL);
-
+ return foreach (dir, "", javascript_fn, recurse, PR_FALSE /*include dirs*/,
+ (void *)NULL);
}
-
/************************************************************************
*
* j a v a s c r i p t _ f n
*/
-static int javascript_fn
-(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
+static int
+javascript_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
{
- char fullname [FNSIZE];
+ char fullname[FNSIZE];
/* only process inline scripts from .htm, .html, and .shtml*/
if (!(PL_strcaserstr(filename, ".htm") == filename + strlen(filename) -
- 4) &&
+ 4) &&
!(PL_strcaserstr(filename, ".html") == filename + strlen(filename) -
- 5) &&
- !(PL_strcaserstr(filename, ".shtml") == filename + strlen(filename)
- -6)) {
- return 0;
+ 5) &&
+ !(PL_strcaserstr(filename, ".shtml") == filename + strlen(filename) -
+ 6)) {
+ return 0;
}
/* don't process scripts that signtool has already
extracted (those that are inside .arc directories) */
if (PL_strcaserstr(filename, ".arc") == filename + strlen(filename) - 4)
- return 0;
+ return 0;
if (verbosity >= 0) {
- PR_fprintf(outputFD, "Processing HTML file: %s\n", relpath);
+ PR_fprintf(outputFD, "Processing HTML file: %s\n", relpath);
}
/* reset firstArchive at top of each HTML file */
@@ -109,13 +106,12 @@ static int javascript_fn
/* skip directories that contain extracted scripts */
if (PL_strcaserstr(reldir, ".arc") == reldir + strlen(reldir) - 4)
- return 0;
+ return 0;
- sprintf (fullname, "%s/%s", basedir, relpath);
- return extract_js (fullname);
+ sprintf(fullname, "%s/%s", basedir, relpath);
+ return extract_js(fullname);
}
-
/*===========================================================================
=
= D A T A S T R U C T U R E S
@@ -124,10 +120,9 @@ static int javascript_fn
typedef enum {
TEXT_HTML_STATE = 0,
SCRIPT_HTML_STATE
-}
-
+}
-HTML_STATE ;
+HTML_STATE;
typedef enum {
/* we start in the start state */
@@ -156,15 +151,14 @@ typedef enum {
/* Error state */
ERR_STATE
-}
-
+}
-TAG_STATE ;
+TAG_STATE;
typedef struct AVPair_Str {
- char *attribute;
- char *value;
- unsigned int valueLine; /* the line that the value ends on */
+ char *attribute;
+ char *value;
+ unsigned int valueLine; /* the line that the value ends on */
struct AVPair_Str *next;
} AVPair;
@@ -175,33 +169,31 @@ typedef enum {
STYLE_TAG,
COMMENT_TAG,
OTHER_TAG
-}
-
+}
-TAG_TYPE ;
+TAG_TYPE;
typedef struct {
TAG_TYPE type;
- AVPair * attList;
- AVPair * attListTail;
- char *text;
+ AVPair *attList;
+ AVPair *attListTail;
+ char *text;
} TagItem;
typedef enum {
TAG_ITEM,
TEXT_ITEM
-}
-
+}
-ITEM_TYPE ;
+ITEM_TYPE;
typedef struct HTMLItem_Str {
- unsigned int startLine;
- unsigned int endLine;
+ unsigned int startLine;
+ unsigned int endLine;
ITEM_TYPE type;
union {
- TagItem *tag;
- char *text;
+ TagItem *tag;
+ char *text;
} item;
struct HTMLItem_Str *next;
} HTMLItem;
@@ -211,10 +203,10 @@ typedef struct {
PRInt32 curIndex;
PRBool IsEOF;
#define FILE_BUFFER_BUFSIZE 512
- char buf[FILE_BUFFER_BUFSIZE];
+ char buf[FILE_BUFFER_BUFSIZE];
PRInt32 startOffset;
PRInt32 maxIndex;
- unsigned int lineNum;
+ unsigned int lineNum;
} FileBuffer;
/*===========================================================================
@@ -222,36 +214,36 @@ typedef struct {
= F U N C T I O N S
=
*/
-static HTMLItem*CreateTextItem(char *text, unsigned int startline,
-unsigned int endline);
-static HTMLItem*CreateTagItem(TagItem*ti, unsigned int startline,
-unsigned int endline);
-static TagItem*ProcessTag(FileBuffer*fb, char **errStr);
-static void DestroyHTMLItem(HTMLItem *item);
-static void DestroyTagItem(TagItem*ti);
+static HTMLItem *CreateTextItem(char *text, unsigned int startline,
+ unsigned int endline);
+static HTMLItem *CreateTagItem(TagItem *ti, unsigned int startline,
+ unsigned int endline);
+static TagItem *ProcessTag(FileBuffer *fb, char **errStr);
+static void DestroyHTMLItem(HTMLItem *item);
+static void DestroyTagItem(TagItem *ti);
static TAG_TYPE GetTagType(char *att);
-static FileBuffer*FB_Create(PRFileDesc*fd);
-static int FB_GetChar(FileBuffer *fb);
+static FileBuffer *FB_Create(PRFileDesc *fd);
+static int FB_GetChar(FileBuffer *fb);
static PRInt32 FB_GetPointer(FileBuffer *fb);
static PRInt32 FB_GetRange(FileBuffer *fb, PRInt32 start, PRInt32 end,
-char **buf);
-static unsigned int FB_GetLineNum(FileBuffer *fb);
-static void FB_Destroy(FileBuffer *fb);
-static void PrintTagItem(PRFileDesc *fd, TagItem *ti);
-static void PrintHTMLStream(PRFileDesc *fd, HTMLItem *head);
+ char **buf);
+static unsigned int FB_GetLineNum(FileBuffer *fb);
+static void FB_Destroy(FileBuffer *fb);
+static void PrintTagItem(PRFileDesc *fd, TagItem *ti);
+static void PrintHTMLStream(PRFileDesc *fd, HTMLItem *head);
/************************************************************************
*
* C r e a t e T e x t I t e m
*/
-static HTMLItem*
+static HTMLItem *
CreateTextItem(char *text, unsigned int startline, unsigned int endline)
{
- HTMLItem * item;
+ HTMLItem *item;
item = PR_Malloc(sizeof(HTMLItem));
if (!item) {
- return NULL;
+ return NULL;
}
item->type = TEXT_ITEM;
@@ -263,19 +255,18 @@ CreateTextItem(char *text, unsigned int startline, unsigned int endline)
return item;
}
-
/************************************************************************
*
* C r e a t e T a g I t e m
*/
-static HTMLItem*
-CreateTagItem(TagItem*ti, unsigned int startline, unsigned int endline)
+static HTMLItem *
+CreateTagItem(TagItem *ti, unsigned int startline, unsigned int endline)
{
- HTMLItem * item;
+ HTMLItem *item;
item = PR_Malloc(sizeof(HTMLItem));
if (!item) {
- return NULL;
+ return NULL;
}
item->type = TAG_ITEM;
@@ -287,30 +278,28 @@ CreateTagItem(TagItem*ti, unsigned int startline, unsigned int endline)
return item;
}
-
static PRBool
isAttChar(int c)
{
return (isalnum(c) || c == '/' || c == '-');
}
-
/************************************************************************
*
* P r o c e s s T a g
*/
-static TagItem*
-ProcessTag(FileBuffer*fb, char **errStr)
+static TagItem *
+ProcessTag(FileBuffer *fb, char **errStr)
{
TAG_STATE state;
PRInt32 startText, startID, curPos;
PRBool firstAtt;
- int curchar;
- TagItem * ti = NULL;
- AVPair * curPair = NULL;
- char quotechar = '\0';
- unsigned int linenum;
- unsigned int startline;
+ int curchar;
+ TagItem *ti = NULL;
+ AVPair *curPair = NULL;
+ char quotechar = '\0';
+ unsigned int linenum;
+ unsigned int startline;
state = START_STATE;
@@ -318,9 +307,9 @@ ProcessTag(FileBuffer*fb, char **errStr)
startText = startID;
firstAtt = PR_TRUE;
- ti = (TagItem * ) PR_Malloc(sizeof(TagItem));
- if (!ti)
- out_of_memory();
+ ti = (TagItem *)PR_Malloc(sizeof(TagItem));
+ if (!ti)
+ out_of_memory();
ti->type = OTHER_TAG;
ti->attList = NULL;
ti->attListTail = NULL;
@@ -329,251 +318,250 @@ ProcessTag(FileBuffer*fb, char **errStr)
startline = FB_GetLineNum(fb);
while (state != DONE_STATE && state != ERR_STATE) {
- linenum = FB_GetLineNum(fb);
- curchar = FB_GetChar(fb);
- if (curchar == EOF) {
- *errStr = PR_smprintf(
- "line %d: Unexpected end-of-file while parsing tag starting at line %d.\n",
- linenum, startline);
- state = ERR_STATE;
- continue;
- }
-
- switch (state) {
- case START_STATE:
- if (curchar == '!') {
- /*
- * SGML tag or comment
- * Here's the general rule for SGML tags. Everything from
- * <! to > is the tag. Inside the tag, comments are
- * delimited with --. So we are looking for the first '>'
- * that is not commented out, that is, not inside a pair
- * of --: <!DOCTYPE --this is a comment >(psyche!) -->
- */
-
- PRBool inComment = PR_FALSE;
- short hyphenCount = 0; /* number of consecutive hyphens */
-
- while (1) {
- linenum = FB_GetLineNum(fb);
- curchar = FB_GetChar(fb);
- if (curchar == EOF) {
- /* Uh oh, EOF inside comment */
- *errStr = PR_smprintf(
- "line %d: Unexpected end-of-file inside comment starting at line %d.\n",
- linenum, startline);
- state = ERR_STATE;
- break;
- }
- if (curchar == '-') {
- if (hyphenCount == 1) {
- /* This is a comment delimiter */
- inComment = !inComment;
- hyphenCount = 0;
- } else {
- /* beginning of a comment delimiter? */
- hyphenCount = 1;
- }
- } else if (curchar == '>') {
- if (!inComment) {
- /* This is the end of the tag */
- state = DONE_STATE;
- break;
- } else {
- /* The > is inside a comment, so it's not
- * really the end of the tag */
- hyphenCount = 0;
- }
- } else {
- hyphenCount = 0;
- }
- }
- ti->type = COMMENT_TAG;
- break;
- }
- /* fall through */
- case GET_ATT_STATE:
- if (isspace(curchar) || curchar == '=' || curchar
- == '>') {
- /* end of the current attribute */
- curPos = FB_GetPointer(fb) - 2;
- if (curPos >= startID) {
- /* We have an attribute */
- curPair = (AVPair * )PR_Malloc(sizeof(AVPair));
- if (!curPair)
- out_of_memory();
- curPair->value = NULL;
- curPair->next = NULL;
- FB_GetRange(fb, startID, curPos,
- &curPair->attribute);
-
- /* Stick this attribute on the list */
- if (ti->attListTail) {
- ti->attListTail->next = curPair;
- ti->attListTail = curPair;
- } else {
- ti->attList = ti->attListTail =
- curPair;
- }
-
- /* If this is the first attribute, find the type of tag
- * based on it. Also, start saving the text of the tag. */
- if (firstAtt) {
- ti->type = GetTagType(curPair->attribute);
- startText = FB_GetPointer(fb)
- -1;
- firstAtt = PR_FALSE;
- }
- } else {
- if (curchar == '=') {
- /* If we don't have any attribute but we do have an
- * equal sign, that's an error */
- *errStr = PR_smprintf("line %d: Malformed tag starting at line %d.\n",
- linenum, startline);
- state = ERR_STATE;
- break;
- }
- }
-
- /* Compute next state */
- if (curchar == '=') {
- startID = FB_GetPointer(fb);
- state = PRE_VAL_WS_STATE;
- } else if (curchar == '>') {
- state = DONE_STATE;
- } else if (curPair) {
- state = POST_ATT_WS_STATE;
- } else {
- state = PRE_ATT_WS_STATE;
- }
- } else if (isAttChar(curchar)) {
- /* Just another char in the attribute. Do nothing */
- state = GET_ATT_STATE;
- } else {
- /* bogus char */
- *errStr = PR_smprintf("line %d: Bogus chararacter '%c' in tag.\n",
- linenum, curchar);
- state = ERR_STATE;
- break;
- }
- break;
- case PRE_ATT_WS_STATE:
- if (curchar == '>') {
- state = DONE_STATE;
- } else if (isspace(curchar)) {
- /* more whitespace, do nothing */
- } else if (isAttChar(curchar)) {
- /* starting another attribute */
- startID = FB_GetPointer(fb) - 1;
- state = GET_ATT_STATE;
- } else {
- /* bogus char */
- *errStr = PR_smprintf("line %d: Bogus character '%c' in tag.\n",
- linenum, curchar);
- state = ERR_STATE;
- break;
- }
- break;
- case POST_ATT_WS_STATE:
- if (curchar == '>') {
- state = DONE_STATE;
- } else if (isspace(curchar)) {
- /* more whitespace, do nothing */
- } else if (isAttChar(curchar)) {
- /* starting another attribute */
- startID = FB_GetPointer(fb) - 1;
- state = GET_ATT_STATE;
- } else if (curchar == '=') {
- /* there was whitespace between the attribute and its equal
- * sign, which means there's a value coming up */
- state = PRE_VAL_WS_STATE;
- } else {
- /* bogus char */
- *errStr = PR_smprintf("line %d: Bogus character '%c' in tag.\n",
- linenum, curchar);
- state = ERR_STATE;
- break;
- }
- break;
- case PRE_VAL_WS_STATE:
- if (curchar == '>') {
- /* premature end-of-tag (sounds like a personal problem). */
- *errStr = PR_smprintf(
- "line %d: End of tag while waiting for value.\n",
- linenum);
- state = ERR_STATE;
- break;
- } else if (isspace(curchar)) {
- /* more whitespace, do nothing */
- break;
- } else {
- /* this must be some sort of value. Fall through
- * to GET_VALUE_STATE */
- startID = FB_GetPointer(fb) - 1;
- state = GET_VALUE_STATE;
- }
- /* Fall through if we didn't break on '>' or whitespace */
- case GET_VALUE_STATE:
- if (isspace(curchar) || curchar == '>') {
- /* end of value */
- curPos = FB_GetPointer(fb) - 2;
- if (curPos >= startID) {
- /* Grab the value */
- FB_GetRange(fb, startID, curPos,
- &curPair->value);
- curPair->valueLine = linenum;
- } else {
- /* empty value, leave as NULL */
- }
- if (isspace(curchar)) {
- state = PRE_ATT_WS_STATE;
- } else {
- state = DONE_STATE;
- }
- } else if (curchar == '\"' || curchar == '\'') {
- /* quoted value. Start recording the value inside the quote*/
- startID = FB_GetPointer(fb);
- state = GET_QUOTED_VAL_STATE;
- PORT_Assert(quotechar == '\0');
- quotechar = curchar; /* look for matching quote type */
- } else {
- /* just more value */
- }
- break;
- case GET_QUOTED_VAL_STATE:
- PORT_Assert(quotechar != '\0');
- if (curchar == quotechar) {
- /* end of quoted value */
- curPos = FB_GetPointer(fb) - 2;
- if (curPos >= startID) {
- /* Grab the value */
- FB_GetRange(fb, startID, curPos,
- &curPair->value);
- curPair->valueLine = linenum;
- } else {
- /* empty value, leave it as NULL */
- }
- state = GET_ATT_STATE;
- quotechar = '\0';
- startID = FB_GetPointer(fb);
- } else {
- /* more quoted value, continue */
- }
- break;
- case DONE_STATE:
- case ERR_STATE:
- default:
- ; /* should never get here */
- }
+ linenum = FB_GetLineNum(fb);
+ curchar = FB_GetChar(fb);
+ if (curchar == EOF) {
+ *errStr = PR_smprintf(
+ "line %d: Unexpected end-of-file while parsing tag starting at line %d.\n",
+ linenum, startline);
+ state = ERR_STATE;
+ continue;
+ }
+
+ switch (state) {
+ case START_STATE:
+ if (curchar == '!') {
+ /*
+ * SGML tag or comment
+ * Here's the general rule for SGML tags. Everything from
+ * <! to > is the tag. Inside the tag, comments are
+ * delimited with --. So we are looking for the first '>'
+ * that is not commented out, that is, not inside a pair
+ * of --: <!DOCTYPE --this is a comment >(psyche!) -->
+ */
+
+ PRBool inComment = PR_FALSE;
+ short hyphenCount = 0; /* number of consecutive hyphens */
+
+ while (1) {
+ linenum = FB_GetLineNum(fb);
+ curchar = FB_GetChar(fb);
+ if (curchar == EOF) {
+ /* Uh oh, EOF inside comment */
+ *errStr = PR_smprintf(
+ "line %d: Unexpected end-of-file inside comment starting at line %d.\n",
+ linenum, startline);
+ state = ERR_STATE;
+ break;
+ }
+ if (curchar == '-') {
+ if (hyphenCount == 1) {
+ /* This is a comment delimiter */
+ inComment = !inComment;
+ hyphenCount = 0;
+ } else {
+ /* beginning of a comment delimiter? */
+ hyphenCount = 1;
+ }
+ } else if (curchar == '>') {
+ if (!inComment) {
+ /* This is the end of the tag */
+ state = DONE_STATE;
+ break;
+ } else {
+ /* The > is inside a comment, so it's not
+ * really the end of the tag */
+ hyphenCount = 0;
+ }
+ } else {
+ hyphenCount = 0;
+ }
+ }
+ ti->type = COMMENT_TAG;
+ break;
+ }
+ /* fall through */
+ case GET_ATT_STATE:
+ if (isspace(curchar) || curchar == '=' || curchar ==
+ '>') {
+ /* end of the current attribute */
+ curPos = FB_GetPointer(fb) - 2;
+ if (curPos >= startID) {
+ /* We have an attribute */
+ curPair = (AVPair *)PR_Malloc(sizeof(AVPair));
+ if (!curPair)
+ out_of_memory();
+ curPair->value = NULL;
+ curPair->next = NULL;
+ FB_GetRange(fb, startID, curPos,
+ &curPair->attribute);
+
+ /* Stick this attribute on the list */
+ if (ti->attListTail) {
+ ti->attListTail->next = curPair;
+ ti->attListTail = curPair;
+ } else {
+ ti->attList = ti->attListTail =
+ curPair;
+ }
+
+ /* If this is the first attribute, find the type of tag
+ * based on it. Also, start saving the text of the tag. */
+ if (firstAtt) {
+ ti->type = GetTagType(curPair->attribute);
+ startText = FB_GetPointer(fb) -
+ 1;
+ firstAtt = PR_FALSE;
+ }
+ } else {
+ if (curchar == '=') {
+ /* If we don't have any attribute but we do have an
+ * equal sign, that's an error */
+ *errStr = PR_smprintf("line %d: Malformed tag starting at line %d.\n",
+ linenum, startline);
+ state = ERR_STATE;
+ break;
+ }
+ }
+
+ /* Compute next state */
+ if (curchar == '=') {
+ startID = FB_GetPointer(fb);
+ state = PRE_VAL_WS_STATE;
+ } else if (curchar == '>') {
+ state = DONE_STATE;
+ } else if (curPair) {
+ state = POST_ATT_WS_STATE;
+ } else {
+ state = PRE_ATT_WS_STATE;
+ }
+ } else if (isAttChar(curchar)) {
+ /* Just another char in the attribute. Do nothing */
+ state = GET_ATT_STATE;
+ } else {
+ /* bogus char */
+ *errStr = PR_smprintf("line %d: Bogus chararacter '%c' in tag.\n",
+ linenum, curchar);
+ state = ERR_STATE;
+ break;
+ }
+ break;
+ case PRE_ATT_WS_STATE:
+ if (curchar == '>') {
+ state = DONE_STATE;
+ } else if (isspace(curchar)) {
+ /* more whitespace, do nothing */
+ } else if (isAttChar(curchar)) {
+ /* starting another attribute */
+ startID = FB_GetPointer(fb) - 1;
+ state = GET_ATT_STATE;
+ } else {
+ /* bogus char */
+ *errStr = PR_smprintf("line %d: Bogus character '%c' in tag.\n",
+ linenum, curchar);
+ state = ERR_STATE;
+ break;
+ }
+ break;
+ case POST_ATT_WS_STATE:
+ if (curchar == '>') {
+ state = DONE_STATE;
+ } else if (isspace(curchar)) {
+ /* more whitespace, do nothing */
+ } else if (isAttChar(curchar)) {
+ /* starting another attribute */
+ startID = FB_GetPointer(fb) - 1;
+ state = GET_ATT_STATE;
+ } else if (curchar == '=') {
+ /* there was whitespace between the attribute and its equal
+ * sign, which means there's a value coming up */
+ state = PRE_VAL_WS_STATE;
+ } else {
+ /* bogus char */
+ *errStr = PR_smprintf("line %d: Bogus character '%c' in tag.\n",
+ linenum, curchar);
+ state = ERR_STATE;
+ break;
+ }
+ break;
+ case PRE_VAL_WS_STATE:
+ if (curchar == '>') {
+ /* premature end-of-tag (sounds like a personal problem). */
+ *errStr = PR_smprintf(
+ "line %d: End of tag while waiting for value.\n",
+ linenum);
+ state = ERR_STATE;
+ break;
+ } else if (isspace(curchar)) {
+ /* more whitespace, do nothing */
+ break;
+ } else {
+ /* this must be some sort of value. Fall through
+ * to GET_VALUE_STATE */
+ startID = FB_GetPointer(fb) - 1;
+ state = GET_VALUE_STATE;
+ }
+ /* Fall through if we didn't break on '>' or whitespace */
+ case GET_VALUE_STATE:
+ if (isspace(curchar) || curchar == '>') {
+ /* end of value */
+ curPos = FB_GetPointer(fb) - 2;
+ if (curPos >= startID) {
+ /* Grab the value */
+ FB_GetRange(fb, startID, curPos,
+ &curPair->value);
+ curPair->valueLine = linenum;
+ } else {
+ /* empty value, leave as NULL */
+ }
+ if (isspace(curchar)) {
+ state = PRE_ATT_WS_STATE;
+ } else {
+ state = DONE_STATE;
+ }
+ } else if (curchar == '\"' || curchar == '\'') {
+ /* quoted value. Start recording the value inside the quote*/
+ startID = FB_GetPointer(fb);
+ state = GET_QUOTED_VAL_STATE;
+ PORT_Assert(quotechar == '\0');
+ quotechar = curchar; /* look for matching quote type */
+ } else {
+ /* just more value */
+ }
+ break;
+ case GET_QUOTED_VAL_STATE:
+ PORT_Assert(quotechar != '\0');
+ if (curchar == quotechar) {
+ /* end of quoted value */
+ curPos = FB_GetPointer(fb) - 2;
+ if (curPos >= startID) {
+ /* Grab the value */
+ FB_GetRange(fb, startID, curPos,
+ &curPair->value);
+ curPair->valueLine = linenum;
+ } else {
+ /* empty value, leave it as NULL */
+ }
+ state = GET_ATT_STATE;
+ quotechar = '\0';
+ startID = FB_GetPointer(fb);
+ } else {
+ /* more quoted value, continue */
+ }
+ break;
+ case DONE_STATE:
+ case ERR_STATE:
+ default:; /* should never get here */
+ }
}
if (state == DONE_STATE) {
- /* Get the text of the tag */
- curPos = FB_GetPointer(fb) - 1;
- FB_GetRange(fb, startText, curPos, &ti->text);
+ /* Get the text of the tag */
+ curPos = FB_GetPointer(fb) - 1;
+ FB_GetRange(fb, startText, curPos, &ti->text);
- /* Return the tag */
- return ti;
+ /* Return the tag */
+ return ti;
}
/* Uh oh, an error. Kill the tag item*/
@@ -581,57 +569,54 @@ ProcessTag(FileBuffer*fb, char **errStr)
return NULL;
}
-
/************************************************************************
*
* D e s t r o y H T M L I t e m
*/
-static void
+static void
DestroyHTMLItem(HTMLItem *item)
{
if (item->type == TAG_ITEM) {
- DestroyTagItem(item->item.tag);
+ DestroyTagItem(item->item.tag);
} else {
- if (item->item.text) {
- PR_Free(item->item.text);
- }
+ if (item->item.text) {
+ PR_Free(item->item.text);
+ }
}
}
-
/************************************************************************
*
* D e s t r o y T a g I t e m
*/
-static void
-DestroyTagItem(TagItem*ti)
+static void
+DestroyTagItem(TagItem *ti)
{
- AVPair * temp;
+ AVPair *temp;
if (ti->text) {
- PR_Free(ti->text);
- ti->text = NULL;
+ PR_Free(ti->text);
+ ti->text = NULL;
}
while (ti->attList) {
- temp = ti->attList;
- ti->attList = ti->attList->next;
+ temp = ti->attList;
+ ti->attList = ti->attList->next;
- if (temp->attribute) {
- PR_Free(temp->attribute);
- temp->attribute = NULL;
- }
- if (temp->value) {
- PR_Free(temp->value);
- temp->value = NULL;
- }
- PR_Free(temp);
+ if (temp->attribute) {
+ PR_Free(temp->attribute);
+ temp->attribute = NULL;
+ }
+ if (temp->value) {
+ PR_Free(temp->value);
+ temp->value = NULL;
+ }
+ PR_Free(temp);
}
PR_Free(ti);
}
-
/************************************************************************
*
* G e t T a g T y p e
@@ -640,40 +625,39 @@ static TAG_TYPE
GetTagType(char *att)
{
if (!PORT_Strcasecmp(att, "APPLET")) {
- return APPLET_TAG;
+ return APPLET_TAG;
}
if (!PORT_Strcasecmp(att, "SCRIPT")) {
- return SCRIPT_TAG;
+ return SCRIPT_TAG;
}
if (!PORT_Strcasecmp(att, "LINK")) {
- return LINK_TAG;
+ return LINK_TAG;
}
if (!PORT_Strcasecmp(att, "STYLE")) {
- return STYLE_TAG;
+ return STYLE_TAG;
}
return OTHER_TAG;
}
-
/************************************************************************
*
* F B _ C r e a t e
*/
-static FileBuffer*
-FB_Create(PRFileDesc*fd)
+static FileBuffer *
+FB_Create(PRFileDesc *fd)
{
- FileBuffer * fb;
+ FileBuffer *fb;
PRInt32 amountRead;
PRInt32 storedOffset;
- fb = (FileBuffer * ) PR_Malloc(sizeof(FileBuffer));
+ fb = (FileBuffer *)PR_Malloc(sizeof(FileBuffer));
fb->fd = fd;
storedOffset = PR_Seek(fd, 0, PR_SEEK_CUR);
PR_Seek(fd, 0, PR_SEEK_SET);
fb->startOffset = 0;
amountRead = PR_Read(fd, fb->buf, FILE_BUFFER_BUFSIZE);
- if (amountRead == -1)
- goto loser;
+ if (amountRead == -1)
+ goto loser;
fb->maxIndex = amountRead - 1;
fb->curIndex = 0;
fb->IsEOF = (fb->curIndex > fb->maxIndex) ? PR_TRUE : PR_FALSE;
@@ -687,38 +671,37 @@ loser:
return NULL;
}
-
/************************************************************************
*
* F B _ G e t C h a r
*/
-static int
+static int
FB_GetChar(FileBuffer *fb)
{
PRInt32 storedOffset;
PRInt32 amountRead;
- int retval = -1;
+ int retval = -1;
if (fb->IsEOF) {
- return EOF;
+ return EOF;
}
storedOffset = PR_Seek(fb->fd, 0, PR_SEEK_CUR);
- retval = (unsigned char) fb->buf[fb->curIndex++];
- if (retval == '\n')
- fb->lineNum++;
+ retval = (unsigned char)fb->buf[fb->curIndex++];
+ if (retval == '\n')
+ fb->lineNum++;
if (fb->curIndex > fb->maxIndex) {
- /* We're at the end of the buffer. Try to get some new data from the
- * file */
- fb->startOffset += fb->maxIndex + 1;
- PR_Seek(fb->fd, fb->startOffset, PR_SEEK_SET);
- amountRead = PR_Read(fb->fd, fb->buf, FILE_BUFFER_BUFSIZE);
- if (amountRead == -1)
- goto loser;
- fb->maxIndex = amountRead - 1;
- fb->curIndex = 0;
+ /* We're at the end of the buffer. Try to get some new data from the
+ * file */
+ fb->startOffset += fb->maxIndex + 1;
+ PR_Seek(fb->fd, fb->startOffset, PR_SEEK_SET);
+ amountRead = PR_Read(fb->fd, fb->buf, FILE_BUFFER_BUFSIZE);
+ if (amountRead == -1)
+ goto loser;
+ fb->maxIndex = amountRead - 1;
+ fb->curIndex = 0;
}
fb->IsEOF = (fb->curIndex > fb->maxIndex) ? PR_TRUE : PR_FALSE;
@@ -728,19 +711,17 @@ loser:
return retval;
}
-
/************************************************************************
*
* F B _ G e t L i n e N u m
*
*/
-static unsigned int
+static unsigned int
FB_GetLineNum(FileBuffer *fb)
{
return fb->lineNum;
}
-
/************************************************************************
*
* F B _ G e t P o i n t e r
@@ -752,7 +733,6 @@ FB_GetPointer(FileBuffer *fb)
return fb->startOffset + fb->curIndex;
}
-
/************************************************************************
*
* F B _ G e t R a n g e
@@ -766,7 +746,7 @@ FB_GetRange(FileBuffer *fb, PRInt32 start, PRInt32 end, char **buf)
*buf = PR_Malloc(end - start + 2);
if (*buf == NULL) {
- return 0;
+ return 0;
}
storedOffset = PR_Seek(fb->fd, 0, PR_SEEK_CUR);
@@ -774,218 +754,214 @@ FB_GetRange(FileBuffer *fb, PRInt32 start, PRInt32 end, char **buf)
amountRead = PR_Read(fb->fd, *buf, end - start + 1);
PR_Seek(fb->fd, storedOffset, PR_SEEK_SET);
if (amountRead == -1) {
- PR_Free(*buf);
- *buf = NULL;
- return 0;
+ PR_Free(*buf);
+ *buf = NULL;
+ return 0;
}
- (*buf)[end-start+1] = '\0';
+ (*buf)[end - start + 1] = '\0';
return amountRead;
}
-
/************************************************************************
*
* F B _ D e s t r o y
*
*/
-static void
+static void
FB_Destroy(FileBuffer *fb)
{
if (fb) {
- PR_Free(fb);
+ PR_Free(fb);
}
}
-
/************************************************************************
*
* P r i n t T a g I t e m
*
*/
-static void
+static void
PrintTagItem(PRFileDesc *fd, TagItem *ti)
{
- AVPair * pair;
+ AVPair *pair;
PR_fprintf(fd, "TAG:\n----\nType: ");
switch (ti->type) {
- case APPLET_TAG:
- PR_fprintf(fd, "applet\n");
- break;
- case SCRIPT_TAG:
- PR_fprintf(fd, "script\n");
- break;
- case LINK_TAG:
- PR_fprintf(fd, "link\n");
- break;
- case STYLE_TAG:
- PR_fprintf(fd, "style\n");
- break;
- case COMMENT_TAG:
- PR_fprintf(fd, "comment\n");
- break;
- case OTHER_TAG:
- default:
- PR_fprintf(fd, "other\n");
- break;
+ case APPLET_TAG:
+ PR_fprintf(fd, "applet\n");
+ break;
+ case SCRIPT_TAG:
+ PR_fprintf(fd, "script\n");
+ break;
+ case LINK_TAG:
+ PR_fprintf(fd, "link\n");
+ break;
+ case STYLE_TAG:
+ PR_fprintf(fd, "style\n");
+ break;
+ case COMMENT_TAG:
+ PR_fprintf(fd, "comment\n");
+ break;
+ case OTHER_TAG:
+ default:
+ PR_fprintf(fd, "other\n");
+ break;
}
PR_fprintf(fd, "Attributes:\n");
for (pair = ti->attList; pair; pair = pair->next) {
- PR_fprintf(fd, "\t%s=%s\n", pair->attribute,
- pair->value ? pair->value : "");
+ PR_fprintf(fd, "\t%s=%s\n", pair->attribute,
+ pair->value ? pair->value : "");
}
PR_fprintf(fd, "Text:%s\n", ti->text ? ti->text : "");
PR_fprintf(fd, "---End of tag---\n");
}
-
/************************************************************************
*
* P r i n t H T M L S t r e a m
*
*/
-static void
+static void
PrintHTMLStream(PRFileDesc *fd, HTMLItem *head)
{
while (head) {
- if (head->type == TAG_ITEM) {
- PrintTagItem(fd, head->item.tag);
- } else {
- PR_fprintf(fd, "\nTEXT:\n-----\n%s\n-----\n\n", head->item.text);
- }
- head = head->next;
+ if (head->type == TAG_ITEM) {
+ PrintTagItem(fd, head->item.tag);
+ } else {
+ PR_fprintf(fd, "\nTEXT:\n-----\n%s\n-----\n\n", head->item.text);
+ }
+ head = head->next;
}
}
-
/************************************************************************
*
* S a v e I n l i n e S c r i p t
*
*/
-static int
+static int
SaveInlineScript(char *text, char *id, char *basedir, char *archiveDir)
{
- char *filename = NULL;
- PRFileDesc * fd = NULL;
- int retval = -1;
+ char *filename = NULL;
+ PRFileDesc *fd = NULL;
+ int retval = -1;
PRInt32 writeLen;
- char *ilDir = NULL;
+ char *ilDir = NULL;
if (!text || !id || !archiveDir) {
- return - 1;
+ return -1;
}
if (dumpParse) {
- PR_fprintf(outputFD, "SaveInlineScript: text=%s, id=%s, \n"
- "basedir=%s, archiveDir=%s\n",
- text, id, basedir, archiveDir);
+ PR_fprintf(outputFD, "SaveInlineScript: text=%s, id=%s, \n"
+ "basedir=%s, archiveDir=%s\n",
+ text, id, basedir, archiveDir);
}
/* Make sure the archive directory is around */
if (ensureExists(basedir, archiveDir) != PR_SUCCESS) {
- PR_fprintf(errorFD,
- "ERROR: Unable to create archive directory %s.\n", archiveDir);
- errorCount++;
- return - 1;
+ PR_fprintf(errorFD,
+ "ERROR: Unable to create archive directory %s.\n", archiveDir);
+ errorCount++;
+ return -1;
}
/* Make sure the inline script directory is around */
ilDir = PR_smprintf("%s/inlineScripts", archiveDir);
scriptdir = "inlineScripts";
if (ensureExists(basedir, ilDir) != PR_SUCCESS) {
- PR_fprintf(errorFD,
- "ERROR: Unable to create directory %s.\n", ilDir);
- errorCount++;
- return - 1;
+ PR_fprintf(errorFD,
+ "ERROR: Unable to create directory %s.\n", ilDir);
+ errorCount++;
+ return -1;
}
filename = PR_smprintf("%s/%s/%s", basedir, ilDir, id);
/* If the file already exists, give a warning, then blow it away */
if (PR_Access(filename, PR_ACCESS_EXISTS) == PR_SUCCESS) {
- PR_fprintf(errorFD,
- "warning: file \"%s\" already exists--will overwrite.\n",
- filename);
- warningCount++;
- if (rm_dash_r(filename)) {
- PR_fprintf(errorFD, "ERROR: Unable to delete %s.\n", filename);
- errorCount++;
- goto finish;
- }
+ PR_fprintf(errorFD,
+ "warning: file \"%s\" already exists--will overwrite.\n",
+ filename);
+ warningCount++;
+ if (rm_dash_r(filename)) {
+ PR_fprintf(errorFD, "ERROR: Unable to delete %s.\n", filename);
+ errorCount++;
+ goto finish;
+ }
}
/* Write text into file with name id */
fd = PR_Open(filename, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0777);
if (!fd) {
- PR_fprintf(errorFD, "ERROR: Unable to create file \"%s\".\n",
- filename);
- errorCount++;
- goto finish;
+ PR_fprintf(errorFD, "ERROR: Unable to create file \"%s\".\n",
+ filename);
+ errorCount++;
+ goto finish;
}
writeLen = strlen(text);
- if ( PR_Write(fd, text, writeLen) != writeLen) {
- PR_fprintf(errorFD, "ERROR: Unable to write to file \"%s\".\n",
- filename);
- errorCount++;
- goto finish;
+ if (PR_Write(fd, text, writeLen) != writeLen) {
+ PR_fprintf(errorFD, "ERROR: Unable to write to file \"%s\".\n",
+ filename);
+ errorCount++;
+ goto finish;
}
retval = 0;
finish:
if (filename) {
- PR_smprintf_free(filename);
+ PR_smprintf_free(filename);
}
if (ilDir) {
- PR_smprintf_free(ilDir);
+ PR_smprintf_free(ilDir);
}
if (fd) {
- PR_Close(fd);
+ PR_Close(fd);
}
return retval;
}
-
/************************************************************************
*
* S a v e U n n a m a b l e S c r i p t
*
*/
-static int
+static int
SaveUnnamableScript(char *text, char *basedir, char *archiveDir,
-char *HTMLfilename)
+ char *HTMLfilename)
{
- char *id = NULL;
- char *ext = NULL;
- char *start = NULL;
- int retval = -1;
+ char *id = NULL;
+ char *ext = NULL;
+ char *start = NULL;
+ int retval = -1;
if (!text || !archiveDir || !HTMLfilename) {
- return - 1;
+ return -1;
}
if (dumpParse) {
- PR_fprintf(outputFD, "SaveUnnamableScript: text=%s, basedir=%s,\n"
- "archiveDir=%s, filename=%s\n", text, basedir, archiveDir,
- HTMLfilename);
+ PR_fprintf(outputFD, "SaveUnnamableScript: text=%s, basedir=%s,\n"
+ "archiveDir=%s, filename=%s\n",
+ text, basedir, archiveDir,
+ HTMLfilename);
}
/* Construct the filename */
ext = PL_strrchr(HTMLfilename, '.');
if (ext) {
- *ext = '\0';
+ *ext = '\0';
}
- for (start = HTMLfilename; strpbrk(start, "/\\");
+ for (start = HTMLfilename; strpbrk(start, "/\\");
start = strpbrk(start, "/\\") + 1)
- /* do nothing */;
- if (*start == '\0')
- start = HTMLfilename;
+ /* do nothing */;
+ if (*start == '\0')
+ start = HTMLfilename;
id = PR_smprintf("_%s%d", start, idOrdinal++);
if (ext) {
- *ext = '.';
+ *ext = '.';
}
/* Now call SaveInlineScript to do the work */
@@ -996,113 +972,111 @@ char *HTMLfilename)
return retval;
}
-
/************************************************************************
*
* S a v e S o u r c e
*
*/
-static int
+static int
SaveSource(char *src, char *codebase, char *basedir, char *archiveDir)
{
- char *from = NULL, *to = NULL;
- int retval = -1;
- char *arcDir = NULL;
+ char *from = NULL, *to = NULL;
+ int retval = -1;
+ char *arcDir = NULL;
if (!src || !archiveDir) {
- return - 1;
+ return -1;
}
if (dumpParse) {
- PR_fprintf(outputFD, "SaveSource: src=%s, codebase=%s, basedir=%s,\n"
- "archiveDir=%s\n", src, codebase, basedir, archiveDir);
+ PR_fprintf(outputFD, "SaveSource: src=%s, codebase=%s, basedir=%s,\n"
+ "archiveDir=%s\n",
+ src, codebase, basedir, archiveDir);
}
if (codebase) {
- arcDir = PR_smprintf("%s/%s/%s/", basedir, codebase, archiveDir);
+ arcDir = PR_smprintf("%s/%s/%s/", basedir, codebase, archiveDir);
} else {
- arcDir = PR_smprintf("%s/%s/", basedir, archiveDir);
+ arcDir = PR_smprintf("%s/%s/", basedir, archiveDir);
}
if (codebase) {
- from = PR_smprintf("%s/%s/%s", basedir, codebase, src);
- to = PR_smprintf("%s%s", arcDir, src);
+ from = PR_smprintf("%s/%s/%s", basedir, codebase, src);
+ to = PR_smprintf("%s%s", arcDir, src);
} else {
- from = PR_smprintf("%s/%s", basedir, src);
- to = PR_smprintf("%s%s", arcDir, src);
+ from = PR_smprintf("%s/%s", basedir, src);
+ to = PR_smprintf("%s%s", arcDir, src);
}
if (make_dirs(to, 0777)) {
- PR_fprintf(errorFD,
- "ERROR: Unable to create archive directory %s.\n", archiveDir);
- errorCount++;
- goto finish;
+ PR_fprintf(errorFD,
+ "ERROR: Unable to create archive directory %s.\n", archiveDir);
+ errorCount++;
+ goto finish;
}
retval = copyinto(from, to);
finish:
- if (from)
- PR_Free(from);
- if (to)
- PR_Free(to);
- if (arcDir)
- PR_Free(arcDir);
+ if (from)
+ PR_Free(from);
+ if (to)
+ PR_Free(to);
+ if (arcDir)
+ PR_Free(arcDir);
return retval;
}
-
/************************************************************************
*
* T a g T y p e T o S t r i n g
*
*/
-char *
+char *
TagTypeToString(TAG_TYPE type)
{
switch (type) {
- case APPLET_TAG:
- return "APPLET";
- case SCRIPT_TAG:
- return "SCRIPT";
- case LINK_TAG:
- return "LINK";
- case STYLE_TAG:
- return "STYLE";
- default:
- break;
+ case APPLET_TAG:
+ return "APPLET";
+ case SCRIPT_TAG:
+ return "SCRIPT";
+ case LINK_TAG:
+ return "LINK";
+ case STYLE_TAG:
+ return "STYLE";
+ default:
+ break;
}
return "unknown";
}
-
/************************************************************************
*
* e x t r a c t _ j s
*
*/
-static int
+static int
extract_js(char *filename)
{
- PRFileDesc * fd = NULL;
- FileBuffer * fb = NULL;
- HTMLItem * head = NULL;
- HTMLItem * tail = NULL;
- HTMLItem * curitem = NULL;
- HTMLItem * styleList = NULL;
- HTMLItem * styleListTail = NULL;
- HTMLItem * entityList = NULL;
- HTMLItem * entityListTail = NULL;
- TagItem * tagp = NULL;
- char *text = NULL;
- char *tagerr = NULL;
- char *archiveDir = NULL;
- char *firstArchiveDir = NULL;
- char *basedir = NULL;
- PRInt32 textStart;
- PRInt32 curOffset;
+ PRFileDesc *fd = NULL;
+ FileBuffer *fb = NULL;
+ HTMLItem *head = NULL;
+ HTMLItem *tail = NULL;
+ HTMLItem *curitem = NULL;
+ HTMLItem *styleList = NULL;
+ HTMLItem *styleListTail = NULL;
+ HTMLItem *entityList = NULL;
+ HTMLItem *entityListTail = NULL;
+ TagItem *tagp = NULL;
+ char *text = NULL;
+ char *tagerr = NULL;
+ char *archiveDir = NULL;
+ char *firstArchiveDir = NULL;
+ char *basedir = NULL;
+ PRInt32 textStart;
+ PRInt32 curOffset;
HTML_STATE state;
- int curchar;
- int retval = -1;
+ int curchar;
+ int retval = -1;
unsigned int linenum, startLine;
/* Initialize the implicit ID counter for each file */
@@ -1114,29 +1088,29 @@ extract_js(char *filename)
fd = PR_Open(filename, PR_RDONLY, 0);
if (!fd) {
- PR_fprintf(errorFD, "Unable to open %s for reading.\n", filename);
- errorCount++;
- return - 1;
+ PR_fprintf(errorFD, "Unable to open %s for reading.\n", filename);
+ errorCount++;
+ return -1;
}
/* Construct base directory of filename. */
- {
- char *cp;
+ {
+ char *cp;
- basedir = PL_strdup(filename);
+ basedir = PL_strdup(filename);
- /* Remove trailing slashes */
- while ( (cp = PL_strprbrk(basedir, "/\\")) ==
- (basedir + strlen(basedir) - 1)) {
- *cp = '\0';
- }
+ /* Remove trailing slashes */
+ while ((cp = PL_strprbrk(basedir, "/\\")) ==
+ (basedir + strlen(basedir) - 1)) {
+ *cp = '\0';
+ }
- /* Now remove everything from the last slash (which will be followed
- * by a filename) to the end */
- cp = PL_strprbrk(basedir, "/\\");
- if (cp) {
- *cp = '\0';
- }
+ /* Now remove everything from the last slash (which will be followed
+ * by a filename) to the end */
+ cp = PL_strprbrk(basedir, "/\\");
+ if (cp) {
+ *cp = '\0';
+ }
}
state = TEXT_HTML_STATE;
@@ -1146,539 +1120,542 @@ extract_js(char *filename)
textStart = 0;
startLine = 0;
while (linenum = FB_GetLineNum(fb), (curchar = FB_GetChar(fb)) !=
- EOF) {
- switch (state) {
- case TEXT_HTML_STATE:
- if (curchar == '<') {
- /*
- * Found a tag
- */
- /* Save the text so far to a new text item */
- curOffset = FB_GetPointer(fb) - 2;
- if (curOffset >= textStart) {
- if (FB_GetRange(fb, textStart, curOffset,
- &text) !=
- curOffset - textStart + 1) {
- PR_fprintf(errorFD,
- "Unable to read from %s.\n",
- filename);
- errorCount++;
- goto loser;
- }
- /* little fudge here. If the first character on a line
- * is '<', meaning a new tag, the preceding text item
- * actually ends on the previous line. In this case
- * we will be saying that the text segment ends on the
- * next line. I don't think this matters for text items. */
- curitem = CreateTextItem(text, startLine,
- linenum);
- text = NULL;
- if (tail == NULL) {
- head = tail = curitem;
- } else {
- tail->next = curitem;
- tail = curitem;
- }
- }
-
- /* Process the tag */
- tagp = ProcessTag(fb, &tagerr);
- if (!tagp) {
- if (tagerr) {
- PR_fprintf(errorFD, "Error in file %s: %s\n",
- filename, tagerr);
- errorCount++;
- } else {
- PR_fprintf(errorFD,
- "Error in file %s, in tag starting at line %d\n",
- filename, linenum);
- errorCount++;
- }
- goto loser;
- }
- /* Add the tag to the list */
- curitem = CreateTagItem(tagp, linenum, FB_GetLineNum(fb));
- if (tail == NULL) {
- head = tail = curitem;
- } else {
- tail->next = curitem;
- tail = curitem;
- }
-
- /* What's the next state */
- if (tagp->type == SCRIPT_TAG) {
- state = SCRIPT_HTML_STATE;
- }
-
- /* Start recording text from the new offset */
- textStart = FB_GetPointer(fb);
- startLine = FB_GetLineNum(fb);
- } else {
- /* regular character. Next! */
- }
- break;
- case SCRIPT_HTML_STATE:
- if (curchar == '<') {
- char *cp;
- /*
- * If this is a </script> tag, then we're at the end of the
- * script. Otherwise, ignore
- */
- curOffset = FB_GetPointer(fb) - 1;
- cp = NULL;
- if (FB_GetRange(fb, curOffset, curOffset + 8, &cp) != 9) {
- if (cp) {
- PR_Free(cp);
- cp = NULL;
- }
- } else {
- /* compare the strings */
- if ( !PORT_Strncasecmp(cp, "</script>", 9) ) {
- /* This is the end of the script. Record the text. */
- curOffset--;
- if (curOffset >= textStart) {
- if (FB_GetRange(fb, textStart, curOffset, &text) !=
- curOffset - textStart + 1) {
- PR_fprintf(errorFD, "Unable to read from %s.\n",
- filename);
- errorCount++;
- goto loser;
- }
- curitem = CreateTextItem(text, startLine, linenum);
- text = NULL;
- if (tail == NULL) {
- head = tail = curitem;
- } else {
- tail->next = curitem;
- tail = curitem;
- }
- }
-
- /* Now parse the /script tag and put it on the list */
- tagp = ProcessTag(fb, &tagerr);
- if (!tagp) {
- if (tagerr) {
- PR_fprintf(errorFD, "Error in file %s: %s\n",
- filename, tagerr);
- } else {
- PR_fprintf(errorFD,
- "Error in file %s, in tag starting at"
- " line %d\n", filename, linenum);
- }
- errorCount++;
- goto loser;
- }
- curitem = CreateTagItem(tagp, linenum,
- FB_GetLineNum(fb));
- if (tail == NULL) {
- head = tail = curitem;
- } else {
- tail->next = curitem;
- tail = curitem;
- }
-
- /* go back to text state */
- state = TEXT_HTML_STATE;
-
- textStart = FB_GetPointer(fb);
- startLine = FB_GetLineNum(fb);
- }
- }
- }
- break;
- }
+ EOF) {
+ switch (state) {
+ case TEXT_HTML_STATE:
+ if (curchar == '<') {
+ /*
+ * Found a tag
+ */
+ /* Save the text so far to a new text item */
+ curOffset = FB_GetPointer(fb) - 2;
+ if (curOffset >= textStart) {
+ if (FB_GetRange(fb, textStart, curOffset,
+ &text) !=
+ curOffset - textStart + 1) {
+ PR_fprintf(errorFD,
+ "Unable to read from %s.\n",
+ filename);
+ errorCount++;
+ goto loser;
+ }
+ /* little fudge here. If the first character on a line
+ * is '<', meaning a new tag, the preceding text item
+ * actually ends on the previous line. In this case
+ * we will be saying that the text segment ends on the
+ * next line. I don't think this matters for text items. */
+ curitem = CreateTextItem(text, startLine,
+ linenum);
+ text = NULL;
+ if (tail == NULL) {
+ head = tail = curitem;
+ } else {
+ tail->next = curitem;
+ tail = curitem;
+ }
+ }
+
+ /* Process the tag */
+ tagp = ProcessTag(fb, &tagerr);
+ if (!tagp) {
+ if (tagerr) {
+ PR_fprintf(errorFD, "Error in file %s: %s\n",
+ filename, tagerr);
+ errorCount++;
+ } else {
+ PR_fprintf(errorFD,
+ "Error in file %s, in tag starting at line %d\n",
+ filename, linenum);
+ errorCount++;
+ }
+ goto loser;
+ }
+ /* Add the tag to the list */
+ curitem = CreateTagItem(tagp, linenum, FB_GetLineNum(fb));
+ if (tail == NULL) {
+ head = tail = curitem;
+ } else {
+ tail->next = curitem;
+ tail = curitem;
+ }
+
+ /* What's the next state */
+ if (tagp->type == SCRIPT_TAG) {
+ state = SCRIPT_HTML_STATE;
+ }
+
+ /* Start recording text from the new offset */
+ textStart = FB_GetPointer(fb);
+ startLine = FB_GetLineNum(fb);
+ } else {
+ /* regular character. Next! */
+ }
+ break;
+ case SCRIPT_HTML_STATE:
+ if (curchar == '<') {
+ char *cp;
+ /*
+ * If this is a </script> tag, then we're at the end of the
+ * script. Otherwise, ignore
+ */
+ curOffset = FB_GetPointer(fb) - 1;
+ cp = NULL;
+ if (FB_GetRange(fb, curOffset, curOffset + 8, &cp) != 9) {
+ if (cp) {
+ PR_Free(cp);
+ cp = NULL;
+ }
+ } else {
+ /* compare the strings */
+ if (!PORT_Strncasecmp(cp, "</script>", 9)) {
+ /* This is the end of the script. Record the text. */
+ curOffset--;
+ if (curOffset >= textStart) {
+ if (FB_GetRange(fb, textStart, curOffset, &text) !=
+ curOffset - textStart + 1) {
+ PR_fprintf(errorFD, "Unable to read from %s.\n",
+ filename);
+ errorCount++;
+ goto loser;
+ }
+ curitem = CreateTextItem(text, startLine, linenum);
+ text = NULL;
+ if (tail == NULL) {
+ head = tail = curitem;
+ } else {
+ tail->next = curitem;
+ tail = curitem;
+ }
+ }
+
+ /* Now parse the /script tag and put it on the list */
+ tagp = ProcessTag(fb, &tagerr);
+ if (!tagp) {
+ if (tagerr) {
+ PR_fprintf(errorFD, "Error in file %s: %s\n",
+ filename, tagerr);
+ } else {
+ PR_fprintf(errorFD,
+ "Error in file %s, in tag starting at"
+ " line %d\n",
+ filename, linenum);
+ }
+ errorCount++;
+ goto loser;
+ }
+ curitem = CreateTagItem(tagp, linenum,
+ FB_GetLineNum(fb));
+ if (tail == NULL) {
+ head = tail = curitem;
+ } else {
+ tail->next = curitem;
+ tail = curitem;
+ }
+
+ /* go back to text state */
+ state = TEXT_HTML_STATE;
+
+ textStart = FB_GetPointer(fb);
+ startLine = FB_GetLineNum(fb);
+ }
+ }
+ }
+ break;
+ }
}
/* End of the file. Wrap up any remaining text */
if (state == SCRIPT_HTML_STATE) {
- if (tail && tail->type == TAG_ITEM) {
- PR_fprintf(errorFD, "ERROR: <SCRIPT> tag at %s:%d is not followed "
- "by a </SCRIPT> tag.\n", filename, tail->startLine);
- } else {
- PR_fprintf(errorFD, "ERROR: <SCRIPT> tag in file %s is not followed"
- " by a </SCRIPT tag.\n", filename);
- }
- errorCount++;
- goto loser;
+ if (tail && tail->type == TAG_ITEM) {
+ PR_fprintf(errorFD, "ERROR: <SCRIPT> tag at %s:%d is not followed "
+ "by a </SCRIPT> tag.\n",
+ filename, tail->startLine);
+ } else {
+ PR_fprintf(errorFD, "ERROR: <SCRIPT> tag in file %s is not followed"
+ " by a </SCRIPT tag.\n",
+ filename);
+ }
+ errorCount++;
+ goto loser;
}
curOffset = FB_GetPointer(fb) - 1;
if (curOffset >= textStart) {
- text = NULL;
- if ( FB_GetRange(fb, textStart, curOffset, &text) !=
- curOffset - textStart + 1) {
- PR_fprintf(errorFD, "Unable to read from %s.\n", filename);
- errorCount++;
- goto loser;
- }
- curitem = CreateTextItem(text, startLine, linenum);
- text = NULL;
- if (tail == NULL) {
- head = tail = curitem;
- } else {
- tail->next = curitem;
- tail = curitem;
- }
+ text = NULL;
+ if (FB_GetRange(fb, textStart, curOffset, &text) !=
+ curOffset - textStart + 1) {
+ PR_fprintf(errorFD, "Unable to read from %s.\n", filename);
+ errorCount++;
+ goto loser;
+ }
+ curitem = CreateTextItem(text, startLine, linenum);
+ text = NULL;
+ if (tail == NULL) {
+ head = tail = curitem;
+ } else {
+ tail->next = curitem;
+ tail = curitem;
+ }
}
if (dumpParse) {
- PrintHTMLStream(outputFD, head);
+ PrintHTMLStream(outputFD, head);
}
/*
* Now we have a stream of tags and text. Go through and deal with each.
*/
for (curitem = head; curitem; curitem = curitem->next) {
- TagItem * tagp = NULL;
- AVPair * pairp = NULL;
- char *src = NULL, *id = NULL, *codebase = NULL;
- PRBool hasEventHandler = PR_FALSE;
- int i;
-
- /* Reset archive directory for each tag */
- if (archiveDir) {
- PR_Free(archiveDir);
- archiveDir = NULL;
- }
-
- /* We only analyze tags */
- if (curitem->type != TAG_ITEM) {
- continue;
- }
-
- tagp = curitem->item.tag;
-
- /* go through the attributes to get information */
- for (pairp = tagp->attList; pairp; pairp = pairp->next) {
-
- /* ARCHIVE= */
- if ( !PL_strcasecmp(pairp->attribute, "archive")) {
- if (archiveDir) {
- /* Duplicate attribute. Print warning */
- PR_fprintf(errorFD,
- "warning: \"%s\" attribute overwrites previous attribute"
- " in tag starting at %s:%d.\n",
- pairp->attribute, filename, curitem->startLine);
- warningCount++;
- PR_Free(archiveDir);
- }
- archiveDir = PL_strdup(pairp->value);
-
- /* Substiture ".arc" for ".jar" */
- if ( (PL_strlen(archiveDir) < 4) ||
- PL_strcasecmp((archiveDir + strlen(archiveDir) -4),
- ".jar")) {
- PR_fprintf(errorFD,
- "warning: ARCHIVE attribute should end in \".jar\" in tag"
- " starting on %s:%d.\n", filename, curitem->startLine);
- warningCount++;
- PR_Free(archiveDir);
- archiveDir = PR_smprintf("%s.arc", archiveDir);
- } else {
- PL_strcpy(archiveDir + strlen(archiveDir) -4, ".arc");
- }
-
- /* Record the first archive. This will be used later if
- * the archive is not specified */
- if (firstArchiveDir == NULL) {
- firstArchiveDir = PL_strdup(archiveDir);
- }
- }
- /* CODEBASE= */
- else if ( !PL_strcasecmp(pairp->attribute, "codebase")) {
- if (codebase) {
- /* Duplicate attribute. Print warning */
- PR_fprintf(errorFD,
- "warning: \"%s\" attribute overwrites previous attribute"
- " in tag staring at %s:%d.\n",
- pairp->attribute, filename, curitem->startLine);
- warningCount++;
- }
- codebase = pairp->value;
- }
- /* SRC= and HREF= */
- else if ( !PORT_Strcasecmp(pairp->attribute, "src") ||
- !PORT_Strcasecmp(pairp->attribute, "href") ) {
- if (src) {
- /* Duplicate attribute. Print warning */
- PR_fprintf(errorFD,
- "warning: \"%s\" attribute overwrites previous attribute"
- " in tag staring at %s:%d.\n",
- pairp->attribute, filename, curitem->startLine);
- warningCount++;
- }
- src = pairp->value;
- }
- /* CODE= */
- else if (!PORT_Strcasecmp(pairp->attribute, "code") ) {
- /*!!!XXX Change PORT to PL all over this code !!! */
- if (src) {
- /* Duplicate attribute. Print warning */
- PR_fprintf(errorFD,
- "warning: \"%s\" attribute overwrites previous attribute"
- " ,in tag staring at %s:%d.\n",
- pairp->attribute, filename, curitem->startLine);
- warningCount++;
- }
- src = pairp->value;
-
- /* Append a .class if one is not already present */
- if ( (PL_strlen(src) < 6) ||
- PL_strcasecmp( (src + PL_strlen(src) - 6), ".class") ) {
- src = PR_smprintf("%s.class", src);
- /* Put this string back into the data structure so it
- * will be deallocated properly */
- PR_Free(pairp->value);
- pairp->value = src;
- }
- }
- /* ID= */
- else if (!PL_strcasecmp(pairp->attribute, "id") ) {
- if (id) {
- /* Duplicate attribute. Print warning */
- PR_fprintf(errorFD,
- "warning: \"%s\" attribute overwrites previous attribute"
- " in tag staring at %s:%d.\n",
- pairp->attribute, filename, curitem->startLine);
- warningCount++;
- }
- id = pairp->value;
- }
-
- /* STYLE= */
- /* style= attributes, along with JS entities, are stored into
- * files with dynamically generated names. The filenames are
- * based on the order in which the text is found in the file.
- * All JS entities on all lines up to and including the line
- * containing the end of the tag that has this style= attribute
- * will be processed before this style=attribute. So we need
- * to record the line that this _tag_ (not the attribute) ends on.
- */
- else if (!PL_strcasecmp(pairp->attribute, "style") && pairp->value)
- {
- HTMLItem * styleItem;
- /* Put this item on the style list */
- styleItem = CreateTextItem(PL_strdup(pairp->value),
- curitem->startLine, curitem->endLine);
- if (styleListTail == NULL) {
- styleList = styleListTail = styleItem;
- } else {
- styleListTail->next = styleItem;
- styleListTail = styleItem;
- }
- }
- /* Event handlers */
- else {
- for (i = 0; i < num_handlers; i++) {
- if (!PL_strcasecmp(event_handlers[i], pairp->attribute)) {
- hasEventHandler = PR_TRUE;
- break;
- }
- }
- }
-
-
- /* JS Entity */
- {
- char *entityStart, *entityEnd;
- HTMLItem * entityItem;
-
- /* go through each JavaScript entity ( &{...}; ) and store it
- * in the entityList. The important thing is to record what
- * line number it's on, so we can get it in the right order
- * in relation to style= attributes.
- * Apparently, these can't flow across lines, so the start and
- * end line will be the same. That helps matters.
- */
- entityEnd = pairp->value;
- while ( entityEnd &&
- (entityStart = PL_strstr(entityEnd, "&{")) /*}*/ != NULL) {
- entityStart += 2; /* point at beginning of actual entity */
- entityEnd = PL_strchr(entityStart, '}');
- if (entityEnd) {
- /* Put this item on the entity list */
- *entityEnd = '\0';
- entityItem = CreateTextItem(PL_strdup(entityStart),
- pairp->valueLine, pairp->valueLine);
- *entityEnd = /* { */ '}';
- if (entityListTail) {
- entityListTail->next = entityItem;
- entityListTail = entityItem;
- } else {
- entityList = entityListTail = entityItem;
- }
- }
- }
- }
- }
-
- /* If no archive was supplied, we use the first one of the file */
- if (!archiveDir && firstArchiveDir) {
- archiveDir = PL_strdup(firstArchiveDir);
- }
-
- /* If we have an event handler, we need to archive this tag */
- if (hasEventHandler) {
- if (!id) {
- PR_fprintf(errorFD,
- "warning: tag starting at %s:%d has event handler but"
- " no ID attribute. The tag will not be signed.\n",
- filename, curitem->startLine);
- warningCount++;
- } else if (!archiveDir) {
- PR_fprintf(errorFD,
- "warning: tag starting at %s:%d has event handler but"
- " no ARCHIVE attribute. The tag will not be signed.\n",
- filename, curitem->startLine);
- warningCount++;
- } else {
- if (SaveInlineScript(tagp->text, id, basedir, archiveDir)) {
- goto loser;
- }
- }
- }
-
- switch (tagp->type) {
- case APPLET_TAG:
- if (!src) {
- PR_fprintf(errorFD,
- "error: APPLET tag starting on %s:%d has no CODE "
- "attribute.\n", filename, curitem->startLine);
- errorCount++;
- goto loser;
- } else if (!archiveDir) {
- PR_fprintf(errorFD,
- "error: APPLET tag starting on %s:%d has no ARCHIVE "
- "attribute.\n", filename, curitem->startLine);
- errorCount++;
- goto loser;
- } else {
- if (SaveSource(src, codebase, basedir, archiveDir)) {
- goto loser;
- }
- }
- break;
- case SCRIPT_TAG:
- case LINK_TAG:
- case STYLE_TAG:
- if (!archiveDir) {
- PR_fprintf(errorFD,
- "error: %s tag starting on %s:%d has no ARCHIVE "
- "attribute.\n", TagTypeToString(tagp->type),
- filename, curitem->startLine);
- errorCount++;
- goto loser;
- } else if (src) {
- if (SaveSource(src, codebase, basedir, archiveDir)) {
- goto loser;
- }
- } else if (id) {
- /* Save the next text item */
- if (!curitem->next || (curitem->next->type !=
- TEXT_ITEM)) {
- PR_fprintf(errorFD,
- "warning: %s tag starting on %s:%d is not followed"
- " by script text.\n", TagTypeToString(tagp->type),
- filename, curitem->startLine);
- warningCount++;
- /* just create empty file */
- if (SaveInlineScript("", id, basedir, archiveDir)) {
- goto loser;
- }
- } else {
- curitem = curitem->next;
- if (SaveInlineScript(curitem->item.text,
- id, basedir,
- archiveDir)) {
- goto loser;
- }
- }
- } else {
- /* No src or id tag--warning */
- PR_fprintf(errorFD,
- "warning: %s tag starting on %s:%d has no SRC or"
- " ID attributes. Will not sign.\n",
- TagTypeToString(tagp->type), filename, curitem->startLine);
- warningCount++;
- }
- break;
- default:
- /* do nothing for other tags */
- break;
- }
-
+ TagItem *tagp = NULL;
+ AVPair *pairp = NULL;
+ char *src = NULL, *id = NULL, *codebase = NULL;
+ PRBool hasEventHandler = PR_FALSE;
+ int i;
+
+ /* Reset archive directory for each tag */
+ if (archiveDir) {
+ PR_Free(archiveDir);
+ archiveDir = NULL;
+ }
+
+ /* We only analyze tags */
+ if (curitem->type != TAG_ITEM) {
+ continue;
+ }
+
+ tagp = curitem->item.tag;
+
+ /* go through the attributes to get information */
+ for (pairp = tagp->attList; pairp; pairp = pairp->next) {
+
+ /* ARCHIVE= */
+ if (!PL_strcasecmp(pairp->attribute, "archive")) {
+ if (archiveDir) {
+ /* Duplicate attribute. Print warning */
+ PR_fprintf(errorFD,
+ "warning: \"%s\" attribute overwrites previous attribute"
+ " in tag starting at %s:%d.\n",
+ pairp->attribute, filename, curitem->startLine);
+ warningCount++;
+ PR_Free(archiveDir);
+ }
+ archiveDir = PL_strdup(pairp->value);
+
+ /* Substiture ".arc" for ".jar" */
+ if ((PL_strlen(archiveDir) < 4) ||
+ PL_strcasecmp((archiveDir + strlen(archiveDir) - 4),
+ ".jar")) {
+ PR_fprintf(errorFD,
+ "warning: ARCHIVE attribute should end in \".jar\" in tag"
+ " starting on %s:%d.\n",
+ filename, curitem->startLine);
+ warningCount++;
+ PR_Free(archiveDir);
+ archiveDir = PR_smprintf("%s.arc", archiveDir);
+ } else {
+ PL_strcpy(archiveDir + strlen(archiveDir) - 4, ".arc");
+ }
+
+ /* Record the first archive. This will be used later if
+ * the archive is not specified */
+ if (firstArchiveDir == NULL) {
+ firstArchiveDir = PL_strdup(archiveDir);
+ }
+ }
+ /* CODEBASE= */
+ else if (!PL_strcasecmp(pairp->attribute, "codebase")) {
+ if (codebase) {
+ /* Duplicate attribute. Print warning */
+ PR_fprintf(errorFD,
+ "warning: \"%s\" attribute overwrites previous attribute"
+ " in tag staring at %s:%d.\n",
+ pairp->attribute, filename, curitem->startLine);
+ warningCount++;
+ }
+ codebase = pairp->value;
+ }
+ /* SRC= and HREF= */
+ else if (!PORT_Strcasecmp(pairp->attribute, "src") ||
+ !PORT_Strcasecmp(pairp->attribute, "href")) {
+ if (src) {
+ /* Duplicate attribute. Print warning */
+ PR_fprintf(errorFD,
+ "warning: \"%s\" attribute overwrites previous attribute"
+ " in tag staring at %s:%d.\n",
+ pairp->attribute, filename, curitem->startLine);
+ warningCount++;
+ }
+ src = pairp->value;
+ }
+ /* CODE= */
+ else if (!PORT_Strcasecmp(pairp->attribute, "code")) {
+ /*!!!XXX Change PORT to PL all over this code !!! */
+ if (src) {
+ /* Duplicate attribute. Print warning */
+ PR_fprintf(errorFD,
+ "warning: \"%s\" attribute overwrites previous attribute"
+ " ,in tag staring at %s:%d.\n",
+ pairp->attribute, filename, curitem->startLine);
+ warningCount++;
+ }
+ src = pairp->value;
+
+ /* Append a .class if one is not already present */
+ if ((PL_strlen(src) < 6) ||
+ PL_strcasecmp((src + PL_strlen(src) - 6), ".class")) {
+ src = PR_smprintf("%s.class", src);
+ /* Put this string back into the data structure so it
+ * will be deallocated properly */
+ PR_Free(pairp->value);
+ pairp->value = src;
+ }
+ }
+ /* ID= */
+ else if (!PL_strcasecmp(pairp->attribute, "id")) {
+ if (id) {
+ /* Duplicate attribute. Print warning */
+ PR_fprintf(errorFD,
+ "warning: \"%s\" attribute overwrites previous attribute"
+ " in tag staring at %s:%d.\n",
+ pairp->attribute, filename, curitem->startLine);
+ warningCount++;
+ }
+ id = pairp->value;
+ }
+
+ /* STYLE= */
+ /* style= attributes, along with JS entities, are stored into
+ * files with dynamically generated names. The filenames are
+ * based on the order in which the text is found in the file.
+ * All JS entities on all lines up to and including the line
+ * containing the end of the tag that has this style= attribute
+ * will be processed before this style=attribute. So we need
+ * to record the line that this _tag_ (not the attribute) ends on.
+ */
+ else if (!PL_strcasecmp(pairp->attribute, "style") && pairp->value) {
+ HTMLItem *styleItem;
+ /* Put this item on the style list */
+ styleItem = CreateTextItem(PL_strdup(pairp->value),
+ curitem->startLine, curitem->endLine);
+ if (styleListTail == NULL) {
+ styleList = styleListTail = styleItem;
+ } else {
+ styleListTail->next = styleItem;
+ styleListTail = styleItem;
+ }
+ }
+ /* Event handlers */
+ else {
+ for (i = 0; i < num_handlers; i++) {
+ if (!PL_strcasecmp(event_handlers[i], pairp->attribute)) {
+ hasEventHandler = PR_TRUE;
+ break;
+ }
+ }
+ }
+
+ /* JS Entity */
+ {
+ char *entityStart, *entityEnd;
+ HTMLItem *entityItem;
+
+ /* go through each JavaScript entity ( &{...}; ) and store it
+ * in the entityList. The important thing is to record what
+ * line number it's on, so we can get it in the right order
+ * in relation to style= attributes.
+ * Apparently, these can't flow across lines, so the start and
+ * end line will be the same. That helps matters.
+ */
+ entityEnd = pairp->value;
+ while (entityEnd &&
+ (entityStart = PL_strstr(entityEnd, "&{")) /*}*/ != NULL) {
+ entityStart += 2; /* point at beginning of actual entity */
+ entityEnd = PL_strchr(entityStart, '}');
+ if (entityEnd) {
+ /* Put this item on the entity list */
+ *entityEnd = '\0';
+ entityItem = CreateTextItem(PL_strdup(entityStart),
+ pairp->valueLine, pairp->valueLine);
+ *entityEnd = /* { */ '}';
+ if (entityListTail) {
+ entityListTail->next = entityItem;
+ entityListTail = entityItem;
+ } else {
+ entityList = entityListTail = entityItem;
+ }
+ }
+ }
+ }
+ }
+
+ /* If no archive was supplied, we use the first one of the file */
+ if (!archiveDir && firstArchiveDir) {
+ archiveDir = PL_strdup(firstArchiveDir);
+ }
+
+ /* If we have an event handler, we need to archive this tag */
+ if (hasEventHandler) {
+ if (!id) {
+ PR_fprintf(errorFD,
+ "warning: tag starting at %s:%d has event handler but"
+ " no ID attribute. The tag will not be signed.\n",
+ filename, curitem->startLine);
+ warningCount++;
+ } else if (!archiveDir) {
+ PR_fprintf(errorFD,
+ "warning: tag starting at %s:%d has event handler but"
+ " no ARCHIVE attribute. The tag will not be signed.\n",
+ filename, curitem->startLine);
+ warningCount++;
+ } else {
+ if (SaveInlineScript(tagp->text, id, basedir, archiveDir)) {
+ goto loser;
+ }
+ }
+ }
+
+ switch (tagp->type) {
+ case APPLET_TAG:
+ if (!src) {
+ PR_fprintf(errorFD,
+ "error: APPLET tag starting on %s:%d has no CODE "
+ "attribute.\n",
+ filename, curitem->startLine);
+ errorCount++;
+ goto loser;
+ } else if (!archiveDir) {
+ PR_fprintf(errorFD,
+ "error: APPLET tag starting on %s:%d has no ARCHIVE "
+ "attribute.\n",
+ filename, curitem->startLine);
+ errorCount++;
+ goto loser;
+ } else {
+ if (SaveSource(src, codebase, basedir, archiveDir)) {
+ goto loser;
+ }
+ }
+ break;
+ case SCRIPT_TAG:
+ case LINK_TAG:
+ case STYLE_TAG:
+ if (!archiveDir) {
+ PR_fprintf(errorFD,
+ "error: %s tag starting on %s:%d has no ARCHIVE "
+ "attribute.\n",
+ TagTypeToString(tagp->type),
+ filename, curitem->startLine);
+ errorCount++;
+ goto loser;
+ } else if (src) {
+ if (SaveSource(src, codebase, basedir, archiveDir)) {
+ goto loser;
+ }
+ } else if (id) {
+ /* Save the next text item */
+ if (!curitem->next || (curitem->next->type !=
+ TEXT_ITEM)) {
+ PR_fprintf(errorFD,
+ "warning: %s tag starting on %s:%d is not followed"
+ " by script text.\n",
+ TagTypeToString(tagp->type),
+ filename, curitem->startLine);
+ warningCount++;
+ /* just create empty file */
+ if (SaveInlineScript("", id, basedir, archiveDir)) {
+ goto loser;
+ }
+ } else {
+ curitem = curitem->next;
+ if (SaveInlineScript(curitem->item.text,
+ id, basedir,
+ archiveDir)) {
+ goto loser;
+ }
+ }
+ } else {
+ /* No src or id tag--warning */
+ PR_fprintf(errorFD,
+ "warning: %s tag starting on %s:%d has no SRC or"
+ " ID attributes. Will not sign.\n",
+ TagTypeToString(tagp->type), filename, curitem->startLine);
+ warningCount++;
+ }
+ break;
+ default:
+ /* do nothing for other tags */
+ break;
+ }
}
/* Now deal with all the unnamable scripts */
if (firstArchiveDir) {
- HTMLItem * style, *entity;
-
- /* Go through the lists of JS entities and style attributes. Do them
- * in chronological order within a list. Pick the list with the lower
- * endLine. In case of a tie, entities come first.
- */
- style = styleList;
- entity = entityList;
- while (style || entity) {
- if (!entity || (style && (style->endLine < entity->endLine))) {
- /* Process style */
- SaveUnnamableScript(style->item.text, basedir, firstArchiveDir,
- filename);
- style = style->next;
- } else {
- /* Process entity */
- SaveUnnamableScript(entity->item.text, basedir, firstArchiveDir,
- filename);
- entity = entity->next;
- }
- }
+ HTMLItem *style, *entity;
+
+ /* Go through the lists of JS entities and style attributes. Do them
+ * in chronological order within a list. Pick the list with the lower
+ * endLine. In case of a tie, entities come first.
+ */
+ style = styleList;
+ entity = entityList;
+ while (style || entity) {
+ if (!entity || (style && (style->endLine < entity->endLine))) {
+ /* Process style */
+ SaveUnnamableScript(style->item.text, basedir, firstArchiveDir,
+ filename);
+ style = style->next;
+ } else {
+ /* Process entity */
+ SaveUnnamableScript(entity->item.text, basedir, firstArchiveDir,
+ filename);
+ entity = entity->next;
+ }
+ }
}
-
retval = 0;
loser:
/* Blow away the stream */
while (head) {
- curitem = head;
- head = head->next;
- DestroyHTMLItem(curitem);
+ curitem = head;
+ head = head->next;
+ DestroyHTMLItem(curitem);
}
while (styleList) {
- curitem = styleList;
- styleList = styleList->next;
- DestroyHTMLItem(curitem);
+ curitem = styleList;
+ styleList = styleList->next;
+ DestroyHTMLItem(curitem);
}
while (entityList) {
- curitem = entityList;
- entityList = entityList->next;
- DestroyHTMLItem(curitem);
+ curitem = entityList;
+ entityList = entityList->next;
+ DestroyHTMLItem(curitem);
}
if (text) {
- PR_Free(text);
- text = NULL;
+ PR_Free(text);
+ text = NULL;
}
if (fb) {
- FB_Destroy(fb);
- fb = NULL;
+ FB_Destroy(fb);
+ fb = NULL;
}
if (fd) {
- PR_Close(fd);
+ PR_Close(fd);
}
if (tagerr) {
- PR_smprintf_free(tagerr);
- tagerr = NULL;
+ PR_smprintf_free(tagerr);
+ tagerr = NULL;
}
if (archiveDir) {
- PR_Free(archiveDir);
- archiveDir = NULL;
+ PR_Free(archiveDir);
+ archiveDir = NULL;
}
if (firstArchiveDir) {
- PR_Free(firstArchiveDir);
- firstArchiveDir = NULL;
+ PR_Free(firstArchiveDir);
+ firstArchiveDir = NULL;
}
return retval;
}
-
/**********************************************************************
*
* e n s u r e E x i s t s
@@ -1688,22 +1665,21 @@ loser:
* Returns PR_SUCCESS if the directory is present, PR_FAILURE otherwise.
*/
static PRStatus
-ensureExists (char *base, char *path)
+ensureExists(char *base, char *path)
{
- char fn [FNSIZE];
- PRDir * dir;
- sprintf (fn, "%s/%s", base, path);
+ char fn[FNSIZE];
+ PRDir *dir;
+ sprintf(fn, "%s/%s", base, path);
/*PR_fprintf(outputFD, "Trying to open directory %s.\n", fn);*/
- if ( (dir = PR_OpenDir(fn)) ) {
- PR_CloseDir(dir);
- return PR_SUCCESS;
+ if ((dir = PR_OpenDir(fn))) {
+ PR_CloseDir(dir);
+ return PR_SUCCESS;
}
return PR_MkDir(fn, 0777);
}
-
/***************************************************************************
*
* m a k e _ d i r s
@@ -1711,52 +1687,52 @@ ensureExists (char *base, char *path)
* Ensure that the directory portion of the path exists. This may require
* making the directory, and its parent, and its parent's parent, etc.
*/
-static int
+static int
make_dirs(char *path, int file_perms)
{
- char *Path;
- char *start;
- char *sep;
- int ret = 0;
+ char *Path;
+ char *start;
+ char *sep;
+ int ret = 0;
PRFileInfo info;
if (!path) {
- return 0;
+ return 0;
}
Path = PL_strdup(path);
start = strpbrk(Path, "/\\");
if (!start) {
- return 0;
+ return 0;
}
start++; /* start right after first slash */
/* Each time through the loop add one more directory. */
- while ( (sep = strpbrk(start, "/\\")) ) {
- *sep = '\0';
-
- if ( PR_GetFileInfo(Path, &info) != PR_SUCCESS) {
- /* No such dir, we have to create it */
- if ( PR_MkDir(Path, file_perms) != PR_SUCCESS) {
- PR_fprintf(errorFD, "ERROR: Unable to create directory %s.\n",
- Path);
- errorCount++;
- ret = -1;
- goto loser;
- }
- } else {
- /* something exists by this name, make sure it's a directory */
- if ( info.type != PR_FILE_DIRECTORY ) {
- PR_fprintf(errorFD, "ERROR: Unable to create directory %s.\n",
- Path);
- errorCount++;
- ret = -1;
- goto loser;
- }
- }
-
- start = sep + 1; /* start after the next slash */
- *sep = '/';
+ while ((sep = strpbrk(start, "/\\"))) {
+ *sep = '\0';
+
+ if (PR_GetFileInfo(Path, &info) != PR_SUCCESS) {
+ /* No such dir, we have to create it */
+ if (PR_MkDir(Path, file_perms) != PR_SUCCESS) {
+ PR_fprintf(errorFD, "ERROR: Unable to create directory %s.\n",
+ Path);
+ errorCount++;
+ ret = -1;
+ goto loser;
+ }
+ } else {
+ /* something exists by this name, make sure it's a directory */
+ if (info.type != PR_FILE_DIRECTORY) {
+ PR_fprintf(errorFD, "ERROR: Unable to create directory %s.\n",
+ Path);
+ errorCount++;
+ ret = -1;
+ goto loser;
+ }
+ }
+
+ start = sep + 1; /* start after the next slash */
+ *sep = '/';
}
loser:
@@ -1764,72 +1740,69 @@ loser:
return ret;
}
-
/*
* c o p y i n t o
*
* Function to copy file "from" to path "to".
*
*/
-static int
-copyinto (char *from, char *to)
+static int
+copyinto(char *from, char *to)
{
PRInt32 num;
- char buf [BUFSIZ];
- PRFileDesc * infp = NULL, *outfp = NULL;
- int retval = -1;
+ char buf[BUFSIZ];
+ PRFileDesc *infp = NULL, *outfp = NULL;
+ int retval = -1;
if ((infp = PR_Open(from, PR_RDONLY, 0777)) == NULL) {
- PR_fprintf(errorFD, "ERROR: Unable to open \"%s\" for reading.\n",
- from);
- errorCount++;
- goto finish;
+ PR_fprintf(errorFD, "ERROR: Unable to open \"%s\" for reading.\n",
+ from);
+ errorCount++;
+ goto finish;
}
/* If to already exists, print a warning before deleting it */
if (PR_Access(to, PR_ACCESS_EXISTS) == PR_SUCCESS) {
- PR_fprintf(errorFD, "warning: %s already exists--will overwrite\n", to);
- warningCount++;
- if (rm_dash_r(to)) {
- PR_fprintf(errorFD,
- "ERROR: Unable to remove %s.\n", to);
- errorCount++;
- goto finish;
- }
- }
-
- if ((outfp = PR_Open(to, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0777))
- == NULL) {
- char *errBuf = NULL;
-
- errBuf = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_fprintf(errorFD, "ERROR: Unable to open \"%s\" for writing.\n", to);
- if (PR_GetErrorText(errBuf)) {
- PR_fprintf(errorFD, "Cause: %s\n", errBuf);
- }
- if (errBuf) {
- PR_Free(errBuf);
- }
- errorCount++;
- goto finish;
- }
-
- while ( (num = PR_Read(infp, buf, BUFSIZ)) > 0) {
- if (PR_Write(outfp, buf, num) != num) {
- PR_fprintf(errorFD, "ERROR: Error writing to %s.\n", to);
- errorCount++;
- goto finish;
- }
+ PR_fprintf(errorFD, "warning: %s already exists--will overwrite\n", to);
+ warningCount++;
+ if (rm_dash_r(to)) {
+ PR_fprintf(errorFD,
+ "ERROR: Unable to remove %s.\n", to);
+ errorCount++;
+ goto finish;
+ }
+ }
+
+ if ((outfp = PR_Open(to, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0777)) ==
+ NULL) {
+ char *errBuf = NULL;
+
+ errBuf = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_fprintf(errorFD, "ERROR: Unable to open \"%s\" for writing.\n", to);
+ if (PR_GetErrorText(errBuf)) {
+ PR_fprintf(errorFD, "Cause: %s\n", errBuf);
+ }
+ if (errBuf) {
+ PR_Free(errBuf);
+ }
+ errorCount++;
+ goto finish;
+ }
+
+ while ((num = PR_Read(infp, buf, BUFSIZ)) > 0) {
+ if (PR_Write(outfp, buf, num) != num) {
+ PR_fprintf(errorFD, "ERROR: Error writing to %s.\n", to);
+ errorCount++;
+ goto finish;
+ }
}
retval = 0;
finish:
- if (infp)
- PR_Close(infp);
- if (outfp)
- PR_Close(outfp);
+ if (infp)
+ PR_Close(infp);
+ if (outfp)
+ PR_Close(outfp);
return retval;
}
-
-
diff --git a/cmd/signtool/list.c b/cmd/signtool/list.c
index 048c51da4..70f62d2b1 100644
--- a/cmd/signtool/list.c
+++ b/cmd/signtool/list.c
@@ -6,9 +6,9 @@
#include "pk11func.h"
#include "certdb.h"
-static int num_trav_certs = 0;
+static int num_trav_certs = 0;
static SECStatus cert_trav_callback(CERTCertificate *cert, SECItem *k,
- void *data);
+ void *data);
/*********************************************************************
*
@@ -17,26 +17,26 @@ static SECStatus cert_trav_callback(CERTCertificate *cert, SECItem *k,
int
ListCerts(char *key, int list_certs)
{
- int failed = 0;
+ int failed = 0;
SECStatus rv;
- char *ugly_list;
- CERTCertDBHandle * db;
+ char *ugly_list;
+ CERTCertDBHandle *db;
- CERTCertificate * cert;
+ CERTCertificate *cert;
CERTVerifyLog errlog;
errlog.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( errlog.arena == NULL) {
- out_of_memory();
+ if (errlog.arena == NULL) {
+ out_of_memory();
}
errlog.head = NULL;
errlog.tail = NULL;
errlog.count = 0;
- ugly_list = PORT_ZAlloc (16);
+ ugly_list = PORT_ZAlloc(16);
if (ugly_list == NULL) {
- out_of_memory();
+ out_of_memory();
}
*ugly_list = 0;
@@ -44,103 +44,101 @@ ListCerts(char *key, int list_certs)
db = CERT_GetDefaultCertDB();
if (list_certs == 2) {
- PR_fprintf(outputFD, "\nS Certificates\n");
- PR_fprintf(outputFD, "- ------------\n");
+ PR_fprintf(outputFD, "\nS Certificates\n");
+ PR_fprintf(outputFD, "- ------------\n");
} else {
- PR_fprintf(outputFD, "\nObject signing certificates\n");
- PR_fprintf(outputFD, "---------------------------------------\n");
+ PR_fprintf(outputFD, "\nObject signing certificates\n");
+ PR_fprintf(outputFD, "---------------------------------------\n");
}
num_trav_certs = 0;
/* Traverse ALL tokens in all slots, authenticating to them all */
- rv = PK11_TraverseSlotCerts(cert_trav_callback, (void * )&list_certs,
- &pwdata);
+ rv = PK11_TraverseSlotCerts(cert_trav_callback, (void *)&list_certs,
+ &pwdata);
if (rv) {
- PR_fprintf(outputFD, "**Traverse of ALL slots & tokens failed**\n");
- return - 1;
+ PR_fprintf(outputFD, "**Traverse of ALL slots & tokens failed**\n");
+ return -1;
}
if (num_trav_certs == 0) {
- PR_fprintf(outputFD,
- "You don't appear to have any object signing certificates.\n");
+ PR_fprintf(outputFD,
+ "You don't appear to have any object signing certificates.\n");
}
if (list_certs == 2) {
- PR_fprintf(outputFD, "- ------------\n");
+ PR_fprintf(outputFD, "- ------------\n");
} else {
- PR_fprintf(outputFD, "---------------------------------------\n");
+ PR_fprintf(outputFD, "---------------------------------------\n");
}
if (list_certs == 1) {
- PR_fprintf(outputFD,
- "For a list including CA's, use \"%s -L\"\n", PROGRAM_NAME);
+ PR_fprintf(outputFD,
+ "For a list including CA's, use \"%s -L\"\n", PROGRAM_NAME);
}
if (list_certs == 2) {
- PR_fprintf(outputFD,
- "Certificates that can be used to sign objects have *'s to "
- "their left.\n");
+ PR_fprintf(outputFD,
+ "Certificates that can be used to sign objects have *'s to "
+ "their left.\n");
}
if (key) {
- /* Do an analysis of the given cert */
-
- cert = PK11_FindCertFromNickname(key, &pwdata);
-
- if (cert) {
- PR_fprintf(outputFD,
- "\nThe certificate with nickname \"%s\" was found:\n",
- cert->nickname);
- PR_fprintf(outputFD, "\tsubject name: %s\n", cert->subjectName);
- PR_fprintf(outputFD, "\tissuer name: %s\n", cert->issuerName);
-
- PR_fprintf(outputFD, "\n");
-
- rv = CERT_CertTimesValid (cert);
- if (rv != SECSuccess) {
- PR_fprintf(outputFD, "**This certificate is expired**\n");
- } else {
- PR_fprintf(outputFD, "This certificate is not expired.\n");
- }
-
- rv = CERT_VerifyCert (db, cert, PR_TRUE,
- certUsageObjectSigner, PR_Now(), &pwdata, &errlog);
-
- if (rv != SECSuccess) {
- failed = 1;
- if (errlog.count > 0) {
- PR_fprintf(outputFD,
- "**Certificate validation failed for the "
- "following reason(s):**\n");
- } else {
- PR_fprintf(outputFD, "**Certificate validation failed**");
- }
- } else {
- PR_fprintf(outputFD, "This certificate is valid.\n");
- }
- displayVerifyLog(&errlog);
-
-
- } else {
- failed = 1;
- PR_fprintf(outputFD,
- "The certificate with nickname \"%s\" was NOT FOUND\n", key);
- }
+ /* Do an analysis of the given cert */
+
+ cert = PK11_FindCertFromNickname(key, &pwdata);
+
+ if (cert) {
+ PR_fprintf(outputFD,
+ "\nThe certificate with nickname \"%s\" was found:\n",
+ cert->nickname);
+ PR_fprintf(outputFD, "\tsubject name: %s\n", cert->subjectName);
+ PR_fprintf(outputFD, "\tissuer name: %s\n", cert->issuerName);
+
+ PR_fprintf(outputFD, "\n");
+
+ rv = CERT_CertTimesValid(cert);
+ if (rv != SECSuccess) {
+ PR_fprintf(outputFD, "**This certificate is expired**\n");
+ } else {
+ PR_fprintf(outputFD, "This certificate is not expired.\n");
+ }
+
+ rv = CERT_VerifyCert(db, cert, PR_TRUE,
+ certUsageObjectSigner, PR_Now(), &pwdata, &errlog);
+
+ if (rv != SECSuccess) {
+ failed = 1;
+ if (errlog.count > 0) {
+ PR_fprintf(outputFD,
+ "**Certificate validation failed for the "
+ "following reason(s):**\n");
+ } else {
+ PR_fprintf(outputFD, "**Certificate validation failed**");
+ }
+ } else {
+ PR_fprintf(outputFD, "This certificate is valid.\n");
+ }
+ displayVerifyLog(&errlog);
+
+ } else {
+ failed = 1;
+ PR_fprintf(outputFD,
+ "The certificate with nickname \"%s\" was NOT FOUND\n", key);
+ }
}
if (errlog.arena != NULL) {
- PORT_FreeArena(errlog.arena, PR_FALSE);
+ PORT_FreeArena(errlog.arena, PR_FALSE);
}
if (failed) {
- return - 1;
+ return -1;
}
return 0;
}
-
/********************************************************************
*
* c e r t _ t r a v _ c a l l b a c k
@@ -148,72 +146,70 @@ ListCerts(char *key, int list_certs)
static SECStatus
cert_trav_callback(CERTCertificate *cert, SECItem *k, void *data)
{
- int list_certs = 1;
+ int list_certs = 1;
char *name;
if (data) {
- list_certs = *((int * )data);
+ list_certs = *((int *)data);
}
#define LISTING_USER_SIGNING_CERTS (list_certs == 1)
-#define LISTING_ALL_CERTS (list_certs == 2)
+#define LISTING_ALL_CERTS (list_certs == 2)
name = cert->nickname;
if (name) {
- int isSigningCert;
-
- isSigningCert = cert->nsCertType & NS_CERT_TYPE_OBJECT_SIGNING;
- if (!isSigningCert && LISTING_USER_SIGNING_CERTS)
- return (SECSuccess);
-
- /* Display this name or email address */
- num_trav_certs++;
-
- if (LISTING_ALL_CERTS) {
- PR_fprintf(outputFD, "%s ", isSigningCert ? "*" : " ");
- }
- PR_fprintf(outputFD, "%s\n", name);
-
- if (LISTING_USER_SIGNING_CERTS) {
- int rv = SECFailure;
- if (rv) {
- CERTCertificate * issuerCert;
- issuerCert = CERT_FindCertIssuer(cert, PR_Now(),
- certUsageObjectSigner);
- if (issuerCert) {
- if (issuerCert->nickname && issuerCert->nickname[0]) {
- PR_fprintf(outputFD, " Issued by: %s\n",
- issuerCert->nickname);
- rv = SECSuccess;
- }
- CERT_DestroyCertificate(issuerCert);
- }
- }
- if (rv && cert->issuerName && cert->issuerName[0]) {
- PR_fprintf(outputFD, " Issued by: %s \n", cert->issuerName);
- }
- {
- char *expires;
- expires = DER_TimeChoiceDayToAscii(&cert->validity.notAfter);
- if (expires) {
- PR_fprintf(outputFD, " Expires: %s\n", expires);
- PORT_Free(expires);
- }
- }
-
- rv = CERT_VerifyCertNow (cert->dbhandle, cert,
- PR_TRUE, certUsageObjectSigner, &pwdata);
-
- if (rv != SECSuccess) {
- rv = PORT_GetError();
- PR_fprintf(outputFD,
- " ++ Error ++ THIS CERTIFICATE IS NOT VALID (%s)\n",
- secErrorString(rv));
- }
- }
+ int isSigningCert;
+
+ isSigningCert = cert->nsCertType & NS_CERT_TYPE_OBJECT_SIGNING;
+ if (!isSigningCert && LISTING_USER_SIGNING_CERTS)
+ return (SECSuccess);
+
+ /* Display this name or email address */
+ num_trav_certs++;
+
+ if (LISTING_ALL_CERTS) {
+ PR_fprintf(outputFD, "%s ", isSigningCert ? "*" : " ");
+ }
+ PR_fprintf(outputFD, "%s\n", name);
+
+ if (LISTING_USER_SIGNING_CERTS) {
+ int rv = SECFailure;
+ if (rv) {
+ CERTCertificate *issuerCert;
+ issuerCert = CERT_FindCertIssuer(cert, PR_Now(),
+ certUsageObjectSigner);
+ if (issuerCert) {
+ if (issuerCert->nickname && issuerCert->nickname[0]) {
+ PR_fprintf(outputFD, " Issued by: %s\n",
+ issuerCert->nickname);
+ rv = SECSuccess;
+ }
+ CERT_DestroyCertificate(issuerCert);
+ }
+ }
+ if (rv && cert->issuerName && cert->issuerName[0]) {
+ PR_fprintf(outputFD, " Issued by: %s \n", cert->issuerName);
+ }
+ {
+ char *expires;
+ expires = DER_TimeChoiceDayToAscii(&cert->validity.notAfter);
+ if (expires) {
+ PR_fprintf(outputFD, " Expires: %s\n", expires);
+ PORT_Free(expires);
+ }
+ }
+
+ rv = CERT_VerifyCertNow(cert->dbhandle, cert,
+ PR_TRUE, certUsageObjectSigner, &pwdata);
+
+ if (rv != SECSuccess) {
+ rv = PORT_GetError();
+ PR_fprintf(outputFD,
+ " ++ Error ++ THIS CERTIFICATE IS NOT VALID (%s)\n",
+ secErrorString(rv));
+ }
+ }
}
return (SECSuccess);
}
-
-
diff --git a/cmd/signtool/sign.c b/cmd/signtool/sign.c
index 11167e078..a79512e7f 100644
--- a/cmd/signtool/sign.c
+++ b/cmd/signtool/sign.c
@@ -3,137 +3,141 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "signtool.h"
-#include "zip.h"
+#include "zip.h"
#include "prmem.h"
#include "blapi.h"
-#include "sechash.h" /* for HASH_GetHashObject() */
-
-static int create_pk7 (char *dir, char *keyName, int *keyType);
-static int jar_find_key_type (CERTCertificate *cert);
-static int manifesto (char *dirname, char *install_script, PRBool recurse);
-static int manifesto_fn(char *relpath, char *basedir, char *reldir,
- char *filename, void *arg);
-static int manifesto_xpi_fn(char *relpath, char *basedir, char *reldir,
- char *filename, void *arg);
-static int sign_all_arc_fn(char *relpath, char *basedir, char *reldir,
- char *filename, void *arg);
-static int add_meta (FILE *fp, char *name);
-static int SignFile (FILE *outFile, FILE *inFile, CERTCertificate *cert);
-static int generate_SF_file (char *manifile, char *who);
-static int calculate_MD5_range (FILE *fp, long r1, long r2,
- JAR_Digest *dig);
-static void SignOut (void *arg, const char *buf, unsigned long len);
-
-static char *metafile = NULL;
-static int optimize = 0;
+#include "sechash.h" /* for HASH_GetHashObject() */
+
+static int create_pk7(char *dir, char *keyName, int *keyType);
+static int jar_find_key_type(CERTCertificate *cert);
+static int manifesto(char *dirname, char *install_script, PRBool recurse);
+static int manifesto_fn(char *relpath, char *basedir, char *reldir,
+ char *filename, void *arg);
+static int manifesto_xpi_fn(char *relpath, char *basedir, char *reldir,
+ char *filename, void *arg);
+static int sign_all_arc_fn(char *relpath, char *basedir, char *reldir,
+ char *filename, void *arg);
+static int add_meta(FILE *fp, char *name);
+static int SignFile(FILE *outFile, FILE *inFile, CERTCertificate *cert);
+static int generate_SF_file(char *manifile, char *who);
+static int calculate_MD5_range(FILE *fp, long r1, long r2,
+ JAR_Digest *dig);
+static void SignOut(void *arg, const char *buf, unsigned long len);
+
+static char *metafile = NULL;
+static int optimize = 0;
static FILE *mf;
static ZIPfile *zipfile = NULL;
-/*
+/*
* S i g n A r c h i v e
*
- * Sign an individual archive tree. A directory
+ * Sign an individual archive tree. A directory
* called META-INF is created underneath this.
*
*/
int
SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
- char *meta_file, char *install_script, int _optimize, PRBool recurse)
+ char *meta_file, char *install_script, int _optimize, PRBool recurse)
{
- int status;
- char tempfn [FNSIZE], fullfn [FNSIZE];
- int keyType = rsaKey;
+ int status;
+ char tempfn[FNSIZE], fullfn[FNSIZE];
+ int keyType = rsaKey;
metafile = meta_file;
optimize = _optimize;
- /* To create XPI compatible Archive manifesto() must be run before
+ /* To create XPI compatible Archive manifesto() must be run before
* the zipfile is opened. This is so the signed files are not added
* the archive before the crucial rsa/dsa file*/
if (xpi_arc) {
- manifesto (tree, install_script, recurse);
+ manifesto(tree, install_script, recurse);
}
if (zip_file) {
- zipfile = JzipOpen(zip_file, NULL /*no comment*/);
+ zipfile = JzipOpen(zip_file, NULL /*no comment*/);
}
/*Sign and add files to the archive normally with manifesto()*/
if (!xpi_arc) {
- manifesto (tree, install_script, recurse);
+ manifesto(tree, install_script, recurse);
}
if (keyName) {
- status = create_pk7 (tree, keyName, &keyType);
- if (status < 0) {
- PR_fprintf(errorFD, "the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
- tree);
- errorCount++;
- exit (ERRX);
- }
+ status = create_pk7(tree, keyName, &keyType);
+ if (status < 0) {
+ PR_fprintf(errorFD, "the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
+ tree);
+ errorCount++;
+ exit(ERRX);
+ }
}
/* Add the rsa/dsa file as the first file in the archive. This is crucial
* for a XPInstall compatible archive */
if (xpi_arc) {
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "%s \n", XPI_TEXT);
- }
-
- /* rsa/dsa to zip */
- sprintf (tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
- "dsa" : "rsa"));
- sprintf (fullfn, "%s/%s", tree, tempfn);
- JzipAdd(fullfn, tempfn, zipfile, compression_level);
-
- /* Loop through all files & subdirectories, add to archive */
- foreach (tree, "", manifesto_xpi_fn, recurse, PR_FALSE /*include dirs */,
- (void * )NULL);
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "%s \n", XPI_TEXT);
+ }
+
+ /* rsa/dsa to zip */
+ sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
+ "dsa"
+ :
+ "rsa"));
+ sprintf(fullfn, "%s/%s", tree, tempfn);
+ JzipAdd(fullfn, tempfn, zipfile, compression_level);
+
+ /* Loop through all files & subdirectories, add to archive */
+ foreach (tree, "", manifesto_xpi_fn, recurse, PR_FALSE /*include dirs */,
+ (void *)NULL)
+ ;
}
/* mf to zip */
- strcpy (tempfn, "META-INF/manifest.mf");
- sprintf (fullfn, "%s/%s", tree, tempfn);
+ strcpy(tempfn, "META-INF/manifest.mf");
+ sprintf(fullfn, "%s/%s", tree, tempfn);
JzipAdd(fullfn, tempfn, zipfile, compression_level);
/* sf to zip */
- sprintf (tempfn, "META-INF/%s.sf", base);
- sprintf (fullfn, "%s/%s", tree, tempfn);
+ sprintf(tempfn, "META-INF/%s.sf", base);
+ sprintf(fullfn, "%s/%s", tree, tempfn);
JzipAdd(fullfn, tempfn, zipfile, compression_level);
/* Add the rsa/dsa file to the zip archive normally */
if (!xpi_arc) {
- /* rsa/dsa to zip */
- sprintf (tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
- "dsa" : "rsa"));
- sprintf (fullfn, "%s/%s", tree, tempfn);
- JzipAdd(fullfn, tempfn, zipfile, compression_level);
+ /* rsa/dsa to zip */
+ sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
+ "dsa"
+ :
+ "rsa"));
+ sprintf(fullfn, "%s/%s", tree, tempfn);
+ JzipAdd(fullfn, tempfn, zipfile, compression_level);
}
JzipClose(zipfile);
if (verbosity >= 0) {
- if (javascript) {
- PR_fprintf(outputFD, "jarfile \"%s\" signed successfully\n",
- zip_file);
- } else {
- PR_fprintf(outputFD, "tree \"%s\" signed successfully\n",
- tree);
- }
+ if (javascript) {
+ PR_fprintf(outputFD, "jarfile \"%s\" signed successfully\n",
+ zip_file);
+ } else {
+ PR_fprintf(outputFD, "tree \"%s\" signed successfully\n",
+ tree);
+ }
}
return 0;
}
-
typedef struct {
- char *keyName;
- int javascript;
- char *metafile;
- char *install_script;
- int optimize;
+ char *keyName;
+ int javascript;
+ char *metafile;
+ char *install_script;
+ int optimize;
} SignArcInfo;
-/*
+/*
* S i g n A l l A r c
*
* Javascript may generate multiple .arc directories, one
@@ -142,7 +146,7 @@ typedef struct {
*/
int
SignAllArc(char *jartree, char *keyName, int javascript, char *metafile,
-char *install_script, int optimize, PRBool recurse)
+ char *install_script, int optimize, PRBool recurse)
{
SignArcInfo info;
@@ -152,255 +156,251 @@ char *install_script, int optimize, PRBool recurse)
info.install_script = install_script;
info.optimize = optimize;
- return foreach(jartree, "", sign_all_arc_fn, recurse,
- PR_TRUE /*include dirs*/, (void * )&info);
+ return foreach (jartree, "", sign_all_arc_fn, recurse,
+ PR_TRUE /*include dirs*/, (void *)&info);
}
-
-static int
+static int
sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
- void *arg)
+ void *arg)
{
- char *zipfile = NULL;
- char *arc = NULL, *archive = NULL;
- int retval = 0;
- SignArcInfo * infop = (SignArcInfo * )arg;
+ char *zipfile = NULL;
+ char *arc = NULL, *archive = NULL;
+ int retval = 0;
+ SignArcInfo *infop = (SignArcInfo *)arg;
- /* Make sure there is one and only one ".arc" in the relative path,
+ /* Make sure there is one and only one ".arc" in the relative path,
* and that it is at the end of the path (don't sign .arcs within .arcs) */
- if ( (PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) -
- 4) &&
- (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4) ) {
-
- if (!infop) {
- PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto finish;
- }
- archive = PR_smprintf("%s/%s", basedir, relpath);
-
- zipfile = PL_strdup(archive);
- arc = PORT_Strrchr (zipfile, '.');
-
- if (arc == NULL) {
- PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto finish;
- }
-
- PL_strcpy (arc, ".jar");
-
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "\nsigning: %s\n", zipfile);
- }
- retval = SignArchive(archive, infop->keyName, zipfile,
- infop->javascript, infop->metafile, infop->install_script,
- infop->optimize, PR_TRUE /* recurse */);
+ if ((PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) -
+ 4) &&
+ (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4)) {
+
+ if (!infop) {
+ PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
+ errorCount++;
+ retval = -1;
+ goto finish;
+ }
+ archive = PR_smprintf("%s/%s", basedir, relpath);
+
+ zipfile = PL_strdup(archive);
+ arc = PORT_Strrchr(zipfile, '.');
+
+ if (arc == NULL) {
+ PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
+ errorCount++;
+ retval = -1;
+ goto finish;
+ }
+
+ PL_strcpy(arc, ".jar");
+
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "\nsigning: %s\n", zipfile);
+ }
+ retval = SignArchive(archive, infop->keyName, zipfile,
+ infop->javascript, infop->metafile, infop->install_script,
+ infop->optimize, PR_TRUE /* recurse */);
}
finish:
- if (archive)
- PR_Free(archive);
- if (zipfile)
- PR_Free(zipfile);
+ if (archive)
+ PR_Free(archive);
+ if (zipfile)
+ PR_Free(zipfile);
return retval;
}
-
/*********************************************************************
*
* c r e a t e _ p k 7
*/
-static int
-create_pk7 (char *dir, char *keyName, int *keyType)
+static int
+create_pk7(char *dir, char *keyName, int *keyType)
{
- int status = 0;
- char *file_ext;
+ int status = 0;
+ char *file_ext;
- CERTCertificate * cert;
- CERTCertDBHandle * db;
+ CERTCertificate *cert;
+ CERTCertDBHandle *db;
- FILE * in, *out;
+ FILE *in, *out;
- char sf_file [FNSIZE];
- char pk7_file [FNSIZE];
+ char sf_file[FNSIZE];
+ char pk7_file[FNSIZE];
/* open cert database */
db = CERT_GetDefaultCertDB();
if (db == NULL)
- return - 1;
+ return -1;
/* find cert */
/*cert = CERT_FindCertByNicknameOrEmailAddr(db, keyName);*/
cert = PK11_FindCertFromNickname(keyName, &pwdata);
if (cert == NULL) {
- SECU_PrintError ( PROGRAM_NAME,
- "Cannot find the cert \"%s\"", keyName);
- return -1;
+ SECU_PrintError(PROGRAM_NAME,
+ "Cannot find the cert \"%s\"", keyName);
+ return -1;
}
-
/* determine the key type, which sets the extension for pkcs7 object */
- *keyType = jar_find_key_type (cert);
+ *keyType = jar_find_key_type(cert);
file_ext = (*keyType == dsaKey) ? "dsa" : "rsa";
- sprintf (sf_file, "%s/META-INF/%s.sf", dir, base);
- sprintf (pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext);
+ sprintf(sf_file, "%s/META-INF/%s.sf", dir, base);
+ sprintf(pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext);
- if ((in = fopen (sf_file, "rb")) == NULL) {
- PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME,
- sf_file);
- errorCount++;
- exit (ERRX);
+ if ((in = fopen(sf_file, "rb")) == NULL) {
+ PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME,
+ sf_file);
+ errorCount++;
+ exit(ERRX);
}
- if ((out = fopen (pk7_file, "wb")) == NULL) {
- PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME,
- sf_file);
- errorCount++;
- exit (ERRX);
+ if ((out = fopen(pk7_file, "wb")) == NULL) {
+ PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME,
+ sf_file);
+ errorCount++;
+ exit(ERRX);
}
- status = SignFile (out, in, cert);
+ status = SignFile(out, in, cert);
- CERT_DestroyCertificate (cert);
- fclose (in);
- fclose (out);
+ CERT_DestroyCertificate(cert);
+ fclose(in);
+ fclose(out);
if (status) {
- PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n",
- PROGRAM_NAME, SECU_Strerror(PORT_GetError()));
- errorCount++;
- return - 1;
+ PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n",
+ PROGRAM_NAME, SECU_Strerror(PORT_GetError()));
+ errorCount++;
+ return -1;
}
return 0;
}
-
/*
* j a r _ f i n d _ k e y _ t y p e
- *
- * Determine the key type for a given cert, which
+ *
+ * Determine the key type for a given cert, which
* should be rsaKey or dsaKey. Any error return 0.
