configure.ac | 2 download.lst | 21 embeddedobj/source/commonembedding/visobj.cxx | 6 external/curl/ExternalPackage_curl.mk | 2 external/curl/ExternalProject_curl.mk | 11 external/curl/UnpackedTarball_curl.mk | 10 external/curl/curl-7.26.0_win-proxy.patch | 59 external/curl/curl-android.patch | 16 external/curl/curl-freebsd.patch.1 | 32 external/curl/curl-msvc-schannel.patch.1 | 4 external/curl/curl-msvc.patch.1 | 4 external/curl/curl-xp.patch.1 | 12 external/expat/ExternalProject_expat.mk | 3 external/expat/StaticLibrary_expat.mk | 2 external/expat/UnpackedTarball_expat.mk | 2 external/expat/expat-2.1.0.patch | 13 external/libpng/Module_libpng.mk | 4 external/libpng/configs/pnglibconf.h | 37 external/libxml2/ExternalPackage_xml2.mk | 2 external/libxml2/ExternalProject_xml2.mk | 2 external/libxslt/0001-Fix-for-type-confusion-in-preprocessing-attributes.patch.1 | 29 external/libxslt/ExternalPackage_xslt.mk | 2 external/libxslt/ExternalProject_xslt.mk | 6 external/libxslt/UnpackedTarball_xslt.mk | 7 external/libxslt/libxslt-android.patch | 15 external/libxslt/libxslt-config-guess.patch.0 | 1921 --- external/libxslt/libxslt-configure.patch.1 | 23 external/libxslt/libxslt-freebsd.patch.1 | 28 external/libxslt/libxslt-msvc.patch.2 | 13 external/nss/ExternalPackage_nss.mk | 17 external/nss/ExternalProject_nss.mk | 2 external/nss/Module_nss.mk | 2 external/nss/README | 64 external/nss/UnpackedTarball_nss.mk | 20 external/nss/asan.patch.1 | 12 external/nss/clang-cl.patch.0 | 74 external/nss/nss-pem.patch | 6376 ---------- external/nss/nss-winXP-sdk.patch.1 | 5 external/nss/nss.nowerror.patch | 12 external/nss/nss.patch | 26 external/nss/nss.utf8bom.patch.1 | 30 external/nss/nss.vs2015.patch | 12 external/nss/nss.vs2015.pdb.patch | 22 external/nss/nss.windowbuild.patch.0 | 55 external/nss/nss.windows.patch | 6 external/nss/nss_macosx.patch | 10 external/nss/ubsan-alignment.patch.0 | 40 external/nss/ubsan.patch.0 | 34 external/openssl/openssllnx.patch | 2 include/svx/svdoole2.hxx | 16 sc/inc/documentlinkmgr.hxx | 5 sc/source/ui/docshell/docsh.cxx | 7 sc/source/ui/docshell/docsh4.cxx | 12 sc/source/ui/docshell/documentlinkmgr.cxx | 26 sc/source/ui/view/tabvwsh4.cxx | 2 sd/source/core/drawdoc.cxx | 6 sd/source/ui/docshell/docshel4.cxx | 5 svx/source/svdraw/svdoole2.cxx | 20 svx/source/unodraw/unoshap4.cxx | 4 sw/inc/IDocumentLinksAdministration.hxx | 2 sw/source/core/doc/DocumentLinksAdministrationManager.cxx | 85 sw/source/core/inc/DocumentLinksAdministrationManager.hxx | 2 sw/source/filter/basflt/shellio.cxx | 2 sw/source/uibase/app/docsh.cxx | 2 sw/source/uibase/app/docshini.cxx | 3 65 files changed, 569 insertions(+), 8739 deletions(-)
New commits: commit 19981d4a48cc56a36e563235b0452f61732cc819 Author: Andras Timar <[email protected]> Date: Wed Mar 22 12:33:26 2017 +0100 Bump version to 5.0-41 Change-Id: I2de4f0f078de9a889883e91675c12d3509081f28 diff --git a/configure.ac b/configure.ac index 402fc0b61cb9..05fcb104d9e7 100644 --- a/configure.ac +++ b/configure.ac @@ -9,7 +9,7 @@ dnl in order to create a configure script. # several non-alphanumeric characters, those are split off and used only for the # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no idea. -AC_INIT([Collabora Office],[5.0.10.40],[],[],[https://CollaboraOffice.com/]) +AC_INIT([Collabora