*
*/
-static int
-jar_find_key_type (CERTCertificate *cert)
+static int
+jar_find_key_type(CERTCertificate *cert)
{
- SECKEYPrivateKey * privk = NULL;
+ SECKEYPrivateKey *privk = NULL;
KeyType keyType;
/* determine its type */
- privk = PK11_FindKeyByAnyCert (cert, &pwdata);
+ privk = PK11_FindKeyByAnyCert(cert, &pwdata);
if (privk == NULL) {
- PR_fprintf(errorFD, "warning - can't find private key for this cert\n");
- warningCount++;
- return 0;
+ PR_fprintf(errorFD, "warning - can't find private key for this cert\n");
+ warningCount++;
+ return 0;
}
keyType = privk->keyType;
- SECKEY_DestroyPrivateKey (privk);
+ SECKEY_DestroyPrivateKey(privk);
return keyType;
}
-
/*
* m a n i f e s t o
*
- * Run once for every subdirectory in which a
+ * Run once for every subdirectory in which a
* manifest is to be created -- usually exactly once.
*
*/
-static int
-manifesto (char *dirname, char *install_script, PRBool recurse)
+static int
+manifesto(char *dirname, char *install_script, PRBool recurse)
{
- char metadir [FNSIZE], sfname [FNSIZE];
+ char metadir[FNSIZE], sfname[FNSIZE];
/* Create the META-INF directory to hold signing info */
- if (PR_Access (dirname, PR_ACCESS_READ_OK)) {
- PR_fprintf(errorFD, "%s: unable to read your directory: %s\n",
- PROGRAM_NAME, dirname);
- errorCount++;
- perror (dirname);
- exit (ERRX);
+ if (PR_Access(dirname, PR_ACCESS_READ_OK)) {
+ PR_fprintf(errorFD, "%s: unable to read your directory: %s\n",
+ PROGRAM_NAME, dirname);
+ errorCount++;
+ perror(dirname);
+ exit(ERRX);
}
- if (PR_Access (dirname, PR_ACCESS_WRITE_OK)) {
- PR_fprintf(errorFD, "%s: unable to write to your directory: %s\n",
- PROGRAM_NAME, dirname);
- errorCount++;
- perror(dirname);
- exit(ERRX);
+ if (PR_Access(dirname, PR_ACCESS_WRITE_OK)) {
+ PR_fprintf(errorFD, "%s: unable to write to your directory: %s\n",
+ PROGRAM_NAME, dirname);
+ errorCount++;
+ perror(dirname);
+ exit(ERRX);
}
- sprintf (metadir, "%s/META-INF", dirname);
+ sprintf(metadir, "%s/META-INF", dirname);
- strcpy (sfname, metadir);
+ strcpy(sfname, metadir);
- PR_MkDir (metadir, 0777);
+ PR_MkDir(metadir, 0777);
- strcat (metadir, "/");
- strcat (metadir, MANIFEST);
+ strcat(metadir, "/");
+ strcat(metadir, MANIFEST);
- if ((mf = fopen (metadir, "wb")) == NULL) {
- perror (MANIFEST);
- PR_fprintf(errorFD, "%s: Probably, the directory you are trying to"
- " sign has\n", PROGRAM_NAME);
- PR_fprintf(errorFD, "%s: permissions problems or may not exist.\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ if ((mf = fopen(metadir, "wb")) == NULL) {
+ perror(MANIFEST);
+ PR_fprintf(errorFD, "%s: Probably, the directory you are trying to"
+ " sign has\n",
+ PROGRAM_NAME);
+ PR_fprintf(errorFD, "%s: permissions problems or may not exist.\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
if (verbosity >= 0) {
- PR_fprintf(outputFD, "Generating %s file..\n", metadir);
+ PR_fprintf(outputFD, "Generating %s file..\n", metadir);
}
fprintf(mf, "Manifest-Version: 1.0\n");
- fprintf (mf, "Created-By: %s\n", CREATOR);
- fprintf (mf, "Comments: %s\n", BREAKAGE);
+ fprintf(mf, "Created-By: %s\n", CREATOR);
+ fprintf(mf, "Comments: %s\n", BREAKAGE);
if (scriptdir) {
- fprintf (mf, "Comments: --\n");
- fprintf (mf, "Comments: --\n");
- fprintf (mf, "Comments: -- This archive signs Javascripts which may not necessarily\n");
- fprintf (mf, "Comments: -- be included in the physical jar file.\n");
- fprintf (mf, "Comments: --\n");
- fprintf (mf, "Comments: --\n");
+ fprintf(mf, "Comments: --\n");
+ fprintf(mf, "Comments: --\n");
+ fprintf(mf, "Comments: -- This archive signs Javascripts which may not necessarily\n");
+ fprintf(mf, "Comments: -- be included in the physical jar file.\n");
+ fprintf(mf, "Comments: --\n");
+ fprintf(mf, "Comments: --\n");
}
if (install_script)
- fprintf (mf, "Install-Script: %s\n", install_script);
+ fprintf(mf, "Install-Script: %s\n", install_script);
if (metafile)
- add_meta (mf, "+");
+ add_meta(mf, "+");
/* Loop through all files & subdirectories */
foreach (dirname, "", manifesto_fn, recurse, PR_FALSE /*include dirs */,
- (void * )NULL);
+ (void *)NULL)
+ ;
- fclose (mf);
+ fclose(mf);
- strcat (sfname, "/");
- strcat (sfname, base);
- strcat (sfname, ".sf");
+ strcat(sfname, "/");
+ strcat(sfname, base);
+ strcat(sfname, ".sf");
if (verbosity >= 0) {
- PR_fprintf(outputFD, "Generating %s.sf file..\n", base);
+ PR_fprintf(outputFD, "Generating %s.sf file..\n", base);
}
- generate_SF_file (metadir, sfname);
+ generate_SF_file(metadir, sfname);
return 0;
}
-
/*
* m a n i f e s t o _ x p i _ f n
*
@@ -409,30 +409,29 @@ manifesto (char *dirname, char *install_script, PRBool recurse)
* is only used for adding to XPI compatible archive
*
*/
-static int manifesto_xpi_fn
-(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
+static int
+manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
{
- char fullname [FNSIZE];
+ char fullname[FNSIZE];
if (verbosity >= 0) {
- PR_fprintf(outputFD, "--> %s\n", relpath);
+ PR_fprintf(outputFD, "--> %s\n", relpath);
}
/* extension matching */
if (extensionsGiven) {
- char *ext = PL_strrchr(relpath, '.');
- if (!ext)
- return 0;
- if (!PL_HashTableLookup(extensions, ext))
- return 0;
+ char *ext = PL_strrchr(relpath, '.');
+ if (!ext)
+ return 0;
+ if (!PL_HashTableLookup(extensions, ext))
+ return 0;
}
- sprintf (fullname, "%s/%s", basedir, relpath);
+ sprintf(fullname, "%s/%s", basedir, relpath);
JzipAdd(fullname, relpath, zipfile, compression_level);
return 0;
}
-
/*
* m a n i f e s t o _ f n
*
@@ -440,76 +439,74 @@ static int manifesto_xpi_fn
* each file within the directory.
*
*/
-static int manifesto_fn
-(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
+static int
+manifesto_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
{
- int use_js;
+ int use_js;
JAR_Digest dig;
- char fullname [FNSIZE];
+ char fullname[FNSIZE];
if (verbosity >= 0) {
- PR_fprintf(outputFD, "--> %s\n", relpath);
+ PR_fprintf(outputFD, "--> %s\n", relpath);
}
/* extension matching */
if (extensionsGiven) {
- char *ext = PL_strrchr(relpath, '.');
- if (!ext)
- return 0;
- if (!PL_HashTableLookup(extensions, ext))
- return 0;
+ char *ext = PL_strrchr(relpath, '.');
+ if (!ext)
+ return 0;
+ if (!PL_HashTableLookup(extensions, ext))
+ return 0;
}
- sprintf (fullname, "%s/%s", basedir, relpath);
+ sprintf(fullname, "%s/%s", basedir, relpath);
- fprintf (mf, "\n");
+ fprintf(mf, "\n");
use_js = 0;
- if (scriptdir && !PORT_Strcmp (scriptdir, reldir))
- use_js++;
+ if (scriptdir && !PORT_Strcmp(scriptdir, reldir))
+ use_js++;
/* sign non-.js files inside .arc directories using the javascript magic */
- if ( (PL_strcaserstr(filename, ".js") != filename + strlen(filename) - 3)
- && (PL_strcaserstr(reldir, ".arc") == reldir + strlen(filename) - 4))
- use_js++;
+ if ((PL_strcaserstr(filename, ".js") != filename + strlen(filename) - 3) &&
+ (PL_strcaserstr(reldir, ".arc") == reldir + strlen(filename) - 4))
+ use_js++;
if (use_js) {
- fprintf (mf, "Name: %s\n", filename);
- fprintf (mf, "Magic: javascript\n");
+ fprintf(mf, "Name: %s\n", filename);
+ fprintf(mf, "Magic: javascript\n");
- if (optimize == 0)
- fprintf (mf, "javascript.id: %s\n", filename);
+ if (optimize == 0)
+ fprintf(mf, "javascript.id: %s\n", filename);
- if (metafile)
- add_meta (mf, filename);
+ if (metafile)
+ add_meta(mf, filename);
} else {
- fprintf (mf, "Name: %s\n", relpath);
- if (metafile)
- add_meta (mf, relpath);
+ fprintf(mf, "Name: %s\n", relpath);
+ if (metafile)
+ add_meta(mf, relpath);
}
- JAR_digest_file (fullname, &dig);
-
+ JAR_digest_file(fullname, &dig);
if (optimize == 0) {
- fprintf (mf, "Digest-Algorithms: MD5 SHA1\n");
- fprintf (mf, "MD5-Digest: %s\n", BTOA_DataToAscii (dig.md5,
- MD5_LENGTH));
+ fprintf(mf, "Digest-Algorithms: MD5 SHA1\n");
+ fprintf(mf, "MD5-Digest: %s\n", BTOA_DataToAscii(dig.md5,
+ MD5_LENGTH));
}
- fprintf (mf, "SHA1-Digest: %s\n", BTOA_DataToAscii (dig.sha1, SHA1_LENGTH));
+ fprintf(mf, "SHA1-Digest: %s\n", BTOA_DataToAscii(dig.sha1, SHA1_LENGTH));
if (!use_js) {
- JzipAdd(fullname, relpath, zipfile, compression_level);
+ JzipAdd(fullname, relpath, zipfile, compression_level);
}
return 0;
}
-
/*
* a d d _ m e t a
*
@@ -518,269 +515,267 @@ static int manifesto_fn
* should be using the -i option (ie, for SmartUpdate).
*
*/
-static int add_meta (FILE *fp, char *name)
+static int
+add_meta(FILE *fp, char *name)
{
- FILE * met;
- char buf [BUFSIZ];
+ FILE *met;
+ char buf[BUFSIZ];
- int place;
- char *pattern, *meta;
+ int place;
+ char *pattern, *meta;
- int num = 0;
+ int num = 0;
- if ((met = fopen (metafile, "r")) != NULL) {
- while (fgets (buf, BUFSIZ, met)) {
- char *s;
+ if ((met = fopen(metafile, "r")) != NULL) {
+ while (fgets(buf, BUFSIZ, met)) {
+ char *s;
- for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
- ;
- *s = 0;
+ for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
+ ;
+ *s = 0;
- if (*buf == 0)
- continue;
+ if (*buf == 0)
+ continue;
- pattern = buf;
+ pattern = buf;
- /* skip to whitespace */
- for (s = buf; *s && *s != ' ' && *s != '\t'; s++)
- ;
+ /* skip to whitespace */
+ for (s = buf; *s && *s != ' ' && *s != '\t'; s++)
+ ;
- /* terminate pattern */
- if (*s == ' ' || *s == '\t')
- *s++ = 0;
+ /* terminate pattern */
+ if (*s == ' ' || *s == '\t')
+ *s++ = 0;
- /* eat through whitespace */
- while (*s == ' ' || *s == '\t')
- s++;
+ /* eat through whitespace */
+ while (*s == ' ' || *s == '\t')
+ s++;
- meta = s;
+ meta = s;
- /* this will eventually be regexp matching */
+ /* this will eventually be regexp matching */
- place = 0;
- if (!PORT_Strcmp (pattern, name))
- place = 1;
+ place = 0;
+ if (!PORT_Strcmp(pattern, name))
+ place = 1;
- if (place) {
- num++;
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "[%s] %s\n", name, meta);
- }
- fprintf (fp, "%s\n", meta);
- }
- }
- fclose (met);
+ if (place) {
+ num++;
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "[%s] %s\n", name, meta);
+ }
+ fprintf(fp, "%s\n", meta);
+ }
+ }
+ fclose(met);
} else {
- PR_fprintf(errorFD, "%s: can't open metafile: %s\n", PROGRAM_NAME,
- metafile);
- errorCount++;
- exit (ERRX);
+ PR_fprintf(errorFD, "%s: can't open metafile: %s\n", PROGRAM_NAME,
+ metafile);
+ errorCount++;
+ exit(ERRX);
}
return num;
}
-
/**********************************************************************
*
* S i g n F i l e
*/
-static int
-SignFile (FILE *outFile, FILE *inFile, CERTCertificate *cert)
+static int
+SignFile(FILE *outFile, FILE *inFile, CERTCertificate *cert)
{
- int nb;
- char ibuf[4096], digestdata[32];
+ int nb;
+ char ibuf[4096], digestdata[32];
const SECHashObject *hashObj;
- void *hashcx;
- unsigned int len;
+ void *hashcx;
+ unsigned int len;
SECItem digest;
- SEC_PKCS7ContentInfo * cinfo;
+ SEC_PKCS7ContentInfo *cinfo;
SECStatus rv;
if (outFile == NULL || inFile == NULL || cert == NULL)
- return - 1;
+ return -1;
/* XXX probably want to extend interface to allow other hash algorithms */
hashObj = HASH_GetHashObject(HASH_AlgSHA1);
hashcx = (*hashObj->create)();
if (hashcx == NULL)
- return - 1;
+ return -1;
(*hashObj->begin)(hashcx);
- for (; ; ) {
- if (feof(inFile))
- break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- (*hashObj->destroy)(hashcx, PR_TRUE);
- return - 1;
- }
- /* eof */
- break;
- }
- (*hashObj->update)(hashcx, (unsigned char *) ibuf, nb);
- }
-
- (*hashObj->end)(hashcx, (unsigned char *) digestdata, &len, 32);
+ for (;;) {
+ if (feof(inFile))
+ break;
+ nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+ if (nb == 0) {
+ if (ferror(inFile)) {
+ PORT_SetError(SEC_ERROR_IO);
+ (*hashObj->destroy)(hashcx, PR_TRUE);
+ return -1;
+ }
+ /* eof */
+ break;
+ }
+ (*hashObj->update)(hashcx, (unsigned char *)ibuf, nb);
+ }
+
+ (*hashObj->end)(hashcx, (unsigned char *)digestdata, &len, 32);
(*hashObj->destroy)(hashcx, PR_TRUE);
- digest.data = (unsigned char *) digestdata;
+ digest.data = (unsigned char *)digestdata;
digest.len = len;
- cinfo = SEC_PKCS7CreateSignedData
- (cert, certUsageObjectSigner, NULL,
- SEC_OID_SHA1, &digest, NULL, NULL);
+ cinfo = SEC_PKCS7CreateSignedData(cert, certUsageObjectSigner, NULL,
+ SEC_OID_SHA1, &digest, NULL, NULL);
if (cinfo == NULL)
- return - 1;
+ return -1;
- rv = SEC_PKCS7IncludeCertChain (cinfo, NULL);
+ rv = SEC_PKCS7IncludeCertChain(cinfo, NULL);
if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return - 1;
+ SEC_PKCS7DestroyContentInfo(cinfo);
+ return -1;
}
if (no_time == 0) {
- rv = SEC_PKCS7AddSigningTime (cinfo);
- if (rv != SECSuccess) {
- /* don't check error */
- }
+ rv = SEC_PKCS7AddSigningTime(cinfo);
+ if (rv != SECSuccess) {
+ /* don't check error */
+ }
}
rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL, NULL, &pwdata);
- SEC_PKCS7DestroyContentInfo (cinfo);
+ SEC_PKCS7DestroyContentInfo(cinfo);
if (rv != SECSuccess)
- return - 1;
+ return -1;
return 0;
}
-
/*
- * g e n e r a t e _ S F _ f i l e
+ * g e n e r a t e _ S F _ f i l e
*
* From the supplied manifest file, calculates
* digests on the various sections, creating a .SF
* file in the process.
- *
+ *
*/
-static int generate_SF_file (char *manifile, char *who)
+static int
+generate_SF_file(char *manifile, char *who)
{
- FILE * sf;
- FILE * mf;
- long r1, r2, r3;
- char whofile [FNSIZE];
- char *buf, *name = NULL;
+ FILE *sf;
+ FILE *mf;
+ long r1, r2, r3;
+ char whofile[FNSIZE];
+ char *buf, *name = NULL;
JAR_Digest dig;
- int line = 0;
+ int line = 0;
- strcpy (whofile, who);
+ strcpy(whofile, who);
- if ((mf = fopen (manifile, "rb")) == NULL) {
- perror (manifile);
- exit (ERRX);
+ if ((mf = fopen(manifile, "rb")) == NULL) {
+ perror(manifile);
+ exit(ERRX);
}
- if ((sf = fopen (whofile, "wb")) == NULL) {
- perror (who);
- exit (ERRX);
+ if ((sf = fopen(whofile, "wb")) == NULL) {
+ perror(who);
+ exit(ERRX);
}
- buf = (char *) PORT_ZAlloc (BUFSIZ);
+ buf = (char *)PORT_ZAlloc(BUFSIZ);
if (buf)
- name = (char *) PORT_ZAlloc (BUFSIZ);
+ name = (char *)PORT_ZAlloc(BUFSIZ);
if (buf == NULL || name == NULL)
- out_of_memory();
+ out_of_memory();
- fprintf (sf, "Signature-Version: 1.0\n");
- fprintf (sf, "Created-By: %s\n", CREATOR);
- fprintf (sf, "Comments: %s\n", BREAKAGE);
+ fprintf(sf, "Signature-Version: 1.0\n");
+ fprintf(sf, "Created-By: %s\n", CREATOR);
+ fprintf(sf, "Comments: %s\n", BREAKAGE);
- if (fgets (buf, BUFSIZ, mf) == NULL) {
- PR_fprintf(errorFD, "%s: empty manifest file!\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ if (fgets(buf, BUFSIZ, mf) == NULL) {
+ PR_fprintf(errorFD, "%s: empty manifest file!\n", PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
- if (strncmp (buf, "Manifest-Version:", 17)) {
- PR_fprintf(errorFD, "%s: not a manifest file!\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ if (strncmp(buf, "Manifest-Version:", 17)) {
+ PR_fprintf(errorFD, "%s: not a manifest file!\n", PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
- fseek (mf, 0L, SEEK_SET);
+ fseek(mf, 0L, SEEK_SET);
/* Process blocks of headers, and calculate their hashen */
while (1) {
- /* Beginning range */
- r1 = ftell (mf);
+ /* Beginning range */
+ r1 = ftell(mf);
- if (fgets (name, BUFSIZ, mf) == NULL)
- break;
+ if (fgets(name, BUFSIZ, mf) == NULL)
+ break;
- line++;
+ line++;
- if (r1 != 0 && strncmp (name, "Name:", 5)) {
- PR_fprintf(errorFD,
- "warning: unexpected input in manifest file \"%s\" at line %d:\n",
- manifile, line);
- PR_fprintf(errorFD, "%s\n", name);
- warningCount++;
- }
+ if (r1 != 0 && strncmp(name, "Name:", 5)) {
+ PR_fprintf(errorFD,
+ "warning: unexpected input in manifest file \"%s\" at line %d:\n",
+ manifile, line);
+ PR_fprintf(errorFD, "%s\n", name);
+ warningCount++;
+ }
- r2 = r1;
- while (fgets (buf, BUFSIZ, mf)) {
- if (*buf == 0 || *buf == '\n' || *buf == '\r')
- break;
+ r2 = r1;
+ while (fgets(buf, BUFSIZ, mf)) {
+ if (*buf == 0 || *buf == '\n' || *buf == '\r')
+ break;
- line++;
+ line++;
- /* Ending range for hashing */
- r2 = ftell (mf);
- }
+ /* Ending range for hashing */
+ r2 = ftell(mf);
+ }
- r3 = ftell (mf);
+ r3 = ftell(mf);
- if (r1) {
- fprintf (sf, "\n");
- fprintf (sf, "%s", name);
- }
+ if (r1) {
+ fprintf(sf, "\n");
+ fprintf(sf, "%s", name);
+ }
- calculate_MD5_range (mf, r1, r2, &dig);
+ calculate_MD5_range(mf, r1, r2, &dig);
- if (optimize == 0) {
- fprintf (sf, "Digest-Algorithms: MD5 SHA1\n");
- fprintf (sf, "MD5-Digest: %s\n",
- BTOA_DataToAscii (dig.md5, MD5_LENGTH));
- }
+ if (optimize == 0) {
+ fprintf(sf, "Digest-Algorithms: MD5 SHA1\n");
+ fprintf(sf, "MD5-Digest: %s\n",
+ BTOA_DataToAscii(dig.md5, MD5_LENGTH));
+ }
- fprintf (sf, "SHA1-Digest: %s\n",
- BTOA_DataToAscii (dig.sha1, SHA1_LENGTH));
+ fprintf(sf, "SHA1-Digest: %s\n",
+ BTOA_DataToAscii(dig.sha1, SHA1_LENGTH));
- /* restore normalcy after changing offset position */
- fseek (mf, r3, SEEK_SET);
+ /* restore normalcy after changing offset position */
+ fseek(mf, r3, SEEK_SET);
}
- PORT_Free (buf);
- PORT_Free (name);
+ PORT_Free(buf);
+ PORT_Free(name);
- fclose (sf);
- fclose (mf);
+ fclose(sf);
+ fclose(mf);
return 0;
}
-
/*
* c a l c u l a t e _ M D 5 _ r a n g e
*
@@ -788,50 +783,48 @@ static int generate_SF_file (char *manifile, char *who)
* the specified fopen'd file. Returns base64.
*
*/
-static int
-calculate_MD5_range (FILE *fp, long r1, long r2, JAR_Digest *dig)
+static int
+calculate_MD5_range(FILE *fp, long r1, long r2, JAR_Digest *dig)
{
- int num;
- int range;
- unsigned char *buf;
+ int num;
+ int range;
+ unsigned char *buf;
SECStatus rv;
range = r2 - r1;
/* position to the beginning of range */
- fseek (fp, r1, SEEK_SET);
+ fseek(fp, r1, SEEK_SET);
- buf = (unsigned char *) PORT_ZAlloc (range);
+ buf = (unsigned char *)PORT_ZAlloc(range);
if (buf == NULL)
- out_of_memory();
+ out_of_memory();
- if ((num = fread (buf, 1, range, fp)) != range) {
- PR_fprintf(errorFD, "%s: expected %d bytes, got %d\n", PROGRAM_NAME,
- range, num);
- errorCount++;
- exit (ERRX);
+ if ((num = fread(buf, 1, range, fp)) != range) {
+ PR_fprintf(errorFD, "%s: expected %d bytes, got %d\n", PROGRAM_NAME,
+ range, num);
+ errorCount++;
+ exit(ERRX);
}
rv = PK11_HashBuf(SEC_OID_MD5, dig->md5, buf, range);
if (rv == SECSuccess) {
- rv =PK11_HashBuf(SEC_OID_SHA1, dig->sha1, buf, range);
+ rv = PK11_HashBuf(SEC_OID_SHA1, dig->sha1, buf, range);
}
if (rv != SECSuccess) {
- PR_fprintf(errorFD, "%s: can't generate digest context\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ PR_fprintf(errorFD, "%s: can't generate digest context\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
- PORT_Free (buf);
+ PORT_Free(buf);
return 0;
}
-
-static void SignOut (void *arg, const char *buf, unsigned long len)
+static void
+SignOut(void *arg, const char *buf, unsigned long len)
{
- fwrite (buf, len, 1, (FILE * ) arg);
+ fwrite(buf, len, 1, (FILE *)arg);
}
-
-
diff --git a/cmd/signtool/signtool.c b/cmd/signtool/signtool.c
index b5a8d4f4d..51857d638 100644
--- a/cmd/signtool/signtool.c
+++ b/cmd/signtool/signtool.c
@@ -8,9 +8,9 @@
* A command line tool to create manifest files
* from a directory hierarchy. It is assumed that
* the tree will be equivalent to what resides
- * or will reside in an archive.
+ * or will reside in an archive.
+ *
*
- *
*/
#include "nss.h"
@@ -21,59 +21,59 @@
/***********************************************************************
* Global Variable Definitions
*/
-char *progName; /* argv[0] */
+char *progName; /* argv[0] */
/* password data */
-secuPWData pwdata = { PW_NONE, 0 };
+secuPWData pwdata = { PW_NONE, 0 };
/* directories or files to exclude in descent */
PLHashTable *excludeDirs = NULL;
static PRBool exclusionsGiven = PR_FALSE;
/* zatharus is the man who knows no time, dies tragic death */
-int no_time = 0;
+int no_time = 0;
/* -b basename of .rsa, .sf files */
-char *base = DEFAULT_BASE_NAME;
+char *base = DEFAULT_BASE_NAME;
/* Only sign files with this extension */
PLHashTable *extensions = NULL;
PRBool extensionsGiven = PR_FALSE;
-char *scriptdir = NULL;
+char *scriptdir = NULL;
-int verbosity = 0;
+int verbosity = 0;
PRFileDesc *outputFD = NULL, *errorFD = NULL;
-int errorCount = 0, warningCount = 0;
+int errorCount = 0, warningCount = 0;
-int compression_level = DEFAULT_COMPRESSION_LEVEL;
+int compression_level = DEFAULT_COMPRESSION_LEVEL;
PRBool compression_level_specified = PR_FALSE;
-int xpi_arc = 0;
+int xpi_arc = 0;
/* Command-line arguments */
-static char *genkey = NULL;
-static char *verify = NULL;
-static char *zipfile = NULL;
-static char *cert_dir = NULL;
-static int javascript = 0;
-static char *jartree = NULL;
-static char *keyName = NULL;
-static char *metafile = NULL;
-static char *install_script = NULL;
-static int list_certs = 0;
-static int list_modules = 0;
-static int optimize = 0;
-static int enableOCSP = 0;
-static char *tell_who = NULL;
-static char *outfile = NULL;
-static char *cmdFile = NULL;
+static char *genkey = NULL;
+static char *verify = NULL;
+static char *zipfile = NULL;
+static char *cert_dir = NULL;
+static int javascript = 0;
+static char *jartree = NULL;
+static char *keyName = NULL;
+static char *metafile = NULL;
+static char *install_script = NULL;
+static int list_certs = 0;
+static int list_modules = 0;
+static int optimize = 0;
+static int enableOCSP = 0;
+static char *tell_who = NULL;
+static char *outfile = NULL;
+static char *cmdFile = NULL;
static PRBool noRecurse = PR_FALSE;
static PRBool leaveArc = PR_FALSE;
-static int keySize = -1;
-static char *token = NULL;
+static int keySize = -1;
+static char *token = NULL;
typedef enum {
UNKNOWN_OPT,
@@ -109,27 +109,24 @@ typedef enum {
KEYSIZE_OPT,
TOKEN_OPT,
XPI_ARC_OPT
-}
-
+}
OPT_TYPE;
typedef enum {
DUPLICATE_OPTION_ERR = 0,
OPTION_NEEDS_ARG_ERR
-}
-
+}
Error;
-static char *errStrings[] = {
+static char *errStrings[] = {
"warning: %s option specified more than once.\n"
"Only last specification will be used.\n",
"ERROR: option \"%s\" requires an argument.\n"
};
-
-static int ProcessOneOpt(OPT_TYPE type, char *arg);
+static int ProcessOneOpt(OPT_TYPE type, char *arg);
/*********************************************************************
*
@@ -138,124 +135,124 @@ static int ProcessOneOpt(OPT_TYPE type, char *arg);
int
ProcessCommandFile()
{
- PRFileDesc * fd;
+ PRFileDesc *fd;
#define CMD_FILE_BUFSIZE 1024
- char buf[CMD_FILE_BUFSIZE];
- char *equals;
- int linenum = 0;
- int retval = -1;
+ char buf[CMD_FILE_BUFSIZE];
+ char *equals;
+ int linenum = 0;
+ int retval = -1;
OPT_TYPE type;
fd = PR_Open(cmdFile, PR_RDONLY, 0777);
if (!fd) {
- PR_fprintf(errorFD, "ERROR: Unable to open command file %s.\n");
- errorCount++;
- return - 1;
+ PR_fprintf(errorFD, "ERROR: Unable to open command file %s.\n");
+ errorCount++;
+ return -1;
}
while (pr_fgets(buf, CMD_FILE_BUFSIZE, fd)) {
- char *eol;
- linenum++;
-
- /* Chop off final newline */
- eol = PL_strchr(buf, '\r');
- if (!eol) {
- eol = PL_strchr(buf, '\n');
- }
- if (eol)
- *eol = '\0';
-
- equals = PL_strchr(buf, '=');
- if (!equals) {
- continue;
- }
-
- *equals = '\0';
- equals++;
-
- /* Now buf points to the attribute, and equals points to the value. */
-
- /* This is pretty straightforward, just deal with whatever attribute
- * this is */
- if (!PL_strcasecmp(buf, "basename")) {
- type = BASE_OPT;
- } else if (!PL_strcasecmp(buf, "compression")) {
- type = COMPRESSION_OPT;
- } else if (!PL_strcasecmp(buf, "certdir")) {
- type = CERT_DIR_OPT;
- } else if (!PL_strcasecmp(buf, "extension")) {
- type = EXTENSION_OPT;
- } else if (!PL_strcasecmp(buf, "generate")) {
- type = GENKEY_OPT;
- } else if (!PL_strcasecmp(buf, "installScript")) {
- type = INSTALL_SCRIPT_OPT;
- } else if (!PL_strcasecmp(buf, "javascriptdir")) {
- type = SCRIPTDIR_OPT;
- } else if (!PL_strcasecmp(buf, "htmldir")) {
- type = JAVASCRIPT_OPT;
- if (jartree) {
- PR_fprintf(errorFD,
- "warning: directory to be signed specified more than once."
- " Only last specification will be used.\n");
- warningCount++;
- PR_Free(jartree);
- jartree = NULL;
- }
- jartree = PL_strdup(equals);
- } else if (!PL_strcasecmp(buf, "certname")) {
- type = CERTNAME_OPT;
- } else if (!PL_strcasecmp(buf, "signdir")) {
- type = SIGNDIR_OPT;
- } else if (!PL_strcasecmp(buf, "list")) {
- type = LIST_OBJSIGN_CERTS_OPT;
- } else if (!PL_strcasecmp(buf, "listall")) {
- type = LIST_ALL_CERTS_OPT;
- } else if (!PL_strcasecmp(buf, "metafile")) {
- type = METAFILE_OPT;
- } else if (!PL_strcasecmp(buf, "modules")) {
- type = MODULES_OPT;
- } else if (!PL_strcasecmp(buf, "optimize")) {
- type = OPTIMIZE_OPT;
- } else if (!PL_strcasecmp(buf, "ocsp")) {
- type = ENABLE_OCSP_OPT;
- } else if (!PL_strcasecmp(buf, "password")) {
- type = PASSWORD_OPT;
- } else if (!PL_strcasecmp(buf, "verify")) {
- type = VERIFY_OPT;
- } else if (!PL_strcasecmp(buf, "who")) {
- type = WHO_OPT;
- } else if (!PL_strcasecmp(buf, "exclude")) {
- type = EXCLUDE_OPT;
- } else if (!PL_strcasecmp(buf, "notime")) {
- type = NO_TIME_OPT;
- } else if (!PL_strcasecmp(buf, "jarfile")) {
- type = ZIPFILE_OPT;
- } else if (!PL_strcasecmp(buf, "outfile")) {
- type = OUTFILE_OPT;
- } else if (!PL_strcasecmp(buf, "leavearc")) {
- type = LEAVE_ARC_OPT;
- } else if (!PL_strcasecmp(buf, "verbosity")) {
- type = VERBOSITY_OPT;
- } else if (!PL_strcasecmp(buf, "keysize")) {
- type = KEYSIZE_OPT;
- } else if (!PL_strcasecmp(buf, "token")) {
- type = TOKEN_OPT;
- } else if (!PL_strcasecmp(buf, "xpi")) {
- type = XPI_ARC_OPT;
- } else {
- PR_fprintf(errorFD,
- "warning: unknown attribute \"%s\" in command file, line %d.\n",
- buf, linenum);
- warningCount++;
- type = UNKNOWN_OPT;
- }
-
- /* Process the option, whatever it is */
- if (type != UNKNOWN_OPT) {
- if (ProcessOneOpt(type, equals) == -1) {
- goto finish;
- }
- }
+ char *eol;
+ linenum++;
+
+ /* Chop off final newline */
+ eol = PL_strchr(buf, '\r');
+ if (!eol) {
+ eol = PL_strchr(buf, '\n');
+ }
+ if (eol)
+ *eol = '\0';
+
+ equals = PL_strchr(buf, '=');
+ if (!equals) {
+ continue;
+ }
+
+ *equals = '\0';
+ equals++;
+
+ /* Now buf points to the attribute, and equals points to the value. */
+
+ /* This is pretty straightforward, just deal with whatever attribute
+ * this is */
+ if (!PL_strcasecmp(buf, "basename")) {
+ type = BASE_OPT;
+ } else if (!PL_strcasecmp(buf, "compression")) {
+ type = COMPRESSION_OPT;
+ } else if (!PL_strcasecmp(buf, "certdir")) {
+ type = CERT_DIR_OPT;
+ } else if (!PL_strcasecmp(buf, "extension")) {
+ type = EXTENSION_OPT;
+ } else if (!PL_strcasecmp(buf, "generate")) {
+ type = GENKEY_OPT;
+ } else if (!PL_strcasecmp(buf, "installScript")) {
+ type = INSTALL_SCRIPT_OPT;
+ } else if (!PL_strcasecmp(buf, "javascriptdir")) {
+ type = SCRIPTDIR_OPT;
+ } else if (!PL_strcasecmp(buf, "htmldir")) {
+ type = JAVASCRIPT_OPT;
+ if (jartree) {
+ PR_fprintf(errorFD,
+ "warning: directory to be signed specified more than once."
+ " Only last specification will be used.\n");
+ warningCount++;
+ PR_Free(jartree);
+ jartree = NULL;
+ }
+ jartree = PL_strdup(equals);
+ } else if (!PL_strcasecmp(buf, "certname")) {
+ type = CERTNAME_OPT;
+ } else if (!PL_strcasecmp(buf, "signdir")) {
+ type = SIGNDIR_OPT;
+ } else if (!PL_strcasecmp(buf, "list")) {
+ type = LIST_OBJSIGN_CERTS_OPT;
+ } else if (!PL_strcasecmp(buf, "listall")) {
+ type = LIST_ALL_CERTS_OPT;
+ } else if (!PL_strcasecmp(buf, "metafile")) {
+ type = METAFILE_OPT;
+ } else if (!PL_strcasecmp(buf, "modules")) {
+ type = MODULES_OPT;
+ } else if (!PL_strcasecmp(buf, "optimize")) {
+ type = OPTIMIZE_OPT;
+ } else if (!PL_strcasecmp(buf, "ocsp")) {
+ type = ENABLE_OCSP_OPT;
+ } else if (!PL_strcasecmp(buf, "password")) {
+ type = PASSWORD_OPT;
+ } else if (!PL_strcasecmp(buf, "verify")) {
+ type = VERIFY_OPT;
+ } else if (!PL_strcasecmp(buf, "who")) {
+ type = WHO_OPT;
+ } else if (!PL_strcasecmp(buf, "exclude")) {
+ type = EXCLUDE_OPT;
+ } else if (!PL_strcasecmp(buf, "notime")) {
+ type = NO_TIME_OPT;
+ } else if (!PL_strcasecmp(buf, "jarfile")) {
+ type = ZIPFILE_OPT;
+ } else if (!PL_strcasecmp(buf, "outfile")) {
+ type = OUTFILE_OPT;
+ } else if (!PL_strcasecmp(buf, "leavearc")) {
+ type = LEAVE_ARC_OPT;
+ } else if (!PL_strcasecmp(buf, "verbosity")) {
+ type = VERBOSITY_OPT;
+ } else if (!PL_strcasecmp(buf, "keysize")) {
+ type = KEYSIZE_OPT;
+ } else if (!PL_strcasecmp(buf, "token")) {
+ type = TOKEN_OPT;
+ } else if (!PL_strcasecmp(buf, "xpi")) {
+ type = XPI_ARC_OPT;
+ } else {
+ PR_fprintf(errorFD,
+ "warning: unknown attribute \"%s\" in command file, line %d.\n",
+ buf, linenum);
+ warningCount++;
+ type = UNKNOWN_OPT;
+ }
+
+ /* Process the option, whatever it is */
+ if (type != UNKNOWN_OPT) {
+ if (ProcessOneOpt(type, equals) == -1) {
+ goto finish;
+ }
+ }
}
retval = 0;
@@ -265,189 +262,186 @@ finish:
return retval;
}
-
/*********************************************************************
*
* p a r s e _ a r g s
*/
-static int
+static int
parse_args(int argc, char *argv[])
{
- char *opt;
- char *arg;
- int needsInc = 0;
- int i;
+ char *opt;
+ char *arg;
+ int needsInc = 0;
+ int i;
OPT_TYPE type;
/* Loop over all arguments */
for (i = 1; i < argc; i++) {
- opt = argv[i];
- arg = NULL;
-
- if (opt[0] == '-') {
- if (opt[1] == '-') {
- /* word option */
- if (i < argc - 1) {
- needsInc = 1;
- arg = argv[i+1];
- } else {
- arg = NULL;
- }
-
- if ( !PL_strcasecmp(opt + 2, "norecurse")) {
- type = NORECURSE_OPT;
- } else if ( !PL_strcasecmp(opt + 2, "leavearc")) {
- type = LEAVE_ARC_OPT;
- } else if ( !PL_strcasecmp(opt + 2, "verbosity")) {
- type = VERBOSITY_OPT;
- } else if ( !PL_strcasecmp(opt + 2, "outfile")) {
- type = OUTFILE_OPT;
- } else if ( !PL_strcasecmp(opt + 2, "keysize")) {
- type = KEYSIZE_OPT;
- } else if ( !PL_strcasecmp(opt + 2, "token")) {
- type = TOKEN_OPT;
- } else {
- PR_fprintf(errorFD, "warning: unknown option: %s\n",
- opt);
- warningCount++;
- type = UNKNOWN_OPT;
- }
- } else {
- /* char option */
- if (opt[2] != '\0') {
- arg = opt + 2;
- } else if (i < argc - 1) {
- needsInc = 1;
- arg = argv[i+1];
- } else {
- arg = NULL;
- }
-
- switch (opt[1]) {
- case 'b':
- type = BASE_OPT;
- break;
- case 'c':
- type = COMPRESSION_OPT;
- break;
- case 'd':
- type = CERT_DIR_OPT;
- break;
- case 'e':
- type = EXTENSION_OPT;
- break;
- case 'f':
- type = COMMAND_FILE_OPT;
- break;
- case 'h':
- type = HELP_OPT;
- break;
- case 'H':
- type = LONG_HELP_OPT;
- break;
- case 'i':
- type = INSTALL_SCRIPT_OPT;
- break;
- case 'j':
- type = SCRIPTDIR_OPT;
- break;
- case 'k':
- type = CERTNAME_OPT;
- break;
- case 'l':
- type = LIST_OBJSIGN_CERTS_OPT;
- break;
- case 'L':
- type = LIST_ALL_CERTS_OPT;
- break;
- case 'm':
- type = METAFILE_OPT;
- break;
- case 'o':
- type = OPTIMIZE_OPT;
- break;
- case 'O':
- type = ENABLE_OCSP_OPT;
- break;
- case 'p':
- type = PASSWORD_OPT;
- break;
- case 'v':
- type = VERIFY_OPT;
- break;
- case 'w':
- type = WHO_OPT;
- break;
- case 'x':
- type = EXCLUDE_OPT;
- break;
- case 'X':
- type = XPI_ARC_OPT;
- break;
- case 'z':
- type = NO_TIME_OPT;
- break;
- case 'J':
- type = JAVASCRIPT_OPT;
- break;
- case 'Z':
- type = ZIPFILE_OPT;
- break;
- case 'G':
- type = GENKEY_OPT;
- break;
- case 'M':
- type = MODULES_OPT;
- break;
- case 's':
- type = KEYSIZE_OPT;
- break;
- case 't':
- type = TOKEN_OPT;
- break;
- default:
- type = UNKNOWN_OPT;
- PR_fprintf(errorFD, "warning: unrecognized option: -%c.\n",
-
- opt[1]);
- warningCount++;
- break;
- }
- }
- } else {
- type = UNKNOWN_OPT;
- if (i == argc - 1) {
- if (jartree) {
- PR_fprintf(errorFD,
- "warning: directory to be signed specified more than once.\n"
- " Only last specification will be used.\n");
- warningCount++;
- PR_Free(jartree);
- jartree = NULL;
- }
- jartree = PL_strdup(opt);
- } else {
- PR_fprintf(errorFD, "warning: unrecognized option: %s\n", opt);
- warningCount++;
- }
- }
-
- if (type != UNKNOWN_OPT) {
- short ateArg = ProcessOneOpt(type, arg);
- if (ateArg == -1) {
- /* error */
- return - 1;
- }
- if (ateArg && needsInc) {
- i++;
- }
- }
+ opt = argv[i];
+ arg = NULL;
+
+ if (opt[0] == '-') {
+ if (opt[1] == '-') {
+ /* word option */
+ if (i < argc - 1) {
+ needsInc = 1;
+ arg = argv[i + 1];
+ } else {
+ arg = NULL;
+ }
+
+ if (!PL_strcasecmp(opt + 2, "norecurse")) {
+ type = NORECURSE_OPT;
+ } else if (!PL_strcasecmp(opt + 2, "leavearc")) {
+ type = LEAVE_ARC_OPT;
+ } else if (!PL_strcasecmp(opt + 2, "verbosity")) {
+ type = VERBOSITY_OPT;
+ } else if (!PL_strcasecmp(opt + 2, "outfile")) {
+ type = OUTFILE_OPT;
+ } else if (!PL_strcasecmp(opt + 2, "keysize")) {
+ type = KEYSIZE_OPT;
+ } else if (!PL_strcasecmp(opt + 2, "token")) {
+ type = TOKEN_OPT;
+ } else {
+ PR_fprintf(errorFD, "warning: unknown option: %s\n",
+ opt);
+ warningCount++;
+ type = UNKNOWN_OPT;
+ }
+ } else {
+ /* char option */
+ if (opt[2] != '\0') {
+ arg = opt + 2;
+ } else if (i < argc - 1) {
+ needsInc = 1;
+ arg = argv[i + 1];
+ } else {
+ arg = NULL;
+ }
+
+ switch (opt[1]) {
+ case 'b':
+ type = BASE_OPT;
+ break;
+ case 'c':
+ type = COMPRESSION_OPT;
+ break;
+ case 'd':
+ type = CERT_DIR_OPT;
+ break;
+ case 'e':
+ type = EXTENSION_OPT;
+ break;
+ case 'f':
+ type = COMMAND_FILE_OPT;
+ break;
+ case 'h':
+ type = HELP_OPT;
+ break;
+ case 'H':
+ type = LONG_HELP_OPT;
+ break;
+ case 'i':
+ type = INSTALL_SCRIPT_OPT;
+ break;
+ case 'j':
+ type = SCRIPTDIR_OPT;
+ break;
+ case 'k':
+ type = CERTNAME_OPT;
+ break;
+ case 'l':
+ type = LIST_OBJSIGN_CERTS_OPT;
+ break;
+ case 'L':
+ type = LIST_ALL_CERTS_OPT;
+ break;
+ case 'm':
+ type = METAFILE_OPT;
+ break;
+ case 'o':
+ type = OPTIMIZE_OPT;
+ break;
+ case 'O':
+ type = ENABLE_OCSP_OPT;
+ break;
+ case 'p':
+ type = PASSWORD_OPT;
+ break;
+ case 'v':
+ type = VERIFY_OPT;
+ break;
+ case 'w':
+ type = WHO_OPT;
+ break;
+ case 'x':
+ type = EXCLUDE_OPT;
+ break;
+ case 'X':
+ type = XPI_ARC_OPT;
+ break;
+ case 'z':
+ type = NO_TIME_OPT;
+ break;
+ case 'J':
+ type = JAVASCRIPT_OPT;
+ break;
+ case 'Z':
+ type = ZIPFILE_OPT;
+ break;
+ case 'G':
+ type = GENKEY_OPT;
+ break;
+ case 'M':
+ type = MODULES_OPT;
+ break;
+ case 's':
+ type = KEYSIZE_OPT;
+ break;
+ case 't':
+ type = TOKEN_OPT;
+ break;
+ default:
+ type = UNKNOWN_OPT;
+ PR_fprintf(errorFD, "warning: unrecognized option: -%c.\n",
+ opt[1]);
+ warningCount++;
+ break;
+ }
+ }
+ } else {
+ type = UNKNOWN_OPT;
+ if (i == argc - 1) {
+ if (jartree) {
+ PR_fprintf(errorFD,
+ "warning: directory to be signed specified more than once.\n"
+ " Only last specification will be used.\n");
+ warningCount++;
+ PR_Free(jartree);
+ jartree = NULL;
+ }
+ jartree = PL_strdup(opt);
+ } else {
+ PR_fprintf(errorFD, "warning: unrecognized option: %s\n", opt);
+ warningCount++;
+ }
+ }
+
+ if (type != UNKNOWN_OPT) {
+ short ateArg = ProcessOneOpt(type, arg);
+ if (ateArg == -1) {
+ /* error */
+ return -1;
+ }
+ if (ateArg && needsInc) {
+ i++;
+ }
+ }
}
return 0;
}
-
/*********************************************************************
*
* P r o c e s s O n e O p t
@@ -460,371 +454,370 @@ parse_args(int argc, char *argv[])
* arg is the argument to the option, possibly NULL.
* Returns 1 if the argument was eaten, 0 if it wasn't, and -1 for error.
*/
-static int
+static int
ProcessOneOpt(OPT_TYPE type, char *arg)
{
- int ate = 0;
+ int ate = 0;
switch (type) {
- case HELP_OPT:
- Usage();
- break;
- case LONG_HELP_OPT:
- LongUsage();
- break;
- case BASE_OPT:
- if (base) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-b");
- warningCount++;
- PR_Free(base);
- base = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-b");
- errorCount++;
- goto loser;
- }
- base = PL_strdup(arg);
- ate = 1;
- break;
- case COMPRESSION_OPT:
- if (compression_level_specified) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-c");
- warningCount++;
- }
- if ( !arg ) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-c");
- errorCount++;
- goto loser;
- }
- compression_level = atoi(arg);
- compression_level_specified = PR_TRUE;
- ate = 1;
- break;
- case CERT_DIR_OPT:
- if (cert_dir) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-d");
- warningCount++;
- PR_Free(cert_dir);
- cert_dir = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-d");
- errorCount++;
- goto loser;
- }
- cert_dir = PL_strdup(arg);
- ate = 1;
- break;
- case EXTENSION_OPT:
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "extension (-e)");
- errorCount++;
- goto loser;
- }
- PL_HashTableAdd(extensions, arg, arg);
- extensionsGiven = PR_TRUE;
- ate = 1;
- break;
- case INSTALL_SCRIPT_OPT:
- if (install_script) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "installScript (-i)");
- warningCount++;
- PR_Free(install_script);
- install_script = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "installScript (-i)");
- errorCount++;
- goto loser;
- }
- install_script = PL_strdup(arg);
- ate = 1;
- break;
- case SCRIPTDIR_OPT:
- if (scriptdir) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "javascriptdir (-j)");
- warningCount++;
- PR_Free(scriptdir);
- scriptdir = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "javascriptdir (-j)");
- errorCount++;
- goto loser;
- }
- scriptdir = PL_strdup(arg);
- ate = 1;
- break;
- case CERTNAME_OPT:
- if (keyName) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "keyName (-k)");
- warningCount++;
- PR_Free(keyName);
- keyName = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "keyName (-k)");
- errorCount++;
- goto loser;
- }
- keyName = PL_strdup(arg);
- ate = 1;
- break;
- case LIST_OBJSIGN_CERTS_OPT:
- case LIST_ALL_CERTS_OPT:
- if (list_certs != 0) {
- PR_fprintf(errorFD,
- "warning: only one of -l and -L may be specified.\n");
- warningCount++;
- }
- list_certs = (type == LIST_OBJSIGN_CERTS_OPT ? 1 : 2);
- break;
- case METAFILE_OPT:
- if (metafile) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "metafile (-m)");
- warningCount++;
- PR_Free(metafile);
- metafile = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "metafile (-m)");
- errorCount++;
- goto loser;
- }
- metafile = PL_strdup(arg);
- ate = 1;
- break;
- case OPTIMIZE_OPT:
- optimize = 1;
- break;
- case ENABLE_OCSP_OPT:
- enableOCSP = 1;
- break;
- case PASSWORD_OPT:
- if (pwdata.data) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "password (-p)");
- warningCount++;
- PR_Free(pwdata.data);
- pwdata.data = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "password (-p)");
- errorCount++;
- goto loser;
- }
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = PL_strdup(arg);
- ate = 1;
- break;
- case VERIFY_OPT:
- if (verify) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "verify (-v)");
- warningCount++;
- PR_Free(verify);
- verify = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "verify (-v)");
- errorCount++;
- goto loser;
- }
- verify = PL_strdup(arg);
- ate = 1;
- break;
- case WHO_OPT:
- if (tell_who) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "who (-v)");
- warningCount++;
- PR_Free(tell_who);
- tell_who = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "who (-w)");
- errorCount++;
- goto loser;
- }
- tell_who = PL_strdup(arg);
- ate = 1;
- break;
- case EXCLUDE_OPT:
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "exclude (-x)");
- errorCount++;
- goto loser;
- }
- PL_HashTableAdd(excludeDirs, arg, arg);
- exclusionsGiven = PR_TRUE;
- ate = 1;
- break;
- case NO_TIME_OPT:
- no_time = 1;
- break;
- case JAVASCRIPT_OPT:
- javascript++;
- break;
- case ZIPFILE_OPT:
- if (zipfile) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "jarfile (-Z)");
- warningCount++;
- PR_Free(zipfile);
- zipfile = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "jarfile (-Z)");
- errorCount++;
- goto loser;
- }
- zipfile = PL_strdup(arg);
- ate = 1;
- break;
- case GENKEY_OPT:
- if (genkey) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "generate (-G)");
- warningCount++;
- PR_Free(genkey);
- genkey = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "generate (-G)");
- errorCount++;
- goto loser;
- }
- genkey = PL_strdup(arg);
- ate = 1;
- break;
- case MODULES_OPT:
- list_modules++;
- break;
- case SIGNDIR_OPT:
- if (jartree) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "signdir");
- warningCount++;
- PR_Free(jartree);
- jartree = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "signdir");
- errorCount++;
- goto loser;
- }
- jartree = PL_strdup(arg);
- ate = 1;
- break;
- case OUTFILE_OPT:
- if (outfile) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "outfile");
- warningCount++;
- PR_Free(outfile);
- outfile = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "outfile");
- errorCount++;
- goto loser;
- }
- outfile = PL_strdup(arg);
- ate = 1;
- break;
- case COMMAND_FILE_OPT:
- if (cmdFile) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
- "-f");
- warningCount++;
- PR_Free(cmdFile);
- cmdFile = NULL;
- }
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "-f");
- errorCount++;
- goto loser;
- }
- cmdFile = PL_strdup(arg);
- ate = 1;
- break;
- case NORECURSE_OPT:
- noRecurse = PR_TRUE;
- break;
- case LEAVE_ARC_OPT:
- leaveArc = PR_TRUE;
- break;
- case VERBOSITY_OPT:
- if (!arg) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
- "--verbosity");
- errorCount++;
- goto loser;
- }
- verbosity = atoi(arg);
- ate = 1;
- break;
- case KEYSIZE_OPT:
- if ( keySize != -1 ) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-s");
- warningCount++;
- }
- keySize = atoi(arg);
- ate = 1;
- if ( keySize < 1 || keySize > MAX_RSA_KEY_SIZE ) {
- PR_fprintf(errorFD, "Invalid key size: %d.\n", keySize);
- errorCount++;
- goto loser;
- }
- break;
- case TOKEN_OPT:
- if ( token ) {
- PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-t");
- PR_Free(token);
- token = NULL;
- }
- if ( !arg ) {
- PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-t");
- errorCount++;
- goto loser;
- }
- token = PL_strdup(arg);
- ate = 1;
- break;
- case XPI_ARC_OPT:
- xpi_arc = 1;
- break;
- default:
- PR_fprintf(errorFD, "warning: unknown option\n");
- warningCount++;
- break;
+ case HELP_OPT:
+ Usage();
+ break;
+ case LONG_HELP_OPT:
+ LongUsage();
+ break;
+ case BASE_OPT:
+ if (base) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-b");
+ warningCount++;
+ PR_Free(base);
+ base = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-b");
+ errorCount++;
+ goto loser;
+ }
+ base = PL_strdup(arg);
+ ate = 1;
+ break;
+ case COMPRESSION_OPT:
+ if (compression_level_specified) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-c");
+ warningCount++;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-c");
+ errorCount++;
+ goto loser;
+ }
+ compression_level = atoi(arg);
+ compression_level_specified = PR_TRUE;
+ ate = 1;
+ break;
+ case CERT_DIR_OPT:
+ if (cert_dir) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-d");
+ warningCount++;
+ PR_Free(cert_dir);
+ cert_dir = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-d");
+ errorCount++;
+ goto loser;
+ }
+ cert_dir = PL_strdup(arg);
+ ate = 1;
+ break;
+ case EXTENSION_OPT:
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "extension (-e)");
+ errorCount++;
+ goto loser;
+ }
+ PL_HashTableAdd(extensions, arg, arg);
+ extensionsGiven = PR_TRUE;
+ ate = 1;
+ break;
+ case INSTALL_SCRIPT_OPT:
+ if (install_script) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "installScript (-i)");
+ warningCount++;
+ PR_Free(install_script);
+ install_script = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "installScript (-i)");
+ errorCount++;
+ goto loser;
+ }
+ install_script = PL_strdup(arg);
+ ate = 1;
+ break;
+ case SCRIPTDIR_OPT:
+ if (scriptdir) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "javascriptdir (-j)");
+ warningCount++;
+ PR_Free(scriptdir);
+ scriptdir = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "javascriptdir (-j)");
+ errorCount++;
+ goto loser;
+ }
+ scriptdir = PL_strdup(arg);
+ ate = 1;
+ break;
+ case CERTNAME_OPT:
+ if (keyName) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "keyName (-k)");
+ warningCount++;
+ PR_Free(keyName);
+ keyName = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "keyName (-k)");
+ errorCount++;
+ goto loser;
+ }
+ keyName = PL_strdup(arg);
+ ate = 1;
+ break;
+ case LIST_OBJSIGN_CERTS_OPT:
+ case LIST_ALL_CERTS_OPT:
+ if (list_certs != 0) {
+ PR_fprintf(errorFD,
+ "warning: only one of -l and -L may be specified.\n");
+ warningCount++;
+ }
+ list_certs = (type == LIST_OBJSIGN_CERTS_OPT ? 1 : 2);
+ break;
+ case METAFILE_OPT:
+ if (metafile) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "metafile (-m)");
+ warningCount++;
+ PR_Free(metafile);
+ metafile = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "metafile (-m)");
+ errorCount++;
+ goto loser;
+ }
+ metafile = PL_strdup(arg);
+ ate = 1;
+ break;
+ case OPTIMIZE_OPT:
+ optimize = 1;
+ break;
+ case ENABLE_OCSP_OPT:
+ enableOCSP = 1;
+ break;
+ case PASSWORD_OPT:
+ if (pwdata.data) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "password (-p)");
+ warningCount++;
+ PR_Free(pwdata.data);
+ pwdata.data = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "password (-p)");
+ errorCount++;
+ goto loser;
+ }
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = PL_strdup(arg);
+ ate = 1;
+ break;
+ case VERIFY_OPT:
+ if (verify) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "verify (-v)");
+ warningCount++;
+ PR_Free(verify);
+ verify = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "verify (-v)");
+ errorCount++;
+ goto loser;
+ }
+ verify = PL_strdup(arg);
+ ate = 1;
+ break;
+ case WHO_OPT:
+ if (tell_who) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "who (-v)");
+ warningCount++;
+ PR_Free(tell_who);
+ tell_who = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "who (-w)");
+ errorCount++;
+ goto loser;
+ }
+ tell_who = PL_strdup(arg);
+ ate = 1;
+ break;
+ case EXCLUDE_OPT:
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "exclude (-x)");
+ errorCount++;
+ goto loser;
+ }
+ PL_HashTableAdd(excludeDirs, arg, arg);
+ exclusionsGiven = PR_TRUE;
+ ate = 1;
+ break;
+ case NO_TIME_OPT:
+ no_time = 1;
+ break;
+ case JAVASCRIPT_OPT:
+ javascript++;
+ break;
+ case ZIPFILE_OPT:
+ if (zipfile) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "jarfile (-Z)");
+ warningCount++;
+ PR_Free(zipfile);
+ zipfile = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "jarfile (-Z)");
+ errorCount++;
+ goto loser;
+ }
+ zipfile = PL_strdup(arg);
+ ate = 1;
+ break;
+ case GENKEY_OPT:
+ if (genkey) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "generate (-G)");
+ warningCount++;
+ PR_Free(genkey);
+ genkey = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "generate (-G)");
+ errorCount++;
+ goto loser;
+ }
+ genkey = PL_strdup(arg);
+ ate = 1;
+ break;
+ case MODULES_OPT:
+ list_modules++;
+ break;
+ case SIGNDIR_OPT:
+ if (jartree) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "signdir");
+ warningCount++;
+ PR_Free(jartree);
+ jartree = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "signdir");
+ errorCount++;
+ goto loser;
+ }
+ jartree = PL_strdup(arg);
+ ate = 1;
+ break;
+ case OUTFILE_OPT:
+ if (outfile) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "outfile");
+ warningCount++;
+ PR_Free(outfile);
+ outfile = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "outfile");
+ errorCount++;
+ goto loser;
+ }
+ outfile = PL_strdup(arg);
+ ate = 1;
+ break;
+ case COMMAND_FILE_OPT:
+ if (cmdFile) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+ "-f");
+ warningCount++;
+ PR_Free(cmdFile);
+ cmdFile = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "-f");
+ errorCount++;
+ goto loser;
+ }
+ cmdFile = PL_strdup(arg);
+ ate = 1;
+ break;
+ case NORECURSE_OPT:
+ noRecurse = PR_TRUE;
+ break;
+ case LEAVE_ARC_OPT:
+ leaveArc = PR_TRUE;
+ break;
+ case VERBOSITY_OPT:
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+ "--verbosity");
+ errorCount++;
+ goto loser;
+ }
+ verbosity = atoi(arg);
+ ate = 1;
+ break;
+ case KEYSIZE_OPT:
+ if (keySize != -1) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-s");
+ warningCount++;
+ }
+ keySize = atoi(arg);
+ ate = 1;
+ if (keySize < 1 || keySize > MAX_RSA_KEY_SIZE) {
+ PR_fprintf(errorFD, "Invalid key size: %d.\n", keySize);
+ errorCount++;
+ goto loser;
+ }
+ break;
+ case TOKEN_OPT:
+ if (token) {
+ PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-t");
+ PR_Free(token);
+ token = NULL;
+ }
+ if (!arg) {
+ PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-t");
+ errorCount++;
+ goto loser;
+ }
+ token = PL_strdup(arg);
+ ate = 1;
+ break;
+ case XPI_ARC_OPT:
+ xpi_arc = 1;
+ break;
+ default:
+ PR_fprintf(errorFD, "warning: unknown option\n");
+ warningCount++;
+ break;
}
return ate;
loser:
- return - 1;
+ return -1;
}
-
/*********************************************************************
*
* m a i n
@@ -833,7 +826,7 @@ int
main(int argc, char *argv[])
{
PRBool readOnly;
- int retval = 0;
+ int retval = 0;
outputFD = PR_STDOUT;
errorFD = PR_STDERR;
@@ -841,236 +834,235 @@ main(int argc, char *argv[])
progName = argv[0];
if (argc < 2) {
- Usage();
+ Usage();
}
excludeDirs = PL_NewHashTable(10, PL_HashString, PL_CompareStrings,
- PL_CompareStrings, NULL, NULL);
+ PL_CompareStrings, NULL, NULL);
extensions = PL_NewHashTable(10, PL_HashString, PL_CompareStrings,
- PL_CompareStrings, NULL, NULL);
+ PL_CompareStrings, NULL, NULL);
if (parse_args(argc, argv)) {
- retval = -1;
- goto cleanup;
+ retval = -1;
+ goto cleanup;
}
/* Parse the command file if one was given */
if (cmdFile) {
- if (ProcessCommandFile()) {
- retval = -1;
- goto cleanup;
- }
+ if (ProcessCommandFile()) {
+ retval = -1;
+ goto cleanup;
+ }
}
/* Set up output redirection */
if (outfile) {
- if (PR_Access(outfile, PR_ACCESS_EXISTS) == PR_SUCCESS) {
- /* delete the file if it is already present */
- PR_fprintf(errorFD,
- "warning: %s already exists and will be overwritten.\n",
- outfile);
- warningCount++;
- if (PR_Delete(outfile) != PR_SUCCESS) {
- PR_fprintf(errorFD, "ERROR: unable to delete %s.\n", outfile);
- errorCount++;
- exit(ERRX);
- }
- }
- outputFD = PR_Open(outfile,
- PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0777);
- if (!outputFD) {
- PR_fprintf(errorFD, "ERROR: Unable to create %s.\n",
- outfile);
- errorCount++;
- exit(ERRX);
- }
- errorFD = outputFD;
+ if (PR_Access(outfile, PR_ACCESS_EXISTS) == PR_SUCCESS) {
+ /* delete the file if it is already present */
+ PR_fprintf(errorFD,
+ "warning: %s already exists and will be overwritten.\n",
+ outfile);
+ warningCount++;
+ if (PR_Delete(outfile) != PR_SUCCESS) {
+ PR_fprintf(errorFD, "ERROR: unable to delete %s.\n", outfile);
+ errorCount++;
+ exit(ERRX);
+ }
+ }
+ outputFD = PR_Open(outfile,
+ PR_WRONLY |
+ PR_CREATE_FILE | PR_TRUNCATE,
+ 0777);
+ if (!outputFD) {
+ PR_fprintf(errorFD, "ERROR: Unable to create %s.\n",
+ outfile);
+ errorCount++;
+ exit(ERRX);
+ }
+ errorFD = outputFD;
}
/* This seems to be a fairly common user error */
if (verify && list_certs > 0) {
- PR_fprintf (errorFD, "%s: Can't use -l and -v at the same time\n",
- PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto cleanup;
+ PR_fprintf(errorFD, "%s: Can't use -l and -v at the same time\n",
+ PROGRAM_NAME);
+ errorCount++;
+ retval = -1;
+ goto cleanup;
}
/* -J assumes -Z now */
if (javascript && zipfile) {
- PR_fprintf (errorFD, "%s: Can't use -J and -Z at the same time\n",
- PROGRAM_NAME);
- PR_fprintf (errorFD, "%s: -J option will create the jar files for you\n",
- PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto cleanup;
+ PR_fprintf(errorFD, "%s: Can't use -J and -Z at the same time\n",
+ PROGRAM_NAME);
+ PR_fprintf(errorFD, "%s: -J option will create the jar files for you\n",
+ PROGRAM_NAME);
+ errorCount++;
+ retval = -1;
+ goto cleanup;
}
/* -X needs -Z */
if (xpi_arc && !zipfile) {
- PR_fprintf (errorFD, "%s: option XPI (-X) requires option jarfile (-Z)\n",
- PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto cleanup;
+ PR_fprintf(errorFD, "%s: option XPI (-X) requires option jarfile (-Z)\n",
+ PROGRAM_NAME);
+ errorCount++;
+ retval = -1;
+ goto cleanup;
}
/* Less common mixing of -L with various options */
- if (list_certs > 0 &&
- (tell_who || zipfile || javascript ||
- scriptdir || extensionsGiven || exclusionsGiven || install_script)) {
- PR_fprintf(errorFD, "%s: Can't use -l or -L with that option\n",
- PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto cleanup;
+ if (list_certs > 0 &&
+ (tell_who || zipfile || javascript ||
+ scriptdir || extensionsGiven || exclusionsGiven || install_script)) {
+ PR_fprintf(errorFD, "%s: Can't use -l or -L with that option\n",
+ PROGRAM_NAME);
+ errorCount++;
+ retval = -1;
+ goto cleanup;
}
-
if (!cert_dir)
- cert_dir = get_default_cert_dir();
+ cert_dir = get_default_cert_dir();
VerifyCertDir(cert_dir, keyName);
-
- if ( compression_level < MIN_COMPRESSION_LEVEL ||
+ if (compression_level < MIN_COMPRESSION_LEVEL ||
compression_level > MAX_COMPRESSION_LEVEL) {
- PR_fprintf(errorFD, "Compression level must be between %d and %d.\n",
- MIN_COMPRESSION_LEVEL, MAX_COMPRESSION_LEVEL);
- errorCount++;
- retval = -1;
- goto cleanup;
+ PR_fprintf(errorFD, "Compression level must be between %d and %d.\n",
+ MIN_COMPRESSION_LEVEL, MAX_COMPRESSION_LEVEL);
+ errorCount++;
+ retval = -1;
+ goto cleanup;
}
if (jartree && !keyName) {
- PR_fprintf(errorFD, "You must specify a key with which to sign.\n");
- errorCount++;
- retval = -1;
- goto cleanup;
+ PR_fprintf(errorFD, "You must specify a key with which to sign.\n");
+ errorCount++;
+ retval = -1;
+ goto cleanup;
}
readOnly = (genkey == NULL); /* only key generation requires write */
if (InitCrypto(cert_dir, readOnly)) {
- PR_fprintf(errorFD, "ERROR: Cryptographic initialization failed.\n");
- errorCount++;
- retval = -1;
- goto cleanup;
+ PR_fprintf(errorFD, "ERROR: Cryptographic initialization failed.\n");
+ errorCount++;
+ retval = -1;
+ goto cleanup;
}
if (enableOCSP) {
- SECStatus rv = CERT_EnableOCSPChecking(CERT_GetDefaultCertDB());
- if (rv != SECSuccess) {
- PR_fprintf(errorFD, "ERROR: Attempt to enable OCSP Checking failed.\n");
- errorCount++;
- retval = -1;
- }
+ SECStatus rv = CERT_EnableOCSPChecking(CERT_GetDefaultCertDB());
+ if (rv != SECSuccess) {
+ PR_fprintf(errorFD, "ERROR: Attempt to enable OCSP Checking failed.\n");
+ errorCount++;
+ retval = -1;
+ }
}
if (verify) {
- if (VerifyJar(verify)) {
- errorCount++;
- retval = -1;
- goto cleanup;
- }
+ if (VerifyJar(verify)) {
+ errorCount++;
+ retval = -1;
+ goto cleanup;
+ }
} else if (list_certs) {
- if (ListCerts(keyName, list_certs)) {
- errorCount++;
- retval = -1;
- goto cleanup;
- }
+ if (ListCerts(keyName, list_certs)) {
+ errorCount++;
+ retval = -1;
+ goto cleanup;
+ }
} else if (list_modules) {
- JarListModules();
+ JarListModules();
} else if (genkey) {
- if (GenerateCert(genkey, keySize, token)) {
- errorCount++;
- retval = -1;
- goto cleanup;
- }
+ if (GenerateCert(genkey, keySize, token)) {
+ errorCount++;
+ retval = -1;
+ goto cleanup;
+ }
} else if (tell_who) {
- if (JarWho(tell_who)) {
- errorCount++;
- retval = -1;
- goto cleanup;
- }
+ if (JarWho(tell_who)) {
+ errorCount++;
+ retval = -1;
+ goto cleanup;
+ }
} else if (javascript && jartree) {
- /* make sure directory exists */
- PRDir * dir;
- dir = PR_OpenDir(jartree);
- if (!dir) {
- PR_fprintf(errorFD, "ERROR: unable to open directory %s.\n",
- jartree);
- errorCount++;
- retval = -1;
- goto cleanup;
- } else {
- PR_CloseDir(dir);
- }
-
- /* undo junk from prior runs of signtool*/
- if (RemoveAllArc(jartree)) {
- PR_fprintf(errorFD, "Error removing archive directories under %s\n",
- jartree);
- errorCount++;
- retval = -1;
- goto cleanup;
- }
-
- /* traverse all the htm|html files in the directory */
- if (InlineJavaScript(jartree, !noRecurse)) {
- retval = -1;
- goto cleanup;
- }
-
- /* sign any resultant .arc directories created in above step */
- if (SignAllArc(jartree, keyName, javascript, metafile, install_script,
- optimize, !noRecurse)) {
- retval = -1;
- goto cleanup;
- }
-
- if (!leaveArc) {
- RemoveAllArc(jartree);
- }
-
- if (errorCount > 0 || warningCount > 0) {
- PR_fprintf(outputFD, "%d error%s, %d warning%s.\n",
- errorCount,
- errorCount == 1 ? "" : "s", warningCount, warningCount
- == 1 ? "" : "s");
- } else {
- PR_fprintf(outputFD, "Directory %s signed successfully.\n",
- jartree);
- }
+ /* make sure directory exists */
+ PRDir *dir;
+ dir = PR_OpenDir(jartree);
+ if (!dir) {
+ PR_fprintf(errorFD, "ERROR: unable to open directory %s.\n",
+ jartree);
+ errorCount++;
+ retval = -1;
+ goto cleanup;
+ } else {
+ PR_CloseDir(dir);
+ }
+
+ /* undo junk from prior runs of signtool*/
+ if (RemoveAllArc(jartree)) {
+ PR_fprintf(errorFD, "Error removing archive directories under %s\n",
+ jartree);
+ errorCount++;
+ retval = -1;
+ goto cleanup;
+ }
+
+ /* traverse all the htm|html files in the directory */
+ if (InlineJavaScript(jartree, !noRecurse)) {
+ retval = -1;
+ goto cleanup;
+ }
+
+ /* sign any resultant .arc directories created in above step */
+ if (SignAllArc(jartree, keyName, javascript, metafile, install_script,
+ optimize, !noRecurse)) {
+ retval = -1;
+ goto cleanup;
+ }
+
+ if (!leaveArc) {
+ RemoveAllArc(jartree);
+ }
+
+ if (errorCount > 0 || warningCount > 0) {
+ PR_fprintf(outputFD, "%d error%s, %d warning%s.\n",
+ errorCount,
+ errorCount == 1 ? "" : "s", warningCount, warningCount == 1
+ ? ""
+ : "s");
+ } else {
+ PR_fprintf(outputFD, "Directory %s signed successfully.\n",
+ jartree);
+ }
} else if (jartree) {
- SignArchive(jartree, keyName, zipfile, javascript, metafile,
- install_script, optimize, !noRecurse);
+ SignArchive(jartree, keyName, zipfile, javascript, metafile,
+ install_script, optimize, !noRecurse);
} else
- Usage();
+ Usage();
cleanup:
if (extensions) {
- PL_HashTableDestroy(extensions);
- extensions = NULL;
+ PL_HashTableDestroy(extensions);
+ extensions = NULL;
}
if (excludeDirs) {
- PL_HashTableDestroy(excludeDirs);
- excludeDirs = NULL;
+ PL_HashTableDestroy(excludeDirs);
+ excludeDirs = NULL;
}
if (outputFD != PR_STDOUT) {
- PR_Close(outputFD);
+ PR_Close(outputFD);
}
rm_dash_r(TMP_OUTPUT);
if (retval == 0) {
- if (NSS_Shutdown() != SECSuccess) {
- exit(1);
- }
+ if (NSS_Shutdown() != SECSuccess) {
+ exit(1);
+ }
}
return retval;
}
-
-
diff --git a/cmd/signtool/signtool.h b/cmd/signtool/signtool.h
index 1b06c2917..bdb3b597c 100644
--- a/cmd/signtool/signtool.h
+++ b/cmd/signtool/signtool.h
@@ -4,7 +4,7 @@
#ifndef SIGNTOOL_H
#define SIGNTOOL_H
-
+
#define DJN_TEST
#include <stdio.h>
@@ -24,27 +24,27 @@
#include "nss.h"
#ifdef _UNIX
-#include <unistd.h>
+#include <unistd.h>
#endif
/**********************************************************************
* General Defines
*/
#define JAR_BASE_END JAR_BASE + 100
-#define ERRX (-1) /* the exit code used on failure */
-#define FNSIZE 256 /* the maximum length for filenames */
+#define ERRX (-1) /* the exit code used on failure */
+#define FNSIZE 256 /* the maximum length for filenames */
#define MAX_RSA_KEY_SIZE 4096
#define DEFAULT_RSA_KEY_SIZE 1024
#define MANIFEST "manifest.mf"
#define DEFAULT_X509_BASENAME "x509"
#define DEFAULT_COMMON_NAME "Signtool " NSS_VERSION " Testing Certificate"
-#define CREATOR "Signtool (signtool " NSS_VERSION ")"
+#define CREATOR "Signtool (signtool " NSS_VERSION ")"
#define BREAKAGE "PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT."
#define MIN_COMPRESSION_LEVEL (-1)
#define MAX_COMPRESSION_LEVEL 9
#define DEFAULT_COMPRESSION_LEVEL (-1) /* zlib understands this to be default*/
#define STDIN_BUF_SIZE 160
-#define PROGRAM_NAME "signtool"
+#define PROGRAM_NAME "signtool"
#define LONG_PROGRAM_NAME "Signing Tool"
#define DEFAULT_BASE_NAME "zigbert"
#define TMP_OUTPUT "signtool.tmp"
@@ -57,9 +57,9 @@ int GenerateCert(char *nickname, int keysize, char *token);
int ListCerts(char *key, int list_certs);
int VerifyJar(char *filename);
int SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
- char *meta_file, char *install_script, int _optimize, PRBool recurse);
+ char *meta_file, char *install_script, int _optimize, PRBool recurse);
int SignAllArc(char *jartree, char *keyName, int javascript, char *metafile,
- char *install_script, int optimize, PRBool recurse);
+ char *install_script, int optimize, PRBool recurse);
int InlineJavaScript(char *dir, PRBool recurse);
int JarWho(char *filename);
void JarListModules(void);
@@ -67,41 +67,40 @@ void JarListModules(void);
/**************************************************************
* Utility Functions
*/
-CERTCertDBHandle *OpenCertDB (PRBool readOnly);
+CERTCertDBHandle *OpenCertDB(PRBool readOnly);
int RemoveAllArc(char *tree);
void VerifyCertDir(char *dir, char *keyName);
int InitCrypto(char *cert_dir, PRBool readOnly);
int foreach (char *dirname, char *prefix,
- int (*fn)(char *filename, char *dirname, char *basedir,char *base,void*arg),
- PRBool recurse, PRBool includeDirs, void *arg);
-void print_error (int i);
-void give_help (int status);
-const char* secErrorString(long code);
+ int (*fn)(char *filename, char *dirname, char *basedir, char *base, void *arg),
+ PRBool recurse, PRBool includeDirs, void *arg);
+void print_error(int i);
+void give_help(int status);
+const char *secErrorString(long code);
void displayVerifyLog(CERTVerifyLog *log);
-void Usage (void);
-void LongUsage (void);
-char* chop(char*);
+void Usage(void);
+void LongUsage(void);
+char *chop(char *);
void out_of_memory(void);
void FatalError(char *msg);
-char* get_default_cert_dir(void);
+char *get_default_cert_dir(void);
SECItem *password_hardcode(void *arg, void *handle);
-char* pk11_password_hardcode(PK11SlotInfo *slot, PRBool retry, void *arg);
+char *pk11_password_hardcode(PK11SlotInfo *slot, PRBool retry, void *arg);
int rm_dash_r(char *path);
-char* pr_fgets(char *buf, int size, PRFileDesc *file);
-
+char *pr_fgets(char *buf, int size, PRFileDesc *file);
/*****************************************************************
* Global Variables (*gag*)
*/
-extern char *password; /* the password passed in on the command line */
-extern PLHashTable *excludeDirs; /* directory entry to skip while recursing */
+extern char *password; /* the password passed in on the command line */
+extern PLHashTable *excludeDirs; /* directory entry to skip while recursing */
extern int no_time;
extern int xpi_arc;
-extern char *base; /* basename of ".rsa" and ".sf" files */
+extern char *base; /* basename of ".rsa" and ".sf" files */
extern long *mozilla_event_queue;
-extern char *progName; /* argv[0] */
-extern PLHashTable *extensions;/* only sign files with this extension */
+extern char *progName; /* argv[0] */
+extern PLHashTable *extensions; /* only sign files with this extension */
extern PRBool extensionsGiven;
extern char *scriptdir;
extern int compression_level;
diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
index 74055d681..49b7f3b05 100644
--- a/cmd/signtool/util.c
+++ b/cmd/signtool/util.c
@@ -8,46 +8,47 @@
#include "prenv.h"
#include "nss.h"
-static int is_dir (char *filename);
+static int is_dir(char *filename);
/***********************************************************
* Nasty hackish function definitions
*/
-long *mozilla_event_queue = 0;
+long *mozilla_event_queue = 0;
#ifndef XP_WIN
-char *XP_GetString (int i)
+char *
+XP_GetString(int i)
{
/* nasty hackish cast to avoid changing the signature of
* JAR_init_callbacks() */
- return (char *)SECU_Strerror (i);
+ return (char *)SECU_Strerror(i);
}
#endif
-void FE_SetPasswordEnabled()
+void
+FE_SetPasswordEnabled()
{
}
-
-void /*MWContext*/ *FE_GetInitContext (void)
+void /*MWContext*/ *
+FE_GetInitContext(void)
{
return 0;
}
-
-void /*MWContext*/ *XP_FindSomeContext()
+void /*MWContext*/ *
+XP_FindSomeContext()
{
/* No windows context in command tools */
return NULL;
}
-
-void ET_moz_CallFunction()
+void
+ET_moz_CallFunction()
{
}
-
/*
* R e m o v e A l l A r c
*
@@ -58,122 +59,120 @@ void ET_moz_CallFunction()
int
RemoveAllArc(char *tree)
{
- PRDir * dir;
- PRDirEntry * entry;
- char *archive = NULL;
- int retval = 0;
-
- dir = PR_OpenDir (tree);
- if (!dir)
- return - 1;
-
- for (entry = PR_ReadDir (dir, 0); entry; entry = PR_ReadDir (dir,
- 0)) {
-
- if (entry->name[0] == '.') {
- continue;
- }
-
- if (archive)
- PR_Free(archive);
- archive = PR_smprintf("%s/%s", tree, entry->name);
-
- if (PL_strcaserstr (entry->name, ".arc")
- == (entry->name + strlen(entry->name) - 4) ) {
-
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "removing: %s\n", archive);
- }
-
- if (rm_dash_r(archive)) {
- PR_fprintf(errorFD, "Error removing %s\n", archive);
- errorCount++;
- retval = -1;
- goto finish;
- }
- } else if (is_dir(archive)) {
- if (RemoveAllArc(archive)) {
- retval = -1;
- goto finish;
- }
- }
+ PRDir *dir;
+ PRDirEntry *entry;
+ char *archive = NULL;
+ int retval = 0;
+
+ dir = PR_OpenDir(tree);
+ if (!dir)
+ return -1;
+
+ for (entry = PR_ReadDir(dir, 0); entry; entry = PR_ReadDir(dir,
+ 0)) {
+
+ if (entry->name[0] == '.') {
+ continue;
+ }
+
+ if (archive)
+ PR_Free(archive);
+ archive = PR_smprintf("%s/%s", tree, entry->name);
+
+ if (PL_strcaserstr(entry->name, ".arc") ==
+ (entry->name + strlen(entry->name) - 4)) {
+
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "removing: %s\n", archive);
+ }
+
+ if (rm_dash_r(archive)) {
+ PR_fprintf(errorFD, "Error removing %s\n", archive);
+ errorCount++;
+ retval = -1;
+ goto finish;
+ }
+ } else if (is_dir(archive)) {
+ if (RemoveAllArc(archive)) {
+ retval = -1;
+ goto finish;
+ }
+ }
}
finish:
- PR_CloseDir (dir);
- if (archive)
- PR_Free(archive);
+ PR_CloseDir(dir);
+ if (archive)
+ PR_Free(archive);
return retval;
}
-
/*
* r m _ d a s h _ r
*
* Remove a file, or a directory recursively.
*
*/
-int rm_dash_r (char *path)
+int
+rm_dash_r(char *path)
{
- PRDir * dir;
- PRDirEntry * entry;
+ PRDir *dir;
+ PRDirEntry *entry;
PRFileInfo fileinfo;
- char filename[FNSIZE];
+ char filename[FNSIZE];
if (PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) {
- /*fprintf(stderr, "Error: Unable to access %s\n", filename);*/
- return - 1;
+ /*fprintf(stderr, "Error: Unable to access %s\n", filename);*/
+ return -1;
}
if (fileinfo.type == PR_FILE_DIRECTORY) {
- dir = PR_OpenDir(path);
- if (!dir) {
- PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
- errorCount++;
- return - 1;
- }
-
- /* Recursively delete all entries in the directory */
- while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
- sprintf(filename, "%s/%s", path, entry->name);
- if (rm_dash_r(filename))
- return - 1;
- }
-
- if (PR_CloseDir(dir) != PR_SUCCESS) {
- PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
- errorCount++;
- return - 1;
- }
-
- /* Delete the directory itself */
- if (PR_RmDir(path) != PR_SUCCESS) {
- PR_fprintf(errorFD, "Error: Unable to delete %s\n", path);
- errorCount++;
- return - 1;
- }
+ dir = PR_OpenDir(path);
+ if (!dir) {
+ PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
+ errorCount++;
+ return -1;
+ }
+
+ /* Recursively delete all entries in the directory */
+ while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
+ sprintf(filename, "%s/%s", path, entry->name);
+ if (rm_dash_r(filename))
+ return -1;
+ }
+
+ if (PR_CloseDir(dir) != PR_SUCCESS) {
+ PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
+ errorCount++;
+ return -1;
+ }
+
+ /* Delete the directory itself */
+ if (PR_RmDir(path) != PR_SUCCESS) {
+ PR_fprintf(errorFD, "Error: Unable to delete %s\n", path);
+ errorCount++;
+ return -1;
+ }
} else {
- if (PR_Delete(path) != PR_SUCCESS) {
- PR_fprintf(errorFD, "Error: Unable to delete %s\n", path);
- errorCount++;
- return - 1;
- }
+ if (PR_Delete(path) != PR_SUCCESS) {
+ PR_fprintf(errorFD, "Error: Unable to delete %s\n", path);
+ errorCount++;
+ return -1;
+ }
}
return 0;
}
-
/*
- * u s a g e
- *
+ * u s a g e
+ *
* Print some useful help information
*
*/
-
void
-Usage (void)
+Usage(void)
{
#define FPS PR_fprintf(outputFD,
FPS "%s %s -a signing tool for jar files\n", LONG_PROGRAM_NAME,NSS_VERSION);
@@ -198,10 +197,10 @@ Usage (void)
FPS "\t%s -G nickname [--keysize|-s size] [-t |--token tokenname]\n"
"\t\t [--outfile] [-O] \n", PROGRAM_NAME);
FPS "\t%s -f filename\n" , PROGRAM_NAME);
- exit (ERRX);
+ exit(ERRX);
}
-void
+void
LongUsage(void)
{
FPS "%s %s -a signing tool for jar files\n", LONG_PROGRAM_NAME,NSS_VERSION);
@@ -212,121 +211,119 @@ LongUsage(void)
FPS "%-30s Base filename for the .rsa and.sf files in the\n",
" -b basename");
FPS "%-30s META-INF directory\n"," ");
- FPS "%-30s Set the compression level. 0-9, 0=none\n",
- " -c CompressionLevel");
+ FPS "%-30s Set the compression level. 0-9, 0=none\n",
+ " -c CompressionLevel");
FPS "%-30s Certificate database directory containing cert*db\n",
- " -d certificate directory");
+ " -d certificate directory");
FPS "%-30s and key*db\n"," ");
FPS "%-30s Name of the installer script for SmartUpdate\n",
- " -i installer script");
+ " -i installer script");
FPS "%-30s Name of a metadata control file\n",
- " -m metafile");
+ " -m metafile");
FPS "%-30s For optimizing the archive for size.\n",
- " -o");
+ " -o");
FPS "%-30s Omit Optional Headers\n"," ");
FPS "%-30s Excludes the specified directory or file from\n",
- " -x directory or file name");
+ " -x directory or file name");
FPS "%-30s signing\n"," ");
FPS "%-30s To not store the signing time in digital\n",
- " -z directory or file name");
+ " -z directory or file name");
FPS "%-30s signature\n"," ");
FPS "%-30s Create XPI Compatible Archive. It requires -Z\n",
- " -X directory or file name");
+ " -X directory or file name");
FPS "%-30s option\n"," ");
FPS "%-30s Sign only files with the given extension\n",
- " -e");
+ " -e");
FPS "%-30s Causes the specified directory to be signed and\n",
- " -j");
+ " -j");
FPS "%-30s tags its entries as inline JavaScript\n"," ");
FPS "%-30s Creates a JAR file with the specified name.\n",
- " -Z");
+ " -Z");
FPS "%-30s -Z option cannot be used with -J option\n"," ");
FPS "%-30s Specifies a password for the private-key database\n",
- " -p");
+ " -p");
FPS "%-30s (insecure)\n"," ");
FPS "%-30s File to receive redirected output\n",
- " --outfile filename");
+ " --outfile filename");
FPS "%-30s Sets the quantity of information generated in\n",
- " --verbosity value");
+ " --verbosity value");
FPS "%-30s operation\n"," ");
FPS "%-30s Blocks recursion into subdirectories\n",
- " --norecurse");
+ " --norecurse");
FPS "%-30s Retains the temporary .arc (archive) directories\n",
- " --leavearc");
+ " --leavearc");
FPS "%-30s -J option creates\n"," ");
FPS "\n%-20s Signs a directory of HTML files containing JavaScript and\n",
- "-J" );
+ "-J" );
FPS "%-20s creates as many archive files as are in the HTML tags.\n"," ");
FPS "%-20s The options are same as without any command option given\n"," ");
FPS "%-20s above. -Z and -J options are not allowed together\n"," ");
-
+
FPS "\n%-20s Generates a new private-public key pair and corresponding\n",
- "-G nickname");
+ "-G nickname");
FPS "%-20s object-signing certificates with the given nickname\n"," ");
FPS "%-30s Specifies the size of the key for generated \n",
- " --keysize|-s keysize");
+ " --keysize|-s keysize");
FPS "%-30s certificate\n"," ");
FPS "%-30s Specifies which available token should generate\n",
- " --token|-t token name ");
+ " --token|-t token name ");
FPS "%-30s the key and receive the certificate\n"," ");
FPS "%-30s Specifies a file to receive redirected output\n",
- " --outfile filename ");
-
+ " --outfile filename ");
+
FPS "\n%-20s Display signtool help\n",
- "-h ");
-
+ "-h ");
+
FPS "\n%-20s Display signtool help(Detailed)\n",
- "-H ");
-
+ "-H ");
+
FPS "\n%-20s Lists signing certificates, including issuing CAs\n",
- "-l ");
+ "-l ");
FPS "%-30s Certificate database directory containing cert*db\n",
- " -d certificate directory");
+ " -d certificate directory");
FPS "%-30s and key*db\n"," ");
FPS "%-30s Specifies a file to receive redirected output\n",
- " --outfile filename ");
+ " --outfile filename ");
FPS "%-30s Specifies the nickname (key) of the certificate\n",
- " -k keyname");
+ " -k keyname");
-
FPS "\n%-20s Lists the certificates in your database\n",
- "-L ");
+ "-L ");
FPS "%-30s Certificate database directory containing cert*db\n",
- " -d certificate directory");
+ " -d certificate directory");
FPS "%-30s and key*db\n"," ");
FPS "%-30s Specifies a file to receive redirected output\n",
- " --outfile filename ");
+ " --outfile filename ");
FPS "%-30s Specifies the nickname (key) of the certificate\n",
- " -k keyname");
-
+ " -k keyname");
+
FPS "\n%-20s Lists the PKCS #11 modules available to signtool\n",
- "-M ");
-
+ "-M ");
+
FPS "\n%-20s Displays the contents of an archive and verifies\n",
- "-v archive");
+ "-v archive");
FPS "%-20s cryptographic integrity\n"," ");
FPS "%-30s Certificate database directory containing cert*db\n",
- " -d certificate directory");
+ " -d certificate directory");
FPS "%-30s and key*db\n"," ");
FPS "%-30s Specifies a file to receive redirected output\n",
- " --outfile filename ");
-
+ " --outfile filename ");
+
FPS "\n%-20s Displays the names of signers in the archive\n",
- "-w archive");
+ "-w archive");
FPS "%-30s Specifies a file to receive redirected output\n",
- " --outfile filename ");
+ " --outfile filename ");
-
FPS "\n%-30s Common option to all the above.\n",
- " -O");
+ " -O");
FPS "%-30s Enable OCSP checking\n"," ");
-
+
FPS "\n%-20s Specifies a text file containing options and arguments in\n",
- "-f command-file");
+ "-f command-file");
FPS "%-20s keyword=value format. Commands are taken from this file\n"," ");
FPS "\n\n\n");
@@ -355,7 +352,7 @@ LongUsage(void)
FPS "metafile\tSame as -m option\n");
FPS "modules\t\tSame as -M option. Value is ignored,\n"
" \t\tbut = sign must be present\n");
- FPS "optimize\tSame as -o option. Value is ignored,\n"
+ FPS "optimize\tSame as -o option. Value is ignored,\n"
" \tbut = sign must be present\n");
FPS "ocsp\t\tSame as -O option\n");
FPS "password\tSame as -p option\n");
@@ -377,16 +374,16 @@ LongUsage(void)
FPS "\n\n");
FPS "Here's an example of the use of the command file. The command\n\n");
FPS " signtool -d c:\\netscape\\users\\james -k mycert -Z myjar.jar \\\n"
- " signdir > output.txt\n\n");
+ " signdir > output.txt\n\n");
FPS "becomes\n\n");
FPS " signtool -f somefile\n\n");
FPS "where somefile contains the following lines:\n\n");
- FPS " certdir=c:\\netscape\\users\\james\n"," ");
- FPS " certname=mycert\n"," ");
- FPS " jarfile=myjar.jar\n"," ");
- FPS " signdir=signdir\n"," ");
- FPS " outfile=output.txt\n"," ");
- exit (ERRX);
+ FPS " certdir=c:\\netscape\\users\\james\n"," ");
+ FPS " certname=mycert\n"," ");
+ FPS " jarfile=myjar.jar\n"," ");
+ FPS " signdir=signdir\n"," ");
+ FPS " outfile=output.txt\n"," ");
+ exit(ERRX);
#undef FPS
}
@@ -400,29 +397,27 @@ LongUsage(void)
*/
void
-print_error (int err)
+print_error(int err)
{
- PR_fprintf(errorFD, "Error %d: %s\n", err, JAR_get_error (err));
+ PR_fprintf(errorFD, "Error %d: %s\n", err, JAR_get_error(err));
errorCount++;
- give_help (err);
+ give_help(err);
}
-
/*
* o u t _ o f _ m e m o r y
*
* Out of memory, exit Signtool.
- *
+ *
*/
void
-out_of_memory (void)
+out_of_memory(void)
{
PR_fprintf(errorFD, "%s: out of memory\n", PROGRAM_NAME);
errorCount++;
- exit (ERRX);
+ exit(ERRX);
}
-
/*
* V e r i f y C e r t D i r
*
@@ -433,57 +428,56 @@ out_of_memory (void)
void
VerifyCertDir(char *dir, char *keyName)
{
- char fn [FNSIZE];
+ char fn[FNSIZE];
/* don't try verifying if we don't have a local directory */
if (strncmp(dir, "multiaccess:", sizeof("multiaccess:") - 1) == 0) {
- return;
+ return;
}
/* this function is truly evil. Tools and applications should not have
* any knowledge of actual cert databases! */
return;
/* This code is really broken because it makes underlying assumptions about
- * how the NSS profile directory is laid out, but these names can change
- * from release to release. */
- sprintf (fn, "%s/cert8.db", dir);
-
- if (PR_Access (fn, PR_ACCESS_EXISTS)) {
- PR_fprintf(errorFD, "%s: No certificate database in \"%s\"\n",
- PROGRAM_NAME, dir);
- PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ * how the NSS profile directory is laid out, but these names can change
+ * from release to release. */
+ sprintf(fn, "%s/cert8.db", dir);
+
+ if (PR_Access(fn, PR_ACCESS_EXISTS)) {
+ PR_fprintf(errorFD, "%s: No certificate database in \"%s\"\n",
+ PROGRAM_NAME, dir);
+ PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
if (verbosity >= 0) {
- PR_fprintf(outputFD, "using certificate directory: %s\n", dir);
+ PR_fprintf(outputFD, "using certificate directory: %s\n", dir);
}
if (keyName == NULL)
- return;
+ return;
- /* if the user gave the -k key argument, verify that
+ /* if the user gave the -k key argument, verify that
a key database already exists */
- sprintf (fn, "%s/key3.db", dir);
+ sprintf(fn, "%s/key3.db", dir);
- if (PR_Access (fn, PR_ACCESS_EXISTS)) {
- PR_fprintf(errorFD, "%s: No private key database in \"%s\"\n",
- PROGRAM_NAME,
- dir);
- PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ if (PR_Access(fn, PR_ACCESS_EXISTS)) {
+ PR_fprintf(errorFD, "%s: No private key database in \"%s\"\n",
+ PROGRAM_NAME,
+ dir);
+ PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
}
-
/*
- * f o r e a c h
- *
+ * f o r e a c h
+ *
* A recursive function to loop through all names in
* the specified directory, as well as all subdirectories.
*
@@ -492,94 +486,91 @@ VerifyCertDir(char *dir, char *keyName)
*
*/
-int
-foreach(char *dirname, char *prefix,
-int (*fn)(char *relpath, char *basedir, char *reldir, char *filename,
-void*arg),
-PRBool recurse, PRBool includeDirs, void *arg)
+int foreach (char *dirname, char *prefix,
+ int (*fn)(char *relpath, char *basedir, char *reldir, char *filename,
+ void *arg),
+ PRBool recurse, PRBool includeDirs, void *arg)
{
- char newdir [FNSIZE];
- int retval = 0;
+ char newdir[FNSIZE];
+ int retval = 0;
- PRDir * dir;
- PRDirEntry * entry;
+ PRDir *dir;
+ PRDirEntry *entry;
- strcpy (newdir, dirname);
+ strcpy(newdir, dirname);
if (*prefix) {
- strcat (newdir, "/");
- strcat (newdir, prefix);
+ strcat(newdir, "/");
+ strcat(newdir, prefix);
}
- dir = PR_OpenDir (newdir);
- if (!dir)
- return - 1;
-
- for (entry = PR_ReadDir (dir, 0); entry; entry = PR_ReadDir (dir, 0)) {
- if ( strcmp(entry->name, ".") == 0 ||
- strcmp(entry->name, "..") == 0 ) {
- /* no infinite recursion, please */
- continue;
- }
-
- /* can't sign self */
- if (!strcmp (entry->name, "META-INF"))
- continue;
-
- /* -x option */
- if (PL_HashTableLookup(excludeDirs, entry->name))
- continue;
-
- strcpy (newdir, dirname);
- if (*dirname)
- strcat (newdir, "/");
-
- if (*prefix) {
- strcat (newdir, prefix);
- strcat (newdir, "/");
- }
- strcat (newdir, entry->name);
-
- if (!is_dir(newdir) || includeDirs) {
- char newpath [FNSIZE];
-
- strcpy (newpath, prefix);
- if (*newpath)
- strcat (newpath, "/");
- strcat (newpath, entry->name);
-
- if ( (*fn) (newpath, dirname, prefix, (char *) entry->name,
- arg)) {
- retval = -1;
- break;
- }
- }
-
- if (is_dir (newdir)) {
- if (recurse) {
- char newprefix [FNSIZE];
-
- strcpy (newprefix, prefix);
- if (*newprefix) {
- strcat (newprefix, "/");
- }
- strcat (newprefix, entry->name);
-
- if (foreach (dirname, newprefix, fn, recurse,
- includeDirs, arg)) {
- retval = -1;
- break;
- }
- }
- }
-
+ dir = PR_OpenDir(newdir);
+ if (!dir)
+ return -1;
+
+ for (entry = PR_ReadDir(dir, 0); entry; entry = PR_ReadDir(dir, 0)) {
+ if (strcmp(entry->name, ".") == 0 ||
+ strcmp(entry->name, "..") == 0) {
+ /* no infinite recursion, please */
+ continue;
+ }
+
+ /* can't sign self */
+ if (!strcmp(entry->name, "META-INF"))
+ continue;
+
+ /* -x option */
+ if (PL_HashTableLookup(excludeDirs, entry->name))
+ continue;
+
+ strcpy(newdir, dirname);
+ if (*dirname)
+ strcat(newdir, "/");
+
+ if (*prefix) {
+ strcat(newdir, prefix);
+ strcat(newdir, "/");
+ }
+ strcat(newdir, entry->name);
+
+ if (!is_dir(newdir) || includeDirs) {
+ char newpath[FNSIZE];
+
+ strcpy(newpath, prefix);
+ if (*newpath)
+ strcat(newpath, "/");
+ strcat(newpath, entry->name);
+
+ if ((*fn)(newpath, dirname, prefix, (char *)entry->name,
+ arg)) {
+ retval = -1;
+ break;
+ }
+ }
+
+ if (is_dir(newdir)) {
+ if (recurse) {
+ char newprefix[FNSIZE];
+
+ strcpy(newprefix, prefix);
+ if (*newprefix) {
+ strcat(newprefix, "/");
+ }
+ strcat(newprefix, entry->name);
+
+ if (foreach (dirname, newprefix, fn, recurse,
+ includeDirs, arg)) {
+ retval = -1;
+ break;
+ }
+ }
+ }
}
- PR_CloseDir (dir);
+ PR_CloseDir(dir);
return retval;
}
-
/*
* i s _ d i r
*
@@ -587,19 +578,19 @@ PRBool recurse, PRBool includeDirs, void *arg)
* Wonder if this runs on a mac, trust not.
*
*/
-static int is_dir (char *filename)
+static int
+is_dir(char *filename)
{
- PRFileInfo finfo;
+ PRFileInfo finfo;
- if ( PR_GetFileInfo(filename, &finfo) != PR_SUCCESS ) {
- printf("Unable to get information about %s\n", filename);
- return 0;
+ if (PR_GetFileInfo(filename, &finfo) != PR_SUCCESS) {
+ printf("Unable to get information about %s\n", filename);
+ return 0;
}
- return ( finfo.type == PR_FILE_DIRECTORY );
+ return (finfo.type == PR_FILE_DIRECTORY);
}
-
/***************************************************************
*
* s e c E r r o r S t r i n g
@@ -608,104 +599,103 @@ static int is_dir (char *filename)
* Doesn't cover all errors; returns a default for many.
* Returned string is only valid until the next call of this function.
*/
-const char *
+const char *
secErrorString(long code)
{
- static char errstring[80]; /* dynamically constructed error string */
- char *c; /* the returned string */
+ static char errstring[80]; /* dynamically constructed error string */
+ char *c; /* the returned string */
switch (code) {
- case SEC_ERROR_IO:
- c = "io error";
- break;
- case SEC_ERROR_LIBRARY_FAILURE:
- c = "security library failure";
- break;
- case SEC_ERROR_BAD_DATA:
- c = "bad data";
- break;
- case SEC_ERROR_OUTPUT_LEN:
- c = "output length";
- break;
- case SEC_ERROR_INPUT_LEN:
- c = "input length";
- break;
- case SEC_ERROR_INVALID_ARGS:
- c = "invalid args";
- break;
- case SEC_ERROR_EXPIRED_CERTIFICATE:
- c = "expired certificate";
- break;
- case SEC_ERROR_REVOKED_CERTIFICATE:
- c = "revoked certificate";
- break;
- case SEC_ERROR_INADEQUATE_KEY_USAGE:
- c = "inadequate key usage";
- break;
- case SEC_ERROR_INADEQUATE_CERT_TYPE:
- c = "inadequate certificate type";
- break;
- case SEC_ERROR_UNTRUSTED_CERT:
- c = "untrusted cert";
- break;
- case SEC_ERROR_NO_KRL:
- c = "no key revocation list";
- break;
- case SEC_ERROR_KRL_BAD_SIGNATURE:
- c = "key revocation list: bad signature";
- break;
- case SEC_ERROR_KRL_EXPIRED:
- c = "key revocation list expired";
- break;
- case SEC_ERROR_REVOKED_KEY:
- c = "revoked key";
- break;
- case SEC_ERROR_CRL_BAD_SIGNATURE:
- c = "certificate revocation list: bad signature";
- break;
- case SEC_ERROR_CRL_EXPIRED:
- c = "certificate revocation list expired";
- break;
- case SEC_ERROR_CRL_NOT_YET_VALID:
- c = "certificate revocation list not yet valid";
- break;
- case SEC_ERROR_UNKNOWN_ISSUER:
- c = "unknown issuer";
- break;
- case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
- c = "expired issuer certificate";
- break;
- case SEC_ERROR_BAD_SIGNATURE:
- c = "bad signature";
- break;
- case SEC_ERROR_BAD_KEY:
- c = "bad key";
- break;
- case SEC_ERROR_NOT_FORTEZZA_ISSUER:
- c = "not fortezza issuer";
- break;
- case SEC_ERROR_CA_CERT_INVALID:
- c = "Certificate Authority certificate invalid";
- break;
- case SEC_ERROR_EXTENSION_NOT_FOUND:
- c = "extension not found";
- break;
- case SEC_ERROR_CERT_NOT_IN_NAME_SPACE:
- c = "certificate not in name space";
- break;
- case SEC_ERROR_UNTRUSTED_ISSUER:
- c = "untrusted issuer";
- break;
- default:
- sprintf(errstring, "security error %ld", code);
- c = errstring;
- break;
+ case SEC_ERROR_IO:
+ c = "io error";
+ break;
+ case SEC_ERROR_LIBRARY_FAILURE:
+ c = "security library failure";
+ break;
+ case SEC_ERROR_BAD_DATA:
+ c = "bad data";
+ break;
+ case SEC_ERROR_OUTPUT_LEN:
+ c = "output length";
+ break;
+ case SEC_ERROR_INPUT_LEN:
+ c = "input length";
+ break;
+ case SEC_ERROR_INVALID_ARGS:
+ c = "invalid args";
+ break;
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
+ c = "expired certificate";
+ break;
+ case SEC_ERROR_REVOKED_CERTIFICATE:
+ c = "revoked certificate";
+ break;
+ case SEC_ERROR_INADEQUATE_KEY_USAGE:
+ c = "inadequate key usage";
+ break;
+ case SEC_ERROR_INADEQUATE_CERT_TYPE:
+ c = "inadequate certificate type";
+ break;
+ case SEC_ERROR_UNTRUSTED_CERT:
+ c = "untrusted cert";
+ break;
+ case SEC_ERROR_NO_KRL:
+ c = "no key revocation list";
+ break;
+ case SEC_ERROR_KRL_BAD_SIGNATURE:
+ c = "key revocation list: bad signature";
+ break;
+ case SEC_ERROR_KRL_EXPIRED:
+ c = "key revocation list expired";
+ break;
+ case SEC_ERROR_REVOKED_KEY:
+ c = "revoked key";
+ break;
+ case SEC_ERROR_CRL_BAD_SIGNATURE:
+ c = "certificate revocation list: bad signature";
+ break;
+ case SEC_ERROR_CRL_EXPIRED:
+ c = "certificate revocation list expired";
+ break;
+ case SEC_ERROR_CRL_NOT_YET_VALID:
+ c = "certificate revocation list not yet valid";
+ break;
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ c = "unknown issuer";
+ break;
+ case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+ c = "expired issuer certificate";
+ break;
+ case SEC_ERROR_BAD_SIGNATURE:
+ c = "bad signature";
+ break;
+ case SEC_ERROR_BAD_KEY:
+ c = "bad key";
+ break;
+ case SEC_ERROR_NOT_FORTEZZA_ISSUER:
+ c = "not fortezza issuer";
+ break;
+ case SEC_ERROR_CA_CERT_INVALID:
+ c = "Certificate Authority certificate invalid";
+ break;
+ case SEC_ERROR_EXTENSION_NOT_FOUND:
+ c = "extension not found";
+ break;
+ case SEC_ERROR_CERT_NOT_IN_NAME_SPACE:
+ c = "certificate not in name space";
+ break;
+ case SEC_ERROR_UNTRUSTED_ISSUER:
+ c = "untrusted issuer";
+ break;
+ default:
+ sprintf(errstring, "security error %ld", code);
+ c = errstring;
+ break;
}
return c;
}
-
/***************************************************************
*
* d i s p l a y V e r i f y L o g
@@ -715,38 +705,36 @@ secErrorString(long code)
void
displayVerifyLog(CERTVerifyLog *log)
{
- CERTVerifyLogNode * node;
- CERTCertificate * cert;
- char *name;
+ CERTVerifyLogNode *node;
+ CERTCertificate *cert;
+ char *name;
- if ( !log || (log->count <= 0) ) {
- return;
+ if (!log || (log->count <= 0)) {
+ return;
}
for (node = log->head; node != NULL; node = node->next) {
- if ( !(cert = node->cert) ) {
- continue;
- }
+ if (!(cert = node->cert)) {
+ continue;
+ }
- /* Get a name for this cert */
- if (cert->nickname != NULL) {
- name = cert->nickname;
- } else if (cert->emailAddr && cert->emailAddr[0]) {
- name = cert->emailAddr;
- } else {
- name = cert->subjectName;
- }
+ /* Get a name for this cert */
+ if (cert->nickname != NULL) {
+ name = cert->nickname;
+ } else if (cert->emailAddr && cert->emailAddr[0]) {
+ name = cert->emailAddr;
+ } else {
+ name = cert->subjectName;
+ }
- printf( "%s%s:\n", name,
- (node->depth > 0) ? " [Certificate Authority]" : "");
-
- printf("\t%s\n", secErrorString(node->error));
+ printf("%s%s:\n", name,
+ (node->depth > 0) ? " [Certificate Authority]" : "");
+ printf("\t%s\n", secErrorString(node->error));
}
}
-
/*
* J a r L i s t M o d u l e s
*
@@ -758,114 +746,112 @@ displayVerifyLog(CERTVerifyLog *log)
void
JarListModules(void)
{
- int i;
- int count = 0;
+ int i;
+ int count = 0;
- SECMODModuleList * modules = NULL;
+ SECMODModuleList *modules = NULL;
static SECMODListLock *moduleLock = NULL;
- SECMODModuleList * mlp;
+ SECMODModuleList *mlp;
if ((moduleLock = SECMOD_GetDefaultModuleListLock()) == NULL) {
- /* this is the wrong text */
- PR_fprintf(errorFD, "%s: unable to acquire lock on module list\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ /* this is the wrong text */
+ PR_fprintf(errorFD, "%s: unable to acquire lock on module list\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
- SECMOD_GetReadLock (moduleLock);
+ SECMOD_GetReadLock(moduleLock);
modules = SECMOD_GetDefaultModuleList();
if (modules == NULL) {
- SECMOD_ReleaseReadLock (moduleLock);
- PR_fprintf(errorFD, "%s: Can't get module list\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ SECMOD_ReleaseReadLock(moduleLock);
+ PR_fprintf(errorFD, "%s: Can't get module list\n", PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
}
PR_fprintf(outputFD, "\nListing of PKCS11 modules\n");
PR_fprintf(outputFD, "-----------------------------------------------\n");
for (mlp = modules; mlp != NULL; mlp = mlp->next) {
- count++;
- PR_fprintf(outputFD, "%3d. %s\n", count, mlp->module->commonName);
-
- if (mlp->module->internal)
- PR_fprintf(outputFD, " (this module is internally loaded)\n");
- else
- PR_fprintf(outputFD, " (this is an external module)\n");
-
- if (mlp->module->dllName)
- PR_fprintf(outputFD, " DLL name: %s\n",
- mlp->module->dllName);
-
- if (mlp->module->slotCount == 0)
- PR_fprintf(outputFD, " slots: There are no slots attached to this module\n");
- else
- PR_fprintf(outputFD, " slots: %d slots attached\n",
- mlp->module->slotCount);
-
- if (mlp->module->loaded == 0)
- PR_fprintf(outputFD, " status: Not loaded\n");
- else
- PR_fprintf(outputFD, " status: loaded\n");
-
- for (i = 0; i < mlp->module->slotCount; i++) {
- PK11SlotInfo * slot = mlp->module->slots[i];
-
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, " slot: %s\n", PK11_GetSlotName(slot));
- PR_fprintf(outputFD, " token: %s\n", PK11_GetTokenName(slot));
- }
+ count++;
+ PR_fprintf(outputFD, "%3d. %s\n", count, mlp->module->commonName);
+
+ if (mlp->module->internal)
+ PR_fprintf(outputFD, " (this module is internally loaded)\n");
+ else
+ PR_fprintf(outputFD, " (this is an external module)\n");
+
+ if (mlp->module->dllName)
+ PR_fprintf(outputFD, " DLL name: %s\n",
+ mlp->module->dllName);
+
+ if (mlp->module->slotCount == 0)
+ PR_fprintf(outputFD, " slots: There are no slots attached to this module\n");
+ else
+ PR_fprintf(outputFD, " slots: %d slots attached\n",
+ mlp->module->slotCount);
+
+ if (mlp->module->loaded == 0)
+ PR_fprintf(outputFD, " status: Not loaded\n");
+ else
+ PR_fprintf(outputFD, " status: loaded\n");
+
+ for (i = 0; i < mlp->module->slotCount; i++) {
+ PK11SlotInfo *slot = mlp->module->slots[i];
+
+ PR_fprintf(outputFD, "\n");
+ PR_fprintf(outputFD, " slot: %s\n", PK11_GetSlotName(slot));
+ PR_fprintf(outputFD, " token: %s\n", PK11_GetTokenName(slot));
+ }
}
PR_fprintf(outputFD, "-----------------------------------------------\n");
if (count == 0)
- PR_fprintf(outputFD,
- "Warning: no modules were found (should have at least one)\n");
+ PR_fprintf(outputFD,
+ "Warning: no modules were found (should have at least one)\n");
- SECMOD_ReleaseReadLock (moduleLock);
+ SECMOD_ReleaseReadLock(moduleLock);
}
-
/**********************************************************************
* c h o p
*
- * Eliminates leading and trailing whitespace. Returns a pointer to the
+ * Eliminates leading and trailing whitespace. Returns a pointer to the
* beginning of non-whitespace, or an empty string if it's all whitespace.
*/
-char*
+char *
chop(char *str)
{
- char *start, *end;
+ char *start, *end;
if (str) {
- start = str;
-
- /* Nip leading whitespace */
- while (isspace(*start)) {
- start++;
- }
-
- /* Nip trailing whitespace */
- if (*start) {
- end = start + strlen(start) - 1;
- while (isspace(*end) && end > start) {
- end--;
- }
- *(end + 1) = '\0';
- }
-
- return start;
+ start = str;
+
+ /* Nip leading whitespace */
+ while (isspace(*start)) {
+ start++;
+ }
+
+ /* Nip trailing whitespace */
+ if (*start) {
+ end = start + strlen(start) - 1;
+ while (isspace(*end) && end > start) {
+ end--;
+ }
+ *(end + 1) = '\0';
+ }
+
+ return start;
} else {
- return NULL;
+ return NULL;
}
}
-
/***********************************************************************
*
* F a t a l E r r o r
@@ -875,15 +861,14 @@ chop(char *str)
void
FatalError(char *msg)
{
- if (!msg)
- msg = "";
+ if (!msg)
+ msg = "";
PR_fprintf(errorFD, "FATAL ERROR: %s\n", msg);
errorCount++;
exit(ERRX);
}
-
/*************************************************************************
*
* I n i t C r y p t o
@@ -892,78 +877,79 @@ int
InitCrypto(char *cert_dir, PRBool readOnly)
{
SECStatus rv;
- static int prior = 0;
- PK11SlotInfo * slotinfo;
+ static int prior = 0;
+ PK11SlotInfo *slotinfo;
if (prior == 0) {
- /* some functions such as OpenKeyDB expect this path to be
- * implicitly set prior to calling */
- if (readOnly) {
- rv = NSS_Init(cert_dir);
- } else {
- rv = NSS_InitReadWrite(cert_dir);
- }
- if (rv != SECSuccess) {
- SECU_PrintPRandOSError(PROGRAM_NAME);
- exit(-1);
- }
-
- SECU_ConfigDirectory (cert_dir);
-
- /* Been there done that */
- prior++;
+ /* some functions such as OpenKeyDB expect this path to be
+ * implicitly set prior to calling */
+ if (readOnly) {
+ rv = NSS_Init(cert_dir);
+ } else {
+ rv = NSS_InitReadWrite(cert_dir);
+ }
+ if (rv != SECSuccess) {
+ SECU_PrintPRandOSError(PROGRAM_NAME);
+ exit(-1);
+ }
+
+ SECU_ConfigDirectory(cert_dir);
+
+ /* Been there done that */
+ prior++;
PK11_SetPasswordFunc(SECU_GetModulePassword);
- /* Must login to FIPS before you do anything else */
- if (PK11_IsFIPS()) {
- slotinfo = PK11_GetInternalSlot();
- if (!slotinfo) {
- fprintf(stderr, "%s: Unable to get PKCS #11 Internal Slot."
- "\n", PROGRAM_NAME);
- return - 1;
- }
- if (PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/,
- &pwdata) != SECSuccess) {
- fprintf(stderr, "%s: Unable to authenticate to %s.\n",
- PROGRAM_NAME, PK11_GetSlotName(slotinfo));
- PK11_FreeSlot(slotinfo);
- return - 1;
- }
- PK11_FreeSlot(slotinfo);
- }
-
- /* Make sure there is a password set on the internal key slot */
- slotinfo = PK11_GetInternalKeySlot();
- if (!slotinfo) {
- fprintf(stderr, "%s: Unable to get PKCS #11 Internal Key Slot."
- "\n", PROGRAM_NAME);
- return - 1;
- }
- if (PK11_NeedUserInit(slotinfo)) {
- PR_fprintf(errorFD,
- "\nWARNING: No password set on internal key database. Most operations will fail."
- "\nYou must create a password.\n");
- warningCount++;
- }
-
- /* Make sure we can authenticate to the key slot in FIPS mode */
- if (PK11_IsFIPS()) {
- if (PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/,
- &pwdata) != SECSuccess) {
- fprintf(stderr, "%s: Unable to authenticate to %s.\n",
- PROGRAM_NAME, PK11_GetSlotName(slotinfo));
- PK11_FreeSlot(slotinfo);
- return - 1;
- }
- }
- PK11_FreeSlot(slotinfo);
+ /* Must login to FIPS before you do anything else */
+ if (PK11_IsFIPS()) {
+ slotinfo = PK11_GetInternalSlot();
+ if (!slotinfo) {
+ fprintf(stderr, "%s: Unable to get PKCS #11 Internal Slot."
+ "\n",
+ PROGRAM_NAME);
+ return -1;
+ }
+ if (PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/,
+ &pwdata) != SECSuccess) {
+ fprintf(stderr, "%s: Unable to authenticate to %s.\n",
+ PROGRAM_NAME, PK11_GetSlotName(slotinfo));
+ PK11_FreeSlot(slotinfo);
+ return -1;
+ }
+ PK11_FreeSlot(slotinfo);
+ }
+
+ /* Make sure there is a password set on the internal key slot */
+ slotinfo = PK11_GetInternalKeySlot();
+ if (!slotinfo) {
+ fprintf(stderr, "%s: Unable to get PKCS #11 Internal Key Slot."
+ "\n",
+ PROGRAM_NAME);
+ return -1;
+ }
+ if (PK11_NeedUserInit(slotinfo)) {
+ PR_fprintf(errorFD,
+ "\nWARNING: No password set on internal key database. Most operations will fail."
+ "\nYou must create a password.\n");
+ warningCount++;
+ }
+
+ /* Make sure we can authenticate to the key slot in FIPS mode */
+ if (PK11_IsFIPS()) {
+ if (PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/,
+ &pwdata) != SECSuccess) {
+ fprintf(stderr, "%s: Unable to authenticate to %s.\n",
+ PROGRAM_NAME, PK11_GetSlotName(slotinfo));
+ PK11_FreeSlot(slotinfo);
+ return -1;
+ }
+ }
+ PK11_FreeSlot(slotinfo);
}
return 0;
}
-
/* Windows foolishness is now in the secutil lib */
/*****************************************************************
@@ -974,129 +960,127 @@ InitCrypto(char *cert_dir, PRBool readOnly)
* use the -d(irectory) parameter.
*
*/
-char *get_default_cert_dir (void)
+char *
+get_default_cert_dir(void)
{
- char *home;
+ char *home;
- char *cd = NULL;
- static char db [FNSIZE];
+ char *cd = NULL;
+ static char db[FNSIZE];
#ifdef XP_UNIX
- home = PR_GetEnvSecure ("HOME");
+ home = PR_GetEnvSecure("HOME");
if (home && *home) {
- sprintf (db, "%s/.netscape", home);
- cd = db;
+ sprintf(db, "%s/.netscape", home);
+ cd = db;
}
#endif
#ifdef XP_PC
- FILE * fp;
+ FILE *fp;
/* first check the environment override */
- home = PR_GetEnvSecure ("JAR_HOME");
+ home = PR_GetEnvSecure("JAR_HOME");
if (home && *home) {
- sprintf (db, "%s/cert7.db", home);
+ sprintf(db, "%s/cert7.db", home);
- if ((fp = fopen (db, "r")) != NULL) {
- fclose (fp);
- cd = home;
- }
+ if ((fp = fopen(db, "r")) != NULL) {
+ fclose(fp);
+ cd = home;
+ }
}
/* try the old navigator directory */
if (cd == NULL) {
- home = "c:/Program Files/Netscape/Navigator";
+ home = "c:/Program Files/Netscape/Navigator";
- sprintf (db, "%s/cert7.db", home);
+ sprintf(db, "%s/cert7.db", home);
- if ((fp = fopen (db, "r")) != NULL) {
- fclose (fp);
- cd = home;
- }
+ if ((fp = fopen(db, "r")) != NULL) {
+ fclose(fp);
+ cd = home;
+ }
}
/* Try the current directory, I wonder if this
is really a good idea. Remember, Windows only.. */
if (cd == NULL) {
- home = ".";
+ home = ".";
- sprintf (db, "%s/cert7.db", home);
+ sprintf(db, "%s/cert7.db", home);
- if ((fp = fopen (db, "r")) != NULL) {
- fclose (fp);
- cd = home;
- }
+ if ((fp = fopen(db, "r")) != NULL) {
+ fclose(fp);
+ cd = home;
+ }
}
#endif
if (!cd) {
- PR_fprintf(errorFD,
- "You must specify the location of your certificate directory\n");
- PR_fprintf(errorFD,
- "with the -d option. Example: -d ~/.netscape in many cases with Unix.\n");
- errorCount++;
- exit (ERRX);
+ PR_fprintf(errorFD,
+ "You must specify the location of your certificate directory\n");
+ PR_fprintf(errorFD,
+ "with the -d option. Example: -d ~/.netscape in many cases with Unix.\n");
+ errorCount++;
+ exit(ERRX);
}
return cd;
}
-
/************************************************************************
* g i v e _ h e l p
*/
-void give_help (int status)
+void
+give_help(int status)
{
if (status == SEC_ERROR_UNKNOWN_ISSUER) {
- PR_fprintf(errorFD,
- "The Certificate Authority (CA) for this certificate\n");
- PR_fprintf(errorFD,
- "does not appear to be in your database. You should contact\n");
- PR_fprintf(errorFD,
- "the organization which issued this certificate to obtain\n");
- PR_fprintf(errorFD, "a copy of its CA Certificate.\n");
+ PR_fprintf(errorFD,
+ "The Certificate Authority (CA) for this certificate\n");
+ PR_fprintf(errorFD,
+ "does not appear to be in your database. You should contact\n");
+ PR_fprintf(errorFD,
+ "the organization which issued this certificate to obtain\n");
+ PR_fprintf(errorFD, "a copy of its CA Certificate.\n");
}
}
-
/**************************************************************************
*
* p r _ f g e t s
*
* fgets implemented with NSPR.
*/
-char*
+char *
pr_fgets(char *buf, int size, PRFileDesc *file)
{
- int i;
- int status;
- char c;
+ int i;
+ int status;
+ char c;
i = 0;
while (i < size - 1) {
- status = PR_Read(file, &c, 1);
- if (status == -1) {
- return NULL;
- } else if (status == 0) {
- if (i == 0) {
- return NULL;
- }
- break;
- }
- buf[i++] = c;
- if (c == '\n') {
- break;
- }
+ status = PR_Read(file, &c, 1);
+ if (status == -1) {
+ return NULL;
+ } else if (status == 0) {
+ if (i == 0) {
+ return NULL;
+ }
+ break;
+ }
+ buf[i++] = c;
+ if (c == '\n') {
+ break;
+ }
}
buf[i] = '\0';
return buf;
}
-
-
diff --git a/cmd/signtool/verify.c b/cmd/signtool/verify.c
index d6b430ee2..a870c67bb 100644
--- a/cmd/signtool/verify.c
+++ b/cmd/signtool/verify.c
@@ -4,10 +4,9 @@
#include "signtool.h"
-
-static int jar_cb(int status, JAR *jar, const char *metafile,
-char *pathname, char *errortext);
-static int verify_global (JAR *jar);
+static int jar_cb(int status, JAR *jar, const char *metafile,
+ char *pathname, char *errortext);
+static int verify_global(JAR *jar);
/*************************************************************************
*
@@ -16,232 +15,233 @@ static int verify_global (JAR *jar);
int
VerifyJar(char *filename)
{
- FILE * fp;
+ FILE *fp;
- int ret;
- int status;
- int failed = 0;
- char *err;
+ int ret;
+ int status;
+ int failed = 0;
+ char *err;
- JAR * jar;
- JAR_Context * ctx;
+ JAR *jar;
+ JAR_Context *ctx;
- JAR_Item * it;
+ JAR_Item *it;
jar = JAR_new();
- if ((fp = fopen (filename, "r")) == NULL) {
- perror (filename);
- exit (ERRX);
+ if ((fp = fopen(filename, "r")) == NULL) {
+ perror(filename);
+ exit(ERRX);
} else
- fclose (fp);
-
- JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);
+ fclose(fp);
+ JAR_set_callback(JAR_CB_SIGNAL, jar, jar_cb);
- status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
+ status = JAR_pass_archive(jar, jarArchGuess, filename, "some-url");
if (status < 0 || jar->valid < 0) {
- failed = 1;
- PR_fprintf(outputFD,
- "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
- filename);
- if (status < 0) {
- const char *errtext;
-
- if (status >= JAR_BASE && status <= JAR_BASE_END) {
- errtext = JAR_get_error (status);
- } else {
- errtext = SECU_Strerror(PORT_GetError());
- }
-
- PR_fprintf(outputFD, " (reported reason: %s)\n\n",
- errtext);
-
- /* corrupt files should not have their contents listed */
-
- if (status == JAR_ERR_CORRUPT)
- return - 1;
- }
- PR_fprintf(outputFD,
- "entries shown below will have their digests checked only.\n");
- jar->valid = 0;
+ failed = 1;
+ PR_fprintf(outputFD,
+ "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
+ filename);
+ if (status < 0) {
+ const char *errtext;
+
+ if (status >= JAR_BASE && status <= JAR_BASE_END) {
+ errtext = JAR_get_error(status);
+ } else {
+ errtext = SECU_Strerror(PORT_GetError());
+ }
+
+ PR_fprintf(outputFD, " (reported reason: %s)\n\n",
+ errtext);
+
+ /* corrupt files should not have their contents listed */
+
+ if (status == JAR_ERR_CORRUPT)
+ return -1;
+ }
+ PR_fprintf(outputFD,
+ "entries shown below will have their digests checked only.\n");
+ jar->valid = 0;
} else
- PR_fprintf(outputFD,
- "archive \"%s\" has passed crypto verification.\n", filename);
+ PR_fprintf(outputFD,
+ "archive \"%s\" has passed crypto verification.\n", filename);
- if (verify_global (jar))
- failed = 1;
+ if (verify_global(jar))
+ failed = 1;
PR_fprintf(outputFD, "\n");
PR_fprintf(outputFD, "%16s %s\n", "status", "path");
PR_fprintf(outputFD, "%16s %s\n", "------------", "-------------------");
- ctx = JAR_find (jar, NULL, jarTypeMF);
-
- while (JAR_find_next (ctx, &it) >= 0) {
- if (it && it->pathname) {
- rm_dash_r(TMP_OUTPUT);
- ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT);
- /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
- if (ret < 0)
- failed = 1;
-
- if (ret == JAR_ERR_PNF)
- err = "NOT PRESENT";
- else if (ret == JAR_ERR_HASH)
- err = "HASH FAILED";
- else
- err = "NOT VERIFIED";
-
- PR_fprintf(outputFD, "%16s %s\n",
- ret >= 0 ? "verified" : err, it->pathname);
-
- if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
- PR_fprintf(outputFD, " (reason: %s)\n",
- JAR_get_error (ret));
- }
+ ctx = JAR_find(jar, NULL, jarTypeMF);
+
+ while (JAR_find_next(ctx, &it) >= 0) {
+ if (it && it->pathname) {
+ rm_dash_r(TMP_OUTPUT);
+ ret = JAR_verified_extract(jar, it->pathname, TMP_OUTPUT);
+ /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
+ if (ret < 0)
+ failed = 1;
+
+ if (ret == JAR_ERR_PNF)
+ err = "NOT PRESENT";
+ else if (ret == JAR_ERR_HASH)
+ err = "HASH FAILED";
+ else
+ err = "NOT VERIFIED";
+
+ PR_fprintf(outputFD, "%16s %s\n",
+ ret >= 0 ? "verified" : err, it->pathname);
+
+ if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
+ PR_fprintf(outputFD, " (reason: %s)\n",
+ JAR_get_error(ret));
+ }
}
- JAR_find_end (ctx);
+ JAR_find_end(ctx);
if (status < 0 || jar->valid < 0) {
- failed = 1;
- PR_fprintf(outputFD,
- "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
- filename);
- give_help (status);
+ failed = 1;
+ PR_fprintf(outputFD,
+ "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
+ filename);
+ give_help(status);
}
- JAR_destroy (jar);
+ JAR_destroy(jar);
if (failed)
- return - 1;
+ return -1;
return 0;
}
-
/***************************************************************************
*
* v e r i f y _ g l o b a l
*/
-static int
-verify_global (JAR *jar)
+static int
+verify_global(JAR *jar)
{
- FILE * fp;
- JAR_Context * ctx;
- JAR_Item * it;
- JAR_Digest * globaldig;
- char * ext;
+ FILE *fp;
+ JAR_Context *ctx;
+ JAR_Item *it;
+ JAR_Digest *globaldig;
+ char *ext;
unsigned char *md5_digest, *sha1_digest;
- unsigned int sha1_length, md5_length;
- int retval = 0;
- char buf [BUFSIZ];
-
- ctx = JAR_find (jar, "*", jarTypePhy);
-
- while (JAR_find_next (ctx, &it) >= 0) {
- if (!PORT_Strncmp (it->pathname, "META-INF", 8)) {
- for (ext = it->pathname; *ext; ext++)
- ;
- while (ext > it->pathname && *ext != '.')
- ext--;
-
- if (verbosity >= 0) {
- if (!PORT_Strcasecmp (ext, ".rsa")) {
- PR_fprintf(outputFD, "found a RSA signature file: %s\n",
- it->pathname);
- }
-
- if (!PORT_Strcasecmp (ext, ".dsa")) {
- PR_fprintf(outputFD, "found a DSA signature file: %s\n",
- it->pathname);
- }
-
- if (!PORT_Strcasecmp (ext, ".mf")) {
- PR_fprintf(outputFD,
- "found a MF master manifest file: %s\n",
- it->pathname);
- }
- }
-
- if (!PORT_Strcasecmp (ext, ".sf")) {
- if (verbosity >= 0) {
- PR_fprintf(outputFD,
- "found a SF signature manifest file: %s\n",
- it->pathname);
- }
-
- rm_dash_r(TMP_OUTPUT);
- if (JAR_extract (jar, it->pathname, TMP_OUTPUT) < 0) {
- PR_fprintf(errorFD, "%s: error extracting %s\n",
- PROGRAM_NAME, it->pathname);
- errorCount++;
- retval = -1;
- continue;
- }
-
- md5_digest = NULL;
- sha1_digest = NULL;
-
- if ((fp = fopen (TMP_OUTPUT, "rb")) != NULL) {
- while (fgets (buf, BUFSIZ, fp)) {
- char *s;
-
- if (*buf == 0 || *buf == '\n' || *buf == '\r')
- break;
-
- for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
- ;
- *s = 0;
-
- if (!PORT_Strncmp (buf, "MD5-Digest: ", 12)) {
- md5_digest =
- ATOB_AsciiToData (buf + 12, &md5_length);
- }
- if (!PORT_Strncmp (buf, "SHA1-Digest: ", 13)) {
- sha1_digest =
- ATOB_AsciiToData (buf + 13, &sha1_length);
- }
- if (!PORT_Strncmp (buf, "SHA-Digest: ", 12)) {
- sha1_digest =
- ATOB_AsciiToData (buf + 12, &sha1_length);
- }
- }
-
- globaldig = jar->globalmeta;
-
- if (globaldig && md5_digest && verbosity >= 0) {
- PR_fprintf(outputFD,
- " md5 digest on global metainfo: %s\n",
- PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
- ? "no match" : "match");
- }
-
- if (globaldig && sha1_digest && verbosity >= 0) {
- PR_fprintf(outputFD,
- " sha digest on global metainfo: %s\n",
- PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
- ? "no match" : "match");
- }
-
- if (globaldig == NULL && verbosity >= 0) {
- PR_fprintf(outputFD,
- "global metadigest is not available, strange.\n");
- }
-
- fclose (fp);
- }
- }
- }
+ unsigned int sha1_length, md5_length;
+ int retval = 0;
+ char buf[BUFSIZ];
+
+ ctx = JAR_find(jar, "*", jarTypePhy);
+
+ while (JAR_find_next(ctx, &it) >= 0) {
+ if (!PORT_Strncmp(it->pathname, "META-INF", 8)) {
+ for (ext = it->pathname; *ext; ext++)
+ ;
+ while (ext > it->pathname && *ext != '.')
+ ext--;
+
+ if (verbosity >= 0) {
+ if (!PORT_Strcasecmp(ext, ".rsa")) {
+ PR_fprintf(outputFD, "found a RSA signature file: %s\n",
+ it->pathname);
+ }
+
+ if (!PORT_Strcasecmp(ext, ".dsa")) {
+ PR_fprintf(outputFD, "found a DSA signature file: %s\n",
+ it->pathname);
+ }
+
+ if (!PORT_Strcasecmp(ext, ".mf")) {
+ PR_fprintf(outputFD,
+ "found a MF master manifest file: %s\n",
+ it->pathname);
+ }
+ }
+
+ if (!PORT_Strcasecmp(ext, ".sf")) {
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD,
+ "found a SF signature manifest file: %s\n",
+ it->pathname);
+ }
+
+ rm_dash_r(TMP_OUTPUT);
+ if (JAR_extract(jar, it->pathname, TMP_OUTPUT) < 0) {
+ PR_fprintf(errorFD, "%s: error extracting %s\n",
+ PROGRAM_NAME, it->pathname);
+ errorCount++;
+ retval = -1;
+ continue;
+ }
+
+ md5_digest = NULL;
+ sha1_digest = NULL;
+
+ if ((fp = fopen(TMP_OUTPUT, "rb")) != NULL) {
+ while (fgets(buf, BUFSIZ, fp)) {
+ char *s;
+
+ if (*buf == 0 || *buf == '\n' || *buf == '\r')
+ break;
+
+ for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
+ ;
+ *s = 0;
+
+ if (!PORT_Strncmp(buf, "MD5-Digest: ", 12)) {
+ md5_digest =
+ ATOB_AsciiToData(buf + 12, &md5_length);
+ }
+ if (!PORT_Strncmp(buf, "SHA1-Digest: ", 13)) {
+ sha1_digest =
+ ATOB_AsciiToData(buf + 13, &sha1_length);
+ }
+ if (!PORT_Strncmp(buf, "SHA-Digest: ", 12)) {
+ sha1_digest =
+ ATOB_AsciiToData(buf + 12, &sha1_length);
+ }
+ }
+
+ globaldig = jar->globalmeta;
+
+ if (globaldig && md5_digest && verbosity >= 0) {
+ PR_fprintf(outputFD,
+ " md5 digest on global metainfo: %s\n",
+ PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
+ ?
+ "no match"
+ : "match");
+ }
+
+ if (globaldig && sha1_digest && verbosity >= 0) {
+ PR_fprintf(outputFD,
+ " sha digest on global metainfo: %s\n",
+ PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
+ ?
+ "no match"
+ : "match");
+ }
+
+ if (globaldig == NULL && verbosity >= 0) {
+ PR_fprintf(outputFD,
+ "global metadigest is not available, strange.\n");
+ }
+
+ fclose(fp);
+ }
+ }
+ }
}
- JAR_find_end (ctx);
+ JAR_find_end(ctx);
return retval;
}
-
/************************************************************************
*
* J a r W h o
@@ -249,91 +249,89 @@ verify_global (JAR *jar)
int
JarWho(char *filename)
{
- FILE * fp;
+ FILE *fp;
- JAR * jar;
- JAR_Context * ctx;
+ JAR *jar;
+ JAR_Context *ctx;
- int status;
- int retval = 0;
+ int status;
+ int retval = 0;
- JAR_Item * it;
- JAR_Cert * fing;
+ JAR_Item *it;
+ JAR_Cert *fing;
- CERTCertificate * cert, *prev = NULL;
+ CERTCertificate *cert, *prev = NULL;
jar = JAR_new();
- if ((fp = fopen (filename, "r")) == NULL) {
- perror (filename);
- exit (ERRX);
- }
- fclose (fp);
+ if ((fp = fopen(filename, "r")) == NULL) {
+ perror(filename);
+ exit(ERRX);
+ }
+ fclose(fp);
- status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
+ status = JAR_pass_archive(jar, jarArchGuess, filename, "some-url");
if (status < 0 || jar->valid < 0) {
- PR_fprintf(outputFD,
- "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
- filename);
- retval = -1;
- if (jar->valid < 0 || status != -1) {
- const char *errtext;
-
- if (status >= JAR_BASE && status <= JAR_BASE_END) {
- errtext = JAR_get_error (status);
- } else {
- errtext = SECU_Strerror(PORT_GetError());
- }
-
- PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext);
- }
+ PR_fprintf(outputFD,
+ "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
+ filename);
+ retval = -1;
+ if (jar->valid < 0 || status != -1) {
+ const char *errtext;
+
+ if (status >= JAR_BASE && status <= JAR_BASE_END) {
+ errtext = JAR_get_error(status);
+ } else {
+ errtext = SECU_Strerror(PORT_GetError());
+ }
+
+ PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext);
+ }
}
PR_fprintf(outputFD, "\nSigner information:\n\n");
- ctx = JAR_find (jar, NULL, jarTypeSign);
-
- while (JAR_find_next (ctx, &it) >= 0) {
- fing = (JAR_Cert * ) it->data;
- cert = fing->cert;
-
- if (cert) {
- if (prev == cert)
- break;
-
- if (cert->nickname)
- PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
- if (cert->subjectName)
- PR_fprintf(outputFD, "subject name: %s\n",
- cert->subjectName);
- if (cert->issuerName)
- PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
- } else {
- PR_fprintf(outputFD, "no certificate could be found\n");
- retval = -1;
- }
-
- prev = cert;
+ ctx = JAR_find(jar, NULL, jarTypeSign);
+
+ while (JAR_find_next(ctx, &it) >= 0) {
+ fing = (JAR_Cert *)it->data;
+ cert = fing->cert;
+
+ if (cert) {
+ if (prev == cert)
+ break;
+
+ if (cert->nickname)
+ PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
+ if (cert->subjectName)
+ PR_fprintf(outputFD, "subject name: %s\n",
+ cert->subjectName);
+ if (cert->issuerName)
+ PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
+ } else {
+ PR_fprintf(outputFD, "no certificate could be found\n");
+ retval = -1;
+ }
+
+ prev = cert;
}
- JAR_find_end (ctx);
+ JAR_find_end(ctx);
- JAR_destroy (jar);
+ JAR_destroy(jar);
return retval;
}
-
/************************************************************************
* j a r _ c b
*/
-static int jar_cb(int status, JAR *jar, const char *metafile,
-char *pathname, char *errortext)
+static int
+jar_cb(int status, JAR *jar, const char *metafile,
+ char *pathname, char *errortext)
{
PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext,
- pathname);
+ pathname);
errorCount++;
return 0;
}
-
-
diff --git a/cmd/signtool/zip.c b/cmd/signtool/zip.c
index 7f1310c3d..3ec5b092b 100644
--- a/cmd/signtool/zip.c
+++ b/cmd/signtool/zip.c
@@ -7,126 +7,120 @@
#include "zlib.h"
#include "prmem.h"
-static void inttox (int in, char *out);
-static void longtox (long in, char *out);
+static void inttox(int in, char *out);
+static void longtox(long in, char *out);
/****************************************************************
*
* J z i p O p e n
*
- * Opens a new ZIP file and creates a new ZIPfile structure to
+ * Opens a new ZIP file and creates a new ZIPfile structure to
* control the process of installing files into a zip.
*/
-ZIPfile*
+ZIPfile *
JzipOpen(char *filename, char *comment)
{
- ZIPfile * zipfile;
+ ZIPfile *zipfile;
PRExplodedTime prtime;
zipfile = PORT_ZAlloc(sizeof(ZIPfile));
- if (!zipfile)
- out_of_memory();
+ if (!zipfile)
+ out_of_memory();
/* Construct time and date */
PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &prtime);
- zipfile->date = ((prtime.tm_year - 1980) << 9) |
- ((prtime.tm_month + 1) << 5) |
- prtime.tm_mday;
- zipfile->time = (prtime.tm_hour << 11) |
- (prtime.tm_min << 5) |
- (prtime.tm_sec & 0x3f);
+ zipfile->date = ((prtime.tm_year - 1980) << 9) |
+ ((prtime.tm_month + 1) << 5) |
+ prtime.tm_mday;
+ zipfile->time = (prtime.tm_hour << 11) |
+ (prtime.tm_min << 5) |
+ (prtime.tm_sec & 0x3f);
zipfile->fp = NULL;
- if (filename &&
+ if (filename &&
(zipfile->fp = PR_Open(filename,
- PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0777)) == NULL) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "%s: can't open output jar, %s.%s\n",
- PROGRAM_NAME,
- filename, nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit (ERRX);
+ PR_WRONLY |
+ PR_CREATE_FILE |
+ PR_TRUNCATE,
+ 0777)) == NULL) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "%s: can't open output jar, %s.%s\n",
+ PROGRAM_NAME,
+ filename, nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
}
zipfile->list = NULL;
if (filename) {
- zipfile->filename = PORT_ZAlloc(strlen(filename) + 1);
- if (!zipfile->filename)
- out_of_memory();
- PORT_Strcpy(zipfile->filename, filename);
+ zipfile->filename = PORT_ZAlloc(strlen(filename) + 1);
+ if (!zipfile->filename)
+ out_of_memory();
+ PORT_Strcpy(zipfile->filename, filename);
}
if (comment) {
- zipfile->comment = PORT_ZAlloc(strlen(comment) + 1);
- if (!zipfile->comment)
- out_of_memory();
- PORT_Strcpy(zipfile->comment, comment);
+ zipfile->comment = PORT_ZAlloc(strlen(comment) + 1);
+ if (!zipfile->comment)
+ out_of_memory();
+ PORT_Strcpy(zipfile->comment, comment);
}
return zipfile;
}
-
-static
-void*
-my_alloc_func(void*opaque, uInt items, uInt size)
+static void *
+my_alloc_func(void *opaque, uInt items, uInt size)
{
return PORT_Alloc(items * size);
}
-
-static
-void
-my_free_func(void*opaque, void*address)
+static void
+my_free_func(void *opaque, void *address)
{
PORT_Free(address);
}
-
-static
-void
+static void
handle_zerror(int err, char *msg)
{
if (!msg) {
- msg = "";
+ msg = "";
}
errorCount++; /* unless Z_OK...see below */
switch (err) {
- case Z_OK:
- PR_fprintf(errorFD, "No error: %s\n", msg);
- errorCount--; /* this was incremented above */
- break;
- case Z_MEM_ERROR:
- PR_fprintf(errorFD, "Deflation ran out of memory: %s\n", msg);
- break;
- case Z_STREAM_ERROR:
- PR_fprintf(errorFD, "Invalid compression level: %s\n", msg);
- break;
- case Z_VERSION_ERROR:
- PR_fprintf(errorFD, "Incompatible compression library version: %s\n",
- msg);
- break;
- case Z_DATA_ERROR:
- PR_fprintf(errorFD, "Compression data error: %s\n", msg);
- break;
- default:
- PR_fprintf(errorFD, "Unknown error in compression library: %s\n", msg);
- break;
+ case Z_OK:
+ PR_fprintf(errorFD, "No error: %s\n", msg);
+ errorCount--; /* this was incremented above */
+ break;
+ case Z_MEM_ERROR:
+ PR_fprintf(errorFD, "Deflation ran out of memory: %s\n", msg);
+ break;
+ case Z_STREAM_ERROR:
+ PR_fprintf(errorFD, "Invalid compression level: %s\n", msg);
+ break;
+ case Z_VERSION_ERROR:
+ PR_fprintf(errorFD, "Incompatible compression library version: %s\n",
+ msg);
+ break;
+ case Z_DATA_ERROR:
+ PR_fprintf(errorFD, "Compression data error: %s\n", msg);
+ break;
+ default:
+ PR_fprintf(errorFD, "Unknown error in compression library: %s\n", msg);
+ break;
}
}
-
-
-
/****************************************************************
*
* J z i p A d d
@@ -137,42 +131,40 @@ handle_zerror(int err, char *msg)
int
JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
{
- ZIPentry * entry;
- PRFileDesc * readfp;
- PRFileDesc * zipfp;
+ ZIPentry *entry;
+ PRFileDesc *readfp;
+ PRFileDesc *zipfp;
unsigned long crc;
unsigned long local_size_pos;
- int num;
- int err;
- int deflate_percent;
- z_stream zstream;
- Bytef inbuf[BUFSIZ];
- Bytef outbuf[BUFSIZ];
-
+ int num;
+ int err;
+ int deflate_percent;
+ z_stream zstream;
+ Bytef inbuf[BUFSIZ];
+ Bytef outbuf[BUFSIZ];
- if ( !fullname || !filename || !zipfile) {
- return - 1;
+ if (!fullname || !filename || !zipfile) {
+ return -1;
}
zipfp = zipfile->fp;
if (!zipfp)
- return - 1;
-
-
- if ( (readfp = PR_Open(fullname, PR_RDONLY, 0777)) == NULL) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "%s: %s\n", fullname, nsprErr ? nsprErr :
- "");
- errorCount++;
- if (nsprErr)
- PR_Free(nsprErr);
- exit(ERRX);
+ return -1;
+
+ if ((readfp = PR_Open(fullname, PR_RDONLY, 0777)) == NULL) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "%s: %s\n", fullname, nsprErr ? nsprErr :
+ "");
+ errorCount++;
+ if (nsprErr)
+ PR_Free(nsprErr);
+ exit(ERRX);
}
/*
@@ -180,50 +172,50 @@ JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
* Add a few bytes to the end of the JAR file and see if the input file
* twitches
*/
- {
- PRInt32 endOfJar;
- PRInt32 inputSize;
- PRBool isSame;
+ {
+ PRInt32 endOfJar;
+ PRInt32 inputSize;
+ PRBool isSame;
- inputSize = PR_Available(readfp);
+ inputSize = PR_Available(readfp);
- endOfJar = PR_Seek(zipfp, 0L, PR_SEEK_CUR);
+ endOfJar = PR_Seek(zipfp, 0L, PR_SEEK_CUR);
- if (PR_Write(zipfp, "abcde", 5) < 5) {
- char *nsprErr;
+ if (PR_Write(zipfp, "abcde", 5) < 5) {
+ char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing to zip file: %s\n",
- nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing to zip file: %s\n",
+ nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
+ }
- isSame = (PR_Available(readfp) != inputSize);
+ isSame = (PR_Available(readfp) != inputSize);
- PR_Seek(zipfp, endOfJar, PR_SEEK_SET);
+ PR_Seek(zipfp, endOfJar, PR_SEEK_SET);
- if (isSame) {
- /* It's the same file! Forget it! */
- PR_Close(readfp);
- return 0;
- }
+ if (isSame) {
+ /* It's the same file! Forget it! */
+ PR_Close(readfp);
+ return 0;
+ }
}
if (verbosity >= 0) {
- PR_fprintf(outputFD, "adding %s to %s...", fullname, zipfile->filename);
+ PR_fprintf(outputFD, "adding %s to %s...", fullname, zipfile->filename);
}
entry = PORT_ZAlloc(sizeof(ZIPentry));
- if (!entry)
- out_of_memory();
+ if (!entry)
+ out_of_memory();
entry->filename = PORT_Strdup(filename);
entry->comment = NULL;
@@ -239,18 +231,18 @@ JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
longtox(CSIG, entry->central.signature);
inttox(strlen(filename), entry->central.filename_len);
if (entry->comment) {
- inttox(strlen(entry->comment), entry->central.commentfield_len);
+ inttox(strlen(entry->comment), entry->central.commentfield_len);
}
longtox(PR_Seek(zipfile->fp, 0, PR_SEEK_CUR),
- entry->central.localhdr_offset);
+ entry->central.localhdr_offset);
inttox(zipfile->time, entry->central.time);
inttox(zipfile->date, entry->central.date);
inttox(Z_DEFLATED, entry->central.method);
/* Compute crc. Too bad we have to process the whole file to do this*/
crc = crc32(0L, NULL, 0);
- while ( (num = PR_Read(readfp, inbuf, BUFSIZ)) > 0) {
- crc = crc32(crc, inbuf, num);
+ while ((num = PR_Read(readfp, inbuf, BUFSIZ)) > 0) {
+ crc = crc32(crc, inbuf, num);
}
PR_Seek(readfp, 0L, PR_SEEK_SET);
@@ -260,17 +252,17 @@ JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
/* Stick this entry onto the end of the list */
entry->next = NULL;
- if ( zipfile->list == NULL ) {
- /* First entry */
- zipfile->list = entry;
+ if (zipfile->list == NULL) {
+ /* First entry */
+ zipfile->list = entry;
} else {
- ZIPentry * pe;
+ ZIPentry *pe;
- pe = zipfile->list;
- while (pe->next != NULL) {
- pe = pe->next;
- }
- pe->next = entry;
+ pe = zipfile->list;
+ while (pe->next != NULL) {
+ pe = pe->next;
+ }
+ pe->next = entry;
}
/*
@@ -279,38 +271,38 @@ JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
local_size_pos = PR_Seek(zipfp, 0, PR_SEEK_CUR) + 18;
/* File header */
- if (PR_Write(zipfp, &entry->local, sizeof(struct ZipLocal ))
- < sizeof(struct ZipLocal )) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr :
- "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
+ if (PR_Write(zipfp, &entry->local, sizeof(struct ZipLocal)) <
+ sizeof(struct ZipLocal)) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr :
+ "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
}
/* File Name */
- if ( PR_Write(zipfp, filename, strlen(filename)) < strlen(filename)) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr :
- "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
+ if (PR_Write(zipfp, filename, strlen(filename)) < strlen(filename)) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr :
+ "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
}
/*
@@ -331,140 +323,140 @@ JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
* work in PKZIP files.
*/
err = deflateInit2(&zstream, compression_level, Z_DEFLATED,
- -MAX_WBITS, 8 /*default*/, Z_DEFAULT_STRATEGY);
+ -MAX_WBITS, 8 /*default*/, Z_DEFAULT_STRATEGY);
if (err != Z_OK) {
- handle_zerror(err, zstream.msg);
- exit(ERRX);
- }
-
- while ( (zstream.avail_in = PR_Read(readfp, inbuf, BUFSIZ)) > 0) {
- zstream.next_in = inbuf;
- /* Process this chunk of data */
- while (zstream.avail_in > 0) {
- err = deflate(&zstream, Z_NO_FLUSH);
- if (err != Z_OK) {
- handle_zerror(err, zstream.msg);
- exit(ERRX);
- }
- if (zstream.avail_out <= 0) {
- if ( PR_Write(zipfp, outbuf, BUFSIZ) < BUFSIZ) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- zstream.next_out = outbuf;
- zstream.avail_out = BUFSIZ;
- }
- }
+ handle_zerror(err, zstream.msg);
+ exit(ERRX);
+ }
+
+ while ((zstream.avail_in = PR_Read(readfp, inbuf, BUFSIZ)) > 0) {
+ zstream.next_in = inbuf;
+ /* Process this chunk of data */
+ while (zstream.avail_in > 0) {
+ err = deflate(&zstream, Z_NO_FLUSH);
+ if (err != Z_OK) {
+ handle_zerror(err, zstream.msg);
+ exit(ERRX);
+ }
+ if (zstream.avail_out <= 0) {
+ if (PR_Write(zipfp, outbuf, BUFSIZ) < BUFSIZ) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing zip data: %s\n",
+ nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
+ }
+ zstream.next_out = outbuf;
+ zstream.avail_out = BUFSIZ;
+ }
+ }
}
/* Now flush everything */
while (1) {
- err = deflate(&zstream, Z_FINISH);
- if (err == Z_STREAM_END) {
- break;
- } else if (err == Z_OK) {
- /* output buffer full, repeat */
- } else {
- handle_zerror(err, zstream.msg);
- exit(ERRX);
- }
- if ( PR_Write(zipfp, outbuf, BUFSIZ) < BUFSIZ) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- zstream.avail_out = BUFSIZ;
- zstream.next_out = outbuf;
+ err = deflate(&zstream, Z_FINISH);
+ if (err == Z_STREAM_END) {
+ break;
+ } else if (err == Z_OK) {
+ /* output buffer full, repeat */
+ } else {
+ handle_zerror(err, zstream.msg);
+ exit(ERRX);
+ }
+ if (PR_Write(zipfp, outbuf, BUFSIZ) < BUFSIZ) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing zip data: %s\n",
+ nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
+ }
+ zstream.avail_out = BUFSIZ;
+ zstream.next_out = outbuf;
}
/* If there's any output left, write it out. */
if (zstream.next_out != outbuf) {
- if ( PR_Write(zipfp, outbuf, zstream.next_out - outbuf) <
- zstream.next_out - outbuf) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- zstream.avail_out = BUFSIZ;
- zstream.next_out = outbuf;
+ if (PR_Write(zipfp, outbuf, zstream.next_out - outbuf) <
+ zstream.next_out - outbuf) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing zip data: %s\n",
+ nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
+ }
+ zstream.avail_out = BUFSIZ;
+ zstream.next_out = outbuf;
}
/* Now that we know the compressed size, write this to the headers */
longtox(zstream.total_in, entry->local.orglen);
longtox(zstream.total_out, entry->local.size);
if (PR_Seek(zipfp, local_size_pos, PR_SEEK_SET) == -1) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Accessing zip file: %s\n", nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- if ( PR_Write(zipfp, entry->local.size, 8) != 8) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Accessing zip file: %s\n", nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
+ }
+ if (PR_Write(zipfp, entry->local.size, 8) != 8) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
}
if (PR_Seek(zipfp, 0L, PR_SEEK_END) == -1) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Accessing zip file: %s\n",
- nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Accessing zip file: %s\n",
+ nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
}
longtox(zstream.total_in, entry->central.orglen);
longtox(zstream.total_out, entry->central.size);
@@ -472,26 +464,26 @@ JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
/* Close out the deflation operation */
err = deflateEnd(&zstream);
if (err != Z_OK) {
- handle_zerror(err, zstream.msg);
- exit(ERRX);
+ handle_zerror(err, zstream.msg);
+ exit(ERRX);
}
PR_Close(readfp);
if ((zstream.total_in > zstream.total_out) && (zstream.total_in > 0)) {
- deflate_percent = (int)
- ((zstream.total_in - zstream.total_out) *100 / zstream.total_in);
+ deflate_percent = (int)((zstream.total_in -
+ zstream.total_out) *
+ 100 / zstream.total_in);
} else {
- deflate_percent = 0;
+ deflate_percent = 0;
}
if (verbosity >= 0) {
- PR_fprintf(outputFD, "(deflated %d%%)\n", deflate_percent);
+ PR_fprintf(outputFD, "(deflated %d%%)\n", deflate_percent);
}
return 0;
}
-
/********************************************************************
* J z i p C l o s e
*
@@ -500,18 +492,18 @@ JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
int
JzipClose(ZIPfile *zipfile)
{
- ZIPentry * pe, *dead;
- PRFileDesc * zipfp;
+ ZIPentry *pe, *dead;
+ PRFileDesc *zipfp;
struct ZipEnd zipend;
- unsigned int entrycount = 0;
+ unsigned int entrycount = 0;
if (!zipfile) {
- return - 1;
+ return -1;
}
if (!zipfile->filename) {
- /* bogus */
- return 0;
+ /* bogus */
+ return 0;
}
zipfp = zipfile->fp;
@@ -520,74 +512,74 @@ JzipClose(ZIPfile *zipfile)
/* Write out all the central directories */
pe = zipfile->list;
while (pe) {
- entrycount++;
-
- /* Write central directory info */
- if ( PR_Write(zipfp, &pe->central, sizeof(struct ZipCentral ))
- < sizeof(struct ZipCentral )) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
-
- /* Write filename */
- if ( PR_Write(zipfp, pe->filename, strlen(pe->filename))
- < strlen(pe->filename)) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
-
- /* Write file comment */
- if (pe->comment) {
- if ( PR_Write(zipfp, pe->comment, strlen(pe->comment))
- < strlen(pe->comment)) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
- }
-
- /* Delete the structure */
- dead = pe;
- pe = pe->next;
- if (dead->filename) {
- PORT_Free(dead->filename);
- }
- if (dead->comment) {
- PORT_Free(dead->comment);
- }
- PORT_Free(dead);
+ entrycount++;
+
+ /* Write central directory info */
+ if (PR_Write(zipfp, &pe->central, sizeof(struct ZipCentral)) <
+ sizeof(struct ZipCentral)) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing zip data: %s\n",
+ nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
+ }
+
+ /* Write filename */
+ if (PR_Write(zipfp, pe->filename, strlen(pe->filename)) <
+ strlen(pe->filename)) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing zip data: %s\n",
+ nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
+ }
+
+ /* Write file comment */
+ if (pe->comment) {
+ if (PR_Write(zipfp, pe->comment, strlen(pe->comment)) <
+ strlen(pe->comment)) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing zip data: %s\n",
+ nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
+ }
+ }
+
+ /* Delete the structure */
+ dead = pe;
+ pe = pe->next;
+ if (dead->filename) {
+ PORT_Free(dead->filename);
+ }
+ if (dead->comment) {
+ PORT_Free(dead->comment);
+ }
+ PORT_Free(dead);
}
zipfile->central_end = PR_Seek(zipfile->fp, 0L, PR_SEEK_CUR);
@@ -597,64 +589,63 @@ JzipClose(ZIPfile *zipfile)
inttox(entrycount, zipend.total_entries_disk);
inttox(entrycount, zipend.total_entries_archive);
longtox(zipfile->central_end - zipfile->central_start,
- zipend.central_dir_size);
+ zipend.central_dir_size);
longtox(zipfile->central_start, zipend.offset_central_dir);
if (zipfile->comment) {
- inttox(strlen(zipfile->comment), zipend.commentfield_len);
+ inttox(strlen(zipfile->comment), zipend.commentfield_len);
}
/* Write out ZipEnd xtructure */
- if ( PR_Write(zipfp, &zipend, sizeof(zipend)) < sizeof(zipend)) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
+ if (PR_Write(zipfp, &zipend, sizeof(zipend)) < sizeof(zipend)) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing zip data: %s\n",
+ nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
}
/* Write out Zipfile comment */
if (zipfile->comment) {
- if ( PR_Write(zipfp, zipfile->comment, strlen(zipfile->comment))
- < strlen(zipfile->comment)) {
- char *nsprErr;
- if (PR_GetErrorTextLength()) {
- nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
- PR_GetErrorText(nsprErr);
- } else {
- nsprErr = NULL;
- }
- PR_fprintf(errorFD, "Writing zip data: %s\n",
- nsprErr ? nsprErr : "");
- if (nsprErr)
- PR_Free(nsprErr);
- errorCount++;
- exit(ERRX);
- }
+ if (PR_Write(zipfp, zipfile->comment, strlen(zipfile->comment)) <
+ strlen(zipfile->comment)) {
+ char *nsprErr;
+ if (PR_GetErrorTextLength()) {
+ nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+ PR_GetErrorText(nsprErr);
+ } else {
+ nsprErr = NULL;
+ }
+ PR_fprintf(errorFD, "Writing zip data: %s\n",
+ nsprErr ? nsprErr : "");
+ if (nsprErr)
+ PR_Free(nsprErr);
+ errorCount++;
+ exit(ERRX);
+ }
}
PR_Close(zipfp);
/* Free the memory of the zipfile structure */
if (zipfile->filename) {
- PORT_Free(zipfile->filename);
+ PORT_Free(zipfile->filename);
}
if (zipfile->comment) {
- PORT_Free(zipfile->comment);
+ PORT_Free(zipfile->comment);
}
PORT_Free(zipfile);
return 0;
}
-
/**********************************************
* i n t t o x
*
@@ -663,13 +654,13 @@ JzipClose(ZIPfile *zipfile)
*
*/
-static void inttox (int in, char *out)
+static void
+inttox(int in, char *out)
{
- out [0] = (in & 0xFF);
- out [1] = (in & 0xFF00) >> 8;
+ out[0] = (in & 0xFF);
+ out[1] = (in & 0xFF00) >> 8;
}
-
/*********************************************
* l o n g t o x
*
@@ -678,12 +669,11 @@ static void inttox (int in, char *out)
*
*/
-static void longtox (long in, char *out)
+static void
+longtox(long in, char *out)
{
- out [0] = (in & 0xFF);
- out [1] = (in & 0xFF00) >> 8;
- out [2] = (in & 0xFF0000) >> 16;
- out [3] = (in & 0xFF000000) >> 24;
+ out[0] = (in & 0xFF);
+ out[1] = (in & 0xFF00) >> 8;
+ out[2] = (in & 0xFF0000) >> 16;
+ out[3] = (in & 0xFF000000) >> 24;
}
-
-
diff --git a/cmd/signtool/zip.h b/cmd/signtool/zip.h
index 04ec3bb29..1c0076223 100644
--- a/cmd/signtool/zip.h
+++ b/cmd/signtool/zip.h
@@ -18,34 +18,33 @@
* put the central directory entries for each file.
*/
typedef struct ZIPentry_s {
- struct ZipLocal local; /* local header info */
- struct ZipCentral central; /* central directory info */
- char *filename; /* name of file */
- char *comment; /* comment for this file -- optional */
+ struct ZipLocal local; /* local header info */
+ struct ZipCentral central; /* central directory info */
+ char *filename; /* name of file */
+ char *comment; /* comment for this file -- optional */
- struct ZIPentry_s *next;
+ struct ZIPentry_s *next;
} ZIPentry;
/* This structure contains the necessary data for putting a ZIP file
* together. Has some overall information and a list of ZIPentrys.
*/
typedef struct ZIPfile_s {
- char *filename; /* ZIP file name */
- char *comment; /* ZIP file comment -- may be NULL */
- PRFileDesc *fp; /* ZIP file pointer */
- ZIPentry *list; /* one entry for each file in the archive */
- unsigned int time; /* the GMT time of creation, in DOS format */
- unsigned int date; /* the GMT date of creation, in DOS format */
- unsigned long central_start; /* starting offset of central directory */
- unsigned long central_end; /*index right after the last byte of central*/
+ char *filename; /* ZIP file name */
+ char *comment; /* ZIP file comment -- may be NULL */
+ PRFileDesc *fp; /* ZIP file pointer */
+ ZIPentry *list; /* one entry for each file in the archive */
+ unsigned int time; /* the GMT time of creation, in DOS format */
+ unsigned int date; /* the GMT date of creation, in DOS format */
+ unsigned long central_start; /* starting offset of central directory */
+ unsigned long central_end; /*index right after the last byte of central*/
} ZIPfile;
-
/* Open a new ZIP file. Takes the name of the zip file and an optional
* comment to be included in the file. Returns a new ZIPfile structure
* which is used by JzipAdd and JzipClose
*/
-ZIPfile* JzipOpen(char *filename, char *comment);
+ZIPfile *JzipOpen(char *filename, char *comment);
/* Add a file to a ZIP archive. Fullname is the path relative to the
* current directory. Filename is what the name will be stored as in the
@@ -56,7 +55,7 @@ ZIPfile* JzipOpen(char *filename, char *comment);
* call exit() rather than return an error--gotta fix this).
*/
int JzipAdd(char *fullname, char *filename, ZIPfile *zipfile,
- int compression_level);
+ int compression_level);
/* Finalize a ZIP archive. Adds all the footer information to the end of
* the file and closes it. Also DELETES THE ZIPFILE STRUCTURE that was
@@ -65,7 +64,6 @@ int JzipAdd(char *fullname, char *filename, ZIPfile *zipfile,
* Non-zero return code means error (although usually the function will
* call exit() rather than return an error--gotta fix this).
*/
-int JzipClose (ZIPfile *zipfile);
-
+int JzipClose(ZIPfile *zipfile);
#endif /* ZIP_H */
diff --git a/cmd/signver/pk7print.c b/cmd/signver/pk7print.c
index ba83897e1..deaaaf9e3 100644
--- a/cmd/signver/pk7print.c
+++ b/cmd/signver/pk7print.c
@@ -6,32 +6,28 @@
** secutil.c - various functions used by security stuff
**
*/
-
+
/* pkcs #7 -related functions */
-
-
+
#include "secutil.h"
#include "secpkcs7.h"
#include "secoid.h"
#include <sys/stat.h>
#include <stdarg.h>
-
+
#ifdef XP_UNIX
#include <unistd.h>
#endif
-
+
/* for SEC_TraverseNames */
#include "cert.h"
#include "prtypes.h"
#include "prtime.h"
-
+
#include "prlong.h"
#include "secmod.h"
#include "pk11func.h"
#include "prerror.h"
-
-
-
/*
** PKCS7 Support
@@ -41,14 +37,14 @@
int
sv_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *);
-
void
sv_PrintAsHex(FILE *out, SECItem *data, char *m)
{
unsigned i;
- if (m) fprintf(out, "%s", m);
-
+ if (m)
+ fprintf(out, "%s", m);
+
for (i = 0; i < data->len; i++) {
if (i < data->len - 1) {
fprintf(out, "%02x:", data->data[i]);
@@ -72,25 +68,25 @@ sv_PrintInteger(FILE *out, SECItem *i, char *m)
}
}
-
int
sv_PrintTime(FILE *out, SECItem *t, char *m)
{
- PRExplodedTime printableTime;
+ PRExplodedTime printableTime;
PRTime time;
char *timeString;
int rv;
rv = DER_DecodeTimeChoice(&time, t);
- if (rv) return rv;
+ if (rv)
+ return rv;
/* Convert to local time */
PR_ExplodeTime(time, PR_LocalTimeParameters, &printableTime);
timeString = (char *)PORT_Alloc(256);
- if ( timeString ) {
- if (PR_FormatTime( timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime )) {
+ if (timeString) {
+ if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) {
fprintf(out, "%s%s\n", m, timeString);
}
PORT_Free(timeString);
@@ -106,7 +102,8 @@ sv_PrintValidity(FILE *out, CERTValidity *v, char *m)
fprintf(out, "%s", m);
rv = sv_PrintTime(out, &v->notBefore, "notBefore=");
- if (rv) return rv;
+ if (rv)
+ return rv;
fprintf(out, "%s", m);
sv_PrintTime(out, &v->notAfter, "notAfter=");
return rv;
@@ -117,7 +114,7 @@ sv_PrintObjectID(FILE *out, SECItem *oid, char *m)
{
const char *name;
SECOidData *oiddata;
-
+
oiddata = SECOID_FindOID(oid);
if (oiddata == NULL) {
sv_PrintAsHex(out, oid, m);
@@ -159,7 +156,7 @@ sv_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m)
if (attr->values != NULL) {
i = 0;
while ((value = attr->values[i]) != NULL) {
- sprintf(om, "%svalue[%d]=%s", m, i++, attr->encoded ? "(encoded)" : "");
+ sprintf(om, "%svalue[%d]=%s", m, i++, attr->encoded ? "(encoded)" : "");
if (attr->encoded || attr->typeTag == NULL) {
sv_PrintAsHex(out, value, om);
} else {
@@ -189,29 +186,28 @@ sv_PrintName(FILE *out, CERTName *name, char *msg)
PORT_Free(str);
}
-
#if 0
/*
** secu_PrintPKCS7EncContent
** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it)
*/
void
-secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
- char *m, int level)
+secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
+ char *m, int level)
{
if (src->contentTypeTag == NULL)
- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
+ src->contentTypeTag = SECOID_FindOID(&(src->contentType));
secu_Indent(out, level);
fprintf(out, "%s:\n", m);
- secu_Indent(out, level + 1);
+ secu_Indent(out, level + 1);
fprintf(out, "Content Type: %s\n",
- (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
- : "Unknown");
+ (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
+ : "Unknown");
sv_PrintAlgorithmID(out, &(src->contentEncAlg),
- "Content Encryption Algorithm");
- sv_PrintAsHex(out, &(src->encContent),
- "Encrypted Content", level+1);
+ "Content Encryption Algorithm");
+ sv_PrintAsHex(out, &(src->encContent),
+ "Encrypted Content", level+1);
}
/*
@@ -219,24 +215,24 @@ secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
** Prints a PKCS7RecipientInfo type
*/
void
-secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m,
- int level)
+secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m,
+ int level)
{
secu_Indent(out, level); fprintf(out, "%s:\n", m);
- sv_PrintInteger(out, &(info->version), "Version");
+ sv_PrintInteger(out, &(info->version), "Version");
sv_PrintName(out, &(info->issuerAndSN->issuer), "Issuer");
- sv_PrintInteger(out, &(info->issuerAndSN->serialNumber),
- "Serial Number");
+ sv_PrintInteger(out, &(info->issuerAndSN->serialNumber),
+ "Serial Number");
/* Parse and display encrypted key */
- sv_PrintAlgorithmID(out, &(info->keyEncAlg),
- "Key Encryption Algorithm");
+ sv_PrintAlgorithmID(out, &(info->keyEncAlg),
+ "Key Encryption Algorithm");
sv_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1);
}
#endif
-/*
+/*
** secu_PrintSignerInfo
** Prints a PKCS7SingerInfo type
*/
@@ -245,47 +241,49 @@ sv_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m)
{
SEC_PKCS7Attribute *attr;
int iv;
-
+
fprintf(out, "%s", m);
sv_PrintInteger(out, &(info->version), "version=");
fprintf(out, "%s", m);
sv_PrintName(out, &(info->issuerAndSN->issuer), "issuerName=");
fprintf(out, "%s", m);
- sv_PrintInteger(out, &(info->issuerAndSN->serialNumber),
- "serialNumber=");
-
+ sv_PrintInteger(out, &(info->issuerAndSN->serialNumber),
+ "serialNumber=");
+
fprintf(out, "%s", m);
sv_PrintAlgorithmID(out, &(info->digestAlg), "digestAlgorithm=");
-
+
if (info->authAttr != NULL) {
char mm[120];
iv = 0;
- while (info->authAttr[iv] != NULL) iv++;
+ while (info->authAttr[iv] != NULL)
+ iv++;
fprintf(out, "%sauthenticatedAttributes=%d\n", m, iv);
iv = 0;
while ((attr = info->authAttr[iv]) != NULL) {
- sprintf(mm, "%sattribute[%d].", m, iv++);
+ sprintf(mm, "%sattribute[%d].", m, iv++);
sv_PrintAttribute(out, attr, mm);
}
}
-
+
/* Parse and display signature */
fprintf(out, "%s", m);
sv_PrintAlgorithmID(out, &(info->digestEncAlg), "digestEncryptionAlgorithm=");
fprintf(out, "%s", m);
sv_PrintAsHex(out, &(info->encDigest), "encryptedDigest=");
-
+
if (info->unAuthAttr != NULL) {
char mm[120];
iv = 0;
- while (info->unAuthAttr[iv] != NULL) iv++;
+ while (info->unAuthAttr[iv] != NULL)
+ iv++;
fprintf(out, "%sunauthenticatedAttributes=%d\n", m, iv);
iv = 0;
while ((attr = info->unAuthAttr[iv]) != NULL) {
- sprintf(mm, "%sattribute[%d].", m, iv++);
+ sprintf(mm, "%sattribute[%d].", m, iv++);
sv_PrintAttribute(out, attr, mm);
}
}
@@ -315,7 +313,7 @@ sv_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m)
int
sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
- CERTSubjectPublicKeyInfo *i, char *msg)
+ CERTSubjectPublicKeyInfo *i, char *msg)
{
SECKEYPublicKey *pk;
int rv;
@@ -324,16 +322,18 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
sprintf(mm, "%s.publicKeyAlgorithm=", msg);
sv_PrintAlgorithmID(out, &i->algorithm, mm);
- pk = (SECKEYPublicKey*) PORT_ZAlloc(sizeof(SECKEYPublicKey));
- if (!pk) return PORT_GetError();
+ pk = (SECKEYPublicKey *)PORT_ZAlloc(sizeof(SECKEYPublicKey));
+ if (!pk)
+ return PORT_GetError();
DER_ConvertBitString(&i->subjectPublicKey);
- switch(SECOID_FindOIDTag(&i->algorithm.algorithm)) {
+ switch (SECOID_FindOIDTag(&i->algorithm.algorithm)) {
case SEC_OID_PKCS1_RSA_ENCRYPTION:
rv = SEC_ASN1DecodeItem(arena, pk,
SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate),
&i->subjectPublicKey);
- if (rv) return rv;
+ if (rv)
+ return rv;
sprintf(mm, "%s.rsaPublicKey.", msg);
sv_PrintRSAPublicKey(out, pk, mm);
break;
@@ -341,7 +341,8 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
rv = SEC_ASN1DecodeItem(arena, pk,
SEC_ASN1_GET(SECKEY_DSAPublicKeyTemplate),
&i->subjectPublicKey);
- if (rv) return rv;
+ if (rv)
+ return rv;
sprintf(mm, "%s.dsaPublicKey.", msg);
sv_PrintDSAPublicKey(out, pk, mm);
break;
@@ -354,7 +355,7 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
}
SECStatus
-sv_PrintInvalidDateExten (FILE *out, SECItem *value, char *msg)
+sv_PrintInvalidDateExten(FILE *out, SECItem *value, char *msg)
{
SECItem decodedValue;
SECStatus rv;
@@ -362,18 +363,18 @@ sv_PrintInvalidDateExten (FILE *out, SECItem *value, char *msg)
char *formattedTime = NULL;
decodedValue.data = NULL;
- rv = SEC_ASN1DecodeItem (NULL, &decodedValue,
- SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
- value);
+ rv = SEC_ASN1DecodeItem(NULL, &decodedValue,
+ SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
+ value);
if (rv == SECSuccess) {
rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
if (rv == SECSuccess) {
formattedTime = CERT_GenTime2FormattedAscii(invalidTime, "%a %b %d %H:%M:%S %Y");
- fprintf (out, "%s: %s\n", msg, formattedTime);
- PORT_Free (formattedTime);
+ fprintf(out, "%s: %s\n", msg, formattedTime);
+ PORT_Free(formattedTime);
}
}
- PORT_Free (decodedValue.data);
+ PORT_Free(decodedValue.data);
return (rv);
}
@@ -385,7 +386,7 @@ sv_PrintExtensions(FILE *out, CERTCertExtension **extensions, char *msg)
if (extensions) {
- while ( *extensions ) {
+ while (*extensions) {
SECItem *tmpitem;
fprintf(out, "%sname=", msg);
@@ -394,18 +395,18 @@ sv_PrintExtensions(FILE *out, CERTCertExtension **extensions, char *msg)
sv_PrintObjectID(out, tmpitem, NULL);
tmpitem = &(*extensions)->critical;
- if ( tmpitem->len )
+ if (tmpitem->len)
fprintf(out, "%scritical=%s\n", msg,
- (tmpitem->data && tmpitem->data[0])? "True": "False");
+ (tmpitem->data && tmpitem->data[0]) ? "True" : "False");
- oidTag = SECOID_FindOIDTag (&((*extensions)->id));
+ oidTag = SECOID_FindOIDTag(&((*extensions)->id));
fprintf(out, "%s", msg);
tmpitem = &((*extensions)->value);
- if (oidTag == SEC_OID_X509_INVALID_DATE)
- sv_PrintInvalidDateExten (out, tmpitem,"invalidExt");
- else
- sv_PrintAsHex(out,tmpitem, "data=");
+ if (oidTag == SEC_OID_X509_INVALID_DATE)
+ sv_PrintInvalidDateExten(out, tmpitem, "invalidExt");
+ else
+ sv_PrintAsHex(out, tmpitem, "data=");
/*fprintf(out, "\n");*/
extensions++;
@@ -425,7 +426,7 @@ sv_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m)
CERTCrlEntry *entry;
int iv;
char om[100];
-
+
fprintf(out, "%s", m);
sv_PrintAlgorithmID(out, &(crl->signatureAlg), "signatureAlgorithm=");
fprintf(out, "%s", m);
@@ -434,23 +435,22 @@ sv_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m)
sv_PrintTime(out, &(crl->lastUpdate), "lastUpdate=");
fprintf(out, "%s", m);
sv_PrintTime(out, &(crl->nextUpdate), "nextUpdate=");
-
+
if (crl->entries != NULL) {
iv = 0;
while ((entry = crl->entries[iv]) != NULL) {
- fprintf(out, "%sentry[%d].", m, iv);
+ fprintf(out, "%sentry[%d].", m, iv);
sv_PrintInteger(out, &(entry->serialNumber), "serialNumber=");
- fprintf(out, "%sentry[%d].", m, iv);
+ fprintf(out, "%sentry[%d].", m, iv);
sv_PrintTime(out, &(entry->revocationDate), "revocationDate=");
- sprintf(om, "%sentry[%d].signedCRLEntriesExtensions.", m, iv++);
+ sprintf(om, "%sentry[%d].signedCRLEntriesExtensions.", m, iv++);
sv_PrintExtensions(out, entry->extensions, om);
}
}
- sprintf(om, "%ssignedCRLEntriesExtensions.", m);
+ sprintf(om, "%ssignedCRLEntriesExtensions.", m);
sv_PrintExtensions(out, crl->extensions, om);
}
-
int
sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
{
@@ -459,13 +459,15 @@ sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
int rv;
int iv;
char mm[200];
-
+
/* Decode certificate */
- c = (CERTCertificate*) PORT_ZAlloc(sizeof(CERTCertificate));
- if (!c) return PORT_GetError();
+ c = (CERTCertificate *)PORT_ZAlloc(sizeof(CERTCertificate));
+ if (!c)
+ return PORT_GetError();
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) return SEC_ERROR_NO_MEMORY;
+ if (!arena)
+ return SEC_ERROR_NO_MEMORY;
rv = SEC_ASN1DecodeItem(arena, c, SEC_ASN1_GET(CERT_CertificateTemplate),
der);
@@ -495,7 +497,7 @@ sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
}
sprintf(mm, "%ssignedExtensions.", m);
sv_PrintExtensions(out, c->extensions, mm);
-
+
PORT_FreeArena(arena, PR_FALSE);
return 0;
}
@@ -508,11 +510,13 @@ sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner)
int rv;
/* Strip off the signature */
- sd = (CERTSignedData*) PORT_ZAlloc(sizeof(CERTSignedData));
- if (!sd) return PORT_GetError();
+ sd = (CERTSignedData *)PORT_ZAlloc(sizeof(CERTSignedData));
+ if (!sd)
+ return PORT_GetError();
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) return SEC_ERROR_NO_MEMORY;
+ if (!arena)
+ return SEC_ERROR_NO_MEMORY;
rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
der);
@@ -521,7 +525,7 @@ sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner)
return rv;
}
-/* fprintf(out, "%s:\n", m); */
+ /* fprintf(out, "%s:\n", m); */
PORT_Strcat(m, "data.");
rv = (*inner)(out, &sd->data, m, 0);
@@ -539,10 +543,8 @@ sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner)
PORT_FreeArena(arena, PR_FALSE);
return 0;
-
}
-
/*
** secu_PrintPKCS7Signed
** Pretty print a PKCS7 signed data type (up to version 1).
@@ -550,10 +552,10 @@ sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner)
int
sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src)
{
- SECAlgorithmID *digAlg; /* digest algorithms */
- SECItem *aCert; /* certificate */
- CERTSignedCrl *aCrl; /* certificate revocation list */
- SEC_PKCS7SignerInfo *sigInfo; /* signer information */
+ SECAlgorithmID *digAlg; /* digest algorithms */
+ SECItem *aCert; /* certificate */
+ CERTSignedCrl *aCrl; /* certificate revocation list */
+ SEC_PKCS7SignerInfo *sigInfo; /* signer information */
int rv, iv;
char om[120];
@@ -573,9 +575,10 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src)
}
/* Now for the content */
- rv = sv_PrintPKCS7ContentInfo(out, &(src->contentInfo),
- "pkcs7.contentInformation=");
- if (rv != 0) return rv;
+ rv = sv_PrintPKCS7ContentInfo(out, &(src->contentInfo),
+ "pkcs7.contentInformation=");
+ if (rv != 0)
+ return rv;
/* Parse and list certificates (if any) */
if (src->rawCerts != NULL) {
@@ -588,20 +591,22 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src)
while ((aCert = src->rawCerts[iv]) != NULL) {
sprintf(om, "certificate[%d].", iv++);
rv = sv_PrintSignedData(out, aCert, om, sv_PrintCertificate);
- if (rv) return rv;
+ if (rv)
+ return rv;
}
}
/* Parse and list CRL's (if any) */
if (src->crls != NULL) {
iv = 0;
- while (src->crls[iv] != NULL) iv++;
+ while (src->crls[iv] != NULL)
+ iv++;
fprintf(out, "pkcs7.signedRevocationLists=%d\n", iv);
iv = 0;
while ((aCrl = src->crls[iv]) != NULL) {
sprintf(om, "signedRevocationList[%d].", iv);
fprintf(out, "%s", om);
- sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
+ sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
"signatureAlgorithm=");
DER_ConvertBitString(&aCrl->signatureWrap.signature);
fprintf(out, "%s", om);
@@ -623,7 +628,7 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src)
sprintf(om, "signerInformation[%d].", iv++);
sv_PrintSignerInfo(out, sigInfo, om);
}
- }
+ }
return 0;
}
@@ -635,7 +640,7 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src)
*/
void
secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
- char *m, int level)
+ char *m, int level)
{
SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */
int iv;
@@ -646,17 +651,17 @@ secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
/* Parse and list recipients (this is not optional) */
if (src->recipientInfos != NULL) {
- secu_Indent(out, level + 1);
- fprintf(out, "Recipient Information List:\n");
- iv = 0;
- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
- sprintf(om, "Recipient Information (%x)", iv);
- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
- }
- }
-
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
+ secu_Indent(out, level + 1);
+ fprintf(out, "Recipient Information List:\n");
+ iv = 0;
+ while ((recInfo = src->recipientInfos[iv++]) != NULL) {
+ sprintf(om, "Recipient Information (%x)", iv);
+ secu_PrintRecipientInfo(out, recInfo, om, level + 2);
+ }
+ }
+
+ secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+ "Encrypted Content Information", level + 1);
}
/*
@@ -665,8 +670,8 @@ secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
*/
int
secu_PrintPKCS7SignedAndEnveloped(FILE *out,
- SEC_PKCS7SignedAndEnvelopedData *src,
- char *m, int level)
+ SEC_PKCS7SignedAndEnvelopedData *src,
+ char *m, int level)
{
SECAlgorithmID *digAlg; /* pointer for digest algorithms */
SECItem *aCert; /* pointer for certificate */
@@ -681,69 +686,69 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out,
/* Parse and list recipients (this is not optional) */
if (src->recipientInfos != NULL) {
- secu_Indent(out, level + 1);
- fprintf(out, "Recipient Information List:\n");
- iv = 0;
- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
- sprintf(om, "Recipient Information (%x)", iv);
- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
- }
- }
+ secu_Indent(out, level + 1);
+ fprintf(out, "Recipient Information List:\n");
+ iv = 0;
+ while ((recInfo = src->recipientInfos[iv++]) != NULL) {
+ sprintf(om, "Recipient Information (%x)", iv);
+ secu_PrintRecipientInfo(out, recInfo, om, level + 2);
+ }
+ }
/* Parse and list digest algorithms (if any) */
if (src->digestAlgorithms != NULL) {
- secu_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
- iv = 0;
- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
- sprintf(om, "Digest Algorithm (%x)", iv);
- sv_PrintAlgorithmID(out, digAlg, om);
- }
+ secu_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
+ iv = 0;
+ while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
+ sprintf(om, "Digest Algorithm (%x)", iv);
+ sv_PrintAlgorithmID(out, digAlg, om);
+ }
}
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
+ secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+ "Encrypted Content Information", level + 1);
/* Parse and list certificates (if any) */
if (src->rawCerts != NULL) {
- secu_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
- iv = 0;
- while ((aCert = src->rawCerts[iv++]) != NULL) {
- sprintf(om, "Certificate (%x)", iv);
- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
- SECU_PrintCertificate);
- if (rv)
- return rv;
- }
+ secu_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
+ iv = 0;
+ while ((aCert = src->rawCerts[iv++]) != NULL) {
+ sprintf(om, "Certificate (%x)", iv);
+ rv = SECU_PrintSignedData(out, aCert, om, level + 2,
+ SECU_PrintCertificate);
+ if (rv)
+ return rv;
+ }
}
/* Parse and list CRL's (if any) */
if (src->crls != NULL) {
- secu_Indent(out, level + 1);
- fprintf(out, "Signed Revocation Lists:\n");
- iv = 0;
- while ((aCrl = src->crls[iv++]) != NULL) {
- sprintf(om, "Signed Revocation List (%x)", iv);
- secu_Indent(out, level + 2); fprintf(out, "%s:\n", om);
- sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
- "Signature Algorithm");
- DER_ConvertBitString(&aCrl->signatureWrap.signature);
- sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
- level+3);
- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
- level + 3);
- }
+ secu_Indent(out, level + 1);
+ fprintf(out, "Signed Revocation Lists:\n");
+ iv = 0;
+ while ((aCrl = src->crls[iv++]) != NULL) {
+ sprintf(om, "Signed Revocation List (%x)", iv);
+ secu_Indent(out, level + 2); fprintf(out, "%s:\n", om);
+ sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
+ "Signature Algorithm");
+ DER_ConvertBitString(&aCrl->signatureWrap.signature);
+ sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
+ level+3);
+ SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
+ level + 3);
+ }
}
/* Parse and list signatures (if any) */
if (src->signerInfos != NULL) {
- secu_Indent(out, level + 1);
- fprintf(out, "Signer Information List:\n");
- iv = 0;
- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
- sprintf(om, "Signer Information (%x)", iv);
- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
- }
- }
+ secu_Indent(out, level + 1);
+ fprintf(out, "Signer Information List:\n");
+ iv = 0;
+ while ((sigInfo = src->signerInfos[iv++]) != NULL) {
+ sprintf(om, "Signer Information (%x)", iv);
+ secu_PrintSignerInfo(out, sigInfo, om, level + 2);
+ }
+ }
return 0;
}
@@ -754,13 +759,13 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out,
*/
void
secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src,
- char *m, int level)
+ char *m, int level)
{
secu_Indent(out, level); fprintf(out, "%s:\n", m);
sv_PrintInteger(out, &(src->version), "Version", level + 1);
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
+ secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+ "Encrypted Content Information", level + 1);
}
/*
@@ -772,18 +777,18 @@ sv_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src)
{
secu_Indent(out, level); fprintf(out, "%s:\n", m);
sv_PrintInteger(out, &(src->version), "Version", level + 1);
-
+
sv_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm");
sv_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information",
- level + 1);
- sv_PrintAsHex(out, &src->digest, "Digest", level + 1);
+ level + 1);
+ sv_PrintAsHex(out, &src->digest, "Digest", level + 1);
}
#endif
/*
** secu_PrintPKCS7ContentInfo
-** Takes a SEC_PKCS7ContentInfo type and sends the contents to the
+** Takes a SEC_PKCS7ContentInfo type and sends the contents to the
** appropriate function
*/
int
@@ -813,27 +818,27 @@ sv_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src, char *m)
rv = 0;
switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */
+ case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */
rv = sv_PrintPKCS7Signed(out, src->content.signedData);
break;
- case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */
+ case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */
fprintf(out, "pkcs7EnvelopedData=<unsupported>\n");
/*sv_PrintPKCS7Enveloped(out, src->content.envelopedData);*/
break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */
+ case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */
fprintf(out, "pkcs7SignedEnvelopedData=<unsupported>\n");
/*rv = sv_PrintPKCS7SignedAndEnveloped(out,
src->content.signedAndEnvelopedData);*/
break;
- case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */
+ case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */
fprintf(out, "pkcs7DigestedData=<unsupported>\n");
/*sv_PrintPKCS7Digested(out, src->content.digestedData);*/
break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */
+ case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */
fprintf(out, "pkcs7EncryptedData=<unsupported>\n");
/*sv_PrintPKCS7Encrypted(out, src->content.encryptedData);*/
break;
@@ -847,7 +852,6 @@ sv_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src, char *m)
return rv;
}
-
int
SV_PrintPKCS7ContentInfo(FILE *out, SECItem *der)
{
diff --git a/cmd/signver/signver.c b/cmd/signver/signver.c
index cd63a3c88..f480434c6 100644
--- a/cmd/signver/signver.c
+++ b/cmd/signver/signver.c
@@ -15,63 +15,63 @@
#include "prmem.h"
/* Portable layer header files */
#include "plstr.h"
-#include "sechash.h" /* for HASH_GetHashObject() */
+#include "sechash.h" /* for HASH_GetHashObject() */
static PRBool debugInfo;
static PRBool verbose;
static PRBool doVerify;
static PRBool displayAll;
-static const char * const usageInfo[] = {
+static const char *const usageInfo[] = {
"signver - verify a detached PKCS7 signature - Version " NSS_VERSION,
"Commands:",
- " -A display all information from pkcs #7",
- " -V verify the signed object and display result",
+ " -A display all information from pkcs #7",
+ " -V verify the signed object and display result",
"Options:",
- " -a signature file is ASCII",
- " -d certdir directory containing cert database",
- " -i dataFileName input file containing signed data (default stdin)",
+ " -a signature file is ASCII",
+ " -d certdir directory containing cert database",
+ " -i dataFileName input file containing signed data (default stdin)",
" -o outputFileName output file name, default stdout",
" -s signatureFileName input file for signature (default stdin)",
- " -v display verbose reason for failure"
+ " -v display verbose reason for failure"
};
-static int nUsageInfo = sizeof(usageInfo)/sizeof(char *);
+static int nUsageInfo = sizeof(usageInfo) / sizeof(char *);
extern int SV_PrintPKCS7ContentInfo(FILE *, SECItem *);
-static void Usage(char *progName, FILE *outFile)
+static void
+Usage(char *progName, FILE *outFile)
{
int i;
fprintf(outFile, "Usage: %s [ commands ] options\n", progName);
for (i = 0; i < nUsageInfo; i++)
- fprintf(outFile, "%s\n", usageInfo[i]);
+ fprintf(outFile, "%s\n", usageInfo[i]);
exit(-1);
}
static HASH_HashType
AlgorithmToHashType(SECAlgorithmID *digestAlgorithms)
{
- SECOidTag tag = SECOID_GetAlgorithmTag(digestAlgorithms);
+ SECOidTag tag = SECOID_GetAlgorithmTag(digestAlgorithms);
HASH_HashType hash = HASH_GetHashTypeByOidTag(tag);
return hash;
}
-
static SECStatus
-DigestContent (SECItem * digest, SECItem * content, HASH_HashType hashType)
+DigestContent(SECItem *digest, SECItem *content, HASH_HashType hashType)
{
unsigned int maxLen = digest->len;
- unsigned int len = HASH_ResultLen(hashType);
- SECStatus rv;
+ unsigned int len = HASH_ResultLen(hashType);
+ SECStatus rv;
if (len > maxLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
rv = HASH_HashBuf(hashType, digest->data, content->data, content->len);
if (rv == SECSuccess)
- digest->len = len;
+ digest->len = len;
return rv;
}
@@ -92,37 +92,38 @@ enum {
};
static secuCommandFlag signver_commands[] =
-{
- { /* cmd_DisplayAllPCKS7Info*/ 'A', PR_FALSE, 0, PR_FALSE },
- { /* cmd_VerifySignedObj */ 'V', PR_FALSE, 0, PR_FALSE }
-};
+ {
+ { /* cmd_DisplayAllPCKS7Info*/ 'A', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_VerifySignedObj */ 'V', PR_FALSE, 0, PR_FALSE }
+ };
static secuCommandFlag signver_options[] =
-{
- { /* opt_ASCII */ 'a', PR_FALSE, 0, PR_FALSE },
- { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
- { /* opt_InputDataFile */ 'i', PR_TRUE, 0, PR_FALSE },
- { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE },
- { /* opt_InputSigFile */ 's', PR_TRUE, 0, PR_FALSE },
- { /* opt_PrintWhyFailure */ 'v', PR_FALSE, 0, PR_FALSE },
- { /* opt_DebugInfo */ 0, PR_FALSE, 0, PR_FALSE, "debug" }
-};
-
-int main(int argc, char **argv)
+ {
+ { /* opt_ASCII */ 'a', PR_FALSE, 0, PR_FALSE },
+ { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
+ { /* opt_InputDataFile */ 'i', PR_TRUE, 0, PR_FALSE },
+ { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE },
+ { /* opt_InputSigFile */ 's', PR_TRUE, 0, PR_FALSE },
+ { /* opt_PrintWhyFailure */ 'v', PR_FALSE, 0, PR_FALSE },
+ { /* opt_DebugInfo */ 0, PR_FALSE, 0, PR_FALSE, "debug" }
+ };
+
+int
+main(int argc, char **argv)
{
PRFileDesc *contentFile = NULL;
PRFileDesc *signFile = PR_STDIN;
- FILE * outFile = stdout;
- char * progName;
- SECStatus rv;
- int result = 1;
- SECItem pkcs7der, content;
+ FILE *outFile = stdout;
+ char *progName;
+ SECStatus rv;
+ int result = 1;
+ SECItem pkcs7der, content;
secuCommand signver;
- pkcs7der.data = NULL;
+ pkcs7der.data = NULL;
content.data = NULL;
- signver.numCommands = sizeof(signver_commands) /sizeof(secuCommandFlag);
+ signver.numCommands = sizeof(signver_commands) / sizeof(secuCommandFlag);
signver.numOptions = sizeof(signver_options) / sizeof(secuCommandFlag);
signver.commands = signver_commands;
signver.options = signver_options;
@@ -132,175 +133,175 @@ int main(int argc, char **argv)
#else
progName = strrchr(argv[0], '/');
#endif
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
rv = SECU_ParseCommandLine(argc, argv, progName, &signver);
if (SECSuccess != rv) {
- Usage(progName, outFile);
+ Usage(progName, outFile);
}
- debugInfo = signver.options[opt_DebugInfo ].activated;
- verbose = signver.options[opt_PrintWhyFailure ].activated;
- doVerify = signver.commands[cmd_VerifySignedObj].activated;
- displayAll= signver.commands[cmd_DisplayAllPCKS7Info].activated;
+ debugInfo = signver.options[opt_DebugInfo].activated;
+ verbose = signver.options[opt_PrintWhyFailure].activated;
+ doVerify = signver.commands[cmd_VerifySignedObj].activated;
+ displayAll = signver.commands[cmd_DisplayAllPCKS7Info].activated;
if (!doVerify && !displayAll)
- doVerify = PR_TRUE;
+ doVerify = PR_TRUE;
- /* Set the certdb directory (default is ~/.netscape) */
+ /* Set the certdb directory (default is ~/.netscape) */
rv = NSS_Init(SECU_ConfigDirectory(signver.options[opt_CertDir].arg));
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- return result;
+ SECU_PrintPRandOSError(progName);
+ return result;
}
/* below here, goto cleanup */
SECU_RegisterDynamicOids();
- /* Open the input content file. */
+ /* Open the input content file. */
if (signver.options[opt_InputDataFile].activated &&
- signver.options[opt_InputDataFile].arg) {
- if (PL_strcmp("-", signver.options[opt_InputDataFile].arg)) {
- contentFile = PR_Open(signver.options[opt_InputDataFile].arg,
- PR_RDONLY, 0);
- if (!contentFile) {
- PR_fprintf(PR_STDERR,
- "%s: unable to open \"%s\" for reading.\n",
- progName, signver.options[opt_InputDataFile].arg);
- goto cleanup;
- }
- } else
- contentFile = PR_STDIN;
+ signver.options[opt_InputDataFile].arg) {
+ if (PL_strcmp("-", signver.options[opt_InputDataFile].arg)) {
+ contentFile = PR_Open(signver.options[opt_InputDataFile].arg,
+ PR_RDONLY, 0);
+ if (!contentFile) {
+ PR_fprintf(PR_STDERR,
+ "%s: unable to open \"%s\" for reading.\n",
+ progName, signver.options[opt_InputDataFile].arg);
+ goto cleanup;
+ }
+ } else
+ contentFile = PR_STDIN;
}
- /* Open the input signature file. */
+ /* Open the input signature file. */
if (signver.options[opt_InputSigFile].activated &&
- signver.options[opt_InputSigFile].arg) {
- if (PL_strcmp("-", signver.options[opt_InputSigFile].arg)) {
- signFile = PR_Open(signver.options[opt_InputSigFile].arg,
- PR_RDONLY, 0);
- if (!signFile) {
- PR_fprintf(PR_STDERR,
- "%s: unable to open \"%s\" for reading.\n",
- progName, signver.options[opt_InputSigFile].arg);
- goto cleanup;
- }
- }
+ signver.options[opt_InputSigFile].arg) {
+ if (PL_strcmp("-", signver.options[opt_InputSigFile].arg)) {
+ signFile = PR_Open(signver.options[opt_InputSigFile].arg,
+ PR_RDONLY, 0);
+ if (!signFile) {
+ PR_fprintf(PR_STDERR,
+ "%s: unable to open \"%s\" for reading.\n",
+ progName, signver.options[opt_InputSigFile].arg);
+ goto cleanup;
+ }
+ }
}
if (contentFile == PR_STDIN && signFile == PR_STDIN && doVerify) {
- PR_fprintf(PR_STDERR,
- "%s: cannot read both content and signature from standard input\n",
- progName);
- goto cleanup;
+ PR_fprintf(PR_STDERR,
+ "%s: cannot read both content and signature from standard input\n",
+ progName);
+ goto cleanup;
}
- /* Open|Create the output file. */
+ /* Open|Create the output file. */
if (signver.options[opt_OutputFile].activated) {
- outFile = fopen(signver.options[opt_OutputFile].arg, "w");
- if (!outFile) {
- PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for writing.\n",
- progName, signver.options[opt_OutputFile].arg);
- goto cleanup;
- }
+ outFile = fopen(signver.options[opt_OutputFile].arg, "w");
+ if (!outFile) {
+ PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for writing.\n",
+ progName, signver.options[opt_OutputFile].arg);
+ goto cleanup;
+ }
}
/* read in the input files' contents */
rv = SECU_ReadDERFromFile(&pkcs7der, signFile,
- signver.options[opt_ASCII].activated, PR_FALSE);
+ signver.options[opt_ASCII].activated, PR_FALSE);
if (signFile != PR_STDIN)
- PR_Close(signFile);
+ PR_Close(signFile);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "problem reading PKCS7 input");
- goto cleanup;
+ SECU_PrintError(progName, "problem reading PKCS7 input");
+ goto cleanup;
}
if (contentFile) {
- rv = SECU_FileToItem(&content, contentFile);
- if (contentFile != PR_STDIN)
- PR_Close(contentFile);
- if (rv != SECSuccess)
- content.data = NULL;
+ rv = SECU_FileToItem(&content, contentFile);
+ if (contentFile != PR_STDIN)
+ PR_Close(contentFile);
+ if (rv != SECSuccess)
+ content.data = NULL;
}
/* Signature Verification */
if (doVerify) {
- SEC_PKCS7ContentInfo *cinfo;
- SEC_PKCS7SignedData *signedData;
- HASH_HashType digestType;
- PRBool contentIsSigned;
-
- cinfo = SEC_PKCS7DecodeItem(&pkcs7der, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL);
- if (cinfo == NULL) {
- PR_fprintf(PR_STDERR, "Unable to decode PKCS7 data\n");
- goto cleanup;
- }
- /* below here, goto done */
-
- contentIsSigned = SEC_PKCS7ContentIsSigned(cinfo);
- if (debugInfo) {
- PR_fprintf(PR_STDERR, "Content is%s encrypted.\n",
- SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not");
- }
- if (debugInfo || !contentIsSigned) {
- PR_fprintf(PR_STDERR, "Content is%s signed.\n",
- contentIsSigned ? "" : " not");
- }
-
- if (!contentIsSigned)
- goto done;
-
- signedData = cinfo->content.signedData;
-
- /* assume that there is only one digest algorithm for now */
- digestType = AlgorithmToHashType(signedData->digestAlgorithms[0]);
- if (digestType == HASH_AlgNULL) {
- PR_fprintf(PR_STDERR, "Invalid hash algorithmID\n");
- goto done;
- }
- if (content.data) {
- SECCertUsage usage = certUsageEmailSigner;
- SECItem digest;
- unsigned char digestBuffer[HASH_LENGTH_MAX];
-
- if (debugInfo)
- PR_fprintf(PR_STDERR, "contentToVerify=%s\n", content.data);
-
- digest.data = digestBuffer;
- digest.len = sizeof digestBuffer;
-
- if (DigestContent(&digest, &content, digestType)) {
- SECU_PrintError(progName, "Message digest computation failure");
- goto done;
- }
-
- if (debugInfo) {
- unsigned int i;
- PR_fprintf(PR_STDERR, "Data Digest=:");
- for (i = 0; i < digest.len; i++)
- PR_fprintf(PR_STDERR, "%02x:", digest.data[i]);
- PR_fprintf(PR_STDERR, "\n");
- }
-
- fprintf(outFile, "signatureValid=");
- PORT_SetError(0);
- if (SEC_PKCS7VerifyDetachedSignature (cinfo, usage,
- &digest, digestType, PR_FALSE)) {
- fprintf(outFile, "yes");
- } else {
- fprintf(outFile, "no");
- if (verbose) {
- fprintf(outFile, ":%s",
- SECU_Strerror(PORT_GetError()));
- }
- }
- fprintf(outFile, "\n");
- result = 0;
- }
-done:
- SEC_PKCS7DestroyContentInfo(cinfo);
+ SEC_PKCS7ContentInfo *cinfo;
+ SEC_PKCS7SignedData *signedData;
+ HASH_HashType digestType;
+ PRBool contentIsSigned;
+
+ cinfo = SEC_PKCS7DecodeItem(&pkcs7der, NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL);
+ if (cinfo == NULL) {
+ PR_fprintf(PR_STDERR, "Unable to decode PKCS7 data\n");
+ goto cleanup;
+ }
+ /* below here, goto done */
+
+ contentIsSigned = SEC_PKCS7ContentIsSigned(cinfo);
+ if (debugInfo) {
+ PR_fprintf(PR_STDERR, "Content is%s encrypted.\n",
+ SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not");
+ }
+ if (debugInfo || !contentIsSigned) {
+ PR_fprintf(PR_STDERR, "Content is%s signed.\n",
+ contentIsSigned ? "" : " not");
+ }
+
+ if (!contentIsSigned)
+ goto done;
+
+ signedData = cinfo->content.signedData;
+
+ /* assume that there is only one digest algorithm for now */
+ digestType = AlgorithmToHashType(signedData->digestAlgorithms[0]);
+ if (digestType == HASH_AlgNULL) {
+ PR_fprintf(PR_STDERR, "Invalid hash algorithmID\n");
+ goto done;
+ }
+ if (content.data) {
+ SECCertUsage usage = certUsageEmailSigner;
+ SECItem digest;
+ unsigned char digestBuffer[HASH_LENGTH_MAX];
+
+ if (debugInfo)
+ PR_fprintf(PR_STDERR, "contentToVerify=%s\n", content.data);
+
+ digest.data = digestBuffer;
+ digest.len = sizeof digestBuffer;
+
+ if (DigestContent(&digest, &content, digestType)) {
+ SECU_PrintError(progName, "Message digest computation failure");
+ goto done;
+ }
+
+ if (debugInfo) {
+ unsigned int i;
+ PR_fprintf(PR_STDERR, "Data Digest=:");
+ for (i = 0; i < digest.len; i++)
+ PR_fprintf(PR_STDERR, "%02x:", digest.data[i]);
+ PR_fprintf(PR_STDERR, "\n");
+ }
+
+ fprintf(outFile, "signatureValid=");
+ PORT_SetError(0);
+ if (SEC_PKCS7VerifyDetachedSignature(cinfo, usage,
+ &digest, digestType, PR_FALSE)) {
+ fprintf(outFile, "yes");
+ } else {
+ fprintf(outFile, "no");
+ if (verbose) {
+ fprintf(outFile, ":%s",
+ SECU_Strerror(PORT_GetError()));
+ }
+ }
+ fprintf(outFile, "\n");
+ result = 0;
+ }
+ done:
+ SEC_PKCS7DestroyContentInfo(cinfo);
}
if (displayAll) {
- if (SV_PrintPKCS7ContentInfo(outFile, &pkcs7der))
- result = 1;
+ if (SV_PrintPKCS7ContentInfo(outFile, &pkcs7der))
+ result = 1;
}
cleanup:
@@ -308,7 +309,7 @@ cleanup:
SECITEM_FreeItem(&content, PR_FALSE);
if (NSS_Shutdown() != SECSuccess) {
- result = 1;
+ result = 1;
}
return result;
diff --git a/cmd/smimetools/cmsutil.c b/cmd/smimetools/cmsutil.c
index 346fb6b2b..a1f6edbd5 100644
--- a/cmd/smimetools/cmsutil.c
+++ b/cmd/smimetools/cmsutil.c
@@ -36,7 +36,6 @@ static secuPWData pwdata = { PW_NONE, 0 };
static PK11PasswordFunc pwcb = NULL;
static void *pwcb_arg = NULL;
-
/* XXX stolen from cmsarray.c
* nss_CMSArray_Count - count number of elements in array
*/
@@ -45,9 +44,9 @@ nss_CMSArray_Count(void **array)
{
int n = 0;
if (array == NULL)
- return 0;
+ return 0;
while (*array++ != NULL)
- n++;
+ n++;
return n;
}
@@ -60,7 +59,7 @@ DigestFile(PLArenaPool *poolp, SECItem ***digests, SECItem *input,
digcx = NSS_CMSDigestContext_StartMultiple(algids);
if (digcx == NULL)
- return SECFailure;
+ return SECFailure;
NSS_CMSDigestContext_Update(digcx, input->data, input->len);
@@ -68,43 +67,42 @@ DigestFile(PLArenaPool *poolp, SECItem ***digests, SECItem *input,
return rv;
}
-
static void
Usage(char *progName)
{
- fprintf(stderr,
-"Usage: %s [-C|-D|-E|-O|-S] [<options>] [-d dbdir] [-u certusage]\n"
-" -C create a CMS encrypted data message\n"
-" -D decode a CMS message\n"
-" -b decode a batch of files named in infile\n"
-" -c content use this detached content\n"
-" -n suppress output of content\n"
-" -h num display num levels of CMS message info as email headers\n"
-" -k keep decoded encryption certs in perm cert db\n"
-" -E create a CMS enveloped data message\n"
-" -r id,... create envelope for these recipients,\n"
-" where id can be a certificate nickname or email address\n"
-" -S create a CMS signed data message\n"
-" -G include a signing time attribute\n"
-" -H hash use hash (default:SHA1)\n"
-" -N nick use certificate named \"nick\" for signing\n"
-" -P include a SMIMECapabilities attribute\n"
-" -T do not include content in CMS message\n"
-" -Y nick include a EncryptionKeyPreference attribute with cert\n"
-" (use \"NONE\" to omit)\n"
-" -O create a CMS signed message containing only certificates\n"
-" General Options:\n"
-" -d dbdir key/cert database directory (default: ~/.netscape)\n"
-" -e envelope enveloped data message in this file is used for bulk key\n"
-" -i infile use infile as source of data (default: stdin)\n"
-" -o outfile use outfile as destination of data (default: stdout)\n"
-" -p password use password as key db password (default: prompt)\n"
-" -f pwfile use password file to set password on all PKCS#11 tokens)\n"
-" -u certusage set type of certificate usage (default: certUsageEmailSigner)\n"
-" -v print debugging information\n"
-"\n"
-"Cert usage codes:\n",
- progName);
+ fprintf(stderr,
+ "Usage: %s [-C|-D|-E|-O|-S] [<options>] [-d dbdir] [-u certusage]\n"
+ " -C create a CMS encrypted data message\n"
+ " -D decode a CMS message\n"
+ " -b decode a batch of files named in infile\n"
+ " -c content use this detached content\n"
+ " -n suppress output of content\n"
+ " -h num display num levels of CMS message info as email headers\n"
+ " -k keep decoded encryption certs in perm cert db\n"
+ " -E create a CMS enveloped data message\n"
+ " -r id,... create envelope for these recipients,\n"
+ " where id can be a certificate nickname or email address\n"
+ " -S create a CMS signed data message\n"
+ " -G include a signing time attribute\n"
+ " -H hash use hash (default:SHA1)\n"
+ " -N nick use certificate named \"nick\" for signing\n"
+ " -P include a SMIMECapabilities attribute\n"
+ " -T do not include content in CMS message\n"
+ " -Y nick include a EncryptionKeyPreference attribute with cert\n"
+ " (use \"NONE\" to omit)\n"
+ " -O create a CMS signed message containing only certificates\n"
+ " General Options:\n"
+ " -d dbdir key/cert database directory (default: ~/.netscape)\n"
+ " -e envelope enveloped data message in this file is used for bulk key\n"
+ " -i infile use infile as source of data (default: stdin)\n"
+ " -o outfile use outfile as destination of data (default: stdout)\n"
+ " -p password use password as key db password (default: prompt)\n"
+ " -f pwfile use password file to set password on all PKCS#11 tokens)\n"
+ " -u certusage set type of certificate usage (default: certUsageEmailSigner)\n"
+ " -v print debugging information\n"
+ "\n"
+ "Cert usage codes:\n",
+ progName);
fprintf(stderr, "%-25s 0 - certUsageSSLClient\n", " ");
fprintf(stderr, "%-25s 1 - certUsageSSLServer\n", " ");
fprintf(stderr, "%-25s 2 - certUsageSSLServerWithStepUp\n", " ");
@@ -130,12 +128,12 @@ struct optionsStr {
struct decodeOptionsStr {
struct optionsStr *options;
- SECItem content;
+ SECItem content;
int headerLevel;
PRBool suppressContent;
NSSCMSGetDecryptKeyCallback dkcb;
PK11SymKey *bulkkey;
- PRBool keepCerts;
+ PRBool keepCerts;
};
struct signOptionsStr {
@@ -180,206 +178,200 @@ decode(FILE *out, SECItem *input, const struct decodeOptionsStr *decodeOptions)
SECItem sitem = { 0, 0, 0 };
PORT_SetError(0);
- dcx = NSS_CMSDecoder_Start(NULL,
- NULL, NULL, /* content callback */
- pwcb, pwcb_arg, /* password callback */
- decodeOptions->dkcb, /* decrypt key callback */
+ dcx = NSS_CMSDecoder_Start(NULL,
+ NULL, NULL, /* content callback */
+ pwcb, pwcb_arg, /* password callback */
+ decodeOptions->dkcb, /* decrypt key callback */
decodeOptions->bulkkey);
if (dcx == NULL) {
- fprintf(stderr, "%s: failed to set up message decoder.\n", progName);
- return NULL;
+ fprintf(stderr, "%s: failed to set up message decoder.\n", progName);
+ return NULL;
}
rv = NSS_CMSDecoder_Update(dcx, (char *)input->data, input->len);
if (rv != SECSuccess) {
- fprintf(stderr, "%s: failed to decode message.\n", progName);
- NSS_CMSDecoder_Cancel(dcx);
- return NULL;
+ fprintf(stderr, "%s: failed to decode message.\n", progName);
+ NSS_CMSDecoder_Cancel(dcx);
+ return NULL;
}
cmsg = NSS_CMSDecoder_Finish(dcx);
if (cmsg == NULL) {
- fprintf(stderr, "%s: failed to decode message.\n", progName);
- return NULL;
+ fprintf(stderr, "%s: failed to decode message.\n", progName);
+ return NULL;
}
if (decodeOptions->headerLevel >= 0) {
- /*fprintf(out, "SMIME: ", decodeOptions->headerLevel, i);*/
- fprintf(out, "SMIME: ");
+ /*fprintf(out, "SMIME: ", decodeOptions->headerLevel, i);*/
+ fprintf(out, "SMIME: ");
}
nlevels = NSS_CMSMessage_ContentLevelCount(cmsg);
for (i = 0; i < nlevels; i++) {
- NSSCMSContentInfo *cinfo;
- SECOidTag typetag;
-
- cinfo = NSS_CMSMessage_ContentLevel(cmsg, i);
- typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
-
- if (decodeOptions->headerLevel >= 0)
- fprintf(out, "\tlevel=%d.%d; ", decodeOptions->headerLevel, nlevels - i);
-
- switch (typetag) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- NSSCMSSignedData *sigd = NULL;
- SECItem **digests;
- int nsigners;
- int j;
-
- if (decodeOptions->headerLevel >= 0)
- fprintf(out, "type=signedData; ");
- sigd = (NSSCMSSignedData *)NSS_CMSContentInfo_GetContent(cinfo);
- if (sigd == NULL) {
- SECU_PrintError(progName, "signedData component missing");
- goto loser;
- }
-
- /* if we have a content file, but no digests for this signedData */
- if (decodeOptions->content.data != NULL &&
- !NSS_CMSSignedData_HasDigests(sigd)) {
- PLArenaPool *poolp;
- SECAlgorithmID **digestalgs;
-
- /* detached content: grab content file */
- sitem = decodeOptions->content;
-
- if ((poolp = PORT_NewArena(1024)) == NULL) {
- fprintf(stderr, "cmsutil: Out of memory.\n");
- goto loser;
- }
- digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
- if (DigestFile (poolp, &digests, &sitem, digestalgs)
- != SECSuccess) {
- SECU_PrintError(progName,
- "problem computing message digest");
- PORT_FreeArena(poolp, PR_FALSE);
- goto loser;
- }
- if (NSS_CMSSignedData_SetDigests(sigd, digestalgs, digests)
- != SECSuccess) {
- SECU_PrintError(progName,
- "problem setting message digests");
- PORT_FreeArena(poolp, PR_FALSE);
- goto loser;
- }
- PORT_FreeArena(poolp, PR_FALSE);
- }
-
- /* import the certificates */
- if (NSS_CMSSignedData_ImportCerts(sigd,
- decodeOptions->options->certHandle,
- decodeOptions->options->certUsage,
- decodeOptions->keepCerts)
- != SECSuccess) {
- SECU_PrintError(progName, "cert import failed");
- goto loser;
- }
-
- /* find out about signers */
- nsigners = NSS_CMSSignedData_SignerInfoCount(sigd);
- if (decodeOptions->headerLevel >= 0)
- fprintf(out, "nsigners=%d; ", nsigners);
- if (nsigners == 0) {
- /* Might be a cert transport message
- ** or might be an invalid message, such as a QA test message
- ** or a message from an attacker.