Office],[5.0.10.41],[],[],[https://CollaboraOffice.com/]) AC_PREREQ([2.59]) commit 5e14b7afdd1fe9edb73f40d35f3c3ce49711698d Author: Andras Timar <[email protected]> Date: Wed Mar 22 12:18:27 2017 +0100 upgrade libpng to version 1.6.28 Change-Id: I9159d0161899843972ac3653cfd3f70a249f2bfa diff --git a/download.lst b/download.lst index ff27565af96e..7afba25c9bbf 100644 --- a/download.lst +++ b/download.lst @@ -117,8 +117,8 @@ export OWNCLOUD_ANDROID_LIB_TARBALL := owncloud-android-library-0.9.4-no-binary- export PAGEMAKER_MD5SUM := 795cc7a59ace4db2b12586971d668671 export PAGEMAKER_TARBALL := libpagemaker-0.0.2.tar.bz2 export PIXMAN_TARBALL := c63f411b3ad147db2bcce1bf262a0e02-pixman-0.24.4.tar.bz2 -export PNG_MD5SUM := 6652e428d1d3fc3c6cb1362159b1cf3b -export PNG_TARBALL := libpng-1.5.24.tar.gz +export PNG_MD5SUM := 897ccec1ebfb0922e83c2bfaa1be8748 +export PNG_TARBALL := libpng-1.6.28.tar.gz export POPPLER_MD5SUM := 35c0660065d023365e9854c13e289d12 export POPPLER_TARBALL := poppler-0.26.4.tar.gz export POSTGRESQL_TARBALL := c0b4799ea9850eae3ead14f0a60e9418-postgresql-9.2.1.tar.bz2 diff --git a/external/libpng/Module_libpng.mk b/external/libpng/Module_libpng.mk index 31610d3db2fb..afb0016fbaf4 100644 --- a/external/libpng/Module_libpng.mk +++ b/external/libpng/Module_libpng.mk @@ -9,13 +9,9 @@ $(eval $(call gb_Module_Module,libpng)) -ifeq ($(SYSTEM_LIBPNG),) - $(eval $(call gb_Module_add_targets,libpng,\ StaticLibrary_png \ UnpackedTarball_png \ )) -endif - # vim: set noet sw=4 ts=4: diff --git a/external/libpng/configs/pnglibconf.h b/external/libpng/configs/pnglibconf.h index 8149f59394aa..ff5d156a6b19 100644 --- a/external/libpng/configs/pnglibconf.h +++ b/external/libpng/configs/pnglibconf.h @@ -1,7 +1,8 @@ -/* 1.5.24 STANDARD API DEFINITION */ +/* libpng 1.6.19 STANDARD API DEFINITION */ + /* pnglibconf.h - library build configuration */ -/* libpng version 1.5.24 - November 12, 2015 */ +/* Libpng version 1.6.19 - November 12, 2015 */ /* Copyright (c) 1998-2015 Glenn Randers-Pehrson */ @@ -20,9 +21,11 @@ /*#undef PNG_ARM_NEON_API_SUPPORTED*/ /*#undef PNG_ARM_NEON_CHECK_SUPPORTED*/ #define PNG_BENIGN_ERRORS_SUPPORTED +#define PNG_BENIGN_READ_ERRORS_SUPPORTED +/*#undef PNG_BENIGN_WRITE_ERRORS_SUPPORTED*/ #define PNG_BUILD_GRAYSCALE_PALETTE_SUPPORTED #define PNG_CHECK_FOR_INVALID_INDEX_SUPPORTED -#define PNG_CHECK_cHRM_SUPPORTED +#define PNG_COLORSPACE_SUPPORTED #define PNG_CONSOLE_IO_SUPPORTED #define PNG_CONVERT_tIME_SUPPORTED #define PNG_EASY_ACCESS_SUPPORTED @@ -31,6 +34,9 @@ #define PNG_FIXED_POINT_SUPPORTED #define PNG_FLOATING_ARITHMETIC_SUPPORTED #define PNG_FLOATING_POINT_SUPPORTED +#define PNG_FORMAT_AFIRST_SUPPORTED +#define PNG_FORMAT_BGR_SUPPORTED +#define PNG_GAMMA_SUPPORTED #define PNG_GET_PALETTE_MAX_SUPPORTED #define PNG_HANDLE_AS_UNKNOWN_SUPPORTED #define PNG_INCH_CONVERSIONS_SUPPORTED @@ -91,13 +97,21 @@ #define PNG_READ_tIME_SUPPORTED #define PNG_READ_tRNS_SUPPORTED #define PNG_READ_zTXt_SUPPORTED -/*#undef PNG_SAFE_LIMITS_SUPPORTED*/ #define PNG_SAVE_INT_32_SUPPORTED +#define PNG_SAVE_UNKNOWN_CHUNKS_SUPPORTED #define PNG_SEQUENTIAL_READ_SUPPORTED #define PNG_SETJMP_SUPPORTED -/*#undef PNG_SET_OPTION_SUPPORTED*/ +#define PNG_SET_OPTION_SUPPORTED +#define PNG_SET_UNKNOWN_CHUNKS_SUPPORTED #define PNG_SET_USER_LIMITS_SUPPORTED +#define PNG_SIMPLIFIED_READ_AFIRST_SUPPORTED +#define PNG_SIMPLIFIED_READ_BGR_SUPPORTED +#define PNG_SIMPLIFIED_READ_SUPPORTED +#define PNG_SIMPLIFIED_WRITE_AFIRST_SUPPORTED +#define PNG_SIMPLIFIED_WRITE_BGR_SUPPORTED +#define PNG_SIMPLIFIED_WRITE_SUPPORTED #define PNG_STDIO_SUPPORTED +#define PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED #define PNG_TEXT_SUPPORTED #define PNG_TIME_RFC1123_SUPPORTED #define PNG_UNKNOWN_CHUNKS_SUPPORTED @@ -173,15 +187,28 @@ #define PNG_API_RULE 0 #define PNG_DEFAULT_READ_MACROS 1 #define PNG_GAMMA_THRESHOLD_FIXED 5000 +#define PNG_IDAT_READ_SIZE PNG_ZBUF_SIZE +#define PNG_INFLATE_BUF_SIZE 1024 +#define PNG_LINKAGE_API extern +#define PNG_LINKAGE_CALLBACK extern +#define PNG_LINKAGE_DATA extern +#define PNG_LINKAGE_FUNCTION extern #define PNG_MAX_GAMMA_8 11 #define PNG_QUANTIZE_BLUE_BITS 5 #define PNG_QUANTIZE_GREEN_BITS 5 #define PNG_QUANTIZE_RED_BITS 5 +#define PNG_TEXT_Z_DEFAULT_COMPRESSION (-1) +#define PNG_TEXT_Z_DEFAULT_STRATEGY 0 #define PNG_USER_CHUNK_CACHE_MAX 1000 #define PNG_USER_CHUNK_MALLOC_MAX 8000000 #define PNG_USER_HEIGHT_MAX 1000000 #define PNG_USER_WIDTH_MAX 1000000 #define PNG_ZBUF_SIZE 8192 +#define PNG_ZLIB_VERNUM 0 /* unknown */ +#define PNG_Z_DEFAULT_COMPRESSION (-1) +#define PNG_Z_DEFAULT_NOFILTER_STRATEGY 0 +#define PNG_Z_DEFAULT_STRATEGY 1 #define PNG_sCAL_PRECISION 5 +#define PNG_sRGB_PROFILE_CHECKS 2 /* end of settings */ #endif /* PNGLCONF_H */ commit ada771b1d8d166db336f5ca1ba7671cc528189e9 Author: Andras Timar <[email protected]> Date: Wed Mar 22 12:13:09 2017 +0100 upgrade nss to version 3.27 Change-Id: I5042457f73204867fd401f3bc6691eda15c32320 diff --git a/download.lst b/download.lst index 8ded553f72eb..ff27565af96e 100644 --- a/download.lst +++ b/download.lst @@ -102,7 +102,7 @@ export MWAW_TARBALL := libmwaw-0.3.$(MWAW_VERSION_MICRO).tar.bz2 export MYSQLCPPCONN_TARBALL := 7239a4430efd4d0189c4f24df67f08e5-mysql-connector-c++-1.1.4.tar.gz export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_TARBALL := 231adebe5c2f78fded3e3df6e958878e-neon-0.30.1.tar.gz -export NSS_TARBALL := 6b254cf2f8cb4b27a3f0b8b7b9966ea7-nss-3.22.2-with-nspr-4.12.tar.gz +export NSS_TARBALL := 0e3eee39402386cf16fd7aaa7399ebef-nss-3.27-with-nspr-4.13.tar.gz export ODFGEN_MD5SUM := 8716be5c22ae8353f9aaa380d74840dc export ODFGEN_VERSION_MICRO := 4 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2 diff --git a/external/nss/ExternalPackage_nss.mk b/external/nss/ExternalPackage_nss.mk index c6d8953fd23b..6d568b7edfee 100644 --- a/external/nss/ExternalPackage_nss.mk +++ b/external/nss/ExternalPackage_nss.mk @@ -58,23 +58,10 @@ $(eval $(call gb_ExternalPackage_add_files,nss,$(LIBO_LIB_FOLDER),\ dist/out/lib/libsqlite3.so \ )) endif - -ifeq ($(SYSTEM_CURL),) -ifeq ($(OS),IOS) -# nothing -else ifeq ($(OS),MACOSX) -$(eval $(call gb_ExternalPackage_add_files,nss,$(LIBO_LIB_FOLDER),\ - dist/out/lib/libnsspem.dylib \ -)) -else ifeq ($(OS),WNT) +ifeq ($(OS),LINUX) $(eval $(call gb_ExternalPackage_add_files,nss,$(LIBO_LIB_FOLDER),\ - dist/out/lib/nsspem.dll \ + dist/out/lib/libfreeblpriv3.so \ )) -else # OS!