- */
- SECStatus rv;
- rv = NSS_CMSSignedData_VerifyCertsOnly(sigd,
- decodeOptions->options->certHandle,
- decodeOptions->options->certUsage);
- if (rv != SECSuccess) {
- fprintf(stderr, "cmsutil: Verify certs-only failed!\n");
- goto loser;
- }
- return cmsg;
- }
-
- /* still no digests? */
- if (!NSS_CMSSignedData_HasDigests(sigd)) {
- SECU_PrintError(progName, "no message digests");
- goto loser;
- }
-
- for (j = 0; j < nsigners; j++) {
- const char * svs;
- NSSCMSSignerInfo *si;
- NSSCMSVerificationStatus vs;
- SECStatus bad;
-
- si = NSS_CMSSignedData_GetSignerInfo(sigd, j);
- if (decodeOptions->headerLevel >= 0) {
- char *signercn;
- static char empty[] = { "" };
-
- signercn = NSS_CMSSignerInfo_GetSignerCommonName(si);
- if (signercn == NULL)
- signercn = empty;
- fprintf(out, "\n\t\tsigner%d.id=\"%s\"; ", j, signercn);
- if (signercn != empty)
- PORT_Free(signercn);
- }
- bad = NSS_CMSSignedData_VerifySignerInfo(sigd, j,
- decodeOptions->options->certHandle,
- decodeOptions->options->certUsage);
- vs = NSS_CMSSignerInfo_GetVerificationStatus(si);
- svs = NSS_CMSUtil_VerificationStatusToString(vs);
- if (decodeOptions->headerLevel >= 0) {
- fprintf(out, "signer%d.status=%s; ", j, svs);
- /* goto loser ? */
- } else if (bad && out) {
- fprintf(stderr, "signer %d status = %s\n", j, svs);
- goto loser;
- }
- }
- }
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- {
- NSSCMSEnvelopedData *envd;
- if (decodeOptions->headerLevel >= 0)
- fprintf(out, "type=envelopedData; ");
- envd = (NSSCMSEnvelopedData *)NSS_CMSContentInfo_GetContent(cinfo);
- if (envd == NULL) {
- SECU_PrintError(progName, "envelopedData component missing");
- goto loser;
- }
- }
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- {
- NSSCMSEncryptedData *encd;
- if (decodeOptions->headerLevel >= 0)
- fprintf(out, "type=encryptedData; ");
- encd = (NSSCMSEncryptedData *)NSS_CMSContentInfo_GetContent(cinfo);
- if (encd == NULL) {
- SECU_PrintError(progName, "encryptedData component missing");
- goto loser;
- }
- }
- break;
- case SEC_OID_PKCS7_DATA:
- if (decodeOptions->headerLevel >= 0)
- fprintf(out, "type=data; ");
- break;
- default:
- break;
- }
- if (decodeOptions->headerLevel >= 0)
- fprintf(out, "\n");
+ NSSCMSContentInfo *cinfo;
+ SECOidTag typetag;
+
+ cinfo = NSS_CMSMessage_ContentLevel(cmsg, i);
+ typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+
+ if (decodeOptions->headerLevel >= 0)
+ fprintf(out, "\tlevel=%d.%d; ", decodeOptions->headerLevel, nlevels - i);
+
+ switch (typetag) {
+ case SEC_OID_PKCS7_SIGNED_DATA: {
+ NSSCMSSignedData *sigd = NULL;
+ SECItem **digests;
+ int nsigners;
+ int j;
+
+ if (decodeOptions->headerLevel >= 0)
+ fprintf(out, "type=signedData; ");
+ sigd = (NSSCMSSignedData *)NSS_CMSContentInfo_GetContent(cinfo);
+ if (sigd == NULL) {
+ SECU_PrintError(progName, "signedData component missing");
+ goto loser;
+ }
+
+ /* if we have a content file, but no digests for this signedData */
+ if (decodeOptions->content.data != NULL &&
+ !NSS_CMSSignedData_HasDigests(sigd)) {
+ PLArenaPool *poolp;
+ SECAlgorithmID **digestalgs;
+
+ /* detached content: grab content file */
+ sitem = decodeOptions->content;
+
+ if ((poolp = PORT_NewArena(1024)) == NULL) {
+ fprintf(stderr, "cmsutil: Out of memory.\n");
+ goto loser;
+ }
+ digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
+ if (DigestFile(poolp, &digests, &sitem, digestalgs) !=
+ SECSuccess) {
+ SECU_PrintError(progName,
+ "problem computing message digest");
+ PORT_FreeArena(poolp, PR_FALSE);
+ goto loser;
+ }
+ if (NSS_CMSSignedData_SetDigests(sigd, digestalgs, digests) !=
+ SECSuccess) {
+ SECU_PrintError(progName,
+ "problem setting message digests");
+ PORT_FreeArena(poolp, PR_FALSE);
+ goto loser;
+ }
+ PORT_FreeArena(poolp, PR_FALSE);
+ }
+
+ /* import the certificates */
+ if (NSS_CMSSignedData_ImportCerts(sigd,
+ decodeOptions->options->certHandle,
+ decodeOptions->options->certUsage,
+ decodeOptions->keepCerts) !=
+ SECSuccess) {
+ SECU_PrintError(progName, "cert import failed");
+ goto loser;
+ }
+
+ /* find out about signers */
+ nsigners = NSS_CMSSignedData_SignerInfoCount(sigd);
+ if (decodeOptions->headerLevel >= 0)
+ fprintf(out, "nsigners=%d; ", nsigners);
+ if (nsigners == 0) {
+ /* Might be a cert transport message
+ ** or might be an invalid message, such as a QA test message
+ ** or a message from an attacker.
+ */
+ SECStatus rv;
+ rv = NSS_CMSSignedData_VerifyCertsOnly(sigd,
+ decodeOptions->options->certHandle,
+ decodeOptions->options->certUsage);
+ if (rv != SECSuccess) {
+ fprintf(stderr, "cmsutil: Verify certs-only failed!\n");
+ goto loser;
+ }
+ return cmsg;
+ }
+
+ /* still no digests? */
+ if (!NSS_CMSSignedData_HasDigests(sigd)) {
+ SECU_PrintError(progName, "no message digests");
+ goto loser;
+ }
+
+ for (j = 0; j < nsigners; j++) {
+ const char *svs;
+ NSSCMSSignerInfo *si;
+ NSSCMSVerificationStatus vs;
+ SECStatus bad;
+
+ si = NSS_CMSSignedData_GetSignerInfo(sigd, j);
+ if (decodeOptions->headerLevel >= 0) {
+ char *signercn;
+ static char empty[] = { "" };
+
+ signercn = NSS_CMSSignerInfo_GetSignerCommonName(si);
+ if (signercn == NULL)
+ signercn = empty;
+ fprintf(out, "\n\t\tsigner%d.id=\"%s\"; ", j, signercn);
+ if (signercn != empty)
+ PORT_Free(signercn);
+ }
+ bad = NSS_CMSSignedData_VerifySignerInfo(sigd, j,
+ decodeOptions->options->certHandle,
+ decodeOptions->options->certUsage);
+ vs = NSS_CMSSignerInfo_GetVerificationStatus(si);
+ svs = NSS_CMSUtil_VerificationStatusToString(vs);
+ if (decodeOptions->headerLevel >= 0) {
+ fprintf(out, "signer%d.status=%s; ", j, svs);
+ /* goto loser ? */
+ } else if (bad && out) {
+ fprintf(stderr, "signer %d status = %s\n", j, svs);
+ goto loser;
+ }
+ }
+ } break;
+ case SEC_OID_PKCS7_ENVELOPED_DATA: {
+ NSSCMSEnvelopedData *envd;
+ if (decodeOptions->headerLevel >= 0)
+ fprintf(out, "type=envelopedData; ");
+ envd = (NSSCMSEnvelopedData *)NSS_CMSContentInfo_GetContent(cinfo);
+ if (envd == NULL) {
+ SECU_PrintError(progName, "envelopedData component missing");
+ goto loser;
+ }
+ } break;
+ case SEC_OID_PKCS7_ENCRYPTED_DATA: {
+ NSSCMSEncryptedData *encd;
+ if (decodeOptions->headerLevel >= 0)
+ fprintf(out, "type=encryptedData; ");
+ encd = (NSSCMSEncryptedData *)NSS_CMSContentInfo_GetContent(cinfo);
+ if (encd == NULL) {
+ SECU_PrintError(progName, "encryptedData component missing");
+ goto loser;
+ }
+ } break;
+ case SEC_OID_PKCS7_DATA:
+ if (decodeOptions->headerLevel >= 0)
+ fprintf(out, "type=data; ");
+ break;
+ default:
+ break;
+ }
+ if (decodeOptions->headerLevel >= 0)
+ fprintf(out, "\n");
}
if (!decodeOptions->suppressContent && out) {
- SECItem *item = (sitem.data ? &sitem
- : NSS_CMSMessage_GetContent(cmsg));
- if (item && item->data && item->len) {
- fwrite(item->data, item->len, 1, out);
- }
+ SECItem *item = (sitem.data ? &sitem
+ : NSS_CMSMessage_GetContent(cmsg));
+ if (item && item->data && item->len) {
+ fwrite(item->data, item->len, 1, out);
+ }
}
return cmsg;
loser:
if (cmsg)
- NSS_CMSMessage_Destroy(cmsg);
+ NSS_CMSMessage_Destroy(cmsg);
return NULL;
}
@@ -391,7 +383,7 @@ writeout(void *arg, const char *buf, unsigned long len)
FILE *f = (FILE *)arg;
if (f != NULL && buf != NULL)
- (void)fwrite(buf, len, 1, f);
+ (void)fwrite(buf, len, 1, f);
}
*/
@@ -402,128 +394,128 @@ signed_data(struct signOptionsStr *signOptions)
NSSCMSContentInfo *cinfo;
NSSCMSSignedData *sigd;
NSSCMSSignerInfo *signerinfo;
- CERTCertificate *cert= NULL, *ekpcert = NULL;
+ CERTCertificate *cert = NULL, *ekpcert = NULL;
if (cms_verbose) {
- fprintf(stderr, "Input to signed_data:\n");
- if (signOptions->options->password)
- fprintf(stderr, "password [%s]\n", signOptions->options->password);
+ fprintf(stderr, "Input to signed_data:\n");
+ if (signOptions->options->password)
+ fprintf(stderr, "password [%s]\n", signOptions->options->password);
else if (signOptions->options->pwfile)
- fprintf(stderr, "password file [%s]\n", signOptions->options->pwfile);
- else
- fprintf(stderr, "password [NULL]\n");
- fprintf(stderr, "certUsage [%d]\n", signOptions->options->certUsage);
- if (signOptions->options->certHandle)
- fprintf(stderr, "certdb [%p]\n", signOptions->options->certHandle);
- else
- fprintf(stderr, "certdb [NULL]\n");
- if (signOptions->nickname)
- fprintf(stderr, "nickname [%s]\n", signOptions->nickname);
- else
- fprintf(stderr, "nickname [NULL]\n");
+ fprintf(stderr, "password file [%s]\n", signOptions->options->pwfile);
+ else
+ fprintf(stderr, "password [NULL]\n");
+ fprintf(stderr, "certUsage [%d]\n", signOptions->options->certUsage);
+ if (signOptions->options->certHandle)
+ fprintf(stderr, "certdb [%p]\n", signOptions->options->certHandle);
+ else
+ fprintf(stderr, "certdb [NULL]\n");
+ if (signOptions->nickname)
+ fprintf(stderr, "nickname [%s]\n", signOptions->nickname);
+ else
+ fprintf(stderr, "nickname [NULL]\n");
}
if (signOptions->nickname == NULL) {
- fprintf(stderr,
- "ERROR: please indicate the nickname of a certificate to sign with.\n");
- return NULL;
+ fprintf(stderr,
+ "ERROR: please indicate the nickname of a certificate to sign with.\n");
+ return NULL;
}
- if ((cert = CERT_FindUserCertByUsage(signOptions->options->certHandle,
+ if ((cert = CERT_FindUserCertByUsage(signOptions->options->certHandle,
signOptions->nickname,
signOptions->options->certUsage,
PR_FALSE,
&pwdata)) == NULL) {
- SECU_PrintError(progName,
- "the corresponding cert for key \"%s\" does not exist",
- signOptions->nickname);
- return NULL;
+ SECU_PrintError(progName,
+ "the corresponding cert for key \"%s\" does not exist",
+ signOptions->nickname);
+ return NULL;
}
if (cms_verbose) {
- fprintf(stderr, "Found certificate for %s\n", signOptions->nickname);
+ fprintf(stderr, "Found certificate for %s\n", signOptions->nickname);
}
/*
* create the message object
*/
cmsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */
if (cmsg == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS message.\n");
- return NULL;
+ fprintf(stderr, "ERROR: cannot create CMS message.\n");
+ return NULL;
}
/*
* build chain of objects: message->signedData->data
*/
if ((sigd = NSS_CMSSignedData_Create(cmsg)) == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS signedData object.\n");
- goto loser;
+ fprintf(stderr, "ERROR: cannot create CMS signedData object.\n");
+ goto loser;
}
cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
- if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS signedData object.\n");
- goto loser;
+ if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot attach CMS signedData object.\n");
+ goto loser;
}
cinfo = NSS_CMSSignedData_GetContentInfo(sigd);
/* we're always passing data in and detaching optionally */
- if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL,
- signOptions->detached)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
- goto loser;
+ if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL,
+ signOptions->detached) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
+ goto loser;
}
- /*
+ /*
* create & attach signer information
*/
signerinfo = NSS_CMSSignerInfo_Create(cmsg, cert, signOptions->hashAlgTag);
if (signerinfo == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS signerInfo object.\n");
- goto loser;
+ fprintf(stderr, "ERROR: cannot create CMS signerInfo object.\n");
+ goto loser;
}
if (cms_verbose) {
- fprintf(stderr,
- "Created CMS message, added signed data w/ signerinfo\n");
+ fprintf(stderr,
+ "Created CMS message, added signed data w/ signerinfo\n");
}
/* we want the cert chain included for this one */
- if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChain,
- signOptions->options->certUsage)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot find cert chain.\n");
- goto loser;
+ if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChain,
+ signOptions->options->certUsage) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot find cert chain.\n");
+ goto loser;
}
if (cms_verbose) {
- fprintf(stderr, "imported certificate\n");
+ fprintf(stderr, "imported certificate\n");
}
if (signOptions->signingTime) {
- if (NSS_CMSSignerInfo_AddSigningTime(signerinfo, PR_Now())
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add signingTime attribute.\n");
- goto loser;
- }
+ if (NSS_CMSSignerInfo_AddSigningTime(signerinfo, PR_Now()) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot add signingTime attribute.\n");
+ goto loser;
+ }
}
if (signOptions->smimeProfile) {
- if (NSS_CMSSignerInfo_AddSMIMECaps(signerinfo) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add SMIMECaps attribute.\n");
- goto loser;
- }
+ if (NSS_CMSSignerInfo_AddSMIMECaps(signerinfo) != SECSuccess) {
+ fprintf(stderr, "ERROR: cannot add SMIMECaps attribute.\n");
+ goto loser;
+ }
}
if (!signOptions->encryptionKeyPreferenceNick) {
- /* check signing cert for fitness as encryption cert */
+ /* check signing cert for fitness as encryption cert */
SECStatus FitForEncrypt = CERT_CheckCertUsage(cert,
certUsageEmailRecipient);
if (SECSuccess == FitForEncrypt) {
/* if yes, add signing cert as EncryptionKeyPreference */
- if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, cert,
- signOptions->options->certHandle)
- != SECSuccess) {
- fprintf(stderr,
- "ERROR: cannot add default SMIMEEncKeyPrefs attribute.\n");
+ if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, cert,
+ signOptions->options->certHandle) !=
+ SECSuccess) {
+ fprintf(stderr,
+ "ERROR: cannot add default SMIMEEncKeyPrefs attribute.\n");
goto loser;
}
- if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, cert,
- signOptions->options->certHandle)
- != SECSuccess) {
- fprintf(stderr,
- "ERROR: cannot add default MS SMIMEEncKeyPrefs attribute.\n");
+ if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, cert,
+ signOptions->options->certHandle) !=
+ SECSuccess) {
+ fprintf(stderr,
+ "ERROR: cannot add default MS SMIMEEncKeyPrefs attribute.\n");
goto loser;
}
} else {
@@ -531,27 +523,27 @@ signed_data(struct signOptionsStr *signOptions)
certificate under the same nickname as the signing cert */
/* get the cert, add it to the message */
if ((ekpcert = CERT_FindUserCertByUsage(
- signOptions->options->certHandle,
- signOptions->nickname,
- certUsageEmailRecipient,
- PR_FALSE,
- &pwdata)) == NULL) {
- SECU_PrintError(progName,
- "the corresponding cert for key \"%s\" does not exist",
- signOptions->encryptionKeyPreferenceNick);
+ signOptions->options->certHandle,
+ signOptions->nickname,
+ certUsageEmailRecipient,
+ PR_FALSE,
+ &pwdata)) == NULL) {
+ SECU_PrintError(progName,
+ "the corresponding cert for key \"%s\" does not exist",
+ signOptions->encryptionKeyPreferenceNick);
goto loser;
}
- if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert,
- signOptions->options->certHandle)
- != SECSuccess) {
- fprintf(stderr,
+ if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert,
+ signOptions->options->certHandle) !=
+ SECSuccess) {
+ fprintf(stderr,
"ERROR: cannot add SMIMEEncKeyPrefs attribute.\n");
goto loser;
}
- if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert,
- signOptions->options->certHandle)
- != SECSuccess) {
- fprintf(stderr,
+ if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert,
+ signOptions->options->certHandle) !=
+ SECSuccess) {
+ fprintf(stderr,
"ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n");
goto loser;
}
@@ -563,55 +555,55 @@ signed_data(struct signOptionsStr *signOptions)
} else if (PL_strcmp(signOptions->encryptionKeyPreferenceNick, "NONE") == 0) {
/* No action */
} else {
- /* get the cert, add it to the message */
- if ((ekpcert = CERT_FindUserCertByUsage(
- signOptions->options->certHandle,
- signOptions->encryptionKeyPreferenceNick,
- certUsageEmailRecipient, PR_FALSE, &pwdata))
- == NULL) {
- SECU_PrintError(progName,
- "the corresponding cert for key \"%s\" does not exist",
- signOptions->encryptionKeyPreferenceNick);
- goto loser;
- }
- if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert,
- signOptions->options->certHandle)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n");
- goto loser;
- }
- if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert,
- signOptions->options->certHandle)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n");
- goto loser;
- }
- if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add encryption certificate.\n");
- goto loser;
- }
+ /* get the cert, add it to the message */
+ if ((ekpcert = CERT_FindUserCertByUsage(
+ signOptions->options->certHandle,
+ signOptions->encryptionKeyPreferenceNick,
+ certUsageEmailRecipient, PR_FALSE, &pwdata)) ==
+ NULL) {
+ SECU_PrintError(progName,
+ "the corresponding cert for key \"%s\" does not exist",
+ signOptions->encryptionKeyPreferenceNick);
+ goto loser;
+ }
+ if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert,
+ signOptions->options->certHandle) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n");
+ goto loser;
+ }
+ if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert,
+ signOptions->options->certHandle) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n");
+ goto loser;
+ }
+ if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) {
+ fprintf(stderr, "ERROR: cannot add encryption certificate.\n");
+ goto loser;
+ }
}
if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add CMS signerInfo object.\n");
- goto loser;
+ fprintf(stderr, "ERROR: cannot add CMS signerInfo object.\n");
+ goto loser;
}
if (cms_verbose) {
- fprintf(stderr, "created signed-data message\n");
+ fprintf(stderr, "created signed-data message\n");
}
if (ekpcert) {
- CERT_DestroyCertificate(ekpcert);
+ CERT_DestroyCertificate(ekpcert);
}
if (cert) {
- CERT_DestroyCertificate(cert);
+ CERT_DestroyCertificate(cert);
}
return cmsg;
loser:
if (ekpcert) {
- CERT_DestroyCertificate(ekpcert);
+ CERT_DestroyCertificate(ekpcert);
}
if (cert) {
- CERT_DestroyCertificate(cert);
+ CERT_DestroyCertificate(cert);
}
NSS_CMSMessage_Destroy(cmsg);
return NULL;
@@ -633,105 +625,106 @@ enveloped_data(struct envelopeOptionsStr *envelopeOptions)
dbhandle = envelopeOptions->options->certHandle;
/* count the recipients */
if ((cnt = nss_CMSArray_Count((void **)envelopeOptions->recipients)) == 0) {
- fprintf(stderr, "ERROR: please name at least one recipient.\n");
- goto loser;
+ fprintf(stderr, "ERROR: please name at least one recipient.\n");
+ goto loser;
}
- if ((tmppoolp = PORT_NewArena (1024)) == NULL) {
- fprintf(stderr, "ERROR: out of memory.\n");
- goto loser;
+ if ((tmppoolp = PORT_NewArena(1024)) == NULL) {
+ fprintf(stderr, "ERROR: out of memory.\n");
+ goto loser;
}
/* XXX find the recipient's certs by email address or nickname */
- if ((recipientcerts =
- (CERTCertificate **)PORT_ArenaZAlloc(tmppoolp,
- (cnt+1)*sizeof(CERTCertificate*)))
- == NULL) {
- fprintf(stderr, "ERROR: out of memory.\n");
- goto loser;
- }
- for (i=0; envelopeOptions->recipients[i] != NULL; i++) {
- if ((recipientcerts[i] =
- CERT_FindCertByNicknameOrEmailAddr(dbhandle,
- envelopeOptions->recipients[i]))
- == NULL) {
- SECU_PrintError(progName, "cannot find certificate for \"%s\"",
- envelopeOptions->recipients[i]);
- i=0;
- goto loser;
- }
+ if ((recipientcerts =
+ (CERTCertificate **)PORT_ArenaZAlloc(tmppoolp,
+ (cnt + 1) * sizeof(CERTCertificate *))) ==
+ NULL) {
+ fprintf(stderr, "ERROR: out of memory.\n");
+ goto loser;
+ }
+ for (i = 0; envelopeOptions->recipients[i] != NULL; i++) {
+ if ((recipientcerts[i] =
+ CERT_FindCertByNicknameOrEmailAddr(dbhandle,
+ envelopeOptions->recipients[i])) ==
+ NULL) {
+ SECU_PrintError(progName, "cannot find certificate for \"%s\"",
+ envelopeOptions->recipients[i]);
+ i = 0;
+ goto loser;
+ }
}
recipientcerts[i] = NULL;
- i=0;
+ i = 0;
/* find a nice bulk algorithm */
- if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipientcerts, &bulkalgtag,
+ if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipientcerts, &bulkalgtag,
&keysize) != SECSuccess) {
- fprintf(stderr, "ERROR: cannot find common bulk algorithm.\n");
- goto loser;
+ fprintf(stderr, "ERROR: cannot find common bulk algorithm.\n");
+ goto loser;
}
/*
* create the message object
*/
cmsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */
if (cmsg == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS message.\n");
- goto loser;
+ fprintf(stderr, "ERROR: cannot create CMS message.\n");
+ goto loser;
}
/*
* build chain of objects: message->envelopedData->data
*/
- if ((envd = NSS_CMSEnvelopedData_Create(cmsg, bulkalgtag, keysize))
- == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS envelopedData object.\n");
- goto loser;
+ if ((envd = NSS_CMSEnvelopedData_Create(cmsg, bulkalgtag, keysize)) ==
+ NULL) {
+ fprintf(stderr, "ERROR: cannot create CMS envelopedData object.\n");
+ goto loser;
}
cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
- if (NSS_CMSContentInfo_SetContent_EnvelopedData(cmsg, cinfo, envd)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS envelopedData object.\n");
- goto loser;
+ if (NSS_CMSContentInfo_SetContent_EnvelopedData(cmsg, cinfo, envd) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot attach CMS envelopedData object.\n");
+ goto loser;
}
cinfo = NSS_CMSEnvelopedData_GetContentInfo(envd);
/* we're always passing data in, so the content is NULL */
- if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
- goto loser;
+ if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
+ goto loser;
}
- /*
+ /*
* create & attach recipient information
*/
for (i = 0; recipientcerts[i] != NULL; i++) {
- if ((recipientinfo = NSS_CMSRecipientInfo_Create(cmsg,
- recipientcerts[i]))
- == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS recipientInfo object.\n");
- goto loser;
- }
- if (NSS_CMSEnvelopedData_AddRecipient(envd, recipientinfo)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot add CMS recipientInfo object.\n");
- goto loser;
- }
- CERT_DestroyCertificate(recipientcerts[i]);
+ if ((recipientinfo = NSS_CMSRecipientInfo_Create(cmsg,
+ recipientcerts[i])) ==
+ NULL) {
+ fprintf(stderr, "ERROR: cannot create CMS recipientInfo object.\n");
+ goto loser;
+ }
+ if (NSS_CMSEnvelopedData_AddRecipient(envd, recipientinfo) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot add CMS recipientInfo object.\n");
+ goto loser;
+ }
+ CERT_DestroyCertificate(recipientcerts[i]);
}
if (tmppoolp)
- PORT_FreeArena(tmppoolp, PR_FALSE);
+ PORT_FreeArena(tmppoolp, PR_FALSE);
return cmsg;
loser:
if (recipientcerts) {
- for (; recipientcerts[i] != NULL; i++) {
- CERT_DestroyCertificate(recipientcerts[i]);
- }
+ for (; recipientcerts[i] != NULL; i++) {
+ CERT_DestroyCertificate(recipientcerts[i]);
+ }
}
if (cmsg)
- NSS_CMSMessage_Destroy(cmsg);
+ NSS_CMSMessage_Destroy(cmsg);
if (tmppoolp)
- PORT_FreeArena(tmppoolp, PR_FALSE);
+ PORT_FreeArena(tmppoolp, PR_FALSE);
return NULL;
}
-PK11SymKey *dkcb(void *arg, SECAlgorithmID *algid)
+PK11SymKey *
+dkcb(void *arg, SECAlgorithmID *algid)
{
- return (PK11SymKey*)arg;
+ return (PK11SymKey *)arg;
}
static SECStatus
@@ -746,45 +739,45 @@ get_enc_params(struct encryptOptionsStr *encryptOptions)
* construct an enveloped data message to obtain bulk keys
*/
if (encryptOptions->envmsg) {
- env_cmsg = encryptOptions->envmsg; /* get it from an old message */
+ env_cmsg = encryptOptions->envmsg; /* get it from an old message */
} else {
- SECItem dummyOut = { 0, 0, 0 };
- SECItem dummyIn = { 0, 0, 0 };
- char str[] = "Hello!";
- PLArenaPool *tmparena = PORT_NewArena(1024);
- dummyIn.data = (unsigned char *)str;
- dummyIn.len = strlen(str);
- envelopeOptions.options = encryptOptions->options;
- envelopeOptions.recipients = encryptOptions->recipients;
- env_cmsg = enveloped_data(&envelopeOptions);
- NSS_CMSDEREncode(env_cmsg, &dummyIn, &dummyOut, tmparena);
- PR_Write(encryptOptions->envFile, dummyOut.data, dummyOut.len);
- PORT_FreeArena(tmparena, PR_FALSE);
+ SECItem dummyOut = { 0, 0, 0 };
+ SECItem dummyIn = { 0, 0, 0 };
+ char str[] = "Hello!";
+ PLArenaPool *tmparena = PORT_NewArena(1024);
+ dummyIn.data = (unsigned char *)str;
+ dummyIn.len = strlen(str);
+ envelopeOptions.options = encryptOptions->options;
+ envelopeOptions.recipients = encryptOptions->recipients;
+ env_cmsg = enveloped_data(&envelopeOptions);
+ NSS_CMSDEREncode(env_cmsg, &dummyIn, &dummyOut, tmparena);
+ PR_Write(encryptOptions->envFile, dummyOut.data, dummyOut.len);
+ PORT_FreeArena(tmparena, PR_FALSE);
}
/*
- * get the content info for the enveloped data
+ * get the content info for the enveloped data
*/
nlevels = NSS_CMSMessage_ContentLevelCount(env_cmsg);
for (i = 0; i < nlevels; i++) {
- SECOidTag typetag;
- cinfo = NSS_CMSMessage_ContentLevel(env_cmsg, i);
- typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
- if (typetag == SEC_OID_PKCS7_DATA) {
- /*
- * get the symmetric key
- */
- encryptOptions->bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo);
- encryptOptions->keysize = NSS_CMSContentInfo_GetBulkKeySize(cinfo);
- encryptOptions->bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo);
- rv = SECSuccess;
- break;
- }
+ SECOidTag typetag;
+ cinfo = NSS_CMSMessage_ContentLevel(env_cmsg, i);
+ typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+ if (typetag == SEC_OID_PKCS7_DATA) {
+ /*
+ * get the symmetric key
+ */
+ encryptOptions->bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo);
+ encryptOptions->keysize = NSS_CMSContentInfo_GetBulkKeySize(cinfo);
+ encryptOptions->bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo);
+ rv = SECSuccess;
+ break;
+ }
}
if (i == nlevels) {
- fprintf(stderr, "%s: could not retrieve enveloped data.", progName);
+ fprintf(stderr, "%s: could not retrieve enveloped data.", progName);
}
if (env_cmsg)
- NSS_CMSMessage_Destroy(env_cmsg);
+ NSS_CMSMessage_Destroy(env_cmsg);
return rv;
}
@@ -801,73 +794,73 @@ encrypted_data(struct encryptOptionsStr *encryptOptions)
/* arena for output */
tmppoolp = PORT_NewArena(1024);
if (!tmppoolp) {
- fprintf(stderr, "%s: out of memory.\n", progName);
- return NULL;
+ fprintf(stderr, "%s: out of memory.\n", progName);
+ return NULL;
}
/*
* create the message object
*/
cmsg = NSS_CMSMessage_Create(NULL);
if (cmsg == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS message.\n");
- goto loser;
+ fprintf(stderr, "ERROR: cannot create CMS message.\n");
+ goto loser;
}
/*
* build chain of objects: message->encryptedData->data
*/
- if ((encd = NSS_CMSEncryptedData_Create(cmsg, encryptOptions->bulkalgtag,
- encryptOptions->keysize))
- == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS encryptedData object.\n");
- goto loser;
+ if ((encd = NSS_CMSEncryptedData_Create(cmsg, encryptOptions->bulkalgtag,
+ encryptOptions->keysize)) ==
+ NULL) {
+ fprintf(stderr, "ERROR: cannot create CMS encryptedData object.\n");
+ goto loser;
}
cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
- if (NSS_CMSContentInfo_SetContent_EncryptedData(cmsg, cinfo, encd)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS encryptedData object.\n");
- goto loser;
+ if (NSS_CMSContentInfo_SetContent_EncryptedData(cmsg, cinfo, encd) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot attach CMS encryptedData object.\n");
+ goto loser;
}
cinfo = NSS_CMSEncryptedData_GetContentInfo(encd);
/* we're always passing data in, so the content is NULL */
- if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
- goto loser;
+ if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
+ goto loser;
}
ecx = NSS_CMSEncoder_Start(cmsg, NULL, NULL, &derOut, tmppoolp, NULL, NULL,
dkcb, encryptOptions->bulkkey, NULL, NULL);
if (!ecx) {
- fprintf(stderr, "%s: cannot create encoder context.\n", progName);
- goto loser;
+ fprintf(stderr, "%s: cannot create encoder context.\n", progName);
+ goto loser;
}
- rv = NSS_CMSEncoder_Update(ecx, (char *)encryptOptions->input->data,
- encryptOptions->input->len);
+ rv = NSS_CMSEncoder_Update(ecx, (char *)encryptOptions->input->data,
+ encryptOptions->input->len);
if (rv) {
- fprintf(stderr, "%s: failed to add data to encoder.\n", progName);
- goto loser;
+ fprintf(stderr, "%s: failed to add data to encoder.\n", progName);
+ goto loser;
}
rv = NSS_CMSEncoder_Finish(ecx);
if (rv) {
- fprintf(stderr, "%s: failed to encrypt data.\n", progName);
- goto loser;
+ fprintf(stderr, "%s: failed to encrypt data.\n", progName);
+ goto loser;
}
fwrite(derOut.data, derOut.len, 1, encryptOptions->outfile);
/*
if (bulkkey)
- PK11_FreeSymKey(bulkkey);
- */
+ PK11_FreeSymKey(bulkkey);
+ */
if (tmppoolp)
- PORT_FreeArena(tmppoolp, PR_FALSE);
+ PORT_FreeArena(tmppoolp, PR_FALSE);
return cmsg;
loser:
/*
if (bulkkey)
- PK11_FreeSymKey(bulkkey);
- */
+ PK11_FreeSymKey(bulkkey);
+ */
if (tmppoolp)
- PORT_FreeArena(tmppoolp, PR_FALSE);
+ PORT_FreeArena(tmppoolp, PR_FALSE);
if (cmsg)
- NSS_CMSMessage_Destroy(cmsg);
+ NSS_CMSMessage_Destroy(cmsg);
return NULL;
}
@@ -882,162 +875,168 @@ signed_data_certsonly(struct certsonlyOptionsStr *certsonlyOptions)
PLArenaPool *tmppoolp = NULL;
int i = 0, cnt;
dbhandle = certsonlyOptions->options->certHandle;
- if ((cnt = nss_CMSArray_Count((void**)certsonlyOptions->recipients)) == 0) {
- fprintf(stderr,
- "ERROR: please indicate the nickname of a certificate to sign with.\n");
- goto loser;
+ if ((cnt = nss_CMSArray_Count((void **)certsonlyOptions->recipients)) == 0) {
+ fprintf(stderr,
+ "ERROR: please indicate the nickname of a certificate to sign with.\n");
+ goto loser;
}
if (!(tmppoolp = PORT_NewArena(1024))) {
- fprintf(stderr, "ERROR: out of memory.\n");
- goto loser;
+ fprintf(stderr, "ERROR: out of memory.\n");
+ goto loser;
}
if (!(certs = PORT_ArenaZNewArray(tmppoolp, CERTCertificate *, cnt + 1))) {
- fprintf(stderr, "ERROR: out of memory.\n");
- goto loser;
- }
- for (i=0; certsonlyOptions->recipients[i] != NULL; i++) {
- if ((certs[i] =
- CERT_FindCertByNicknameOrEmailAddr(dbhandle,
- certsonlyOptions->recipients[i]))
- == NULL) {
- SECU_PrintError(progName, "cannot find certificate for \"%s\"",
- certsonlyOptions->recipients[i]);
- i=0;
- goto loser;
- }
+ fprintf(stderr, "ERROR: out of memory.\n");
+ goto loser;
+ }
+ for (i = 0; certsonlyOptions->recipients[i] != NULL; i++) {
+ if ((certs[i] =
+ CERT_FindCertByNicknameOrEmailAddr(dbhandle,
+ certsonlyOptions->recipients[i])) ==
+ NULL) {
+ SECU_PrintError(progName, "cannot find certificate for \"%s\"",
+ certsonlyOptions->recipients[i]);
+ i = 0;
+ goto loser;
+ }
}
certs[i] = NULL;
- i=0;
+ i = 0;
/*
* create the message object
*/
cmsg = NSS_CMSMessage_Create(NULL);
if (cmsg == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS message.\n");
- goto loser;
+ fprintf(stderr, "ERROR: cannot create CMS message.\n");
+ goto loser;
}
/*
* build chain of objects: message->signedData->data
*/
- if ((sigd = NSS_CMSSignedData_CreateCertsOnly(cmsg, certs[0], PR_TRUE))
- == NULL) {
- fprintf(stderr, "ERROR: cannot create CMS signedData object.\n");
- goto loser;
+ if ((sigd = NSS_CMSSignedData_CreateCertsOnly(cmsg, certs[0], PR_TRUE)) ==
+ NULL) {
+ fprintf(stderr, "ERROR: cannot create CMS signedData object.\n");
+ goto loser;
}
CERT_DestroyCertificate(certs[0]);
- for (i=1; i<cnt; i++) {
- if (NSS_CMSSignedData_AddCertChain(sigd, certs[i])) {
- fprintf(stderr, "ERROR: cannot add cert chain for \"%s\".\n",
- certsonlyOptions->recipients[i]);
- goto loser;
- }
- CERT_DestroyCertificate(certs[i]);
+ for (i = 1; i < cnt; i++) {
+ if (NSS_CMSSignedData_AddCertChain(sigd, certs[i])) {
+ fprintf(stderr, "ERROR: cannot add cert chain for \"%s\".\n",
+ certsonlyOptions->recipients[i]);
+ goto loser;
+ }
+ CERT_DestroyCertificate(certs[i]);
}
cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
- if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS signedData object.\n");
- goto loser;
+ if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot attach CMS signedData object.\n");
+ goto loser;
}
cinfo = NSS_CMSSignedData_GetContentInfo(sigd);
- if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE)
- != SECSuccess) {
- fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
- goto loser;
+ if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) !=
+ SECSuccess) {
+ fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
+ goto loser;
}
if (tmppoolp)
- PORT_FreeArena(tmppoolp, PR_FALSE);
+ PORT_FreeArena(tmppoolp, PR_FALSE);
return cmsg;
loser:
if (certs) {
- for (; i<cnt; i++) {
- CERT_DestroyCertificate(certs[i]);
- }
+ for (; i < cnt; i++) {
+ CERT_DestroyCertificate(certs[i]);
+ }
}
if (cmsg)
- NSS_CMSMessage_Destroy(cmsg);
+ NSS_CMSMessage_Destroy(cmsg);
if (tmppoolp)
- PORT_FreeArena(tmppoolp, PR_FALSE);
+ PORT_FreeArena(tmppoolp, PR_FALSE);
return NULL;
}
static char *
-pl_fgets(char * buf, int size, PRFileDesc * fd)
+pl_fgets(char *buf, int size, PRFileDesc *fd)
{
- char * bp = buf;
- int nb = 0;;
+ char *bp = buf;
+ int nb = 0;
+ ;
while (size > 1) {
- nb = PR_Read(fd, bp, 1);
- if (nb < 0) {
- /* deal with error */
- return NULL;
- } else if (nb == 0) {
- /* deal with EOF */
- return NULL;
- } else if (*bp == '\n') {
- /* deal with EOL */
- ++bp; /* keep EOL character */
- break;
- } else {
- /* ordinary character */
- ++bp;
- --size;
- }
+ nb = PR_Read(fd, bp, 1);
+ if (nb < 0) {
+ /* deal with error */
+ return NULL;
+ } else if (nb == 0) {
+ /* deal with EOF */
+ return NULL;
+ } else if (*bp == '\n') {
+ /* deal with EOL */
+ ++bp; /* keep EOL character */
+ break;
+ } else {
+ /* ordinary character */
+ ++bp;
+ --size;
+ }
}
*bp = '\0';
return buf;
}
-typedef enum { UNKNOWN, DECODE, SIGN, ENCRYPT, ENVELOPE, CERTSONLY } Mode;
+typedef enum { UNKNOWN,
+ DECODE,
+ SIGN,
+ ENCRYPT,
+ ENVELOPE,
+ CERTSONLY } Mode;
-static int
-doBatchDecode(FILE *outFile, PRFileDesc *batchFile,
+static int
+doBatchDecode(FILE *outFile, PRFileDesc *batchFile,
const struct decodeOptionsStr *decodeOptions)
{
- char * str;
- int exitStatus = 0;
- char batchLine[512];
+ char *str;
+ int exitStatus = 0;
+ char batchLine[512];
while (NULL != (str = pl_fgets(batchLine, sizeof batchLine, batchFile))) {
- NSSCMSMessage *cmsg = NULL;
- PRFileDesc * inFile;
- int len = strlen(str);
- SECStatus rv;
- SECItem input = {0, 0, 0};
- char cc;
-
- while (len > 0 &&
- ((cc = str[len - 1]) == '\n' || cc == '\r')) {
- str[--len] = '\0';
- }
- if (!len) /* skip empty line */
- continue;
- if (str[0] == '#')
- continue; /* skip comment line */
- fprintf(outFile, "========== %s ==========\n", str);
- inFile = PR_Open(str, PR_RDONLY, 00660);
- if (inFile == NULL) {
- fprintf(outFile, "%s: unable to open \"%s\" for reading\n",
- progName, str);
- exitStatus = 1;
- continue;
- }
- rv = SECU_FileToItem(&input, inFile);
- PR_Close(inFile);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "unable to read infile");
- exitStatus = 1;
- continue;
- }
- cmsg = decode(outFile, &input, decodeOptions);
- SECITEM_FreeItem(&input, PR_FALSE);
- if (cmsg)
- NSS_CMSMessage_Destroy(cmsg);
- else {
- SECU_PrintError(progName, "problem decoding");
- exitStatus = 1;
- }
+ NSSCMSMessage *cmsg = NULL;
+ PRFileDesc *inFile;
+ int len = strlen(str);
+ SECStatus rv;
+ SECItem input = { 0, 0, 0 };
+ char cc;
+
+ while (len > 0 &&
+ ((cc = str[len - 1]) == '\n' || cc == '\r')) {
+ str[--len] = '\0';
+ }
+ if (!len) /* skip empty line */
+ continue;
+ if (str[0] == '#')
+ continue; /* skip comment line */
+ fprintf(outFile, "========== %s ==========\n", str);
+ inFile = PR_Open(str, PR_RDONLY, 00660);
+ if (inFile == NULL) {
+ fprintf(outFile, "%s: unable to open \"%s\" for reading\n",
+ progName, str);
+ exitStatus = 1;
+ continue;
+ }
+ rv = SECU_FileToItem(&input, inFile);
+ PR_Close(inFile);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "unable to read infile");
+ exitStatus = 1;
+ continue;
+ }
+ cmsg = decode(outFile, &input, decodeOptions);
+ SECITEM_FreeItem(&input, PR_FALSE);
+ if (cmsg)
+ NSS_CMSMessage_Destroy(cmsg);
+ else {
+ SECU_PrintError(progName, "problem decoding");
+ exitStatus = 1;
+ }
}
return exitStatus;
}
@@ -1062,30 +1061,30 @@ main(int argc, char **argv)
int nrecipients = 0;
char *str, *tok;
char *envFileName;
- SECItem input = { 0, 0, 0};
+ SECItem input = { 0, 0, 0 };
SECItem envmsg = { 0, 0, 0 };
SECStatus rv;
PRFileDesc *contentFile = NULL;
- PRBool batch = PR_FALSE;
+ PRBool batch = PR_FALSE;
#ifdef NISCC_TEST
const char *ev = PR_GetEnvSecure("NSS_DISABLE_ARENA_FREE_LIST");
- PORT_Assert(ev);
+ PORT_Assert(ev);
ev = PR_GetEnvSecure("NSS_STRICT_SHUTDOWN");
- PORT_Assert(ev);
-#endif
+ PORT_Assert(ev);
+#endif
progName = strrchr(argv[0], '/');
if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
+ progName = strrchr(argv[0], '\\');
+ progName = progName ? progName + 1 : argv[0];
inFile = PR_STDIN;
outFile = stdout;
envFileName = NULL;
mode = UNKNOWN;
decodeOptions.content.data = NULL;
- decodeOptions.content.len = 0;
+ decodeOptions.content.len = 0;
decodeOptions.suppressContent = PR_FALSE;
decodeOptions.headerLevel = -1;
decodeOptions.keepCerts = PR_FALSE;
@@ -1109,508 +1108,510 @@ main(int argc, char **argv)
/*
* Parse command line arguments
*/
- optstate = PL_CreateOptState(argc, argv,
- "CDEGH:N:OPSTY:bc:d:e:f:h:i:kno:p:r:s:u:v");
+ optstate = PL_CreateOptState(argc, argv,
+ "CDEGH:N:OPSTY:bc:d:e:f:h:i:kno:p:r:s:u:v");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'C':
- mode = ENCRYPT;
- break;
- case 'D':
- mode = DECODE;
- break;
- case 'E':
- mode = ENVELOPE;
- break;
- case 'G':
- if (mode != SIGN) {
- fprintf(stderr,
- "%s: option -G only supported with option -S.\n",
- progName);
- Usage(progName);
- exit(1);
- }
- signOptions.signingTime = PR_TRUE;
- break;
- case 'H':
- if (mode != SIGN) {
- fprintf(stderr,
- "%s: option -H only supported with option -S.\n",
- progName);
- Usage(progName);
- exit(1);
- }
- decodeOptions.suppressContent = PR_TRUE;
- if (!strcmp(optstate->value, "MD2"))
- signOptions.hashAlgTag = SEC_OID_MD2;
- else if (!strcmp(optstate->value, "MD4"))
- signOptions.hashAlgTag = SEC_OID_MD4;
- else if (!strcmp(optstate->value, "MD5"))
- signOptions.hashAlgTag = SEC_OID_MD5;
- else if (!strcmp(optstate->value, "SHA1"))
- signOptions.hashAlgTag = SEC_OID_SHA1;
- else if (!strcmp(optstate->value, "SHA256"))
- signOptions.hashAlgTag = SEC_OID_SHA256;
- else if (!strcmp(optstate->value, "SHA384"))
- signOptions.hashAlgTag = SEC_OID_SHA384;
- else if (!strcmp(optstate->value, "SHA512"))
- signOptions.hashAlgTag = SEC_OID_SHA512;
- else {
- fprintf(stderr,
- "%s: -H requires one of MD2,MD4,MD5,SHA1,SHA256,SHA384,SHA512\n",
- progName);
- exit(1);
- }
- break;
- case 'N':
- if (mode != SIGN) {
- fprintf(stderr,
- "%s: option -N only supported with option -S.\n",
- progName);
- Usage(progName);
- exit(1);
- }
- signOptions.nickname = strdup(optstate->value);
- break;
- case 'O':
- mode = CERTSONLY;
- break;
- case 'P':
- if (mode != SIGN) {
- fprintf(stderr,
- "%s: option -P only supported with option -S.\n",
- progName);
- Usage(progName);
- exit(1);
- }
- signOptions.smimeProfile = PR_TRUE;
- break;
- case 'S':
- mode = SIGN;
- break;
- case 'T':
- if (mode != SIGN) {
- fprintf(stderr,
- "%s: option -T only supported with option -S.\n",
- progName);
- Usage(progName);
- exit(1);
- }
- signOptions.detached = PR_TRUE;
- break;
- case 'Y':
- if (mode != SIGN) {
- fprintf(stderr,
- "%s: option -Y only supported with option -S.\n",
- progName);
- Usage(progName);
- exit(1);
- }
- signOptions.encryptionKeyPreferenceNick = strdup(optstate->value);
- break;
-
- case 'b':
- if (mode != DECODE) {
- fprintf(stderr,
- "%s: option -b only supported with option -D.\n",
- progName);
- Usage(progName);
- exit(1);
- }
- batch = PR_TRUE;
- break;
-
- case 'c':
- if (mode != DECODE) {
- fprintf(stderr,
- "%s: option -c only supported with option -D.\n",
- progName);
- Usage(progName);
- exit(1);
- }
- contentFile = PR_Open(optstate->value, PR_RDONLY, 006600);
- if (contentFile == NULL) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading.\n",
- progName, optstate->value);
- exit(1);
- }
-
- rv = SECU_FileToItem(&decodeOptions.content, contentFile);
- PR_Close(contentFile);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "problem reading content file");
- exit(1);
- }
- if (!decodeOptions.content.data) {
- /* file was zero length */
- decodeOptions.content.data = (unsigned char *)PORT_Strdup("");
- decodeOptions.content.len = 0;
- }
-
- break;
- case 'd':
- SECU_ConfigDirectory(optstate->value);
- break;
- case 'e':
- envFileName = strdup(optstate->value);
- encryptOptions.envFile = PR_Open(envFileName, PR_RDONLY, 00660);
- break;
-
- case 'h':
- if (mode != DECODE) {
- fprintf(stderr,
- "%s: option -h only supported with option -D.\n",
- progName);
- Usage(progName);
- exit(1);
- }
- decodeOptions.headerLevel = atoi(optstate->value);
- if (decodeOptions.headerLevel < 0) {
- fprintf(stderr, "option -h cannot have a negative value.\n");
- exit(1);
- }
- break;
- case 'i':
- if (!optstate->value) {
- fprintf(stderr, "-i option requires filename argument\n");
- exit(1);
- }
- inFile = PR_Open(optstate->value, PR_RDONLY, 00660);
- if (inFile == NULL) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, optstate->value);
- exit(1);
- }
- break;
-
- case 'k':
- if (mode != DECODE) {
- fprintf(stderr,
- "%s: option -k only supported with option -D.\n",
- progName);
- Usage(progName);
- exit(1);
- }
- decodeOptions.keepCerts = PR_TRUE;
- break;
-
- case 'n':
- if (mode != DECODE) {
- fprintf(stderr,
- "%s: option -n only supported with option -D.\n",
- progName);
- Usage(progName);
- exit(1);
- }
- decodeOptions.suppressContent = PR_TRUE;
- break;
- case 'o':
- outFile = fopen(optstate->value, "wb");
- if (outFile == NULL) {
- fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
- progName, optstate->value);
- exit(1);
- }
- break;
- case 'p':
- if (!optstate->value) {
- fprintf(stderr, "%s: option -p must have a value.\n", progName);
- Usage(progName);
- exit(1);
- }
-
- options.password = strdup(optstate->value);
- break;
-
- case 'f':
- if (!optstate->value) {
- fprintf(stderr, "%s: option -f must have a value.\n", progName);
- Usage(progName);
- exit(1);
+ switch (optstate->option) {
+ case 'C':
+ mode = ENCRYPT;
+ break;
+ case 'D':
+ mode = DECODE;
+ break;
+ case 'E':
+ mode = ENVELOPE;
+ break;
+ case 'G':
+ if (mode != SIGN) {
+ fprintf(stderr,
+ "%s: option -G only supported with option -S.\n",
+ progName);
+ Usage(progName);
+ exit(1);
+ }
+ signOptions.signingTime = PR_TRUE;
+ break;
+ case 'H':
+ if (mode != SIGN) {
+ fprintf(stderr,
+ "%s: option -H only supported with option -S.\n",
+ progName);
+ Usage(progName);
+ exit(1);
+ }
+ decodeOptions.suppressContent = PR_TRUE;
+ if (!strcmp(optstate->value, "MD2"))
+ signOptions.hashAlgTag = SEC_OID_MD2;
+ else if (!strcmp(optstate->value, "MD4"))
+ signOptions.hashAlgTag = SEC_OID_MD4;
+ else if (!strcmp(optstate->value, "MD5"))
+ signOptions.hashAlgTag = SEC_OID_MD5;
+ else if (!strcmp(optstate->value, "SHA1"))
+ signOptions.hashAlgTag = SEC_OID_SHA1;
+ else if (!strcmp(optstate->value, "SHA256"))
+ signOptions.hashAlgTag = SEC_OID_SHA256;
+ else if (!strcmp(optstate->value, "SHA384"))
+ signOptions.hashAlgTag = SEC_OID_SHA384;
+ else if (!strcmp(optstate->value, "SHA512"))
+ signOptions.hashAlgTag = SEC_OID_SHA512;
+ else {
+ fprintf(stderr,
+ "%s: -H requires one of MD2,MD4,MD5,SHA1,SHA256,SHA384,SHA512\n",
+ progName);
+ exit(1);
+ }
+ break;
+ case 'N':
+ if (mode != SIGN) {
+ fprintf(stderr,
+ "%s: option -N only supported with option -S.\n",
+ progName);
+ Usage(progName);
+ exit(1);
+ }
+ signOptions.nickname = strdup(optstate->value);
+ break;
+ case 'O':
+ mode = CERTSONLY;
+ break;
+ case 'P':
+ if (mode != SIGN) {
+ fprintf(stderr,
+ "%s: option -P only supported with option -S.\n",
+ progName);
+ Usage(progName);
+ exit(1);
+ }
+ signOptions.smimeProfile = PR_TRUE;
+ break;
+ case 'S':
+ mode = SIGN;
+ break;
+ case 'T':
+ if (mode != SIGN) {
+ fprintf(stderr,
+ "%s: option -T only supported with option -S.\n",
+ progName);
+ Usage(progName);
+ exit(1);
+ }
+ signOptions.detached = PR_TRUE;
+ break;
+ case 'Y':
+ if (mode != SIGN) {
+ fprintf(stderr,
+ "%s: option -Y only supported with option -S.\n",
+ progName);
+ Usage(progName);
+ exit(1);
+ }
+ signOptions.encryptionKeyPreferenceNick = strdup(optstate->value);
+ break;
+
+ case 'b':
+ if (mode != DECODE) {
+ fprintf(stderr,
+ "%s: option -b only supported with option -D.\n",
+ progName);
+ Usage(progName);
+ exit(1);
+ }
+ batch = PR_TRUE;
+ break;
+
+ case 'c':
+ if (mode != DECODE) {
+ fprintf(stderr,
+ "%s: option -c only supported with option -D.\n",
+ progName);
+ Usage(progName);
+ exit(1);
+ }
+ contentFile = PR_Open(optstate->value, PR_RDONLY, 006600);
+ if (contentFile == NULL) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading.\n",
+ progName, optstate->value);
+ exit(1);
+ }
+
+ rv = SECU_FileToItem(&decodeOptions.content, contentFile);
+ PR_Close(contentFile);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "problem reading content file");
+ exit(1);
+ }
+ if (!decodeOptions.content.data) {
+ /* file was zero length */
+ decodeOptions.content.data = (unsigned char *)PORT_Strdup("");
+ decodeOptions.content.len = 0;
+ }
+
+ break;
+ case 'd':
+ SECU_ConfigDirectory(optstate->value);
+ break;
+ case 'e':
+ envFileName = strdup(optstate->value);
+ encryptOptions.envFile = PR_Open(envFileName, PR_RDONLY, 00660);
+ break;
+
+ case 'h':
+ if (mode != DECODE) {
+ fprintf(stderr,
+ "%s: option -h only supported with option -D.\n",
+ progName);
+ Usage(progName);
+ exit(1);
+ }
+ decodeOptions.headerLevel = atoi(optstate->value);
+ if (decodeOptions.headerLevel < 0) {
+ fprintf(stderr, "option -h cannot have a negative value.\n");
+ exit(1);
+ }
+ break;
+ case 'i':
+ if (!optstate->value) {
+ fprintf(stderr, "-i option requires filename argument\n");
+ exit(1);
+ }
+ inFile = PR_Open(optstate->value, PR_RDONLY, 00660);
+ if (inFile == NULL) {
+ fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+ progName, optstate->value);
+ exit(1);
+ }
+ break;
+
+ case 'k':
+ if (mode != DECODE) {
+ fprintf(stderr,
+ "%s: option -k only supported with option -D.\n",
+ progName);
+ Usage(progName);
+ exit(1);
+ }
+ decodeOptions.keepCerts = PR_TRUE;
+ break;
+
+ case 'n':
+ if (mode != DECODE) {
+ fprintf(stderr,
+ "%s: option -n only supported with option -D.\n",
+ progName);
+ Usage(progName);
+ exit(1);
+ }
+ decodeOptions.suppressContent = PR_TRUE;
+ break;
+ case 'o':
+ outFile = fopen(optstate->value, "wb");
+ if (outFile == NULL) {
+ fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+ progName, optstate->value);
+ exit(1);
+ }
+ break;
+ case 'p':
+ if (!optstate->value) {
+ fprintf(stderr, "%s: option -p must have a value.\n", progName);
+ Usage(progName);
+ exit(1);
+ }
+
+ options.password = strdup(optstate->value);
+ break;
+
+ case 'f':
+ if (!optstate->value) {
+ fprintf(stderr, "%s: option -f must have a value.\n", progName);
+ Usage(progName);
+ exit(1);
+ }
+
+ options.pwfile = strdup(optstate->value);
+ break;
+
+ case 'r':
+ if (!optstate->value) {
+ fprintf(stderr, "%s: option -r must have a value.\n", progName);
+ Usage(progName);
+ exit(1);
+ }
+ envelopeOptions.recipients = ptrarray;
+ str = (char *)optstate->value;
+ do {
+ tok = strchr(str, ',');
+ if (tok)
+ *tok = '\0';
+ envelopeOptions.recipients[nrecipients++] = strdup(str);
+ if (tok)
+ str = tok + 1;
+ } while (tok);
+ envelopeOptions.recipients[nrecipients] = NULL;
+ encryptOptions.recipients = envelopeOptions.recipients;
+ certsonlyOptions.recipients = envelopeOptions.recipients;
+ break;
+
+ case 'u': {
+ int usageType;
+
+ usageType = atoi(strdup(optstate->value));
+ if (usageType < certUsageSSLClient || usageType > certUsageAnyCA)
+ return -1;
+ options.certUsage = (SECCertUsage)usageType;
+ break;
}
-
- options.pwfile = strdup(optstate->value);
- break;
-
- case 'r':
- if (!optstate->value) {
- fprintf(stderr, "%s: option -r must have a value.\n", progName);
- Usage(progName);
- exit(1);
- }
- envelopeOptions.recipients = ptrarray;
- str = (char *)optstate->value;
- do {
- tok = strchr(str, ',');
- if (tok) *tok = '\0';
- envelopeOptions.recipients[nrecipients++] = strdup(str);
- if (tok) str = tok + 1;
- } while (tok);
- envelopeOptions.recipients[nrecipients] = NULL;
- encryptOptions.recipients = envelopeOptions.recipients;
- certsonlyOptions.recipients = envelopeOptions.recipients;
- break;
-
- case 'u': {
- int usageType;
-
- usageType = atoi (strdup(optstate->value));
- if (usageType < certUsageSSLClient || usageType > certUsageAnyCA)
- return -1;
- options.certUsage = (SECCertUsage)usageType;
- break;
- }
- case 'v':
- cms_verbose = 1;
- break;
-
- }
+ case 'v':
+ cms_verbose = 1;
+ break;
+ }
}
if (status == PL_OPT_BAD)
- Usage(progName);
+ Usage(progName);
PL_DestroyOptState(optstate);
if (mode == UNKNOWN)
- Usage(progName);
+ Usage(progName);
if (mode != CERTSONLY && !batch) {
- rv = SECU_FileToItem(&input, inFile);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "unable to read infile");
- exit(1);
- }
- if (inFile != PR_STDIN) {
- PR_Close(inFile);
- }
+ rv = SECU_FileToItem(&input, inFile);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "unable to read infile");
+ exit(1);
+ }
+ if (inFile != PR_STDIN) {
+ PR_Close(inFile);
+ }
}
if (cms_verbose) {
- fprintf(stderr, "received commands\n");
+ fprintf(stderr, "received commands\n");
}
/* Call the NSS initialization routines */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_InitReadWrite(SECU_ConfigDirectory(NULL));
if (SECSuccess != rv) {
- SECU_PrintError(progName, "NSS_Init failed");
- exit(1);
+ SECU_PrintError(progName, "NSS_Init failed");
+ exit(1);
}
if (cms_verbose) {
- fprintf(stderr, "NSS has been initialized.\n");
+ fprintf(stderr, "NSS has been initialized.\n");
}
options.certHandle = CERT_GetDefaultCertDB();
if (!options.certHandle) {
- SECU_PrintError(progName, "No default cert DB");
- exit(1);
+ SECU_PrintError(progName, "No default cert DB");
+ exit(1);
}
if (cms_verbose) {
- fprintf(stderr, "Got default certdb\n");
+ fprintf(stderr, "Got default certdb\n");
}
- if (options.password)
- {
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = options.password;
+ if (options.password) {
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = options.password;
}
- if (options.pwfile)
- {
- pwdata.source = PW_FROMFILE;
- pwdata.data = options.pwfile;
+ if (options.pwfile) {
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = options.pwfile;
}
pwcb = SECU_GetModulePassword;
pwcb_arg = (void *)&pwdata;
PK11_SetPasswordFunc(&SECU_GetModulePassword);
-
#if defined(_WIN32)
if (outFile == stdout) {
- /* If we're going to write binary data to stdout, we must put stdout
- ** into O_BINARY mode or else outgoing \n's will become \r\n's.
- */
- int smrv = _setmode(_fileno(stdout), _O_BINARY);
- if (smrv == -1) {
- fprintf(stderr,
- "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
- progName);
- return smrv;
- }
+ /* If we're going to write binary data to stdout, we must put stdout
+ ** into O_BINARY mode or else outgoing \n's will become \r\n's.
+ */
+ int smrv = _setmode(_fileno(stdout), _O_BINARY);
+ if (smrv == -1) {
+ fprintf(stderr,
+ "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
+ progName);
+ return smrv;
+ }
}
#endif
exitstatus = 0;
switch (mode) {
- case DECODE: /* -D */
- decodeOptions.options = &options;
- if (encryptOptions.envFile) {
- /* Decoding encrypted-data, so get the bulkkey from an
- * enveloped-data message.
- */
- SECU_FileToItem(&envmsg, encryptOptions.envFile);
- decodeOptions.options = &options;
- encryptOptions.envmsg = decode(NULL, &envmsg, &decodeOptions);
- if (!encryptOptions.envmsg) {
- SECU_PrintError(progName, "problem decoding env msg");
- exitstatus = 1;
- break;
- }
- rv = get_enc_params(&encryptOptions);
- decodeOptions.dkcb = dkcb;
- decodeOptions.bulkkey = encryptOptions.bulkkey;
- }
- if (!batch) {
- cmsg = decode(outFile, &input, &decodeOptions);
- if (!cmsg) {
- SECU_PrintError(progName, "problem decoding");
- exitstatus = 1;
- }
- } else {
- exitstatus = doBatchDecode(outFile, inFile, &decodeOptions);
- if (inFile != PR_STDIN) {
- PR_Close(inFile);
- }
- }
- break;
- case SIGN: /* -S */
- signOptions.options = &options;
- cmsg = signed_data(&signOptions);
- if (!cmsg) {
- SECU_PrintError(progName, "problem signing");
- exitstatus = 1;
- }
- break;
- case ENCRYPT: /* -C */
- if (!envFileName) {
- fprintf(stderr, "%s: you must specify an envelope file with -e.\n",
- progName);
- exit(1);
- }
- encryptOptions.options = &options;
- encryptOptions.input = &input;
- encryptOptions.outfile = outFile;
- /* decode an enveloped-data message to get the bulkkey (create
- * a new one if neccessary)
- */
- if (!encryptOptions.envFile) {
- encryptOptions.envFile = PR_Open(envFileName,
- PR_WRONLY|PR_CREATE_FILE, 00660);
- if (!encryptOptions.envFile) {
- fprintf(stderr, "%s: failed to create file %s.\n", progName,
- envFileName);
- exit(1);
- }
- } else {
- SECU_FileToItem(&envmsg, encryptOptions.envFile);
- decodeOptions.options = &options;
- encryptOptions.envmsg = decode(NULL, &envmsg, &decodeOptions);
- if (encryptOptions.envmsg == NULL) {
- SECU_PrintError(progName, "problem decrypting env msg");
- exitstatus = 1;
- break;
- }
- }
- rv = get_enc_params(&encryptOptions);
- /* create the encrypted-data message */
- cmsg = encrypted_data(&encryptOptions);
- if (!cmsg) {
- SECU_PrintError(progName, "problem encrypting");
- exitstatus = 1;
- }
- if (encryptOptions.bulkkey) {
- PK11_FreeSymKey(encryptOptions.bulkkey);
- encryptOptions.bulkkey = NULL;
- }
- break;
- case ENVELOPE: /* -E */
- envelopeOptions.options = &options;
- cmsg = enveloped_data(&envelopeOptions);
- if (!cmsg) {
- SECU_PrintError(progName, "problem enveloping");
- exitstatus = 1;
- }
- break;
- case CERTSONLY: /* -O */
- certsonlyOptions.options = &options;
- cmsg = signed_data_certsonly(&certsonlyOptions);
- if (!cmsg) {
- SECU_PrintError(progName, "problem with certs-only");
- exitstatus = 1;
- }
- break;
- default:
- fprintf(stderr, "One of options -D, -S or -E must be set.\n");
- Usage(progName);
- exitstatus = 1;
- }
- if ( (mode == SIGN || mode == ENVELOPE || mode == CERTSONLY)
- && (!exitstatus) ) {
- PLArenaPool *arena = PORT_NewArena(1024);
- NSSCMSEncoderContext *ecx;
- SECItem output = { 0, 0, 0 };
-
- if (!arena) {
- fprintf(stderr, "%s: out of memory.\n", progName);
- exit(1);
- }
-
- if (cms_verbose) {
- fprintf(stderr, "cmsg [%p]\n", cmsg);
- fprintf(stderr, "arena [%p]\n", arena);
- if (pwcb_arg && (PW_PLAINTEXT == ((secuPWData*)pwcb_arg)->source))
- fprintf(stderr, "password [%s]\n",
- ((secuPWData*)pwcb_arg)->data);
- else
- fprintf(stderr, "password [NULL]\n");
- }
- ecx = NSS_CMSEncoder_Start(cmsg,
+ case DECODE: /* -D */
+ decodeOptions.options = &options;
+ if (encryptOptions.envFile) {
+ /* Decoding encrypted-data, so get the bulkkey from an
+ * enveloped-data message.
+ */
+ SECU_FileToItem(&envmsg, encryptOptions.envFile);
+ decodeOptions.options = &options;
+ encryptOptions.envmsg = decode(NULL, &envmsg, &decodeOptions);
+ if (!encryptOptions.envmsg) {
+ SECU_PrintError(progName, "problem decoding env msg");
+ exitstatus = 1;
+ break;
+ }
+ rv = get_enc_params(&encryptOptions);
+ decodeOptions.dkcb = dkcb;
+ decodeOptions.bulkkey = encryptOptions.bulkkey;
+ }
+ if (!batch) {
+ cmsg = decode(outFile, &input, &decodeOptions);
+ if (!cmsg) {
+ SECU_PrintError(progName, "problem decoding");
+ exitstatus = 1;
+ }
+ } else {
+ exitstatus = doBatchDecode(outFile, inFile, &decodeOptions);
+ if (inFile != PR_STDIN) {
+ PR_Close(inFile);
+ }
+ }
+ break;
+ case SIGN: /* -S */
+ signOptions.options = &options;
+ cmsg = signed_data(&signOptions);
+ if (!cmsg) {
+ SECU_PrintError(progName, "problem signing");
+ exitstatus = 1;
+ }
+ break;
+ case ENCRYPT: /* -C */
+ if (!envFileName) {
+ fprintf(stderr, "%s: you must specify an envelope file with -e.\n",
+ progName);
+ exit(1);
+ }
+ encryptOptions.options = &options;
+ encryptOptions.input = &input;
+ encryptOptions.outfile = outFile;
+ /* decode an enveloped-data message to get the bulkkey (create
+ * a new one if neccessary)
+ */
+ if (!encryptOptions.envFile) {
+ encryptOptions.envFile = PR_Open(envFileName,
+ PR_WRONLY | PR_CREATE_FILE, 00660);
+ if (!encryptOptions.envFile) {
+ fprintf(stderr, "%s: failed to create file %s.\n", progName,
+ envFileName);
+ exit(1);
+ }
+ } else {
+ SECU_FileToItem(&envmsg, encryptOptions.envFile);
+ decodeOptions.options = &options;
+ encryptOptions.envmsg = decode(NULL, &envmsg, &decodeOptions);
+ if (encryptOptions.envmsg == NULL) {
+ SECU_PrintError(progName, "problem decrypting env msg");
+ exitstatus = 1;
+ break;
+ }
+ }
+ rv = get_enc_params(&encryptOptions);
+ /* create the encrypted-data message */
+ cmsg = encrypted_data(&encryptOptions);
+ if (!cmsg) {
+ SECU_PrintError(progName, "problem encrypting");
+ exitstatus = 1;
+ }
+ if (encryptOptions.bulkkey) {
+ PK11_FreeSymKey(encryptOptions.bulkkey);
+ encryptOptions.bulkkey = NULL;
+ }
+ break;
+ case ENVELOPE: /* -E */
+ envelopeOptions.options = &options;
+ cmsg = enveloped_data(&envelopeOptions);
+ if (!cmsg) {
+ SECU_PrintError(progName, "problem enveloping");
+ exitstatus = 1;
+ }
+ break;
+ case CERTSONLY: /* -O */
+ certsonlyOptions.options = &options;
+ cmsg = signed_data_certsonly(&certsonlyOptions);
+ if (!cmsg) {
+ SECU_PrintError(progName, "problem with certs-only");
+ exitstatus = 1;
+ }
+ break;
+ default:
+ fprintf(stderr, "One of options -D, -S or -E must be set.\n");
+ Usage(progName);
+ exitstatus = 1;
+ }
+ if ((mode == SIGN || mode == ENVELOPE || mode == CERTSONLY) &&
+ (!exitstatus)) {
+ PLArenaPool *arena = PORT_NewArena(1024);
+ NSSCMSEncoderContext *ecx;
+ SECItem output = { 0, 0, 0 };
+
+ if (!arena) {
+ fprintf(stderr, "%s: out of memory.\n", progName);
+ exit(1);
+ }
+
+ if (cms_verbose) {
+ fprintf(stderr, "cmsg [%p]\n", cmsg);
+ fprintf(stderr, "arena [%p]\n", arena);
+ if (pwcb_arg && (PW_PLAINTEXT == ((secuPWData *)pwcb_arg)->source))
+ fprintf(stderr, "password [%s]\n",
+ ((secuPWData *)pwcb_arg)->data);
+ else
+ fprintf(stderr, "password [NULL]\n");
+ }
+ ecx = NSS_CMSEncoder_Start(cmsg,
NULL, NULL, /* DER output callback */
&output, arena, /* destination storage */
pwcb, pwcb_arg, /* password callback */
NULL, NULL, /* decrypt key callback */
- NULL, NULL ); /* detached digests */
- if (!ecx) {
- fprintf(stderr, "%s: cannot create encoder context.\n", progName);
- exit(1);
- }
- if (cms_verbose) {
- fprintf(stderr, "input len [%d]\n", input.len);
- { unsigned int j;
- for(j=0;j<input.len;j++)
- fprintf(stderr, "%2x%c", input.data[j], (j>0&&j%35==0)?'\n':' ');
- }
- }
- if (input.len > 0) { /* skip if certs-only (or other zero content) */
- rv = NSS_CMSEncoder_Update(ecx, (char *)input.data, input.len);
- if (rv) {
- fprintf(stderr,
- "%s: failed to add data to encoder.\n", progName);
- exit(1);
- }
- }
- rv = NSS_CMSEncoder_Finish(ecx);
- if (rv) {
+ NULL, NULL); /* detached digests */
+ if (!ecx) {
+ fprintf(stderr, "%s: cannot create encoder context.\n", progName);
+ exit(1);
+ }
+ if (cms_verbose) {
+ fprintf(stderr, "input len [%d]\n", input.len);
+ {
+ unsigned int j;
+ for (j = 0; j < input.len; j++)
+ fprintf(stderr, "%2x%c", input.data[j], (j > 0 &&
+ j % 35 == 0)
+ ? '\n'
+ : ' ');
+ }
+ }
+ if (input.len > 0) { /* skip if certs-only (or other zero content) */
+ rv = NSS_CMSEncoder_Update(ecx, (char *)input.data, input.len);
+ if (rv) {
+ fprintf(stderr,
+ "%s: failed to add data to encoder.\n", progName);
+ exit(1);
+ }
+ }
+ rv = NSS_CMSEncoder_Finish(ecx);
+ if (rv) {
SECU_PrintError(progName, "failed to encode data");
- exit(1);
- }
-
- if (cms_verbose) {
- fprintf(stderr, "encoding passed\n");
- }
- fwrite(output.data, output.len, 1, outFile);
- if (cms_verbose) {
- fprintf(stderr, "wrote to file\n");
- }
- PORT_FreeArena(arena, PR_FALSE);
+ exit(1);
+ }
+
+ if (cms_verbose) {
+ fprintf(stderr, "encoding passed\n");
+ }
+ fwrite(output.data, output.len, 1, outFile);
+ if (cms_verbose) {
+ fprintf(stderr, "wrote to file\n");
+ }
+ PORT_FreeArena(arena, PR_FALSE);
}
if (cmsg)
- NSS_CMSMessage_Destroy(cmsg);
+ NSS_CMSMessage_Destroy(cmsg);
if (outFile != stdout)
- fclose(outFile);
+ fclose(outFile);
SECITEM_FreeItem(&decodeOptions.content, PR_FALSE);
SECITEM_FreeItem(&envmsg, PR_FALSE);
SECITEM_FreeItem(&input, PR_FALSE);
if (NSS_Shutdown() != SECSuccess) {
- SECU_PrintError(progName, "NSS_Shutdown failed");
- exitstatus = 1;
+ SECU_PrintError(progName, "NSS_Shutdown failed");
+ exitstatus = 1;
}
PR_Cleanup();
return exitstatus;
diff --git a/cmd/ssltap/ssltap.c b/cmd/ssltap/ssltap.c
index 29b91910e..1e4d98fbd 100644
--- a/cmd/ssltap/ssltap.c
+++ b/cmd/ssltap/ssltap.c
@@ -25,7 +25,7 @@
#include "nspr.h"
#include "plstr.h"
#include "secutil.h"
-#include <memory.h> /* for memcpy, etc. */
+#include <memory.h> /* for memcpy, etc. */
#include <string.h>
#include <time.h>
@@ -34,218 +34,207 @@
#include "cert.h"
#include "sslproto.h"
#include "ocsp.h"
-#include "ocspti.h" /* internals for pretty-printing routines *only* */
+#include "ocspti.h" /* internals for pretty-printing routines *only* */
struct _DataBufferList;
struct _DataBuffer;
typedef struct _DataBufferList {
- struct _DataBuffer *first,*last;
- unsigned int size;
- int isEncrypted;
- unsigned char * msgBuf;
- unsigned int msgBufOffset;
- unsigned int msgBufSize;
- unsigned int hMACsize;
+ struct _DataBuffer *first, *last;
+ unsigned int size;
+ int isEncrypted;
+ unsigned char *msgBuf;
+ unsigned int msgBufOffset;
+ unsigned int msgBufSize;
+ unsigned int hMACsize;
} DataBufferList;
typedef struct _DataBuffer {
- unsigned char *buffer;
- int length;
- int offset; /* offset of first good byte */
- struct _DataBuffer *next;
+ unsigned char *buffer;
+ int length;
+ int offset; /* offset of first good byte */
+ struct _DataBuffer *next;
} DataBuffer;
-
-
struct sslhandshake {
- PRUint8 type;
- PRUint32 length;
+ PRUint8 type;
+ PRUint32 length;
};
typedef struct _SSLRecord {
- PRUint8 type;
- PRUint8 ver_maj,ver_min;
+ PRUint8 type;
+ PRUint8 ver_maj, ver_min;
- PRUint8 length[2];
+ PRUint8 length[2];
} SSLRecord;
typedef struct _ClientHelloV2 {
- PRUint8 length[2];
- PRUint8 type;
- PRUint8 version[2];
- PRUint8 cslength[2];
- PRUint8 sidlength[2];
- PRUint8 rndlength[2];
- PRUint8 csuites[1];
+ PRUint8 length[2];
+ PRUint8 type;
+ PRUint8 version[2];
+ PRUint8 cslength[2];
+ PRUint8 sidlength[2];
+ PRUint8 rndlength[2];
+ PRUint8 csuites[1];
} ClientHelloV2;
typedef struct _ServerHelloV2 {
- PRUint8 length[2];
- PRUint8 type;
- PRUint8 sidhit;
- PRUint8 certtype;
- PRUint8 version[2];
- PRUint8 certlength[2];
- PRUint8 cslength[2];
- PRUint8 cidlength[2];
+ PRUint8 length[2];
+ PRUint8 type;
+ PRUint8 sidhit;
+ PRUint8 certtype;
+ PRUint8 version[2];
+ PRUint8 certlength[2];
+ PRUint8 cslength[2];
+ PRUint8 cidlength[2];
} ServerHelloV2;
typedef struct _ClientMasterKeyV2 {
- PRUint8 length[2];
- PRUint8 type;
+ PRUint8 length[2];
+ PRUint8 type;
- PRUint8 cipherkind[3];
- PRUint8 clearkey[2];
- PRUint8 secretkey[2];
+ PRUint8 cipherkind[3];
+ PRUint8 clearkey[2];
+ PRUint8 secretkey[2];
} ClientMasterKeyV2;
/* forward declaration */
-void showErr(const char * msg);
+void showErr(const char *msg);
#define TAPBUFSIZ 16384
#define DEFPORT 1924
#include <ctype.h>
-const char * progName;
-int hexparse=0;
-int sslparse=0;
-int sslhexparse=0;
-int looparound=0;
-int fancy=0;
-int isV2Session=0;
-int currentcipher=0;
+const char *progName;
+int hexparse = 0;
+int sslparse = 0;
+int sslhexparse = 0;
+int looparound = 0;
+int fancy = 0;
+int isV2Session = 0;
+int currentcipher = 0;
DataBufferList clientstream, serverstream;
-#define PR_FPUTS(x) PR_fprintf(PR_STDOUT, x )
-
-#define GET_SHORT(x) ((PRUint16)(((PRUint16)((PRUint8*)x)[0]) << 8) + ((PRUint16)((PRUint8*)x)[1]))
-#define GET_24(x) ((PRUint32) ( \
- (((PRUint32)((PRUint8*)x)[0]) << 16) \
- + \
- (((PRUint32)((PRUint8*)x)[1]) << 8) \
- + \
- (((PRUint32)((PRUint8*)x)[2]) << 0) \
- ) )
-#define GET_32(x) ((PRUint32) ( \
- (((PRUint32)((PRUint8*)x)[0]) << 24) \
- + \
- (((PRUint32)((PRUint8*)x)[1]) << 16) \
- + \
- (((PRUint32)((PRUint8*)x)[2]) << 8) \
- + \
- (((PRUint32)((PRUint8*)x)[3]) << 0) \
- ) )
+#define PR_FPUTS(x) PR_fprintf(PR_STDOUT, x)
+
+#define GET_SHORT(x) ((PRUint16)(((PRUint16)((PRUint8 *)x)[0]) << 8) + ((PRUint16)((PRUint8 *)x)[1]))
+#define GET_24(x) ((PRUint32)( \
+ (((PRUint32)((PRUint8 *)x)[0]) << 16) + \
+ (((PRUint32)((PRUint8 *)x)[1]) << 8) + \
+ (((PRUint32)((PRUint8 *)x)[2]) << 0)))
+#define GET_32(x) ((PRUint32)( \
+ (((PRUint32)((PRUint8 *)x)[0]) << 24) + \
+ (((PRUint32)((PRUint8 *)x)[1]) << 16) + \
+ (((PRUint32)((PRUint8 *)x)[2]) << 8) + \
+ (((PRUint32)((PRUint8 *)x)[3]) << 0)))
void print_hex(int amt, unsigned char *buf);
void read_stream_bytes(unsigned char *d, DataBufferList *db, int length);
-void myhalt(int dblsize,int collectedsize)
+void
+myhalt(int dblsize, int collectedsize)
{
- PR_fprintf(PR_STDERR,"HALTED\n");
- PR_ASSERT(dblsize == collectedsize);
- exit(13);
+ PR_fprintf(PR_STDERR, "HALTED\n");
+ PR_ASSERT(dblsize == collectedsize);
+ exit(13);
}
-const char *get_error_text(int error)
+const char *
+get_error_text(int error)
{
- switch (error) {
- case PR_IO_TIMEOUT_ERROR:
- return "Timeout";
- break;
- case PR_CONNECT_REFUSED_ERROR:
- return "Connection refused";
- break;
- case PR_NETWORK_UNREACHABLE_ERROR:
- return "Network unreachable";
- break;
- case PR_BAD_ADDRESS_ERROR:
- return "Bad address";
- break;
- case PR_CONNECT_RESET_ERROR:
- return "Connection reset";
- break;
- case PR_PIPE_ERROR:
- return "Pipe error";
- break;
- }
-
- return "";
-}
-
-
-
+ switch (error) {
+ case PR_IO_TIMEOUT_ERROR:
+ return "Timeout";
+ break;
+ case PR_CONNECT_REFUSED_ERROR:
+ return "Connection refused";
+ break;
+ case PR_NETWORK_UNREACHABLE_ERROR:
+ return "Network unreachable";
+ break;
+ case PR_BAD_ADDRESS_ERROR:
+ return "Bad address";
+ break;
+ case PR_CONNECT_RESET_ERROR:
+ return "Connection reset";
+ break;
+ case PR_PIPE_ERROR:
+ return "Pipe error";
+ break;
+ }
+ return "";
+}
-void check_integrity(DataBufferList *dbl)
+void
+check_integrity(DataBufferList *dbl)
{
- DataBuffer *db;
- int i;
-
- db = dbl->first;
- i =0;
- while (db) {
- i+= db->length - db->offset;
- db = db->next;
- }
- if (i != dbl->size) {
- myhalt(dbl->size,i);
- }
+ DataBuffer *db;
+ int i;
+
+ db = dbl->first;
+ i = 0;
+ while (db) {
+ i += db->length - db->offset;
+ db = db->next;
+ }
+ if (i != dbl->size) {
+ myhalt(dbl->size, i);
+ }
}
/* Free's the DataBuffer at the head of the list and returns the pointer
* to the new head of the list.
*/
-DataBuffer *
+DataBuffer *
free_head(DataBufferList *dbl)
{
- DataBuffer *db = dbl->first;
- PR_ASSERT(db->offset >= db->length);
- if (db->offset >= db->length) {
- dbl->first = db->next;
- if (dbl->first == NULL) {
- dbl->last = NULL;
+ DataBuffer *db = dbl->first;
+ PR_ASSERT(db->offset >= db->length);
+ if (db->offset >= db->length) {
+ dbl->first = db->next;
+ if (dbl->first == NULL) {
+ dbl->last = NULL;
+ }
+ PORT_Free(db->buffer);
+ PORT_Free(db);
+ db = dbl->first;
}
- PORT_Free(db->buffer);
- PORT_Free(db);
- db = dbl->first;
- }
- return db;
+ return db;
}
-void
-read_stream_bytes(unsigned char *d, DataBufferList *dbl, int length)
+void
+read_stream_bytes(unsigned char *d, DataBufferList *dbl, int length)
{
- int copied = 0;
- DataBuffer *db = dbl->first;
-
- if (!db) {
- PR_fprintf(PR_STDERR,"assert failed - dbl->first is null\n");
- exit(8);
- }
- while (length) {
- int toCopy;
- /* find the number of bytes to copy from the head buffer */
- /* if there's too many in this buffer, then only copy 'length' */
- toCopy = PR_MIN(db->length - db->offset, length);
-
- memcpy(d + copied, db->buffer + db->offset, toCopy);
- copied += toCopy;
- db->offset += toCopy;
- length -= toCopy;
- dbl->size -= toCopy;
-
- /* if we emptied the head buffer */
- if (db->offset >= db->length) {
- db = free_head(dbl);
- }
- }
+ int copied = 0;
+ DataBuffer *db = dbl->first;
- check_integrity(dbl);
+ if (!db) {
+ PR_fprintf(PR_STDERR, "assert failed - dbl->first is null\n");
+ exit(8);
+ }
+ while (length) {
+ int toCopy;
+ /* find the number of bytes to copy from the head buffer */
+ /* if there's too many in this buffer, then only copy 'length' */
+ toCopy = PR_MIN(db->length - db->offset, length);
+
+ memcpy(d + copied, db->buffer + db->offset, toCopy);
+ copied += toCopy;
+ db->offset += toCopy;
+ length -= toCopy;
+ dbl->size -= toCopy;
+
+ /* if we emptied the head buffer */
+ if (db->offset >= db->length) {
+ db = free_head(dbl);
+ }
+ }
+ check_integrity(dbl);
}
void
@@ -254,490 +243,858 @@ flush_stream(DataBufferList *dbl)
DataBuffer *db = dbl->first;
check_integrity(dbl);
while (db) {
- db->offset = db->length;
- db = free_head(dbl);
+ db->offset = db->length;
+ db = free_head(dbl);
}
dbl->size = 0;
check_integrity(dbl);
if (dbl->msgBuf) {
PORT_Free(dbl->msgBuf);
- dbl->msgBuf = NULL;
+ dbl->msgBuf = NULL;
}
dbl->msgBufOffset = 0;
dbl->msgBufSize = 0;
dbl->hMACsize = 0;
}
-
-const char * V2CipherString(int cs_int)
+const char *
+V2CipherString(int cs_int)
{
- char *cs_str;
- cs_str = NULL;
- switch (cs_int) {
-
- case 0x010080: cs_str = "SSL2/RSA/RC4-128/MD5"; break;
- case 0x020080: cs_str = "SSL2/RSA/RC4-40/MD5"; break;
- case 0x030080: cs_str = "SSL2/RSA/RC2CBC128/MD5"; break;
- case 0x040080: cs_str = "SSL2/RSA/RC2CBC40/MD5"; break;
- case 0x050080: cs_str = "SSL2/RSA/IDEA128CBC/MD5"; break;
- case 0x060040: cs_str = "SSL2/RSA/DES56-CBC/MD5"; break;
- case 0x0700C0: cs_str = "SSL2/RSA/3DES192EDE-CBC/MD5"; break;
-
- case 0x000001: cs_str = "SSL3/RSA/NULL/MD5"; break;
- case 0x000002: cs_str = "SSL3/RSA/NULL/SHA"; break;
- case 0x000003: cs_str = "SSL3/RSA/RC4-40/MD5"; break;
- case 0x000004: cs_str = "SSL3/RSA/RC4-128/MD5"; break;
- case 0x000005: cs_str = "SSL3/RSA/RC4-128/SHA"; break;
- case 0x000006: cs_str = "SSL3/RSA/RC2CBC40/MD5"; break;
- case 0x000007: cs_str = "SSL3/RSA/IDEA128CBC/SHA"; break;
- case 0x000008: cs_str = "SSL3/RSA/DES40-CBC/SHA"; break;
- case 0x000009: cs_str = "SSL3/RSA/DES56-CBC/SHA"; break;
- case 0x00000A: cs_str = "SSL3/RSA/3DES192EDE-CBC/SHA"; break;
-
- case 0x00000B: cs_str = "SSL3/DH-DSS/DES40-CBC/SHA"; break;
- case 0x00000C: cs_str = "SSL3/DH-DSS/DES56-CBC/SHA"; break;
- case 0x00000D: cs_str = "SSL3/DH-DSS/DES192EDE3CBC/SHA"; break;
- case 0x00000E: cs_str = "SSL3/DH-RSA/DES40-CBC/SHA"; break;
- case 0x00000F: cs_str = "SSL3/DH-RSA/DES56-CBC/SHA"; break;
- case 0x000010: cs_str = "SSL3/DH-RSA/3DES192EDE-CBC/SHA"; break;
-
- case 0x000011: cs_str = "SSL3/DHE-DSS/DES40-CBC/SHA"; break;
- case 0x000012: cs_str = "SSL3/DHE-DSS/DES56-CBC/SHA"; break;
- case 0x000013: cs_str = "SSL3/DHE-DSS/DES192EDE3CBC/SHA"; break;
- case 0x000014: cs_str = "SSL3/DHE-RSA/DES40-CBC/SHA"; break;
- case 0x000015: cs_str = "SSL3/DHE-RSA/DES56-CBC/SHA"; break;
- case 0x000016: cs_str = "SSL3/DHE-RSA/3DES192EDE-CBC/SHA"; break;
-
- case 0x000017: cs_str = "SSL3/DH-anon/RC4-40/MD5"; break;
- case 0x000018: cs_str = "SSL3/DH-anon/RC4-128/MD5"; break;
- case 0x000019: cs_str = "SSL3/DH-anon/DES40-CBC/SHA"; break;
- case 0x00001A: cs_str = "SSL3/DH-anon/DES56-CBC/SHA"; break;
- case 0x00001B: cs_str = "SSL3/DH-anon/3DES192EDE-CBC/SHA"; break;
-
- case 0x00001C: cs_str = "SSL3/FORTEZZA-DMS/NULL/SHA"; break;
- case 0x00001D: cs_str = "SSL3/FORTEZZA-DMS/FORTEZZA-CBC/SHA"; break;
- case 0x00001E: cs_str = "SSL3/FORTEZZA-DMS/RC4-128/SHA"; break;
-
- case 0x00002F: cs_str = "TLS/RSA/AES128-CBC/SHA"; break;
- case 0x000030: cs_str = "TLS/DH-DSS/AES128-CBC/SHA"; break;
- case 0x000031: cs_str = "TLS/DH-RSA/AES128-CBC/SHA"; break;
- case 0x000032: cs_str = "TLS/DHE-DSS/AES128-CBC/SHA"; break;
- case 0x000033: cs_str = "TLS/DHE-RSA/AES128-CBC/SHA"; break;
- case 0x000034: cs_str = "TLS/DH-ANON/AES128-CBC/SHA"; break;
-
- case 0x000035: cs_str = "TLS/RSA/AES256-CBC/SHA"; break;
- case 0x000036: cs_str = "TLS/DH-DSS/AES256-CBC/SHA"; break;
- case 0x000037: cs_str = "TLS/DH-RSA/AES256-CBC/SHA"; break;
- case 0x000038: cs_str = "TLS/DHE-DSS/AES256-CBC/SHA"; break;
- case 0x000039: cs_str = "TLS/DHE-RSA/AES256-CBC/SHA"; break;
- case 0x00003A: cs_str = "TLS/DH-ANON/AES256-CBC/SHA"; break;
-
- case 0x00003B: cs_str = "TLS/RSA/NULL/SHA256"; break;
- case 0x00003C: cs_str = "TLS/RSA/AES128-CBC/SHA256"; break;
- case 0x00003D: cs_str = "TLS/RSA/AES256-CBC/SHA256"; break;
- case 0x00003E: cs_str = "TLS/DH-DSS/AES128-CBC/SHA256"; break;
- case 0x00003F: cs_str = "TLS/DH-RSA/AES128-CBC/SHA256"; break;
- case 0x000040: cs_str = "TLS/DHE-DSS/AES128-CBC/SHA256"; break;
-
- case 0x000041: cs_str = "TLS/RSA/CAMELLIA128-CBC/SHA"; break;
- case 0x000042: cs_str = "TLS/DH-DSS/CAMELLIA128-CBC/SHA"; break;
- case 0x000043: cs_str = "TLS/DH-RSA/CAMELLIA128-CBC/SHA"; break;
- case 0x000044: cs_str = "TLS/DHE-DSS/CAMELLIA128-CBC/SHA"; break;
- case 0x000045: cs_str = "TLS/DHE-RSA/CAMELLIA128-CBC/SHA"; break;
- case 0x000046: cs_str = "TLS/DH-ANON/CAMELLIA128-CBC/SHA"; break;
-
- case 0x000060: cs_str = "TLS/RSA-EXPORT1024/RC4-56/MD5"; break;
- case 0x000061: cs_str = "TLS/RSA-EXPORT1024/RC2CBC56/MD5"; break;
- case 0x000062: cs_str = "TLS/RSA-EXPORT1024/DES56-CBC/SHA"; break;
- case 0x000064: cs_str = "TLS/RSA-EXPORT1024/RC4-56/SHA"; break;
- case 0x000063: cs_str = "TLS/DHE-DSS_EXPORT1024/DES56-CBC/SHA"; break;
- case 0x000065: cs_str = "TLS/DHE-DSS_EXPORT1024/RC4-56/SHA"; break;
- case 0x000066: cs_str = "TLS/DHE-DSS/RC4-128/SHA"; break;
-
- case 0x000067: cs_str = "TLS/DHE-RSA/AES128-CBC/SHA256"; break;
- case 0x000068: cs_str = "TLS/DH-DSS/AES256-CBC/SHA256"; break;
- case 0x000069: cs_str = "TLS/DH-RSA/AES256-CBC/SHA256"; break;
- case 0x00006A: cs_str = "TLS/DHE-DSS/AES256-CBC/SHA256"; break;
- case 0x00006B: cs_str = "TLS/DHE-RSA/AES256-CBC/SHA256"; break;
-
- case 0x000072: cs_str = "TLS/DHE-DSS/3DESEDE-CBC/RMD160"; break;
- case 0x000073: cs_str = "TLS/DHE-DSS/AES128-CBC/RMD160"; break;
- case 0x000074: cs_str = "TLS/DHE-DSS/AES256-CBC/RMD160"; break;
-
- case 0x000079: cs_str = "TLS/DHE-RSA/AES256-CBC/RMD160"; break;
-
- case 0x00007C: cs_str = "TLS/RSA/3DESEDE-CBC/RMD160"; break;
- case 0x00007D: cs_str = "TLS/RSA/AES128-CBC/RMD160"; break;
- case 0x00007E: cs_str = "TLS/RSA/AES256-CBC/RMD160"; break;
-
- case 0x000080: cs_str = "TLS/GOST341094/GOST28147-OFB/GOST28147"; break;
- case 0x000081: cs_str = "TLS/GOST34102001/GOST28147-OFB/GOST28147"; break;
- case 0x000082: cs_str = "TLS/GOST341094/NULL/GOSTR3411"; break;
- case 0x000083: cs_str = "TLS/GOST34102001/NULL/GOSTR3411"; break;
-
- case 0x000084: cs_str = "TLS/RSA/CAMELLIA256-CBC/SHA"; break;
- case 0x000085: cs_str = "TLS/DH-DSS/CAMELLIA256-CBC/SHA"; break;
- case 0x000086: cs_str = "TLS/DH-RSA/CAMELLIA256-CBC/SHA"; break;
- case 0x000087: cs_str = "TLS/DHE-DSS/CAMELLIA256-CBC/SHA"; break;
- case 0x000088: cs_str = "TLS/DHE-RSA/CAMELLIA256-CBC/SHA"; break;
- case 0x000089: cs_str = "TLS/DH-ANON/CAMELLIA256-CBC/SHA"; break;
- case 0x00008A: cs_str = "TLS/PSK/RC4-128/SHA"; break;
- case 0x00008B: cs_str = "TLS/PSK/3DES-EDE-CBC/SHA"; break;
- case 0x00008C: cs_str = "TLS/PSK/AES128-CBC/SHA"; break;
- case 0x00008D: cs_str = "TLS/PSK/AES256-CBC/SHA"; break;
- case 0x00008E: cs_str = "TLS/DHE-PSK/RC4-128/SHA"; break;
- case 0x00008F: cs_str = "TLS/DHE-PSK/3DES-EDE-CBC/SHA"; break;
- case 0x000090: cs_str = "TLS/DHE-PSK/AES128-CBC/SHA"; break;
- case 0x000091: cs_str = "TLS/DHE-PSK/AES256-CBC/SHA"; break;
- case 0x000092: cs_str = "TLS/RSA-PSK/RC4-128/SHA"; break;
- case 0x000093: cs_str = "TLS/RSA-PSK/3DES-EDE-CBC/SHA"; break;
- case 0x000094: cs_str = "TLS/RSA-PSK/AES128-CBC/SHA"; break;
- case 0x000095: cs_str = "TLS/RSA-PSK/AES256-CBC/SHA"; break;
- case 0x000096: cs_str = "TLS/RSA/SEED-CBC/SHA"; break;
- case 0x000097: cs_str = "TLS/DH-DSS/SEED-CBC/SHA"; break;
- case 0x000098: cs_str = "TLS/DH-RSA/SEED-CBC/SHA"; break;
- case 0x000099: cs_str = "TLS/DHE-DSS/SEED-CBC/SHA"; break;
- case 0x00009A: cs_str = "TLS/DHE-RSA/SEED-CBC/SHA"; break;
- case 0x00009B: cs_str = "TLS/DH-ANON/SEED-CBC/SHA"; break;
- case 0x00009C: cs_str = "TLS/RSA/AES128-GCM/SHA256"; break;
- case 0x00009E: cs_str = "TLS/DHE-RSA/AES128-GCM/SHA256"; break;
-
- case 0x0000FF: cs_str = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; break;
- case 0x005600: cs_str = "TLS_FALLBACK_SCSV"; break;
-
- case 0x00C001: cs_str = "TLS/ECDH-ECDSA/NULL/SHA"; break;
- case 0x00C002: cs_str = "TLS/ECDH-ECDSA/RC4-128/SHA"; break;
- case 0x00C003: cs_str = "TLS/ECDH-ECDSA/3DES-EDE-CBC/SHA"; break;
- case 0x00C004: cs_str = "TLS/ECDH-ECDSA/AES128-CBC/SHA"; break;
- case 0x00C005: cs_str = "TLS/ECDH-ECDSA/AES256-CBC/SHA"; break;
- case 0x00C006: cs_str = "TLS/ECDHE-ECDSA/NULL/SHA"; break;
- case 0x00C007: cs_str = "TLS/ECDHE-ECDSA/RC4-128/SHA"; break;
- case 0x00C008: cs_str = "TLS/ECDHE-ECDSA/3DES-EDE-CBC/SHA";break;
- case 0x00C009: cs_str = "TLS/ECDHE-ECDSA/AES128-CBC/SHA"; break;
- case 0x00C00A: cs_str = "TLS/ECDHE-ECDSA/AES256-CBC/SHA"; break;
- case 0x00C00B: cs_str = "TLS/ECDH-RSA/NULL/SHA"; break;
- case 0x00C00C: cs_str = "TLS/ECDH-RSA/RC4-128/SHA"; break;
- case 0x00C00D: cs_str = "TLS/ECDH-RSA/3DES-EDE-CBC/SHA"; break;
- case 0x00C00E: cs_str = "TLS/ECDH-RSA/AES128-CBC/SHA"; break;
- case 0x00C00F: cs_str = "TLS/ECDH-RSA/AES256-CBC/SHA"; break;
- case 0x00C010: cs_str = "TLS/ECDHE-RSA/NULL/SHA"; break;
- case 0x00C011: cs_str = "TLS/ECDHE-RSA/RC4-128/SHA"; break;
- case 0x00C012: cs_str = "TLS/ECDHE-RSA/3DES-EDE-CBC/SHA"; break;
- case 0x00C013: cs_str = "TLS/ECDHE-RSA/AES128-CBC/SHA"; break;
- case 0x00C014: cs_str = "TLS/ECDHE-RSA/AES256-CBC/SHA"; break;
- case 0x00C015: cs_str = "TLS/ECDH-anon/NULL/SHA"; break;
- case 0x00C016: cs_str = "TLS/ECDH-anon/RC4-128/SHA"; break;
- case 0x00C017: cs_str = "TLS/ECDH-anon/3DES-EDE-CBC/SHA"; break;
- case 0x00C018: cs_str = "TLS/ECDH-anon/AES128-CBC/SHA"; break;
- case 0x00C019: cs_str = "TLS/ECDH-anon/AES256-CBC/SHA"; break;
-
- case 0x00C023: cs_str = "TLS/ECDHE-ECDSA/AES128-CBC/SHA256"; break;
- case 0x00C024: cs_str = "TLS/ECDHE-ECDSA/AES256-CBC/SHA384"; break;
- case 0x00C025: cs_str = "TLS/ECDH-ECDSA/AES128-CBC/SHA256"; break;
- case 0x00C026: cs_str = "TLS/ECDH-ECDSA/AES256-CBC/SHA384"; break;
- case 0x00C027: cs_str = "TLS/ECDHE-RSA/AES128-CBC/SHA256"; break;
- case 0x00C028: cs_str = "TLS/ECDHE-RSA/AES256-CBC/SHA384"; break;
- case 0x00C029: cs_str = "TLS/ECDH-RSA/AES128-CBC/SHA256"; break;
- case 0x00C02A: cs_str = "TLS/ECDH-RSA/AES256-CBC/SHA384"; break;
- case 0x00C02B: cs_str = "TLS/ECDHE-ECDSA/AES128-GCM/SHA256"; break;
- case 0x00C02C: cs_str = "TLS/ECDHE-ECDSA/AES256-GCM/SHA384"; break;
- case 0x00C02F: cs_str = "TLS/ECDHE-RSA/AES128-GCM/SHA256"; break;
-
- case 0x00CCA8: cs_str = "TLS/ECDHE-RSA/CHACHA20-POLY1305/SHA256"; break;
- case 0x00CCA9: cs_str = "TLS/ECDHE-ECDSA/CHACHA20-POLY1305/SHA256"; break;
- case 0x00CCAA: cs_str = "TLS/DHE-RSA/CHACHA20-POLY1305/SHA256"; break;
-
- case 0x00FEFF: cs_str = "SSL3/RSA-FIPS/3DESEDE-CBC/SHA"; break;
- case 0x00FEFE: cs_str = "SSL3/RSA-FIPS/DES-CBC/SHA"; break;
- case 0x00FFE1: cs_str = "SSL3/RSA-FIPS/DES56-CBC/SHA"; break;
- case 0x00FFE0: cs_str = "SSL3/RSA-FIPS/3DES192EDE-CBC/SHA";break;
-
- /* the string literal is broken up to avoid trigraphs */
- default: cs_str = "????" "/????????" "/?????????" "/???"; break;
- }
-
- return cs_str;
+ char *cs_str;
+ cs_str = NULL;
+ switch (cs_int) {
+
+ case 0x010080:
+ cs_str = "SSL2/RSA/RC4-128/MD5";
+ break;
+ case 0x020080:
+ cs_str = "SSL2/RSA/RC4-40/MD5";
+ break;
+ case 0x030080:
+ cs_str = "SSL2/RSA/RC2CBC128/MD5";
+ break;
+ case 0x040080:
+ cs_str = "SSL2/RSA/RC2CBC40/MD5";
+ break;
+ case 0x050080:
+ cs_str = "SSL2/RSA/IDEA128CBC/MD5";
+ break;
+ case 0x060040:
+ cs_str = "SSL2/RSA/DES56-CBC/MD5";
+ break;
+ case 0x0700C0:
+ cs_str = "SSL2/RSA/3DES192EDE-CBC/MD5";
+ break;
+
+ case 0x000001:
+ cs_str = "SSL3/RSA/NULL/MD5";
+ break;
+ case 0x000002:
+ cs_str = "SSL3/RSA/NULL/SHA";
+ break;
+ case 0x000003:
+ cs_str = "SSL3/RSA/RC4-40/MD5";
+ break;
+ case 0x000004:
+ cs_str = "SSL3/RSA/RC4-128/MD5";
+ break;
+ case 0x000005:
+ cs_str = "SSL3/RSA/RC4-128/SHA";
+ break;
+ case 0x000006:
+ cs_str = "SSL3/RSA/RC2CBC40/MD5";
+ break;
+ case 0x000007:
+ cs_str = "SSL3/RSA/IDEA128CBC/SHA";
+ break;
+ case 0x000008:
+ cs_str = "SSL3/RSA/DES40-CBC/SHA";
+ break;
+ case 0x000009:
+ cs_str = "SSL3/RSA/DES56-CBC/SHA";
+ break;
+ case 0x00000A:
+ cs_str = "SSL3/RSA/3DES192EDE-CBC/SHA";
+ break;
+
+ case 0x00000B:
+ cs_str = "SSL3/DH-DSS/DES40-CBC/SHA";
+ break;
+ case 0x00000C:
+ cs_str = "SSL3/DH-DSS/DES56-CBC/SHA";
+ break;
+ case 0x00000D:
+ cs_str = "SSL3/DH-DSS/DES192EDE3CBC/SHA";
+ break;
+ case 0x00000E:
+ cs_str = "SSL3/DH-RSA/DES40-CBC/SHA";
+ break;
+ case 0x00000F:
+ cs_str = "SSL3/DH-RSA/DES56-CBC/SHA";
+ break;
+ case 0x000010:
+ cs_str = "SSL3/DH-RSA/3DES192EDE-CBC/SHA";
+ break;
+
+ case 0x000011:
+ cs_str = "SSL3/DHE-DSS/DES40-CBC/SHA";
+ break;
+ case 0x000012:
+ cs_str = "SSL3/DHE-DSS/DES56-CBC/SHA";
+ break;
+ case 0x000013:
+ cs_str = "SSL3/DHE-DSS/DES192EDE3CBC/SHA";
+ break;
+ case 0x000014:
+ cs_str = "SSL3/DHE-RSA/DES40-CBC/SHA";
+ break;
+ case 0x000015:
+ cs_str = "SSL3/DHE-RSA/DES56-CBC/SHA";
+ break;
+ case 0x000016:
+ cs_str = "SSL3/DHE-RSA/3DES192EDE-CBC/SHA";
+ break;
+
+ case 0x000017:
+ cs_str = "SSL3/DH-anon/RC4-40/MD5";
+ break;
+ case 0x000018:
+ cs_str = "SSL3/DH-anon/RC4-128/MD5";
+ break;
+ case 0x000019:
+ cs_str = "SSL3/DH-anon/DES40-CBC/SHA";
+ break;
+ case 0x00001A:
+ cs_str = "SSL3/DH-anon/DES56-CBC/SHA";
+ break;
+ case 0x00001B:
+ cs_str = "SSL3/DH-anon/3DES192EDE-CBC/SHA";
+ break;
+
+ case 0x00001C:
+ cs_str = "SSL3/FORTEZZA-DMS/NULL/SHA";
+ break;
+ case 0x00001D:
+ cs_str = "SSL3/FORTEZZA-DMS/FORTEZZA-CBC/SHA";
+ break;
+ case 0x00001E:
+ cs_str = "SSL3/FORTEZZA-DMS/RC4-128/SHA";
+ break;
+
+ case 0x00002F:
+ cs_str = "TLS/RSA/AES128-CBC/SHA";
+ break;
+ case 0x000030:
+ cs_str = "TLS/DH-DSS/AES128-CBC/SHA";
+ break;
+ case 0x000031:
+ cs_str = "TLS/DH-RSA/AES128-CBC/SHA";
+ break;
+ case 0x000032:
+ cs_str = "TLS/DHE-DSS/AES128-CBC/SHA";
+ break;
+ case 0x000033:
+ cs_str = "TLS/DHE-RSA/AES128-CBC/SHA";
+ break;
+ case 0x000034:
+ cs_str = "TLS/DH-ANON/AES128-CBC/SHA";
+ break;
+
+ case 0x000035:
+ cs_str = "TLS/RSA/AES256-CBC/SHA";
+ break;
+ case 0x000036:
+ cs_str = "TLS/DH-DSS/AES256-CBC/SHA";
+ break;
+ case 0x000037:
+ cs_str = "TLS/DH-RSA/AES256-CBC/SHA";
+ break;
+ case 0x000038:
+ cs_str = "TLS/DHE-DSS/AES256-CBC/SHA";
+ break;
+ case 0x000039:
+ cs_str = "TLS/DHE-RSA/AES256-CBC/SHA";
+ break;
+ case 0x00003A:
+ cs_str = "TLS/DH-ANON/AES256-CBC/SHA";
+ break;
+
+ case 0x00003B:
+ cs_str = "TLS/RSA/NULL/SHA256";
+ break;
+ case 0x00003C:
+ cs_str = "TLS/RSA/AES128-CBC/SHA256";
+ break;
+ case 0x00003D:
+ cs_str = "TLS/RSA/AES256-CBC/SHA256";
+ break;
+ case 0x00003E:
+ cs_str = "TLS/DH-DSS/AES128-CBC/SHA256";
+ break;
+ case 0x00003F:
+ cs_str = "TLS/DH-RSA/AES128-CBC/SHA256";
+ break;
+ case 0x000040:
+ cs_str = "TLS/DHE-DSS/AES128-CBC/SHA256";
+ break;
+
+ case 0x000041:
+ cs_str = "TLS/RSA/CAMELLIA128-CBC/SHA";
+ break;
+ case 0x000042:
+ cs_str = "TLS/DH-DSS/CAMELLIA128-CBC/SHA";
+ break;
+ case 0x000043:
+ cs_str = "TLS/DH-RSA/CAMELLIA128-CBC/SHA";
+ break;
+ case 0x000044:
+ cs_str = "TLS/DHE-DSS/CAMELLIA128-CBC/SHA";
+ break;
+ case 0x000045:
+ cs_str = "TLS/DHE-RSA/CAMELLIA128-CBC/SHA";
+ break;
+ case 0x000046:
+ cs_str = "TLS/DH-ANON/CAMELLIA128-CBC/SHA";
+ break;
+
+ case 0x000060:
+ cs_str = "TLS/RSA-EXPORT1024/RC4-56/MD5";
+ break;
+ case 0x000061:
+ cs_str = "TLS/RSA-EXPORT1024/RC2CBC56/MD5";
+ break;
+ case 0x000062:
+ cs_str = "TLS/RSA-EXPORT1024/DES56-CBC/SHA";
+ break;
+ case 0x000064:
+ cs_str = "TLS/RSA-EXPORT1024/RC4-56/SHA";
+ break;
+ case 0x000063:
+ cs_str = "TLS/DHE-DSS_EXPORT1024/DES56-CBC/SHA";
+ break;
+ case 0x000065:
+ cs_str = "TLS/DHE-DSS_EXPORT1024/RC4-56/SHA";
+ break;
+ case 0x000066:
+ cs_str = "TLS/DHE-DSS/RC4-128/SHA";
+ break;
+
+ case 0x000067:
+ cs_str = "TLS/DHE-RSA/AES128-CBC/SHA256";
+ break;
+ case 0x000068:
+ cs_str = "TLS/DH-DSS/AES256-CBC/SHA256";
+ break;
+ case 0x000069:
+ cs_str = "TLS/DH-RSA/AES256-CBC/SHA256";
+ break;
+ case 0x00006A:
+ cs_str = "TLS/DHE-DSS/AES256-CBC/SHA256";
+ break;
+ case 0x00006B:
+ cs_str = "TLS/DHE-RSA/AES256-CBC/SHA256";
+ break;
+
+ case 0x000072:
+ cs_str = "TLS/DHE-DSS/3DESEDE-CBC/RMD160";
+ break;
+ case 0x000073:
+ cs_str = "TLS/DHE-DSS/AES128-CBC/RMD160";
+ break;
+ case 0x000074:
+ cs_str = "TLS/DHE-DSS/AES256-CBC/RMD160";
+ break;
+
+ case 0x000079:
+ cs_str = "TLS/DHE-RSA/AES256-CBC/RMD160";
+ break;
+
+ case 0x00007C:
+ cs_str = "TLS/RSA/3DESEDE-CBC/RMD160";
+ break;
+ case 0x00007D:
+ cs_str = "TLS/RSA/AES128-CBC/RMD160";
+ break;
+ case 0x00007E:
+ cs_str = "TLS/RSA/AES256-CBC/RMD160";
+ break;
+
+ case 0x000080:
+ cs_str = "TLS/GOST341094/GOST28147-OFB/GOST28147";
+ break;
+ case 0x000081:
+ cs_str = "TLS/GOST34102001/GOST28147-OFB/GOST28147";
+ break;
+ case 0x000082:
+ cs_str = "TLS/GOST341094/NULL/GOSTR3411";
+ break;
+ case 0x000083:
+ cs_str = "TLS/GOST34102001/NULL/GOSTR3411";
+ break;
+
+ case 0x000084:
+ cs_str = "TLS/RSA/CAMELLIA256-CBC/SHA";
+ break;
+ case 0x000085:
+ cs_str = "TLS/DH-DSS/CAMELLIA256-CBC/SHA";
+ break;
+ case 0x000086:
+ cs_str = "TLS/DH-RSA/CAMELLIA256-CBC/SHA";
+ break;
+ case 0x000087:
+ cs_str = "TLS/DHE-DSS/CAMELLIA256-CBC/SHA";
+ break;
+ case 0x000088:
+ cs_str = "TLS/DHE-RSA/CAMELLIA256-CBC/SHA";
+ break;
+ case 0x000089:
+ cs_str = "TLS/DH-ANON/CAMELLIA256-CBC/SHA";
+ break;
+ case 0x00008A:
+ cs_str = "TLS/PSK/RC4-128/SHA";
+ break;
+ case 0x00008B:
+ cs_str = "TLS/PSK/3DES-EDE-CBC/SHA";
+ break;
+ case 0x00008C:
+ cs_str = "TLS/PSK/AES128-CBC/SHA";
+ break;
+ case 0x00008D:
+ cs_str = "TLS/PSK/AES256-CBC/SHA";
+ break;
+ case 0x00008E:
+ cs_str = "TLS/DHE-PSK/RC4-128/SHA";
+ break;
+ case 0x00008F:
+ cs_str = "TLS/DHE-PSK/3DES-EDE-CBC/SHA";
+ break;
+ case 0x000090:
+ cs_str = "TLS/DHE-PSK/AES128-CBC/SHA";
+ break;
+ case 0x000091:
+ cs_str = "TLS/DHE-PSK/AES256-CBC/SHA";
+ break;
+ case 0x000092:
+ cs_str = "TLS/RSA-PSK/RC4-128/SHA";
+ break;
+ case 0x000093:
+ cs_str = "TLS/RSA-PSK/3DES-EDE-CBC/SHA";
+ break;
+ case 0x000094:
+ cs_str = "TLS/RSA-PSK/AES128-CBC/SHA";
+ break;
+ case 0x000095:
+ cs_str = "TLS/RSA-PSK/AES256-CBC/SHA";
+ break;
+ case 0x000096:
+ cs_str = "TLS/RSA/SEED-CBC/SHA";
+ break;
+ case 0x000097:
+ cs_str = "TLS/DH-DSS/SEED-CBC/SHA";
+ break;
+ case 0x000098:
+ cs_str = "TLS/DH-RSA/SEED-CBC/SHA";
+ break;
+ case 0x000099:
+ cs_str = "TLS/DHE-DSS/SEED-CBC/SHA";
+ break;
+ case 0x00009A:
+ cs_str = "TLS/DHE-RSA/SEED-CBC/SHA";
+ break;
+ case 0x00009B:
+ cs_str = "TLS/DH-ANON/SEED-CBC/SHA";
+ break;
+ case 0x00009C:
+ cs_str = "TLS/RSA/AES128-GCM/SHA256";
+ break;
+ case 0x00009E:
+ cs_str = "TLS/DHE-RSA/AES128-GCM/SHA256";
+ break;
+
+ case 0x0000FF:
+ cs_str = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
+ break;
+ case 0x005600:
+ cs_str = "TLS_FALLBACK_SCSV";
+ break;
+
+ case 0x00C001:
+ cs_str = "TLS/ECDH-ECDSA/NULL/SHA";
+ break;
+ case 0x00C002:
+ cs_str = "TLS/ECDH-ECDSA/RC4-128/SHA";
+ break;
+ case 0x00C003:
+ cs_str = "TLS/ECDH-ECDSA/3DES-EDE-CBC/SHA";
+ break;
+ case 0x00C004:
+ cs_str = "TLS/ECDH-ECDSA/AES128-CBC/SHA";
+ break;
+ case 0x00C005:
+ cs_str = "TLS/ECDH-ECDSA/AES256-CBC/SHA";
+ break;
+ case 0x00C006:
+ cs_str = "TLS/ECDHE-ECDSA/NULL/SHA";
+ break;
+ case 0x00C007:
+ cs_str = "TLS/ECDHE-ECDSA/RC4-128/SHA";
+ break;
+ case 0x00C008:
+ cs_str = "TLS/ECDHE-ECDSA/3DES-EDE-CBC/SHA";
+ break;
+ case 0x00C009:
+ cs_str = "TLS/ECDHE-ECDSA/AES128-CBC/SHA";
+ break;
+ case 0x00C00A:
+ cs_str = "TLS/ECDHE-ECDSA/AES256-CBC/SHA";
+ break;
+ case 0x00C00B:
+ cs_str = "TLS/ECDH-RSA/NULL/SHA";
+ break;
+ case 0x00C00C:
+ cs_str = "TLS/ECDH-RSA/RC4-128/SHA";
+ break;
+ case 0x00C00D:
+ cs_str = "TLS/ECDH-RSA/3DES-EDE-CBC/SHA";
+ break;
+ case 0x00C00E:
+ cs_str = "TLS/ECDH-RSA/AES128-CBC/SHA";
+ break;
+ case 0x00C00F:
+ cs_str = "TLS/ECDH-RSA/AES256-CBC/SHA";
+ break;
+ case 0x00C010:
+ cs_str = "TLS/ECDHE-RSA/NULL/SHA";
+ break;
+ case 0x00C011:
+ cs_str = "TLS/ECDHE-RSA/RC4-128/SHA";
+ break;
+ case 0x00C012:
+ cs_str = "TLS/ECDHE-RSA/3DES-EDE-CBC/SHA";
+ break;
+ case 0x00C013:
+ cs_str = "TLS/ECDHE-RSA/AES128-CBC/SHA";
+ break;
+ case 0x00C014:
+ cs_str = "TLS/ECDHE-RSA/AES256-CBC/SHA";
+ break;
+ case 0x00C015:
+ cs_str = "TLS/ECDH-anon/NULL/SHA";
+ break;
+ case 0x00C016:
+ cs_str = "TLS/ECDH-anon/RC4-128/SHA";
+ break;
+ case 0x00C017:
+ cs_str = "TLS/ECDH-anon/3DES-EDE-CBC/SHA";
+ break;
+ case 0x00C018:
+ cs_str = "TLS/ECDH-anon/AES128-CBC/SHA";
+ break;
+ case 0x00C019:
+ cs_str = "TLS/ECDH-anon/AES256-CBC/SHA";
+ break;
+
+ case 0x00C023:
+ cs_str = "TLS/ECDHE-ECDSA/AES128-CBC/SHA256";
+ break;
+ case 0x00C024:
+ cs_str = "TLS/ECDHE-ECDSA/AES256-CBC/SHA384";
+ break;
+ case 0x00C025:
+ cs_str = "TLS/ECDH-ECDSA/AES128-CBC/SHA256";
+ break;
+ case 0x00C026:
+ cs_str = "TLS/ECDH-ECDSA/AES256-CBC/SHA384";
+ break;
+ case 0x00C027:
+ cs_str = "TLS/ECDHE-RSA/AES128-CBC/SHA256";
+ break;
+ case 0x00C028:
+ cs_str = "TLS/ECDHE-RSA/AES256-CBC/SHA384";
+ break;
+ case 0x00C029:
+ cs_str = "TLS/ECDH-RSA/AES128-CBC/SHA256";
+ break;
+ case 0x00C02A:
+ cs_str = "TLS/ECDH-RSA/AES256-CBC/SHA384";
+ break;
+ case 0x00C02B:
+ cs_str = "TLS/ECDHE-ECDSA/AES128-GCM/SHA256";
+ break;
+ case 0x00C02C:
+ cs_str = "TLS/ECDHE-ECDSA/AES256-GCM/SHA384";
+ break;
+ case 0x00C02F:
+ cs_str = "TLS/ECDHE-RSA/AES128-GCM/SHA256";
+ break;
+
+ case 0x00CCA8:
+ cs_str = "TLS/ECDHE-RSA/CHACHA20-POLY1305/SHA256";
+ break;
+ case 0x00CCA9:
+ cs_str = "TLS/ECDHE-ECDSA/CHACHA20-POLY1305/SHA256";
+ break;
+ case 0x00CCAA:
+ cs_str = "TLS/DHE-RSA/CHACHA20-POLY1305/SHA256";
+ break;
+
+ case 0x00FEFF:
+ cs_str = "SSL3/RSA-FIPS/3DESEDE-CBC/SHA";
+ break;
+ case 0x00FEFE:
+ cs_str = "SSL3/RSA-FIPS/DES-CBC/SHA";
+ break;
+ case 0x00FFE1:
+ cs_str = "SSL3/RSA-FIPS/DES56-CBC/SHA";
+ break;
+ case 0x00FFE0:
+ cs_str = "SSL3/RSA-FIPS/3DES192EDE-CBC/SHA";
+ break;
+
+ /* the string literal is broken up to avoid trigraphs */
+ default:
+ cs_str = "????"
+ "/????????"
+ "/?????????"
+ "/???";
+ break;
+ }
+
+ return cs_str;
}
-const char * CompressionMethodString(int cm_int)
+const char *
+CompressionMethodString(int cm_int)
{
- char *cm_str;
- cm_str = NULL;
- switch (cm_int) {
- case 0: cm_str = "NULL"; break;
- case 1: cm_str = "DEFLATE"; break; /* RFC 3749 */
- case 64: cm_str = "LZS"; break; /* RFC 3943 */
- default: cm_str = "???"; break;
- }
-
- return cm_str;
+ char *cm_str;
+ cm_str = NULL;
+ switch (cm_int) {
+ case 0:
+ cm_str = "NULL";
+ break;
+ case 1:
+ cm_str = "DEFLATE";
+ break; /* RFC 3749 */
+ case 64:
+ cm_str = "LZS";
+ break; /* RFC 3943 */
+ default:
+ cm_str = "???";
+ break;
+ }
+
+ return cm_str;
}
-const char * helloExtensionNameString(int ex_num)
+const char *
+helloExtensionNameString(int ex_num)
{
- const char *ex_name = NULL;
- static char buf[10];
-
- switch (ex_num) {
- case 0: ex_name = "server_name"; break;
- case 1: ex_name = "max_fragment_length"; break;
- case 2: ex_name = "client_certificate_url"; break;
- case 3: ex_name = "trusted_ca_keys"; break;
- case 4: ex_name = "truncated_hmac"; break;
- case 5: ex_name = "status_request"; break;
- case 10: ex_name = "elliptic_curves"; break;
- case 11: ex_name = "ec_point_formats"; break;
- case 13: ex_name = "signature_algorithms"; break;
- case 35: ex_name = "session_ticket"; break;
- case 0xff01: ex_name = "renegotiation_info"; break;
- default: sprintf(buf, "%d", ex_num); ex_name = (const char *)buf; break;
- }
-
- return ex_name;
+ const char *ex_name = NULL;
+ static char buf[10];
+
+ switch (ex_num) {
+ case 0:
+ ex_name = "server_name";
+ break;
+ case 1:
+ ex_name = "max_fragment_length";
+ break;
+ case 2:
+ ex_name = "client_certificate_url";
+ break;
+ case 3:
+ ex_name = "trusted_ca_keys";
+ break;
+ case 4:
+ ex_name = "truncated_hmac";
+ break;
+ case 5:
+ ex_name = "status_request";
+ break;
+ case 10:
+ ex_name = "elliptic_curves";
+ break;
+ case 11:
+ ex_name = "ec_point_formats";
+ break;
+ case 13:
+ ex_name = "signature_algorithms";
+ break;
+ case 35:
+ ex_name = "session_ticket";
+ break;
+ case 0xff01:
+ ex_name = "renegotiation_info";
+ break;
+ default:
+ sprintf(buf, "%d", ex_num);
+ ex_name = (const char *)buf;
+ break;
+ }
+
+ return ex_name;
}
-static int isNULLmac(int cs_int)
+static int
+isNULLmac(int cs_int)
{
return (cs_int == TLS_NULL_WITH_NULL_NULL);
}
-static int isNULLcipher(int cs_int)
+static int
+isNULLcipher(int cs_int)
{
- return ((cs_int == TLS_RSA_WITH_NULL_MD5) ||
- (cs_int == TLS_RSA_WITH_NULL_SHA) ||
- (cs_int == SSL_FORTEZZA_DMS_WITH_NULL_SHA) ||
- (cs_int == TLS_ECDH_ECDSA_WITH_NULL_SHA) ||
- (cs_int == TLS_ECDHE_ECDSA_WITH_NULL_SHA) ||
- (cs_int == TLS_ECDH_RSA_WITH_NULL_SHA) ||
- (cs_int == TLS_ECDHE_RSA_WITH_NULL_SHA));
-}
-
-void partial_packet(int thispacket, int size, int needed)
+ return ((cs_int == TLS_RSA_WITH_NULL_MD5) ||
+ (cs_int == TLS_RSA_WITH_NULL_SHA) ||
+ (cs_int == SSL_FORTEZZA_DMS_WITH_NULL_SHA) ||
+ (cs_int == TLS_ECDH_ECDSA_WITH_NULL_SHA) ||
+ (cs_int == TLS_ECDHE_ECDSA_WITH_NULL_SHA) ||
+ (cs_int == TLS_ECDH_RSA_WITH_NULL_SHA) ||
+ (cs_int == TLS_ECDHE_RSA_WITH_NULL_SHA));
+}
+
+void
+partial_packet(int thispacket, int size, int needed)
{
- PR_fprintf(PR_STDOUT,"(%u bytes", thispacket);
- if (thispacket < needed) {
- PR_fprintf(PR_STDOUT,", making %u", size);
- }
- PR_fprintf(PR_STDOUT," of %u", needed);
- if (size > needed) {
- PR_fprintf(PR_STDOUT,", with %u left over", size - needed);
- }
- PR_fprintf(PR_STDOUT,")\n");
+ PR_fprintf(PR_STDOUT, "(%u bytes", thispacket);
+ if (thispacket < needed) {
+ PR_fprintf(PR_STDOUT, ", making %u", size);
+ }
+ PR_fprintf(PR_STDOUT, " of %u", needed);
+ if (size > needed) {
+ PR_fprintf(PR_STDOUT, ", with %u left over", size - needed);
+ }
+ PR_fprintf(PR_STDOUT, ")\n");
}
-char * get_time_string(void)
+char *
+get_time_string(void)
{
- char *cp;
- char *eol;
- time_t tt;
-
- time(&tt);
- cp = ctime(&tt);
- eol = strchr(cp, '\n');
- if (eol)
- *eol = 0;
- return cp;
+ char *cp;
+ char *eol;
+ time_t tt;
+
+ time(&tt);
+ cp = ctime(&tt);
+ eol = strchr(cp, '\n');
+ if (eol)
+ *eol = 0;
+ return cp;
}
-void print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recordLen)
+void
+print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recordLen)
{
- ClientHelloV2 *chv2;
- ServerHelloV2 *shv2;
- unsigned char *pos;
- unsigned int p;
- unsigned int q;
- PRUint32 len;
-
- chv2 = (ClientHelloV2 *)recordBuf;
- shv2 = (ServerHelloV2 *)recordBuf;
- if (s->isEncrypted) {
- PR_fprintf(PR_STDOUT," [ssl2] Encrypted {...}\n");
- return;
- }
- PR_fprintf(PR_STDOUT," [%s]", get_time_string() );
- switch(chv2->type) {
- case 1:
- PR_fprintf(PR_STDOUT," [ssl2] ClientHelloV2 {\n");
- PR_fprintf(PR_STDOUT," version = {0x%02x, 0x%02x}\n",
- (PRUint32)chv2->version[0],(PRUint32)chv2->version[1]);
- PR_fprintf(PR_STDOUT," cipher-specs-length = %d (0x%02x)\n",
- (PRUint32)(GET_SHORT((chv2->cslength))),
- (PRUint32)(GET_SHORT((chv2->cslength))));
- PR_fprintf(PR_STDOUT," sid-length = %d (0x%02x)\n",
- (PRUint32)(GET_SHORT((chv2->sidlength))),
- (PRUint32)(GET_SHORT((chv2->sidlength))));
- PR_fprintf(PR_STDOUT," challenge-length = %d (0x%02x)\n",
- (PRUint32)(GET_SHORT((chv2->rndlength))),
- (PRUint32)(GET_SHORT((chv2->rndlength))));
- PR_fprintf(PR_STDOUT," cipher-suites = { \n");
- for (p=0;p<(PRUint32)GET_SHORT((chv2->cslength));p+=3) {
- PRUint32 cs_int = GET_24((&chv2->csuites[p]));
- const char *cs_str = V2CipherString(cs_int);
-
- PR_fprintf(PR_STDOUT," (0x%06x) %s\n",
- cs_int, cs_str);
- }
- q = p;
- PR_fprintf(PR_STDOUT," }\n");
- if (GET_SHORT((chv2->sidlength))) {
- PR_fprintf(PR_STDOUT," session-id = { ");
- for (p=0;p<(PRUint32)GET_SHORT((chv2->sidlength));p+=2) {
- PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q]))));
- }
- }
- q += p;
- PR_fprintf(PR_STDOUT,"}\n");
- if (GET_SHORT((chv2->rndlength))) {
- PR_fprintf(PR_STDOUT," challenge = { ");
- for (p=0;p<(PRUint32)GET_SHORT((chv2->rndlength));p+=2) {
- PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q]))));
- }
- PR_fprintf(PR_STDOUT,"}\n");
+ ClientHelloV2 *chv2;
+ ServerHelloV2 *shv2;
+ unsigned char *pos;
+ unsigned int p;
+ unsigned int q;
+ PRUint32 len;
+
+ chv2 = (ClientHelloV2 *)recordBuf;
+ shv2 = (ServerHelloV2 *)recordBuf;
+ if (s->isEncrypted) {
+ PR_fprintf(PR_STDOUT, " [ssl2] Encrypted {...}\n");
+ return;
}
- PR_fprintf(PR_STDOUT,"}\n");
- break;
- /* end of V2 CLientHello Parsing */
+ PR_fprintf(PR_STDOUT, " [%s]", get_time_string());
+ switch (chv2->type) {
+ case 1:
+ PR_fprintf(PR_STDOUT, " [ssl2] ClientHelloV2 {\n");
+ PR_fprintf(PR_STDOUT, " version = {0x%02x, 0x%02x}\n",
+ (PRUint32)chv2->version[0], (PRUint32)chv2->version[1]);
+ PR_fprintf(PR_STDOUT, " cipher-specs-length = %d (0x%02x)\n",
+ (PRUint32)(GET_SHORT((chv2->cslength))),
+ (PRUint32)(GET_SHORT((chv2->cslength))));
+ PR_fprintf(PR_STDOUT, " sid-length = %d (0x%02x)\n",
+ (PRUint32)(GET_SHORT((chv2->sidlength))),
+ (PRUint32)(GET_SHORT((chv2->sidlength))));
+ PR_fprintf(PR_STDOUT, " challenge-length = %d (0x%02x)\n",
+ (PRUint32)(GET_SHORT((chv2->rndlength))),
+ (PRUint32)(GET_SHORT((chv2->rndlength))));
+ PR_fprintf(PR_STDOUT, " cipher-suites = { \n");
+ for (p =
+ 0;
+ p < (PRUint32)GET_SHORT((chv2->cslength)); p += 3) {
+ PRUint32 cs_int = GET_24((&chv2->csuites[p]));
+ const char *cs_str =
+ V2CipherString(cs_int);
+
+ PR_fprintf(PR_STDOUT, " (0x%06x) %s\n",
+ cs_int, cs_str);
+ }
+ q = p;
+ PR_fprintf(PR_STDOUT, " }\n");
+ if (GET_SHORT((chv2->sidlength))) {
+ PR_fprintf(PR_STDOUT, " session-id = { ");
+ for (p = 0;
+ p < (PRUint32)GET_SHORT((chv2->sidlength)); p += 2) {
+ PR_fprintf(PR_STDOUT, "0x%04x ", (PRUint32)(GET_SHORT((&chv2->csuites[p + q]))));
+ }
+ }
+ q += p;
+ PR_fprintf(PR_STDOUT, "}\n");
+ if (GET_SHORT((chv2->rndlength))) {
+ PR_fprintf(PR_STDOUT, " challenge = { ");
+ for (p = 0;
+ p < (PRUint32)GET_SHORT((chv2->rndlength)); p += 2) {
+ PR_fprintf(PR_STDOUT, "0x%04x ", (PRUint32)(GET_SHORT((&chv2->csuites[p + q]))));
+ }
+ PR_fprintf(PR_STDOUT, "}\n");
+ }
+ PR_fprintf(PR_STDOUT, "}\n");
+ break;
+ /* end of V2 CLientHello Parsing */
- case 2: /* Client Master Key */
- {
- const char *cs_str=NULL;
- PRUint32 cs_int=0;
- ClientMasterKeyV2 *cmkv2;
- cmkv2 = (ClientMasterKeyV2 *)chv2;
- isV2Session = 1;
+ case 2: /* Client Master Key */
+ {
+ const char *cs_str =
+ NULL;
+ PRUint32 cs_int =
+ 0;
+ ClientMasterKeyV2 *cmkv2;
+ cmkv2 = (ClientMasterKeyV2 *)chv2;
+ isV2Session = 1;
+
+ PR_fprintf(PR_STDOUT, " [ssl2] ClientMasterKeyV2 { \n");
+
+ cs_int = GET_24(&cmkv2->cipherkind[0]);
+ cs_str = V2CipherString(cs_int);
+ PR_fprintf(PR_STDOUT, " cipher-spec-chosen = (0x%06x) %s\n",
+ cs_int, cs_str);
+
+ PR_fprintf(PR_STDOUT, " clear-portion = %d bits\n",
+ 8 *
+ (PRUint32)(GET_SHORT((cmkv2->clearkey))));
+
+ PR_fprintf(PR_STDOUT, " }\n");
+ clientstream.isEncrypted = 1;
+ serverstream.isEncrypted = 1;
+ } break;
+
+ case 3:
+ PR_fprintf(PR_STDOUT, " [ssl2] Client Finished V2 {...}\n");
+ isV2Session = 1;
+ break;
- PR_fprintf(PR_STDOUT," [ssl2] ClientMasterKeyV2 { \n");
+ case 4: /* V2 Server Hello */
+ isV2Session = 1;
+
+ PR_fprintf(PR_STDOUT, " [ssl2] ServerHelloV2 {\n");
+ PR_fprintf(PR_STDOUT, " sid hit = {0x%02x}\n",
+ (PRUintn)shv2->sidhit);
+ PR_fprintf(PR_STDOUT, " version = {0x%02x, 0x%02x}\n",
+ (PRUint32)shv2->version[0], (PRUint32)shv2->version[1]);
+ PR_fprintf(PR_STDOUT, " cipher-specs-length = %d (0x%02x)\n",
+ (PRUint32)(GET_SHORT((shv2->cslength))),
+ (PRUint32)(GET_SHORT((shv2->cslength))));
+ PR_fprintf(PR_STDOUT, " sid-length = %d (0x%02x)\n",
+ (PRUint32)(GET_SHORT((shv2->cidlength))),
+ (PRUint32)(GET_SHORT((shv2->cidlength))));
+
+ pos = (unsigned char *)shv2;
+ pos += 2; /* skip length header */
+ pos += 11; /* position pointer to Certificate data area */
+ q = GET_SHORT(&shv2->certlength);
+ if (q > recordLen) {
+ goto eosh;
+ }
+ pos += q; /* skip certificate */
+
+ PR_fprintf(PR_STDOUT, " cipher-suites = { ");
+ len = GET_SHORT((shv2->cslength));
+ for (p = 0; p < len; p += 3) {
+ PRUint32 cs_int = GET_24((pos + p));
+ const char *cs_str =
+ V2CipherString(cs_int);
+ PR_fprintf(PR_STDOUT, "\n ");
+ PR_fprintf(PR_STDOUT, "(0x%06x) %s", cs_int, cs_str);
+ }
+ pos += len;
+ PR_fprintf(PR_STDOUT, " }\n"); /* End of cipher suites */
+ len = (PRUint32)GET_SHORT((shv2->cidlength));
+ if (len) {
+ PR_fprintf(PR_STDOUT, " connection-id = { ");
+ for (p =
+ 0;
+ p < len; p += 2) {
+ PR_fprintf(PR_STDOUT, "0x%04x ", (PRUint32)(GET_SHORT((pos +
+ p))));
+ }
+ PR_fprintf(PR_STDOUT, " }\n"); /* End of connection id */
+ }
+ eosh:
+ PR_fprintf(PR_STDOUT, "\n }\n"); /* end of ServerHelloV2 */
+ if (shv2->sidhit) {
+ clientstream.isEncrypted =
+ 1;
+ serverstream.isEncrypted =
+ 1;
+ }
+ break;
- cs_int = GET_24(&cmkv2->cipherkind[0]);
- cs_str = V2CipherString(cs_int);
- PR_fprintf(PR_STDOUT," cipher-spec-chosen = (0x%06x) %s\n",
- cs_int, cs_str);
+ case 5:
+ PR_fprintf(PR_STDOUT, " [ssl2] Server Verify V2 {...}\n");
+ isV2Session = 1;
+ break;
- PR_fprintf(PR_STDOUT," clear-portion = %d bits\n",
- 8*(PRUint32)(GET_SHORT((cmkv2->clearkey))));
+ case 6:
+ PR_fprintf(PR_STDOUT, " [ssl2] Server Finished V2 {...}\n");
+ isV2Session = 1;
+ break;
- PR_fprintf(PR_STDOUT," }\n");
- clientstream.isEncrypted = 1;
- serverstream.isEncrypted = 1;
- }
- break;
-
-
- case 3:
- PR_fprintf(PR_STDOUT," [ssl2] Client Finished V2 {...}\n");
- isV2Session = 1;
- break;
-
-
- case 4: /* V2 Server Hello */
- isV2Session = 1;
-
- PR_fprintf(PR_STDOUT," [ssl2] ServerHelloV2 {\n");
- PR_fprintf(PR_STDOUT," sid hit = {0x%02x}\n",
- (PRUintn)shv2->sidhit);
- PR_fprintf(PR_STDOUT," version = {0x%02x, 0x%02x}\n",
- (PRUint32)shv2->version[0],(PRUint32)shv2->version[1]);
- PR_fprintf(PR_STDOUT," cipher-specs-length = %d (0x%02x)\n",
- (PRUint32)(GET_SHORT((shv2->cslength))),
- (PRUint32)(GET_SHORT((shv2->cslength))));
- PR_fprintf(PR_STDOUT," sid-length = %d (0x%02x)\n",
- (PRUint32)(GET_SHORT((shv2->cidlength))),
- (PRUint32)(GET_SHORT((shv2->cidlength))));
-
- pos = (unsigned char *)shv2;
- pos += 2; /* skip length header */
- pos += 11; /* position pointer to Certificate data area */
- q = GET_SHORT(&shv2->certlength);
- if (q >recordLen) {
- goto eosh;
- }
- pos += q; /* skip certificate */
-
- PR_fprintf(PR_STDOUT," cipher-suites = { ");
- len = GET_SHORT((shv2->cslength));
- for (p = 0; p < len; p += 3) {
- PRUint32 cs_int = GET_24((pos+p));
- const char *cs_str = V2CipherString(cs_int);
- PR_fprintf(PR_STDOUT,"\n ");
- PR_fprintf(PR_STDOUT,"(0x%06x) %s", cs_int, cs_str);
- }
- pos += len;
- PR_fprintf(PR_STDOUT," }\n"); /* End of cipher suites */
- len = (PRUint32)GET_SHORT((shv2->cidlength));
- if (len) {
- PR_fprintf(PR_STDOUT," connection-id = { ");
- for (p = 0; p < len; p += 2) {
- PR_fprintf(PR_STDOUT,"0x%04x ", (PRUint32)(GET_SHORT((pos + p))));
- }
- PR_fprintf(PR_STDOUT," }\n"); /* End of connection id */
- }
-eosh:
- PR_fprintf(PR_STDOUT,"\n }\n"); /* end of ServerHelloV2 */
- if (shv2->sidhit) {
- clientstream.isEncrypted = 1;
- serverstream.isEncrypted = 1;
- }
- break;
-
- case 5:
- PR_fprintf(PR_STDOUT," [ssl2] Server Verify V2 {...}\n");
- isV2Session = 1;
- break;
-
- case 6:
- PR_fprintf(PR_STDOUT," [ssl2] Server Finished V2 {...}\n");
- isV2Session = 1;
- break;
-
- case 7:
- PR_fprintf(PR_STDOUT," [ssl2] Request Certificate V2 {...}\n");
- isV2Session = 1;
- break;
-
- case 8:
- PR_fprintf(PR_STDOUT," [ssl2] Client Certificate V2 {...}\n");
- isV2Session = 1;
- break;
-
- default:
- PR_fprintf(PR_STDOUT," [ssl2] UnknownType 0x%02x {...}\n",
- (PRUint32)chv2->type);
- break;
- }
-}
+ case 7:
+ PR_fprintf(PR_STDOUT, " [ssl2] Request Certificate V2 {...}\n");
+ isV2Session = 1;
+ break;
+ case 8:
+ PR_fprintf(PR_STDOUT, " [ssl2] Client Certificate V2 {...}\n");
+ isV2Session = 1;
+ break;
+ default:
+ PR_fprintf(PR_STDOUT, " [ssl2] UnknownType 0x%02x {...}\n",
+ (PRUint32)chv2->type);
+ break;
+ }
+}
-unsigned int print_hello_extension(unsigned char * hsdata,
- unsigned int length,
- unsigned int pos)
+unsigned int
+print_hello_extension(unsigned char *hsdata,
+ unsigned int length,
+ unsigned int pos)
{
- /* pretty print extensions, if any */
- if (pos < length) {
- int exListLen = GET_SHORT((hsdata+pos)); pos += 2;
- PR_fprintf(PR_STDOUT,
- " extensions[%d] = {\n", exListLen);
- while (exListLen > 0 && pos < length) {
- int exLen;
- int exType = GET_SHORT((hsdata+pos)); pos += 2;
- exLen = GET_SHORT((hsdata+pos)); pos += 2;
- /* dump the extension */
- PR_fprintf(PR_STDOUT,
- " extension type %s, length [%d]",
- helloExtensionNameString(exType), exLen);
- if (exLen > 0) {
- PR_fprintf(PR_STDOUT, " = {\n");
- print_hex(exLen, hsdata + pos);
- PR_fprintf(PR_STDOUT, " }\n");
- } else {
- PR_fprintf(PR_STDOUT, "\n");
- }
- pos += exLen;
- exListLen -= 2 + exLen;
+ /* pretty print extensions, if any */
+ if (pos < length) {
+ int exListLen = GET_SHORT((hsdata + pos));
+ pos += 2;
+ PR_fprintf(PR_STDOUT,
+ " extensions[%d] = {\n", exListLen);
+ while (exListLen > 0 && pos < length) {
+ int exLen;
+ int exType = GET_SHORT((hsdata + pos));
+ pos += 2;
+ exLen = GET_SHORT((hsdata + pos));
+ pos += 2;
+ /* dump the extension */
+ PR_fprintf(PR_STDOUT,
+ " extension type %s, length [%d]",
+ helloExtensionNameString(exType), exLen);
+ if (exLen > 0) {
+ PR_fprintf(PR_STDOUT, " = {\n");
+ print_hex(exLen, hsdata + pos);
+ PR_fprintf(PR_STDOUT, " }\n");
+ } else {
+ PR_fprintf(PR_STDOUT, "\n");
+ }
+ pos += exLen;
+ exListLen -= 2 + exLen;
+ }
+ PR_fprintf(PR_STDOUT, " }\n");
}
- PR_fprintf(PR_STDOUT," }\n");
- }
- return pos;
+ return pos;
}
/*
@@ -754,12 +1111,12 @@ static char *responseStatusNames[] = {
};
static void
-print_ocsp_cert_id (FILE *out_file, CERTOCSPCertID *cert_id, int level)
+print_ocsp_cert_id(FILE *out_file, CERTOCSPCertID *cert_id, int level)
{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Cert ID:\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Cert ID:\n");
level++;
-/*
+ /*
SECU_PrintAlgorithmID (out_file, &(cert_id->hashAlgorithm),
"Hash Algorithm", level);
SECU_PrintAsHex (out_file, &(cert_id->issuerNameHash),
@@ -767,158 +1124,158 @@ print_ocsp_cert_id (FILE *out_file, CERTOCSPCertID *cert_id, int level)
SECU_PrintAsHex (out_file, &(cert_id->issuerKeyHash),
"Issuer Key Hash", level);
*/
- SECU_PrintInteger (out_file, &(cert_id->serialNumber),
- "Serial Number", level);
+ SECU_PrintInteger(out_file, &(cert_id->serialNumber),
+ "Serial Number", level);
/* XXX lookup the cert; if found, print something nice (nickname?) */
}
static void
-print_ocsp_version (FILE *out_file, SECItem *version, int level)
+print_ocsp_version(FILE *out_file, SECItem *version, int level)
{
if (version->len > 0) {
- SECU_PrintInteger (out_file, version, "Version", level);
+ SECU_PrintInteger(out_file, version, "Version", level);
} else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "Version: DEFAULT\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Version: DEFAULT\n");
}
}
static void
-print_responder_id (FILE *out_file, ocspResponderID *responderID, int level)
+print_responder_id(FILE *out_file, ocspResponderID *responderID, int level)
{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Responder ID ");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Responder ID ");
switch (responderID->responderIDType) {
- case ocspResponderID_byName:
- fprintf (out_file, "(byName):\n");
- SECU_PrintName (out_file, &(responderID->responderIDValue.name),
- "Name", level + 1);
- break;
- case ocspResponderID_byKey:
- fprintf (out_file, "(byKey):\n");
- SECU_PrintAsHex (out_file, &(responderID->responderIDValue.keyHash),
- "Key Hash", level + 1);
- break;
- default:
- fprintf (out_file, "Unrecognized Responder ID Type\n");
- break;
+ case ocspResponderID_byName:
+ fprintf(out_file, "(byName):\n");
+ SECU_PrintName(out_file, &(responderID->responderIDValue.name),
+ "Name", level + 1);
+ break;
+ case ocspResponderID_byKey:
+ fprintf(out_file, "(byKey):\n");
+ SECU_PrintAsHex(out_file, &(responderID->responderIDValue.keyHash),
+ "Key Hash", level + 1);
+ break;
+ default:
+ fprintf(out_file, "Unrecognized Responder ID Type\n");
+ break;
}
}
static void
-print_ocsp_extensions (FILE *out_file, CERTCertExtension **extensions,
- char *msg, int level)
+print_ocsp_extensions(FILE *out_file, CERTCertExtension **extensions,
+ char *msg, int level)
{
if (extensions) {
- SECU_PrintExtensions (out_file, extensions, msg, level);
+ SECU_PrintExtensions(out_file, extensions, msg, level);
} else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No %s\n", msg);
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "No %s\n", msg);
}
}
static void
-print_revoked_info (FILE *out_file, ocspRevokedInfo *revoked_info, int level)
+print_revoked_info(FILE *out_file, ocspRevokedInfo *revoked_info, int level)
{
- SECU_PrintGeneralizedTime (out_file, &(revoked_info->revocationTime),
- "Revocation Time", level);
+ SECU_PrintGeneralizedTime(out_file, &(revoked_info->revocationTime),
+ "Revocation Time", level);
if (revoked_info->revocationReason != NULL) {
- SECU_PrintAsHex (out_file, revoked_info->revocationReason,
- "Revocation Reason", level);
+ SECU_PrintAsHex(out_file, revoked_info->revocationReason,
+ "Revocation Reason", level);
} else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No Revocation Reason.\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "No Revocation Reason.\n");
}
}
static void
-print_cert_status (FILE *out_file, ocspCertStatus *status, int level)
+print_cert_status(FILE *out_file, ocspCertStatus *status, int level)
{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Status: ");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Status: ");
switch (status->certStatusType) {
- case ocspCertStatus_good:
- fprintf (out_file, "Cert is good.\n");
- break;
- case ocspCertStatus_revoked:
- fprintf (out_file, "Cert has been revoked.\n");
- print_revoked_info (out_file, status->certStatusInfo.revokedInfo,
- level + 1);
- break;
- case ocspCertStatus_unknown:
- fprintf (out_file, "Cert is unknown to responder.\n");
- break;
- default:
- fprintf (out_file, "Unrecognized status.\n");
- break;
+ case ocspCertStatus_good:
+ fprintf(out_file, "Cert is good.\n");
+ break;
+ case ocspCertStatus_revoked:
+ fprintf(out_file, "Cert has been revoked.\n");
+ print_revoked_info(out_file, status->certStatusInfo.revokedInfo,
+ level + 1);
+ break;
+ case ocspCertStatus_unknown:
+ fprintf(out_file, "Cert is unknown to responder.\n");
+ break;
+ default:
+ fprintf(out_file, "Unrecognized status.\n");
+ break;
}
}
static void
-print_single_response (FILE *out_file, CERTOCSPSingleResponse *single,
- int level)
+print_single_response(FILE *out_file, CERTOCSPSingleResponse *single,
+ int level)
{
- print_ocsp_cert_id (out_file, single->certID, level);
+ print_ocsp_cert_id(out_file, single->certID, level);
- print_cert_status (out_file, single->certStatus, level);
+ print_cert_status(out_file, single->certStatus, level);
- SECU_PrintGeneralizedTime (out_file, &(single->thisUpdate),
- "This Update", level);
+ SECU_PrintGeneralizedTime(out_file, &(single->thisUpdate),
+ "This Update", level);
if (single->nextUpdate != NULL) {
- SECU_PrintGeneralizedTime (out_file, single->nextUpdate,
- "Next Update", level);
+ SECU_PrintGeneralizedTime(out_file, single->nextUpdate,
+ "Next Update", level);
} else {
- SECU_Indent (out_file, level);
- fprintf (out_file, "No Next Update\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "No Next Update\n");
}
- print_ocsp_extensions (out_file, single->singleExtensions,
- "Single Response Extensions", level);
+ print_ocsp_extensions(out_file, single->singleExtensions,
+ "Single Response Extensions", level);
}
static void
-print_response_data (FILE *out_file, ocspResponseData *responseData, int level)
+print_response_data(FILE *out_file, ocspResponseData *responseData, int level)
{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Response Data:\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Response Data:\n");
level++;
- print_ocsp_version (out_file, &(responseData->version), level);
+ print_ocsp_version(out_file, &(responseData->version), level);
- print_responder_id (out_file, responseData->responderID, level);
+ print_responder_id(out_file, responseData->responderID, level);
- SECU_PrintGeneralizedTime (out_file, &(responseData->producedAt),
- "Produced At", level);
+ SECU_PrintGeneralizedTime(out_file, &(responseData->producedAt),
+ "Produced At", level);
if (responseData->responses != NULL) {
int i;
for (i = 0; responseData->responses[i] != NULL; i++) {
- SECU_Indent (out_file, level);
- fprintf (out_file, "Response %d:\n", i);
- print_single_response (out_file, responseData->responses[i],
- level + 1);
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Response %d:\n", i);
+ print_single_response(out_file, responseData->responses[i],
+ level + 1);
}
} else {
- fprintf (out_file, "Response list is empty.\n");
+ fprintf(out_file, "Response list is empty.\n");
}
- print_ocsp_extensions (out_file, responseData->responseExtensions,
- "Response Extensions", level);
+ print_ocsp_extensions(out_file, responseData->responseExtensions,
+ "Response Extensions", level);
}
static void
-print_basic_response (FILE *out_file, ocspBasicOCSPResponse *basic, int level)
+print_basic_response(FILE *out_file, ocspBasicOCSPResponse *basic, int level)
{
- SECU_Indent (out_file, level);
- fprintf (out_file, "Basic OCSP Response:\n");
+ SECU_Indent(out_file, level);
+ fprintf(out_file, "Basic OCSP Response:\n");
level++;
- print_response_data (out_file, basic->tbsResponseData, level);
+ print_response_data(out_file, basic->tbsResponseData, level);
}
static void
@@ -926,1118 +1283,1303 @@ print_status_response(SECItem *data)
{
int level = 2;
CERTOCSPResponse *response;
- response = CERT_DecodeOCSPResponse (data);
+ response = CERT_DecodeOCSPResponse(data);
if (!response) {
- SECU_Indent (stdout, level);
- fprintf(stdout,"unable to decode certificate_status\n");
+ SECU_Indent(stdout, level);
+ fprintf(stdout, "unable to decode certificate_status\n");
return;
}
-
- SECU_Indent (stdout, level);
+
+ SECU_Indent(stdout, level);
if (response->statusValue >= ocspResponse_min &&
- response->statusValue <= ocspResponse_max) {
- fprintf (stdout, "Response Status: %s\n",
- responseStatusNames[response->statusValue]);
+ response->statusValue <= ocspResponse_max) {
+ fprintf(stdout, "Response Status: %s\n",
+ responseStatusNames[response->statusValue]);
} else {
- fprintf (stdout,
- "Response Status: other (Status value %d out of defined range)\n",
- (int)response->statusValue);
+ fprintf(stdout,
+ "Response Status: other (Status value %d out of defined range)\n",
+ (int)response->statusValue);
}
if (response->statusValue == ocspResponse_successful) {
ocspResponseBytes *responseBytes = response->responseBytes;
- PORT_Assert (responseBytes != NULL);
+ PORT_Assert(responseBytes != NULL);
level++;
- SECU_PrintObjectID (stdout, &(responseBytes->responseType),
- "Response Type", level);
+ SECU_PrintObjectID(stdout, &(responseBytes->responseType),
+ "Response Type", level);
switch (response->responseBytes->responseTypeTag) {
- case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
- print_basic_response (stdout,
- responseBytes->decodedResponse.basic,
- level);
- break;
- default:
- SECU_Indent (stdout, level);
- fprintf (stdout, "Unknown response syntax\n");
- break;
+ case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
+ print_basic_response(stdout,
+ responseBytes->decodedResponse.basic,
+ level);
+ break;
+ default:
+ SECU_Indent(stdout, level);
+ fprintf(stdout, "Unknown response syntax\n");
+ break;
}
} else {
- SECU_Indent (stdout, level);
- fprintf (stdout, "Unsuccessful response, no more information.\n");
+ SECU_Indent(stdout, level);
+ fprintf(stdout, "Unsuccessful response, no more information.\n");
}
- CERT_DestroyOCSPResponse (response);
+ CERT_DestroyOCSPResponse(response);
}
-/* In the case of renegotiation, handshakes that occur in an already MAC'ed
- * channel, by the time of this call, the caller has already removed the MAC
- * from input recordLen. The only MAC'ed record that will get here with its
+/* In the case of renegotiation, handshakes that occur in an already MAC'ed
+ * channel, by the time of this call, the caller has already removed the MAC
+ * from input recordLen. The only MAC'ed record that will get here with its
* MAC intact (not removed) is the first Finished message on the connection.
*/
-void print_ssl3_handshake(unsigned char *recordBuf,
- unsigned int recordLen,
- SSLRecord * sr,
- DataBufferList *s)
+void
+print_ssl3_handshake(unsigned char *recordBuf,
+ unsigned int recordLen,
+ SSLRecord *sr,
+ DataBufferList *s)
{
- struct sslhandshake sslh;
- unsigned char * hsdata;
- unsigned int offset=0;
-
- PR_fprintf(PR_STDOUT," handshake {\n");
-
- if (s->msgBufOffset && s->msgBuf) {
- /* append recordBuf to msgBuf, then use msgBuf */
- if (s->msgBufOffset + recordLen > s->msgBufSize) {
- int newSize = s->msgBufOffset + recordLen;
- unsigned char * newBuf = PORT_Realloc(s->msgBuf, newSize);
- if (!newBuf) {
- PR_ASSERT(newBuf);
- showErr( "Realloc failed");
- exit(10);
- }
- s->msgBuf = newBuf;
- s->msgBufSize = newSize;
- }
- memcpy(s->msgBuf + s->msgBufOffset, recordBuf, recordLen);
- s->msgBufOffset += recordLen;
- recordLen = s->msgBufOffset;
- recordBuf = s->msgBuf;
- }
- while (offset + 4 <= recordLen) {
- sslh.type = recordBuf[offset];
- sslh.length = GET_24(recordBuf+offset+1);
- if (offset + 4 + sslh.length > recordLen)
- break;
- /* finally have a complete message */
- if (sslhexparse)
- print_hex(4,recordBuf+offset);
-
- hsdata = &recordBuf[offset+4];
-
- PR_fprintf(PR_STDOUT," type = %d (",sslh.type);
- switch(sslh.type) {
- case 0: PR_FPUTS("hello_request)\n" ); break;
- case 1: PR_FPUTS("client_hello)\n" ); break;
- case 2: PR_FPUTS("server_hello)\n" ); break;
- case 4: PR_FPUTS("new_session_ticket)\n" ); break;
- case 11: PR_FPUTS("certificate)\n" ); break;
- case 12: PR_FPUTS("server_key_exchange)\n" ); break;
- case 13: PR_FPUTS("certificate_request)\n" ); break;
- case 14: PR_FPUTS("server_hello_done)\n" ); break;
- case 15: PR_FPUTS("certificate_verify)\n" ); break;
- case 16: PR_FPUTS("client_key_exchange)\n" ); break;
- case 20: PR_FPUTS("finished)\n" ); break;
- case 22: PR_FPUTS("certificate_status)\n" ); break;
- default: PR_FPUTS("unknown)\n" ); break;
+ struct sslhandshake sslh;
+ unsigned char *hsdata;
+ unsigned int offset = 0;
+
+ PR_fprintf(PR_STDOUT, " handshake {\n");
+
+ if (s->msgBufOffset && s->msgBuf) {
+ /* append recordBuf to msgBuf, then use msgBuf */
+ if (s->msgBufOffset + recordLen > s->msgBufSize) {
+ int newSize = s->msgBufOffset + recordLen;
+ unsigned char *newBuf = PORT_Realloc(s->msgBuf, newSize);
+ if (!newBuf) {
+ PR_ASSERT(newBuf);
+ showErr("Realloc failed");
+ exit(10);
+ }
+ s->msgBuf = newBuf;
+ s->msgBufSize = newSize;
+ }
+ memcpy(s->msgBuf + s->msgBufOffset, recordBuf, recordLen);
+ s->msgBufOffset += recordLen;
+ recordLen = s->msgBufOffset;
+ recordBuf = s->msgBuf;
}
+ while (offset + 4 <= recordLen) {
+ sslh.type = recordBuf[offset];
+ sslh.length = GET_24(recordBuf + offset + 1);
+ if (offset + 4 + sslh.length > recordLen)
+ break;
+ /* finally have a complete message */
+ if (sslhexparse)
+ print_hex(4, recordBuf + offset);
+
+ hsdata = &recordBuf[offset + 4];
+
+ PR_fprintf(PR_STDOUT, " type = %d (", sslh.type);
+ switch (sslh.type) {
+ case 0:
+ PR_FPUTS("hello_request)\n");
+ break;
+ case 1:
+ PR_FPUTS("client_hello)\n");
+ break;
+ case 2:
+ PR_FPUTS("server_hello)\n");
+ break;
+ case 4:
+ PR_FPUTS("new_session_ticket)\n");
+ break;
+ case 11:
+ PR_FPUTS("certificate)\n");
+ break;
+ case 12:
+ PR_FPUTS("server_key_exchange)\n");
+ break;
+ case 13:
+ PR_FPUTS("certificate_request)\n");
+ break;
+ case 14:
+ PR_FPUTS("server_hello_done)\n");
+ break;
+ case 15:
+ PR_FPUTS("certificate_verify)\n");
+ break;
+ case 16:
+ PR_FPUTS("client_key_exchange)\n");
+ break;
+ case 20:
+ PR_FPUTS("finished)\n");
+ break;
+ case 22:
+ PR_FPUTS("certificate_status)\n");
+ break;
+ default:
+ PR_FPUTS("unknown)\n");
+ break;
+ }
- PR_fprintf(PR_STDOUT," length = %d (0x%06x)\n",sslh.length,sslh.length);
- switch (sslh.type) {
-
- case 0: /* hello_request */ /* not much to show here. */ break;
-
- case 1: /* client hello */
- switch (sr->ver_maj) {
- case 3: /* ssl version 3 */
- {
- unsigned int pos;
- int w;
-
- PR_fprintf(PR_STDOUT," ClientHelloV3 {\n");
- PR_fprintf(PR_STDOUT," client_version = {%d, %d}\n",
- (PRUint8)hsdata[0],(PRUint8)hsdata[1]);
- PR_fprintf(PR_STDOUT," random = {...}\n");
- if (sslhexparse) print_hex(32,&hsdata[2]);
-
- /* pretty print Session ID */
- {
- int sidlength = (int)hsdata[2+32];
- PR_fprintf(PR_STDOUT," session ID = {\n");
- PR_fprintf(PR_STDOUT," length = %d\n",sidlength);
- PR_fprintf(PR_STDOUT," contents = {...}\n");
- if (sslhexparse) print_hex(sidlength,&hsdata[2+32+1]);
- PR_fprintf(PR_STDOUT," }\n");
- pos = 2+32+1+sidlength;
- }
-
- /* pretty print cipher suites */
- {
- int csuitelength = GET_SHORT((hsdata+pos));
- PR_fprintf(PR_STDOUT," cipher_suites[%d] = {\n",
- csuitelength/2);
- if (csuitelength % 2) {
- PR_fprintf(PR_STDOUT,
- "*error in protocol - csuitelength shouldn't be odd*\n");
- }
- for (w=0; w<csuitelength; w+=2) {
- PRUint32 cs_int = GET_SHORT((hsdata+pos+2+w));
- const char *cs_str = V2CipherString(cs_int);
- PR_fprintf(PR_STDOUT,
- " (0x%04x) %s\n", cs_int, cs_str);
- }
- pos += 2 + csuitelength;
- PR_fprintf(PR_STDOUT," }\n");
- }
-
- /* pretty print compression methods */
- {
- int complength = hsdata[pos];
- PR_fprintf(PR_STDOUT," compression[%d] = {\n",
- complength);
- for (w=0; w < complength; w++) {
- PRUint32 cm_int = hsdata[pos+1+w];
- const char *cm_str = CompressionMethodString(cm_int);
- PR_fprintf(PR_STDOUT,
- " (%02x) %s\n", cm_int, cm_str);
- }
- pos += 1 + complength;
- PR_fprintf(PR_STDOUT," }\n");
- }
-
- /* pretty print extensions, if any */
- pos = print_hello_extension(hsdata, sslh.length, pos);
-
- PR_fprintf(PR_STDOUT," }\n");
- } /* end of ssl version 3 */
- break;
- default:
- PR_fprintf(PR_STDOUT," UNDEFINED VERSION %d.%d {...}\n",
- sr->ver_maj, sr->ver_min );
- if (sslhexparse) print_hex(sslh.length, hsdata);
- break;
- } /* end of switch sr->ver_maj */
- break;
-
- case 2: /* server hello */
- {
- unsigned int sidlength, pos;
-
- PR_fprintf(PR_STDOUT," ServerHello {\n");
-
- PR_fprintf(PR_STDOUT," server_version = {%d, %d}\n",
- (PRUint8)hsdata[0],(PRUint8)hsdata[1]);
- PR_fprintf(PR_STDOUT," random = {...}\n");
- if (sslhexparse) print_hex(32,&hsdata[2]);
- PR_fprintf(PR_STDOUT," session ID = {\n");
- sidlength = (int)hsdata[2+32];
- PR_fprintf(PR_STDOUT," length = %d\n",sidlength);
- PR_fprintf(PR_STDOUT," contents = {...}\n");
- if (sslhexparse) print_hex(sidlength,&hsdata[2+32+1]);
- PR_fprintf(PR_STDOUT," }\n");
- pos = 2+32+1+sidlength;
-
- /* pretty print chosen cipher suite */
- {
- PRUint32 cs_int = GET_SHORT((hsdata+pos));
- const char *cs_str = V2CipherString(cs_int);
- PR_fprintf(PR_STDOUT," cipher_suite = (0x%04x) %s\n",
- cs_int, cs_str);
- currentcipher = cs_int;
- pos += 2;
- }
- /* pretty print chosen compression method */
- {
- PRUint32 cm_int = hsdata[pos++];
- const char *cm_str = CompressionMethodString(cm_int);
- PR_fprintf(PR_STDOUT," compression method = (%02x) %s\n",
- cm_int, cm_str);
- }
-
- /* pretty print extensions, if any */
- pos = print_hello_extension(hsdata, sslh.length, pos);
-
- PR_fprintf(PR_STDOUT," }\n");
- }
- break;
-
- case 4: /* new session ticket */
- {
- PRUint32 lifetimehint;
- PRUint16 ticketlength;
- char lifetime[32];
- lifetimehint = GET_32(hsdata);
- if (lifetimehint) {
- PRExplodedTime et;
- PRTime t = lifetimehint;
- t *= PR_USEC_PER_SEC;
- PR_ExplodeTime(t, PR_GMTParameters, &et);
- /* use HTTP Cookie header's date format */
- PR_FormatTimeUSEnglish(lifetime, sizeof lifetime,
- "%a, %d-%b-%Y %H:%M:%S GMT", &et);
- } else {
- /* 0 means the lifetime of the ticket is unspecified */
- strcpy(lifetime, "unspecified");
- }
- ticketlength = GET_SHORT((hsdata+4));
- PR_fprintf(PR_STDOUT," NewSessionTicket {\n");
- PR_fprintf(PR_STDOUT," ticket_lifetime_hint = %s\n",
- lifetime);
- PR_fprintf(PR_STDOUT," ticket = {\n");
- PR_fprintf(PR_STDOUT," length = %d\n",ticketlength);
- PR_fprintf(PR_STDOUT," contents = {...}\n");
- if (sslhexparse) print_hex(ticketlength,&hsdata[4+2]);
- PR_fprintf(PR_STDOUT," }\n");
- PR_fprintf(PR_STDOUT," }\n");
- }
- break;
-
- case 11: /* certificate */
- {
- PRFileDesc *cfd;
- int pos;
- int certslength;
- int certlength;
- int certbytesread = 0;
- static int certFileNumber;
- char certFileName[20];
-
- PR_fprintf(PR_STDOUT," CertificateChain {\n");
- certslength = GET_24(hsdata);
- PR_fprintf(PR_STDOUT," chainlength = %d (0x%04x)\n",
- certslength,certslength);
- pos = 3;
- while (certbytesread < certslength) {
- certlength = GET_24((hsdata+pos));
- pos += 3;
- PR_fprintf(PR_STDOUT," Certificate {\n");
- PR_fprintf(PR_STDOUT," size = %d (0x%04x)\n",
- certlength,certlength);
- certbytesread += certlength+3;
- if (certbytesread <= certslength) {
- PR_snprintf(certFileName, sizeof certFileName, "cert.%03d",
- ++certFileNumber);
- cfd = PR_Open(certFileName, PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE,
- 0664);
- if (!cfd) {
- PR_fprintf(PR_STDOUT,
- " data = { couldn't save file '%s' }\n",
- certFileName);
- } else {
- PR_Write(cfd, (hsdata+pos), certlength);
- PR_fprintf(PR_STDOUT,
- " data = { saved in file '%s' }\n",
- certFileName);
- PR_Close(cfd);
- }
- }
-
- PR_fprintf(PR_STDOUT," }\n");
- pos += certlength;
- }
- PR_fprintf(PR_STDOUT," }\n");
- }
- break;
-
- case 12: /* server_key_exchange */
- if (sslhexparse) print_hex(sslh.length, hsdata);
- break;
-
- case 13: /* certificate request */
- {
- unsigned int pos = 0;
- int w, reqLength;
-
- PR_fprintf(PR_STDOUT," CertificateRequest {\n");
-
- /* pretty print requested certificate types */
- reqLength = hsdata[pos];
- PR_fprintf(PR_STDOUT," certificate types[%d] = {",
- reqLength);
- for (w=0; w < reqLength; w++) {
- PR_fprintf(PR_STDOUT, " %02x", hsdata[pos+1+w]);
- }
- pos += 1 + reqLength;
- PR_fprintf(PR_STDOUT," }\n");
-
- /* pretty print CA names, if any */
- if (pos < sslh.length) {
- int exListLen = GET_SHORT((hsdata+pos)); pos += 2;
- PR_fprintf(PR_STDOUT,
- " certificate_authorities[%d] = {\n",
- exListLen);
- while (exListLen > 0 && pos < sslh.length) {
- char * ca_name;
- SECItem it;
- int dnLen = GET_SHORT((hsdata+pos)); pos += 2;
-
- /* dump the CA name */
- it.type = siBuffer;
- it.data = hsdata + pos;
- it.len = dnLen;
- ca_name = CERT_DerNameToAscii(&it);
- if (ca_name) {
- PR_fprintf(PR_STDOUT," %s\n", ca_name);
- PORT_Free(ca_name);
- } else {
- PR_fprintf(PR_STDOUT,
- " distinguished name [%d]", dnLen);
- if (dnLen > 0 && sslhexparse) {
- PR_fprintf(PR_STDOUT, " = {\n");
- print_hex(dnLen, hsdata + pos);
- PR_fprintf(PR_STDOUT, " }\n");
- } else {
- PR_fprintf(PR_STDOUT, "\n");
- }
+ PR_fprintf(PR_STDOUT, " length = %d (0x%06x)\n", sslh.length, sslh.length);
+ switch (sslh.type) {
+
+ case 0: /* hello_request */ /* not much to show here. */
+ break;
+
+ case 1: /* client hello */
+ switch (sr->ver_maj) {
+ case 3: /* ssl version 3 */
+ {
+ unsigned int pos;
+ int w;
+
+ PR_fprintf(PR_STDOUT, " ClientHelloV3 {\n");
+ PR_fprintf(PR_STDOUT, " client_version = {%d, %d}\n",
+ (PRUint8)hsdata[0], (PRUint8)hsdata[1]);
+ PR_fprintf(PR_STDOUT, " random = {...}\n");
+ if (sslhexparse)
+ print_hex(32, &hsdata[2]);
+
+ /* pretty print Session ID */
+ {
+ int sidlength =
+ (int)hsdata[2 + 32];
+ PR_fprintf(PR_STDOUT, " session ID = {\n");
+ PR_fprintf(PR_STDOUT, " length = %d\n", sidlength);
+ PR_fprintf(PR_STDOUT, " contents = {...}\n");
+ if (sslhexparse)
+ print_hex(sidlength, &hsdata[2 + 32 + 1]);
+ PR_fprintf(PR_STDOUT, " }\n");
+ pos =
+ 2 +
+ 32 +
+ 1 +
+ sidlength;
+ }
+
+ /* pretty print cipher suites */
+ {
+ int csuitelength =
+ GET_SHORT((hsdata + pos));
+ PR_fprintf(PR_STDOUT, " cipher_suites[%d] = {\n",
+ csuitelength /
+ 2);
+ if (csuitelength %
+ 2) {
+ PR_fprintf(PR_STDOUT,
+ "*error in protocol - csuitelength shouldn't be odd*\n");
+ }
+ for (w =
+ 0;
+ w <
+ csuitelength;
+ w += 2) {
+ PRUint32 cs_int =
+ GET_SHORT((hsdata + pos + 2 + w));
+ const char *cs_str =
+ V2CipherString(cs_int);
+ PR_fprintf(PR_STDOUT,
+ " (0x%04x) %s\n", cs_int, cs_str);
+ }
+ pos +=
+ 2 +
+ csuitelength;
+ PR_fprintf(PR_STDOUT, " }\n");
+ }
+
+ /* pretty print compression methods */
+ {
+ int complength =
+ hsdata[pos];
+ PR_fprintf(PR_STDOUT, " compression[%d] = {\n",
+ complength);
+ for (w =
+ 0;
+ w <
+ complength;
+ w++) {
+ PRUint32 cm_int =
+ hsdata[pos + 1 + w];
+ const char *cm_str =
+ CompressionMethodString(cm_int);
+ PR_fprintf(PR_STDOUT,
+ " (%02x) %s\n", cm_int, cm_str);
+ }
+ pos +=
+ 1 +
+ complength;
+ PR_fprintf(PR_STDOUT, " }\n");
+ }
+
+ /* pretty print extensions, if any */
+ pos =
+ print_hello_extension(hsdata, sslh.length, pos);
+
+ PR_fprintf(PR_STDOUT, " }\n");
+ } /* end of ssl version 3 */
+ break;
+ default:
+ PR_fprintf(PR_STDOUT, " UNDEFINED VERSION %d.%d {...}\n",
+ sr->ver_maj, sr->ver_min);
+ if (sslhexparse)
+ print_hex(sslh.length, hsdata);
+ break;
+ } /* end of switch sr->ver_maj */
+ break;
+
+ case 2: /* server hello */
+ {
+ unsigned int sidlength, pos;
+
+ PR_fprintf(PR_STDOUT, " ServerHello {\n");
+
+ PR_fprintf(PR_STDOUT, " server_version = {%d, %d}\n",
+ (PRUint8)hsdata[0], (PRUint8)hsdata[1]);
+ PR_fprintf(PR_STDOUT, " random = {...}\n");
+ if (sslhexparse)
+ print_hex(32, &hsdata[2]);
+ PR_fprintf(PR_STDOUT, " session ID = {\n");
+ sidlength = (int)hsdata[2 +
+ 32];
+ PR_fprintf(PR_STDOUT, " length = %d\n", sidlength);
+ PR_fprintf(PR_STDOUT, " contents = {...}\n");
+ if (sslhexparse)
+ print_hex(sidlength, &hsdata[2 + 32 + 1]);
+ PR_fprintf(PR_STDOUT, " }\n");
+ pos = 2 +
+ 32 + 1 +
+ sidlength;
+
+ /* pretty print chosen cipher suite */
+ {
+ PRUint32 cs_int = GET_SHORT((hsdata + pos));
+ const char *cs_str =
+ V2CipherString(cs_int);
+ PR_fprintf(PR_STDOUT, " cipher_suite = (0x%04x) %s\n",
+ cs_int, cs_str);
+ currentcipher =
+ cs_int;
+ pos +=
+ 2;
+ }
+ /* pretty print chosen compression method */
+ {
+ PRUint32 cm_int = hsdata[pos++];
+ const char *cm_str =
+ CompressionMethodString(cm_int);
+ PR_fprintf(PR_STDOUT, " compression method = (%02x) %s\n",
+ cm_int, cm_str);
+ }
+
+ /* pretty print extensions, if any */
+ pos = print_hello_extension(hsdata, sslh.length, pos);
+
+ PR_fprintf(PR_STDOUT, " }\n");
+ } break;
+
+ case 4: /* new session ticket */
+ {
+ PRUint32 lifetimehint;
+ PRUint16 ticketlength;
+ char lifetime[32];
+ lifetimehint = GET_32(hsdata);
+ if (lifetimehint) {
+ PRExplodedTime et;
+ PRTime t =
+ lifetimehint;
+ t *=
+ PR_USEC_PER_SEC;
+ PR_ExplodeTime(t, PR_GMTParameters, &et);
+ /* use HTTP Cookie header's date format */
+ PR_FormatTimeUSEnglish(lifetime, sizeof lifetime,
+ "%a, %d-%b-%Y %H:%M:%S GMT", &et);
+ } else {
+ /* 0 means the lifetime of the ticket is unspecified */
+ strcpy(lifetime, "unspecified");
+ }
+ ticketlength = GET_SHORT((hsdata +
+ 4));
+ PR_fprintf(PR_STDOUT, " NewSessionTicket {\n");
+ PR_fprintf(PR_STDOUT, " ticket_lifetime_hint = %s\n",
+ lifetime);
+ PR_fprintf(PR_STDOUT, " ticket = {\n");
+ PR_fprintf(PR_STDOUT, " length = %d\n", ticketlength);
+ PR_fprintf(PR_STDOUT, " contents = {...}\n");
+ if (sslhexparse)
+ print_hex(ticketlength, &hsdata[4 + 2]);
+ PR_fprintf(PR_STDOUT, " }\n");
+ PR_fprintf(PR_STDOUT, " }\n");
+ } break;
+
+ case 11: /* certificate */
+ {
+ PRFileDesc *cfd;
+ int pos;
+ int certslength;
+ int certlength;
+ int certbytesread = 0;
+ static int certFileNumber;
+ char certFileName[20];
+
+ PR_fprintf(PR_STDOUT, " CertificateChain {\n");
+ certslength = GET_24(hsdata);
+ PR_fprintf(PR_STDOUT, " chainlength = %d (0x%04x)\n",
+ certslength, certslength);
+ pos = 3;
+ while (certbytesread < certslength) {
+ certlength =
+ GET_24((hsdata + pos));
+ pos +=
+ 3;
+ PR_fprintf(PR_STDOUT, " Certificate {\n");
+ PR_fprintf(PR_STDOUT, " size = %d (0x%04x)\n",
+ certlength, certlength);
+ certbytesread +=
+ certlength + 3;
+ if (certbytesread <=
+ certslength) {
+ PR_snprintf(certFileName, sizeof certFileName, "cert.%03d",
+ ++certFileNumber);
+ cfd =
+ PR_Open(certFileName, PR_WRONLY |
+ PR_CREATE_FILE | PR_TRUNCATE,
+ 0664);
+ if (!cfd) {
+ PR_fprintf(PR_STDOUT,
+ " data = { couldn't save file '%s' }\n",
+ certFileName);
+ } else {
+ PR_Write(cfd, (hsdata +
+ pos),
+ certlength);
+ PR_fprintf(PR_STDOUT,
+ " data = { saved in file '%s' }\n",
+ certFileName);
+ PR_Close(cfd);
+ }
+ }
+
+ PR_fprintf(PR_STDOUT, " }\n");
+ pos += certlength;
+ }
+ PR_fprintf(PR_STDOUT, " }\n");
+ } break;
+
+ case 12: /* server_key_exchange */
+ if (sslhexparse)
+ print_hex(sslh.length, hsdata);
+ break;
+
+ case 13: /* certificate request */
+ {
+ unsigned int pos = 0;
+ int w, reqLength;
+
+ PR_fprintf(PR_STDOUT, " CertificateRequest {\n");
+
+ /* pretty print requested certificate types */
+ reqLength = hsdata[pos];
+ PR_fprintf(PR_STDOUT, " certificate types[%d] = {",
+ reqLength);
+ for (w =
+ 0;
+ w < reqLength; w++) {
+ PR_fprintf(PR_STDOUT, " %02x", hsdata[pos +
+ 1 + w]);
+ }
+ pos += 1 + reqLength;
+ PR_fprintf(PR_STDOUT, " }\n");
+
+ /* pretty print CA names, if any */
+ if (pos < sslh.length) {
+ int exListLen =
+ GET_SHORT((hsdata + pos));
+ pos += 2;
+ PR_fprintf(PR_STDOUT,
+ " certificate_authorities[%d] = {\n",
+ exListLen);
+ while (exListLen >
+ 0 &&
+ pos < sslh.length) {
+ char *ca_name;
+ SECItem it;
+ int dnLen = GET_SHORT((hsdata +
+ pos));
+ pos += 2;
+
+ /* dump the CA name */
+ it.type =
+ siBuffer;
+ it.data =
+ hsdata + pos;
+ it.len =
+ dnLen;
+ ca_name =
+ CERT_DerNameToAscii(&it);
+ if (ca_name) {
+ PR_fprintf(PR_STDOUT, " %s\n", ca_name);
+ PORT_Free(ca_name);
+ } else {
+ PR_fprintf(PR_STDOUT,
+ " distinguished name [%d]", dnLen);
+ if (dnLen >
+ 0 &&
+ sslhexparse) {
+ PR_fprintf(PR_STDOUT, " = {\n");
+ print_hex(dnLen, hsdata +
+ pos);
+ PR_fprintf(PR_STDOUT, " }\n");
+ } else {
+ PR_fprintf(PR_STDOUT, "\n");
+ }
+ }
+ pos +=
+ dnLen;
+ exListLen -=
+ 2 + dnLen;
+ }
+ PR_fprintf(PR_STDOUT, " }\n");
+ }
+
+ PR_fprintf(PR_STDOUT, " }\n");
+ } break;
+
+ case 14: /* server_hello_done */ /* not much to show here. */
+ break;
+
+ case 15: /* certificate_verify */
+ if (sslhexparse)
+ print_hex(sslh.length, hsdata);
+ break;
+
+ case 16: /* client key exchange */
+ {
+ PR_fprintf(PR_STDOUT, " ClientKeyExchange {\n");
+ PR_fprintf(PR_STDOUT, " message = {...}\n");
+ PR_fprintf(PR_STDOUT, " }\n");
+ } break;
+
+ case 20: /* finished */
+ PR_fprintf(PR_STDOUT, " Finished {\n");
+ PR_fprintf(PR_STDOUT, " verify_data = {...}\n");
+ if (sslhexparse)
+ print_hex(sslh.length, hsdata);
+ PR_fprintf(PR_STDOUT, " }\n");
+
+ if (!isNULLmac(currentcipher) &&
+ !s->hMACsize) {
+ /* To calculate the size of MAC, we subtract the number of known
+ * bytes of message from the number of remaining bytes in the
+ * record. This assumes that this is the first record on the
+ * connection to have a MAC, and that the sender has not put another
+ * message after the finished message in the handshake record.
+ * This is only correct for the first transition from unMACed to
+ * MACed. If the connection switches from one cipher suite to
+ * another one with a different MAC, this logic will not track that
+ * change correctly.
+ */
+ s->hMACsize =
+ recordLen - (sslh.length + 4);
+ sslh.length +=
+ s->hMACsize; /* skip over the MAC data */
+ }
+ break;
+
+ case 22: /* certificate_status */
+ {
+ SECItem data;
+ PRFileDesc *ofd;
+ static int ocspFileNumber;
+ char ocspFileName[20];
+
+ /* skip 4 bytes with handshake numbers, as in ssl3_HandleCertificateStatus */
+ data.type = siBuffer;
+ data.data = hsdata + 4;
+ data.len = sslh.length - 4;
+ print_status_response(&data);
+
+ PR_snprintf(ocspFileName, sizeof ocspFileName, "ocsp.%03d",
+ ++ocspFileNumber);
+ ofd = PR_Open(ocspFileName, PR_WRONLY |
+ PR_CREATE_FILE | PR_TRUNCATE,
+ 0664);
+ if (!ofd) {
+ PR_fprintf(PR_STDOUT,
+ " data = { couldn't save file '%s' }\n",
+ ocspFileName);
+ } else {
+ PR_Write(ofd, data.data, data.len);
+ PR_fprintf(PR_STDOUT,
+ " data = { saved in file '%s' }\n",
+ ocspFileName);
+ PR_Close(ofd);
+ }
+ } break;
+
+ default: {
+ PR_fprintf(PR_STDOUT, " UNKNOWN MESSAGE TYPE %d [%d] {\n",
+ sslh.type, sslh.length);
+ if (sslhexparse)
+ print_hex(sslh.length, hsdata);
+ PR_fprintf(PR_STDOUT, " }\n");
+ }
+ } /* end of switch sslh.type */
+ offset += sslh.length + 4;
+ } /* while */
+ if (offset < recordLen) { /* stuff left over */
+ unsigned int newMsgLen = recordLen - offset;
+ if (!s->msgBuf) {
+ s->msgBuf = PORT_Alloc(newMsgLen);
+ if (!s->msgBuf) {
+ PR_ASSERT(s->msgBuf);
+ showErr("Malloc failed");
+ exit(11);
}
- pos += dnLen;
- exListLen -= 2 + dnLen;
- }
- PR_fprintf(PR_STDOUT," }\n");
- }
-
- PR_fprintf(PR_STDOUT," }\n");
- }
- break;
-
- case 14: /* server_hello_done */ /* not much to show here. */ break;
-
- case 15: /* certificate_verify */
- if (sslhexparse) print_hex(sslh.length, hsdata);
- break;
-
- case 16: /* client key exchange */
- {
- PR_fprintf(PR_STDOUT," ClientKeyExchange {\n");
- PR_fprintf(PR_STDOUT," message = {...}\n");
- PR_fprintf(PR_STDOUT," }\n");
- }
- break;
-
- case 20: /* finished */
- PR_fprintf(PR_STDOUT," Finished {\n");
- PR_fprintf(PR_STDOUT," verify_data = {...}\n");
- if (sslhexparse) print_hex(sslh.length, hsdata);
- PR_fprintf(PR_STDOUT," }\n");
-
- if (!isNULLmac(currentcipher) && !s->hMACsize) {
- /* To calculate the size of MAC, we subtract the number of known
- * bytes of message from the number of remaining bytes in the
- * record. This assumes that this is the first record on the
- * connection to have a MAC, and that the sender has not put another
- * message after the finished message in the handshake record.
- * This is only correct for the first transition from unMACed to
- * MACed. If the connection switches from one cipher suite to
- * another one with a different MAC, this logic will not track that
- * change correctly.
- */
- s->hMACsize = recordLen - (sslh.length + 4);
- sslh.length += s->hMACsize; /* skip over the MAC data */
- }
- break;
-
- case 22: /* certificate_status */
- {
- SECItem data;
- PRFileDesc *ofd;
- static int ocspFileNumber;
- char ocspFileName[20];
-
- /* skip 4 bytes with handshake numbers, as in ssl3_HandleCertificateStatus */
- data.type = siBuffer;
- data.data = hsdata + 4;
- data.len = sslh.length - 4;
- print_status_response(&data);
-
- PR_snprintf(ocspFileName, sizeof ocspFileName, "ocsp.%03d",
- ++ocspFileNumber);
- ofd = PR_Open(ocspFileName, PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE,
- 0664);
- if (!ofd) {
- PR_fprintf(PR_STDOUT,
- " data = { couldn't save file '%s' }\n",
- ocspFileName);
- } else {
- PR_Write(ofd, data.data, data.len);
- PR_fprintf(PR_STDOUT,
- " data = { saved in file '%s' }\n",
- ocspFileName);
- PR_Close(ofd);
+ s->msgBufSize = newMsgLen;
+ memcpy(s->msgBuf, recordBuf + offset, newMsgLen);
+ } else if (newMsgLen > s->msgBufSize) {
+ unsigned char *newBuf = PORT_Realloc(s->msgBuf, newMsgLen);
+ if (!newBuf) {
+ PR_ASSERT(newBuf);
+ showErr("Realloc failed");
+ exit(12);
+ }
+ s->msgBuf = newBuf;
+ s->msgBufSize = newMsgLen;
+ } else if (offset || s->msgBuf != recordBuf) {
+ memmove(s->msgBuf, recordBuf + offset, newMsgLen);
}
- }
- break;
-
- default:
- {
- PR_fprintf(PR_STDOUT," UNKNOWN MESSAGE TYPE %d [%d] {\n",
- sslh.type, sslh.length);
- if (sslhexparse) print_hex(sslh.length, hsdata);
- PR_fprintf(PR_STDOUT," }\n");
-
- }
- } /* end of switch sslh.type */
- offset += sslh.length + 4;
- } /* while */
- if (offset < recordLen) { /* stuff left over */
- unsigned int newMsgLen = recordLen - offset;
- if (!s->msgBuf) {
- s->msgBuf = PORT_Alloc(newMsgLen);
- if (!s->msgBuf) {
- PR_ASSERT(s->msgBuf);
- showErr( "Malloc failed");
- exit(11);
- }
- s->msgBufSize = newMsgLen;
- memcpy(s->msgBuf, recordBuf + offset, newMsgLen);
- } else if (newMsgLen > s->msgBufSize) {
- unsigned char * newBuf = PORT_Realloc(s->msgBuf, newMsgLen);
- if (!newBuf) {
- PR_ASSERT(newBuf);
- showErr( "Realloc failed");
- exit(12);
- }
- s->msgBuf = newBuf;
- s->msgBufSize = newMsgLen;
- } else if (offset || s->msgBuf != recordBuf) {
- memmove(s->msgBuf, recordBuf + offset, newMsgLen);
+ s->msgBufOffset = newMsgLen;
+ PR_fprintf(PR_STDOUT, " [incomplete handshake message]\n");
+ } else {
+ s->msgBufOffset = 0;
}
- s->msgBufOffset = newMsgLen;
- PR_fprintf(PR_STDOUT," [incomplete handshake message]\n");
- } else {
- s->msgBufOffset = 0;
- }
- PR_fprintf(PR_STDOUT," }\n");
+ PR_fprintf(PR_STDOUT, " }\n");
}
-
-void print_ssl(DataBufferList *s, int length, unsigned char *buffer)
+void
+print_ssl(DataBufferList *s, int length, unsigned char *buffer)
{
- /* -------------------------------------------------------- */
- /* first, create a new buffer object for this piece of data. */
+ /* -------------------------------------------------------- */
+ /* first, create a new buffer object for this piece of data. */
- DataBuffer *db;
+ DataBuffer *db;
- if (s->size == 0 && length > 0 && buffer[0] >= 32 && buffer[0] < 128) {
- /* Not an SSL record, treat entire buffer as plaintext */
- PR_Write(PR_STDOUT,buffer,length);
- return;
- }
+ if (s->size == 0 && length > 0 && buffer[0] >= 32 && buffer[0] < 128) {
+ /* Not an SSL record, treat entire buffer as plaintext */
+ PR_Write(PR_STDOUT, buffer, length);
+ return;
+ }
- check_integrity(s);
+ check_integrity(s);
- db = PR_NEW(struct _DataBuffer);
+ db = PR_NEW(struct _DataBuffer);
- db->buffer = (unsigned char*)PORT_Alloc(length);
- db->length = length;
- db->offset = 0;
- memcpy(db->buffer, buffer, length);
- db->next = NULL;
+ db->buffer = (unsigned char *)PORT_Alloc(length);
+ db->length = length;
+ db->offset = 0;
+ memcpy(db->buffer, buffer, length);
+ db->next = NULL;
- /* now, add it to the stream */
+ /* now, add it to the stream */
- if (s->last != NULL) s->last->next = db;
- s->last = db;
- s->size += length;
- if (s->first == NULL) s->first = db;
+ if (s->last != NULL)
+ s->last->next = db;
+ s->last = db;
+ s->size += length;
+ if (s->first == NULL)
+ s->first = db;
- check_integrity(s);
+ check_integrity(s);
- /*------------------------------------------------------- */
- /* now we look at the stream to see if we have enough data to
+ /*------------------------------------------------------- */
+ /* now we look at the stream to see if we have enough data to
decode */
- while (s->size > 0 ) {
- unsigned char *recordBuf = NULL;
+ while (s->size > 0) {
+ unsigned char *recordBuf = NULL;
- SSLRecord sr;
- unsigned recordLen;
- unsigned recordsize;
+ SSLRecord sr;
+ unsigned recordLen;
+ unsigned recordsize;
- check_integrity(s);
+ check_integrity(s);
- if ( s->first == NULL) {
- PR_fprintf(PR_STDOUT,"ERROR: s->first is null\n");
- exit(9);
- }
+ if (s->first == NULL) {
+ PR_fprintf(PR_STDOUT, "ERROR: s->first is null\n");
+ exit(9);
+ }
- /* in the case of an SSL 2 client-hello */
- /* will have the high-bit set, whereas an SSL 3 client-hello will not */
- /* SSL2 can also send records that begin with the high bit clear.
- * This code will incorrectly handle them. XXX
- */
- if (isV2Session || s->first->buffer[s->first->offset] & 0x80) {
- /* it's an SSL 2 packet */
- unsigned char lenbuf[3];
-
- /* first, we check if there's enough data for it to be an SSL2-type
- * record. What a pain.*/
- if (s->size < sizeof lenbuf) {
- partial_packet(length, s->size, sizeof lenbuf);
- return;
- }
-
- /* read the first two bytes off the stream. */
- read_stream_bytes(lenbuf, s, sizeof(lenbuf));
- recordLen = ((unsigned int)(lenbuf[0] & 0x7f) << 8) + lenbuf[1] +
- ((lenbuf[0] & 0x80) ? 2 : 3);
- PR_fprintf(PR_STDOUT, "recordLen = %u bytes\n", recordLen);
-
- /* put 'em back on the head of the stream. */
- db = PR_NEW(struct _DataBuffer);
-
- db->length = sizeof lenbuf;
- db->buffer = (unsigned char*) PORT_Alloc(db->length);
- db->offset = 0;
- memcpy(db->buffer, lenbuf, sizeof lenbuf);
-
- db->next = s->first;
- s->first = db;
- if (s->last == NULL)
- s->last = db;
- s->size += db->length;
-
- /* if there wasn't enough, go back for more. */
- if (s->size < recordLen) {
- check_integrity(s);
- partial_packet(length, s->size, recordLen);
- return;
- }
- partial_packet(length, s->size, recordLen);
-
- /* read in the whole record. */
- recordBuf = PORT_Alloc(recordLen);
- read_stream_bytes(recordBuf, s, recordLen);
-
- print_sslv2(s, recordBuf, recordLen);
- PR_FREEIF(recordBuf);
- check_integrity(s);
-
- continue;
- }
+ /* in the case of an SSL 2 client-hello */
+ /* will have the high-bit set, whereas an SSL 3 client-hello will not */
+ /* SSL2 can also send records that begin with the high bit clear.
+ * This code will incorrectly handle them. XXX
+ */
+ if (isV2Session || s->first->buffer[s->first->offset] & 0x80) {
+ /* it's an SSL 2 packet */
+ unsigned char lenbuf[3];
+
+ /* first, we check if there's enough data for it to be an SSL2-type
+ * record. What a pain.*/
+ if (s->size < sizeof lenbuf) {
+ partial_packet(length, s->size, sizeof lenbuf);
+ return;
+ }
- /***********************************************************/
- /* It's SSL v3 */
- /***********************************************************/
- check_integrity(s);
+ /* read the first two bytes off the stream. */
+ read_stream_bytes(lenbuf, s, sizeof(lenbuf));
+ recordLen = ((unsigned int)(lenbuf[0] & 0x7f) << 8) + lenbuf[1] +
+ ((lenbuf[0] & 0x80) ? 2 : 3);
+ PR_fprintf(PR_STDOUT, "recordLen = %u bytes\n", recordLen);
+
+ /* put 'em back on the head of the stream. */
+ db = PR_NEW(struct _DataBuffer);
+
+ db->length = sizeof lenbuf;
+ db->buffer = (unsigned char *)PORT_Alloc(db->length);
+ db->offset = 0;
+ memcpy(db->buffer, lenbuf, sizeof lenbuf);
+
+ db->next = s->first;
+ s->first = db;
+ if (s->last == NULL)
+ s->last = db;
+ s->size += db->length;
+
+ /* if there wasn't enough, go back for more. */
+ if (s->size < recordLen) {
+ check_integrity(s);
+ partial_packet(length, s->size, recordLen);
+ return;
+ }
+ partial_packet(length, s->size, recordLen);
- if (s->size < sizeof sr) {
- partial_packet(length, s->size, sizeof(SSLRecord));
- return;
- }
+ /* read in the whole record. */
+ recordBuf = PORT_Alloc(recordLen);
+ read_stream_bytes(recordBuf, s, recordLen);
+
+ print_sslv2(s, recordBuf, recordLen);
+ PR_FREEIF(recordBuf);
+ check_integrity(s);
- read_stream_bytes((unsigned char *)&sr, s, sizeof sr);
+ continue;
+ }
+
+ /***********************************************************/
+ /* It's SSL v3 */
+ /***********************************************************/
+ check_integrity(s);
- /* we have read the stream bytes. Look at the length of
+ if (s->size < sizeof sr) {
+ partial_packet(length, s->size, sizeof(SSLRecord));
+ return;
+ }
+
+ read_stream_bytes((unsigned char *)&sr, s, sizeof sr);
+
+ /* we have read the stream bytes. Look at the length of
the ssl record. If we don't have enough data to satisfy this
request, then put the bytes we just took back at the head
of the queue */
- recordsize = GET_SHORT(sr.length);
-
- if (recordsize > s->size) {
- db = PR_NEW(struct _DataBuffer);
+ recordsize = GET_SHORT(sr.length);
- db->length = sizeof sr;
- db->buffer = (unsigned char*) PORT_Alloc(db->length);
- db->offset = 0;
- memcpy(db->buffer, &sr, sizeof sr);
- db->next = s->first;
+ if (recordsize > s->size) {
+ db = PR_NEW(struct _DataBuffer);
- /* now, add it back on to the head of the stream */
+ db->length = sizeof sr;
+ db->buffer = (unsigned char *)PORT_Alloc(db->length);
+ db->offset = 0;
+ memcpy(db->buffer, &sr, sizeof sr);
+ db->next = s->first;
- s->first = db;
- if (s->last == NULL)
- s->last = db;
- s->size += db->length;
-
- check_integrity(s);
- partial_packet(length, s->size, recordsize);
- return;
- }
- partial_packet(length, s->size, recordsize);
+ /* now, add it back on to the head of the stream */
+ s->first = db;
+ if (s->last == NULL)
+ s->last = db;
+ s->size += db->length;
- PR_fprintf(PR_STDOUT,"SSLRecord { [%s]\n", get_time_string() );
- if (sslhexparse) {
- print_hex(5,(unsigned char*)&sr);
- }
+ check_integrity(s);
+ partial_packet(length, s->size, recordsize);
+ return;
+ }
+ partial_packet(length, s->size, recordsize);
- check_integrity(s);
+ PR_fprintf(PR_STDOUT, "SSLRecord { [%s]\n", get_time_string());
+ if (sslhexparse) {
+ print_hex(5, (unsigned char *)&sr);
+ }
- PR_fprintf(PR_STDOUT," type = %d (",sr.type);
- switch(sr.type) {
- case 20 :
- PR_fprintf(PR_STDOUT,"change_cipher_spec)\n");
- break;
- case 21 :
- PR_fprintf(PR_STDOUT,"alert)\n");
- break;
- case 22 :
- PR_fprintf(PR_STDOUT,"handshake)\n");
- break;
- case 23 :
- PR_fprintf(PR_STDOUT,"application_data)\n");
- break;
- default:
- PR_fprintf(PR_STDOUT,"unknown)\n");
- break;
- }
- PR_fprintf(PR_STDOUT," version = { %d,%d }\n",
- (PRUint32)sr.ver_maj,(PRUint32)sr.ver_min);
- PR_fprintf(PR_STDOUT," length = %d (0x%x)\n",
- (PRUint32)GET_SHORT(sr.length), (PRUint32)GET_SHORT(sr.length));
-
-
- recordLen = recordsize;
- PR_ASSERT(s->size >= recordLen);
- if (s->size >= recordLen) {
- recordBuf = (unsigned char*) PORT_Alloc(recordLen);
- read_stream_bytes(recordBuf, s, recordLen);
-
- if (s->isEncrypted) {
- PR_fprintf(PR_STDOUT," < encrypted >\n");
- } else { /* not encrypted */
-
- switch(sr.type) {
- case 20 : /* change_cipher_spec */
- if (sslhexparse) print_hex(recordLen - s->hMACsize,recordBuf);
- /* mark to say we can only dump hex form now on
- * if it is not one on a null cipher */
- s->isEncrypted = isNULLcipher(currentcipher) ? 0 : 1;
- break;
-
- case 21 : /* alert */
- switch(recordBuf[0]) {
- case 1: PR_fprintf(PR_STDOUT, " warning: "); break;
- case 2: PR_fprintf(PR_STDOUT, " fatal: "); break;
- default: PR_fprintf(PR_STDOUT, " unknown level %d: ", recordBuf[0]); break;
- }
-
- switch(recordBuf[1]) {
- case 0: PR_FPUTS("close_notify\n" ); break;
- case 10: PR_FPUTS("unexpected_message\n" ); break;
- case 20: PR_FPUTS("bad_record_mac\n" ); break;
- case 21: PR_FPUTS("decryption_failed\n" ); break;
- case 22: PR_FPUTS("record_overflow\n" ); break;
- case 30: PR_FPUTS("decompression_failure\n" ); break;
- case 40: PR_FPUTS("handshake_failure\n" ); break;
- case 41: PR_FPUTS("no_certificate\n" ); break;
- case 42: PR_FPUTS("bad_certificate\n" ); break;
- case 43: PR_FPUTS("unsupported_certificate\n" ); break;
- case 44: PR_FPUTS("certificate_revoked\n" ); break;
- case 45: PR_FPUTS("certificate_expired\n" ); break;
- case 46: PR_FPUTS("certificate_unknown\n" ); break;
- case 47: PR_FPUTS("illegal_parameter\n" ); break;
- case 48: PR_FPUTS("unknown_ca\n" ); break;
- case 49: PR_FPUTS("access_denied\n" ); break;
- case 50: PR_FPUTS("decode_error\n" ); break;
- case 51: PR_FPUTS("decrypt_error\n" ); break;
- case 60: PR_FPUTS("export_restriction\n" ); break;
- case 70: PR_FPUTS("protocol_version\n" ); break;
- case 71: PR_FPUTS("insufficient_security\n" ); break;
- case 80: PR_FPUTS("internal_error\n" ); break;
- case 90: PR_FPUTS("user_canceled\n" ); break;
- case 100: PR_FPUTS("no_renegotiation\n" ); break;
- case 110: PR_FPUTS("unsupported_extension\n" ); break;
- case 111: PR_FPUTS("certificate_unobtainable\n" ); break;
- case 112: PR_FPUTS("unrecognized_name\n" ); break;
- case 113: PR_FPUTS("bad_certificate_status_response\n" ); break;
- case 114: PR_FPUTS("bad_certificate_hash_value\n" ); break;
-
- default: PR_fprintf(PR_STDOUT, "unknown alert %d\n", recordBuf[1]);
- break;
- }
-
- if (sslhexparse) print_hex(recordLen - s->hMACsize,recordBuf);
- break;
-
- case 22 : /* handshake */
- print_ssl3_handshake( recordBuf, recordLen - s->hMACsize, &sr, s );
- break;
-
- case 23 : /* application data */
- print_hex(recordLen - s->hMACsize,recordBuf);
- break;
-
- default:
- print_hex(recordLen - s->hMACsize,recordBuf);
- break;
- }
- if (s->hMACsize) {
- PR_fprintf(PR_STDOUT," MAC = {...}\n");
- if (sslhexparse) {
- unsigned char *offset = recordBuf + (recordLen - s->hMACsize);
- print_hex(s->hMACsize, offset);
- }
- }
- } /* not encrypted */
+ check_integrity(s);
+
+ PR_fprintf(PR_STDOUT, " type = %d (", sr.type);
+ switch (sr.type) {
+ case 20:
+ PR_fprintf(PR_STDOUT, "change_cipher_spec)\n");
+ break;
+ case 21:
+ PR_fprintf(PR_STDOUT, "alert)\n");
+ break;
+ case 22:
+ PR_fprintf(PR_STDOUT, "handshake)\n");
+ break;
+ case 23:
+ PR_fprintf(PR_STDOUT, "application_data)\n");
+ break;
+ default:
+ PR_fprintf(PR_STDOUT, "unknown)\n");
+ break;
+ }
+ PR_fprintf(PR_STDOUT, " version = { %d,%d }\n",
+ (PRUint32)sr.ver_maj, (PRUint32)sr.ver_min);
+ PR_fprintf(PR_STDOUT, " length = %d (0x%x)\n",
+ (PRUint32)GET_SHORT(sr.length), (PRUint32)GET_SHORT(sr.length));
+
+ recordLen = recordsize;
+ PR_ASSERT(s->size >= recordLen);
+ if (s->size >= recordLen) {
+ recordBuf = (unsigned char *)PORT_Alloc(recordLen);
+ read_stream_bytes(recordBuf, s, recordLen);
+
+ if (s->isEncrypted) {
+ PR_fprintf(PR_STDOUT, " < encrypted >\n");
+ } else { /* not encrypted */
+
+ switch (sr.type) {
+ case 20: /* change_cipher_spec */
+ if (sslhexparse)
+ print_hex(recordLen - s->hMACsize, recordBuf);
+ /* mark to say we can only dump hex form now on
+ * if it is not one on a null cipher */
+ s->isEncrypted =
+ isNULLcipher(currentcipher) ? 0 : 1;
+ break;
+
+ case 21: /* alert */
+ switch (recordBuf[0]) {
+ case 1:
+ PR_fprintf(PR_STDOUT, " warning: ");
+ break;
+ case 2:
+ PR_fprintf(PR_STDOUT, " fatal: ");
+ break;
+ default:
+ PR_fprintf(PR_STDOUT, " unknown level %d: ", recordBuf[0]);
+ break;
+ }
+
+ switch (recordBuf[1]) {
+ case 0:
+ PR_FPUTS("close_notify\n");
+ break;
+ case 10:
+ PR_FPUTS("unexpected_message\n");
+ break;
+ case 20:
+ PR_FPUTS("bad_record_mac\n");
+ break;
+ case 21:
+ PR_FPUTS("decryption_failed\n");
+ break;
+ case 22:
+ PR_FPUTS("record_overflow\n");
+ break;
+ case 30:
+ PR_FPUTS("decompression_failure\n");
+ break;
+ case 40:
+ PR_FPUTS("handshake_failure\n");
+ break;
+ case 41:
+ PR_FPUTS("no_certificate\n");
+ break;
+ case 42:
+ PR_FPUTS("bad_certificate\n");
+ break;
+ case 43:
+ PR_FPUTS("unsupported_certificate\n");
+ break;
+ case 44:
+ PR_FPUTS("certificate_revoked\n");
+ break;
+ case 45:
+ PR_FPUTS("certificate_expired\n");
+ break;
+ case 46:
+ PR_FPUTS("certificate_unknown\n");
+ break;
+ case 47:
+ PR_FPUTS("illegal_parameter\n");
+ break;
+ case 48:
+ PR_FPUTS("unknown_ca\n");
+ break;
+ case 49:
+ PR_FPUTS("access_denied\n");
+ break;
+ case 50:
+ PR_FPUTS("decode_error\n");
+ break;
+ case 51:
+ PR_FPUTS("decrypt_error\n");
+ break;
+ case 60:
+ PR_FPUTS("export_restriction\n");
+ break;
+ case 70:
+ PR_FPUTS("protocol_version\n");
+ break;
+ case 71:
+ PR_FPUTS("insufficient_security\n");
+ break;
+ case 80:
+ PR_FPUTS("internal_error\n");
+ break;
+ case 90:
+ PR_FPUTS("user_canceled\n");
+ break;
+ case 100:
+ PR_FPUTS("no_renegotiation\n");
+ break;
+ case 110:
+ PR_FPUTS("unsupported_extension\n");
+ break;
+ case 111:
+ PR_FPUTS("certificate_unobtainable\n");
+ break;
+ case 112:
+ PR_FPUTS("unrecognized_name\n");
+ break;
+ case 113:
+ PR_FPUTS("bad_certificate_status_response\n");
+ break;
+ case 114:
+ PR_FPUTS("bad_certificate_hash_value\n");
+ break;
+
+ default:
+ PR_fprintf(PR_STDOUT, "unknown alert %d\n", recordBuf[1]);
+ break;
+ }
+
+ if (sslhexparse)
+ print_hex(recordLen - s->hMACsize, recordBuf);
+ break;
+
+ case 22: /* handshake */
+ print_ssl3_handshake(recordBuf, recordLen -
+ s->hMACsize,
+ &sr, s);
+ break;
+
+ case 23: /* application data */
+ print_hex(recordLen -
+ s->hMACsize,
+ recordBuf);
+ break;
+
+ default:
+ print_hex(recordLen -
+ s->hMACsize,
+ recordBuf);
+ break;
+ }
+ if (s->hMACsize) {
+ PR_fprintf(PR_STDOUT, " MAC = {...}\n");
+ if (sslhexparse) {
+ unsigned char *offset =
+ recordBuf + (recordLen - s->hMACsize);
+ print_hex(s->hMACsize, offset);
+ }
+ }
+ } /* not encrypted */
+ }
+ PR_fprintf(PR_STDOUT, "}\n");
+ PR_FREEIF(recordBuf);
+ check_integrity(s);
}
- PR_fprintf(PR_STDOUT,"}\n");
- PR_FREEIF(recordBuf);
- check_integrity(s);
- }
}
-void print_hex(int amt, unsigned char *buf)
+void
+print_hex(int amt, unsigned char *buf)
{
- int i,j,k;
- char t[20];
- static char string[5000];
+ int i, j, k;
+ char t[20];
+ static char string[5000];
+ for (i = 0; i < amt; i++) {
+ t[1] = 0;
- for(i=0;i<amt;i++) {
- t[1] =0;
+ if (i % 16 == 0) { /* if we are at the beginning of a line */
+ PR_fprintf(PR_STDOUT, "%4x:", i); /* print the line number */
+ strcpy(string, "");
+ }
- if (i%16 ==0) { /* if we are at the beginning of a line */
- PR_fprintf(PR_STDOUT,"%4x:",i); /* print the line number */
- strcpy(string,"");
- }
+ if (i % 4 == 0) {
+ PR_fprintf(PR_STDOUT, " ");
+ }
- if (i%4 == 0) {
- PR_fprintf(PR_STDOUT," ");
- }
+ j = buf[i];
+
+ t[0] = (j >= 0x20 && j < 0x80) ? j : '.';
+
+ if (fancy) {
+ switch (t[0]) {
+ case '<':
+ strcpy(t, "&lt;");
+ break;
+ case '>':
+ strcpy(t, "&gt;");
+ break;
+ case '&':
+ strcpy(t, "&amp;");
+ break;
+ }
+ }
+ strcat(string, t);
- j = buf[i];
-
- t[0] = (j >= 0x20 && j < 0x80) ? j : '.';
-
- if (fancy) {
- switch (t[0]) {
- case '<':
- strcpy(t,"&lt;");
- break;
- case '>':
- strcpy(t,"&gt;");
- break;
- case '&':
- strcpy(t,"&amp;");
- break;
- }
+ PR_fprintf(PR_STDOUT, "%02x ", (PRUint8)buf[i]);
+
+ /* if we've reached the end of the line - add the string */
+ if (i % 16 == 15)
+ PR_fprintf(PR_STDOUT, " | %s\n", string);
}
- strcat(string,t);
-
- PR_fprintf(PR_STDOUT,"%02x ",(PRUint8) buf[i]);
-
- /* if we've reached the end of the line - add the string */
- if (i%16 == 15) PR_fprintf(PR_STDOUT," | %s\n",string);
- }
- /* we reached the end of the buffer,*/
- /* do we have buffer left over? */
- j = i%16;
- if (j > 0) {
- for (k=0;k<(16-j);k++) {
- /* print additional space after every four bytes */
- if ((k + j)%4 == 0) {
- PR_fprintf(PR_STDOUT," ");
+ /* we reached the end of the buffer,*/
+ /* do we have buffer left over? */
+ j = i % 16;
+ if (j > 0) {
+ for (k = 0; k < (16 -
+ j);
+ k++) {
+ /* print additional space after every four bytes */
+ if ((k + j) % 4 == 0) {
+ PR_fprintf(PR_STDOUT, " ");
+ }
+ PR_fprintf(PR_STDOUT, " ");
}
- PR_fprintf(PR_STDOUT," ");
+ PR_fprintf(PR_STDOUT, " | %s\n", string);
}
- PR_fprintf(PR_STDOUT," | %s\n",string);
- }
}
-void Usage(void)
+void
+Usage(void)
{
- PR_fprintf(PR_STDERR, "SSLTAP (C) 1997, 1998 Netscape Communications Corporation.\n");
- PR_fprintf(PR_STDERR, "Usage: ssltap [-vhfsxl] [-p port] hostname:port\n");
- PR_fprintf(PR_STDERR, " -v [prints version string]\n");
- PR_fprintf(PR_STDERR, " -h [outputs hex instead of ASCII]\n");
- PR_fprintf(PR_STDERR, " -f [turn on Fancy HTML coloring]\n");
- PR_fprintf(PR_STDERR, " -s [turn on SSL decoding]\n");
- PR_fprintf(PR_STDERR, " -x [turn on extra SSL hex dumps]\n");
- PR_fprintf(PR_STDERR, " -p port [specify rendezvous port (default 1924)]\n");
- PR_fprintf(PR_STDERR, " -l [loop - continue to wait for more connections]\n");
-
-
+ PR_fprintf(PR_STDERR, "SSLTAP (C) 1997, 1998 Netscape Communications Corporation.\n");
+ PR_fprintf(PR_STDERR, "Usage: ssltap [-vhfsxl] [-p port] hostname:port\n");
+ PR_fprintf(PR_STDERR, " -v [prints version string]\n");
+ PR_fprintf(PR_STDERR, " -h [outputs hex instead of ASCII]\n");
+ PR_fprintf(PR_STDERR, " -f [turn on Fancy HTML coloring]\n");
+ PR_fprintf(PR_STDERR, " -s [turn on SSL decoding]\n");
+ PR_fprintf(PR_STDERR, " -x [turn on extra SSL hex dumps]\n");
+ PR_fprintf(PR_STDERR, " -p port [specify rendezvous port (default 1924)]\n");
+ PR_fprintf(PR_STDERR, " -l [loop - continue to wait for more connections]\n");
}
void
-showErr(const char * msg)
+showErr(const char *msg)
{
- PRErrorCode err = PR_GetError();
- const char * errString;
+ PRErrorCode err = PR_GetError();
+ const char *errString;
- if (err == PR_UNKNOWN_ERROR)
- err = PR_CONNECT_RESET_ERROR; /* bug in NSPR. */
- errString = SECU_Strerror(err);
+ if (err == PR_UNKNOWN_ERROR)
+ err = PR_CONNECT_RESET_ERROR; /* bug in NSPR. */
+ errString = SECU_Strerror(err);
- if (!errString)
- errString = "(no text available)";
- PR_fprintf(PR_STDERR, "%s: Error %d: %s: %s", progName, err, errString, msg);
+ if (!errString)
+ errString = "(no text available)";
+ PR_fprintf(PR_STDERR, "%s: Error %d: %s: %s", progName, err, errString, msg);
}
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- char *hostname=NULL;
- PRUint16 rendport=DEFPORT,port;
- PRAddrInfo *ai;
- void *iter;
- PRStatus r;
- PRNetAddr na_client,na_server,na_rend;
- PRFileDesc *s_server,*s_client,*s_rend; /*rendezvous */
- int c_count=0;
- PLOptState *optstate;
- PLOptStatus status;
- SECStatus rv;
-
- progName = argv[0];
- optstate = PL_CreateOptState(argc,argv,"fxhslp:");
+ char *hostname = NULL;
+ PRUint16 rendport = DEFPORT, port;
+ PRAddrInfo *ai;
+ void *iter;
+ PRStatus r;
+ PRNetAddr na_client, na_server, na_rend;
+ PRFileDesc *s_server, *s_client, *s_rend; /*rendezvous */
+ int c_count = 0;
+ PLOptState *optstate;
+ PLOptStatus status;
+ SECStatus rv;
+
+ progName = argv[0];
+ optstate = PL_CreateOptState(argc, argv, "fxhslp:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'f':
- fancy++;
- break;
- case 'h':
- hexparse++;
- break;
- case 's':
- sslparse++;
- break;
- case 'x':
- sslhexparse++;
- break;
- case 'l':
- looparound++;
- break;
- case 'p':
- rendport = atoi(optstate->value);
- break;
- case '\0':
- hostname = PL_strdup(optstate->value);
+ switch (optstate->option) {
+ case 'f':
+ fancy++;
+ break;
+ case 'h':
+ hexparse++;
+ break;
+ case 's':
+ sslparse++;
+ break;
+ case 'x':
+ sslhexparse++;
+ break;
+ case 'l':
+ looparound++;
+ break;
+ case 'p':
+ rendport =
+ atoi(optstate->value);
+ break;
+ case '\0':
+ hostname =
+ PL_strdup(optstate->value);
+ }
}
- }
- if (status == PL_OPT_BAD)
- Usage();
-
- if (fancy) {
- if (!hexparse && !sslparse) {
- PR_fprintf(PR_STDERR,
-"Note: use of -f without -s or -h not recommended, \n"
-"as the output looks a little strange. It may be useful, however\n");
+ if (status == PL_OPT_BAD)
+ Usage();
+
+ if (fancy) {
+ if (!hexparse && !sslparse) {
+ PR_fprintf(PR_STDERR,
+ "Note: use of -f without -s or -h not recommended, \n"
+ "as the output looks a little strange. It may be useful, however\n");
+ }
}
- }
- if(! hostname ) Usage(), exit(2);
+ if (!hostname)
+ Usage(), exit(2);
- {
- char *colon = (char *)strchr(hostname, ':');
- if (!colon) {
- PR_fprintf(PR_STDERR,
- "You must specify the host AND port you wish to connect to\n");
- Usage(), exit(3);
+ {
+ char *colon = (char *)strchr(hostname, ':');
+ if (!colon) {
+ PR_fprintf(PR_STDERR,
+ "You must specify the host AND port you wish to connect to\n");
+ Usage(), exit(3);
+ }
+ port = atoi(&colon[1]);
+ *colon = '\0';
+
+ if (port == 0) {
+ PR_fprintf(PR_STDERR, "Port must be a nonzero number.\n");
+ exit(4);
+ }
}
- port = atoi(&colon[1]);
- *colon = '\0';
- if (port == 0) {
- PR_fprintf(PR_STDERR, "Port must be a nonzero number.\n");
- exit(4);
- }
- }
+ /* find the 'server' IP address so we don't have to look it up later */
+
+ if (fancy) {
+ PR_fprintf(PR_STDOUT, "<HTML><HEAD><TITLE>SSLTAP output</TITLE></HEAD>\n");
+ PR_fprintf(PR_STDOUT, "<BODY><PRE>\n");
+ }
+ PR_fprintf(PR_STDERR, "Looking up \"%s\"...\n", hostname);
+ ai = PR_GetAddrInfoByName(hostname, PR_AF_UNSPEC, PR_AI_ADDRCONFIG);
+ if (!ai) {
+ showErr("Host Name lookup failed\n");
+ exit(5);
+ }
- /* find the 'server' IP address so we don't have to look it up later */
+ iter = NULL;
+ iter = PR_EnumerateAddrInfo(iter, ai, port, &na_server);
+ /* set up the port which the client will connect to */
- if (fancy) {
- PR_fprintf(PR_STDOUT,"<HTML><HEAD><TITLE>SSLTAP output</TITLE></HEAD>\n");
- PR_fprintf(PR_STDOUT,"<BODY><PRE>\n");
+ r = PR_InitializeNetAddr(PR_IpAddrAny, rendport, &na_rend);
+ if (r == PR_FAILURE) {
+ PR_fprintf(PR_STDERR,
+ "PR_InitializeNetAddr(,%d,) failed with error %d\n", PR_GetError());
+ exit(0);
}
- PR_fprintf(PR_STDERR,"Looking up \"%s\"...\n", hostname);
- ai = PR_GetAddrInfoByName(hostname, PR_AF_UNSPEC, PR_AI_ADDRCONFIG);
- if (!ai) {
- showErr("Host Name lookup failed\n");
- exit(5);
- }
-
- iter = NULL;
- iter = PR_EnumerateAddrInfo(iter, ai, port, &na_server);
- /* set up the port which the client will connect to */
-
- r = PR_InitializeNetAddr(PR_IpAddrAny,rendport,&na_rend);
- if (r == PR_FAILURE) {
- PR_fprintf(PR_STDERR,
- "PR_InitializeNetAddr(,%d,) failed with error %d\n",PR_GetError());
- exit(0);
- }
-
- rv = NSS_NoDB_Init("");
- if (rv != SECSuccess) {
- PR_fprintf(PR_STDERR,
- "NSS_NoDB_Init() failed with error %d\n",PR_GetError());
- exit(5);
- }
-
- s_rend = PR_NewTCPSocket();
- if (!s_rend) {
- showErr("Couldn't create socket\n");
- exit(6);
- }
-
- if (PR_Bind(s_rend, &na_rend )) {
- PR_fprintf(PR_STDERR,"Couldn't bind to port %d (error %d)\n",rendport, PR_GetError());
- exit(-1);
- }
-
- if ( PR_Listen(s_rend, 5)) {
- showErr("Couldn't listen\n");
- exit(-1);
- }
-
- PR_fprintf(PR_STDERR,"Proxy socket ready and listening\n");
- do { /* accept one connection and process it. */
- PRPollDesc pds[2];
-
- s_client = PR_Accept(s_rend,&na_client,PR_SecondsToInterval(3600));
- if (s_client == NULL) {
- showErr("accept timed out\n");
- exit(7);
- }
-
- s_server = PR_OpenTCPSocket(na_server.raw.family);
- if (s_server == NULL) {
- showErr("couldn't open new socket to connect to server \n");
- exit(8);
- }
-
- r = PR_Connect(s_server,&na_server,PR_SecondsToInterval(5));
-
- if ( r == PR_FAILURE )
- {
- showErr("Couldn't connect\n");
- return -1;
+
+ rv = NSS_NoDB_Init("");
+ if (rv != SECSuccess) {
+ PR_fprintf(PR_STDERR,
+ "NSS_NoDB_Init() failed with error %d\n", PR_GetError());
+ exit(5);
+ }
+
+ s_rend = PR_NewTCPSocket();
+ if (!s_rend) {
+ showErr("Couldn't create socket\n");
+ exit(6);
+ }
+
+ if (PR_Bind(s_rend, &na_rend)) {
+ PR_fprintf(PR_STDERR, "Couldn't bind to port %d (error %d)\n", rendport, PR_GetError());
+ exit(-1);
+ }
+
+ if (PR_Listen(s_rend, 5)) {
+ showErr("Couldn't listen\n");
+ exit(-1);
+ }
+
+ PR_fprintf(PR_STDERR, "Proxy socket ready and listening\n");
+ do { /* accept one connection and process it. */
+ PRPollDesc pds[2];
+
+ s_client = PR_Accept(s_rend, &na_client, PR_SecondsToInterval(3600));
+ if (s_client == NULL) {
+ showErr("accept timed out\n");
+ exit(7);
}
- if (looparound) {
- if (fancy) PR_fprintf(PR_STDOUT,"<p><HR><H2>");
- PR_fprintf(PR_STDOUT,"Connection #%d [%s]\n", c_count+1,
- get_time_string());
- if (fancy) PR_fprintf(PR_STDOUT,"</H2>");
- }
+ s_server = PR_OpenTCPSocket(na_server.raw.family);
+ if (s_server == NULL) {
+ showErr("couldn't open new socket to connect to server \n");
+ exit(8);
+ }
+
+ r = PR_Connect(s_server, &na_server, PR_SecondsToInterval(5));
+
+ if (r == PR_FAILURE) {
+ showErr("Couldn't connect\n");
+ return -1;
+ }
+ if (looparound) {
+ if (fancy)
+ PR_fprintf(PR_STDOUT, "<p><HR><H2>");
+ PR_fprintf(PR_STDOUT, "Connection #%d [%s]\n", c_count + 1,
+ get_time_string());
+ if (fancy)
+ PR_fprintf(PR_STDOUT, "</H2>");
+ }
- PR_fprintf(PR_STDOUT,"Connected to %s:%d\n", hostname, port);
+ PR_fprintf(PR_STDOUT, "Connected to %s:%d\n", hostname, port);
#define PD_C 0
#define PD_S 1
- pds[PD_C].fd = s_client;
- pds[PD_S].fd = s_server;
- pds[PD_C].in_flags = PR_POLL_READ;
- pds[PD_S].in_flags = PR_POLL_READ;
-
- /* make sure the new connections don't start out encrypted. */
- clientstream.isEncrypted = 0;
- serverstream.isEncrypted = 0;
- isV2Session = 0;
-
- while( (pds[PD_C].in_flags & PR_POLL_READ) != 0 ||
- (pds[PD_S].in_flags & PR_POLL_READ) != 0 )
- { /* Handle all messages on the connection */
- PRInt32 amt;
- PRInt32 wrote;
- unsigned char buffer[ TAPBUFSIZ ];
-
- amt = PR_Poll(pds,2,PR_INTERVAL_NO_TIMEOUT);
- if (amt <= 0) {
- if (amt)
- showErr( "PR_Poll failed.\n");
- else
- showErr( "PR_Poll timed out.\n");
- break;
- }
-
- if (pds[PD_C].out_flags & PR_POLL_EXCEPT) {
- showErr( "Exception on client-side socket.\n");
- break;
- }
-
- if (pds[PD_S].out_flags & PR_POLL_EXCEPT) {
- showErr( "Exception on server-side socket.\n");
- break;
- }
-
-
-/* read data, copy it to stdout, and write to other socket */
-
- if ((pds[PD_C].in_flags & PR_POLL_READ) != 0 &&
- (pds[PD_C].out_flags & PR_POLL_READ) != 0 ) {
-
- amt = PR_Read(s_client, buffer, sizeof(buffer));
-
- if ( amt < 0) {
- showErr( "Client socket read failed.\n");
- break;
- }
-
- if( amt == 0 ) {
- PR_fprintf(PR_STDOUT, "Read EOF on Client socket. [%s]\n",
- get_time_string() );
- pds[PD_C].in_flags &= ~PR_POLL_READ;
- PR_Shutdown(s_server, PR_SHUTDOWN_SEND);
- continue;
- }
-
- PR_fprintf(PR_STDOUT,"--> [\n");
- if (fancy) PR_fprintf(PR_STDOUT,"<font color=blue>");
-
- if (hexparse) print_hex(amt, buffer);
- if (sslparse) print_ssl(&clientstream,amt,buffer);
- if (!hexparse && !sslparse) PR_Write(PR_STDOUT,buffer,amt);
- if (fancy) PR_fprintf(PR_STDOUT,"</font>");
- PR_fprintf(PR_STDOUT,"]\n");
-
- wrote = PR_Write(s_server, buffer, amt);
- if (wrote != amt ) {
- if (wrote < 0) {
- showErr("Write to server socket failed.\n");
- break;
- } else {
- PR_fprintf(PR_STDERR, "Short write to server socket!\n");
- }
- }
- } /* end of read from client socket. */
-
-/* read data, copy it to stdout, and write to other socket */
- if ((pds[PD_S].in_flags & PR_POLL_READ) != 0 &&
- (pds[PD_S].out_flags & PR_POLL_READ) != 0 ) {
-
- amt = PR_Read(s_server, buffer, sizeof(buffer));
-
- if ( amt < 0) {
- showErr( "error on server-side socket.\n");
- break;
- }
-
- if( amt == 0 ) {
- PR_fprintf(PR_STDOUT, "Read EOF on Server socket. [%s]\n",
- get_time_string() );
- pds[PD_S].in_flags &= ~PR_POLL_READ;
- PR_Shutdown(s_client, PR_SHUTDOWN_SEND);
- continue;
- }
-
- PR_fprintf(PR_STDOUT,"<-- [\n");
- if (fancy) PR_fprintf(PR_STDOUT,"<font color=red>");
- if (hexparse) print_hex(amt, (unsigned char *)buffer);
- if (sslparse) print_ssl(&serverstream,amt,(unsigned char *)buffer);
- if (!hexparse && !sslparse) PR_Write(PR_STDOUT,buffer,amt);
- if (fancy) PR_fprintf(PR_STDOUT,"</font>");
- PR_fprintf(PR_STDOUT,"]\n");
-
-
- wrote = PR_Write(s_client, buffer, amt);
- if (wrote != amt ) {
- if (wrote < 0) {
- showErr("Write to client socket failed.\n");
- break;
- } else {
- PR_fprintf(PR_STDERR, "Short write to client socket!\n");
- }
- }
-
- } /* end of read from server socket. */
-
-/* Loop, handle next message. */
-
- } /* handle messages during a connection loop */
- PR_Close(s_client);
- PR_Close(s_server);
- flush_stream(&clientstream);
- flush_stream(&serverstream);
- /* Connection is closed, so reset the current cipher */
- currentcipher = 0;
- c_count++;
- PR_fprintf(PR_STDERR,"Connection %d Complete [%s]\n", c_count,
- get_time_string() );
- } while (looparound); /* accept connection and process it. */
+ pds[PD_C].fd = s_client;
+ pds[PD_S].fd = s_server;
+ pds[PD_C].in_flags = PR_POLL_READ;
+ pds[PD_S].in_flags = PR_POLL_READ;
+
+ /* make sure the new connections don't start out encrypted. */
+ clientstream.isEncrypted = 0;
+ serverstream.isEncrypted = 0;
+ isV2Session = 0;
+
+ while ((pds[PD_C].in_flags & PR_POLL_READ) != 0 ||
+ (pds[PD_S].in_flags & PR_POLL_READ) != 0) { /* Handle all messages on the connection */
+ PRInt32 amt;
+ PRInt32 wrote;
+ unsigned char buffer[TAPBUFSIZ];
+
+ amt = PR_Poll(pds, 2, PR_INTERVAL_NO_TIMEOUT);
+ if (amt <= 0) {
+ if (amt)
+ showErr("PR_Poll failed.\n");
+ else
+ showErr("PR_Poll timed out.\n");
+ break;
+ }
+
+ if (pds[PD_C].out_flags & PR_POLL_EXCEPT) {
+ showErr("Exception on client-side socket.\n");
+ break;
+ }
+
+ if (pds[PD_S].out_flags & PR_POLL_EXCEPT) {
+ showErr("Exception on server-side socket.\n");
+ break;
+ }
+
+ /* read data, copy it to stdout, and write to other socket */
+
+ if ((pds[PD_C].in_flags & PR_POLL_READ) != 0 &&
+ (pds[PD_C].out_flags & PR_POLL_READ) != 0) {
+
+ amt = PR_Read(s_client, buffer, sizeof(buffer));
+
+ if (amt < 0) {
+ showErr("Client socket read failed.\n");
+ break;
+ }
+
+ if (amt == 0) {
+ PR_fprintf(PR_STDOUT, "Read EOF on Client socket. [%s]\n",
+ get_time_string());
+ pds[PD_C].in_flags &= ~PR_POLL_READ;
+ PR_Shutdown(s_server, PR_SHUTDOWN_SEND);
+ continue;
+ }
+
+ PR_fprintf(PR_STDOUT, "--> [\n");
+ if (fancy)
+ PR_fprintf(PR_STDOUT, "<font color=blue>");
+
+ if (hexparse)
+ print_hex(amt, buffer);
+ if (sslparse)
+ print_ssl(&clientstream, amt, buffer);
+ if (!hexparse && !sslparse)
+ PR_Write(PR_STDOUT, buffer, amt);
+ if (fancy)
+ PR_fprintf(PR_STDOUT, "</font>");
+ PR_fprintf(PR_STDOUT, "]\n");
+
+ wrote = PR_Write(s_server, buffer, amt);
+ if (wrote != amt) {
+ if (wrote < 0) {
+ showErr("Write to server socket failed.\n");
+ break;
+ } else {
+ PR_fprintf(PR_STDERR, "Short write to server socket!\n");
+ }
+ }
+ } /* end of read from client socket. */
+
+ /* read data, copy it to stdout, and write to other socket */
+ if ((pds[PD_S].in_flags & PR_POLL_READ) != 0 &&
+ (pds[PD_S].out_flags & PR_POLL_READ) != 0) {
+
+ amt = PR_Read(s_server, buffer, sizeof(buffer));
+
+ if (amt < 0) {
+ showErr("error on server-side socket.\n");
+ break;
+ }
+
+ if (amt == 0) {
+ PR_fprintf(PR_STDOUT, "Read EOF on Server socket. [%s]\n",
+ get_time_string());
+ pds[PD_S].in_flags &= ~PR_POLL_READ;
+ PR_Shutdown(s_client, PR_SHUTDOWN_SEND);
+ continue;
+ }
+
+ PR_fprintf(PR_STDOUT, "<-- [\n");
+ if (fancy)
+ PR_fprintf(PR_STDOUT, "<font color=red>");
+ if (hexparse)
+ print_hex(amt, (unsigned char *)buffer);
+ if (sslparse)
+ print_ssl(&serverstream, amt, (unsigned char *)buffer);
+ if (!hexparse && !sslparse)
+ PR_Write(PR_STDOUT, buffer, amt);
+ if (fancy)
+ PR_fprintf(PR_STDOUT, "</font>");
+ PR_fprintf(PR_STDOUT, "]\n");
+
+ wrote = PR_Write(s_client, buffer, amt);
+ if (wrote != amt) {
+ if (wrote < 0) {
+ showErr("Write to client socket failed.\n");
+ break;
+ } else {
+ PR_fprintf(PR_STDERR, "Short write to client socket!\n");
+ }
+ }
+
+ } /* end of read from server socket. */
+
+ /* Loop, handle next message. */
+
+ } /* handle messages during a connection loop */
+ PR_Close(s_client);
+ PR_Close(s_server);
+ flush_stream(&clientstream);
+ flush_stream(&serverstream);
+ /* Connection is closed, so reset the current cipher */
+ currentcipher = 0;
+ c_count++;
+ PR_fprintf(PR_STDERR, "Connection %d Complete [%s]\n", c_count,
+ get_time_string());
+ } while (looparound); /* accept connection and process it. */
PR_Close(s_rend);
NSS_Shutdown();
return 0;
diff --git a/cmd/strsclnt/strsclnt.c b/cmd/strsclnt/strsclnt.c
index 4a45951ba..5c8a588f8 100644
--- a/cmd/strsclnt/strsclnt.c
+++ b/cmd/strsclnt/strsclnt.c
@@ -42,44 +42,44 @@
#define RD_BUF_SIZE (60 * 1024)
-/* Include these cipher suite arrays to re-use tstclnt's
+/* Include these cipher suite arrays to re-use tstclnt's
* cipher selection code.