=WNT/MACOSX -$(eval $(call gb_ExternalPackage_add_files,nss,$(LIBO_LIB_FOLDER),\ - dist/out/lib/libnsspem.so \ -)) -endif endif # vim: set noet sw=4 ts=4: diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk index bd649716a6c1..07cc472b9fb2 100644 --- a/external/nss/ExternalProject_nss.mk +++ b/external/nss/ExternalProject_nss.mk @@ -67,6 +67,7 @@ $(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalProject $(if $(filter MACOSX,$(OS)),\ $(if $(filter-out POWERPC,$(CPUNAME)),MACOS_SDK_DIR=$(MACOSX_SDK_PATH)) \ NSS_USE_SYSTEM_SQLITE=1) \ + $(if $(filter LINUX,$(OS)),$(if $(ENABLE_DBGUTIL),,BUILD_OPT=1)) \ $(if $(filter SOLARIS,$(OS)),NS_USE_GCC=1) \ $(if $(CROSS_COMPILING),\ $(if $(filter MACOSXPOWERPC,$(OS)$(CPUNAME)),CPU_ARCH=ppc) \ @@ -88,7 +89,6 @@ $(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalProject $(gb_Package_SOURCEDIR_nss)/dist/out/lib/libnss3.dylib \ $(gb_Package_SOURCEDIR_nss)/dist/out/lib/libnssckbi.dylib \ $(gb_Package_SOURCEDIR_nss)/dist/out/lib/libnssdbm3.dylib \ - $(gb_Package_SOURCEDIR_nss)/dist/out/lib/libnsspem.dylib \ $(gb_Package_SOURCEDIR_nss)/dist/out/lib/libnssutil3.dylib \ $(gb_Package_SOURCEDIR_nss)/dist/out/lib/libplc4.dylib \ $(gb_Package_SOURCEDIR_nss)/dist/out/lib/libplds4.dylib \ diff --git a/external/nss/Module_nss.mk b/external/nss/Module_nss.mk index c1e1ab2bc074..69b39f59ee5d 100644 --- a/external/nss/Module_nss.mk +++ b/external/nss/Module_nss.mk @@ -9,7 +9,6 @@ $(eval $(call gb_Module_Module,nss)) -ifeq ($(SYSTEM_NSS),) ifeq ($(filter ANDROID,$(OS)),) $(eval $(call gb_Module_add_targets,nss,\ UnpackedTarball_nss \ @@ -17,6 +16,5 @@ $(eval $(call gb_Module_add_targets,nss,\ ExternalProject_nss \ )) endif -endif # vim: set noet sw=4 ts=4: diff --git a/external/nss/README b/external/nss/README index 0c5adf808ce4..d4fbd68bd193 100644 --- a/external/nss/README +++ b/external/nss/README @@ -1,32 +1,9 @@ -Contains the security libraries which are also part of [[moz]]. However nss is meant to be more current. - -== Relation between nss, moz, moz_prebuilt == - -nss contains the security libraries which are also part of moz. However nss is -meant to be more current, that is it to be updated more often. This should be -easier than doing this with moz. - -If nss is built depends on an environment variable (SYSTEM_NSS=NO) which -is per default set to YES. In this case nss is build before moz. The nss -libraries/lib files/headers built in moz are then not delivered. Otherwise they -would overwrite those from nss. That is, the nss libraries build in moz are -removed from mozruntime.zip (build in moz/solver/bin), they are removed from the -lib directory (for example moz/unxlngi6.pro/lib), and the nss and nspr headers -are also removed (inc/nss and inc/nspr). The nss libraries from the nss module -are then added to mozruntime.zip. - -This also applies for moz_prebuilt. Therefore moz and moz_prebuilt must be build -again after changes have been made to the libraries in the nss module. - -Also when moz was updated to use a newer version of mozilla, then one must make -sure that new files which also belong to nss are not delivered and are removed -from mozruntime.zip. - +Contains the Network Security Services (NSS) libraries from Mozilla == Fips 140 and signed libraries == Fips 140 mode is not supported. That is, the *.chk files containing the -checksums for the cryptographic module are not delivered into solver and will +checksums for the cryptographic module are not delivered