*/
int ssl3CipherSuites[] = {
- -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
- -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
- TLS_RSA_WITH_RC4_128_MD5, /* c */
- TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
- TLS_RSA_WITH_DES_CBC_SHA, /* e */
- TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
- -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA * h */
- TLS_RSA_WITH_NULL_MD5, /* i */
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
- SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
- TLS_RSA_WITH_RC4_128_SHA, /* n */
- TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
- TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
- TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
- TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
- TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
- TLS_RSA_WITH_NULL_SHA, /* z */
+ -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
+ TLS_RSA_WITH_RC4_128_MD5, /* c */
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
+ TLS_RSA_WITH_DES_CBC_SHA, /* e */
+ TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
+ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
+ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA * h */
+ TLS_RSA_WITH_NULL_MD5, /* i */
+ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
+ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
+ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
+ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
+ TLS_RSA_WITH_RC4_128_SHA, /* n */
+ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+ TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
+ TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
+ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
+ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
+ TLS_RSA_WITH_NULL_SHA, /* z */
0
};
#define NO_FULLHS_PERCENTAGE -1
-/* This global string is so that client main can see
- * which ciphers to use.
+/* This global string is so that client main can see
+ * which ciphers to use.
*/
static const char *cipherString;
@@ -89,8 +89,8 @@ static int MakeCertOK;
static int NoReuse;
static int fullhs = NO_FULLHS_PERCENTAGE; /* percentage of full handshakes to
** perform */
-static PRInt32 globalconid = 0; /* atomically set */
-static int total_connections; /* total number of connections to perform */
+static PRInt32 globalconid = 0; /* atomically set */
+static int total_connections; /* total number of connections to perform */
static int total_connections_rounded_down_to_hundreds;
static int total_connections_modulo_100;
@@ -98,93 +98,96 @@ static PRBool NoDelay;
static PRBool QuitOnTimeout = PR_FALSE;
static PRBool ThrottleUp = PR_FALSE;
-static PRLock * threadLock; /* protects the global variables below */
+static PRLock *threadLock; /* protects the global variables below */
static PRTime lastConnectFailure;
static PRTime lastConnectSuccess;
static PRTime lastThrottleUp;
-static PRInt32 remaining_connections; /* number of connections left */
-static int active_threads = 8; /* number of threads currently trying to
+static PRInt32 remaining_connections; /* number of connections left */
+static int active_threads = 8; /* number of threads currently trying to
** connect */
static PRInt32 numUsed;
/* end of variables protected by threadLock */
-static SSL3Statistics * ssl3stats;
+static SSL3Statistics *ssl3stats;
static int failed_already = 0;
static SSLVersionRange enabledVersions;
-static PRBool bypassPKCS11 = PR_FALSE;
-static PRBool disableLocking = PR_FALSE;
-static PRBool ignoreErrors = PR_FALSE;
+static PRBool bypassPKCS11 = PR_FALSE;
+static PRBool disableLocking = PR_FALSE;
+static PRBool ignoreErrors = PR_FALSE;
static PRBool enableSessionTickets = PR_FALSE;
-static PRBool enableCompression = PR_FALSE;
-static PRBool enableFalseStart = PR_FALSE;
-static PRBool enableCertStatus = PR_FALSE;
+static PRBool enableCompression = PR_FALSE;
+static PRBool enableFalseStart = PR_FALSE;
+static PRBool enableCertStatus = PR_FALSE;
-PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT;
+PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT;
-char * progName;
+char *progName;
secuPWData pwdata = { PW_NONE, 0 };
-int stopping;
-int verbose;
-SECItem bigBuf;
+int stopping;
+int verbose;
+SECItem bigBuf;
-#define PRINTF if (verbose) printf
-#define FPRINTF if (verbose) fprintf
+#define PRINTF \
+ if (verbose) \
+ printf
+#define FPRINTF \
+ if (verbose) \
+ fprintf
static void
Usage(const char *progName)
{
- fprintf(stderr,
- "Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n"
- " [-BDNovqs] [-f filename] [-N | -P percentage]\n"
- " [-w dbpasswd] [-C cipher(s)] [-t threads] [-W pwfile]\n"
- " [-V [min-version]:[max-version]] [-a sniHostName] hostname\n"
- " where -v means verbose\n"
- " -o flag is interpreted as follows:\n"
- " 1 -o means override the result of server certificate validation.\n"
- " 2 -o's mean skip server certificate validation altogether.\n"
- " -D means no TCP delays\n"
- " -q means quit when server gone (timeout rather than retry forever)\n"
- " -s means disable SSL socket locking\n"
- " -N means no session reuse\n"
- " -P means do a specified percentage of full handshakes (0-100)\n"
- " -V [min]:[max] restricts the set of enabled SSL/TLS protocols versions.\n"
- " All versions are enabled by default.\n"
- " Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
- " Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
- " -U means enable throttling up threads\n"
- " -B bypasses the PKCS11 layer for SSL encryption and MACing\n"
- " -T enable the cert_status extension (OCSP stapling)\n"
- " -u enable TLS Session Ticket extension\n"
- " -z enable compression\n"
- " -g enable false start\n",
- progName);
+ fprintf(stderr,
+ "Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n"
+ " [-BDNovqs] [-f filename] [-N | -P percentage]\n"
+ " [-w dbpasswd] [-C cipher(s)] [-t threads] [-W pwfile]\n"
+ " [-V [min-version]:[max-version]] [-a sniHostName] hostname\n"
+ " where -v means verbose\n"
+ " -o flag is interpreted as follows:\n"
+ " 1 -o means override the result of server certificate validation.\n"
+ " 2 -o's mean skip server certificate validation altogether.\n"
+ " -D means no TCP delays\n"
+ " -q means quit when server gone (timeout rather than retry forever)\n"
+ " -s means disable SSL socket locking\n"
+ " -N means no session reuse\n"
+ " -P means do a specified percentage of full handshakes (0-100)\n"
+ " -V [min]:[max] restricts the set of enabled SSL/TLS protocols versions.\n"
+ " All versions are enabled by default.\n"
+ " Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
+ " Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
+ " -U means enable throttling up threads\n"
+ " -B bypasses the PKCS11 layer for SSL encryption and MACing\n"
+ " -T enable the cert_status extension (OCSP stapling)\n"
+ " -u enable TLS Session Ticket extension\n"
+ " -z enable compression\n"
+ " -g enable false start\n",
+ progName);
exit(1);
}
-
static void
-errWarn(char * funcString)
+errWarn(char *funcString)
{
- PRErrorCode perr = PR_GetError();
- PRInt32 oserr = PR_GetOSError();
- const char * errString = SECU_Strerror(perr);
+ PRErrorCode perr = PR_GetError();
+ PRInt32 oserr = PR_GetOSError();
+ const char *errString = SECU_Strerror(perr);
fprintf(stderr, "strsclnt: %s returned error %d, OS error %d: %s\n",
funcString, perr, oserr, errString);
}
static void
-errExit(char * funcString)
+errExit(char *funcString)
{
errWarn(funcString);
exit(1);
}
/**************************************************************************
-**
+**
** Routines for disabling SSL ciphers.
**
**************************************************************************/
@@ -193,40 +196,40 @@ void
disableAllSSLCiphers(void)
{
const PRUint16 *cipherSuites = SSL_GetImplementedCiphers();
- int i = SSL_GetNumImplementedCiphers();
- SECStatus rv;
+ int i = SSL_GetNumImplementedCiphers();
+ SECStatus rv;
/* disable all the SSL3 cipher suites */
while (--i >= 0) {
- PRUint16 suite = cipherSuites[i];
+ PRUint16 suite = cipherSuites[i];
rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
- if (rv != SECSuccess) {
- printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
- suite, i);
- errWarn("SSL_CipherPrefSetDefault");
- exit(2);
- }
+ if (rv != SECSuccess) {
+ printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
+ suite, i);
+ errWarn("SSL_CipherPrefSetDefault");
+ exit(2);
+ }
}
}
/* This invokes the "default" AuthCert handler in libssl.
-** The only reason to use this one is that it prints out info as it goes.
+** The only reason to use this one is that it prints out info as it goes.
*/
static SECStatus
mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
- PRBool isServer)
+ PRBool isServer)
{
SECStatus rv;
- CERTCertificate * peerCert;
+ CERTCertificate *peerCert;
const SECItemArray *csa;
- if (MakeCertOK>=2) {
+ if (MakeCertOK >= 2) {
return SECSuccess;
}
peerCert = SSL_PeerCertificate(fd);
- PRINTF("strsclnt: Subject: %s\nstrsclnt: Issuer : %s\n",
- peerCert->subjectName, peerCert->issuerName);
+ PRINTF("strsclnt: Subject: %s\nstrsclnt: Issuer : %s\n",
+ peerCert->subjectName, peerCert->issuerName);
csa = SSL_PeerStapledOCSPResponses(fd);
if (csa) {
PRINTF("Received %d Cert Status items (OCSP stapled data)\n",
@@ -237,88 +240,87 @@ mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
PR_ATOMIC_INCREMENT(&certsTested);
if (rv == SECSuccess) {
- fputs("strsclnt: -- SSL: Server Certificate Validated.\n", stderr);
+ fputs("strsclnt: -- SSL: Server Certificate Validated.\n", stderr);
}
CERT_DestroyCertificate(peerCert);
/* error, if any, will be displayed by the Bad Cert Handler. */
- return rv;
+ return rv;
}
static SECStatus
-myBadCertHandler( void *arg, PRFileDesc *fd)
+myBadCertHandler(void *arg, PRFileDesc *fd)
{
PRErrorCode err = PR_GetError();
if (!MakeCertOK)
- fprintf(stderr,
- "strsclnt: -- SSL: Server Certificate Invalid, err %d.\n%s\n",
- err, SECU_Strerror(err));
+ fprintf(stderr,
+ "strsclnt: -- SSL: Server Certificate Invalid, err %d.\n%s\n",
+ err, SECU_Strerror(err));
return (MakeCertOK ? SECSuccess : SECFailure);
}
-void
+void
printSecurityInfo(PRFileDesc *fd)
{
- CERTCertificate * cert = NULL;
- SSL3Statistics * ssl3stats = SSL_GetStatistics();
+ CERTCertificate *cert = NULL;
+ SSL3Statistics *ssl3stats = SSL_GetStatistics();
SECStatus result;
- SSLChannelInfo channel;
+ SSLChannelInfo channel;
SSLCipherSuiteInfo suite;
static int only_once;
if (only_once && verbose < 2)
- return;
+ return;
only_once = 1;
result = SSL_GetChannelInfo(fd, &channel, sizeof channel);
- if (result == SECSuccess &&
- channel.length == sizeof channel &&
- channel.cipherSuite) {
- result = SSL_GetCipherSuiteInfo(channel.cipherSuite,
- &suite, sizeof suite);
- if (result == SECSuccess) {
- FPRINTF(stderr,
- "strsclnt: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n",
- channel.protocolVersion >> 8, channel.protocolVersion & 0xff,
- suite.effectiveKeyBits, suite.symCipherName,
- suite.macBits, suite.macAlgorithmName);
- FPRINTF(stderr,
- "strsclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n"
- " Compression: %s\n",
- channel.authKeyBits, suite.authAlgorithmName,
- channel.keaKeyBits, suite.keaTypeName,
- channel.compressionMethodName);
- }
+ if (result == SECSuccess &&
+ channel.length == sizeof channel &&
+ channel.cipherSuite) {
+ result = SSL_GetCipherSuiteInfo(channel.cipherSuite,
+ &suite, sizeof suite);
+ if (result == SECSuccess) {
+ FPRINTF(stderr,
+ "strsclnt: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n",
+ channel.protocolVersion >> 8, channel.protocolVersion & 0xff,
+ suite.effectiveKeyBits, suite.symCipherName,
+ suite.macBits, suite.macAlgorithmName);
+ FPRINTF(stderr,
+ "strsclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n"
+ " Compression: %s\n",
+ channel.authKeyBits, suite.authAlgorithmName,
+ channel.keaKeyBits, suite.keaTypeName,
+ channel.compressionMethodName);
+ }
}
cert = SSL_LocalCertificate(fd);
if (!cert)
- cert = SSL_PeerCertificate(fd);
+ cert = SSL_PeerCertificate(fd);
if (verbose && cert) {
- char * ip = CERT_NameToAscii(&cert->issuer);
- char * sp = CERT_NameToAscii(&cert->subject);
+ char *ip = CERT_NameToAscii(&cert->issuer);
+ char *sp = CERT_NameToAscii(&cert->subject);
if (sp) {
- fprintf(stderr, "strsclnt: subject DN: %s\n", sp);
- PORT_Free(sp);
- }
+ fprintf(stderr, "strsclnt: subject DN: %s\n", sp);
+ PORT_Free(sp);
+ }
if (ip) {
- fprintf(stderr, "strsclnt: issuer DN: %s\n", ip);
- PORT_Free(ip);
- }
+ fprintf(stderr, "strsclnt: issuer DN: %s\n", ip);
+ PORT_Free(ip);
+ }
}
if (cert) {
- CERT_DestroyCertificate(cert);
- cert = NULL;
+ CERT_DestroyCertificate(cert);
+ cert = NULL;
}
fprintf(stderr,
- "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n"
- " %ld stateless resumes\n",
- ssl3stats->hsh_sid_cache_hits,
- ssl3stats->hsh_sid_cache_misses,
- ssl3stats->hsh_sid_cache_not_ok,
- ssl3stats->hsh_sid_stateless_resumes);
-
+ "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n"
+ " %ld stateless resumes\n",
+ ssl3stats->hsh_sid_cache_hits,
+ ssl3stats->hsh_sid_cache_misses,
+ ssl3stats->hsh_sid_cache_not_ok,
+ ssl3stats->hsh_sid_stateless_resumes);
}
/**************************************************************************
@@ -329,26 +331,25 @@ printSecurityInfo(PRFileDesc *fd)
typedef SECStatus startFn(void *a, void *b, int c);
-
-static PRInt32 numConnected;
-static int max_threads; /* peak threads allowed */
+static PRInt32 numConnected;
+static int max_threads; /* peak threads allowed */
typedef struct perThreadStr {
- void * a;
- void * b;
- int tid;
- int rv;
- startFn * startFunc;
- PRThread * prThread;
- PRBool inUse;
+ void *a;
+ void *b;
+ int tid;
+ int rv;
+ startFn *startFunc;
+ PRThread *prThread;
+ PRBool inUse;
} perThread;
perThread threads[MAX_THREADS];
void
-thread_wrapper(void * arg)
+thread_wrapper(void *arg)
{
- perThread * slot = (perThread *)arg;
+ perThread *slot = (perThread *)arg;
PRBool done = PR_FALSE;
do {
@@ -357,7 +358,7 @@ thread_wrapper(void * arg)
PRTime now = PR_Now();
PR_Lock(threadLock);
- if (! (slot->tid < active_threads)) {
+ if (!(slot->tid < active_threads)) {
/* this thread isn't supposed to be running */
if (!ThrottleUp) {
/* we'll never need this thread again, so abort it */
@@ -372,13 +373,13 @@ thread_wrapper(void * arg)
** 3. there must be a more recent PR_Connect success than
** failure
*/
- if ( (now - lastConnectFailure > 10 * PR_USEC_PER_SEC) &&
- ( (!lastThrottleUp) || ( (now - lastThrottleUp) >=
- (PR_USEC_PER_SEC/2)) ) &&
- (lastConnectSuccess > lastConnectFailure) ) {
+ if ((now - lastConnectFailure > 10 * PR_USEC_PER_SEC) &&
+ ((!lastThrottleUp) || ((now - lastThrottleUp) >=
+ (PR_USEC_PER_SEC / 2))) &&
+ (lastConnectSuccess > lastConnectFailure)) {
/* try throttling up by one thread */
- active_threads = PR_MIN(max_threads, active_threads+1);
- fprintf(stderr,"active_threads set up to %d\n",
+ active_threads = PR_MIN(max_threads, active_threads + 1);
+ fprintf(stderr, "active_threads set up to %d\n",
active_threads);
lastThrottleUp = PR_MAX(now, lastThrottleUp);
}
@@ -396,8 +397,8 @@ thread_wrapper(void * arg)
}
PR_Unlock(threadLock);
if (doop) {
- slot->rv = (* slot->startFunc)(slot->a, slot->b, slot->tid);
- PRINTF("strsclnt: Thread in slot %d returned %d\n",
+ slot->rv = (*slot->startFunc)(slot->a, slot->b, slot->tid);
+ PRINTF("strsclnt: Thread in slot %d returned %d\n",
slot->tid, slot->rv);
}
if (dosleep) {
@@ -408,18 +409,18 @@ thread_wrapper(void * arg)
SECStatus
launch_thread(
- startFn * startFunc,
- void * a,
- void * b,
- int tid)
+ startFn *startFunc,
+ void *a,
+ void *b,
+ int tid)
{
PRUint32 i;
- perThread * slot;
+ perThread *slot;
PR_Lock(threadLock);
PORT_Assert(numUsed < MAX_THREADS);
- if (! (numUsed < MAX_THREADS)) {
+ if (!(numUsed < MAX_THREADS)) {
PR_Unlock(threadLock);
return SECFailure;
}
@@ -432,17 +433,17 @@ launch_thread(
slot->startFunc = startFunc;
- slot->prThread = PR_CreateThread(PR_USER_THREAD,
- thread_wrapper, slot,
- PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
- PR_JOINABLE_THREAD, 0);
+ slot->prThread = PR_CreateThread(PR_USER_THREAD,
+ thread_wrapper, slot,
+ PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+ PR_JOINABLE_THREAD, 0);
if (slot->prThread == NULL) {
- PR_Unlock(threadLock);
- printf("strsclnt: Failed to launch thread!\n");
- return SECFailure;
- }
+ PR_Unlock(threadLock);
+ printf("strsclnt: Failed to launch thread!\n");
+ return SECFailure;
+ }
- slot->inUse = 1;
+ slot->inUse = 1;
PR_Unlock(threadLock);
PRINTF("strsclnt: Launched thread in slot %d \n", i);
@@ -450,10 +451,10 @@ launch_thread(
}
/* join all the threads */
-int
+int
reap_threads(void)
{
- int i;
+ int i;
for (i = 0; i < MAX_THREADS; ++i) {
if (threads[i].prThread) {
@@ -470,8 +471,8 @@ destroy_thread_data(void)
PORT_Memset(threads, 0, sizeof threads);
if (threadLock) {
- PR_DestroyLock(threadLock);
- threadLock = NULL;
+ PR_DestroyLock(threadLock);
+ threadLock = NULL;
}
}
@@ -496,25 +497,25 @@ static const char outHeader[] = {
};
struct lockedVarsStr {
- PRLock * lock;
- int count;
- int waiters;
- PRCondVar * condVar;
+ PRLock *lock;
+ int count;
+ int waiters;
+ PRCondVar *condVar;
};
typedef struct lockedVarsStr lockedVars;
-void
-lockedVars_Init( lockedVars * lv)
+void
+lockedVars_Init(lockedVars *lv)
{
- lv->count = 0;
+ lv->count = 0;
lv->waiters = 0;
- lv->lock = PR_NewLock();
+ lv->lock = PR_NewLock();
lv->condVar = PR_NewCondVar(lv->lock);
}
void
-lockedVars_Destroy( lockedVars * lv)
+lockedVars_Destroy(lockedVars *lv)
{
PR_DestroyCondVar(lv->condVar);
lv->condVar = NULL;
@@ -524,24 +525,24 @@ lockedVars_Destroy( lockedVars * lv)
}
void
-lockedVars_WaitForDone(lockedVars * lv)
+lockedVars_WaitForDone(lockedVars *lv)
{
PR_Lock(lv->lock);
while (lv->count > 0) {
- PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
+ PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
}
PR_Unlock(lv->lock);
}
-int /* returns count */
-lockedVars_AddToCount(lockedVars * lv, int addend)
+int /* returns count */
+ lockedVars_AddToCount(lockedVars *lv, int addend)
{
int rv;
PR_Lock(lv->lock);
rv = lv->count += addend;
if (rv <= 0) {
- PR_NotifyCondVar(lv->condVar);
+ PR_NotifyCondVar(lv->condVar);
}
PR_Unlock(lv->lock);
return rv;
@@ -549,29 +550,29 @@ lockedVars_AddToCount(lockedVars * lv, int addend)
SECStatus
do_writes(
- void * a,
- void * b,
- int c)
+ void *a,
+ void *b,
+ int c)
{
- PRFileDesc * ssl_sock = (PRFileDesc *)a;
- lockedVars * lv = (lockedVars *)b;
+ PRFileDesc *ssl_sock = (PRFileDesc *)a;
+ lockedVars *lv = (lockedVars *)b;
unsigned int sent = 0;
int count = 0;
while (sent < bigBuf.len) {
- count = PR_Send(ssl_sock, bigBuf.data + sent, bigBuf.len - sent,
- 0, maxInterval);
- if (count < 0) {
- errWarn("PR_Send bigBuf");
- break;
- }
- FPRINTF(stderr, "strsclnt: PR_Send wrote %d bytes from bigBuf\n",
- count );
- sent += count;
+ count = PR_Send(ssl_sock, bigBuf.data + sent, bigBuf.len - sent,
+ 0, maxInterval);
+ if (count < 0) {
+ errWarn("PR_Send bigBuf");
+ break;
+ }
+ FPRINTF(stderr, "strsclnt: PR_Send wrote %d bytes from bigBuf\n",
+ count);
+ sent += count;
}
- if (count >= 0) { /* last write didn't fail. */
- PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND);
+ if (count >= 0) { /* last write didn't fail. */
+ PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND);
}
/* notify the reader that we're done. */
@@ -579,15 +580,14 @@ do_writes(
return (sent < bigBuf.len) ? SECFailure : SECSuccess;
}
-int
-handle_fdx_connection( PRFileDesc * ssl_sock, int connection)
+int
+handle_fdx_connection(PRFileDesc *ssl_sock, int connection)
{
- SECStatus result;
- int firstTime = 1;
- int countRead = 0;
- lockedVars lv;
- char *buf;
-
+ SECStatus result;
+ int firstTime = 1;
+ int countRead = 0;
+ lockedVars lv;
+ char *buf;
lockedVars_Init(&lv);
lockedVars_AddToCount(&lv, 1);
@@ -595,41 +595,41 @@ handle_fdx_connection( PRFileDesc * ssl_sock, int connection)
/* Attempt to launch the writer thread. */
result = launch_thread(do_writes, ssl_sock, &lv, connection);
- if (result != SECSuccess)
- goto cleanup;
+ if (result != SECSuccess)
+ goto cleanup;
buf = PR_Malloc(RD_BUF_SIZE);
if (buf) {
- do {
- /* do reads here. */
- PRInt32 count;
-
- count = PR_Recv(ssl_sock, buf, RD_BUF_SIZE, 0, maxInterval);
- if (count < 0) {
- errWarn("PR_Recv");
- break;
- }
- countRead += count;
- FPRINTF(stderr,
- "strsclnt: connection %d read %d bytes (%d total).\n",
- connection, count, countRead );
- if (firstTime) {
- firstTime = 0;
- printSecurityInfo(ssl_sock);
- }
- } while (lockedVars_AddToCount(&lv, 0) > 0);
- PR_Free(buf);
- buf = 0;
+ do {
+ /* do reads here. */
+ PRInt32 count;
+
+ count = PR_Recv(ssl_sock, buf, RD_BUF_SIZE, 0, maxInterval);
+ if (count < 0) {
+ errWarn("PR_Recv");
+ break;
+ }
+ countRead += count;
+ FPRINTF(stderr,
+ "strsclnt: connection %d read %d bytes (%d total).\n",
+ connection, count, countRead);
+ if (firstTime) {
+ firstTime = 0;
+ printSecurityInfo(ssl_sock);
+ }
+ } while (lockedVars_AddToCount(&lv, 0) > 0);
+ PR_Free(buf);
+ buf = 0;
}
/* Wait for writer to finish */
lockedVars_WaitForDone(&lv);
lockedVars_Destroy(&lv);
- FPRINTF(stderr,
- "strsclnt: connection %d read %d bytes total. -----------------------\n",
- connection, countRead);
+ FPRINTF(stderr,
+ "strsclnt: connection %d read %d bytes total. -----------------------\n",
+ connection, countRead);
cleanup:
/* Caller closes the socket. */
@@ -637,58 +637,58 @@ cleanup:
return SECSuccess;
}
-const char request[] = {"GET /abc HTTP/1.0\r\n\r\n" };
+const char request[] = { "GET /abc HTTP/1.0\r\n\r\n" };
SECStatus
-handle_connection( PRFileDesc *ssl_sock, int tid)
+handle_connection(PRFileDesc *ssl_sock, int tid)
{
- int countRead = 0;
+ int countRead = 0;
PRInt32 rv;
- char *buf;
+ char *buf;
buf = PR_Malloc(RD_BUF_SIZE);
if (!buf)
- return SECFailure;
+ return SECFailure;
/* compose the http request here. */
rv = PR_Send(ssl_sock, request, strlen(request), 0, maxInterval);
if (rv <= 0) {
- errWarn("PR_Send");
- PR_Free(buf);
- buf = 0;
+ errWarn("PR_Send");
+ PR_Free(buf);
+ buf = 0;
failed_already = 1;
- return SECFailure;
+ return SECFailure;
}
printSecurityInfo(ssl_sock);
/* read until EOF */
while (1) {
- rv = PR_Recv(ssl_sock, buf, RD_BUF_SIZE, 0, maxInterval);
- if (rv == 0) {
- break; /* EOF */
- }
- if (rv < 0) {
- errWarn("PR_Recv");
- failed_already = 1;
- break;
- }
-
- countRead += rv;
- FPRINTF(stderr,
+ rv = PR_Recv(ssl_sock, buf, RD_BUF_SIZE, 0, maxInterval);
+ if (rv == 0) {
+ break; /* EOF */
+ }
+ if (rv < 0) {
+ errWarn("PR_Recv");
+ failed_already = 1;
+ break;
+ }
+
+ countRead += rv;
+ FPRINTF(stderr,
"strsclnt: connection on thread %d read %d bytes (%d total).\n",
- tid, rv, countRead );
+ tid, rv, countRead);
}
PR_Free(buf);
buf = 0;
/* Caller closes the socket. */
- FPRINTF(stderr,
- "strsclnt: connection on thread %d read %d bytes total. ---------\n",
- tid, countRead);
+ FPRINTF(stderr,
+ "strsclnt: connection on thread %d read %d bytes total. ---------\n",
+ tid, countRead);
- return SECSuccess; /* success */
+ return SECSuccess; /* success */
}
#define USE_SOCK_PEER_ID 1
@@ -698,7 +698,7 @@ handle_connection( PRFileDesc *ssl_sock, int tid)
PRInt32 lastFullHandshakePeerID;
void
-myHandshakeCallback(PRFileDesc *socket, void *arg)
+myHandshakeCallback(PRFileDesc *socket, void *arg)
{
PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32)((char *)arg - (char *)NULL));
}
@@ -710,44 +710,44 @@ myHandshakeCallback(PRFileDesc *socket, void *arg)
*/
SECStatus
do_connects(
- void * a,
- void * b,
- int tid)
+ void *a,
+ void *b,
+ int tid)
{
- PRNetAddr * addr = (PRNetAddr *) a;
- PRFileDesc * model_sock = (PRFileDesc *) b;
- PRFileDesc * ssl_sock = 0;
- PRFileDesc * tcp_sock = 0;
- PRStatus prStatus;
- PRUint32 sleepInterval = 50; /* milliseconds */
- SECStatus rv = SECSuccess;
- PRSocketOptionData opt;
+ PRNetAddr *addr = (PRNetAddr *)a;
+ PRFileDesc *model_sock = (PRFileDesc *)b;
+ PRFileDesc *ssl_sock = 0;
+ PRFileDesc *tcp_sock = 0;
+ PRStatus prStatus;
+ PRUint32 sleepInterval = 50; /* milliseconds */
+ SECStatus rv = SECSuccess;
+ PRSocketOptionData opt;
retry:
tcp_sock = PR_OpenTCPSocket(addr->raw.family);
if (tcp_sock == NULL) {
- errExit("PR_OpenTCPSocket");
+ errExit("PR_OpenTCPSocket");
}
- opt.option = PR_SockOpt_Nonblocking;
+ opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(tcp_sock, &opt);
if (prStatus != PR_SUCCESS) {
- errWarn("PR_SetSocketOption(PR_SockOpt_Nonblocking, PR_FALSE)");
- PR_Close(tcp_sock);
- return SECSuccess;
- }
+ errWarn("PR_SetSocketOption(PR_SockOpt_Nonblocking, PR_FALSE)");
+ PR_Close(tcp_sock);
+ return SECSuccess;
+ }
if (NoDelay) {
- opt.option = PR_SockOpt_NoDelay;
- opt.value.no_delay = PR_TRUE;
- prStatus = PR_SetSocketOption(tcp_sock, &opt);
- if (prStatus != PR_SUCCESS) {
- errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
- PR_Close(tcp_sock);
- return SECSuccess;
- }
+ opt.option = PR_SockOpt_NoDelay;
+ opt.value.no_delay = PR_TRUE;
+ prStatus = PR_SetSocketOption(tcp_sock, &opt);
+ if (prStatus != PR_SUCCESS) {
+ errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
+ PR_Close(tcp_sock);
+ return SECSuccess;
+ }
}
prStatus = PR_Connect(tcp_sock, addr, PR_INTERVAL_NO_TIMEOUT);
@@ -761,30 +761,30 @@ retry:
PR_Unlock(threadLock);
PR_SetError(err, oserr); /* restore error code */
}
- if ((err == PR_CONNECT_REFUSED_ERROR) ||
- (err == PR_CONNECT_RESET_ERROR) ) {
- int connections = numConnected;
+ if ((err == PR_CONNECT_REFUSED_ERROR) ||
+ (err == PR_CONNECT_RESET_ERROR)) {
+ int connections = numConnected;
- PR_Close(tcp_sock);
+ PR_Close(tcp_sock);
PR_Lock(threadLock);
if (connections > 2 && active_threads >= connections) {
active_threads = connections - 1;
- fprintf(stderr,"active_threads set down to %d\n",
+ fprintf(stderr, "active_threads set down to %d\n",
active_threads);
}
PR_Unlock(threadLock);
if (QuitOnTimeout && sleepInterval > 40000) {
fprintf(stderr,
- "strsclnt: Client timed out waiting for connection to server.\n");
+ "strsclnt: Client timed out waiting for connection to server.\n");
exit(1);
}
- PR_Sleep(PR_MillisecondsToInterval(sleepInterval));
- sleepInterval <<= 1;
- goto retry;
- }
- errWarn("PR_Connect");
- goto done;
+ PR_Sleep(PR_MillisecondsToInterval(sleepInterval));
+ sleepInterval <<= 1;
+ goto retry;
+ }
+ errWarn("PR_Connect");
+ goto done;
} else {
if (ThrottleUp) {
PRTime now = PR_Now();
@@ -797,8 +797,8 @@ retry:
ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
/* XXX if this import fails, close tcp_sock and return. */
if (!ssl_sock) {
- PR_Close(tcp_sock);
- return SECSuccess;
+ PR_Close(tcp_sock);
+ return SECSuccess;
}
if (fullhs != NO_FULLHS_PERCENTAGE) {
#ifdef USE_SOCK_PEER_ID
@@ -810,10 +810,10 @@ retry:
PRInt32 conid = 1 + (savid - 1) % 100;
/* don't change peer ID on the very first handshake, which is always
a full, so the session gets stored into the client cache */
- if ( (savid != 1) &&
- ( ( (savid <= total_connections_rounded_down_to_hundreds) &&
- (conid <= fullhs) ) ||
- (conid*100 <= total_connections_modulo_100*fullhs ) ) )
+ if ((savid != 1) &&
+ (((savid <= total_connections_rounded_down_to_hundreds) &&
+ (conid <= fullhs)) ||
+ (conid * 100 <= total_connections_modulo_100 * fullhs)))
#ifdef USE_SOCK_PEER_ID
{
/* force a full handshake by changing the socket peer ID */
@@ -834,46 +834,46 @@ retry:
}
rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 0);
if (rv != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- goto done;
+ errWarn("SSL_ResetHandshake");
+ goto done;
}
PR_ATOMIC_INCREMENT(&numConnected);
if (bigBuf.data != NULL) {
- (void)handle_fdx_connection( ssl_sock, tid);
+ (void)handle_fdx_connection(ssl_sock, tid);
} else {
- (void)handle_connection( ssl_sock, tid);
+ (void)handle_connection(ssl_sock, tid);
}
PR_ATOMIC_DECREMENT(&numConnected);
done:
if (ssl_sock) {
- PR_Close(ssl_sock);
+ PR_Close(ssl_sock);
} else if (tcp_sock) {
- PR_Close(tcp_sock);
+ PR_Close(tcp_sock);
}
return rv;
}
-
typedef struct {
- PRLock* lock;
- char* nickname;
- CERTCertificate* cert;
- SECKEYPrivateKey* key;
- void* wincx;
+ PRLock *lock;
+ char *nickname;
+ CERTCertificate *cert;
+ SECKEYPrivateKey *key;
+ void *wincx;
} cert_and_key;
-PRBool FindCertAndKey(cert_and_key* Cert_And_Key)
+PRBool
+FindCertAndKey(cert_and_key *Cert_And_Key)
{
- if ( (NULL == Cert_And_Key->nickname) || (0 == strcmp(Cert_And_Key->nickname,"none"))) {
+ if ((NULL == Cert_And_Key->nickname) || (0 == strcmp(Cert_And_Key->nickname, "none"))) {
return PR_TRUE;
}
Cert_And_Key->cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
- Cert_And_Key->nickname, certUsageSSLClient,
- PR_FALSE, Cert_And_Key->wincx);
+ Cert_And_Key->nickname, certUsageSSLClient,
+ PR_FALSE, Cert_And_Key->wincx);
if (Cert_And_Key->cert) {
Cert_And_Key->key = PK11_FindKeyByAnyCert(Cert_And_Key->cert, Cert_And_Key->wincx);
}
@@ -884,25 +884,26 @@ PRBool FindCertAndKey(cert_and_key* Cert_And_Key)
}
}
-PRBool LoggedIn(CERTCertificate* cert, SECKEYPrivateKey* key)
+PRBool
+LoggedIn(CERTCertificate *cert, SECKEYPrivateKey *key)
{
- if ( (cert->slot) && (key->pkcs11Slot) &&
- (PR_TRUE == PK11_IsLoggedIn(cert->slot, NULL)) &&
- (PR_TRUE == PK11_IsLoggedIn(key->pkcs11Slot, NULL)) ) {
+ if ((cert->slot) && (key->pkcs11Slot) &&
+ (PR_TRUE == PK11_IsLoggedIn(cert->slot, NULL)) &&
+ (PR_TRUE == PK11_IsLoggedIn(key->pkcs11Slot, NULL))) {
return PR_TRUE;
}
-
+
return PR_FALSE;
}
-SECStatus
-StressClient_GetClientAuthData(void * arg,
- PRFileDesc * socket,
- struct CERTDistNamesStr * caNames,
- struct CERTCertificateStr ** pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey)
+SECStatus
+StressClient_GetClientAuthData(void *arg,
+ PRFileDesc *socket,
+ struct CERTDistNamesStr *caNames,
+ struct CERTCertificateStr **pRetCert,
+ struct SECKEYPrivateKeyStr **pRetKey)
{
- cert_and_key* Cert_And_Key = (cert_and_key*) arg;
+ cert_and_key *Cert_And_Key = (cert_and_key *)arg;
if (!pRetCert || !pRetKey) {
/* bad pointers, can't return a cert or key */
@@ -940,7 +941,7 @@ StressClient_GetClientAuthData(void * arg,
break;
}
/* now check if those objects are valid */
- if ( PR_FALSE == LoggedIn(*pRetCert, *pRetKey) ) {
+ if (PR_FALSE == LoggedIn(*pRetCert, *pRetKey)) {
/* token is no longer logged in, it was removed */
/* first, delete and clear our invalid local objects */
@@ -962,12 +963,11 @@ StressClient_GetClientAuthData(void * arg,
Cert_And_Key->cert = NULL;
Cert_And_Key->key = NULL;
-
/* now look up the cert and key again */
- while (PR_FALSE == FindCertAndKey(Cert_And_Key) ) {
+ while (PR_FALSE == FindCertAndKey(Cert_And_Key)) {
PR_Sleep(PR_SecondsToInterval(1));
timeout++;
- if (timeout>=60) {
+ if (timeout >= 60) {
printf("\nToken pulled and not reinserted early enough : aborting.\n");
exit(1);
}
@@ -984,12 +984,12 @@ StressClient_GetClientAuthData(void * arg,
return SECFailure;
} else {
/* no cert configured, automatically find the right cert. */
- CERTCertificate * cert = NULL;
- SECKEYPrivateKey * privkey = NULL;
- CERTCertNicknames * names;
- int i;
- void * proto_win = NULL;
- SECStatus rv = SECFailure;
+ CERTCertificate *cert = NULL;
+ SECKEYPrivateKey *privkey = NULL;
+ CERTCertNicknames *names;
+ int i;
+ void *proto_win = NULL;
+ SECStatus rv = SECFailure;
if (Cert_And_Key) {
proto_win = Cert_And_Key->wincx;
@@ -1000,20 +1000,20 @@ StressClient_GetClientAuthData(void * arg,
if (names != NULL) {
for (i = 0; i < names->numnicknames; i++) {
cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
- names->nicknames[i], certUsageSSLClient,
- PR_FALSE, proto_win);
- if ( !cert )
+ names->nicknames[i], certUsageSSLClient,
+ PR_FALSE, proto_win);
+ if (!cert)
continue;
/* Only check unexpired certs */
- if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
- secCertTimeValid ) {
+ if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
+ secCertTimeValid) {
CERT_DestroyCertificate(cert);
continue;
}
rv = NSS_CmpCertChainWCANames(cert, caNames);
- if ( rv == SECSuccess ) {
+ if (rv == SECSuccess) {
privkey = PK11_FindKeyByAnyCert(cert, proto_win);
- if ( privkey )
+ if (privkey)
break;
}
rv = SECFailure;
@@ -1023,63 +1023,63 @@ StressClient_GetClientAuthData(void * arg,
}
if (rv == SECSuccess) {
*pRetCert = cert;
- *pRetKey = privkey;
+ *pRetKey = privkey;
}
return rv;
}
}
-int
-hexchar_to_int(int c)
+int
+hexchar_to_int(int c)
{
if (((c) >= '0') && ((c) <= '9'))
- return (c) - '0';
+ return (c) - '0';
if (((c) >= 'a') && ((c) <= 'f'))
- return (c) - 'a' + 10;
+ return (c) - 'a' + 10;
if (((c) >= 'A') && ((c) <= 'F'))
- return (c) - 'A' + 10;
+ return (c) - 'A' + 10;
failed_already = 1;
return -1;
}
void
client_main(
- unsigned short port,
- int connections,
- cert_and_key* Cert_And_Key,
- const char * hostName,
- const char * sniHostName)
+ unsigned short port,
+ int connections,
+ cert_and_key *Cert_And_Key,
+ const char *hostName,
+ const char *sniHostName)
{
- PRFileDesc *model_sock = NULL;
- int i;
- int rv;
- PRStatus status;
- PRNetAddr addr;
+ PRFileDesc *model_sock = NULL;
+ int i;
+ int rv;
+ PRStatus status;
+ PRNetAddr addr;
status = PR_StringToNetAddr(hostName, &addr);
if (status == PR_SUCCESS) {
- addr.inet.port = PR_htons(port);
+ addr.inet.port = PR_htons(port);
} else {
- /* Lookup host */
- PRAddrInfo *addrInfo;
- void *enumPtr = NULL;
-
- addrInfo = PR_GetAddrInfoByName(hostName, PR_AF_UNSPEC,
- PR_AI_ADDRCONFIG | PR_AI_NOCANONNAME);
- if (!addrInfo) {
- SECU_PrintError(progName, "error looking up host");
- return;
- }
- do {
- enumPtr = PR_EnumerateAddrInfo(enumPtr, addrInfo, port, &addr);
- } while (enumPtr != NULL &&
- addr.raw.family != PR_AF_INET &&
- addr.raw.family != PR_AF_INET6);
- PR_FreeAddrInfo(addrInfo);
- if (enumPtr == NULL) {
- SECU_PrintError(progName, "error looking up host address");
- return;
- }
+ /* Lookup host */
+ PRAddrInfo *addrInfo;
+ void *enumPtr = NULL;
+
+ addrInfo = PR_GetAddrInfoByName(hostName, PR_AF_UNSPEC,
+ PR_AI_ADDRCONFIG | PR_AI_NOCANONNAME);
+ if (!addrInfo) {
+ SECU_PrintError(progName, "error looking up host");
+ return;
+ }
+ do {
+ enumPtr = PR_EnumerateAddrInfo(enumPtr, addrInfo, port, &addr);
+ } while (enumPtr != NULL &&
+ addr.raw.family != PR_AF_INET &&
+ addr.raw.family != PR_AF_INET6);
+ PR_FreeAddrInfo(addrInfo);
+ if (enumPtr == NULL) {
+ SECU_PrintError(progName, "error looking up host address");
+ return;
+ }
}
/* all suites except RSA_NULL_MD5 are enabled by Domestic Policy */
@@ -1093,46 +1093,46 @@ client_main(
disableAllSSLCiphers();
while (0 != (ndx = *cipherString)) {
- const char * startCipher = cipherString++;
- int cipher = 0;
- SECStatus rv;
-
- if (ndx == ':') {
- cipher = hexchar_to_int(*cipherString++);
- cipher <<= 4;
- cipher |= hexchar_to_int(*cipherString++);
- cipher <<= 4;
- cipher |= hexchar_to_int(*cipherString++);
- cipher <<= 4;
- cipher |= hexchar_to_int(*cipherString++);
- if (cipher <= 0) {
- fprintf(stderr, "strsclnt: Invalid cipher value: %-5.5s\n",
- startCipher);
- failed_already = 1;
- return;
- }
- } else {
- if (isalpha(ndx)) {
+ const char *startCipher = cipherString++;
+ int cipher = 0;
+ SECStatus rv;
+
+ if (ndx == ':') {
+ cipher = hexchar_to_int(*cipherString++);
+ cipher <<= 4;
+ cipher |= hexchar_to_int(*cipherString++);
+ cipher <<= 4;
+ cipher |= hexchar_to_int(*cipherString++);
+ cipher <<= 4;
+ cipher |= hexchar_to_int(*cipherString++);
+ if (cipher <= 0) {
+ fprintf(stderr, "strsclnt: Invalid cipher value: %-5.5s\n",
+ startCipher);
+ failed_already = 1;
+ return;
+ }
+ } else {
+ if (isalpha(ndx)) {
ndx = tolower(ndx) - 'a';
if (ndx < PR_ARRAY_SIZE(ssl3CipherSuites)) {
cipher = ssl3CipherSuites[ndx];
}
- }
- if (cipher <= 0) {
- fprintf(stderr, "strsclnt: Invalid cipher letter: %c\n",
- *startCipher);
- failed_already = 1;
- return;
- }
- }
- rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
- if (rv != SECSuccess) {
- fprintf(stderr,
- "strsclnt: SSL_CipherPrefSetDefault(0x%04x) failed\n",
- cipher);
- failed_already = 1;
- return;
- }
+ }
+ if (cipher <= 0) {
+ fprintf(stderr, "strsclnt: Invalid cipher letter: %c\n",
+ *startCipher);
+ failed_already = 1;
+ return;
+ }
+ }
+ rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
+ if (rv != SECSuccess) {
+ fprintf(stderr,
+ "strsclnt: SSL_CipherPrefSetDefault(0x%04x) failed\n",
+ cipher);
+ failed_already = 1;
+ return;
+ }
}
}
@@ -1140,19 +1140,19 @@ client_main(
model_sock = PR_OpenTCPSocket(addr.raw.family);
if (model_sock == NULL) {
- errExit("PR_OpenTCPSocket for model socket");
+ errExit("PR_OpenTCPSocket for model socket");
}
model_sock = SSL_ImportFD(NULL, model_sock);
if (model_sock == NULL) {
- errExit("SSL_ImportFD");
+ errExit("SSL_ImportFD");
}
/* do SSL configuration. */
rv = SSL_OptionSet(model_sock, SSL_SECURITY, enabledVersions.min != 0);
if (rv < 0) {
- errExit("SSL_OptionSet SSL_SECURITY");
+ errExit("SSL_OptionSet SSL_SECURITY");
}
rv = SSL_VersionRangeSet(model_sock, &enabledVersions);
@@ -1161,66 +1161,66 @@ client_main(
}
if (bigBuf.data) { /* doing FDX */
- rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1);
- if (rv < 0) {
- errExit("SSL_OptionSet SSL_ENABLE_FDX");
- }
+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1);
+ if (rv < 0) {
+ errExit("SSL_OptionSet SSL_ENABLE_FDX");
+ }
}
if (NoReuse) {
- rv = SSL_OptionSet(model_sock, SSL_NO_CACHE, 1);
- if (rv < 0) {
- errExit("SSL_OptionSet SSL_NO_CACHE");
- }
+ rv = SSL_OptionSet(model_sock, SSL_NO_CACHE, 1);
+ if (rv < 0) {
+ errExit("SSL_OptionSet SSL_NO_CACHE");
+ }
}
if (bypassPKCS11) {
- rv = SSL_OptionSet(model_sock, SSL_BYPASS_PKCS11, 1);
- if (rv < 0) {
- errExit("SSL_OptionSet SSL_BYPASS_PKCS11");
- }
+ rv = SSL_OptionSet(model_sock, SSL_BYPASS_PKCS11, 1);
+ if (rv < 0) {
+ errExit("SSL_OptionSet SSL_BYPASS_PKCS11");
+ }
}
if (disableLocking) {
rv = SSL_OptionSet(model_sock, SSL_NO_LOCKS, 1);
- if (rv < 0) {
- errExit("SSL_OptionSet SSL_NO_LOCKS");
- }
+ if (rv < 0) {
+ errExit("SSL_OptionSet SSL_NO_LOCKS");
+ }
}
if (enableSessionTickets) {
- rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
- if (rv != SECSuccess)
- errExit("SSL_OptionSet SSL_ENABLE_SESSION_TICKETS");
+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
+ if (rv != SECSuccess)
+ errExit("SSL_OptionSet SSL_ENABLE_SESSION_TICKETS");
}
if (enableCompression) {
- rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
- if (rv != SECSuccess)
- errExit("SSL_OptionSet SSL_ENABLE_DEFLATE");
+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
+ if (rv != SECSuccess)
+ errExit("SSL_OptionSet SSL_ENABLE_DEFLATE");
}
if (enableFalseStart) {
- rv = SSL_OptionSet(model_sock, SSL_ENABLE_FALSE_START, PR_TRUE);
- if (rv != SECSuccess)
- errExit("SSL_OptionSet SSL_ENABLE_FALSE_START");
+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_FALSE_START, PR_TRUE);
+ if (rv != SECSuccess)
+ errExit("SSL_OptionSet SSL_ENABLE_FALSE_START");
}
if (enableCertStatus) {
- rv = SSL_OptionSet(model_sock, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
- if (rv != SECSuccess)
- errExit("SSL_OptionSet SSL_ENABLE_OCSP_STAPLING");
+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
+ if (rv != SECSuccess)
+ errExit("SSL_OptionSet SSL_ENABLE_OCSP_STAPLING");
}
SSL_SetPKCS11PinArg(model_sock, &pwdata);
SSL_SetURL(model_sock, hostName);
- SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
- (void *)CERT_GetDefaultCertDB());
+ SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
+ (void *)CERT_GetDefaultCertDB());
SSL_BadCertHook(model_sock, myBadCertHandler, NULL);
- SSL_GetClientAuthDataHook(model_sock, StressClient_GetClientAuthData, (void*)Cert_And_Key);
+ SSL_GetClientAuthDataHook(model_sock, StressClient_GetClientAuthData, (void *)Cert_And_Key);
if (sniHostName) {
SSL_SetURL(model_sock, sniHostName);
@@ -1238,18 +1238,18 @@ client_main(
if (!NoReuse) {
remaining_connections = 1;
- launch_thread(do_connects, &addr, model_sock, 0);
- /* wait for the first connection to terminate, then launch the rest. */
- reap_threads();
- remaining_connections = total_connections - 1 ;
+ launch_thread(do_connects, &addr, model_sock, 0);
+ /* wait for the first connection to terminate, then launch the rest. */
+ reap_threads();
+ remaining_connections = total_connections - 1;
}
if (remaining_connections > 0) {
- active_threads = PR_MIN(active_threads, remaining_connections);
- /* Start up the threads */
- for (i=0;i<active_threads;i++) {
- launch_thread(do_connects, &addr, model_sock, i);
- }
- reap_threads();
+ active_threads = PR_MIN(active_threads, remaining_connections);
+ /* Start up the threads */
+ for (i = 0; i < active_threads; i++) {
+ launch_thread(do_connects, &addr, model_sock, i);
+ }
+ reap_threads();
}
destroy_thread_data();
@@ -1257,40 +1257,40 @@ client_main(
}
SECStatus
-readBigFile(const char * fileName)
+readBigFile(const char *fileName)
{
- PRFileInfo info;
- PRStatus status;
- SECStatus rv = SECFailure;
- int count;
- int hdrLen;
+ PRFileInfo info;
+ PRStatus status;
+ SECStatus rv = SECFailure;
+ int count;
+ int hdrLen;
PRFileDesc *local_file_fd = NULL;
status = PR_GetFileInfo(fileName, &info);
if (status == PR_SUCCESS &&
- info.type == PR_FILE_FILE &&
- info.size > 0 &&
- NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) {
-
- hdrLen = PORT_Strlen(outHeader);
- bigBuf.len = hdrLen + info.size;
- bigBuf.data = PORT_Malloc(bigBuf.len + 4095);
- if (!bigBuf.data) {
- errWarn("PORT_Malloc");
- goto done;
- }
-
- PORT_Memcpy(bigBuf.data, outHeader, hdrLen);
-
- count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size);
- if (count != info.size) {
- errWarn("PR_Read local file");
- goto done;
- }
- rv = SECSuccess;
-done:
- PR_Close(local_file_fd);
+ info.type == PR_FILE_FILE &&
+ info.size > 0 &&
+ NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) {
+
+ hdrLen = PORT_Strlen(outHeader);
+ bigBuf.len = hdrLen + info.size;
+ bigBuf.data = PORT_Malloc(bigBuf.len + 4095);
+ if (!bigBuf.data) {
+ errWarn("PORT_Malloc");
+ goto done;
+ }
+
+ PORT_Memcpy(bigBuf.data, outHeader, hdrLen);
+
+ count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size);
+ if (count != info.size) {
+ errWarn("PR_Read local file");
+ goto done;
+ }
+ rv = SECSuccess;
+ done:
+ PR_Close(local_file_fd);
}
return rv;
}
@@ -1298,144 +1298,187 @@ done:
int
main(int argc, char **argv)
{
- const char * dir = ".";
- const char * fileName = NULL;
- char * hostName = NULL;
- char * nickName = NULL;
- char * tmp = NULL;
- int connections = 1;
- int exitVal;
- int tmpInt;
- unsigned short port = 443;
- SECStatus rv;
- PLOptState * optstate;
- PLOptStatus status;
- cert_and_key Cert_And_Key;
- char * sniHostName = NULL;
+ const char *dir = ".";
+ const char *fileName = NULL;
+ char *hostName = NULL;
+ char *nickName = NULL;
+ char *tmp = NULL;
+ int connections = 1;
+ int exitVal;
+ int tmpInt;
+ unsigned short port = 443;
+ SECStatus rv;
+ PLOptState *optstate;
+ PLOptStatus status;
+ cert_and_key Cert_And_Key;
+ char *sniHostName = NULL;
/* Call the NSPR initialization routines */
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
- tmp = strrchr(argv[0], '/');
- tmp = tmp ? tmp + 1 : argv[0];
+ tmp = strrchr(argv[0], '/');
+ tmp = tmp ? tmp + 1 : argv[0];
progName = strrchr(tmp, '\\');
progName = progName ? progName + 1 : tmp;
-
optstate = PL_CreateOptState(argc, argv,
"BC:DNP:TUV:W:a:c:d:f:gin:op:qst:uvw:z");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch(optstate->option) {
- case 'B': bypassPKCS11 = PR_TRUE; break;
-
- case 'C': cipherString = optstate->value; break;
-
- case 'D': NoDelay = PR_TRUE; break;
-
- case 'I': /* reserved for OCSP multi-stapling */ break;
-
- case 'N': NoReuse = 1; break;
-
- case 'P': fullhs = PORT_Atoi(optstate->value); break;
-
- case 'T': enableCertStatus = PR_TRUE; break;
-
- case 'U': ThrottleUp = PR_TRUE; break;
-
- case 'V': if (SECU_ParseSSLVersionRangeString(optstate->value,
- enabledVersions, &enabledVersions) != SECSuccess) {
- Usage(progName);
- }
- break;
-
- case 'a': sniHostName = PL_strdup(optstate->value); break;
-
- case 'c': connections = PORT_Atoi(optstate->value); break;
-
- case 'd': dir = optstate->value; break;
-
- case 'f': fileName = optstate->value; break;
-
- case 'g': enableFalseStart = PR_TRUE; break;
-
- case 'i': ignoreErrors = PR_TRUE; break;
-
- case 'n': nickName = PL_strdup(optstate->value); break;
-
- case 'o': MakeCertOK++; break;
-
- case 'p': port = PORT_Atoi(optstate->value); break;
-
- case 'q': QuitOnTimeout = PR_TRUE; break;
-
- case 's': disableLocking = PR_TRUE; break;
-
- case 't':
- tmpInt = PORT_Atoi(optstate->value);
- if (tmpInt > 0 && tmpInt < MAX_THREADS)
- max_threads = active_threads = tmpInt;
- break;
-
- case 'u': enableSessionTickets = PR_TRUE; break;
-
- case 'v': verbose++; break;
-
- case 'w':
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = PL_strdup(optstate->value);
- break;
-
- case 'W':
- pwdata.source = PW_FROMFILE;
- pwdata.data = PL_strdup(optstate->value);
- break;
-
- case 'z': enableCompression = PR_TRUE; break;
-
- case 0: /* positional parameter */
- if (hostName) {
- Usage(progName);
- }
- hostName = PL_strdup(optstate->value);
- break;
-
- default:
- case '?':
- Usage(progName);
- break;
+ switch (optstate->option) {
+ case 'B':
+ bypassPKCS11 = PR_TRUE;
+ break;
+
+ case 'C':
+ cipherString = optstate->value;
+ break;
+
+ case 'D':
+ NoDelay = PR_TRUE;
+ break;
+
+ case 'I': /* reserved for OCSP multi-stapling */
+ break;
+
+ case 'N':
+ NoReuse = 1;
+ break;
+
+ case 'P':
+ fullhs = PORT_Atoi(optstate->value);
+ break;
+
+ case 'T':
+ enableCertStatus = PR_TRUE;
+ break;
+
+ case 'U':
+ ThrottleUp = PR_TRUE;
+ break;
+
+ case 'V':
+ if (SECU_ParseSSLVersionRangeString(optstate->value,
+ enabledVersions, &enabledVersions) !=
+ SECSuccess) {
+ Usage(progName);
+ }
+ break;
+
+ case 'a':
+ sniHostName = PL_strdup(optstate->value);
+ break;
+
+ case 'c':
+ connections = PORT_Atoi(optstate->value);
+ break;
+
+ case 'd':
+ dir = optstate->value;
+ break;
+
+ case 'f':
+ fileName = optstate->value;
+ break;
+
+ case 'g':
+ enableFalseStart = PR_TRUE;
+ break;
+
+ case 'i':
+ ignoreErrors = PR_TRUE;
+ break;
+
+ case 'n':
+ nickName = PL_strdup(optstate->value);
+ break;
+
+ case 'o':
+ MakeCertOK++;
+ break;
+
+ case 'p':
+ port = PORT_Atoi(optstate->value);
+ break;
+
+ case 'q':
+ QuitOnTimeout = PR_TRUE;
+ break;
+
+ case 's':
+ disableLocking = PR_TRUE;
+ break;
+
+ case 't':
+ tmpInt = PORT_Atoi(optstate->value);
+ if (tmpInt > 0 && tmpInt < MAX_THREADS)
+ max_threads = active_threads = tmpInt;
+ break;
+
+ case 'u':
+ enableSessionTickets = PR_TRUE;
+ break;
+
+ case 'v':
+ verbose++;
+ break;
+
+ case 'w':
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = PL_strdup(optstate->value);
+ break;
+
+ case 'W':
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = PL_strdup(optstate->value);
+ break;
+
+ case 'z':
+ enableCompression = PR_TRUE;
+ break;
+
+ case 0: /* positional parameter */
+ if (hostName) {
+ Usage(progName);
+ }
+ hostName = PL_strdup(optstate->value);
+ break;
- }
+ default:
+ case '?':
+ Usage(progName);
+ break;
+ }
}
PL_DestroyOptState(optstate);
if (!hostName || status == PL_OPT_BAD)
- Usage(progName);
+ Usage(progName);
- if (fullhs!= NO_FULLHS_PERCENTAGE && (fullhs < 0 || fullhs>100 || NoReuse) )
+ if (fullhs != NO_FULLHS_PERCENTAGE && (fullhs < 0 || fullhs > 100 || NoReuse))
Usage(progName);
if (port == 0)
- Usage(progName);
+ Usage(progName);
if (fileName)
- readBigFile(fileName);
+ readBigFile(fileName);
PK11_SetPasswordFunc(SECU_GetModulePassword);
tmp = PR_GetEnvSecure("NSS_DEBUG_TIMEOUT");
if (tmp && tmp[0]) {
int sec = PORT_Atoi(tmp);
- if (sec > 0) {
- maxInterval = PR_SecondsToInterval(sec);
- }
+ if (sec > 0) {
+ maxInterval = PR_SecondsToInterval(sec);
+ }
}
/* Call the NSS initialization routines */
rv = NSS_Initialize(dir, "", "", SECMOD_DB, NSS_INIT_READONLY);
if (rv != SECSuccess) {
- fputs("NSS_Init failed.\n", stderr);
- exit(1);
+ fputs("NSS_Init failed.\n", stderr);
+ exit(1);
}
ssl3stats = SSL_GetStatistics();
Cert_And_Key.lock = PR_NewLock();
@@ -1446,17 +1489,16 @@ main(int argc, char **argv)
if (PR_FALSE == FindCertAndKey(&Cert_And_Key)) {
- if (Cert_And_Key.cert == NULL) {
- fprintf(stderr, "strsclnt: Can't find certificate %s\n", Cert_And_Key.nickname);
- exit(1);
- }
-
- if (Cert_And_Key.key == NULL) {
- fprintf(stderr, "strsclnt: Can't find Private Key for cert %s\n",
- Cert_And_Key.nickname);
- exit(1);
- }
+ if (Cert_And_Key.cert == NULL) {
+ fprintf(stderr, "strsclnt: Can't find certificate %s\n", Cert_And_Key.nickname);
+ exit(1);
+ }
+ if (Cert_And_Key.key == NULL) {
+ fprintf(stderr, "strsclnt: Can't find Private Key for cert %s\n",
+ Cert_And_Key.nickname);
+ exit(1);
+ }
}
client_main(port, connections, &Cert_And_Key, hostName,
@@ -1464,10 +1506,10 @@ main(int argc, char **argv)
/* clean up */
if (Cert_And_Key.cert) {
- CERT_DestroyCertificate(Cert_And_Key.cert);
+ CERT_DestroyCertificate(Cert_And_Key.cert);
}
if (Cert_And_Key.key) {
- SECKEY_DestroyPrivateKey(Cert_And_Key.key);
+ SECKEY_DestroyPrivateKey(Cert_And_Key.key);
}
PR_DestroyLock(Cert_And_Key.lock);
@@ -1486,31 +1528,31 @@ main(int argc, char **argv)
/* some final stats. */
printf(
- "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n"
- " %ld stateless resumes\n",
+ "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n"
+ " %ld stateless resumes\n",
ssl3stats->hsh_sid_cache_hits,
ssl3stats->hsh_sid_cache_misses,
ssl3stats->hsh_sid_cache_not_ok,
ssl3stats->hsh_sid_stateless_resumes);
if (!NoReuse) {
- if (enableSessionTickets)
- exitVal = (ssl3stats->hsh_sid_stateless_resumes == 0);
- else
- exitVal = (ssl3stats->hsh_sid_cache_misses > 1) ||
- (ssl3stats->hsh_sid_stateless_resumes != 0);
- if (!exitVal)
- exitVal = (ssl3stats->hsh_sid_cache_not_ok != 0) ||
- (certsTested > 1);
+ if (enableSessionTickets)
+ exitVal = (ssl3stats->hsh_sid_stateless_resumes == 0);
+ else
+ exitVal = (ssl3stats->hsh_sid_cache_misses > 1) ||
+ (ssl3stats->hsh_sid_stateless_resumes != 0);
+ if (!exitVal)
+ exitVal = (ssl3stats->hsh_sid_cache_not_ok != 0) ||
+ (certsTested > 1);
} else {
- printf("strsclnt: NoReuse - %d server certificates tested.\n",
+ printf("strsclnt: NoReuse - %d server certificates tested.\n",
certsTested);
exitVal = (ssl3stats->hsh_sid_cache_misses != connections) ||
- (ssl3stats->hsh_sid_stateless_resumes != 0) ||
- (certsTested != connections);
+ (ssl3stats->hsh_sid_stateless_resumes != 0) ||
+ (certsTested != connections);
}
- exitVal = ( exitVal || failed_already );
+ exitVal = (exitVal || failed_already);
SSL_ClearSessionCache();
if (NSS_Shutdown() != SECSuccess) {
printf("strsclnt: NSS_Shutdown() failed.\n");
@@ -1520,4 +1562,3 @@ main(int argc, char **argv)
PR_Cleanup();
return exitVal;
}
-
diff --git a/cmd/symkeyutil/symkeyutil.c b/cmd/symkeyutil/symkeyutil.c
index 353da711b..6170cc3c5 100644
--- a/cmd/symkeyutil/symkeyutil.c
+++ b/cmd/symkeyutil/symkeyutil.c
@@ -38,7 +38,7 @@
#include "nss.h"
typedef struct _KeyTypes {
- CK_KEY_TYPE keyType;
+ CK_KEY_TYPE keyType;
CK_MECHANISM_TYPE mechType;
CK_MECHANISM_TYPE wrapMech;
char *label;
@@ -54,10 +54,10 @@ static KeyTypes keyArray[] = {
{ CKK_KEA, CKM_KEA_KEY_DERIVE, CKM_INVALID_MECHANISM, "kea" },
#endif
{ CKK_GENERIC_SECRET, CKM_SHA_1_HMAC, CKM_INVALID_MECHANISM, "generic" },
- { CKK_RC2, CKM_RC2_CBC, CKM_RC2_ECB,"rc2" },
+ { CKK_RC2, CKM_RC2_CBC, CKM_RC2_ECB, "rc2" },
/* don't define a wrap mech for RC-4 since it's note really safe */
- { CKK_RC4, CKM_RC4, CKM_INVALID_MECHANISM, "rc4" },
- { CKK_DES, CKM_DES_CBC, CKM_DES_ECB,"des" },
+ { CKK_RC4, CKM_RC4, CKM_INVALID_MECHANISM, "rc4" },
+ { CKK_DES, CKM_DES_CBC, CKM_DES_ECB, "des" },
{ CKK_DES2, CKM_DES2_KEY_GEN, CKM_DES3_ECB, "des2" },
{ CKK_DES3, CKM_DES3_KEY_GEN, CKM_DES3_ECB, "des3" },
{ CKK_CAST, CKM_CAST_CBC, CKM_CAST_ECB, "cast" },
@@ -74,10 +74,10 @@ static KeyTypes keyArray[] = {
{ CKK_CAMELLIA, CKM_CAMELLIA_CBC, CKM_CAMELLIA_ECB, "camellia" },
};
-static int keyArraySize = sizeof(keyArray)/sizeof(keyArray[0]);
+static int keyArraySize = sizeof(keyArray) / sizeof(keyArray[0]);
int
-GetLen(PRFileDesc* fd)
+GetLen(PRFileDesc *fd)
{
PRFileInfo info;
@@ -93,29 +93,29 @@ ReadBuf(char *inFile, SECItem *item)
{
int len;
int ret;
- PRFileDesc* fd = PR_Open(inFile, PR_RDONLY, 0);
+ PRFileDesc *fd = PR_Open(inFile, PR_RDONLY, 0);
if (NULL == fd) {
SECU_PrintError("symkeyutil", "PR_Open failed");
- return -1;
+ return -1;
}
len = GetLen(fd);
if (len < 0) {
- SECU_PrintError("symkeyutil", "PR_GetOpenFileInfo failed");
- return -1;
+ SECU_PrintError("symkeyutil", "PR_GetOpenFileInfo failed");
+ return -1;
}
item->data = (unsigned char *)PORT_Alloc(len);
if (item->data == NULL) {
- fprintf(stderr,"Failed to allocate %d to read file %s\n",len,inFile);
- return -1;
+ fprintf(stderr, "Failed to allocate %d to read file %s\n", len, inFile);
+ return -1;
}
- ret = PR_Read(fd,item->data,item->len);
+ ret = PR_Read(fd, item->data, item->len);
if (ret < 0) {
- SECU_PrintError("symkeyutil", "PR_Read failed");
- PORT_Free(item->data);
- item->data = NULL;
- return -1;
+ SECU_PrintError("symkeyutil", "PR_Read failed");
+ PORT_Free(item->data);
+ item->data = NULL;
+ return -1;
}
PR_Close(fd);
item->len = len;
@@ -126,16 +126,16 @@ int
WriteBuf(char *inFile, SECItem *item)
{
int ret;
- PRFileDesc* fd = PR_Open(inFile, PR_WRONLY|PR_CREATE_FILE, 0x200);
+ PRFileDesc *fd = PR_Open(inFile, PR_WRONLY | PR_CREATE_FILE, 0x200);
if (NULL == fd) {
SECU_PrintError("symkeyutil", "PR_Open failed");
- return -1;
+ return -1;
}
- ret = PR_Write(fd,item->data,item->len);
+ ret = PR_Write(fd, item->data, item->len);
if (ret < 0) {
- SECU_PrintError("symkeyutil", "PR_Write failed");
- return -1;
+ SECU_PrintError("symkeyutil", "PR_Write failed");
+ return -1;
}
PR_Close(fd);
return 0;
@@ -145,10 +145,10 @@ CK_KEY_TYPE
GetKeyTypeFromString(const char *keyString)
{
int i;
- for (i=0; i < keyArraySize; i++) {
- if (PL_strcasecmp(keyString,keyArray[i].label) == 0) {
- return keyArray[i].keyType;
- }
+ for (i = 0; i < keyArraySize; i++) {
+ if (PL_strcasecmp(keyString, keyArray[i].label) == 0) {
+ return keyArray[i].keyType;
+ }
}
return (CK_KEY_TYPE)-1;
}
@@ -157,10 +157,10 @@ CK_MECHANISM_TYPE
GetKeyMechFromString(const char *keyString)
{
int i;
- for (i=0; i < keyArraySize; i++) {
- if (PL_strcasecmp(keyString,keyArray[i].label) == 0) {
- return keyArray[i].mechType;
- }
+ for (i = 0; i < keyArraySize; i++) {
+ if (PL_strcasecmp(keyString, keyArray[i].label) == 0) {
+ return keyArray[i].mechType;
+ }
}
return (CK_MECHANISM_TYPE)-1;
}
@@ -169,10 +169,10 @@ const char *
GetStringFromKeyType(CK_KEY_TYPE type)
{
int i;
- for (i=0; i < keyArraySize; i++) {
- if (keyArray[i].keyType == type) {
- return keyArray[i].label;
- }
+ for (i = 0; i < keyArraySize; i++) {
+ if (keyArray[i].keyType == type) {
+ return keyArray[i].label;
+ }
}
return "unmatched";
}
@@ -181,10 +181,10 @@ CK_MECHANISM_TYPE
GetWrapFromKeyType(CK_KEY_TYPE type)
{
int i;
- for (i=0; i < keyArraySize; i++) {
- if (keyArray[i].keyType == type) {
- return keyArray[i].wrapMech;
- }
+ for (i = 0; i < keyArraySize; i++) {
+ if (keyArray[i].keyType == type) {
+ return keyArray[i].wrapMech;
+ }
}
return CKM_INVALID_MECHANISM;
}
@@ -201,16 +201,16 @@ int
GetDigit(char c)
{
if (c == 0) {
- return -1;
+ return -1;
}
if (c <= '9' && c >= '0') {
- return c - '0';
+ return c - '0';
}
if (c <= 'f' && c >= 'a') {
- return c - 'a' + 0xa;
+ return c - 'a' + 0xa;
}
if (c <= 'F' && c >= 'A') {
- return c - 'A' + 0xa;
+ return c - 'A' + 0xa;
}
return -1;
}
@@ -220,52 +220,51 @@ ToDigit(unsigned char c)
{
c = c & 0xf;
if (c <= 9) {
- return (char) (c+'0');
+ return (char)(c + '0');
}
- return (char) (c+'a'-0xa);
+ return (char)(c + 'a' - 0xa);
}
char *
BufToHex(SECItem *outbuf)
{
- int len = outbuf->len * 2 +1;
+ int len = outbuf->len * 2 + 1;
char *string, *ptr;
unsigned int i;
string = PORT_Alloc(len);
ptr = string;
- for (i=0; i < outbuf->len; i++) {
- *ptr++ = ToDigit(outbuf->data[i] >> 4);
- *ptr++ = ToDigit(outbuf->data[i] & 0xf);
+ for (i = 0; i < outbuf->len; i++) {
+ *ptr++ = ToDigit(outbuf->data[i] >> 4);
+ *ptr++ = ToDigit(outbuf->data[i] & 0xf);
}
*ptr = 0;
return string;
}
-
int
HexToBuf(char *inString, SECItem *outbuf)
{
int len = strlen(inString);
- int outlen = len+1/2;
+ int outlen = len + 1 / 2;
int trueLen = 0;
outbuf->data = PORT_Alloc(outlen);
if (outbuf->data) {
- return -1;
+ return -1;
}
while (*inString) {
- int digit1, digit2;
- digit1 = GetDigit(*inString++);
- digit2 = GetDigit(*inString++);
- if ((digit1 == -1) || (digit2 == -1)) {
- PORT_Free(outbuf->data);
- outbuf->data = NULL;
- return -1;
- }
- outbuf->data[trueLen++] = digit1 << 4 | digit2;
+ int digit1, digit2;
+ digit1 = GetDigit(*inString++);
+ digit2 = GetDigit(*inString++);
+ if ((digit1 == -1) || (digit2 == -1)) {
+ PORT_Free(outbuf->data);
+ outbuf->data = NULL;
+ return -1;
+ }
+ outbuf->data[trueLen++] = digit1 << 4 | digit2;
}
outbuf->len = trueLen;
return 0;
@@ -276,8 +275,8 @@ printBuf(unsigned char *data, int len)
{
int i;
- for (i=0; i < len; i++) {
- printf("%02x",data[i]);
+ for (i = 0; i < len; i++) {
+ printf("%02x", data[i]);
}
}
@@ -289,35 +288,37 @@ PrintKey(PK11SymKey *symKey)
int strength = PK11_GetKeyStrength(symKey, NULL);
SECItem *value = NULL;
CK_KEY_TYPE type = PK11_GetSymKeyType(symKey);
- (void) PK11_ExtractKeyValue(symKey);
+ (void)PK11_ExtractKeyValue(symKey);
value = PK11_GetKeyData(symKey);
- printf("%-20s %3d %4d %10s ", name ? name: " ", len, strength,
- GetStringFromKeyType(type));
+ printf("%-20s %3d %4d %10s ", name ? name : " ", len, strength,
+ GetStringFromKeyType(type));
if (value && value->data) {
- printBuf(value->data, value->len);
+ printBuf(value->data, value->len);
} else {
- printf("<restricted>");
+ printf("<restricted>");
}
printf("\n");
}
SECStatus
-ListKeys(PK11SlotInfo *slot, int *printLabel, void *pwd) {
+ListKeys(PK11SlotInfo *slot, int *printLabel, void *pwd)
+{
PK11SymKey *keyList;
SECStatus rv = PK11_Authenticate(slot, PR_FALSE, pwd);
if (rv != SECSuccess) {
- return rv;;
+ return rv;
+ ;
}
keyList = PK11_ListFixedKeysInSlot(slot, NULL, pwd);
if (keyList) {
- if (*printLabel) {
+ if (*printLabel) {
printf(" Name Len Strength Type Data\n");
- *printLabel = 0;
- }
- printf("%s:\n",PK11_GetTokenName(slot));
+ *printLabel = 0;
+ }
+ printf("%s:\n", PK11_GetTokenName(slot));
}
while (keyList) {
PK11SymKey *freeKey = keyList;
@@ -335,20 +336,19 @@ FindKey(PK11SlotInfo *slot, char *name, SECItem *id, void *pwd)
SECStatus rv = PK11_Authenticate(slot, PR_FALSE, pwd);
if (rv != SECSuccess) {
- return NULL;
+ return NULL;
}
-
if (id->data) {
- key = PK11_FindFixedKey(slot,CKM_INVALID_MECHANISM, id, pwd);
+ key = PK11_FindFixedKey(slot, CKM_INVALID_MECHANISM, id, pwd);
}
if (name && !key) {
- key = PK11_ListFixedKeysInSlot(slot,name, pwd);
+ key = PK11_ListFixedKeysInSlot(slot, name, pwd);
}
if (key) {
- printf("Found a key\n");
- PrintKey(key);
+ printf("Found a key\n");
+ PrintKey(key);
}
return key;
}
@@ -356,25 +356,25 @@ FindKey(PK11SlotInfo *slot, char *name, SECItem *id, void *pwd)
PRBool
IsKeyList(PK11SymKey *symKey)
{
- return (PRBool) (PK11_GetNextSymKey(symKey) != NULL);
+ return (PRBool)(PK11_GetNextSymKey(symKey) != NULL);
}
void
FreeKeyList(PK11SymKey *symKey)
{
- PK11SymKey *next,*current;
+ PK11SymKey *next, *current;
- for (current = symKey; current; current = next) {
- next = PK11_GetNextSymKey(current);
- PK11_FreeSymKey(current);
- }
- return;
+ for (current = symKey; current; current = next) {
+ next = PK11_GetNextSymKey(current);
+ PK11_FreeSymKey(current);
+ }
+ return;
}
-
-static void
+
+static void
Usage(char *progName)
{
-#define FPS fprintf(stderr,
+#define FPS fprintf(stderr,
FPS "Type %s -H for more detailed descriptions\n", progName);
FPS "Usage:");
FPS "\t%s -L [std_opts] [-r]\n", progName);
@@ -390,112 +390,113 @@ Usage(char *progName)
exit(1);
}
-static void LongUsage(char *progName)
+static void
+LongUsage(char *progName)
{
int i;
FPS "%-15s List all the keys.\n", "-L");
FPS "%-15s Generate a new key.\n", "-K");
FPS "%-20s Specify the nickname of the new key\n",
- " -n name");
+ " -n name");
FPS "%-20s Specify the id in hex of the new key\n",
- " -i key id");
+ " -i key id");
FPS "%-20s Specify a file to read the id of the new key\n",
- " -j key id file");
+ " -j key id file");
FPS "%-20s Specify the keyType of the new key\n",
- " -t type");
+ " -t type");
FPS "%-20s", " valid types: ");
- for (i=0; i < keyArraySize ; i++) {
- FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
+ for (i = 0; i < keyArraySize; i++) {
+ FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
}
FPS "%-20s Specify the size of the new key in bytes (required by some types)\n",
- " -s size");
+ " -s size");
FPS "%-15s Delete a key.\n", "-D");
FPS "%-20s Specify the nickname of the key to delete\n",
- " -n name");
+ " -n name");
FPS "%-20s Specify the id in hex of the key to delete\n",
- " -i key id");
+ " -i key id");
FPS "%-20s Specify a file to read the id of the key to delete\n",
- " -j key id file");
+ " -j key id file");
FPS "%-15s Import a new key from a data file.\n", "-I");
FPS "%-20s Specify the data file to read the key from.\n",
- " -k key file");
+ " -k key file");
FPS "%-20s Specify the nickname of the new key\n",
- " -n name");
+ " -n name");
FPS "%-20s Specify the id in hex of the new key\n",
- " -i key id");
+ " -i key id");
FPS "%-20s Specify a file to read the id of the new key\n",
- " -j key id file");
+ " -j key id file");
FPS "%-20s Specify the keyType of the new key\n",
- " -t type");
+ " -t type");
FPS "%-20s", " valid types: ");
- for (i=0; i < keyArraySize ; i++) {
- FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
+ for (i = 0; i < keyArraySize; i++) {
+ FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
}
FPS "%-15s Export a key to a data file.\n", "-E");
FPS "%-20s Specify the data file to write the key to.\n",
- " -k key file");
+ " -k key file");
FPS "%-20s Specify the nickname of the key to export\n",
- " -n name");
+ " -n name");
FPS "%-20s Specify the id in hex of the key to export\n",
- " -i key id");
+ " -i key id");
FPS "%-20s Specify a file to read the id of the key to export\n",
- " -j key id file");
+ " -j key id file");
FPS "%-15s Move a key to a new token.\n", "-M");
FPS "%-20s Specify the nickname of the key to move\n",
- " -n name");
+ " -n name");
FPS "%-20s Specify the id in hex of the key to move\n",
- " -i key id");
+ " -i key id");
FPS "%-20s Specify a file to read the id of the key to move\n",
- " -j key id file");
+ " -j key id file");
FPS "%-20s Specify the token to move the key to\n",
- " -g target token");
+ " -g target token");
FPS "%-15s Unwrap a new key from a data file.\n", "-U");
FPS "%-20s Specify the data file to read the encrypted key from.\n",
- " -k key file");
+ " -k key file");
FPS "%-20s Specify the nickname of the new key\n",
- " -n name");
+ " -n name");
FPS "%-20s Specify the id in hex of the new key\n",
- " -i key id");
+ " -i key id");
FPS "%-20s Specify a file to read the id of the new key\n",
- " -j key id file");
+ " -j key id file");
FPS "%-20s Specify the keyType of the new key\n",
- " -t type");
+ " -t type");
FPS "%-20s", " valid types: ");
- for (i=0; i < keyArraySize ; i++) {
- FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
+ for (i = 0; i < keyArraySize; i++) {
+ FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
}
FPS "%-20s Specify the nickname of the wrapping key\n",
- " -w wrap name");
+ " -w wrap name");
FPS "%-20s Specify the id in hex of the wrapping key\n",
- " -x wrap key id");
+ " -x wrap key id");
FPS "%-20s Specify a file to read the id of the wrapping key\n",
- " -y wrap key id file");
+ " -y wrap key id file");
FPS "%-15s Wrap a new key to a data file. [not yet implemented]\n", "-W");
FPS "%-20s Specify the data file to write the encrypted key to.\n",
- " -k key file");
+ " -k key file");
FPS "%-20s Specify the nickname of the key to wrap\n",
- " -n name");
+ " -n name");
FPS "%-20s Specify the id in hex of the key to wrap\n",
- " -i key id");
+ " -i key id");
FPS "%-20s Specify a file to read the id of the key to wrap\n",
- " -j key id file");
+ " -j key id file");
FPS "%-20s Specify the nickname of the wrapping key\n",
- " -w wrap name");
+ " -w wrap name");
FPS "%-20s Specify the id in hex of the wrapping key\n",
- " -x wrap key id");
+ " -x wrap key id");
FPS "%-20s Specify a file to read the id of the wrapping key\n",
- " -y wrap key id file");
+ " -y wrap key id file");
FPS "%-15s Options valid for all commands\n", "std_opts");
FPS "%-20s The directory where the NSS db's reside\n",
- " -d certdir");
+ " -d certdir");
FPS "%-20s Prefix for the NSS db's\n",
- " -P db prefix");
+ " -P db prefix");
FPS "%-20s Specify password on the command line\n",
- " -p password");
+ " -p password");
FPS "%-20s Specify password file on the command line\n",
- " -f password file");
+ " -f password file");
FPS "%-20s Specify token to act on\n",
- " -h token");
+ " -h token");
exit(1);
#undef FPS
}
@@ -535,54 +536,54 @@ enum {
};
static secuCommandFlag symKeyUtil_commands[] =
-{
- { /* cmd_CreateNewKey */ 'K', PR_FALSE, 0, PR_FALSE },
- { /* cmd_DeleteKey */ 'D', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ImportKey */ 'I', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ExportKey */ 'E', PR_FALSE, 0, PR_FALSE },
- { /* cmd_WrapKey */ 'W', PR_FALSE, 0, PR_FALSE },
- { /* cmd_UnwrapKey */ 'U', PR_FALSE, 0, PR_FALSE },
- { /* cmd_MoveKey */ 'M', PR_FALSE, 0, PR_FALSE },
- { /* cmd_ListKeys */ 'L', PR_FALSE, 0, PR_FALSE },
- { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE },
-};
+ {
+ { /* cmd_CreateNewKey */ 'K', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_DeleteKey */ 'D', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_ImportKey */ 'I', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_ExportKey */ 'E', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_WrapKey */ 'W', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_UnwrapKey */ 'U', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_MoveKey */ 'M', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_ListKeys */ 'L', PR_FALSE, 0, PR_FALSE },
+ { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE },
+ };
static secuCommandFlag symKeyUtil_options[] =
-{
- { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
- { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE },
- { /* opt_TargetToken */ 'g', PR_TRUE, 0, PR_FALSE },
- { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeyID */ 'i', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeyIDFile */ 'j', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeyType */ 't', PR_TRUE, 0, PR_FALSE },
- { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
- { /* opt_KeyFile */ 'k', PR_TRUE, 0, PR_FALSE },
- { /* opt_Password */ 'p', PR_TRUE, 0, PR_FALSE },
- { /* opt_dbPrefix */ 'P', PR_TRUE, 0, PR_FALSE },
- { /* opt_RW */ 'r', PR_FALSE, 0, PR_FALSE },
- { /* opt_KeySize */ 's', PR_TRUE, 0, PR_FALSE },
- { /* opt_WrapKeyName */ 'w', PR_TRUE, 0, PR_FALSE },
- { /* opt_WrapKeyID */ 'x', PR_TRUE, 0, PR_FALSE },
- { /* opt_WrapKeyIDFile */ 'y', PR_TRUE, 0, PR_FALSE },
- { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE },
-};
+ {
+ { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
+ { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE },
+ { /* opt_TargetToken */ 'g', PR_TRUE, 0, PR_FALSE },
+ { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE },
+ { /* opt_KeyID */ 'i', PR_TRUE, 0, PR_FALSE },
+ { /* opt_KeyIDFile */ 'j', PR_TRUE, 0, PR_FALSE },
+ { /* opt_KeyType */ 't', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
+ { /* opt_KeyFile */ 'k', PR_TRUE, 0, PR_FALSE },
+ { /* opt_Password */ 'p', PR_TRUE, 0, PR_FALSE },
+ { /* opt_dbPrefix */ 'P', PR_TRUE, 0, PR_FALSE },
+ { /* opt_RW */ 'r', PR_FALSE, 0, PR_FALSE },
+ { /* opt_KeySize */ 's', PR_TRUE, 0, PR_FALSE },
+ { /* opt_WrapKeyName */ 'w', PR_TRUE, 0, PR_FALSE },
+ { /* opt_WrapKeyID */ 'x', PR_TRUE, 0, PR_FALSE },
+ { /* opt_WrapKeyIDFile */ 'y', PR_TRUE, 0, PR_FALSE },
+ { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE },
+ };
-int
+int
main(int argc, char **argv)
{
PK11SlotInfo *slot = NULL;
- char * slotname = "internal";
- char * certPrefix = "";
- CK_MECHANISM_TYPE keyType = CKM_SHA_1_HMAC;
- int keySize = 0;
- char * name = NULL;
- char * wrapName = NULL;
- secuPWData pwdata = { PW_NONE, 0 };
- PRBool readOnly = PR_FALSE;
- SECItem key;
- SECItem keyID;
- SECItem wrapKeyID;
+ char *slotname = "internal";
+ char *certPrefix = "";
+ CK_MECHANISM_TYPE keyType = CKM_SHA_1_HMAC;
+ int keySize = 0;
+ char *name = NULL;
+ char *wrapName = NULL;
+ secuPWData pwdata = { PW_NONE, 0 };
+ PRBool readOnly = PR_FALSE;
+ SECItem key;
+ SECItem keyID;
+ SECItem wrapKeyID;
int commandsEntered = 0;
int commandToRun = 0;
char *progName;
@@ -590,177 +591,179 @@ main(int argc, char **argv)
SECStatus rv = SECFailure;
secuCommand symKeyUtil;
- symKeyUtil.numCommands=sizeof(symKeyUtil_commands)/sizeof(secuCommandFlag);
- symKeyUtil.numOptions=sizeof(symKeyUtil_options)/sizeof(secuCommandFlag);
+ symKeyUtil.numCommands = sizeof(symKeyUtil_commands) / sizeof(secuCommandFlag);
+ symKeyUtil.numOptions = sizeof(symKeyUtil_options) / sizeof(secuCommandFlag);
symKeyUtil.commands = symKeyUtil_commands;
symKeyUtil.options = symKeyUtil_options;
- key.data = NULL; key.len = 0;
- keyID.data = NULL; keyID.len = 0;
- wrapKeyID.data = NULL; wrapKeyID.len = 0;
+ key.data = NULL;
+ key.len = 0;
+ keyID.data = NULL;
+ keyID.len = 0;
+ wrapKeyID.data = NULL;
+ wrapKeyID.len = 0;
progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
rv = SECU_ParseCommandLine(argc, argv, progName, &symKeyUtil);
if (rv != SECSuccess)
- Usage(progName);
+ Usage(progName);
rv = SECFailure;
/* -H print help */
if (symKeyUtil.commands[cmd_PrintHelp].activated)
- LongUsage(progName);
+ LongUsage(progName);
/* -f password file, -p password */
if (symKeyUtil.options[opt_PasswordFile].arg) {
- pwdata.source = PW_FROMFILE;
- pwdata.data = symKeyUtil.options[opt_PasswordFile].arg;
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = symKeyUtil.options[opt_PasswordFile].arg;
} else if (symKeyUtil.options[opt_Password].arg) {
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = symKeyUtil.options[opt_Password].arg;
- }
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = symKeyUtil.options[opt_Password].arg;
+ }
/* -d directory */
if (symKeyUtil.options[opt_CertDir].activated)
- SECU_ConfigDirectory(symKeyUtil.options[opt_CertDir].arg);
+ SECU_ConfigDirectory(symKeyUtil.options[opt_CertDir].arg);
/* -s key size */
if (symKeyUtil.options[opt_KeySize].activated) {
- keySize = PORT_Atoi(symKeyUtil.options[opt_KeySize].arg);
+ keySize = PORT_Atoi(symKeyUtil.options[opt_KeySize].arg);
}
/* -h specify token name */
if (symKeyUtil.options[opt_TokenName].activated) {
- if (PL_strcmp(symKeyUtil.options[opt_TokenName].arg, "all") == 0)
- slotname = NULL;
- else
- slotname = PL_strdup(symKeyUtil.options[opt_TokenName].arg);
+ if (PL_strcmp(symKeyUtil.options[opt_TokenName].arg, "all") == 0)
+ slotname = NULL;
+ else
+ slotname = PL_strdup(symKeyUtil.options[opt_TokenName].arg);
}
/* -t key type */
- if (symKeyUtil.options[opt_KeyType].activated) {
- keyType = GetKeyMechFromString(symKeyUtil.options[opt_KeyType].arg);
- if (keyType == (CK_MECHANISM_TYPE)-1) {
- PR_fprintf(PR_STDERR,
- "%s unknown key type (%s).\n",
- progName, symKeyUtil.options[opt_KeyType].arg);
- return 255;
- }
+ if (symKeyUtil.options[opt_KeyType].activated) {
+ keyType = GetKeyMechFromString(symKeyUtil.options[opt_KeyType].arg);
+ if (keyType == (CK_MECHANISM_TYPE)-1) {
+ PR_fprintf(PR_STDERR,
+ "%s unknown key type (%s).\n",
+ progName, symKeyUtil.options[opt_KeyType].arg);
+ return 255;
+ }
}
/* -k for import and unwrap, it specifies an input file to read from,
* for export and wrap it specifies an output file to write to */
if (symKeyUtil.options[opt_KeyFile].activated) {
if (symKeyUtil.commands[cmd_ImportKey].activated ||
- symKeyUtil.commands[cmd_UnwrapKey].activated ) {
- int ret = ReadBuf(symKeyUtil.options[opt_KeyFile].arg, &key);
- if (ret < 0) {
- PR_fprintf(PR_STDERR,
- "%s Couldn't read key file (%s).\n",
- progName, symKeyUtil.options[opt_KeyFile].arg);
- return 255;
- }
- }
+ symKeyUtil.commands[cmd_UnwrapKey].activated) {
+ int ret = ReadBuf(symKeyUtil.options[opt_KeyFile].arg, &key);
+ if (ret < 0) {
+ PR_fprintf(PR_STDERR,
+ "%s Couldn't read key file (%s).\n",
+ progName, symKeyUtil.options[opt_KeyFile].arg);
+ return 255;
+ }
+ }
}
/* -i specify the key ID */
if (symKeyUtil.options[opt_KeyID].activated) {
- int ret = HexToBuf(symKeyUtil.options[opt_KeyID].arg, &keyID);
- if (ret < 0) {
- PR_fprintf(PR_STDERR,
- "%s invalid key ID (%s).\n",
- progName, symKeyUtil.options[opt_KeyID].arg);
- return 255;
- }
+ int ret = HexToBuf(symKeyUtil.options[opt_KeyID].arg, &keyID);
+ if (ret < 0) {
+ PR_fprintf(PR_STDERR,
+ "%s invalid key ID (%s).\n",
+ progName, symKeyUtil.options[opt_KeyID].arg);
+ return 255;
+ }
}
/* -i & -j are mutually exclusive */
if ((symKeyUtil.options[opt_KeyID].activated) &&
- (symKeyUtil.options[opt_KeyIDFile].activated)) {
- PR_fprintf(PR_STDERR,
- "%s -i and -j options are mutually exclusive.\n", progName);
- return 255;
+ (symKeyUtil.options[opt_KeyIDFile].activated)) {
+ PR_fprintf(PR_STDERR,
+ "%s -i and -j options are mutually exclusive.\n", progName);
+ return 255;
}
/* -x specify the Wrap key ID */
if (symKeyUtil.options[opt_WrapKeyID].activated) {
- int ret = HexToBuf(symKeyUtil.options[opt_WrapKeyID].arg, &wrapKeyID);
- if (ret < 0) {
- PR_fprintf(PR_STDERR,
- "%s invalid key ID (%s).\n",
- progName, symKeyUtil.options[opt_WrapKeyID].arg);
- return 255;
- }
+ int ret = HexToBuf(symKeyUtil.options[opt_WrapKeyID].arg, &wrapKeyID);
+ if (ret < 0) {
+ PR_fprintf(PR_STDERR,
+ "%s invalid key ID (%s).\n",
+ progName, symKeyUtil.options[opt_WrapKeyID].arg);
+ return 255;
+ }
}
/* -x & -y are mutually exclusive */
if ((symKeyUtil.options[opt_KeyID].activated) &&
- (symKeyUtil.options[opt_KeyIDFile].activated)) {
- PR_fprintf(PR_STDERR,
- "%s -i and -j options are mutually exclusive.\n", progName);
- return 255;
+ (symKeyUtil.options[opt_KeyIDFile].activated)) {
+ PR_fprintf(PR_STDERR,
+ "%s -i and -j options are mutually exclusive.\n", progName);
+ return 255;
}
-
/* -y specify the key ID */
if (symKeyUtil.options[opt_WrapKeyIDFile].activated) {
- int ret = ReadBuf(symKeyUtil.options[opt_WrapKeyIDFile].arg,
- &wrapKeyID);
- if (ret < 0) {
- PR_fprintf(PR_STDERR,
- "%s Couldn't read key ID file (%s).\n",
- progName, symKeyUtil.options[opt_WrapKeyIDFile].arg);
- return 255;
- }
+ int ret = ReadBuf(symKeyUtil.options[opt_WrapKeyIDFile].arg,
+ &wrapKeyID);
+ if (ret < 0) {
+ PR_fprintf(PR_STDERR,
+ "%s Couldn't read key ID file (%s).\n",
+ progName, symKeyUtil.options[opt_WrapKeyIDFile].arg);
+ return 255;
+ }
}
/* -P certdb name prefix */
if (symKeyUtil.options[opt_dbPrefix].activated)
- certPrefix = symKeyUtil.options[opt_dbPrefix].arg;
+ certPrefix = symKeyUtil.options[opt_dbPrefix].arg;
/* Check number of commands entered. */
commandsEntered = 0;
- for (i=0; i< symKeyUtil.numCommands; i++) {
- if (symKeyUtil.commands[i].activated) {
- commandToRun = symKeyUtil.commands[i].flag;
- commandsEntered++;
- }
- if (commandsEntered > 1)
- break;
+ for (i = 0; i < symKeyUtil.numCommands; i++) {
+ if (symKeyUtil.commands[i].activated) {
+ commandToRun = symKeyUtil.commands[i].flag;
+ commandsEntered++;
+ }
+ if (commandsEntered > 1)
+ break;
}
if (commandsEntered > 1) {
- PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName);
- PR_fprintf(PR_STDERR, "You entered: ");
- for (i=0; i< symKeyUtil.numCommands; i++) {
- if (symKeyUtil.commands[i].activated)
- PR_fprintf(PR_STDERR, " -%c", symKeyUtil.commands[i].flag);
- }
- PR_fprintf(PR_STDERR, "\n");
- return 255;
+ PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName);
+ PR_fprintf(PR_STDERR, "You entered: ");
+ for (i = 0; i < symKeyUtil.numCommands; i++) {
+ if (symKeyUtil.commands[i].activated)
+ PR_fprintf(PR_STDERR, " -%c", symKeyUtil.commands[i].flag);
+ }
+ PR_fprintf(PR_STDERR, "\n");
+ return 255;
}
if (commandsEntered == 0) {
- PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName);
- Usage(progName);
+ PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName);
+ Usage(progName);
}
if (symKeyUtil.commands[cmd_ListKeys].activated ||
- symKeyUtil.commands[cmd_PrintHelp].activated ||
- symKeyUtil.commands[cmd_ExportKey].activated ||
- symKeyUtil.commands[cmd_WrapKey].activated) {
- readOnly = !symKeyUtil.options[opt_RW].activated;
+ symKeyUtil.commands[cmd_PrintHelp].activated ||
+ symKeyUtil.commands[cmd_ExportKey].activated ||
+ symKeyUtil.commands[cmd_WrapKey].activated) {
+ readOnly = !symKeyUtil.options[opt_RW].activated;
}
if ((symKeyUtil.commands[cmd_ImportKey].activated ||
symKeyUtil.commands[cmd_ExportKey].activated ||
symKeyUtil.commands[cmd_WrapKey].activated ||
- symKeyUtil.commands[cmd_UnwrapKey].activated ) &&
+ symKeyUtil.commands[cmd_UnwrapKey].activated) &&
!symKeyUtil.options[opt_KeyFile].activated) {
- PR_fprintf(PR_STDERR,
- "%s -%c: keyfile is required for this command (-k).\n",
- progName, commandToRun);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s -%c: keyfile is required for this command (-k).\n",
+ progName, commandToRun);
+ return 255;
}
/* -E, -D, -W, and all require -n, -i, or -j to identify the key */
@@ -768,42 +771,42 @@ main(int argc, char **argv)
symKeyUtil.commands[cmd_DeleteKey].activated ||
symKeyUtil.commands[cmd_WrapKey].activated) &&
!(symKeyUtil.options[opt_Nickname].activated ||
- symKeyUtil.options[opt_KeyID].activated ||
- symKeyUtil.options[opt_KeyIDFile].activated)) {
- PR_fprintf(PR_STDERR,
- "%s -%c: nickname or id is required for this command (-n, -i, -j).\n",
- progName, commandToRun);
- return 255;
+ symKeyUtil.options[opt_KeyID].activated ||
+ symKeyUtil.options[opt_KeyIDFile].activated)) {
+ PR_fprintf(PR_STDERR,
+ "%s -%c: nickname or id is required for this command (-n, -i, -j).\n",
+ progName, commandToRun);
+ return 255;
}
/* -W, -U, and all -w, -x, or -y to identify the wrapping key */
- if (( symKeyUtil.commands[cmd_WrapKey].activated ||
+ if ((symKeyUtil.commands[cmd_WrapKey].activated ||
symKeyUtil.commands[cmd_UnwrapKey].activated) &&
!(symKeyUtil.options[opt_WrapKeyName].activated ||
- symKeyUtil.options[opt_WrapKeyID].activated ||
- symKeyUtil.options[opt_WrapKeyIDFile].activated)) {
- PR_fprintf(PR_STDERR,
- "%s -%c: wrap key is required for this command (-w, -x, or -y).\n",
- progName, commandToRun);
- return 255;
+ symKeyUtil.options[opt_WrapKeyID].activated ||
+ symKeyUtil.options[opt_WrapKeyIDFile].activated)) {
+ PR_fprintf(PR_STDERR,
+ "%s -%c: wrap key is required for this command (-w, -x, or -y).\n",
+ progName, commandToRun);
+ return 255;
}
/* -M needs the target slot (-g) */
- if (symKeyUtil.commands[cmd_MoveKey].activated &&
- !symKeyUtil.options[opt_TargetToken].activated) {
- PR_fprintf(PR_STDERR,
- "%s -%c: target token is required for this command (-g).\n",
- progName, commandToRun);
- return 255;
+ if (symKeyUtil.commands[cmd_MoveKey].activated &&
+ !symKeyUtil.options[opt_TargetToken].activated) {
+ PR_fprintf(PR_STDERR,
+ "%s -%c: target token is required for this command (-g).\n",
+ progName, commandToRun);
+ return 255;
}
- /* Using slotname == NULL for listing keys and certs on all slots,
+ /* Using slotname == NULL for listing keys and certs on all slots,
* but only that. */
if (!(symKeyUtil.commands[cmd_ListKeys].activated) && slotname == NULL) {
- PR_fprintf(PR_STDERR,
- "%s -%c: cannot use \"-h all\" for this command.\n",
- progName, commandToRun);
- return 255;
+ PR_fprintf(PR_STDERR,
+ "%s -%c: cannot use \"-h all\" for this command.\n",
+ progName, commandToRun);
+ return 255;
}
name = SECU_GetOptionArg(&symKeyUtil, opt_Nickname);
@@ -814,203 +817,203 @@ main(int argc, char **argv)
/* Initialize NSPR and NSS. */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_Initialize(SECU_ConfigDirectory(NULL), certPrefix, certPrefix,
- "secmod.db", readOnly ? NSS_INIT_READONLY: 0);
+ "secmod.db", readOnly ? NSS_INIT_READONLY : 0);
if (rv != SECSuccess) {
- SECU_PrintPRandOSError(progName);
- goto shutdown;
+ SECU_PrintPRandOSError(progName);
+ goto shutdown;
}
rv = SECFailure;
if (PL_strcmp(slotname, "internal") == 0)
- slot = PK11_GetInternalKeySlot();
+ slot = PK11_GetInternalKeySlot();
else if (slotname != NULL)
- slot = PK11_FindSlotByName(slotname);
+ slot = PK11_FindSlotByName(slotname);
/* generating a new key */
- if (symKeyUtil.commands[cmd_CreateNewKey].activated) {
- PK11SymKey *symKey;
-
- symKey = PK11_TokenKeyGen(slot, keyType, NULL, keySize,
- NULL, PR_TRUE, &pwdata);
- if (!symKey) {
- PR_fprintf(PR_STDERR, "%s: Token Key Gen Failed\n", progName);
- goto shutdown;
- }
- if (symKeyUtil.options[opt_Nickname].activated) {
- rv = PK11_SetSymKeyNickname(symKey, name);
- if (rv != SECSuccess) {
- PK11_DeleteTokenSymKey(symKey);
- PK11_FreeSymKey(symKey);
- PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n",
- progName);
- goto shutdown;
- }
- }
- rv = SECSuccess;
- PrintKey(symKey);
- PK11_FreeSymKey(symKey);
+ if (symKeyUtil.commands[cmd_CreateNewKey].activated) {
+ PK11SymKey *symKey;
+
+ symKey = PK11_TokenKeyGen(slot, keyType, NULL, keySize,
+ NULL, PR_TRUE, &pwdata);
+ if (!symKey) {
+ PR_fprintf(PR_STDERR, "%s: Token Key Gen Failed\n", progName);
+ goto shutdown;
+ }
+ if (symKeyUtil.options[opt_Nickname].activated) {
+ rv = PK11_SetSymKeyNickname(symKey, name);
+ if (rv != SECSuccess) {
+ PK11_DeleteTokenSymKey(symKey);
+ PK11_FreeSymKey(symKey);
+ PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n",
+ progName);
+ goto shutdown;
+ }
+ }
+ rv = SECSuccess;
+ PrintKey(symKey);
+ PK11_FreeSymKey(symKey);
}
if (symKeyUtil.commands[cmd_DeleteKey].activated) {
- PK11SymKey *symKey = FindKey(slot,name,&keyID,&pwdata);
-
- if (!symKey) {
- char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
- PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
- progName, keyName, PK11_GetTokenName(slot));
- PORT_Free(keyName);
- goto shutdown;
- }
-
- rv = PK11_DeleteTokenSymKey(symKey);
- FreeKeyList(symKey);
- if (rv != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s: Couldn't Delete Key \n", progName);
- goto shutdown;
- }
+ PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata);
+
+ if (!symKey) {
+ char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
+ PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
+ progName, keyName, PK11_GetTokenName(slot));
+ PORT_Free(keyName);
+ goto shutdown;
+ }
+
+ rv = PK11_DeleteTokenSymKey(symKey);
+ FreeKeyList(symKey);
+ if (rv != SECSuccess) {
+ PR_fprintf(PR_STDERR, "%s: Couldn't Delete Key \n", progName);
+ goto shutdown;
+ }
}
if (symKeyUtil.commands[cmd_UnwrapKey].activated) {
- PK11SymKey *wrapKey = FindKey(slot,wrapName,&wrapKeyID,&pwdata);
- PK11SymKey *symKey;
- CK_MECHANISM_TYPE mechanism;
-
- if (!wrapKey) {
- char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
- : PORT_Strdup(wrapName);
- PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
- progName, keyName, PK11_GetTokenName(slot));
- PORT_Free(keyName);
- goto shutdown;
- }
- mechanism = GetWrapMechanism(wrapKey);
- if (mechanism == CKM_INVALID_MECHANISM) {
- char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
- : PORT_Strdup(wrapName);
- PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n",
- progName, keyName, PK11_GetTokenName(slot));
- PORT_Free(keyName);
- PK11_FreeSymKey(wrapKey);
- goto shutdown;
- }
-
- symKey = PK11_UnwrapSymKeyWithFlagsPerm(wrapKey, mechanism, NULL,
- &key, keyType, CKA_ENCRYPT, keySize, 0, PR_TRUE);
- PK11_FreeSymKey(wrapKey);
- if (!symKey) {
- PR_fprintf(PR_STDERR, "%s: Unwrap Key Failed\n", progName);
- goto shutdown;
- }
-
- if (symKeyUtil.options[opt_Nickname].activated) {
- rv = PK11_SetSymKeyNickname(symKey, name);
- if (rv != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n",
- progName);
- PK11_DeleteTokenSymKey(symKey);
- PK11_FreeSymKey(symKey);
- goto shutdown;
- }
- }
- rv = SECSuccess;
- PrintKey(symKey);
- PK11_FreeSymKey(symKey);
+ PK11SymKey *wrapKey = FindKey(slot, wrapName, &wrapKeyID, &pwdata);
+ PK11SymKey *symKey;
+ CK_MECHANISM_TYPE mechanism;
+
+ if (!wrapKey) {
+ char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
+ : PORT_Strdup(wrapName);
+ PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
+ progName, keyName, PK11_GetTokenName(slot));
+ PORT_Free(keyName);
+ goto shutdown;
+ }
+ mechanism = GetWrapMechanism(wrapKey);
+ if (mechanism == CKM_INVALID_MECHANISM) {
+ char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
+ : PORT_Strdup(wrapName);
+ PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n",
+ progName, keyName, PK11_GetTokenName(slot));
+ PORT_Free(keyName);
+ PK11_FreeSymKey(wrapKey);
+ goto shutdown;
+ }
+
+ symKey = PK11_UnwrapSymKeyWithFlagsPerm(wrapKey, mechanism, NULL,
+ &key, keyType, CKA_ENCRYPT, keySize, 0, PR_TRUE);
+ PK11_FreeSymKey(wrapKey);
+ if (!symKey) {
+ PR_fprintf(PR_STDERR, "%s: Unwrap Key Failed\n", progName);
+ goto shutdown;
+ }
+
+ if (symKeyUtil.options[opt_Nickname].activated) {
+ rv = PK11_SetSymKeyNickname(symKey, name);
+ if (rv != SECSuccess) {
+ PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n",
+ progName);
+ PK11_DeleteTokenSymKey(symKey);
+ PK11_FreeSymKey(symKey);
+ goto shutdown;
+ }
+ }
+ rv = SECSuccess;
+ PrintKey(symKey);
+ PK11_FreeSymKey(symKey);
}
#define MAX_KEY_SIZE 4098
if (symKeyUtil.commands[cmd_WrapKey].activated) {
- PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata);
- PK11SymKey *wrapKey;
- CK_MECHANISM_TYPE mechanism;
- SECItem data;
- unsigned char buf[MAX_KEY_SIZE];
- int ret;
-
- if (!symKey) {
- char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
- PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
- progName, keyName, PK11_GetTokenName(slot));
- PORT_Free(keyName);
- goto shutdown;
- }
-
- wrapKey = FindKey(slot, wrapName, &wrapKeyID, &pwdata);
- if (!wrapKey) {
- char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
- : PORT_Strdup(wrapName);
- PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
- progName, keyName, PK11_GetTokenName(slot));
- PORT_Free(keyName);
- PK11_FreeSymKey(symKey);
- goto shutdown;
- }
-
- mechanism = GetWrapMechanism(wrapKey);
- if (mechanism == CKM_INVALID_MECHANISM) {
- char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
- : PORT_Strdup(wrapName);
- PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n",
- progName, keyName, PK11_GetTokenName(slot));
- PORT_Free(keyName);
- PK11_FreeSymKey(symKey);
- PK11_FreeSymKey(wrapKey);
- goto shutdown;
- }
-
- data.data = buf;
- data.len = sizeof(buf);
- rv = PK11_WrapSymKey(mechanism, NULL, wrapKey, symKey, &data);
- PK11_FreeSymKey(symKey);
- PK11_FreeSymKey(wrapKey);
- if (rv != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s: Couldn't wrap key\n",progName);
- goto shutdown;
- }
-
- /* WriteBuf outputs it's own error using SECU_PrintError */
- ret = WriteBuf(symKeyUtil.options[opt_KeyFile].arg, &data);
- if (ret < 0) {
- goto shutdown;
- }
+ PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata);
+ PK11SymKey *wrapKey;
+ CK_MECHANISM_TYPE mechanism;
+ SECItem data;
+ unsigned char buf[MAX_KEY_SIZE];
+ int ret;
+
+ if (!symKey) {
+ char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
+ PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
+ progName, keyName, PK11_GetTokenName(slot));
+ PORT_Free(keyName);
+ goto shutdown;
+ }
+
+ wrapKey = FindKey(slot, wrapName, &wrapKeyID, &pwdata);
+ if (!wrapKey) {
+ char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
+ : PORT_Strdup(wrapName);
+ PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
+ progName, keyName, PK11_GetTokenName(slot));
+ PORT_Free(keyName);
+ PK11_FreeSymKey(symKey);
+ goto shutdown;
+ }
+
+ mechanism = GetWrapMechanism(wrapKey);
+ if (mechanism == CKM_INVALID_MECHANISM) {
+ char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
+ : PORT_Strdup(wrapName);
+ PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n",
+ progName, keyName, PK11_GetTokenName(slot));
+ PORT_Free(keyName);
+ PK11_FreeSymKey(symKey);
+ PK11_FreeSymKey(wrapKey);
+ goto shutdown;
+ }
+
+ data.data = buf;
+ data.len = sizeof(buf);
+ rv = PK11_WrapSymKey(mechanism, NULL, wrapKey, symKey, &data);
+ PK11_FreeSymKey(symKey);
+ PK11_FreeSymKey(wrapKey);
+ if (rv != SECSuccess) {
+ PR_fprintf(PR_STDERR, "%s: Couldn't wrap key\n", progName);
+ goto shutdown;
+ }
+
+ /* WriteBuf outputs it's own error using SECU_PrintError */
+ ret = WriteBuf(symKeyUtil.options[opt_KeyFile].arg, &data);
+ if (ret < 0) {
+ goto shutdown;
+ }
}
if (symKeyUtil.commands[cmd_ImportKey].activated) {
- PK11SymKey *symKey = PK11_ImportSymKey(slot, keyType,
- PK11_OriginUnwrap, CKA_ENCRYPT, &key,&pwdata);
- if (!symKey) {
- PR_fprintf(PR_STDERR, "%s: Import Key Failed\n", progName);
- goto shutdown;
- }
- if (symKeyUtil.options[opt_Nickname].activated) {
- rv = PK11_SetSymKeyNickname(symKey, name);
- if (rv != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n",
- progName);
- PK11_DeleteTokenSymKey(symKey);
- PK11_FreeSymKey(symKey);
- goto shutdown;
- }
- }
- rv = SECSuccess;
- PrintKey(symKey);
- PK11_FreeSymKey(symKey);
+ PK11SymKey *symKey = PK11_ImportSymKey(slot, keyType,
+ PK11_OriginUnwrap, CKA_ENCRYPT, &key, &pwdata);
+ if (!symKey) {
+ PR_fprintf(PR_STDERR, "%s: Import Key Failed\n", progName);
+ goto shutdown;
+ }
+ if (symKeyUtil.options[opt_Nickname].activated) {
+ rv = PK11_SetSymKeyNickname(symKey, name);
+ if (rv != SECSuccess) {
+ PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n",
+ progName);
+ PK11_DeleteTokenSymKey(symKey);
+ PK11_FreeSymKey(symKey);
+ goto shutdown;
+ }
+ }
+ rv = SECSuccess;
+ PrintKey(symKey);
+ PK11_FreeSymKey(symKey);
}
/* List certs (-L) */
if (symKeyUtil.commands[cmd_ListKeys].activated) {
- int printLabel = 1;
- if (slot) {
- rv = ListKeys(slot,&printLabel,&pwdata);
- } else {
- /* loop over all the slots */
- PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
- PR_FALSE, PR_FALSE, &pwdata);
- if (slotList == NULL) {
- PR_fprintf(PR_STDERR, "%s: No tokens found\n",progName);
- } else {
+ int printLabel = 1;
+ if (slot) {
+ rv = ListKeys(slot, &printLabel, &pwdata);
+ } else {
+ /* loop over all the slots */
+ PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
+ PR_FALSE, PR_FALSE, &pwdata);
+ if (slotList == NULL) {
+ PR_fprintf(PR_STDERR, "%s: No tokens found\n", progName);
+ } else {
PK11SlotListElement *se;
- for (se = PK11_GetFirstSafe(slotList); se;
- se=PK11_GetNextSafe(slotList,se, PR_FALSE)) {
- rv = ListKeys(se->slot,&printLabel,&pwdata);
- if (rv !=SECSuccess) {
+ for (se = PK11_GetFirstSafe(slotList); se;
+ se = PK11_GetNextSafe(slotList, se, PR_FALSE)) {
+ rv = ListKeys(se->slot, &printLabel, &pwdata);
+ if (rv != SECSuccess) {
break;
}
}
@@ -1019,72 +1022,72 @@ main(int argc, char **argv)
}
PK11_FreeSlotList(slotList);
}
- }
+ }
}
/* Move key (-M) */
if (symKeyUtil.commands[cmd_MoveKey].activated) {
- PK11SlotInfo *target;
- char *targetName = symKeyUtil.options[opt_TargetToken].arg;
- PK11SymKey *newKey;
- PK11SymKey *symKey = FindKey(slot,name,&keyID,&pwdata);
- char *keyName = PK11_GetSymKeyNickname(symKey);
-
- if (!symKey) {
- char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
- PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
- progName, keyName, PK11_GetTokenName(slot));
- PORT_Free(keyName);
- goto shutdown;
- }
- target = PK11_FindSlotByName(targetName);
- if (!target) {
- PR_fprintf(PR_STDERR, "%s: Couldn't find slot %s\n",
- progName, targetName);
- goto shutdown;
- }
- rv = PK11_Authenticate(target, PR_FALSE, &pwdata);
- if (rv != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s: Failed to log into %s\n",
- progName, targetName);
- goto shutdown;
- }
- rv = SECFailure;
- newKey = PK11_MoveSymKey(target, CKA_ENCRYPT, 0, PR_TRUE, symKey);
- if (!newKey) {
- PR_fprintf(PR_STDERR, "%s: Couldn't move the key \n",progName);
- goto shutdown;
- }
- if (keyName) {
- rv = PK11_SetSymKeyNickname(newKey, keyName);
- if (rv != SECSuccess) {
- PK11_DeleteTokenSymKey(newKey);
- PK11_FreeSymKey(newKey);
- PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n",
- progName);
- goto shutdown;
- }
- }
- PK11_FreeSymKey(newKey);
- rv = SECSuccess;
+ PK11SlotInfo *target;
+ char *targetName = symKeyUtil.options[opt_TargetToken].arg;
+ PK11SymKey *newKey;
+ PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata);
+ char *keyName = PK11_GetSymKeyNickname(symKey);
+
+ if (!symKey) {
+ char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
+ PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
+ progName, keyName, PK11_GetTokenName(slot));
+ PORT_Free(keyName);
+ goto shutdown;
+ }
+ target = PK11_FindSlotByName(targetName);
+ if (!target) {
+ PR_fprintf(PR_STDERR, "%s: Couldn't find slot %s\n",
+ progName, targetName);
+ goto shutdown;
+ }
+ rv = PK11_Authenticate(target, PR_FALSE, &pwdata);
+ if (rv != SECSuccess) {
+ PR_fprintf(PR_STDERR, "%s: Failed to log into %s\n",
+ progName, targetName);
+ goto shutdown;
+ }
+ rv = SECFailure;
+ newKey = PK11_MoveSymKey(target, CKA_ENCRYPT, 0, PR_TRUE, symKey);
+ if (!newKey) {
+ PR_fprintf(PR_STDERR, "%s: Couldn't move the key \n", progName);
+ goto shutdown;
+ }
+ if (keyName) {
+ rv = PK11_SetSymKeyNickname(newKey, keyName);
+ if (rv != SECSuccess) {
+ PK11_DeleteTokenSymKey(newKey);
+ PK11_FreeSymKey(newKey);
+ PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n",
+ progName);
+ goto shutdown;
+ }
+ }
+ PK11_FreeSymKey(newKey);
+ rv = SECSuccess;
}
shutdown:
if (rv != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s: %s\n", progName,
- SECU_Strerror(PORT_GetError()));
+ PR_fprintf(PR_STDERR, "%s: %s\n", progName,
+ SECU_Strerror(PORT_GetError()));
}
if (key.data) {
- PORT_Free(key.data);
+ PORT_Free(key.data);
}
if (keyID.data) {
- PORT_Free(keyID.data);
+ PORT_Free(keyID.data);
}
if (slot) {
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
}
if (NSS_Shutdown() != SECSuccess) {
@@ -1092,11 +1095,8 @@ shutdown:
}
if (rv == SECSuccess) {
- return 0;
+ return 0;
} else {
- return 255;
+ return 255;
}
}
-
-
-
diff --git a/cmd/tests/baddbdir.c b/cmd/tests/baddbdir.c
index 91668e9d1..b2bb2d681 100644
--- a/cmd/tests/baddbdir.c
+++ b/cmd/tests/baddbdir.c
@@ -15,7 +15,8 @@
* if the directory <dbdir> doesn't exist.
*/
-int main()
+int
+main()
{
SECStatus status;
int error;
@@ -28,7 +29,8 @@ int main()
error = PORT_GetError();
if (error != SEC_ERROR_BAD_DATABASE) {
fprintf(stderr, "NSS_InitReadWrite failed with the wrong error code: "
- "%d\n", error);
+ "%d\n",
+ error);
exit(1);
}
printf("PASS\n");
diff --git a/cmd/tests/conflict.c b/cmd/tests/conflict.c
index 6b97aa7f4..80a4ebb7a 100644
--- a/cmd/tests/conflict.c
+++ b/cmd/tests/conflict.c
@@ -20,7 +20,8 @@ typedef struct {
Lock lock;
-int main()
+int
+main()
{
return 0;
}
diff --git a/cmd/tests/dertimetest.c b/cmd/tests/dertimetest.c
index 1aa6a490e..2deedbc06 100644
--- a/cmd/tests/dertimetest.c
+++ b/cmd/tests/dertimetest.c
@@ -8,7 +8,8 @@
#include "secder.h"
#include "secerr.h"
-int main()
+int
+main()
{
SECItem badTime;
PRTime prtime;
@@ -23,13 +24,14 @@ int main()
rv = DER_UTCTimeToTime(&prtime, &badTime);
if (rv == SECSuccess) {
fprintf(stderr, "DER_UTCTimeToTime should have failed but "
- "succeeded\n");
+ "succeeded\n");
failed = PR_TRUE;
} else {
error = PORT_GetError();
if (error != SEC_ERROR_INVALID_TIME) {
fprintf(stderr, "DER_UTCTimeToTime failed with error %d, "
- "expected error %d\n", error, SEC_ERROR_INVALID_TIME);
+ "expected error %d\n",
+ error, SEC_ERROR_INVALID_TIME);
failed = PR_TRUE;
}
}
@@ -41,13 +43,14 @@ int main()
rv = DER_UTCTimeToTime(&prtime, &badTime);
if (rv == SECSuccess) {
fprintf(stderr, "DER_UTCTimeToTime should have failed but "
- "succeeded\n");
+ "succeeded\n");
failed = PR_TRUE;
} else {
error = PORT_GetError();
if (error != SEC_ERROR_INVALID_TIME) {
fprintf(stderr, "DER_UTCTimeToTime failed with error %d, "
- "expected error %d\n", error, SEC_ERROR_INVALID_TIME);
+ "expected error %d\n",
+ error, SEC_ERROR_INVALID_TIME);
failed = PR_TRUE;
}
}
@@ -59,13 +62,14 @@ int main()
rv = DER_GeneralizedTimeToTime(&prtime, &badTime);
if (rv == SECSuccess) {
fprintf(stderr, "DER_GeneralizedTimeToTime should have failed but "
- "succeeded\n");
+ "succeeded\n");
failed = PR_TRUE;
} else {
error = PORT_GetError();
if (error != SEC_ERROR_INVALID_TIME) {
fprintf(stderr, "DER_GeneralizedTimeToTime failed with error %d, "
- "expected error %d\n", error, SEC_ERROR_INVALID_TIME);
+ "expected error %d\n",
+ error, SEC_ERROR_INVALID_TIME);
failed = PR_TRUE;
}
}
@@ -77,13 +81,14 @@ int main()
rv = DER_GeneralizedTimeToTime(&prtime, &badTime);
if (rv == SECSuccess) {
fprintf(stderr, "DER_GeneralizedTimeToTime should have failed but "
- "succeeded\n");
+ "succeeded\n");
failed = PR_TRUE;
} else {
error = PORT_GetError();
if (error != SEC_ERROR_INVALID_TIME) {
fprintf(stderr, "DER_GeneralizedTimeToTime failed with error %d, "
- "expected error %d\n", error, SEC_ERROR_INVALID_TIME);
+ "expected error %d\n",
+ error, SEC_ERROR_INVALID_TIME);
failed = PR_TRUE;
}
}
diff --git a/cmd/tests/encodeinttest.c b/cmd/tests/encodeinttest.c
index b4a512a35..f0062ea5e 100644
--- a/cmd/tests/encodeinttest.c
+++ b/cmd/tests/encodeinttest.c
@@ -13,7 +13,7 @@ struct TestCase {
};
static struct TestCase testCase[] = {
- /* XXX NSS doesn't generate the shortest encoding for negative values. */
+/* XXX NSS doesn't generate the shortest encoding for negative values. */
#if 0
{ -128, { 0x80 }, 1 },
{ -129, { 0xFF, 0x7F }, 2 },
@@ -26,13 +26,14 @@ static struct TestCase testCase[] = {
{ 32768, { 0x00, 0x80, 0x00 }, 3 }
};
-int main()
+int
+main()
{
PRBool failed = PR_FALSE;
unsigned int i;
unsigned int j;
- for (i = 0; i < sizeof(testCase)/sizeof(testCase[0]); i++) {
+ for (i = 0; i < sizeof(testCase) / sizeof(testCase[0]); i++) {
SECItem encoded;
if (SEC_ASN1EncodeInteger(NULL, &encoded, testCase[i].value) == NULL) {
fprintf(stderr, "SEC_ASN1EncodeInteger failed\n");
@@ -45,7 +46,7 @@ int main()
testCase[i].value);
for (j = 0; j < encoded.len; j++) {
fprintf(stderr, " 0x%02X", (unsigned int)encoded.data[j]);
- }
+ }
fputs("\n", stderr);
failed = PR_TRUE;
}
diff --git a/cmd/tests/nonspr10.c b/cmd/tests/nonspr10.c
index a4de25b59..295484a1c 100644
--- a/cmd/tests/nonspr10.c
+++ b/cmd/tests/nonspr10.c
@@ -83,7 +83,8 @@
#include "sslproto.h"
#include "sslt.h"
-int main()
+int
+main()
{
return 0;
}
diff --git a/cmd/tests/remtest.c b/cmd/tests/remtest.c
index 28170e4a9..175ba923c 100644
--- a/cmd/tests/remtest.c
+++ b/cmd/tests/remtest.c
@@ -13,7 +13,7 @@
#if defined(XP_UNIX)
#include <unistd.h>
#else
-#include "ctype.h" /* for isalpha() */
+#include "ctype.h" /* for isalpha() */
#endif
#include <stdio.h>
@@ -31,20 +31,21 @@
#include "plgetopt.h"
void
-Usage(char *progName)
+Usage(char *progName)
{
- fprintf(stderr,"usage: %s [-d profiledir] -t tokenName [-r]\n", progName);
+ fprintf(stderr, "usage: %s [-d profiledir] -t tokenName [-r]\n", progName);
exit(1);
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
- char * certDir = NULL;
+ char *certDir = NULL;
PLOptState *optstate;
PLOptStatus optstatus;
SECStatus rv;
- char * tokenName = NULL;
- PRBool cont=PR_TRUE;
+ char *tokenName = NULL;
+ PRBool cont = PR_TRUE;
PK11TokenEvent event = PK11TokenPresentEvent;
PK11TokenStatus status;
char *progName;
@@ -52,77 +53,77 @@ int main(int argc, char **argv)
progName = strrchr(argv[0], '/');
if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
+ progName = strrchr(argv[0], '\\');
+ progName = progName ? progName + 1 : argv[0];
optstate = PL_CreateOptState(argc, argv, "rd:t:");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
-
- case 'd':
- certDir = strdup(optstate->value);
- certDir = SECU_ConfigDirectory(certDir);
- break;
- case 't':
- tokenName = strdup(optstate->value);
- break;
- case 'r':
- event = PK11TokenRemovedOrChangedEvent;
- break;
- }
+ switch (optstate->option) {
+
+ case 'd':
+ certDir = strdup(optstate->value);
+ certDir = SECU_ConfigDirectory(certDir);
+ break;
+ case 't':
+ tokenName = strdup(optstate->value);
+ break;
+ case 'r':
+ event = PK11TokenRemovedOrChangedEvent;
+ break;
+ }
}
if (optstatus == PL_OPT_BAD)
- Usage(progName);
+ Usage(progName);
if (tokenName == NULL) {
- Usage(progName);
+ Usage(progName);
}
if (!certDir) {
- certDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */
- certDir = SECU_ConfigDirectory(certDir); /* call even if it's NULL */
+ certDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */
+ certDir = SECU_ConfigDirectory(certDir); /* call even if it's NULL */
}
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
PK11_SetPasswordFunc(SECU_GetModulePassword);
/* open the cert DB, the key DB, and the secmod DB. */
rv = NSS_Init(certDir);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "unable to open cert database");
- return 1;
+ SECU_PrintError(progName, "unable to open cert database");
+ return 1;
}
- printf("Looking up tokenNamed: <%s>\n",tokenName);
+ printf("Looking up tokenNamed: <%s>\n", tokenName);
slot = PK11_FindSlotByName(tokenName);
if (slot == NULL) {
- SECU_PrintError(progName, "unable to find token");
- return 1;
+ SECU_PrintError(progName, "unable to find token");
+ return 1;
}
do {
- status =
- PK11_WaitForTokenEvent(slot,event,PR_INTERVAL_NO_TIMEOUT, 0, 0);
-
- switch (status) {
- case PK11TokenNotRemovable:
- cont = PR_FALSE;
- printf("%s Token Not Removable\n",tokenName);
- break;
- case PK11TokenChanged:
- event = PK11TokenRemovedOrChangedEvent;
- printf("%s Token Changed\n", tokenName);
- break;
- case PK11TokenRemoved:
- event = PK11TokenPresentEvent;
- printf("%s Token Removed\n", tokenName);
- break;
- case PK11TokenPresent:
- event = PK11TokenRemovedOrChangedEvent;
- printf("%s Token Present\n", tokenName);
- break;
- }
+ status =
+ PK11_WaitForTokenEvent(slot, event, PR_INTERVAL_NO_TIMEOUT, 0, 0);
+
+ switch (status) {
+ case PK11TokenNotRemovable:
+ cont = PR_FALSE;
+ printf("%s Token Not Removable\n", tokenName);
+ break;
+ case PK11TokenChanged:
+ event = PK11TokenRemovedOrChangedEvent;
+ printf("%s Token Changed\n", tokenName);
+ break;
+ case PK11TokenRemoved:
+ event = PK11TokenPresentEvent;
+ printf("%s Token Removed\n", tokenName);
+ break;
+ case PK11TokenPresent:
+ event = PK11TokenRemovedOrChangedEvent;
+ printf("%s Token Present\n", tokenName);
+ break;
+ }
} while (cont);
PK11_FreeSlot(slot);
diff --git a/cmd/tests/secmodtest.c b/cmd/tests/secmodtest.c
index 89bec58d3..2896ccf94 100644
--- a/cmd/tests/secmodtest.c
+++ b/cmd/tests/secmodtest.c
@@ -21,13 +21,15 @@
#include "pk11pub.h"
#include "plgetopt.h"
-void Usage(char *progName)
+void
+Usage(char *progName)
{
fprintf(stderr, "Usage: %s -d dbDir\n", progName);
exit(1);
}
-SECStatus TestOpenCloseUserDB(char *progName, char *configDir, char *tokenName)
+SECStatus
+TestOpenCloseUserDB(char *progName, char *configDir, char *tokenName)
{
char *modspec = NULL;
SECStatus rv = SECSuccess;
@@ -62,7 +64,8 @@ loser:
return rv;
}
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
PLOptState *optstate;
PLOptStatus optstatus;
@@ -74,14 +77,14 @@ int main(int argc, char **argv)
if (!progName) {
progName = strrchr(argv[0], '\\');
}
- progName = progName ? progName+1 : argv[0];
+ progName = progName ? progName + 1 : argv[0];
optstate = PL_CreateOptState(argc, argv, "d:");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
- case 'd':
- dbDir = strdup(optstate->value);
- break;
+ case 'd':
+ dbDir = strdup(optstate->value);
+ break;
}
}
if (optstatus == PL_OPT_BAD || dbDir == NULL) {
@@ -107,7 +110,8 @@ int main(int argc, char **argv)
}
loser:
- if (dbDir) free(dbDir);
+ if (dbDir)
+ free(dbDir);
if (NSS_Shutdown() != SECSuccess) {
exit(1);
diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c
index 4ccd07593..4b0d06302 100644
--- a/cmd/tstclnt/tstclnt.c
+++ b/cmd/tstclnt/tstclnt.c
@@ -14,7 +14,7 @@
#if defined(XP_UNIX)
#include <unistd.h>
#else
-#include <ctype.h> /* for isalpha() */
+#include <ctype.h> /* for isalpha() */
#endif
#include <stdio.h>
@@ -41,11 +41,15 @@
#include <io.h>
#endif
-#define PRINTF if (verbose) printf
-#define FPRINTF if (verbose) fprintf
+#define PRINTF \
+ if (verbose) \
+ printf
+#define FPRINTF \
+ if (verbose) \
+ fprintf
#define MAX_WAIT_FOR_SERVER 600
-#define WAIT_INTERVAL 100
+#define WAIT_INTERVAL 100
#define EXIT_CODE_HANDSHAKE_FAILED 254
@@ -54,35 +58,35 @@
#define EXIT_CODE_SIDECHANNELTEST_NODATA 2
#define EXIT_CODE_SIDECHANNELTEST_REVOKED 3
-PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT;
+PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT;
int ssl3CipherSuites[] = {
- -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
- -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
- TLS_RSA_WITH_RC4_128_MD5, /* c */
- TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
- TLS_RSA_WITH_DES_CBC_SHA, /* e */
- TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
- -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
- TLS_RSA_WITH_NULL_MD5, /* i */
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
- SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
- TLS_RSA_WITH_RC4_128_SHA, /* n */
- TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
- TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
- TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
- TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
- TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
- TLS_RSA_WITH_NULL_SHA, /* z */
+ -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
+ TLS_RSA_WITH_RC4_128_MD5, /* c */
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
+ TLS_RSA_WITH_DES_CBC_SHA, /* e */
+ TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
+ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
+ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
+ TLS_RSA_WITH_NULL_MD5, /* i */
+ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
+ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
+ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
+ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
+ TLS_RSA_WITH_RC4_128_SHA, /* n */
+ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+ TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
+ TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
+ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
+ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
+ TLS_RSA_WITH_NULL_SHA, /* z */
0
};
@@ -94,59 +98,60 @@ int renegotiationsDone = 0;
static char *progName;
-secuPWData pwdata = { PW_NONE, 0 };
+secuPWData pwdata = { PW_NONE, 0 };
-void printSecurityInfo(PRFileDesc *fd)
+void
+printSecurityInfo(PRFileDesc *fd)
{
- CERTCertificate * cert;
+ CERTCertificate *cert;
const SECItemArray *csa;
const SECItem *scts;
- SSL3Statistics * ssl3stats = SSL_GetStatistics();
+ SSL3Statistics *ssl3stats = SSL_GetStatistics();
SECStatus result;
- SSLChannelInfo channel;
+ SSLChannelInfo channel;
SSLCipherSuiteInfo suite;
result = SSL_GetChannelInfo(fd, &channel, sizeof channel);
- if (result == SECSuccess &&
- channel.length == sizeof channel &&
- channel.cipherSuite) {
- result = SSL_GetCipherSuiteInfo(channel.cipherSuite,
- &suite, sizeof suite);
- if (result == SECSuccess) {
- FPRINTF(stderr,
- "tstclnt: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n",
- channel.protocolVersion >> 8, channel.protocolVersion & 0xff,
- suite.effectiveKeyBits, suite.symCipherName,
- suite.macBits, suite.macAlgorithmName);
- FPRINTF(stderr,
- "tstclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n"
- " Compression: %s, Extended Master Secret: %s\n",
- channel.authKeyBits, suite.authAlgorithmName,
- channel.keaKeyBits, suite.keaTypeName,
- channel.compressionMethodName,
- channel.extendedMasterSecretUsed ? "Yes": "No");
- }
+ if (result == SECSuccess &&
+ channel.length == sizeof channel &&
+ channel.cipherSuite) {
+ result = SSL_GetCipherSuiteInfo(channel.cipherSuite,
+ &suite, sizeof suite);
+ if (result == SECSuccess) {
+ FPRINTF(stderr,
+ "tstclnt: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n",
+ channel.protocolVersion >> 8, channel.protocolVersion & 0xff,
+ suite.effectiveKeyBits, suite.symCipherName,
+ suite.macBits, suite.macAlgorithmName);
+ FPRINTF(stderr,
+ "tstclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n"
+ " Compression: %s, Extended Master Secret: %s\n",
+ channel.authKeyBits, suite.authAlgorithmName,
+ channel.keaKeyBits, suite.keaTypeName,
+ channel.compressionMethodName,
+ channel.extendedMasterSecretUsed ? "Yes" : "No");
+ }
}
cert = SSL_RevealCert(fd);
if (cert) {
- char * ip = CERT_NameToAscii(&cert->issuer);
- char * sp = CERT_NameToAscii(&cert->subject);
+ char *ip = CERT_NameToAscii(&cert->issuer);
+ char *sp = CERT_NameToAscii(&cert->subject);
if (sp) {
- fprintf(stderr, "subject DN: %s\n", sp);
- PORT_Free(sp);
- }
+ fprintf(stderr, "subject DN: %s\n", sp);
+ PORT_Free(sp);
+ }
if (ip) {
- fprintf(stderr, "issuer DN: %s\n", ip);
- PORT_Free(ip);
- }
- CERT_DestroyCertificate(cert);
- cert = NULL;
+ fprintf(stderr, "issuer DN: %s\n", ip);
+ PORT_Free(ip);
+ }
+ CERT_DestroyCertificate(cert);
+ cert = NULL;
}
fprintf(stderr,
- "%ld cache hits; %ld cache misses, %ld cache not reusable\n"
- "%ld stateless resumes\n",
- ssl3stats->hsh_sid_cache_hits, ssl3stats->hsh_sid_cache_misses,
- ssl3stats->hsh_sid_cache_not_ok, ssl3stats->hsh_sid_stateless_resumes);
+ "%ld cache hits; %ld cache misses, %ld cache not reusable\n"
+ "%ld stateless resumes\n",
+ ssl3stats->hsh_sid_cache_hits, ssl3stats->hsh_sid_cache_misses,
+ ssl3stats->hsh_sid_cache_not_ok, ssl3stats->hsh_sid_stateless_resumes);
csa = SSL_PeerStapledOCSPResponses(fd);
if (csa) {
@@ -156,7 +161,8 @@ void printSecurityInfo(PRFileDesc *fd)
scts = SSL_PeerSignedCertTimestamps(fd);
if (scts && scts->len) {
fprintf(stderr, "Received a Signed Certificate Timestamp of length"
- " %u\n", scts->len);
+ " %u\n",
+ scts->len);
}
}
@@ -169,44 +175,47 @@ handshakeCallback(PRFileDesc *fd, void *client_data)
}
printSecurityInfo(fd);
if (renegotiationsDone < renegotiationsToDo) {
- SSL_ReHandshake(fd, (renegotiationsToDo < 2));
- ++renegotiationsDone;
+ SSL_ReHandshake(fd, (renegotiationsToDo < 2));
+ ++renegotiationsDone;
}
}
-static void PrintUsageHeader(const char *progName)
+static void
+PrintUsageHeader(const char *progName)
{
- fprintf(stderr,
-"Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n"
- "[-D | -d certdir] [-C] [-b | -R root-module] \n"
- "[-n nickname] [-Bafosvx] [-c ciphers] [-Y]\n"
- "[-V [min-version]:[max-version]] [-K] [-T] [-U]\n"
- "[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]]\n",
+ fprintf(stderr,
+ "Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n"
+ "[-D | -d certdir] [-C] [-b | -R root-module] \n"
+ "[-n nickname] [-Bafosvx] [-c ciphers] [-Y]\n"
+ "[-V [min-version]:[max-version]] [-K] [-T] [-U]\n"
+ "[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]]\n",
progName);
}
-static void PrintParameterUsage(void)
+static void
+PrintParameterUsage(void)
{
fprintf(stderr, "%-20s Send different SNI name. 1st_hs_name - at first\n"
"%-20s handshake, 2nd_hs_name - at second handshake.\n"
- "%-20s Default is host from the -h argument.\n", "-a name",
- "", "");
+ "%-20s Default is host from the -h argument.\n",
+ "-a name",
+ "", "");
fprintf(stderr, "%-20s Hostname to connect with\n", "-h host");
fprintf(stderr, "%-20s Port number for SSL server\n", "-p port");
- fprintf(stderr,
+ fprintf(stderr,
"%-20s Directory with cert database (default is ~/.netscape)\n",
- "-d certdir");
+ "-d certdir");
fprintf(stderr, "%-20s Run without a cert database\n", "-D");
fprintf(stderr, "%-20s Load the default \"builtins\" root CA module\n", "-b");
fprintf(stderr, "%-20s Load the given root CA module\n", "-R");
fprintf(stderr, "%-20s Print certificate chain information\n", "-C");
fprintf(stderr, "%-20s (use -C twice to print more certificate details)\n", "");
fprintf(stderr, "%-20s (use -C three times to include PEM format certificate dumps)\n", "");
- fprintf(stderr, "%-20s Nickname of key and cert for client auth\n",
- "-n nickname");
- fprintf(stderr,
+ fprintf(stderr, "%-20s Nickname of key and cert for client auth\n",
+ "-n nickname");
+ fprintf(stderr,
"%-20s Bypass PKCS11 layer for SSL encryption and MACing.\n", "-B");
- fprintf(stderr,
+ fprintf(stderr,
"%-20s Restricts the set of enabled SSL/TLS protocols versions.\n"
"%-20s All versions are enabled by default.\n"
"%-20s Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
@@ -216,7 +225,8 @@ static void PrintParameterUsage(void)
fprintf(stderr, "%-20s Prints only payload data. Skips HTTP header.\n", "-S");
fprintf(stderr, "%-20s Client speaks first. \n", "-f");
fprintf(stderr, "%-20s Use synchronous certificate validation "
- "(currently required for TLS 1.3)\n", "-O");
+ "(currently required for TLS 1.3)\n",
+ "-O");
fprintf(stderr, "%-20s Override bad server cert. Make it OK.\n", "-o");
fprintf(stderr, "%-20s Disable SSL socket locking.\n", "-s");
fprintf(stderr, "%-20s Verbose progress reporting.\n", "-v");
@@ -240,7 +250,7 @@ static void PrintParameterUsage(void)
"%-20s 1: cert failed to verify, prior to revocation checking\n"
"%-20s 2: missing, old or invalid revocation data\n"
"%-20s 3: have fresh and valid revocation data, status revoked\n",
- "-F", "", "", "", "", "", "", "", "", "");
+ "-F", "", "", "", "", "", "", "", "", "");
fprintf(stderr, "%-20s Test -F allows 0=any (default), 1=only OCSP, 2=only CRL\n", "-M");
fprintf(stderr, "%-20s Restrict ciphers\n", "-c ciphers");
fprintf(stderr, "%-20s Print cipher values allowed for parameter -c and exit\n", "-Y");
@@ -250,45 +260,46 @@ static void PrintParameterUsage(void)
fprintf(stderr, "%-20s Enable the extended master secret extension [RFC7627]\n", "-G");
}
-static void Usage(const char *progName)
+static void
+Usage(const char *progName)
{
PrintUsageHeader(progName);
PrintParameterUsage();
exit(1);
}
-static void PrintCipherUsage(const char *progName)
+static void
+PrintCipherUsage(const char *progName)
{
PrintUsageHeader(progName);
- fprintf(stderr, "%-20s Letter(s) chosen from the following list\n",
- "-c ciphers");
- fprintf(stderr,
-"c SSL3 RSA WITH RC4 128 MD5\n"
-"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
-"e SSL3 RSA WITH DES CBC SHA\n"
-"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
-"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
-"i SSL3 RSA WITH NULL MD5\n"
-"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
-"k SSL3 RSA FIPS WITH DES CBC SHA\n"
-"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
-"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n"
-"n SSL3 RSA WITH RC4 128 SHA\n"
-"o SSL3 DHE DSS WITH RC4 128 SHA\n"
-"p SSL3 DHE RSA WITH 3DES EDE CBC SHA\n"
-"q SSL3 DHE DSS WITH 3DES EDE CBC SHA\n"
-"r SSL3 DHE RSA WITH DES CBC SHA\n"
-"s SSL3 DHE DSS WITH DES CBC SHA\n"
-"t SSL3 DHE DSS WITH AES 128 CBC SHA\n"
-"u SSL3 DHE RSA WITH AES 128 CBC SHA\n"
-"v SSL3 RSA WITH AES 128 CBC SHA\n"
-"w SSL3 DHE DSS WITH AES 256 CBC SHA\n"
-"x SSL3 DHE RSA WITH AES 256 CBC SHA\n"
-"y SSL3 RSA WITH AES 256 CBC SHA\n"
-"z SSL3 RSA WITH NULL SHA\n"
-"\n"
-":WXYZ Use cipher with hex code { 0xWX , 0xYZ } in TLS\n"
- );
+ fprintf(stderr, "%-20s Letter(s) chosen from the following list\n",
+ "-c ciphers");
+ fprintf(stderr,
+ "c SSL3 RSA WITH RC4 128 MD5\n"
+ "d SSL3 RSA WITH 3DES EDE CBC SHA\n"
+ "e SSL3 RSA WITH DES CBC SHA\n"
+ "f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
+ "g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
+ "i SSL3 RSA WITH NULL MD5\n"
+ "j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
+ "k SSL3 RSA FIPS WITH DES CBC SHA\n"
+ "l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
+ "m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n"
+ "n SSL3 RSA WITH RC4 128 SHA\n"
+ "o SSL3 DHE DSS WITH RC4 128 SHA\n"
+ "p SSL3 DHE RSA WITH 3DES EDE CBC SHA\n"
+ "q SSL3 DHE DSS WITH 3DES EDE CBC SHA\n"
+ "r SSL3 DHE RSA WITH DES CBC SHA\n"
+ "s SSL3 DHE DSS WITH DES CBC SHA\n"
+ "t SSL3 DHE DSS WITH AES 128 CBC SHA\n"
+ "u SSL3 DHE RSA WITH AES 128 CBC SHA\n"
+ "v SSL3 RSA WITH AES 128 CBC SHA\n"
+ "w SSL3 DHE DSS WITH AES 256 CBC SHA\n"
+ "x SSL3 DHE RSA WITH AES 256 CBC SHA\n"
+ "y SSL3 RSA WITH AES 256 CBC SHA\n"
+ "z SSL3 RSA WITH NULL SHA\n"
+ "\n"
+ ":WXYZ Use cipher with hex code { 0xWX , 0xYZ } in TLS\n");
exit(1);
}
@@ -303,55 +314,52 @@ void
disableAllSSLCiphers(void)
{
const PRUint16 *cipherSuites = SSL_GetImplementedCiphers();
- int i = SSL_GetNumImplementedCiphers();
- SECStatus rv;
+ int i = SSL_GetNumImplementedCiphers();
+ SECStatus rv;
/* disable all the SSL3 cipher suites */
while (--i >= 0) {
- PRUint16 suite = cipherSuites[i];
+ PRUint16 suite = cipherSuites[i];
rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
- if (rv != SECSuccess) {
- PRErrorCode err = PR_GetError();
- fprintf(stderr,
- "SSL_CipherPrefSet didn't like value 0x%04x (i = %d): %s\n",
- suite, i, SECU_Strerror(err));
- exit(2);
- }
+ if (rv != SECSuccess) {
+ PRErrorCode err = PR_GetError();
+ fprintf(stderr,
+ "SSL_CipherPrefSet didn't like value 0x%04x (i = %d): %s\n",
+ suite, i, SECU_Strerror(err));
+ exit(2);
+ }
}
}
typedef struct
{
- PRBool shouldPause; /* PR_TRUE if we should use asynchronous peer cert
+ PRBool shouldPause; /* PR_TRUE if we should use asynchronous peer cert
* authentication */
- PRBool isPaused; /* PR_TRUE if libssl is waiting for us to validate the
+ PRBool isPaused; /* PR_TRUE if libssl is waiting for us to validate the
* peer's certificate and restart the handshake. */
- void * dbHandle; /* Certificate database handle to use while
+ void *dbHandle; /* Certificate database handle to use while
* authenticating the peer's certificate. */
- PRBool testFreshStatusFromSideChannel;
- PRErrorCode sideChannelRevocationTestResultCode;
- PRBool requireDataForIntermediates;
- PRBool allowOCSPSideChannelData;
- PRBool allowCRLSideChannelData;
+ PRBool testFreshStatusFromSideChannel;
+ PRErrorCode sideChannelRevocationTestResultCode;
+ PRBool requireDataForIntermediates;
+ PRBool allowOCSPSideChannelData;
+ PRBool allowCRLSideChannelData;
} ServerCertAuth;
-
/*
* Callback is called when incoming certificate is not valid.
* Returns SECSuccess to accept the cert anyway, SECFailure to reject.
*/
-static SECStatus
-ownBadCertHandler(void * arg, PRFileDesc * socket)
+static SECStatus
+ownBadCertHandler(void *arg, PRFileDesc *socket)
{
PRErrorCode err = PR_GetError();
/* can log invalid cert here */
- fprintf(stderr, "Bad server certificate: %d, %s\n", err,
+ fprintf(stderr, "Bad server certificate: %d, %s\n", err,
SECU_Strerror(err));
- return SECSuccess; /* override, say it's OK. */
+ return SECSuccess; /* override, say it's OK. */
}
-
-
#define EXIT_CODE_SIDECHANNELTEST_GOOD 0
#define EXIT_CODE_SIDECHANNELTEST_BADCERT 1
#define EXIT_CODE_SIDECHANNELTEST_NODATA 2
@@ -360,23 +368,23 @@ ownBadCertHandler(void * arg, PRFileDesc * socket)
static void
verifyFromSideChannel(CERTCertificate *cert, ServerCertAuth *sca)
{
- PRUint64 revDoNotUse =
- CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD;
-
- PRUint64 revUseLocalOnlyAndSoftFail =
- CERT_REV_M_TEST_USING_THIS_METHOD
- | CERT_REV_M_FORBID_NETWORK_FETCHING
- | CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE
- | CERT_REV_M_IGNORE_MISSING_FRESH_INFO
- | CERT_REV_M_STOP_TESTING_ON_FRESH_INFO;
-
- PRUint64 revUseLocalOnlyAndHardFail =
- CERT_REV_M_TEST_USING_THIS_METHOD
- | CERT_REV_M_FORBID_NETWORK_FETCHING
- | CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE
- | CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
- | CERT_REV_M_STOP_TESTING_ON_FRESH_INFO;
-
+ PRUint64 revDoNotUse =
+ CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD;
+
+ PRUint64 revUseLocalOnlyAndSoftFail =
+ CERT_REV_M_TEST_USING_THIS_METHOD |
+ CERT_REV_M_FORBID_NETWORK_FETCHING |
+ CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE |
+ CERT_REV_M_IGNORE_MISSING_FRESH_INFO |
+ CERT_REV_M_STOP_TESTING_ON_FRESH_INFO;
+
+ PRUint64 revUseLocalOnlyAndHardFail =
+ CERT_REV_M_TEST_USING_THIS_METHOD |
+ CERT_REV_M_FORBID_NETWORK_FETCHING |
+ CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE |
+ CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO |
+ CERT_REV_M_STOP_TESTING_ON_FRESH_INFO;
+
PRUint64 methodFlagsDoNotUse[2];
PRUint64 methodFlagsCheckSoftFail[2];
PRUint64 methodFlagsCheckHardFail[2];
@@ -387,52 +395,52 @@ verifyFromSideChannel(CERTCertificate *cert, ServerCertAuth *sca)
CERTValInParam cvin[2];
CERTValOutParam cvout[1];
SECStatus rv;
-
+
methodFlagsDoNotUse[cert_revocation_method_crl] = revDoNotUse;
methodFlagsDoNotUse[cert_revocation_method_ocsp] = revDoNotUse;
-
- methodFlagsCheckSoftFail[cert_revocation_method_crl] =
+
+ methodFlagsCheckSoftFail[cert_revocation_method_crl] =
sca->allowCRLSideChannelData ? revUseLocalOnlyAndSoftFail : revDoNotUse;
- methodFlagsCheckSoftFail[cert_revocation_method_ocsp] =
+ methodFlagsCheckSoftFail[cert_revocation_method_ocsp] =
sca->allowOCSPSideChannelData ? revUseLocalOnlyAndSoftFail : revDoNotUse;
-
- methodFlagsCheckHardFail[cert_revocation_method_crl] =
+
+ methodFlagsCheckHardFail[cert_revocation_method_crl] =
sca->allowCRLSideChannelData ? revUseLocalOnlyAndHardFail : revDoNotUse;
- methodFlagsCheckHardFail[cert_revocation_method_ocsp] =
+ methodFlagsCheckHardFail[cert_revocation_method_ocsp] =
sca->allowOCSPSideChannelData ? revUseLocalOnlyAndHardFail : revDoNotUse;
revTestsDoNotCheck.cert_rev_flags_per_method = methodFlagsDoNotUse;
revTestsDoNotCheck.number_of_defined_methods = 2;
revTestsDoNotCheck.number_of_preferred_methods = 0;
revTestsDoNotCheck.cert_rev_method_independent_flags =
- CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST
- | CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT;
-
+ CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
+ CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT;
+
revTestsOverallSoftFail.cert_rev_flags_per_method = 0; /* must define later */
revTestsOverallSoftFail.number_of_defined_methods = 2;
revTestsOverallSoftFail.number_of_preferred_methods = 0;
revTestsOverallSoftFail.cert_rev_method_independent_flags =
- CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST
- | CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT;
-
+ CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
+ CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT;
+
revTestsOverallHardFail.cert_rev_flags_per_method = 0; /* must define later */
revTestsOverallHardFail.number_of_defined_methods = 2;
revTestsOverallHardFail.number_of_preferred_methods = 0;
revTestsOverallHardFail.cert_rev_method_independent_flags =
- CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST
- | CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
+ CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
+ CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
rev.chainTests = revTestsDoNotCheck;
rev.leafTests = revTestsDoNotCheck;
-
+
cvin[0].type = cert_pi_revocationFlags;
cvin[0].value.pointer.revocation = &rev;
cvin[1].type = cert_pi_end;
cvout[0].type = cert_po_end;
-
+
/* Strategy:
- *
+ *
* Verify with revocation checking disabled.
* On failure return 1.
*
@@ -449,68 +457,66 @@ verifyFromSideChannel(CERTCertificate *cert, ServerCertAuth *sca)
* because we don't have fresh revocation info, return 2.
*
* If result is still bad, we do have revocation info,
- * and it says "revoked" or something equivalent, return 3.
+ * and it says "revoked" or something equivalent, return 3.
*/
-
+
/* revocation checking disabled */
rv = CERT_PKIXVerifyCert(cert, certificateUsageSSLServer,
cvin, cvout, NULL);
if (rv != SECSuccess) {
- sca->sideChannelRevocationTestResultCode =
+ sca->sideChannelRevocationTestResultCode =
EXIT_CODE_SIDECHANNELTEST_BADCERT;
return;
}
-
+
/* revocation checking, hard fail */
if (sca->allowOCSPSideChannelData && sca->allowCRLSideChannelData) {
/* any method is allowed. use soft fail on individual checks,
* but use hard fail on the overall check
*/
revTestsOverallHardFail.cert_rev_flags_per_method = methodFlagsCheckSoftFail;
- }
- else {
+ } else {
/* only one method is allowed. use hard fail on the individual checks.
* hard/soft fail is irrelevant on overall flags.
*/
revTestsOverallHardFail.cert_rev_flags_per_method = methodFlagsCheckHardFail;
}
rev.leafTests = revTestsOverallHardFail;
- rev.chainTests =
+ rev.chainTests =
sca->requireDataForIntermediates ? revTestsOverallHardFail : revTestsDoNotCheck;
rv = CERT_PKIXVerifyCert(cert, certificateUsageSSLServer,
cvin, cvout, NULL);
if (rv == SECSuccess) {
- sca->sideChannelRevocationTestResultCode =
+ sca->sideChannelRevocationTestResultCode =
EXIT_CODE_SIDECHANNELTEST_GOOD;
return;
}
-
+
/* revocation checking, soft fail */
revTestsOverallSoftFail.cert_rev_flags_per_method = methodFlagsCheckSoftFail;
rev.leafTests = revTestsOverallSoftFail;
- rev.chainTests =
+ rev.chainTests =
sca->requireDataForIntermediates ? revTestsOverallSoftFail : revTestsDoNotCheck;
rv = CERT_PKIXVerifyCert(cert, certificateUsageSSLServer,
cvin, cvout, NULL);
if (rv == SECSuccess) {
- sca->sideChannelRevocationTestResultCode =
+ sca->sideChannelRevocationTestResultCode =
EXIT_CODE_SIDECHANNELTEST_NODATA;
return;
}
-
- sca->sideChannelRevocationTestResultCode =
+
+ sca->sideChannelRevocationTestResultCode =
EXIT_CODE_SIDECHANNELTEST_REVOKED;
}
-
static void
dumpCertificatePEM(CERTCertificate *cert)
{
SECItem data;
data.data = cert->derCert.data;
data.len = cert->derCert.len;
- fprintf(stderr, "%s\n%s\n%s\n", NS_CERT_HEADER,
- BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
+ fprintf(stderr, "%s\n%s\n%s\n", NS_CERT_HEADER,
+ BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
}
static void
@@ -524,15 +530,14 @@ dumpServerCertificateChain(PRFileDesc *fd)
PRBool dumpCertPEM = PR_FALSE;
if (!dumpServerChain) {
- return;
- }
- else if (dumpServerChain == 1) {
- dumpFunction = (SECU_PPFunc)SECU_PrintCertificateBasicInfo;
+ return;
+ } else if (dumpServerChain == 1) {
+ dumpFunction = (SECU_PPFunc)SECU_PrintCertificateBasicInfo;
} else {
- dumpFunction = (SECU_PPFunc)SECU_PrintCertificate;
- if (dumpServerChain > 2) {
- dumpCertPEM = PR_TRUE;
- }
+ dumpFunction = (SECU_PPFunc)SECU_PrintCertificate;
+ if (dumpServerChain > 2) {
+ dumpCertPEM = PR_TRUE;
+ }
}
SECU_EnableWrap(PR_FALSE);
@@ -541,82 +546,81 @@ dumpServerCertificateChain(PRFileDesc *fd)
peerCertChain = SSL_PeerCertificateChain(fd);
if (peerCertChain) {
node = CERT_LIST_HEAD(peerCertChain);
- while ( ! CERT_LIST_END(node, peerCertChain) ) {
+ while (!CERT_LIST_END(node, peerCertChain)) {
CERTCertificate *cert = node->cert;
SECU_PrintSignedContent(stderr, &cert->derCert, "Certificate", 0,
dumpFunction);
- if (dumpCertPEM) {
- dumpCertificatePEM(cert);
- }
- node = CERT_LIST_NEXT(node);
+ if (dumpCertPEM) {
+ dumpCertificatePEM(cert);
+ }
+ node = CERT_LIST_NEXT(node);
}
}
if (peerCertChain) {
- peerCert = SSL_RevealCert(fd);
- if (peerCert) {
- foundChain = CERT_CertChainFromCert(peerCert, certificateUsageSSLServer,
- PR_TRUE);
- }
- if (foundChain) {
- unsigned int count = 0;
- fprintf(stderr, "==== locally found issuer certificate(s): ====\n");
- for(count = 0; count < (unsigned int)foundChain->len; count++) {
- CERTCertificate *c;
- PRBool wasSentByServer = PR_FALSE;
- c = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), &foundChain->certs[count]);
-
- node = CERT_LIST_HEAD(peerCertChain);
- while ( ! CERT_LIST_END(node, peerCertChain) ) {
- CERTCertificate *cert = node->cert;
- if (CERT_CompareCerts(cert, c)) {
- wasSentByServer = PR_TRUE;
- break;
- }
- node = CERT_LIST_NEXT(node);
- }
-
- if (!wasSentByServer) {
- SECU_PrintSignedContent(stderr, &c->derCert, "Certificate", 0,
- dumpFunction);
- if (dumpCertPEM) {
- dumpCertificatePEM(c);
- }
- }
- CERT_DestroyCertificate(c);
- }
- CERT_DestroyCertificateList(foundChain);
- }
- if (peerCert) {
- CERT_DestroyCertificate(peerCert);
- }
-
- CERT_DestroyCertList(peerCertChain);
- peerCertChain = NULL;
+ peerCert = SSL_RevealCert(fd);
+ if (peerCert) {
+ foundChain = CERT_CertChainFromCert(peerCert, certificateUsageSSLServer,
+ PR_TRUE);
+ }
+ if (foundChain) {
+ unsigned int count = 0;
+ fprintf(stderr, "==== locally found issuer certificate(s): ====\n");
+ for (count = 0; count < (unsigned int)foundChain->len; count++) {
+ CERTCertificate *c;
+ PRBool wasSentByServer = PR_FALSE;
+ c = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), &foundChain->certs[count]);
+
+ node = CERT_LIST_HEAD(peerCertChain);
+ while (!CERT_LIST_END(node, peerCertChain)) {
+ CERTCertificate *cert = node->cert;
+ if (CERT_CompareCerts(cert, c)) {
+ wasSentByServer = PR_TRUE;
+ break;
+ }
+ node = CERT_LIST_NEXT(node);
+ }
+
+ if (!wasSentByServer) {
+ SECU_PrintSignedContent(stderr, &c->derCert, "Certificate", 0,
+ dumpFunction);
+ if (dumpCertPEM) {
+ dumpCertificatePEM(c);
+ }
+ }
+ CERT_DestroyCertificate(c);
+ }
+ CERT_DestroyCertificateList(foundChain);
+ }
+ if (peerCert) {
+ CERT_DestroyCertificate(peerCert);
+ }
+
+ CERT_DestroyCertList(peerCertChain);
+ peerCertChain = NULL;
}
fprintf(stderr, "==== end of certificate chain information ====\n");
fflush(stderr);
}
-static SECStatus
+static SECStatus
ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
- PRBool isServer)
+ PRBool isServer)
{
- ServerCertAuth * serverCertAuth = (ServerCertAuth *) arg;
+ ServerCertAuth *serverCertAuth = (ServerCertAuth *)arg;
if (dumpServerChain) {
- dumpServerCertificateChain(fd);
+ dumpServerCertificateChain(fd);
}
-
if (!serverCertAuth->shouldPause) {
CERTCertificate *cert;
unsigned int i;
const SECItemArray *csa;
if (!serverCertAuth->testFreshStatusFromSideChannel) {
- return SSL_AuthCertificate(serverCertAuth->dbHandle,
+ return SSL_AuthCertificate(serverCertAuth->dbHandle,
fd, checkSig, isServer);
}
@@ -633,26 +637,26 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
csa = SSL_PeerStapledOCSPResponses(fd);
if (csa) {
for (i = 0; i < csa->len; ++i) {
- PORT_SetError(0);
- if (CERT_CacheOCSPResponseFromSideChannel(
- serverCertAuth->dbHandle, cert, PR_Now(),
- &csa->items[i], arg) != SECSuccess) {
- PORT_Assert(PR_GetError() != 0);
- }
+ PORT_SetError(0);
+ if (CERT_CacheOCSPResponseFromSideChannel(
+ serverCertAuth->dbHandle, cert, PR_Now(),
+ &csa->items[i], arg) != SECSuccess) {
+ PORT_Assert(PR_GetError() != 0);
+ }
}
}
-
+
verifyFromSideChannel(cert, serverCertAuth);
CERT_DestroyCertificate(cert);
- /* return success to ensure our caller will continue and we will
- * reach the code that handles
+ /* return success to ensure our caller will continue and we will
+ * reach the code that handles
* serverCertAuth->sideChannelRevocationTestResultCode
*/
return SECSuccess;
}
-
+
FPRINTF(stderr, "%s: using asynchronous certificate validation\n",
- progName);
+ progName);
PORT_Assert(!serverCertAuth->isPaused);
serverCertAuth->isPaused = PR_TRUE;
@@ -660,85 +664,85 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
}
SECStatus
-own_GetClientAuthData(void * arg,
- PRFileDesc * socket,
- struct CERTDistNamesStr * caNames,
- struct CERTCertificateStr ** pRetCert,
+own_GetClientAuthData(void *arg,
+ PRFileDesc *socket,
+ struct CERTDistNamesStr *caNames,
+ struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey)
{
if (verbose > 1) {
- SECStatus rv;
+ SECStatus rv;
fprintf(stderr, "Server requested Client Authentication\n");
- if (caNames && caNames->nnames > 0) {
- PLArenaPool *arena = caNames->arena;
- if (!arena)
- arena = PORT_NewArena(2048);
- if (arena) {
- int i;
- for (i = 0; i < caNames->nnames; ++i) {
- char *nameString;
- CERTName dn;
- rv = SEC_QuickDERDecodeItem(arena,
- &dn,
- SEC_ASN1_GET(CERT_NameTemplate),
- caNames->names + i);
- if (rv != SECSuccess)
- continue;
- nameString = CERT_NameToAscii(&dn);
- if (!nameString)
- continue;
- fprintf(stderr, "CA[%d]: %s\n", i + 1, nameString);
- PORT_Free(nameString);
- }
- if (!caNames->arena) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- }
- }
- rv = NSS_GetClientAuthData(arg, socket, caNames, pRetCert, pRetKey);
- if (rv == SECSuccess && *pRetCert) {
- char *nameString = CERT_NameToAscii(&((*pRetCert)->subject));
- if (nameString) {
- fprintf(stderr, "sent cert: %s\n", nameString);
- PORT_Free(nameString);
- }
- } else {
- fprintf(stderr, "send no cert\n");
- }
- return rv;
+ if (caNames && caNames->nnames > 0) {
+ PLArenaPool *arena = caNames->arena;
+ if (!arena)
+ arena = PORT_NewArena(2048);
+ if (arena) {
+ int i;
+ for (i = 0; i < caNames->nnames; ++i) {
+ char *nameString;
+ CERTName dn;
+ rv = SEC_QuickDERDecodeItem(arena,
+ &dn,
+ SEC_ASN1_GET(CERT_NameTemplate),
+ caNames->names + i);
+ if (rv != SECSuccess)
+ continue;
+ nameString = CERT_NameToAscii(&dn);
+ if (!nameString)
+ continue;
+ fprintf(stderr, "CA[%d]: %s\n", i + 1, nameString);
+ PORT_Free(nameString);
+ }
+ if (!caNames->arena) {
+ PORT_FreeArena(arena, PR_FALSE);
+ }
+ }
+ }
+ rv = NSS_GetClientAuthData(arg, socket, caNames, pRetCert, pRetKey);
+ if (rv == SECSuccess && *pRetCert) {
+ char *nameString = CERT_NameToAscii(&((*pRetCert)->subject));
+ if (nameString) {
+ fprintf(stderr, "sent cert: %s\n", nameString);
+ PORT_Free(nameString);
+ }
+ } else {
+ fprintf(stderr, "send no cert\n");
+ }
+ return rv;
}
return NSS_GetClientAuthData(arg, socket, caNames, pRetCert, pRetKey);
}
#if defined(WIN32) || defined(OS2)
void
-thread_main(void * arg)
+thread_main(void *arg)
{
- PRFileDesc * ps = (PRFileDesc *)arg;
- PRFileDesc * std_in = PR_GetSpecialFD(PR_StandardInput);
+ PRFileDesc *ps = (PRFileDesc *)arg;
+ PRFileDesc *std_in = PR_GetSpecialFD(PR_StandardInput);
int wc, rc;
char buf[256];
#ifdef WIN32
{
- /* Put stdin into O_BINARY mode
+ /* Put stdin into O_BINARY mode
** or else incoming \r\n's will become \n's.
*/
- int smrv = _setmode(_fileno(stdin), _O_BINARY);
- if (smrv == -1) {
- fprintf(stderr,
- "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
- progName);
- /* plow ahead anyway */
- }
+ int smrv = _setmode(_fileno(stdin), _O_BINARY);
+ if (smrv == -1) {
+ fprintf(stderr,
+ "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
+ progName);
+ /* plow ahead anyway */
+ }
}
#endif
do {
- rc = PR_Read(std_in, buf, sizeof buf);
- if (rc <= 0)
- break;
- wc = PR_Send(ps, buf, rc, 0, maxInterval);
+ rc = PR_Read(std_in, buf, sizeof buf);
+ if (rc <= 0)
+ break;
+ wc = PR_Send(ps, buf, rc, 0, maxInterval);
} while (wc == rc);
PR_Close(ps);
}
@@ -746,16 +750,16 @@ thread_main(void * arg)
#endif
static void
-printHostNameAndAddr(const char * host, const PRNetAddr * addr)
+printHostNameAndAddr(const char *host, const PRNetAddr *addr)
{
PRUint16 port = PR_NetAddrInetPort(addr);
char addrBuf[80];
PRStatus st = PR_NetAddrToString(addr, addrBuf, sizeof addrBuf);
if (st == PR_SUCCESS) {
- port = PR_ntohs(port);
- FPRINTF(stderr, "%s: connecting to %s:%hu (address=%s)\n",
- progName, host, port, addrBuf);
+ port = PR_ntohs(port);
+ FPRINTF(stderr, "%s: connecting to %s:%hu (address=%s)\n",
+ progName, host, port, addrBuf);
}
}
@@ -766,8 +770,9 @@ printHostNameAndAddr(const char * host, const PRNetAddr * addr)
* prints everything after it.
*/
static void
-separateReqHeader(const PRFileDesc* outFd, const char* buf, const int nb,
- PRBool *wrStarted, int *ptrnMatched) {
+separateReqHeader(const PRFileDesc *outFd, const char *buf, const int nb,
+ PRBool *wrStarted, int *ptrnMatched)
+{
/* it is sufficient to look for only "\n\r\n". Hopping that
* HTTP response format satisfies the standard */
@@ -791,7 +796,7 @@ separateReqHeader(const PRFileDesc* outFd, const char* buf, const int nb,
char *tmpPtrn = ptrnStr + (3 - strSize);
if (PL_strncmp(buf, tmpPtrn, strSize) == 0) {
/* print the rest of the buffer(without the fragment) */
- PR_Write((void*)outFd, buf + strSize, nb - strSize);
+ PR_Write((void *)outFd, buf + strSize, nb - strSize);
*wrStarted = PR_TRUE;
return;
}
@@ -811,7 +816,7 @@ separateReqHeader(const PRFileDesc* outFd, const char* buf, const int nb,
* and print the rest of the buffer */
int newBn = nb - (resPtr - buf + 3); /* 3 is the length of "\n\r\n" */
- PR_Write((void*)outFd, resPtr + 3, newBn);
+ PR_Write((void *)outFd, resPtr + 3, newBn);
*wrStarted = PR_TRUE;
return;
} else {
@@ -819,15 +824,15 @@ separateReqHeader(const PRFileDesc* outFd, const char* buf, const int nb,
* if found, set *ptrnMatched to the number of chars left to find
* in the next buffer.*/
int i;
- for(i = 1 ;i < 3;i++) {
+ for (i = 1; i < 3; i++) {
char *bufPrt;
int strSize = 3 - i;
-
+
if (strSize > nb) {
continue;
}
- bufPrt = (char*)(buf + nb - strSize);
-
+ bufPrt = (char *)(buf + nb - strSize);
+
if (PL_strncmp(bufPrt, ptrnStr, strSize) == 0) {
*ptrnMatched = i;
return;
@@ -839,28 +844,28 @@ separateReqHeader(const PRFileDesc* outFd, const char* buf, const int nb,
#define SSOCK_FD 0
#define STDIN_FD 1
-#define HEXCHAR_TO_INT(c, i) \
- if (((c) >= '0') && ((c) <= '9')) { \
- i = (c) - '0'; \
+#define HEXCHAR_TO_INT(c, i) \
+ if (((c) >= '0') && ((c) <= '9')) { \
+ i = (c) - '0'; \
} else if (((c) >= 'a') && ((c) <= 'f')) { \
- i = (c) - 'a' + 10; \
+ i = (c) - 'a' + 10; \
} else if (((c) >= 'A') && ((c) <= 'F')) { \
- i = (c) - 'A' + 10; \
- } else { \
- Usage(progName); \
+ i = (c) - 'A' + 10; \
+ } else { \
+ Usage(progName); \
}
static SECStatus
-restartHandshakeAfterServerCertIfNeeded(PRFileDesc * fd,
- ServerCertAuth * serverCertAuth,
+restartHandshakeAfterServerCertIfNeeded(PRFileDesc *fd,
+ ServerCertAuth *serverCertAuth,
PRBool override)
{
SECStatus rv;
PRErrorCode error;
-
+
if (!serverCertAuth->isPaused)
- return SECSuccess;
-
+ return SECSuccess;
+
FPRINTF(stderr, "%s: handshake was paused by auth certificate hook\n",
progName);
@@ -886,49 +891,50 @@ restartHandshakeAfterServerCertIfNeeded(PRFileDesc * fd,
return rv;
}
-
-int main(int argc, char **argv)
+
+int
+main(int argc, char **argv)
{
- PRFileDesc * s;
- PRFileDesc * std_out;
- char * host = NULL;
- char * certDir = NULL;
- char * nickname = NULL;
- char * cipherString = NULL;
- char * tmp;
- int multiplier = 0;
- SECStatus rv;
- PRStatus status;
- PRInt32 filesReady;
- int npds;
- int override = 0;
- SSLVersionRange enabledVersions;
- int bypassPKCS11 = 0;
- int disableLocking = 0;
- int useExportPolicy = 0;
- int enableSessionTickets = 0;
- int enableCompression = 0;
- int enableFalseStart = 0;
- int enableCertStatus = 0;
- int enableSignedCertTimestamps = 0;
- int forceFallbackSCSV = 0;
- int enableExtendedMasterSecret = 0;
+ PRFileDesc *s;
+ PRFileDesc *std_out;
+ char *host = NULL;
+ char *certDir = NULL;
+ char *nickname = NULL;
+ char *cipherString = NULL;
+ char *tmp;
+ int multiplier = 0;
+ SECStatus rv;
+ PRStatus status;
+ PRInt32 filesReady;
+ int npds;
+ int override = 0;
+ SSLVersionRange enabledVersions;
+ int bypassPKCS11 = 0;
+ int disableLocking = 0;
+ int useExportPolicy = 0;
+ int enableSessionTickets = 0;
+ int enableCompression = 0;
+ int enableFalseStart = 0;
+ int enableCertStatus = 0;
+ int enableSignedCertTimestamps = 0;
+ int forceFallbackSCSV = 0;
+ int enableExtendedMasterSecret = 0;
PRSocketOptionData opt;
- PRNetAddr addr;
- PRPollDesc pollset[2];
- PRBool allowIPv4 = PR_TRUE;
- PRBool allowIPv6 = PR_TRUE;
- PRBool pingServerFirst = PR_FALSE;
- int pingTimeoutSeconds = -1;
- PRBool clientSpeaksFirst = PR_FALSE;
- PRBool wrStarted = PR_FALSE;
- PRBool skipProtoHeader = PR_FALSE;
- ServerCertAuth serverCertAuth;
- int headerSeparatorPtrnId = 0;
- int error = 0;
- PRUint16 portno = 443;
- char * hs1SniHostName = NULL;
- char * hs2SniHostName = NULL;
+ PRNetAddr addr;
+ PRPollDesc pollset[2];
+ PRBool allowIPv4 = PR_TRUE;
+ PRBool allowIPv6 = PR_TRUE;
+ PRBool pingServerFirst = PR_FALSE;
+ int pingTimeoutSeconds = -1;
+ PRBool clientSpeaksFirst = PR_FALSE;
+ PRBool wrStarted = PR_FALSE;
+ PRBool skipProtoHeader = PR_FALSE;
+ ServerCertAuth serverCertAuth;
+ int headerSeparatorPtrnId = 0;
+ int error = 0;
+ PRUint16 portno = 443;
+ char *hs1SniHostName = NULL;
+ char *hs2SniHostName = NULL;
PLOptState *optstate;
PLOptStatus optstatus;
PRStatus prStatus;
@@ -947,15 +953,15 @@ int main(int argc, char **argv)
progName = strrchr(argv[0], '/');
if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
+ progName = strrchr(argv[0], '\\');
+ progName = progName ? progName + 1 : argv[0];
tmp = PR_GetEnvSecure("NSS_DEBUG_TIMEOUT");
if (tmp && tmp[0]) {
- int sec = PORT_Atoi(tmp);
- if (sec > 0) {
- maxInterval = PR_SecondsToInterval(sec);
- }
+ int sec = PORT_Atoi(tmp);
+ if (sec > 0) {
+ maxInterval = PR_SecondsToInterval(sec);
+ }
}
SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
@@ -963,140 +969,213 @@ int main(int argc, char **argv)
optstate = PL_CreateOptState(argc, argv,
"46BCDFGKM:OR:STUV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case '?':
- default : Usage(progName); break;
+ switch (optstate->option) {
+ case '?':
+ default:
+ Usage(progName);
+ break;
- case '4': allowIPv6 = PR_FALSE; if (!allowIPv4) Usage(progName); break;
- case '6': allowIPv4 = PR_FALSE; if (!allowIPv6) Usage(progName); break;
+ case '4':
+ allowIPv6 = PR_FALSE;
+ if (!allowIPv4)
+ Usage(progName);
+ break;
+ case '6':
+ allowIPv4 = PR_FALSE;
+ if (!allowIPv6)
+ Usage(progName);
+ break;
- case 'B': bypassPKCS11 = 1; break;
+ case 'B':
+ bypassPKCS11 = 1;
+ break;
- case 'C': ++dumpServerChain; break;
+ case 'C':
+ ++dumpServerChain;
+ break;
- case 'D': openDB = PR_FALSE; break;
+ case 'D':
+ openDB = PR_FALSE;
+ break;
- case 'F': if (serverCertAuth.testFreshStatusFromSideChannel) {
- /* parameter given twice or more */
- serverCertAuth.requireDataForIntermediates = PR_TRUE;
- }
- serverCertAuth.testFreshStatusFromSideChannel = PR_TRUE;
- break;
+ case 'F':
+ if (serverCertAuth.testFreshStatusFromSideChannel) {
+ /* parameter given twice or more */
+ serverCertAuth.requireDataForIntermediates = PR_TRUE;
+ }
+ serverCertAuth.testFreshStatusFromSideChannel = PR_TRUE;
+ break;
- case 'G': enableExtendedMasterSecret = PR_TRUE; break;
-
- case 'I': /* reserved for OCSP multi-stapling */ break;
-
- case 'O': serverCertAuth.shouldPause = PR_FALSE; break;
-
- case 'K': forceFallbackSCSV = PR_TRUE; break;
-
- case 'M': switch (atoi(optstate->value)) {
- case 1:
- serverCertAuth.allowOCSPSideChannelData = PR_TRUE;
- serverCertAuth.allowCRLSideChannelData = PR_FALSE;
- break;
- case 2:
- serverCertAuth.allowOCSPSideChannelData = PR_FALSE;
- serverCertAuth.allowCRLSideChannelData = PR_TRUE;
- break;
- case 0:
- default:
- serverCertAuth.allowOCSPSideChannelData = PR_TRUE;
- serverCertAuth.allowCRLSideChannelData = PR_TRUE;
- break;
- };
- break;
+ case 'G':
+ enableExtendedMasterSecret = PR_TRUE;
+ break;
- case 'R': rootModule = PORT_Strdup(optstate->value); break;
+ case 'I': /* reserved for OCSP multi-stapling */
+ break;
- case 'S': skipProtoHeader = PR_TRUE; break;
+ case 'O':
+ serverCertAuth.shouldPause = PR_FALSE;
+ break;
- case 'T': enableCertStatus = 1; break;
+ case 'K':
+ forceFallbackSCSV = PR_TRUE;
+ break;
- case 'U': enableSignedCertTimestamps = 1; break;
+ case 'M':
+ switch (atoi(optstate->value)) {
+ case 1:
+ serverCertAuth.allowOCSPSideChannelData = PR_TRUE;
+ serverCertAuth.allowCRLSideChannelData = PR_FALSE;
+ break;
+ case 2:
+ serverCertAuth.allowOCSPSideChannelData = PR_FALSE;
+ serverCertAuth.allowCRLSideChannelData = PR_TRUE;
+ break;
+ case 0:
+ default:
+ serverCertAuth.allowOCSPSideChannelData = PR_TRUE;
+ serverCertAuth.allowCRLSideChannelData = PR_TRUE;
+ break;
+ };
+ break;
- case 'V': if (SECU_ParseSSLVersionRangeString(optstate->value,
- enabledVersions, &enabledVersions) != SECSuccess) {
- Usage(progName);
- }
- break;
+ case 'R':
+ rootModule = PORT_Strdup(optstate->value);
+ break;
- case 'Y': PrintCipherUsage(progName); exit(0); break;
+ case 'S':
+ skipProtoHeader = PR_TRUE;
+ break;
- case 'a': if (!hs1SniHostName) {
- hs1SniHostName = PORT_Strdup(optstate->value);
- } else if (!hs2SniHostName) {
- hs2SniHostName = PORT_Strdup(optstate->value);
- } else {
- Usage(progName);
- }
- break;
+ case 'T':
+ enableCertStatus = 1;
+ break;
- case 'b': loadDefaultRootCAs = PR_TRUE; break;
+ case 'U':
+ enableSignedCertTimestamps = 1;
+ break;
- case 'c': cipherString = PORT_Strdup(optstate->value); break;
+ case 'V':
+ if (SECU_ParseSSLVersionRangeString(optstate->value,
+ enabledVersions, &enabledVersions) !=
+ SECSuccess) {
+ Usage(progName);
+ }
+ break;
- case 'g': enableFalseStart = 1; break;
+ case 'Y':
+ PrintCipherUsage(progName);
+ exit(0);
+ break;
- case 'd': certDir = PORT_Strdup(optstate->value); break;
+ case 'a':
+ if (!hs1SniHostName) {
+ hs1SniHostName = PORT_Strdup(optstate->value);
+ } else if (!hs2SniHostName) {
+ hs2SniHostName = PORT_Strdup(optstate->value);
+ } else {
+ Usage(progName);
+ }
+ break;
- case 'f': clientSpeaksFirst = PR_TRUE; break;
+ case 'b':
+ loadDefaultRootCAs = PR_TRUE;
+ break;
- case 'h': host = PORT_Strdup(optstate->value); break;
+ case 'c':
+ cipherString = PORT_Strdup(optstate->value);
+ break;
- case 'm':
- multiplier = atoi(optstate->value);
- if (multiplier < 0)
- multiplier = 0;
- break;
+ case 'g':
+ enableFalseStart = 1;
+ break;
+
+ case 'd':
+ certDir = PORT_Strdup(optstate->value);
+ break;
- case 'n': nickname = PORT_Strdup(optstate->value); break;
+ case 'f':
+ clientSpeaksFirst = PR_TRUE;
+ break;
- case 'o': override = 1; break;
+ case 'h':
+ host = PORT_Strdup(optstate->value);
+ break;
+
+ case 'm':
+ multiplier = atoi(optstate->value);
+ if (multiplier < 0)
+ multiplier = 0;
+ break;
+
+ case 'n':
+ nickname = PORT_Strdup(optstate->value);
+ break;
+
+ case 'o':
+ override = 1;
+ break;
+
+ case 'p':
+ portno = (PRUint16)atoi(optstate->value);
+ break;
- case 'p': portno = (PRUint16)atoi(optstate->value); break;
+ case 'q':
+ pingServerFirst = PR_TRUE;
+ break;
- case 'q': pingServerFirst = PR_TRUE; break;
+ case 's':
+ disableLocking = 1;
+ break;
- case 's': disableLocking = 1; break;
-
- case 't': pingTimeoutSeconds = atoi(optstate->value); break;
+ case 't':
+ pingTimeoutSeconds = atoi(optstate->value);
+ break;
- case 'u': enableSessionTickets = PR_TRUE; break;
+ case 'u':
+ enableSessionTickets = PR_TRUE;
+ break;
- case 'v': verbose++; break;
+ case 'v':
+ verbose++;
+ break;
- case 'r': renegotiationsToDo = atoi(optstate->value); break;
+ case 'r':
+ renegotiationsToDo = atoi(optstate->value);
+ break;
- case 'w':
+ case 'w':
pwdata.source = PW_PLAINTEXT;
- pwdata.data = PORT_Strdup(optstate->value);
- break;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
- case 'W':
+ case 'W':
pwdata.source = PW_FROMFILE;
pwdata.data = PORT_Strdup(optstate->value);
break;
- case 'x': useExportPolicy = 1; break;
+ case 'x':
+ useExportPolicy = 1;
+ break;
- case 'z': enableCompression = 1; break;
- }
+ case 'z':
+ enableCompression = 1;
+ break;
+ }
}
PL_DestroyOptState(optstate);
if (optstatus == PL_OPT_BAD)
- Usage(progName);
+ Usage(progName);
if (!host || !portno) {
fprintf(stderr, "%s: parameters -h and -p are mandatory\n", progName);
- Usage(progName);
+ Usage(progName);
}
- if (serverCertAuth.testFreshStatusFromSideChannel
- && serverCertAuth.shouldPause) {
+ if (serverCertAuth.testFreshStatusFromSideChannel &&
+ serverCertAuth.shouldPause) {
fprintf(stderr, "%s: -F requires the use of -O\n", progName);
exit(1);
}
@@ -1111,87 +1190,87 @@ int main(int argc, char **argv)
exit(1);
}
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
PK11_SetPasswordFunc(SECU_GetModulePassword);
status = PR_StringToNetAddr(host, &addr);
if (status == PR_SUCCESS) {
- addr.inet.port = PR_htons(portno);
+ addr.inet.port = PR_htons(portno);
} else {
- /* Lookup host */
- PRAddrInfo *addrInfo;
- void *enumPtr = NULL;
-
- addrInfo = PR_GetAddrInfoByName(host, PR_AF_UNSPEC,
- PR_AI_ADDRCONFIG | PR_AI_NOCANONNAME);
- if (!addrInfo) {
- SECU_PrintError(progName, "error looking up host");
- return 1;
- }
- for (;;) {
- enumPtr = PR_EnumerateAddrInfo(enumPtr, addrInfo, portno, &addr);
- if (enumPtr == NULL)
- break;
- if (addr.raw.family == PR_AF_INET && allowIPv4)
- break;
- if (addr.raw.family == PR_AF_INET6 && allowIPv6)
- break;
- }
- PR_FreeAddrInfo(addrInfo);
- if (enumPtr == NULL) {
- SECU_PrintError(progName, "error looking up host address");
- return 1;
- }
+ /* Lookup host */
+ PRAddrInfo *addrInfo;
+ void *enumPtr = NULL;
+
+ addrInfo = PR_GetAddrInfoByName(host, PR_AF_UNSPEC,
+ PR_AI_ADDRCONFIG | PR_AI_NOCANONNAME);
+ if (!addrInfo) {
+ SECU_PrintError(progName, "error looking up host");
+ return 1;
+ }
+ for (;;) {
+ enumPtr = PR_EnumerateAddrInfo(enumPtr, addrInfo, portno, &addr);
+ if (enumPtr == NULL)
+ break;
+ if (addr.raw.family == PR_AF_INET && allowIPv4)
+ break;
+ if (addr.raw.family == PR_AF_INET6 && allowIPv6)
+ break;
+ }
+ PR_FreeAddrInfo(addrInfo);
+ if (enumPtr == NULL) {
+ SECU_PrintError(progName, "error looking up host address");
+ return 1;
+ }
}
printHostNameAndAddr(host, &addr);
if (pingServerFirst) {
- int iter = 0;
- PRErrorCode err;
+ int iter = 0;
+ PRErrorCode err;
int max_attempts = MAX_WAIT_FOR_SERVER;
if (pingTimeoutSeconds >= 0) {
- /* If caller requested a timeout, let's try just twice. */
- max_attempts = 2;
+ /* If caller requested a timeout, let's try just twice. */
+ max_attempts = 2;
}
- do {
+ do {
PRIntervalTime timeoutInterval = PR_INTERVAL_NO_TIMEOUT;
- s = PR_OpenTCPSocket(addr.raw.family);
- if (s == NULL) {
- SECU_PrintError(progName, "Failed to create a TCP socket");
- }
- opt.option = PR_SockOpt_Nonblocking;
- opt.value.non_blocking = PR_FALSE;
- prStatus = PR_SetSocketOption(s, &opt);
- if (prStatus != PR_SUCCESS) {
- PR_Close(s);
- SECU_PrintError(progName,
- "Failed to set blocking socket option");
- return 1;
- }
+ s = PR_OpenTCPSocket(addr.raw.family);
+ if (s == NULL) {
+ SECU_PrintError(progName, "Failed to create a TCP socket");
+ }
+ opt.option = PR_SockOpt_Nonblocking;
+ opt.value.non_blocking = PR_FALSE;
+ prStatus = PR_SetSocketOption(s, &opt);
+ if (prStatus != PR_SUCCESS) {
+ PR_Close(s);
+ SECU_PrintError(progName,
+ "Failed to set blocking socket option");
+ return 1;
+ }
if (pingTimeoutSeconds >= 0) {
- timeoutInterval = PR_SecondsToInterval(pingTimeoutSeconds);
+ timeoutInterval = PR_SecondsToInterval(pingTimeoutSeconds);
+ }
+ prStatus = PR_Connect(s, &addr, timeoutInterval);
+ if (prStatus == PR_SUCCESS) {
+ PR_Shutdown(s, PR_SHUTDOWN_BOTH);
+ PR_Close(s);
+ PR_Cleanup();
+ return 0;
+ }
+ err = PR_GetError();
+ if ((err != PR_CONNECT_REFUSED_ERROR) &&
+ (err != PR_CONNECT_RESET_ERROR)) {
+ SECU_PrintError(progName, "TCP Connection failed");
+ return 1;
}
- prStatus = PR_Connect(s, &addr, timeoutInterval);
- if (prStatus == PR_SUCCESS) {
- PR_Shutdown(s, PR_SHUTDOWN_BOTH);
- PR_Close(s);
- PR_Cleanup();
- return 0;
- }
- err = PR_GetError();
- if ((err != PR_CONNECT_REFUSED_ERROR) &&
- (err != PR_CONNECT_RESET_ERROR)) {
- SECU_PrintError(progName, "TCP Connection failed");
- return 1;
- }
- PR_Close(s);
- PR_Sleep(PR_MillisecondsToInterval(WAIT_INTERVAL));
- } while (++iter < max_attempts);
- SECU_PrintError(progName,
- "Client timed out while waiting for connection to server");
- return 1;
+ PR_Close(s);
+ PR_Sleep(PR_MillisecondsToInterval(WAIT_INTERVAL));
+ } while (++iter < max_attempts);
+ SECU_PrintError(progName,
+ "Client timed out while waiting for connection to server");
+ return 1;
}
/* open the cert DB, the key DB, and the secmod DB. */
@@ -1205,24 +1284,24 @@ int main(int argc, char **argv)
}
if (openDB) {
- rv = NSS_Init(certDir);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "unable to open cert database");
- return 1;
- }
+ rv = NSS_Init(certDir);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "unable to open cert database");
+ return 1;
+ }
} else {
- rv = NSS_NoDB_Init(NULL);
- if (rv != SECSuccess) {
- SECU_PrintError(progName, "failed to initialize NSS");
- return 1;
- }
+ rv = NSS_NoDB_Init(NULL);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "failed to initialize NSS");
+ return 1;
+ }
}
if (loadDefaultRootCAs) {
- SECMOD_AddNewModule("Builtins",
- DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0);
+ SECMOD_AddNewModule("Builtins",
+ DLL_PREFIX "nssckbi." DLL_SUFFIX, 0, 0);
} else if (rootModule) {
- SECMOD_AddNewModule("Builtins", rootModule, 0, 0);
+ SECMOD_AddNewModule("Builtins", rootModule, 0, 0);
}
/* set the policy bits true for all the cipher suites. */
@@ -1240,8 +1319,8 @@ int main(int argc, char **argv)
/* Create socket */
s = PR_OpenTCPSocket(addr.raw.family);
if (s == NULL) {
- SECU_PrintError(progName, "error creating socket");
- return 1;
+ SECU_PrintError(progName, "error creating socket");
+ return 1;
}
opt.option = PR_SockOpt_Nonblocking;
@@ -1254,63 +1333,63 @@ int main(int argc, char **argv)
s = SSL_ImportFD(NULL, s);
if (s == NULL) {
- SECU_PrintError(progName, "error importing socket");
- return 1;
+ SECU_PrintError(progName, "error importing socket");
+ return 1;
}
rv = SSL_OptionSet(s, SSL_SECURITY, 1);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error enabling socket");
- return 1;
+ return 1;
}
rv = SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, 1);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "error enabling client handshake");
- return 1;
+ SECU_PrintError(progName, "error enabling client handshake");
+ return 1;
}
/* all SSL3 cipher suites are enabled by default. */
if (cipherString) {
- char *cstringSaved = cipherString;
- int ndx;
+ char *cstringSaved = cipherString;
+ int ndx;
- while (0 != (ndx = *cipherString++)) {
+ while (0 != (ndx = *cipherString++)) {
int cipher = 0;
- if (ndx == ':') {
- int ctmp = 0;
-
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= (ctmp << 12);
- cipherString++;
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= (ctmp << 8);
- cipherString++;
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= (ctmp << 4);
- cipherString++;
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= ctmp;
- cipherString++;
- } else {
- if (! isalpha(ndx))
- Usage(progName);
+ if (ndx == ':') {
+ int ctmp = 0;
+
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= (ctmp << 12);
+ cipherString++;
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= (ctmp << 8);
+ cipherString++;
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= (ctmp << 4);
+ cipherString++;
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= ctmp;
+ cipherString++;
+ } else {
+ if (!isalpha(ndx))
+ Usage(progName);
ndx = tolower(ndx) - 'a';
if (ndx < PR_ARRAY_SIZE(ssl3CipherSuites)) {
cipher = ssl3CipherSuites[ndx];
}
- }
- if (cipher > 0) {
- SECStatus status;
- status = SSL_CipherPrefSet(s, cipher, SSL_ALLOWED);
- if (status != SECSuccess)
- SECU_PrintError(progName, "SSL_CipherPrefSet()");
- } else {
- Usage(progName);
- }
- }
- PORT_Free(cstringSaved);
+ }
+ if (cipher > 0) {
+ SECStatus status;
+ status = SSL_CipherPrefSet(s, cipher, SSL_ALLOWED);
+ if (status != SECSuccess)
+ SECU_PrintError(progName, "SSL_CipherPrefSet()");
+ } else {
+ Usage(progName);
+ }
+ }
+ PORT_Free(cstringSaved);
}
rv = SSL_VersionRangeSet(s, &enabledVersions);
@@ -1322,36 +1401,36 @@ int main(int argc, char **argv)
/* enable PKCS11 bypass */
rv = SSL_OptionSet(s, SSL_BYPASS_PKCS11, bypassPKCS11);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "error enabling PKCS11 bypass");
- return 1;
+ SECU_PrintError(progName, "error enabling PKCS11 bypass");
+ return 1;
}
/* disable SSL socket locking */
rv = SSL_OptionSet(s, SSL_NO_LOCKS, disableLocking);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "error disabling SSL socket locking");
- return 1;
+ SECU_PrintError(progName, "error disabling SSL socket locking");
+ return 1;
}
/* enable Session Ticket extension. */
rv = SSL_OptionSet(s, SSL_ENABLE_SESSION_TICKETS, enableSessionTickets);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "error enabling Session Ticket extension");
- return 1;
+ SECU_PrintError(progName, "error enabling Session Ticket extension");
+ return 1;
}
/* enable compression. */
rv = SSL_OptionSet(s, SSL_ENABLE_DEFLATE, enableCompression);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "error enabling compression");
- return 1;
+ SECU_PrintError(progName, "error enabling compression");
+ return 1;
}
/* enable false start. */
rv = SSL_OptionSet(s, SSL_ENABLE_FALSE_START, enableFalseStart);
if (rv != SECSuccess) {
- SECU_PrintError(progName, "error enabling false start");
- return 1;
+ SECU_PrintError(progName, "error enabling false start");
+ return 1;
}
if (forceFallbackSCSV) {
@@ -1370,17 +1449,17 @@ int main(int argc, char **argv)
}
/* enable extended master secret mode */
- if (enableExtendedMasterSecret) {
+ if (enableExtendedMasterSecret) {
rv = SSL_OptionSet(s, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
- if (rv != SECSuccess) {
+ if (rv != SECSuccess) {
SECU_PrintError(progName, "error enabling extended master secret");
return 1;
- }
+ }
}
/* enable Signed Certificate Timestamps. */
rv = SSL_OptionSet(s, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
- enableSignedCertTimestamps);
+ enableSignedCertTimestamps);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error enabling signed cert timestamps");
return 1;
@@ -1392,7 +1471,7 @@ int main(int argc, char **argv)
SSL_AuthCertificateHook(s, ownAuthCertificate, &serverCertAuth);
if (override) {
- SSL_BadCertHook(s, ownBadCertHandler, NULL);
+ SSL_BadCertHook(s, ownBadCertHandler, NULL);
}
SSL_GetClientAuthDataHook(s, own_GetClientAuthData, (void *)nickname);
SSL_HandshakeCallback(s, handshakeCallback, hs2SniHostName);
@@ -1405,82 +1484,82 @@ int main(int argc, char **argv)
/* Try to connect to the server */
status = PR_Connect(s, &addr, PR_INTERVAL_NO_TIMEOUT);
if (status != PR_SUCCESS) {
- if (PR_GetError() == PR_IN_PROGRESS_ERROR) {
- if (verbose)
- SECU_PrintError(progName, "connect");
- milliPause(50 * multiplier);
- pollset[SSOCK_FD].in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
- pollset[SSOCK_FD].out_flags = 0;
- pollset[SSOCK_FD].fd = s;
- while(1) {
- FPRINTF(stderr,
- "%s: about to call PR_Poll for connect completion!\n",
- progName);
- filesReady = PR_Poll(pollset, 1, PR_INTERVAL_NO_TIMEOUT);
- if (filesReady < 0) {
- SECU_PrintError(progName, "unable to connect (poll)");
- return 1;
- }
- FPRINTF(stderr,
- "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
- progName, pollset[SSOCK_FD].out_flags);
- if (filesReady == 0) { /* shouldn't happen! */
- FPRINTF(stderr, "%s: PR_Poll returned zero!\n", progName);
- return 1;
- }
- status = PR_GetConnectStatus(pollset);
- if (status == PR_SUCCESS) {
- break;
- }
- if (PR_GetError() != PR_IN_PROGRESS_ERROR) {
- SECU_PrintError(progName, "unable to connect (poll)");
- return 1;
- }
- SECU_PrintError(progName, "poll");
- milliPause(50 * multiplier);
- }
- } else {
- SECU_PrintError(progName, "unable to connect");
- return 1;
- }
- }
-
- pollset[SSOCK_FD].fd = s;
- pollset[SSOCK_FD].in_flags = PR_POLL_EXCEPT |
- (clientSpeaksFirst ? 0 : PR_POLL_READ);
- pollset[STDIN_FD].fd = PR_GetSpecialFD(PR_StandardInput);
- pollset[STDIN_FD].in_flags = PR_POLL_READ;
- npds = 2;
- std_out = PR_GetSpecialFD(PR_StandardOutput);
+ if (PR_GetError() == PR_IN_PROGRESS_ERROR) {
+ if (verbose)
+ SECU_PrintError(progName, "connect");
+ milliPause(50 * multiplier);
+ pollset[SSOCK_FD].in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
+ pollset[SSOCK_FD].out_flags = 0;
+ pollset[SSOCK_FD].fd = s;
+ while (1) {
+ FPRINTF(stderr,
+ "%s: about to call PR_Poll for connect completion!\n",
+ progName);
+ filesReady = PR_Poll(pollset, 1, PR_INTERVAL_NO_TIMEOUT);
+ if (filesReady < 0) {
+ SECU_PrintError(progName, "unable to connect (poll)");
+ return 1;
+ }
+ FPRINTF(stderr,
+ "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
+ progName, pollset[SSOCK_FD].out_flags);
+ if (filesReady == 0) { /* shouldn't happen! */
+ FPRINTF(stderr, "%s: PR_Poll returned zero!\n", progName);
+ return 1;
+ }
+ status = PR_GetConnectStatus(pollset);
+ if (status == PR_SUCCESS) {
+ break;
+ }
+ if (PR_GetError() != PR_IN_PROGRESS_ERROR) {
+ SECU_PrintError(progName, "unable to connect (poll)");
+ return 1;
+ }
+ SECU_PrintError(progName, "poll");
+ milliPause(50 * multiplier);
+ }
+ } else {
+ SECU_PrintError(progName, "unable to connect");
+ return 1;
+ }
+ }
+
+ pollset[SSOCK_FD].fd = s;
+ pollset[SSOCK_FD].in_flags = PR_POLL_EXCEPT |
+ (clientSpeaksFirst ? 0 : PR_POLL_READ);
+ pollset[STDIN_FD].fd = PR_GetSpecialFD(PR_StandardInput);
+ pollset[STDIN_FD].in_flags = PR_POLL_READ;
+ npds = 2;
+ std_out = PR_GetSpecialFD(PR_StandardOutput);
#if defined(WIN32) || defined(OS2)
- /* PR_Poll cannot be used with stdin on Windows or OS/2. (sigh).
+ /* PR_Poll cannot be used with stdin on Windows or OS/2. (sigh).
** But use of PR_Poll and non-blocking sockets is a major feature
- ** of this program. So, we simulate a pollable stdin with a
- ** TCP socket pair and a thread that reads stdin and writes to
+ ** of this program. So, we simulate a pollable stdin with a
+ ** TCP socket pair and a thread that reads stdin and writes to
** that socket pair.
*/
- {
- PRFileDesc * fds[2];
- PRThread * thread;
-
- int nspr_rv = PR_NewTCPSocketPair(fds);
- if (nspr_rv != PR_SUCCESS) {
- SECU_PrintError(progName, "PR_NewTCPSocketPair failed");
- error = 1;
- goto done;
- }
- pollset[STDIN_FD].fd = fds[1];
-
- thread = PR_CreateThread(PR_USER_THREAD, thread_main, fds[0],
- PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
- PR_UNJOINABLE_THREAD, 0);
- if (!thread) {
- SECU_PrintError(progName, "PR_CreateThread failed");
- error = 1;
- goto done;
- }
- }
+ {
+ PRFileDesc *fds[2];
+ PRThread *thread;
+
+ int nspr_rv = PR_NewTCPSocketPair(fds);
+ if (nspr_rv != PR_SUCCESS) {
+ SECU_PrintError(progName, "PR_NewTCPSocketPair failed");
+ error = 1;
+ goto done;
+ }
+ pollset[STDIN_FD].fd = fds[1];
+
+ thread = PR_CreateThread(PR_USER_THREAD, thread_main, fds[0],
+ PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+ PR_UNJOINABLE_THREAD, 0);
+ if (!thread) {
+ SECU_PrintError(progName, "PR_CreateThread failed");
+ error = 1;
+ goto done;
+ }
+ }
#endif
if (serverCertAuth.testFreshStatusFromSideChannel) {
@@ -1488,7 +1567,7 @@ int main(int argc, char **argv)
error = serverCertAuth.sideChannelRevocationTestResultCode;
goto done;
}
-
+
/*
** Select on stdin and on the socket. Write data from stdin to
** socket, read data from socket and write to stdout.
@@ -1496,142 +1575,142 @@ int main(int argc, char **argv)
FPRINTF(stderr, "%s: ready...\n", progName);
while (pollset[SSOCK_FD].in_flags | pollset[STDIN_FD].in_flags) {
- char buf[4000]; /* buffer for stdin */
- int nb; /* num bytes read from stdin. */
-
- rv = restartHandshakeAfterServerCertIfNeeded(s, &serverCertAuth,
- override);
- if (rv != SECSuccess) {
- error = EXIT_CODE_HANDSHAKE_FAILED;
- SECU_PrintError(progName, "authentication of server cert failed");
- goto done;
- }
-
- pollset[SSOCK_FD].out_flags = 0;
- pollset[STDIN_FD].out_flags = 0;
-
- FPRINTF(stderr, "%s: about to call PR_Poll !\n", progName);
- filesReady = PR_Poll(pollset, npds, PR_INTERVAL_NO_TIMEOUT);
- if (filesReady < 0) {
- SECU_PrintError(progName, "select failed");
- error = 1;
- goto done;
- }
- if (filesReady == 0) { /* shouldn't happen! */
- FPRINTF(stderr, "%s: PR_Poll returned zero!\n", progName);
- return 1;
- }
- FPRINTF(stderr, "%s: PR_Poll returned!\n", progName);
- if (pollset[STDIN_FD].in_flags) {
- FPRINTF(stderr,
- "%s: PR_Poll returned 0x%02x for stdin out_flags.\n",
- progName, pollset[STDIN_FD].out_flags);
- }
- if (pollset[SSOCK_FD].in_flags) {
- FPRINTF(stderr,
- "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
- progName, pollset[SSOCK_FD].out_flags);
- }
- if (pollset[STDIN_FD].out_flags & PR_POLL_READ) {
- /* Read from stdin and write to socket */
- nb = PR_Read(pollset[STDIN_FD].fd, buf, sizeof(buf));
- FPRINTF(stderr, "%s: stdin read %d bytes\n", progName, nb);
- if (nb < 0) {
- if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
- SECU_PrintError(progName, "read from stdin failed");
- error = 1;
- break;
- }
- } else if (nb == 0) {
- /* EOF on stdin, stop polling stdin for read. */
- pollset[STDIN_FD].in_flags = 0;
- } else {
- char * bufp = buf;
- FPRINTF(stderr, "%s: Writing %d bytes to server\n",
- progName, nb);
- do {
- PRInt32 cc = PR_Send(s, bufp, nb, 0, maxInterval);
- if (cc < 0) {
- PRErrorCode err = PR_GetError();
- if (err != PR_WOULD_BLOCK_ERROR) {
- SECU_PrintError(progName,
- "write to SSL socket failed");
- error = 254;
- goto done;
- }
- cc = 0;
- }
- bufp += cc;
- nb -= cc;
- if (nb <= 0)
- break;
-
- rv = restartHandshakeAfterServerCertIfNeeded(s,
- &serverCertAuth, override);
- if (rv != SECSuccess) {
- error = EXIT_CODE_HANDSHAKE_FAILED;
- SECU_PrintError(progName, "authentication of server cert failed");
- goto done;
- }
-
- pollset[SSOCK_FD].in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
- pollset[SSOCK_FD].out_flags = 0;
- FPRINTF(stderr,
- "%s: about to call PR_Poll on writable socket !\n",
- progName);
- cc = PR_Poll(pollset, 1, PR_INTERVAL_NO_TIMEOUT);
+ char buf[4000]; /* buffer for stdin */
+ int nb; /* num bytes read from stdin. */
+
+ rv = restartHandshakeAfterServerCertIfNeeded(s, &serverCertAuth,
+ override);
+ if (rv != SECSuccess) {
+ error = EXIT_CODE_HANDSHAKE_FAILED;
+ SECU_PrintError(progName, "authentication of server cert failed");
+ goto done;
+ }
+
+ pollset[SSOCK_FD].out_flags = 0;
+ pollset[STDIN_FD].out_flags = 0;
+
+ FPRINTF(stderr, "%s: about to call PR_Poll !\n", progName);
+ filesReady = PR_Poll(pollset, npds, PR_INTERVAL_NO_TIMEOUT);
+ if (filesReady < 0) {
+ SECU_PrintError(progName, "select failed");
+ error = 1;
+ goto done;
+ }
+ if (filesReady == 0) { /* shouldn't happen! */
+ FPRINTF(stderr, "%s: PR_Poll returned zero!\n", progName);
+ return 1;
+ }
+ FPRINTF(stderr, "%s: PR_Poll returned!\n", progName);
+ if (pollset[STDIN_FD].in_flags) {
+ FPRINTF(stderr,
+ "%s: PR_Poll returned 0x%02x for stdin out_flags.\n",
+ progName, pollset[STDIN_FD].out_flags);
+ }
+ if (pollset[SSOCK_FD].in_flags) {
+ FPRINTF(stderr,
+ "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
+ progName, pollset[SSOCK_FD].out_flags);
+ }
+ if (pollset[STDIN_FD].out_flags & PR_POLL_READ) {
+ /* Read from stdin and write to socket */
+ nb = PR_Read(pollset[STDIN_FD].fd, buf, sizeof(buf));
+ FPRINTF(stderr, "%s: stdin read %d bytes\n", progName, nb);
+ if (nb < 0) {
+ if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
+ SECU_PrintError(progName, "read from stdin failed");
+ error = 1;
+ break;
+ }
+ } else if (nb == 0) {
+ /* EOF on stdin, stop polling stdin for read. */
+ pollset[STDIN_FD].in_flags = 0;
+ } else {
+ char *bufp = buf;
+ FPRINTF(stderr, "%s: Writing %d bytes to server\n",
+ progName, nb);
+ do {
+ PRInt32 cc = PR_Send(s, bufp, nb, 0, maxInterval);
+ if (cc < 0) {
+ PRErrorCode err = PR_GetError();
+ if (err != PR_WOULD_BLOCK_ERROR) {
+ SECU_PrintError(progName,
+ "write to SSL socket failed");
+ error = 254;
+ goto done;
+ }
+ cc = 0;
+ }
+ bufp += cc;
+ nb -= cc;
+ if (nb <= 0)
+ break;
+
+ rv = restartHandshakeAfterServerCertIfNeeded(s,
+ &serverCertAuth, override);
+ if (rv != SECSuccess) {
+ error = EXIT_CODE_HANDSHAKE_FAILED;
+ SECU_PrintError(progName, "authentication of server cert failed");
+ goto done;
+ }
+
+ pollset[SSOCK_FD].in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
+ pollset[SSOCK_FD].out_flags = 0;
+ FPRINTF(stderr,
+ "%s: about to call PR_Poll on writable socket !\n",
+ progName);
+ cc = PR_Poll(pollset, 1, PR_INTERVAL_NO_TIMEOUT);
if (cc < 0) {
- SECU_PrintError(progName,
+ SECU_PrintError(progName,
"PR_Poll failed");
error = 1;
goto done;
}
- FPRINTF(stderr,
- "%s: PR_Poll returned with writable socket !\n",
- progName);
- } while (1);
- pollset[SSOCK_FD].in_flags = PR_POLL_READ;
- }
- }
-
- if (pollset[SSOCK_FD].in_flags) {
- FPRINTF(stderr,
- "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
- progName, pollset[SSOCK_FD].out_flags);
- }
- if ( (pollset[SSOCK_FD].out_flags & PR_POLL_READ)
- || (pollset[SSOCK_FD].out_flags & PR_POLL_ERR)
+ FPRINTF(stderr,
+ "%s: PR_Poll returned with writable socket !\n",
+ progName);
+ } while (1);
+ pollset[SSOCK_FD].in_flags = PR_POLL_READ;
+ }
+ }
+
+ if (pollset[SSOCK_FD].in_flags) {
+ FPRINTF(stderr,
+ "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
+ progName, pollset[SSOCK_FD].out_flags);
+ }
+ if ((pollset[SSOCK_FD].out_flags & PR_POLL_READ) ||
+ (pollset[SSOCK_FD].out_flags & PR_POLL_ERR)
#ifdef PR_POLL_HUP
- || (pollset[SSOCK_FD].out_flags & PR_POLL_HUP)
+ || (pollset[SSOCK_FD].out_flags & PR_POLL_HUP)
#endif
- ) {
- /* Read from socket and write to stdout */
- nb = PR_Recv(pollset[SSOCK_FD].fd, buf, sizeof buf, 0, maxInterval);
- FPRINTF(stderr, "%s: Read from server %d bytes\n", progName, nb);
- if (nb < 0) {
- if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
- SECU_PrintError(progName, "read from socket failed");
- error = 1;
- goto done;
- }
- } else if (nb == 0) {
- /* EOF from socket... stop polling socket for read */
- pollset[SSOCK_FD].in_flags = 0;
- } else {
- if (skipProtoHeader != PR_TRUE || wrStarted == PR_TRUE) {
- PR_Write(std_out, buf, nb);
- } else {
- separateReqHeader(std_out, buf, nb, &wrStarted,
- &headerSeparatorPtrnId);
- }
- if (verbose)
- fputs("\n\n", stderr);
- }
- }
- milliPause(50 * multiplier);
- }
-
- done:
+ ) {
+ /* Read from socket and write to stdout */
+ nb = PR_Recv(pollset[SSOCK_FD].fd, buf, sizeof buf, 0, maxInterval);
+ FPRINTF(stderr, "%s: Read from server %d bytes\n", progName, nb);
+ if (nb < 0) {
+ if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
+ SECU_PrintError(progName, "read from socket failed");
+ error = 1;
+ goto done;
+ }
+ } else if (nb == 0) {
+ /* EOF from socket... stop polling socket for read */
+ pollset[SSOCK_FD].in_flags = 0;
+ } else {
+ if (skipProtoHeader != PR_TRUE || wrStarted == PR_TRUE) {
+ PR_Write(std_out, buf, nb);
+ } else {
+ separateReqHeader(std_out, buf, nb, &wrStarted,
+ &headerSeparatorPtrnId);
+ }
+ if (verbose)
+ fputs("\n\n", stderr);
+ }
+ }
+ milliPause(50 * multiplier);
+ }
+
+done:
if (hs1SniHostName) {
PORT_Free(hs1SniHostName);
}
diff --git a/cmd/vfychain/vfychain.c b/cmd/vfychain/vfychain.c
index f9f1787cc..d42274c12 100644
--- a/cmd/vfychain/vfychain.c
+++ b/cmd/vfychain/vfychain.c
@@ -7,7 +7,7 @@
* some usage.
* *
* This code was modified from other code also kept in the NSS directory.
- ****************************************************************************/
+ ****************************************************************************/
#include <stdio.h>
#include <string.h>
@@ -26,7 +26,6 @@
#include "cert.h"
#include "ocsp.h"
-
/* #include <stdlib.h> */
/* #include <errno.h> */
/* #include <fcntl.h> */
@@ -43,51 +42,51 @@
int verbose;
-secuPWData pwdata = { PW_NONE, 0 };
+secuPWData pwdata = { PW_NONE, 0 };
static void
Usage(const char *progName)
{
- fprintf(stderr,
- "Usage: %s [options] [revocation options] certfile "
+ fprintf(stderr,
+ "Usage: %s [options] [revocation options] certfile "
"[[options] certfile] ...\n"
- "\tWhere options are:\n"
- "\t-a\t\t Following certfile is base64 encoded\n"
- "\t-b YYMMDDHHMMZ\t Validate date (default: now)\n"
- "\t-d directory\t Database directory\n"
- "\t-i number of consecutive verifications\n"
- "\t-f \t\t Enable cert fetching from AIA URL\n"
- "\t-o oid\t\t Set policy OID for cert validation(Format OID.1.2.3)\n"
- "\t-p \t\t Use PKIX Library to validate certificate by calling:\n"
- "\t\t\t * CERT_VerifyCertificate if specified once,\n"
- "\t\t\t * CERT_PKIXVerifyCert if specified twice and more.\n"
- "\t-r\t\t Following certfile is raw binary DER (default)\n"
- "\t-t\t\t Following cert is explicitly trusted (overrides db trust).\n"
- "\t-u usage \t 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,\n"
- "\t\t\t 4=Email signer, 5=Email recipient, 6=Object signer,\n"
- "\t\t\t 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA\n"
- "\t-T\t\t Trust both explicit trust anchors (-t) and the database.\n"
- "\t\t\t (Default is to only trust certificates marked -t, if there are any,\n"
- "\t\t\t or to trust the database if there are certificates marked -t.)\n"
- "\t-v\t\t Verbose mode. Prints root cert subject(double the\n"
- "\t\t\t argument for whole root cert info)\n"
- "\t-w password\t Database password.\n"
- "\t-W pwfile\t Password file.\n\n"
- "\tRevocation options for PKIX API(invoked with -pp options) is a\n"
- "\tcollection of the following flags:\n"
- "\t\t[-g type [-h flags] [-m type [-s flags]] ...] ...\n"
- "\tWhere:\n"
- "\t-g test type\t Sets status checking test type. Possible values\n"
- "\t\t\tare \"leaf\" or \"chain\"\n"
- "\t-h test flags\t Sets revocation flags for the test type it\n"
- "\t\t\tfollows. Possible flags: \"testLocalInfoFirst\" and\n"
- "\t\t\t\"requireFreshInfo\".\n"
- "\t-m method type\t Sets method type for the test type it follows.\n"
- "\t\t\tPossible types are \"crl\" and \"ocsp\".\n"
- "\t-s method flags\t Sets revocation flags for the method it follows.\n"
- "\t\t\tPossible types are \"doNotUse\", \"forbidFetching\",\n"
- "\t\t\t\"ignoreDefaultSrc\", \"requireInfo\" and \"failIfNoInfo\".\n",
- progName);
+ "\tWhere options are:\n"
+ "\t-a\t\t Following certfile is base64 encoded\n"
+ "\t-b YYMMDDHHMMZ\t Validate date (default: now)\n"
+ "\t-d directory\t Database directory\n"
+ "\t-i number of consecutive verifications\n"
+ "\t-f \t\t Enable cert fetching from AIA URL\n"
+ "\t-o oid\t\t Set policy OID for cert validation(Format OID.1.2.3)\n"
+ "\t-p \t\t Use PKIX Library to validate certificate by calling:\n"
+ "\t\t\t * CERT_VerifyCertificate if specified once,\n"
+ "\t\t\t * CERT_PKIXVerifyCert if specified twice and more.\n"
+ "\t-r\t\t Following certfile is raw binary DER (default)\n"
+ "\t-t\t\t Following cert is explicitly trusted (overrides db trust).\n"
+ "\t-u usage \t 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,\n"
+ "\t\t\t 4=Email signer, 5=Email recipient, 6=Object signer,\n"
+ "\t\t\t 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA\n"
+ "\t-T\t\t Trust both explicit trust anchors (-t) and the database.\n"
+ "\t\t\t (Default is to only trust certificates marked -t, if there are any,\n"
+ "\t\t\t or to trust the database if there are certificates marked -t.)\n"
+ "\t-v\t\t Verbose mode. Prints root cert subject(double the\n"
+ "\t\t\t argument for whole root cert info)\n"
+ "\t-w password\t Database password.\n"
+ "\t-W pwfile\t Password file.\n\n"
+ "\tRevocation options for PKIX API(invoked with -pp options) is a\n"
+ "\tcollection of the following flags:\n"
+ "\t\t[-g type [-h flags] [-m type [-s flags]] ...] ...\n"
+ "\tWhere:\n"
+ "\t-g test type\t Sets status checking test type. Possible values\n"
+ "\t\t\tare \"leaf\" or \"chain\"\n"
+ "\t-h test flags\t Sets revocation flags for the test type it\n"
+ "\t\t\tfollows. Possible flags: \"testLocalInfoFirst\" and\n"
+ "\t\t\t\"requireFreshInfo\".\n"
+ "\t-m method type\t Sets method type for the test type it follows.\n"
+ "\t\t\tPossible types are \"crl\" and \"ocsp\".\n"
+ "\t-s method flags\t Sets revocation flags for the method it follows.\n"
+ "\t\t\tPossible types are \"doNotUse\", \"forbidFetching\",\n"
+ "\t\t\t\"ignoreDefaultSrc\", \"requireInfo\" and \"failIfNoInfo\".\n",
+ progName);
exit(1);
}
@@ -101,7 +100,7 @@ void
errWarn(char *function)
{
fprintf(stderr, "Error in function %s: %s\n",
- function, SECU_Strerror(PR_GetError()));
+ function, SECU_Strerror(PR_GetError()));
}
void
@@ -110,21 +109,21 @@ exitErr(char *function)
errWarn(function);
/* Exit gracefully. */
/* ignoring return value of NSS_Shutdown as code exits with 1 anyway*/
- (void) NSS_Shutdown();
+ (void)NSS_Shutdown();
PR_Cleanup();
exit(1);
}
typedef struct certMemStr {
- struct certMemStr * next;
- CERTCertificate * cert;
+ struct certMemStr *next;
+ CERTCertificate *cert;
} certMem;
-certMem * theCerts;
+certMem *theCerts;
CERTCertList *trustedCertList;
void
-rememberCert(CERTCertificate * cert, PRBool trusted)
+rememberCert(CERTCertificate *cert, PRBool trusted)
{
if (trusted) {
if (!trustedCertList) {
@@ -132,7 +131,7 @@ rememberCert(CERTCertificate * cert, PRBool trusted)
}
CERT_AddCertToListTail(trustedCertList, cert);
} else {
- certMem * newCertMem = PORT_ZNew(certMem);
+ certMem *newCertMem = PORT_ZNew(certMem);
if (newCertMem) {
newCertMem->next = theCerts;
newCertMem->cert = cert;
@@ -144,27 +143,26 @@ rememberCert(CERTCertificate * cert, PRBool trusted)
void
forgetCerts(void)
{
- certMem * oldCertMem;
+ certMem *oldCertMem;
while (theCerts) {
- oldCertMem = theCerts;
- theCerts = theCerts->next;
- CERT_DestroyCertificate(oldCertMem->cert);
- PORT_Free(oldCertMem);
+ oldCertMem = theCerts;
+ theCerts = theCerts->next;
+ CERT_DestroyCertificate(oldCertMem->cert);
+ PORT_Free(oldCertMem);
}
if (trustedCertList) {
CERT_DestroyCertList(trustedCertList);
}
}
-
CERTCertificate *
-getCert(const char *name, PRBool isAscii, const char * progName)
+getCert(const char *name, PRBool isAscii, const char *progName)
{
- CERTCertificate * cert;
+ CERTCertificate *cert;
CERTCertDBHandle *defaultDB;
- PRFileDesc* fd;
- SECStatus rv;
- SECItem item = {0, NULL, 0};
+ PRFileDesc *fd;
+ SECStatus rv;
+ SECItem item = { 0, NULL, 0 };
defaultDB = CERT_GetDefaultCertDB();
@@ -176,60 +174,59 @@ getCert(const char *name, PRBool isAscii, const char * progName)
/* Don't have a cert with name "name" in the DB. Try to
* open a file with such name and get the cert from there.*/
- fd = PR_Open(name, PR_RDONLY, 0777);
+ fd = PR_Open(name, PR_RDONLY, 0777);
if (!fd) {
- PRErrorCode err = PR_GetError();
- fprintf(stderr, "open of %s failed, %d = %s\n",
- name, err, SECU_Strerror(err));
- return cert;
+ PRErrorCode err = PR_GetError();
+ fprintf(stderr, "open of %s failed, %d = %s\n",
+ name, err, SECU_Strerror(err));
+ return cert;
}
rv = SECU_ReadDERFromFile(&item, fd, isAscii, PR_FALSE);
PR_Close(fd);
if (rv != SECSuccess) {
- fprintf(stderr, "%s: SECU_ReadDERFromFile failed\n", progName);
- return cert;
+ fprintf(stderr, "%s: SECU_ReadDERFromFile failed\n", progName);
+ return cert;
}
if (!item.len) { /* file was empty */
- fprintf(stderr, "cert file %s was empty.\n", name);
- return cert;
+ fprintf(stderr, "cert file %s was empty.\n", name);
+ return cert;
}
- cert = CERT_NewTempCertificate(defaultDB, &item,
- NULL /* nickname */,
- PR_FALSE /* isPerm */,
- PR_TRUE /* copyDER */);
+ cert = CERT_NewTempCertificate(defaultDB, &item,
+ NULL /* nickname */,
+ PR_FALSE /* isPerm */,
+ PR_TRUE /* copyDER */);
if (!cert) {
- PRErrorCode err = PR_GetError();
- fprintf(stderr, "couldn't import %s, %d = %s\n",
- name, err, SECU_Strerror(err));
+ PRErrorCode err = PR_GetError();
+ fprintf(stderr, "couldn't import %s, %d = %s\n",
+ name, err, SECU_Strerror(err));
}
PORT_Free(item.data);
return cert;
}
+#define REVCONFIG_TEST_UNDEFINED 0
+#define REVCONFIG_TEST_LEAF 1
+#define REVCONFIG_TEST_CHAIN 2
+#define REVCONFIG_METHOD_CRL 1
+#define REVCONFIG_METHOD_OCSP 2
-#define REVCONFIG_TEST_UNDEFINED 0
-#define REVCONFIG_TEST_LEAF 1
-#define REVCONFIG_TEST_CHAIN 2
-#define REVCONFIG_METHOD_CRL 1
-#define REVCONFIG_METHOD_OCSP 2
-
-#define REVCONFIG_TEST_LEAF_STR "leaf"
-#define REVCONFIG_TEST_CHAIN_STR "chain"
-#define REVCONFIG_METHOD_CRL_STR "crl"
-#define REVCONFIG_METHOD_OCSP_STR "ocsp"
+#define REVCONFIG_TEST_LEAF_STR "leaf"
+#define REVCONFIG_TEST_CHAIN_STR "chain"
+#define REVCONFIG_METHOD_CRL_STR "crl"
+#define REVCONFIG_METHOD_OCSP_STR "ocsp"
-#define REVCONFIG_TEST_TESTLOCALINFOFIRST_STR "testLocalInfoFirst"
-#define REVCONFIG_TEST_REQUIREFRESHINFO_STR "requireFreshInfo"
-#define REVCONFIG_METHOD_DONOTUSEMETHOD_STR "doNotUse"
+#define REVCONFIG_TEST_TESTLOCALINFOFIRST_STR "testLocalInfoFirst"
+#define REVCONFIG_TEST_REQUIREFRESHINFO_STR "requireFreshInfo"
+#define REVCONFIG_METHOD_DONOTUSEMETHOD_STR "doNotUse"
#define REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR "forbidFetching"
-#define REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR "ignoreDefaultSrc"
-#define REVCONFIG_METHOD_REQUIREINFO_STR "requireInfo"
-#define REVCONFIG_METHOD_FAILIFNOINFO_STR "failIfNoInfo"
+#define REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR "ignoreDefaultSrc"
+#define REVCONFIG_METHOD_REQUIREINFO_STR "requireInfo"
+#define REVCONFIG_METHOD_FAILIFNOINFO_STR "failIfNoInfo"
-#define REV_METHOD_INDEX_MAX 4
+#define REV_METHOD_INDEX_MAX 4
typedef struct RevMethodsStruct {
unsigned int testType;
@@ -250,7 +247,7 @@ parseRevMethodsAndFlags()
int i;
unsigned int testType = 0;
- for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
+ for (i = 0; i < REV_METHOD_INDEX_MAX; i++) {
/* testType */
if (revMethodsData[i].testTypeStr) {
char *typeStr = revMethodsData[i].testTypeStr;
@@ -273,7 +270,7 @@ parseRevMethodsAndFlags()
if (PORT_Strstr(flagStr, REVCONFIG_TEST_TESTLOCALINFOFIRST_STR)) {
testFlags |= CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
- }
+ }
if (PORT_Strstr(flagStr, REVCONFIG_TEST_REQUIREFRESHINFO_STR)) {
testFlags |= CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
}
@@ -283,7 +280,7 @@ parseRevMethodsAndFlags()
if (revMethodsData[i].methodTypeStr) {
char *methodStr = revMethodsData[i].methodTypeStr;
unsigned int methodType = 0;
-
+
if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_CRL_STR)) {
methodType = REVCONFIG_METHOD_CRL;
} else if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_OCSP_STR)) {
@@ -305,7 +302,7 @@ parseRevMethodsAndFlags()
if (!PORT_Strstr(flagStr, REVCONFIG_METHOD_DONOTUSEMETHOD_STR)) {
methodFlags |= CERT_REV_M_TEST_USING_THIS_METHOD;
- }
+ }
if (PORT_Strstr(flagStr,
REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR)) {
methodFlags |= CERT_REV_M_FORBID_NETWORK_FETCHING;
@@ -330,48 +327,48 @@ parseRevMethodsAndFlags()
SECStatus
configureRevocationParams(CERTRevocationFlags *flags)
{
- int i;
- unsigned int testType = REVCONFIG_TEST_UNDEFINED;
- static CERTRevocationTests *revTests = NULL;
- PRUint64 *revFlags = NULL;
-
- for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
- if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) {
- continue;
- }
- if (revMethodsData[i].testType != testType) {
- testType = revMethodsData[i].testType;
- if (testType == REVCONFIG_TEST_CHAIN) {
- revTests = &flags->chainTests;
- } else {
- revTests = &flags->leafTests;
- }
- revTests->number_of_preferred_methods = 0;
- revTests->preferred_methods = 0;
- revFlags = revTests->cert_rev_flags_per_method;
- }
- /* Set the number of the methods independently to the max number of
+ int i;
+ unsigned int testType = REVCONFIG_TEST_UNDEFINED;
+ static CERTRevocationTests *revTests = NULL;
+ PRUint64 *revFlags = NULL;
+
+ for (i = 0; i < REV_METHOD_INDEX_MAX; i++) {
+ if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) {
+ continue;
+ }
+ if (revMethodsData[i].testType != testType) {
+ testType = revMethodsData[i].testType;
+ if (testType == REVCONFIG_TEST_CHAIN) {
+ revTests = &flags->chainTests;
+ } else {
+ revTests = &flags->leafTests;
+ }
+ revTests->number_of_preferred_methods = 0;
+ revTests->preferred_methods = 0;
+ revFlags = revTests->cert_rev_flags_per_method;
+ }
+ /* Set the number of the methods independently to the max number of
* methods. If method flags are not set it will be ignored due to
* default DO_NOT_USE flag. */
- revTests->number_of_defined_methods = cert_revocation_method_count;
- revTests->cert_rev_method_independent_flags |=
- revMethodsData[i].testFlags;
- if (revMethodsData[i].methodType == REVCONFIG_METHOD_CRL) {
- revFlags[cert_revocation_method_crl] =
- revMethodsData[i].methodFlags;
- } else if (revMethodsData[i].methodType == REVCONFIG_METHOD_OCSP) {
- revFlags[cert_revocation_method_ocsp] =
- revMethodsData[i].methodFlags;
- }
- }
- return SECSuccess;
+ revTests->number_of_defined_methods = cert_revocation_method_count;
+ revTests->cert_rev_method_independent_flags |=
+ revMethodsData[i].testFlags;
+ if (revMethodsData[i].methodType == REVCONFIG_METHOD_CRL) {
+ revFlags[cert_revocation_method_crl] =
+ revMethodsData[i].methodFlags;
+ } else if (revMethodsData[i].methodType == REVCONFIG_METHOD_OCSP) {
+ revFlags[cert_revocation_method_ocsp] =
+ revMethodsData[i].methodFlags;
+ }
+ }
+ return SECSuccess;
}
void
freeRevocationMethodData()
{
int i = 0;
- for(;i < REV_METHOD_INDEX_MAX;i++) {
+ for (; i < REV_METHOD_INDEX_MAX; i++) {
if (revMethodsData[i].testTypeStr) {
PORT_Free(revMethodsData[i].testTypeStr);
}
@@ -392,7 +389,7 @@ isOCSPEnabled()
{
int i;
- for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
+ for (i = 0; i < REV_METHOD_INDEX_MAX; i++) {
if (revMethodsData[i].methodType == REVCONFIG_METHOD_OCSP) {
return PR_TRUE;
}
@@ -403,123 +400,158 @@ isOCSPEnabled()
int
main(int argc, char *argv[], char *envp[])
{
- char * certDir = NULL;
- char * progName = NULL;
- char * oidStr = NULL;
- CERTCertificate * cert;
- CERTCertificate * firstCert = NULL;
- CERTCertificate * issuerCert = NULL;
- CERTCertDBHandle * defaultDB = NULL;
- PRBool isAscii = PR_FALSE;
- PRBool trusted = PR_FALSE;
- SECStatus secStatus;
- SECCertificateUsage certUsage = certificateUsageSSLServer;
- PLOptState * optstate;
- PRTime time = 0;
- PLOptStatus status;
- int usePkix = 0;
- int rv = 1;
- int usage;
- CERTVerifyLog log;
- CERTCertList *builtChain = NULL;
- PRBool certFetching = PR_FALSE;
- int revDataIndex = 0;
- PRBool ocsp_fetchingFailureIsAFailure = PR_TRUE;
- PRBool useDefaultRevFlags = PR_TRUE;
- PRBool onlyTrustAnchors = PR_TRUE;
- int vfyCounts = 1;
-
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+ char *certDir = NULL;
+ char *progName = NULL;
+ char *oidStr = NULL;
+ CERTCertificate *cert;
+ CERTCertificate *firstCert = NULL;
+ CERTCertificate *issuerCert = NULL;
+ CERTCertDBHandle *defaultDB = NULL;
+ PRBool isAscii = PR_FALSE;
+ PRBool trusted = PR_FALSE;
+ SECStatus secStatus;
+ SECCertificateUsage certUsage = certificateUsageSSLServer;
+ PLOptState *optstate;
+ PRTime time = 0;
+ PLOptStatus status;
+ int usePkix = 0;
+ int rv = 1;
+ int usage;
+ CERTVerifyLog log;
+ CERTCertList *builtChain = NULL;
+ PRBool certFetching = PR_FALSE;
+ int revDataIndex = 0;
+ PRBool ocsp_fetchingFailureIsAFailure = PR_TRUE;
+ PRBool useDefaultRevFlags = PR_TRUE;
+ PRBool onlyTrustAnchors = PR_TRUE;
+ int vfyCounts = 1;
+
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
progName = PL_strdup(argv[0]);
optstate = PL_CreateOptState(argc, argv, "ab:c:d:efg:h:i:m:o:prs:tTu:vw:W:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch(optstate->option) {
- case 0 : /* positional parameter */ goto breakout;
- case 'a' : isAscii = PR_TRUE; break;
- case 'b' : secStatus = DER_AsciiToTime(&time, optstate->value);
- if (secStatus != SECSuccess) Usage(progName); break;
- case 'd' : certDir = PL_strdup(optstate->value); break;
- case 'e' : ocsp_fetchingFailureIsAFailure = PR_FALSE; break;
- case 'f' : certFetching = PR_TRUE; break;
- case 'g' :
- if (revMethodsData[revDataIndex].testTypeStr ||
- revMethodsData[revDataIndex].methodTypeStr) {
- revDataIndex += 1;
- if (revDataIndex == REV_METHOD_INDEX_MAX) {
- fprintf(stderr, "Invalid revocation configuration"
- "specified.\n");
- secStatus = SECFailure;
- break;
- }
- }
- useDefaultRevFlags = PR_FALSE;
- revMethodsData[revDataIndex].
- testTypeStr = PL_strdup(optstate->value); break;
- case 'h' :
- revMethodsData[revDataIndex].
- testFlagsStr = PL_strdup(optstate->value);break;
- case 'i' : vfyCounts = PORT_Atoi(optstate->value); break;
- break;
- case 'm' :
- if (revMethodsData[revDataIndex].methodTypeStr) {
- revDataIndex += 1;
- if (revDataIndex == REV_METHOD_INDEX_MAX) {
- fprintf(stderr, "Invalid revocation configuration"
- "specified.\n");
- secStatus = SECFailure;
- break;
- }
- }
- useDefaultRevFlags = PR_FALSE;
- revMethodsData[revDataIndex].
- methodTypeStr = PL_strdup(optstate->value); break;
- case 'o' : oidStr = PL_strdup(optstate->value); break;
- case 'p' : usePkix += 1; break;
- case 'r' : isAscii = PR_FALSE; break;
- case 's' :
- revMethodsData[revDataIndex].
- methodFlagsStr = PL_strdup(optstate->value); break;
- case 't' : trusted = PR_TRUE; break;
- case 'T' : onlyTrustAnchors = PR_FALSE; break;
- case 'u' : usage = PORT_Atoi(optstate->value);
- if (usage < 0 || usage > 62) Usage(progName);
- certUsage = ((SECCertificateUsage)1) << usage;
- if (certUsage > certificateUsageHighest) Usage(progName);
- break;
- case 'w':
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = PORT_Strdup(optstate->value);
- break;
-
- case 'W':
- pwdata.source = PW_FROMFILE;
- pwdata.data = PORT_Strdup(optstate->value);
- break;
- case 'v' : verbose++; break;
- default : Usage(progName); break;
- }
+ switch (optstate->option) {
+ case 0: /* positional parameter */
+ goto breakout;
+ case 'a':
+ isAscii = PR_TRUE;
+ break;
+ case 'b':
+ secStatus = DER_AsciiToTime(&time, optstate->value);
+ if (secStatus != SECSuccess)
+ Usage(progName);
+ break;
+ case 'd':
+ certDir = PL_strdup(optstate->value);
+ break;
+ case 'e':
+ ocsp_fetchingFailureIsAFailure = PR_FALSE;
+ break;
+ case 'f':
+ certFetching = PR_TRUE;
+ break;
+ case 'g':
+ if (revMethodsData[revDataIndex].testTypeStr ||
+ revMethodsData[revDataIndex].methodTypeStr) {
+ revDataIndex += 1;
+ if (revDataIndex == REV_METHOD_INDEX_MAX) {
+ fprintf(stderr, "Invalid revocation configuration"
+ "specified.\n");
+ secStatus = SECFailure;
+ break;
+ }
+ }
+ useDefaultRevFlags = PR_FALSE;
+ revMethodsData[revDataIndex].testTypeStr =
+ PL_strdup(optstate->value);
+ break;
+ case 'h':
+ revMethodsData[revDataIndex].testFlagsStr =
+ PL_strdup(optstate->value);
+ break;
+ case 'i':
+ vfyCounts = PORT_Atoi(optstate->value);
+ break;
+ break;
+ case 'm':
+ if (revMethodsData[revDataIndex].methodTypeStr) {
+ revDataIndex += 1;
+ if (revDataIndex == REV_METHOD_INDEX_MAX) {
+ fprintf(stderr, "Invalid revocation configuration"
+ "specified.\n");
+ secStatus = SECFailure;
+ break;
+ }
+ }
+ useDefaultRevFlags = PR_FALSE;
+ revMethodsData[revDataIndex].methodTypeStr =
+ PL_strdup(optstate->value);
+ break;
+ case 'o':
+ oidStr = PL_strdup(optstate->value);
+ break;
+ case 'p':
+ usePkix += 1;
+ break;
+ case 'r':
+ isAscii = PR_FALSE;
+ break;
+ case 's':
+ revMethodsData[revDataIndex].methodFlagsStr =
+ PL_strdup(optstate->value);
+ break;
+ case 't':
+ trusted = PR_TRUE;
+ break;
+ case 'T':
+ onlyTrustAnchors = PR_FALSE;
+ break;
+ case 'u':
+ usage = PORT_Atoi(optstate->value);
+ if (usage < 0 || usage > 62)
+ Usage(progName);
+ certUsage = ((SECCertificateUsage)1) << usage;
+ if (certUsage > certificateUsageHighest)
+ Usage(progName);
+ break;
+ case 'w':
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
+
+ case 'W':
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
+ case 'v':
+ verbose++;
+ break;
+ default:
+ Usage(progName);
+ break;
+ }
}
breakout:
if (status != PL_OPT_OK)
- Usage(progName);
+ Usage(progName);
if (usePkix < 2) {
if (oidStr) {
fprintf(stderr, "Policy oid(-o) can be used only with"
- " CERT_PKIXVerifyCert(-pp) function.\n");
+ " CERT_PKIXVerifyCert(-pp) function.\n");
Usage(progName);
}
if (trusted) {
fprintf(stderr, "Cert trust flag can be used only with"
- " CERT_PKIXVerifyCert(-pp) function.\n");
+ " CERT_PKIXVerifyCert(-pp) function.\n");
Usage(progName);
}
if (!onlyTrustAnchors) {
fprintf(stderr, "Cert trust anchor exclusiveness can be"
- " used only with CERT_PKIXVerifyCert(-pp)"
- " function.\n");
+ " used only with CERT_PKIXVerifyCert(-pp)"
+ " function.\n");
}
}
@@ -533,15 +565,15 @@ breakout:
/* Initialize the NSS libraries. */
if (certDir) {
- secStatus = NSS_Init(certDir);
+ secStatus = NSS_Init(certDir);
} else {
- secStatus = NSS_NoDB_Init(NULL);
+ secStatus = NSS_NoDB_Init(NULL);
- /* load the builtins */
- SECMOD_AddNewModule("Builtins", DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0);
+ /* load the builtins */
+ SECMOD_AddNewModule("Builtins", DLL_PREFIX "nssckbi." DLL_SUFFIX, 0, 0);
}
if (secStatus != SECSuccess) {
- exitErr("NSS_Init");
+ exitErr("NSS_Init");
}
SECU_RegisterDynamicOids();
if (isOCSPEnabled()) {
@@ -553,30 +585,38 @@ breakout:
}
while (status == PL_OPT_OK) {
- switch(optstate->option) {
- default : Usage(progName); break;
- case 'a' : isAscii = PR_TRUE; break;
- case 'r' : isAscii = PR_FALSE; break;
- case 't' : trusted = PR_TRUE; break;
- case 0 : /* positional parameter */
- if (usePkix < 2 && trusted) {
- fprintf(stderr, "Cert trust flag can be used only with"
- " CERT_PKIXVerifyCert(-pp) function.\n");
+ switch (optstate->option) {
+ default:
Usage(progName);
- }
- cert = getCert(optstate->value, isAscii, progName);
- if (!cert)
- goto punt;
- rememberCert(cert, trusted);
- if (!firstCert)
- firstCert = cert;
- trusted = PR_FALSE;
- }
+ break;
+ case 'a':
+ isAscii = PR_TRUE;
+ break;
+ case 'r':
+ isAscii = PR_FALSE;
+ break;
+ case 't':
+ trusted = PR_TRUE;
+ break;
+ case 0: /* positional parameter */
+ if (usePkix < 2 && trusted) {
+ fprintf(stderr, "Cert trust flag can be used only with"
+ " CERT_PKIXVerifyCert(-pp) function.\n");
+ Usage(progName);
+ }
+ cert = getCert(optstate->value, isAscii, progName);
+ if (!cert)
+ goto punt;
+ rememberCert(cert, trusted);
+ if (!firstCert)
+ firstCert = cert;
+ trusted = PR_FALSE;
+ }
status = PL_GetNextOpt(optstate);
}
PL_DestroyOptState(optstate);
if (status == PL_OPT_BAD || !firstCert)
- Usage(progName);
+ Usage(progName);
/* Initialize log structure */
log.arena = PORT_NewArena(512);
@@ -594,14 +634,15 @@ breakout:
time = PR_Now();
defaultDB = CERT_GetDefaultCertDB();
- secStatus = CERT_VerifyCertificate(defaultDB, firstCert,
+ secStatus = CERT_VerifyCertificate(defaultDB, firstCert,
PR_TRUE /* check sig */,
- certUsage,
+ certUsage,
time,
&pwdata, /* wincx */
- &log, /* error log */
- NULL);/* returned usages */
- } else do {
+ &log, /* error log */
+ NULL); /* returned usages */
+ } else
+ do {
static CERTValOutParam cvout[4];
static CERTValInParam cvin[7];
SECOidTag oidTag;
@@ -609,7 +650,7 @@ breakout:
static PRUint64 revFlagsLeaf[2];
static PRUint64 revFlagsChain[2];
static CERTRevocationFlags rev;
-
+
if (oidStr) {
PLArenaPool *arena;
SECOidData od;
@@ -620,11 +661,11 @@ breakout:
od.supportedExtension = INVALID_CERT_EXTENSION;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
+ if (!arena) {
fprintf(stderr, "out of memory");
goto punt;
}
-
+
secStatus = SEC_StringToOID(arena, &od.oid, oidStr, 0);
if (secStatus != SECSuccess) {
PORT_FreeArena(arena, PR_FALSE);
@@ -632,34 +673,35 @@ breakout:
SECU_Strerror(PORT_GetError()));
break;
}
-
+
oidTag = SECOID_AddEntry(&od);
PORT_FreeArena(arena, PR_FALSE);
if (oidTag == SEC_OID_UNKNOWN) {
fprintf(stderr, "Can not add new oid to the dynamic "
- "table: %s\n", oidStr);
+ "table: %s\n",
+ oidStr);
secStatus = SECFailure;
break;
}
-
+
cvin[inParamIndex].type = cert_pi_policyOID;
cvin[inParamIndex].value.arraySize = 1;
cvin[inParamIndex].value.array.oids = &oidTag;
-
+
inParamIndex++;
}
-
+
if (trustedCertList) {
cvin[inParamIndex].type = cert_pi_trustAnchors;
cvin[inParamIndex].value.pointer.chain = trustedCertList;
-
+
inParamIndex++;
}
-
+
cvin[inParamIndex].type = cert_pi_useAIACertFetch;
cvin[inParamIndex].value.scalar.b = certFetching;
inParamIndex++;
-
+
rev.leafTests.cert_rev_flags_per_method = revFlagsLeaf;
rev.chainTests.cert_rev_flags_per_method = revFlagsChain;
secStatus = configureRevocationParams(&rev);
@@ -667,11 +709,11 @@ breakout:
fprintf(stderr, "Can not config revocation parameters ");
break;
}
-
+
cvin[inParamIndex].type = cert_pi_revocationFlags;
cvin[inParamIndex].value.pointer.revocation = &rev;
inParamIndex++;
-
+
if (time) {
cvin[inParamIndex].type = cert_pi_date;
cvin[inParamIndex].value.scalar.time = time;
@@ -683,21 +725,21 @@ breakout:
cvin[inParamIndex].value.scalar.b = onlyTrustAnchors;
inParamIndex++;
}
-
+
cvin[inParamIndex].type = cert_pi_end;
-
+
cvout[0].type = cert_po_trustAnchor;
cvout[0].value.pointer.cert = NULL;
cvout[1].type = cert_po_certList;
cvout[1].value.pointer.chain = NULL;
-
+
/* setting pointer to CERTVerifyLog. Initialized structure
* will be used CERT_PKIXVerifyCert */
cvout[2].type = cert_po_errorLog;
cvout[2].value.pointer.log = &log;
-
+
cvout[3].type = cert_po_end;
-
+
secStatus = CERT_PKIXVerifyCert(firstCert, certUsage,
cvin, cvout, &pwdata);
if (secStatus != SECSuccess) {
@@ -706,13 +748,13 @@ breakout:
issuerCert = cvout[0].value.pointer.cert;
builtChain = cvout[1].value.pointer.chain;
} while (0);
-
+
/* Display validation results */
if (secStatus != SECSuccess || log.count > 0) {
CERTVerifyLogNode *node = NULL;
fprintf(stderr, "Chain is bad!\n");
-
- SECU_displayVerifyLog(stderr, &log, verbose);
+
+ SECU_displayVerifyLog(stderr, &log, verbose);
/* Have cert refs in the log only in case of failure.
* Destroy them. */
for (node = log.head; node; node = node->next) {
@@ -733,7 +775,8 @@ breakout:
}
} else if (verbose > 0) {
SECU_PrintName(stdout, &issuerCert->subject, "Root "
- "Certificate Subject:", 0);
+ "Certificate Subject:",
+ 0);
}
CERT_DestroyCertificate(issuerCert);
}
@@ -741,10 +784,10 @@ breakout:
CERTCertListNode *node;
int count = 0;
char buff[256];
-
- if (verbose) {
- for(node = CERT_LIST_HEAD(builtChain); !CERT_LIST_END(node, builtChain);
- node = CERT_LIST_NEXT(node), count++ ) {
+
+ if (verbose) {
+ for (node = CERT_LIST_HEAD(builtChain); !CERT_LIST_END(node, builtChain);
+ node = CERT_LIST_NEXT(node), count++) {
sprintf(buff, "Certificate %d Subject", count + 1);
SECU_PrintName(stdout, &node->cert->subject, buff, 0);
}
@@ -761,8 +804,8 @@ breakout:
punt:
forgetCerts();
if (NSS_Shutdown() != SECSuccess) {
- SECU_PrintError(progName, "NSS_Shutdown");
- rv = 1;
+ SECU_PrintError(progName, "NSS_Shutdown");
+ rv = 1;
}
PORT_Free(progName);
PORT_Free(certDir);
diff --git a/cmd/vfyserv/vfyserv.c b/cmd/vfyserv/vfyserv.c
index 3dd255274..aa648ad8c 100644
--- a/cmd/vfyserv/vfyserv.c
+++ b/cmd/vfyserv/vfyserv.c
@@ -8,7 +8,7 @@
* *
* This code was modified from the SSLSample code also kept in the NSS *
* directory. *
- ****************************************************************************/
+ ****************************************************************************/
#include <stdio.h>
#include <string.h>
@@ -23,7 +23,6 @@
#include "secmod.h"
#include "secitem.h"
-
#include <stdlib.h>
#include <errno.h>
#include <fcntl.h>
@@ -47,7 +46,7 @@ extern int numSSL3CipherSuites;
GlobalThreadMgr threadMGR;
char *certNickname = NULL;
char *hostName = NULL;
-secuPWData pwdata = { PW_NONE, 0 };
+secuPWData pwdata = { PW_NONE, 0 };
unsigned short port = 0;
PRBool dumpChain;
@@ -59,183 +58,180 @@ Usage(const char *progName)
pr_stderr = PR_STDERR;
PR_fprintf(pr_stderr, "Usage:\n"
- " %s [-c ] [-o] [-p port] [-d dbdir] [-w password] [-f pwfile]\n"
- " \t\t[-C cipher(s)] [-l <url> -t <nickname> ] hostname",
+ " %s [-c ] [-o] [-p port] [-d dbdir] [-w password] [-f pwfile]\n"
+ " \t\t[-C cipher(s)] [-l <url> -t <nickname> ] hostname",
progName);
- PR_fprintf (pr_stderr, "\nWhere:\n");
- PR_fprintf (pr_stderr,
- " %-13s dump server cert chain into files\n",
- "-c");
- PR_fprintf (pr_stderr,
- " %-13s perform server cert OCSP check\n",
- "-o");
- PR_fprintf (pr_stderr,
- " %-13s server port to be used\n",
- "-p");
- PR_fprintf (pr_stderr,
- " %-13s use security databases in \"dbdir\"\n",
- "-d dbdir");
- PR_fprintf (pr_stderr,
- " %-13s key database password\n",
- "-w password");
- PR_fprintf (pr_stderr,
- " %-13s token password file\n",
- "-f pwfile");
- PR_fprintf (pr_stderr,
- " %-13s communication cipher list\n",
- "-C cipher(s)");
- PR_fprintf (pr_stderr,
- " %-13s OCSP responder location. This location is used to\n"
- " %-13s check status of a server certificate. If not \n"
- " %-13s specified, location will be taken from the AIA\n"
- " %-13s server certificate extension.\n",
- "-l url", "", "", "");
- PR_fprintf (pr_stderr,
- " %-13s OCSP Trusted Responder Cert nickname\n\n",
- "-t nickname");
-
- exit(1);
+ PR_fprintf(pr_stderr, "\nWhere:\n");
+ PR_fprintf(pr_stderr,
+ " %-13s dump server cert chain into files\n",
+ "-c");
+ PR_fprintf(pr_stderr,
+ " %-13s perform server cert OCSP check\n",
+ "-o");
+ PR_fprintf(pr_stderr,
+ " %-13s server port to be used\n",
+ "-p");
+ PR_fprintf(pr_stderr,
+ " %-13s use security databases in \"dbdir\"\n",
+ "-d dbdir");
+ PR_fprintf(pr_stderr,
+ " %-13s key database password\n",
+ "-w password");
+ PR_fprintf(pr_stderr,
+ " %-13s token password file\n",
+ "-f pwfile");
+ PR_fprintf(pr_stderr,
+ " %-13s communication cipher list\n",
+ "-C cipher(s)");
+ PR_fprintf(pr_stderr,
+ " %-13s OCSP responder location. This location is used to\n"
+ " %-13s check status of a server certificate. If not \n"
+ " %-13s specified, location will be taken from the AIA\n"
+ " %-13s server certificate extension.\n",
+ "-l url", "", "", "");
+ PR_fprintf(pr_stderr,
+ " %-13s OCSP Trusted Responder Cert nickname\n\n",
+ "-t nickname");
+
+ exit(1);
}
PRFileDesc *
setupSSLSocket(PRNetAddr *addr)
{
- PRFileDesc *tcpSocket;
- PRFileDesc *sslSocket;
- PRSocketOptionData socketOption;
- PRStatus prStatus;
- SECStatus secStatus;
-
-
- tcpSocket = PR_NewTCPSocket();
- if (tcpSocket == NULL) {
- errWarn("PR_NewTCPSocket");
- }
-
- /* Make the socket blocking. */
- socketOption.option = PR_SockOpt_Nonblocking;
- socketOption.value.non_blocking = PR_FALSE;
-
- prStatus = PR_SetSocketOption(tcpSocket, &socketOption);
- if (prStatus != PR_SUCCESS) {
- errWarn("PR_SetSocketOption");
- goto loser;
- }
-
-
- /* Import the socket into the SSL layer. */
- sslSocket = SSL_ImportFD(NULL, tcpSocket);
- if (!sslSocket) {
- errWarn("SSL_ImportFD");
- goto loser;
- }
-
- /* Set configuration options. */
- secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
- if (secStatus != SECSuccess) {
- errWarn("SSL_OptionSet:SSL_SECURITY");
- goto loser;
- }
-
- secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
- if (secStatus != SECSuccess) {
- errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT");
- goto loser;
- }
-
- /* Set SSL callback routines. */
- secStatus = SSL_GetClientAuthDataHook(sslSocket,
- (SSLGetClientAuthData)myGetClientAuthData,
- (void *)certNickname);
- if (secStatus != SECSuccess) {
- errWarn("SSL_GetClientAuthDataHook");
- goto loser;
- }
-
- secStatus = SSL_AuthCertificateHook(sslSocket,
- (SSLAuthCertificate)myAuthCertificate,
- (void *)CERT_GetDefaultCertDB());
- if (secStatus != SECSuccess) {
- errWarn("SSL_AuthCertificateHook");
- goto loser;
- }
-
- secStatus = SSL_BadCertHook(sslSocket,
- (SSLBadCertHandler)myBadCertHandler, NULL);
- if (secStatus != SECSuccess) {
- errWarn("SSL_BadCertHook");
- goto loser;
- }
-
- secStatus = SSL_HandshakeCallback(sslSocket,
- myHandshakeCallback,
- NULL);
- if (secStatus != SECSuccess) {
- errWarn("SSL_HandshakeCallback");
- goto loser;
- }
-
- return sslSocket;
+ PRFileDesc *tcpSocket;
+ PRFileDesc *sslSocket;
+ PRSocketOptionData socketOption;
+ PRStatus prStatus;
+ SECStatus secStatus;
+
+ tcpSocket = PR_NewTCPSocket();
+ if (tcpSocket == NULL) {
+ errWarn("PR_NewTCPSocket");
+ }
+
+ /* Make the socket blocking. */
+ socketOption.option = PR_SockOpt_Nonblocking;
+ socketOption.value.non_blocking = PR_FALSE;
+
+ prStatus = PR_SetSocketOption(tcpSocket, &socketOption);
+ if (prStatus != PR_SUCCESS) {
+ errWarn("PR_SetSocketOption");
+ goto loser;
+ }
+
+ /* Import the socket into the SSL layer. */
+ sslSocket = SSL_ImportFD(NULL, tcpSocket);
+ if (!sslSocket) {
+ errWarn("SSL_ImportFD");
+ goto loser;
+ }
+
+ /* Set configuration options. */
+ secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
+ if (secStatus != SECSuccess) {
+ errWarn("SSL_OptionSet:SSL_SECURITY");
+ goto loser;
+ }
+
+ secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
+ if (secStatus != SECSuccess) {
+ errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT");
+ goto loser;
+ }
+
+ /* Set SSL callback routines. */
+ secStatus = SSL_GetClientAuthDataHook(sslSocket,
+ (SSLGetClientAuthData)myGetClientAuthData,
+ (void *)certNickname);
+ if (secStatus != SECSuccess) {
+ errWarn("SSL_GetClientAuthDataHook");
+ goto loser;
+ }
+
+ secStatus = SSL_AuthCertificateHook(sslSocket,
+ (SSLAuthCertificate)myAuthCertificate,
+ (void *)CERT_GetDefaultCertDB());
+ if (secStatus != SECSuccess) {
+ errWarn("SSL_AuthCertificateHook");
+ goto loser;
+ }
+
+ secStatus = SSL_BadCertHook(sslSocket,
+ (SSLBadCertHandler)myBadCertHandler, NULL);
+ if (secStatus != SECSuccess) {
+ errWarn("SSL_BadCertHook");
+ goto loser;
+ }
+
+ secStatus = SSL_HandshakeCallback(sslSocket,
+ myHandshakeCallback,
+ NULL);
+ if (secStatus != SECSuccess) {
+ errWarn("SSL_HandshakeCallback");
+ goto loser;
+ }
+
+ return sslSocket;
loser:
- PR_Close(tcpSocket);
- return NULL;
+ PR_Close(tcpSocket);
+ return NULL;
}
-
-const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" };
+const char requestString[] = { "GET /testfile HTTP/1.0\r\n\r\n" };
SECStatus
handle_connection(PRFileDesc *sslSocket, int connection)
{
- int countRead = 0;
- PRInt32 numBytes;
- char *readBuffer;
-
- readBuffer = PORT_Alloc(RD_BUF_SIZE);
- if (!readBuffer) {
- exitErr("PORT_Alloc");
- }
-
- /* compose the http request here. */
-
- numBytes = PR_Write(sslSocket, requestString, strlen(requestString));
- if (numBytes <= 0) {
- errWarn("PR_Write");
- PR_Free(readBuffer);
- readBuffer = NULL;
- return SECFailure;
- }
-
- /* read until EOF */
- while (PR_TRUE) {
- numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE);
- if (numBytes == 0) {
- break; /* EOF */
- }
- if (numBytes < 0) {
- errWarn("PR_Read");
- break;
- }
- countRead += numBytes;
- }
-
- printSecurityInfo(stderr, sslSocket);
-
- PR_Free(readBuffer);
- readBuffer = NULL;
-
- /* Caller closes the socket. */
-
- fprintf(stderr,
- "***** Connection %d read %d bytes total.\n",
- connection, countRead);
-
- return SECSuccess; /* success */
+ int countRead = 0;
+ PRInt32 numBytes;
+ char *readBuffer;
+
+ readBuffer = PORT_Alloc(RD_BUF_SIZE);
+ if (!readBuffer) {
+ exitErr("PORT_Alloc");
+ }
+
+ /* compose the http request here. */
+
+ numBytes = PR_Write(sslSocket, requestString, strlen(requestString));
+ if (numBytes <= 0) {
+ errWarn("PR_Write");
+ PR_Free(readBuffer);
+ readBuffer = NULL;
+ return SECFailure;
+ }
+
+ /* read until EOF */
+ while (PR_TRUE) {
+ numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE);
+ if (numBytes == 0) {
+ break; /* EOF */
+ }
+ if (numBytes < 0) {
+ errWarn("PR_Read");
+ break;
+ }
+ countRead += numBytes;
+ }
+
+ printSecurityInfo(stderr, sslSocket);
+
+ PR_Free(readBuffer);
+ readBuffer = NULL;
+
+ /* Caller closes the socket. */
+
+ fprintf(stderr,
+ "***** Connection %d read %d bytes total.\n",
+ connection, countRead);
+
+ return SECSuccess; /* success */
}
-#define BYTE(n,i) (((i)>>((n)*8))&0xff)
+#define BYTE(n, i) (((i) >> ((n)*8)) & 0xff)
/* one copy of this function is launched in a separate thread for each
** connection to be made.
@@ -243,318 +239,334 @@ handle_connection(PRFileDesc *sslSocket, int connection)
SECStatus
do_connects(void *a, int connection)
{
- PRNetAddr *addr = (PRNetAddr *)a;
- PRFileDesc *sslSocket;
- PRHostEnt hostEntry;
- char buffer[PR_NETDB_BUF_SIZE];
- PRStatus prStatus;
- PRIntn hostenum;
- PRInt32 ip;
- SECStatus secStatus;
-
- /* Set up SSL secure socket. */
- sslSocket = setupSSLSocket(addr);
- if (sslSocket == NULL) {
- errWarn("setupSSLSocket");
- return SECFailure;
- }
-
- secStatus = SSL_SetPKCS11PinArg(sslSocket, &pwdata);
- if (secStatus != SECSuccess) {
- errWarn("SSL_SetPKCS11PinArg");
- return secStatus;
- }
-
- secStatus = SSL_SetURL(sslSocket, hostName);
- if (secStatus != SECSuccess) {
- errWarn("SSL_SetURL");
- return secStatus;
- }
-
- /* Prepare and setup network connection. */
- prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
- if (prStatus != PR_SUCCESS) {
- errWarn("PR_GetHostByName");
- return SECFailure;
- }
-
- hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr);
- if (hostenum == -1) {
- errWarn("PR_EnumerateHostEnt");
- return SECFailure;
- }
-
- ip = PR_ntohl(addr->inet.ip);
- fprintf(stderr,
- "Connecting to host %s (addr %d.%d.%d.%d) on port %d\n",
- hostName, BYTE(3,ip), BYTE(2,ip), BYTE(1,ip),
- BYTE(0,ip), PR_ntohs(addr->inet.port));
-
- prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT);
- if (prStatus != PR_SUCCESS) {
- errWarn("PR_Connect");
- return SECFailure;
- }
-
- /* Established SSL connection, ready to send data. */
+ PRNetAddr *addr = (PRNetAddr *)a;
+ PRFileDesc *sslSocket;
+ PRHostEnt hostEntry;
+ char buffer[PR_NETDB_BUF_SIZE];
+ PRStatus prStatus;
+ PRIntn hostenum;
+ PRInt32 ip;
+ SECStatus secStatus;
+
+ /* Set up SSL secure socket. */
+ sslSocket = setupSSLSocket(addr);
+ if (sslSocket == NULL) {
+ errWarn("setupSSLSocket");
+ return SECFailure;
+ }
+
+ secStatus = SSL_SetPKCS11PinArg(sslSocket, &pwdata);
+ if (secStatus != SECSuccess) {
+ errWarn("SSL_SetPKCS11PinArg");
+ return secStatus;
+ }
+
+ secStatus = SSL_SetURL(sslSocket, hostName);
+ if (secStatus != SECSuccess) {
+ errWarn("SSL_SetURL");
+ return secStatus;
+ }
+
+ /* Prepare and setup network connection. */
+ prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
+ if (prStatus != PR_SUCCESS) {
+ errWarn("PR_GetHostByName");
+ return SECFailure;
+ }
+
+ hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr);
+ if (hostenum == -1) {
+ errWarn("PR_EnumerateHostEnt");
+ return SECFailure;
+ }
+
+ ip = PR_ntohl(addr->inet.ip);
+ fprintf(stderr,
+ "Connecting to host %s (addr %d.%d.%d.%d) on port %d\n",
+ hostName, BYTE(3, ip), BYTE(2, ip), BYTE(1, ip),
+ BYTE(0, ip), PR_ntohs(addr->inet.port));
+
+ prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT);
+ if (prStatus != PR_SUCCESS) {
+ errWarn("PR_Connect");
+ return SECFailure;
+ }
+
+/* Established SSL connection, ready to send data. */
#if 0
- secStatus = SSL_ForceHandshake(sslSocket);
- if (secStatus != SECSuccess) {
- errWarn("SSL_ForceHandshake");
- return secStatus;
- }
+ secStatus = SSL_ForceHandshake(sslSocket);
+ if (secStatus != SECSuccess) {
+ errWarn("SSL_ForceHandshake");
+ return secStatus;
+ }
#endif
- secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE);
- if (secStatus != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- prStatus = PR_Close(sslSocket);
- if (prStatus != PR_SUCCESS) {
- errWarn("PR_Close");
- }
- return secStatus;
- }
-
- secStatus = handle_connection(sslSocket, connection);
- if (secStatus != SECSuccess) {
- /* error already printed out in handle_connection */
- /* errWarn("handle_connection"); */
- prStatus = PR_Close(sslSocket);
- if (prStatus != PR_SUCCESS) {
- errWarn("PR_Close");
- }
- return secStatus;
- }
-
- PR_Close(sslSocket);
- return SECSuccess;
+ secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE);
+ if (secStatus != SECSuccess) {
+ errWarn("SSL_ResetHandshake");
+ prStatus = PR_Close(sslSocket);
+ if (prStatus != PR_SUCCESS) {
+ errWarn("PR_Close");
+ }
+ return secStatus;
+ }
+
+ secStatus = handle_connection(sslSocket, connection);
+ if (secStatus != SECSuccess) {
+ /* error already printed out in handle_connection */
+ /* errWarn("handle_connection"); */
+ prStatus = PR_Close(sslSocket);
+ if (prStatus != PR_SUCCESS) {
+ errWarn("PR_Close");
+ }
+ return secStatus;
+ }
+
+ PR_Close(sslSocket);
+ return SECSuccess;
}
void
-client_main(unsigned short port,
- int connections,
- const char * hostName)
+client_main(unsigned short port,
+ int connections,
+ const char *hostName)
{
- int i;
- SECStatus secStatus;
- PRStatus prStatus;
- PRInt32 rv;
- PRNetAddr addr;
- PRHostEnt hostEntry;
- char buffer[PR_NETDB_BUF_SIZE];
-
- /* Setup network connection. */
- prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
- if (prStatus != PR_SUCCESS) {
- exitErr("PR_GetHostByName");
- }
-
- rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr);
- if (rv < 0) {
- exitErr("PR_EnumerateHostEnt");
- }
-
- secStatus = launch_thread(&threadMGR, do_connects, &addr, 1);
- if (secStatus != SECSuccess) {
- exitErr("launch_thread");
- }
-
- if (connections > 1) {
- /* wait for the first connection to terminate, then launch the rest. */
- reap_threads(&threadMGR);
- /* Start up the connections */
- for (i = 2; i <= connections; ++i) {
- secStatus = launch_thread(&threadMGR, do_connects, &addr, i);
- if (secStatus != SECSuccess) {
- errWarn("launch_thread");
- }
- }
- }
-
- reap_threads(&threadMGR);
- destroy_thread_data(&threadMGR);
+ int i;
+ SECStatus secStatus;
+ PRStatus prStatus;
+ PRInt32 rv;
+ PRNetAddr addr;
+ PRHostEnt hostEntry;
+ char buffer[PR_NETDB_BUF_SIZE];
+
+ /* Setup network connection. */
+ prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
+ if (prStatus != PR_SUCCESS) {
+ exitErr("PR_GetHostByName");
+ }
+
+ rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr);
+ if (rv < 0) {
+ exitErr("PR_EnumerateHostEnt");
+ }
+
+ secStatus = launch_thread(&threadMGR, do_connects, &addr, 1);
+ if (secStatus != SECSuccess) {
+ exitErr("launch_thread");
+ }
+
+ if (connections > 1) {
+ /* wait for the first connection to terminate, then launch the rest. */
+ reap_threads(&threadMGR);
+ /* Start up the connections */
+ for (i = 2; i <= connections; ++i) {
+ secStatus = launch_thread(&threadMGR, do_connects, &addr, i);
+ if (secStatus != SECSuccess) {
+ errWarn("launch_thread");
+ }
+ }
+ }
+
+ reap_threads(&threadMGR);
+ destroy_thread_data(&threadMGR);
}
-#define HEXCHAR_TO_INT(c, i) \
- if (((c) >= '0') && ((c) <= '9')) { \
- i = (c) - '0'; \
+#define HEXCHAR_TO_INT(c, i) \
+ if (((c) >= '0') && ((c) <= '9')) { \
+ i = (c) - '0'; \
} else if (((c) >= 'a') && ((c) <= 'f')) { \
- i = (c) - 'a' + 10; \
+ i = (c) - 'a' + 10; \
} else if (((c) >= 'A') && ((c) <= 'F')) { \
- i = (c) - 'A' + 10; \
- } else { \
- Usage(progName); \
+ i = (c) - 'A' + 10; \
+ } else { \
+ Usage(progName); \
}
int
main(int argc, char **argv)
{
- char * certDir = NULL;
- char * progName = NULL;
- int connections = 1;
- char * cipherString = NULL;
- char * respUrl = NULL;
- char * respCertName = NULL;
- SECStatus secStatus;
- PLOptState * optstate;
- PLOptStatus status;
- PRBool doOcspCheck = PR_FALSE;
-
- /* Call the NSPR initialization routines */
- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
- progName = PORT_Strdup(argv[0]);
-
- hostName = NULL;
- optstate = PL_CreateOptState(argc, argv, "C:cd:f:l:n:p:ot:w:");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch(optstate->option) {
- case 'C' : cipherString = PL_strdup(optstate->value); break;
- case 'c' : dumpChain = PR_TRUE; break;
- case 'd' : certDir = PL_strdup(optstate->value); break;
- case 'l' : respUrl = PL_strdup(optstate->value); break;
- case 'p' : port = PORT_Atoi(optstate->value); break;
- case 'o' : doOcspCheck = PR_TRUE; break;
- case 't' : respCertName = PL_strdup(optstate->value); break;
- case 'w':
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = PORT_Strdup(optstate->value);
- break;
-
- case 'f':
- pwdata.source = PW_FROMFILE;
- pwdata.data = PORT_Strdup(optstate->value);
- break;
- case '\0': hostName = PL_strdup(optstate->value); break;
- default : Usage(progName);
- }
- }
-
- if (port == 0) {
- port = 443;
- }
-
- if (port == 0 || hostName == NULL)
- Usage(progName);
-
- if (doOcspCheck &&
- ((respCertName != NULL && respUrl == NULL) ||
- (respUrl != NULL && respCertName == NULL))) {
- SECU_PrintError (progName, "options -l <url> and -t "
- "<responder> must be used together");
- Usage(progName);
+ char *certDir = NULL;
+ char *progName = NULL;
+ int connections = 1;
+ char *cipherString = NULL;
+ char *respUrl = NULL;
+ char *respCertName = NULL;
+ SECStatus secStatus;
+ PLOptState *optstate;
+ PLOptStatus status;
+ PRBool doOcspCheck = PR_FALSE;
+
+ /* Call the NSPR initialization routines */
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+ progName = PORT_Strdup(argv[0]);
+
+ hostName = NULL;
+ optstate = PL_CreateOptState(argc, argv, "C:cd:f:l:n:p:ot:w:");
+ while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+ switch (optstate->option) {
+ case 'C':
+ cipherString = PL_strdup(optstate->value);
+ break;
+ case 'c':
+ dumpChain = PR_TRUE;
+ break;
+ case 'd':
+ certDir = PL_strdup(optstate->value);
+ break;
+ case 'l':
+ respUrl = PL_strdup(optstate->value);
+ break;
+ case 'p':
+ port = PORT_Atoi(optstate->value);
+ break;
+ case 'o':
+ doOcspCheck = PR_TRUE;
+ break;
+ case 't':
+ respCertName = PL_strdup(optstate->value);
+ break;
+ case 'w':
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
+
+ case 'f':
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = PORT_Strdup(optstate->value);
+ break;
+ case '\0':
+ hostName = PL_strdup(optstate->value);
+ break;
+ default:
+ Usage(progName);
}
-
- PK11_SetPasswordFunc(SECU_GetModulePassword);
-
- /* Initialize the NSS libraries. */
- if (certDir) {
- secStatus = NSS_Init(certDir);
- } else {
- secStatus = NSS_NoDB_Init(NULL);
-
- /* load the builtins */
- SECMOD_AddNewModule("Builtins",
- DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0);
- }
- if (secStatus != SECSuccess) {
- exitErr("NSS_Init");
- }
- SECU_RegisterDynamicOids();
-
- if (doOcspCheck == PR_TRUE) {
- SECStatus rv;
- CERTCertDBHandle *handle = CERT_GetDefaultCertDB();
- if (handle == NULL) {
- SECU_PrintError (progName, "problem getting certdb handle");
+ }
+
+ if (port == 0) {
+ port = 443;
+ }
+
+ if (port == 0 || hostName == NULL)
+ Usage(progName);
+
+ if (doOcspCheck &&
+ ((respCertName != NULL && respUrl == NULL) ||
+ (respUrl != NULL && respCertName == NULL))) {
+ SECU_PrintError(progName, "options -l <url> and -t "
+ "<responder> must be used together");
+ Usage(progName);
+ }
+
+ PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+ /* Initialize the NSS libraries. */
+ if (certDir) {
+ secStatus = NSS_Init(certDir);
+ } else {
+ secStatus = NSS_NoDB_Init(NULL);
+
+ /* load the builtins */
+ SECMOD_AddNewModule("Builtins",
+ DLL_PREFIX "nssckbi." DLL_SUFFIX, 0, 0);
+ }
+ if (secStatus != SECSuccess) {
+ exitErr("NSS_Init");
+ }
+ SECU_RegisterDynamicOids();
+
+ if (doOcspCheck == PR_TRUE) {
+ SECStatus rv;
+ CERTCertDBHandle *handle = CERT_GetDefaultCertDB();
+ if (handle == NULL) {
+ SECU_PrintError(progName, "problem getting certdb handle");
+ goto cleanup;
+ }
+
+ rv = CERT_EnableOCSPChecking(handle);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "error enabling OCSP checking");
+ goto cleanup;
+ }
+
+ if (respUrl != NULL) {
+ rv = CERT_SetOCSPDefaultResponder(handle, respUrl,
+ respCertName);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName,
+ "error setting default responder");
goto cleanup;
}
-
- rv = CERT_EnableOCSPChecking (handle);
+
+ rv = CERT_EnableOCSPDefaultResponder(handle);
if (rv != SECSuccess) {
- SECU_PrintError (progName, "error enabling OCSP checking");
+ SECU_PrintError(progName,
+ "error enabling default responder");
goto cleanup;
}
+ }
+ }
- if (respUrl != NULL) {
- rv = CERT_SetOCSPDefaultResponder (handle, respUrl,
- respCertName);
- if (rv != SECSuccess) {
- SECU_PrintError (progName,
- "error setting default responder");
- goto cleanup;
- }
-
- rv = CERT_EnableOCSPDefaultResponder (handle);
- if (rv != SECSuccess) {
- SECU_PrintError (progName,
- "error enabling default responder");
- goto cleanup;
+ /* All cipher suites except RSA_NULL_MD5 are enabled by
+ * Domestic Policy. */
+ NSS_SetDomesticPolicy();
+ SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE);
+
+ /* all the SSL2 and SSL3 cipher suites are enabled by default. */
+ if (cipherString) {
+ int ndx;
+
+ /* disable all the ciphers, then enable the ones we want. */
+ disableAllSSLCiphers();
+
+ while (0 != (ndx = *cipherString++)) {
+ int cipher = 0;
+
+ if (ndx == ':') {
+ int ctmp = 0;
+
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= (ctmp << 12);
+ cipherString++;
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= (ctmp << 8);
+ cipherString++;
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= (ctmp << 4);
+ cipherString++;
+ HEXCHAR_TO_INT(*cipherString, ctmp)
+ cipher |= ctmp;
+ cipherString++;
+ } else {
+ if (!isalpha(ndx))
+ Usage(progName);
+ ndx = tolower(ndx) - 'a';
+ if (ndx < numSSL3CipherSuites) {
+ cipher = ssl3CipherSuites[ndx];
}
}
- }
-
- /* All cipher suites except RSA_NULL_MD5 are enabled by
- * Domestic Policy. */
- NSS_SetDomesticPolicy();
- SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE);
-
- /* all the SSL2 and SSL3 cipher suites are enabled by default. */
- if (cipherString) {
- int ndx;
-
- /* disable all the ciphers, then enable the ones we want. */
- disableAllSSLCiphers();
-
- while (0 != (ndx = *cipherString++)) {
- int cipher = 0;
-
- if (ndx == ':') {
- int ctmp = 0;
-
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= (ctmp << 12);
- cipherString++;
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= (ctmp << 8);
- cipherString++;
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= (ctmp << 4);
- cipherString++;
- HEXCHAR_TO_INT(*cipherString, ctmp)
- cipher |= ctmp;
- cipherString++;
- } else {
- if (! isalpha(ndx))
- Usage(progName);
- ndx = tolower(ndx) - 'a';
- if (ndx < numSSL3CipherSuites) {
- cipher = ssl3CipherSuites[ndx];
- }
- }
- if (cipher > 0) {
- SSL_CipherPrefSetDefault(cipher, PR_TRUE);
- } else {
- Usage(progName);
- }
- }
- }
-
- client_main(port, connections, hostName);
+ if (cipher > 0) {
+ SSL_CipherPrefSetDefault(cipher, PR_TRUE);
+ } else {
+ Usage(progName);
+ }
+ }
+ }
+
+ client_main(port, connections, hostName);
cleanup:
- if (doOcspCheck) {
- CERTCertDBHandle *handle = CERT_GetDefaultCertDB();
- CERT_DisableOCSPDefaultResponder(handle);
- CERT_DisableOCSPChecking (handle);
- }
+ if (doOcspCheck) {
+ CERTCertDBHandle *handle = CERT_GetDefaultCertDB();
+ CERT_DisableOCSPDefaultResponder(handle);
+ CERT_DisableOCSPChecking(handle);
+ }
- if (NSS_Shutdown() != SECSuccess) {
- exit(1);
- }
+ if (NSS_Shutdown() != SECSuccess) {
+ exit(1);
+ }
- PR_Cleanup();
- PORT_Free(progName);
- return 0;
+ PR_Cleanup();
+ PORT_Free(progName);
+ return 0;
}
-
diff --git a/cmd/vfyserv/vfyserv.h b/cmd/vfyserv/vfyserv.h
index a7a2067c1..00afc8049 100644
--- a/cmd/vfyserv/vfyserv.h
+++ b/cmd/vfyserv/vfyserv.h
@@ -42,16 +42,16 @@ extern int ssl3CipherSuites[];
/* Data buffer read from a socket. */
typedef struct DataBufferStr {
- char data[BUFFER_SIZE];
- int index;
- int remaining;
- int dataStart;
- int dataEnd;
+ char data[BUFFER_SIZE];
+ int index;
+ int remaining;
+ int dataStart;
+ int dataEnd;
} DataBuffer;
/* SSL callback routines. */
-char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg);
+char *myPasswd(PK11SlotInfo *info, PRBool retry, void *arg);
SECStatus myAuthCertificate(void *arg, PRFileDesc *socket,
PRBool checksig, PRBool isServer);
@@ -69,7 +69,6 @@ SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket,
void disableAllSSLCiphers(void);
-
/* Error and information utilities. */
void errWarn(char *function);
@@ -84,31 +83,33 @@ void printSecurityInfo(FILE *outfile, PRFileDesc *fd);
typedef SECStatus startFn(void *a, int b);
-typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState;
+typedef enum { rs_idle = 0,
+ rs_running = 1,
+ rs_zombie = 2 } runState;
typedef struct perThreadStr {
- PRFileDesc *a;
- int b;
- int rv;
- startFn *startFunc;
- PRThread *prThread;
- PRBool inUse;
- runState running;
+ PRFileDesc *a;
+ int b;
+ int rv;
+ startFn *startFunc;
+ PRThread *prThread;
+ PRBool inUse;
+ runState running;
} perThread;
typedef struct GlobalThreadMgrStr {
- PRLock *threadLock;
- PRCondVar *threadStartQ;
- PRCondVar *threadEndQ;
- perThread threads[MAX_THREADS];
- int index;
- int numUsed;
- int numRunning;
+ PRLock *threadLock;
+ PRCondVar *threadStartQ;
+ PRCondVar *threadEndQ;
+ perThread threads[MAX_THREADS];
+ int index;
+ int numUsed;
+ int numRunning;
} GlobalThreadMgr;
-void thread_wrapper(void * arg);
+void thread_wrapper(void *arg);
-SECStatus launch_thread(GlobalThreadMgr *threadMGR,
+SECStatus launch_thread(GlobalThreadMgr *threadMGR,
startFn *startFunc, void *a, int b);
SECStatus reap_threads(GlobalThreadMgr *threadMGR);
@@ -118,10 +119,10 @@ void destroy_thread_data(GlobalThreadMgr *threadMGR);
/* Management of locked variables. */
struct lockedVarsStr {
- PRLock * lock;
- int count;
- int waiters;
- PRCondVar * condVar;
+ PRLock *lock;
+ int count;
+ int waiters;
+ PRCondVar *condVar;
};
typedef struct lockedVarsStr lockedVars;
diff --git a/cmd/vfyserv/vfyutil.c b/cmd/vfyserv/vfyutil.c
index 64561462e..48347dcd8 100644
--- a/cmd/vfyserv/vfyutil.c
+++ b/cmd/vfyserv/vfyutil.c
@@ -8,51 +8,50 @@
#include "nspr.h"
#include "secutil.h"
-
extern PRBool dumpChain;
extern void dumpCertChain(CERTCertificate *, SECCertUsage);
/* Declare SSL cipher suites. */
int ssl3CipherSuites[] = {
- -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
- -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
- TLS_RSA_WITH_RC4_128_MD5, /* c */
- TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
- TLS_RSA_WITH_DES_CBC_SHA, /* e */
- TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
- -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
- TLS_RSA_WITH_NULL_MD5, /* i */
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
- SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
- TLS_RSA_WITH_RC4_128_SHA, /* n */
- TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
- TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
- TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
- TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
- TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
- TLS_RSA_WITH_NULL_SHA, /* z */
+ -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
+ TLS_RSA_WITH_RC4_128_MD5, /* c */
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
+ TLS_RSA_WITH_DES_CBC_SHA, /* e */
+ TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
+ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
+ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
+ TLS_RSA_WITH_NULL_MD5, /* i */
+ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
+ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
+ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
+ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
+ TLS_RSA_WITH_RC4_128_SHA, /* n */
+ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+ TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
+ TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
+ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
+ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
+ TLS_RSA_WITH_NULL_SHA, /* z */
0
};
int numSSL3CipherSuites = PR_ARRAY_SIZE(ssl3CipherSuites);
/**************************************************************************
-**
+**
** SSL callback routines.
**
**************************************************************************/
/* Function: char * myPasswd()
- *
+ *
* Purpose: This function is our custom password handler that is called by
* SSL when retreiving private certs and keys from the database. Returns a
* pointer to a string that with a password for the database. Password pointer
@@ -61,10 +60,10 @@ int numSSL3CipherSuites = PR_ARRAY_SIZE(ssl3CipherSuites);
char *
myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
{
- char * passwd = NULL;
+ char *passwd = NULL;
- if ( (!retry) && arg ) {
- passwd = PORT_Strdup((char *)arg);
+ if ((!retry) && arg) {
+ passwd = PORT_Strdup((char *)arg);
}
return passwd;
}
@@ -72,24 +71,24 @@ myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
/* Function: SECStatus myAuthCertificate()
*
* Purpose: This function is our custom certificate authentication handler.
- *
- * Note: This implementation is essentially the same as the default
+ *
+ * Note: This implementation is essentially the same as the default
* SSL_AuthCertificate().
*/
-SECStatus
-myAuthCertificate(void *arg, PRFileDesc *socket,
- PRBool checksig, PRBool isServer)
+SECStatus
+myAuthCertificate(void *arg, PRFileDesc *socket,
+ PRBool checksig, PRBool isServer)
{
SECCertificateUsage certUsage;
- CERTCertificate * cert;
- void * pinArg;
- char * hostName;
- SECStatus secStatus;
+ CERTCertificate *cert;
+ void *pinArg;
+ char *hostName;
+ SECStatus secStatus;
if (!arg || !socket) {
- errWarn("myAuthCertificate");
- return SECFailure;
+ errWarn("myAuthCertificate");
+ return SECFailure;
}
/* Define how the cert is being used based upon the isServer flag. */
@@ -97,26 +96,26 @@ myAuthCertificate(void *arg, PRFileDesc *socket,
certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
cert = SSL_PeerCertificate(socket);
-
+
pinArg = SSL_RevealPinArg(socket);
-
+
if (dumpChain == PR_TRUE) {
dumpCertChain(cert, certUsage);
}
secStatus = CERT_VerifyCertificateNow((CERTCertDBHandle *)arg,
- cert,
- checksig,
- certUsage,
- pinArg,
- NULL);
+ cert,
+ checksig,
+ certUsage,
+ pinArg,
+ NULL);
/* If this is a server, we're finished. */
if (isServer || secStatus != SECSuccess) {
- SECU_printCertProblems(stderr, (CERTCertDBHandle *)arg, cert,
- checksig, certUsage, pinArg, PR_FALSE);
- CERT_DestroyCertificate(cert);
- return secStatus;
+ SECU_printCertProblems(stderr, (CERTCertDBHandle *)arg, cert,
+ checksig, certUsage, pinArg, PR_FALSE);
+ CERT_DestroyCertificate(cert);
+ return secStatus;
}
/* Certificate is OK. Since this is the client side of an SSL
@@ -129,14 +128,14 @@ myAuthCertificate(void *arg, PRFileDesc *socket,
hostName = SSL_RevealURL(socket);
if (hostName && hostName[0]) {
- secStatus = CERT_VerifyCertName(cert, hostName);
+ secStatus = CERT_VerifyCertName(cert, hostName);
} else {
- PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
- secStatus = SECFailure;
+ PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
+ secStatus = SECFailure;
}
if (hostName)
- PR_Free(hostName);
+ PR_Free(hostName);
CERT_DestroyCertificate(cert);
return secStatus;
@@ -148,48 +147,48 @@ myAuthCertificate(void *arg, PRFileDesc *socket,
* valid. We define a certain set of parameters that still cause the
* certificate to be "valid" for this session, and return SECSuccess to cause
* the server to continue processing the request when any of these conditions
- * are met. Otherwise, SECFailure is return and the server rejects the
+ * are met. Otherwise, SECFailure is return and the server rejects the
* request.
*/
-SECStatus
-myBadCertHandler(void *arg, PRFileDesc *socket)
+SECStatus
+myBadCertHandler(void *arg, PRFileDesc *socket)
{
- SECStatus secStatus = SECFailure;
- PRErrorCode err;
+ SECStatus secStatus = SECFailure;
+ PRErrorCode err;
/* log invalid cert here */
if (!arg) {
- return secStatus;
+ return secStatus;
}
*(PRErrorCode *)arg = err = PORT_GetError();
/* If any of the cases in the switch are met, then we will proceed */
- /* with the processing of the request anyway. Otherwise, the default */
+ /* with the processing of the request anyway. Otherwise, the default */
/* case will be reached and we will reject the request. */
switch (err) {
- case SEC_ERROR_INVALID_AVA:
- case SEC_ERROR_INVALID_TIME:
- case SEC_ERROR_BAD_SIGNATURE:
- case SEC_ERROR_EXPIRED_CERTIFICATE:
- case SEC_ERROR_UNKNOWN_ISSUER:
- case SEC_ERROR_UNTRUSTED_CERT:
- case SEC_ERROR_CERT_VALID:
- case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
- case SEC_ERROR_CRL_EXPIRED:
- case SEC_ERROR_CRL_BAD_SIGNATURE:
- case SEC_ERROR_EXTENSION_VALUE_INVALID:
- case SEC_ERROR_CA_CERT_INVALID:
- case SEC_ERROR_CERT_USAGES_INVALID:
- case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
- secStatus = SECSuccess;
- break;
- default:
- secStatus = SECFailure;
- break;
+ case SEC_ERROR_INVALID_AVA:
+ case SEC_ERROR_INVALID_TIME:
+ case SEC_ERROR_BAD_SIGNATURE:
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
+ case SEC_ERROR_UNKNOWN_ISSUER:
+ case SEC_ERROR_UNTRUSTED_CERT:
+ case SEC_ERROR_CERT_VALID:
+ case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+ case SEC_ERROR_CRL_EXPIRED:
+ case SEC_ERROR_CRL_BAD_SIGNATURE:
+ case SEC_ERROR_EXTENSION_VALUE_INVALID:
+ case SEC_ERROR_CA_CERT_INVALID:
+ case SEC_ERROR_CERT_USAGES_INVALID:
+ case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
+ secStatus = SECSuccess;
+ break;
+ default:
+ secStatus = SECFailure;
+ break;
}
fprintf(stderr, "Bad certificate: %d, %s\n", err, SECU_Strerror(err));
@@ -199,75 +198,75 @@ myBadCertHandler(void *arg, PRFileDesc *socket)
/* Function: SECStatus ownGetClientAuthData()
*
- * Purpose: This callback is used by SSL to pull client certificate
+ * Purpose: This callback is used by SSL to pull client certificate
* information upon server request.
*/
-SECStatus
+SECStatus
myGetClientAuthData(void *arg,
PRFileDesc *socket,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey)
+ struct SECKEYPrivateKeyStr **pRetKey)
{
- CERTCertificate * cert;
- SECKEYPrivateKey * privKey;
- char * chosenNickName = (char *)arg;
- void * proto_win = NULL;
- SECStatus secStatus = SECFailure;
+ CERTCertificate *cert;
+ SECKEYPrivateKey *privKey;
+ char *chosenNickName = (char *)arg;
+ void *proto_win = NULL;
+ SECStatus secStatus = SECFailure;
proto_win = SSL_RevealPinArg(socket);
if (chosenNickName) {
- cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
- if (cert) {
- privKey = PK11_FindKeyByAnyCert(cert, proto_win);
- if (privKey) {
- secStatus = SECSuccess;
- } else {
- CERT_DestroyCertificate(cert);
- }
- }
+ cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
+ if (cert) {
+ privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+ if (privKey) {
+ secStatus = SECSuccess;
+ } else {
+ CERT_DestroyCertificate(cert);
+ }
+ }
} else { /* no nickname given, automatically find the right cert */
- CERTCertNicknames *names;
- int i;
-
- names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
- SEC_CERT_NICKNAMES_USER, proto_win);
-
- if (names != NULL) {
- for(i = 0; i < names->numnicknames; i++ ) {
-
- cert = PK11_FindCertFromNickname(names->nicknames[i],
- proto_win);
- if (!cert) {
- continue;
- }
-
- /* Only check unexpired certs */
- if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE)
- != secCertTimeValid ) {
- CERT_DestroyCertificate(cert);
- continue;
- }
-
- secStatus = NSS_CmpCertChainWCANames(cert, caNames);
- if (secStatus == SECSuccess) {
- privKey = PK11_FindKeyByAnyCert(cert, proto_win);
- if (privKey) {
- break;
- }
- secStatus = SECFailure;
- }
- CERT_DestroyCertificate(cert);
- } /* for loop */
- CERT_FreeNicknames(names);
- }
+ CERTCertNicknames *names;
+ int i;
+
+ names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
+ SEC_CERT_NICKNAMES_USER, proto_win);
+
+ if (names != NULL) {
+ for (i = 0; i < names->numnicknames; i++) {
+
+ cert = PK11_FindCertFromNickname(names->nicknames[i],
+ proto_win);
+ if (!cert) {
+ continue;
+ }
+
+ /* Only check unexpired certs */
+ if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE) !=
+ secCertTimeValid) {
+ CERT_DestroyCertificate(cert);
+ continue;
+ }
+
+ secStatus = NSS_CmpCertChainWCANames(cert, caNames);
+ if (secStatus == SECSuccess) {
+ privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+ if (privKey) {
+ break;
+ }
+ secStatus = SECFailure;
+ }
+ CERT_DestroyCertificate(cert);
+ } /* for loop */
+ CERT_FreeNicknames(names);
+ }
}
if (secStatus == SECSuccess) {
- *pRetCert = cert;
- *pRetKey = privKey;
+ *pRetCert = cert;
+ *pRetKey = privKey;
}
return secStatus;
@@ -278,7 +277,7 @@ myGetClientAuthData(void *arg,
* Purpose: Called by SSL to inform application that the handshake is
* complete. This function is mostly used on the server side of an SSL
* connection, although it is provided for a client as well.
- * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake
+ * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake
* is used to initiate a handshake.
*
* A typical scenario would be:
@@ -297,14 +296,13 @@ myGetClientAuthData(void *arg,
* blocking sockets.
*/
void
-myHandshakeCallback(PRFileDesc *socket, void *arg)
+myHandshakeCallback(PRFileDesc *socket, void *arg)
{
- fprintf(stderr,"Handshake Complete: SERVER CONFIGURED CORRECTLY\n");
+ fprintf(stderr, "Handshake Complete: SERVER CONFIGURED CORRECTLY\n");
}
-
/**************************************************************************
-**
+**
** Routines for disabling SSL ciphers.
**
**************************************************************************/
@@ -313,25 +311,25 @@ void
disableAllSSLCiphers(void)
{
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
- int i = SSL_NumImplementedCiphers;
- SECStatus rv;
+ int i = SSL_NumImplementedCiphers;
+ SECStatus rv;
/* disable all the SSL3 cipher suites */
while (--i >= 0) {
- PRUint16 suite = cipherSuites[i];
+ PRUint16 suite = cipherSuites[i];
rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
- if (rv != SECSuccess) {
- fprintf(stderr,
- "SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
- suite, i);
- errWarn("SSL_CipherPrefSetDefault");
- exit(2);
- }
+ if (rv != SECSuccess) {
+ fprintf(stderr,
+ "SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
+ suite, i);
+ errWarn("SSL_CipherPrefSetDefault");
+ exit(2);
+ }
}
}
/**************************************************************************
-**
+**
** Error and information routines.
**
**************************************************************************/
@@ -339,11 +337,11 @@ disableAllSSLCiphers(void)
void
errWarn(char *function)
{
- PRErrorCode errorNumber = PR_GetError();
- const char * errorString = SECU_Strerror(errorNumber);
+ PRErrorCode errorNumber = PR_GetError();
+ const char *errorString = SECU_Strerror(errorNumber);
fprintf(stderr, "Error in function %s: %d\n - %s\n",
- function, errorNumber, errorString);
+ function, errorNumber, errorString);
}
void
@@ -352,52 +350,51 @@ exitErr(char *function)
errWarn(function);
/* Exit gracefully. */
/* ignoring return value of NSS_Shutdown as code exits with 1 anyway*/
- (void) NSS_Shutdown();
+ (void)NSS_Shutdown();
PR_Cleanup();
exit(1);
}
-void
+void
printSecurityInfo(FILE *outfile, PRFileDesc *fd)
{
- char * cp; /* bulk cipher name */
- char * ip; /* cert issuer DN */
- char * sp; /* cert subject DN */
- int op; /* High, Low, Off */
- int kp0; /* total key bits */
- int kp1; /* secret key bits */
- int result;
- SSL3Statistics * ssl3stats = SSL_GetStatistics();
+ char *cp; /* bulk cipher name */
+ char *ip; /* cert issuer DN */
+ char *sp; /* cert subject DN */
+ int op; /* High, Low, Off */
+ int kp0; /* total key bits */
+ int kp1; /* secret key bits */
+ int result;
+ SSL3Statistics *ssl3stats = SSL_GetStatistics();
if (!outfile) {
- outfile = stdout;
+ outfile = stdout;
}
result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
if (result != SECSuccess)
- return;
+ return;
fprintf(outfile,
- " bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
- " subject DN:\n %s\n"
- " issuer DN:\n %s\n", cp, kp1, kp0, op, sp, ip);
+ " bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
+ " subject DN:\n %s\n"
+ " issuer DN:\n %s\n",
+ cp, kp1, kp0, op, sp, ip);
PR_Free(cp);
PR_Free(ip);
PR_Free(sp);
fprintf(outfile,
- " %ld cache hits; %ld cache misses, %ld cache not reusable\n",
- ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
- ssl3stats->hch_sid_cache_not_ok);
-
+ " %ld cache hits; %ld cache misses, %ld cache not reusable\n",
+ ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
+ ssl3stats->hch_sid_cache_not_ok);
}
-
/**************************************************************************
** Begin thread management routines and data.
**************************************************************************/
void
-thread_wrapper(void * arg)
+thread_wrapper(void *arg)
{
GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
perThread *slot = &threadMGR->threads[threadMGR->index];
@@ -406,7 +403,7 @@ thread_wrapper(void * arg)
PR_Lock(threadMGR->threadLock);
PR_Unlock(threadMGR->threadLock);
- slot->rv = (* slot->startFunc)(slot->a, slot->b);
+ slot->rv = (*slot->startFunc)(slot->a, slot->b);
PR_Lock(threadMGR->threadLock);
slot->running = rs_zombie;
@@ -419,37 +416,37 @@ thread_wrapper(void * arg)
SECStatus
launch_thread(GlobalThreadMgr *threadMGR,
- startFn *startFunc,
- void *a,
- int b)
+ startFn *startFunc,
+ void *a,
+ int b)
{
perThread *slot;
- int i;
+ int i;
if (!threadMGR->threadStartQ) {
- threadMGR->threadLock = PR_NewLock();
- threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
- threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock);
+ threadMGR->threadLock = PR_NewLock();
+ threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
+ threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock);
}
PR_Lock(threadMGR->threadLock);
while (threadMGR->numRunning >= MAX_THREADS) {
- PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
+ PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
}
for (i = 0; i < threadMGR->numUsed; ++i) {
- slot = &threadMGR->threads[i];
- if (slot->running == rs_idle)
- break;
+ slot = &threadMGR->threads[i];
+ if (slot->running == rs_idle)
+ break;
}
if (i >= threadMGR->numUsed) {
- if (i >= MAX_THREADS) {
- /* something's really wrong here. */
- PORT_Assert(i < MAX_THREADS);
- PR_Unlock(threadMGR->threadLock);
- return SECFailure;
- }
- ++(threadMGR->numUsed);
- PORT_Assert(threadMGR->numUsed == i + 1);
- slot = &threadMGR->threads[i];
+ if (i >= MAX_THREADS) {
+ /* something's really wrong here. */
+ PORT_Assert(i < MAX_THREADS);
+ PR_Unlock(threadMGR->threadLock);
+ return SECFailure;
+ }
+ ++(threadMGR->numUsed);
+ PORT_Assert(threadMGR->numUsed == i + 1);
+ slot = &threadMGR->threads[i];
}
slot->a = a;
@@ -459,17 +456,17 @@ launch_thread(GlobalThreadMgr *threadMGR,
threadMGR->index = i;
slot->prThread = PR_CreateThread(PR_USER_THREAD,
- thread_wrapper, threadMGR,
- PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
- PR_JOINABLE_THREAD, 0);
+ thread_wrapper, threadMGR,
+ PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+ PR_JOINABLE_THREAD, 0);
if (slot->prThread == NULL) {
- PR_Unlock(threadMGR->threadLock);
- printf("Failed to launch thread!\n");
- return SECFailure;
- }
+ PR_Unlock(threadMGR->threadLock);
+ printf("Failed to launch thread!\n");
+ return SECFailure;
+ }
- slot->inUse = 1;
+ slot->inUse = 1;
slot->running = 1;
++(threadMGR->numRunning);
PR_Unlock(threadMGR->threadLock);
@@ -477,40 +474,40 @@ launch_thread(GlobalThreadMgr *threadMGR,
return SECSuccess;
}
-SECStatus
+SECStatus
reap_threads(GlobalThreadMgr *threadMGR)
{
- perThread * slot;
- int i;
+ perThread *slot;
+ int i;
if (!threadMGR->threadLock)
- return SECSuccess;
+ return SECSuccess;
PR_Lock(threadMGR->threadLock);
while (threadMGR->numRunning > 0) {
- PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
- for (i = 0; i < threadMGR->numUsed; ++i) {
- slot = &threadMGR->threads[i];
- if (slot->running == rs_zombie) {
- /* Handle cleanup of thread here. */
-
- /* Now make sure the thread has ended OK. */
- PR_JoinThread(slot->prThread);
- slot->running = rs_idle;
- --threadMGR->numRunning;
-
- /* notify the thread launcher. */
- PR_NotifyCondVar(threadMGR->threadStartQ);
- }
- }
+ PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
+ for (i = 0; i < threadMGR->numUsed; ++i) {
+ slot = &threadMGR->threads[i];
+ if (slot->running == rs_zombie) {
+ /* Handle cleanup of thread here. */
+
+ /* Now make sure the thread has ended OK. */
+ PR_JoinThread(slot->prThread);
+ slot->running = rs_idle;
+ --threadMGR->numRunning;
+
+ /* notify the thread launcher. */
+ PR_NotifyCondVar(threadMGR->threadStartQ);
+ }
+ }
}
/* Safety Sam sez: make sure count is right. */
for (i = 0; i < threadMGR->numUsed; ++i) {
- slot = &threadMGR->threads[i];
- if (slot->running != rs_idle) {
- fprintf(stderr, "Thread in slot %d is in state %d!\n",
- i, slot->running);
- }
+ slot = &threadMGR->threads[i];
+ if (slot->running != rs_idle) {
+ fprintf(stderr, "Thread in slot %d is in state %d!\n",
+ i, slot->running);
+ }
}
PR_Unlock(threadMGR->threadLock);
return SECSuccess;
@@ -522,16 +519,16 @@ destroy_thread_data(GlobalThreadMgr *threadMGR)
PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
if (threadMGR->threadEndQ) {
- PR_DestroyCondVar(threadMGR->threadEndQ);
- threadMGR->threadEndQ = NULL;
+ PR_DestroyCondVar(threadMGR->threadEndQ);
+ threadMGR->threadEndQ = NULL;
}
if (threadMGR->threadStartQ) {
- PR_DestroyCondVar(threadMGR->threadStartQ);
- threadMGR->threadStartQ = NULL;
+ PR_DestroyCondVar(threadMGR->threadStartQ);
+ threadMGR->threadStartQ = NULL;
}
if (threadMGR->threadLock) {
- PR_DestroyLock(threadMGR->threadLock);
- threadMGR->threadLock = NULL;
+ PR_DestroyLock(threadMGR->threadLock);
+ threadMGR->threadLock = NULL;
}
}
@@ -539,17 +536,17 @@ destroy_thread_data(GlobalThreadMgr *threadMGR)
** End thread management routines.
**************************************************************************/
-void
-lockedVars_Init( lockedVars * lv)
+void
+lockedVars_Init(lockedVars *lv)
{
- lv->count = 0;
+ lv->count = 0;
lv->waiters = 0;
- lv->lock = PR_NewLock();
+ lv->lock = PR_NewLock();
lv->condVar = PR_NewCondVar(lv->lock);
}
void
-lockedVars_Destroy( lockedVars * lv)
+lockedVars_Destroy(lockedVars *lv)
{
PR_DestroyCondVar(lv->condVar);
lv->condVar = NULL;
@@ -559,30 +556,29 @@ lockedVars_Destroy( lockedVars * lv)
}
void
-lockedVars_WaitForDone(lockedVars * lv)
+lockedVars_WaitForDone(lockedVars *lv)
{
PR_Lock(lv->lock);
while (lv->count > 0) {
- PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
+ PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
}
PR_Unlock(lv->lock);
}
-int /* returns count */
-lockedVars_AddToCount(lockedVars * lv, int addend)
+int /* returns count */
+ lockedVars_AddToCount(lockedVars *lv, int addend)
{
int rv;
PR_Lock(lv->lock);
rv = lv->count += addend;
if (rv <= 0) {
- PR_NotifyCondVar(lv->condVar);
+ PR_NotifyCondVar(lv->condVar);
}
PR_Unlock(lv->lock);
return rv;
}
-
/*
* Dump cert chain in to cert.* files. This function is will
* create collisions while dumping cert chains if called from
@@ -602,20 +598,20 @@ dumpCertChain(CERTCertificate *cert, SECCertUsage usage)
return;
}
- for(count = 0; count < (unsigned int)certList->len; count++) {
+ for (count = 0; count < (unsigned int)certList->len; count++) {
char certFileName[16];
PRFileDesc *cfd;
PR_snprintf(certFileName, sizeof certFileName, "cert.%03d",
count);
- cfd = PR_Open(certFileName, PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE,
+ cfd = PR_Open(certFileName, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
0664);
if (!cfd) {
PR_fprintf(PR_STDOUT,
"Error: couldn't save cert der in file '%s'\n",
certFileName);
} else {
- PR_Write(cfd, certList->certs[count].data, certList->certs[count].len);
+ PR_Write(cfd, certList->certs[count].data, certList->certs[count].len);
PR_Close(cfd);
PR_fprintf(PR_STDOUT, "Cert file %s was created.\n", certFileName);
}
View Lorry Controller Status