into instdir and will not be part of the OOo installation sets. Signing has been turned off because @@ -34,48 +11,15 @@ Signing has been turned off because (Mac) - sqlite conflicts with the system sqlite when signing which breaks the build - -== libfreebl3 == - -Porting to other platforms may require to deliver other variants of -libfreebl*. The library name varies according to the platform. Changes need to -be made to -ooo/moz/extractfiles.mk -ooo/moz/zipped/makefile.mk -sun/moz_prebuilt/zipped/makefile.mk - See also -[http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html] - - -== Windows builds of nss == - -To build mozilla on windows you'll need the mozilla build tools - -Build requirements containing the link to the build tools: -[https://developer.mozilla.org/en/Windows_Build_Prerequisites#ss2.2] - -The direct link: -[http://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32/MozillaBuildSetup-1.3.exe] - +[https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6] == libsqlite3 == -The system sqlite in Mac OS X versions older than 10.6 is incompatible -with the softokn3 in nss which requires a later version of sqlite. -With SDK 10.6 (and more current SDK) we use +With all supported Mac OS X SDK we use NSS_USE_SYSTEM_SQLITE=1 to build using the system sqlite. -The problem described here was found on Mac with OS 10.6 -We cannot deliver sqlite in the lib directory of the solver. This directory is -used by tools of the build environment. Using the sqlite from NSS breaks the -tools if they use system libraries which are linked with the system -sqlite. Therefore we deliver it into lib/sqlite on unix systems. - -See also issue: -[https://bz.apache.org/ooo/show_bug.cgi?id=106132] - == system NSS on Linux == Note that different Linux distributions use different SONAMEs for the diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index f7409e1bb1b5..a0ac57173fd1 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -17,32 +17,34 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nss-3.13.5-zlib-werror.patch \ external/nss/nss_macosx.patch \ external/nss/nss-win32-make.patch.1 \ - $(if $(filter WNTMSC,$(OS)$(COM)),external/nss/nss.windows.patch) \ + $(if $(filter WNTMSC,$(OS)$(COM)),external/nss/nss.windows.patch \ + external/nss/nss.nowerror.patch \ + external/nss/nss.vs2015.patch) \ $(if $(filter WNTGCC,$(OS)$(COM)),external/nss/nspr-4.9-build.patch.3 \ external/nss/nss-3.13.3-build.patch.3 \ external/nss/nss.mingw.patch.3) \ external/nss/ubsan.patch.0 \ + external/nss/clang-cl.patch.0 \ + external/nss/nss.windowbuild.patch.0 \ $(if $(filter IOS,$(OS)), \ external/nss/nss-chromium-nss-static.patch \ external/nss/nss-more-static.patch \ external/nss/nss-ios.patch) \ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ external/nss/nss.cygwin64.in32bit.patch) \ + $(if $(filter WNTMSC,$(OS)$(COM)), \ + external/nss/nss.vs2015.pdb.patch) \ $(if $(findstring 120_70,$(VCVER)_$(WINDOWS_SDK_VERSION)), \ external/nss/nss-winXP-sdk.patch.1) \ + $(if $(filter WNTMSC,$(OS)$(COM)), \ + external/nss/nss.utf8bom.patch.1) \ )) -# nss-pem is only needed for internal curl to read the NSS CA database -ifeq ($(SYSTEM_CURL),) -$(eval $(call gb_UnpackedTarball_add_patches,nss,\ - external/nss/nss-pem.patch \ -)) -endif - -ifeq ($(COM_GCC_IS_CLANG),TRUE) +ifeq ($(COM_IS_CLANG),TRUE) ifneq ($(filter -fsanitize=%,$(CC)),) $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/asan.patch.1 \ + external/nss/ubsan-alignment.patch.0 \ )) endif endif diff --git a/external/nss/asan.patch.1 b/external/nss/asan.patch.1 index 3b64aa6f3045..0685adb1dc4b 100644 --- a/external/nss/asan.patch.1 +++ b/external/nss/asan.patch.1 @@ -1,12 +1,12 @@ diff -ur nss.org/nss/coreconf/Linux.mk nss/nss/coreconf/Linux.mk --- nss.org/nss/coreconf/Linux.mk 2014-05-06 04:36:01.817838877 +0200 +++ nss/nss/coreconf/Linux.mk 2014-05-06 04:37:25.387835456 +0200 -@@ -145,7 +145,7 @@ - # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8) - # incorrectly reports undefined references in the libraries we link with, so +@@ -158,7 +158,7 @@ # we don't use -z defs there. + # Also, -z defs conflicts with Address Sanitizer, which emits relocations + # against the libsanitizer runtime built into the main executable. -ZDEFS_FLAG = -Wl,-z,defs +ZDEFS_FLAG = - DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -Wl,-z,origin '-Wl,-rpath,$$ORIGIN' - LDFLAGS += $(ARCHFLAG) - + ifneq ($(USE_ASAN),1) + DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -Wl,-z,origin '-Wl,-rpath,$$ORIGIN' + endif diff --git a/external/nss/clang-cl.patch.0 b/external/nss/clang-cl.patch.0 new file mode 100644 index 000000000000..98786d49971c --- /dev/null +++ b/external/nss/clang-cl.patch.0 @@ -0,0 +1,74 @@ +# "#pragma deprecated" and "#pragma intrinsic" not (yet?) handled in the "if +# (LangOpts.MicrosoftExt)" block in Preprocessor::RegisterBuiltinPragmas in +# Clang's lib/Lex/Pragma.cpp: +--- nspr/pr/include/pratom.h ++++ nspr/pr/include/pratom.h +@@ -83,7 +83,7 @@ + + #include <intrin.h> + +-#ifdef _MSC_VER ++#if defined _WIN32 && !defined __clang__ + #pragma intrinsic(_InterlockedIncrement) + #pragma intrinsic(_InterlockedDecrement) + #pragma intrinsic(_InterlockedExchange) +--- nspr/pr/include/prbit.h ++++ nspr/pr/include/prbit.h +@@ -14,7 +14,7 @@ + ** functions. + */ + #if defined(_WIN32) && (_MSC_VER >= 1300) && \ +- (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_ARM)) ++ (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_ARM)) && !defined __clang__ + # include <intrin.h> + # pragma intrinsic(_BitScanForward,_BitScanReverse) + __forceinline static int __prBitScanForward32(unsigned int val) +@@ -32,7 +32,7 @@ + # define pr_bitscan_ctz32(val) __prBitScanForward32(val) + # define pr_bitscan_clz32(val) __prBitScanReverse32(val) + # define PR_HAVE_BUILTIN_BITSCAN32 +-#elif ((__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) && \ ++#elif defined __GNUC__ && ((__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) && \ + (defined(__i386__) || defined(__x86_64__) || defined(__arm__)) + # define pr_bitscan_ctz32(val) __builtin_ctz(val) + # define pr_bitscan_clz32(val) __builtin_clz(val) +@@ -136,7 +136,7 @@ + */ + + #if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || \ +- defined(_M_X64) || defined(_M_ARM)) ++ defined(_M_X64) || defined(_M_ARM)) && !defined __clang__ + #include <stdlib.h> + #pragma intrinsic(_rotl, _rotr) + #define PR_ROTATE_LEFT32(a, bits) _rotl(a, bits) +--- nss/lib/certdb/certdb.h ++++ nss/lib/certdb/certdb.h +@@ -21,7 +21,7 @@ + /* On Windows, Mac, and Linux (and other gcc platforms), we can give compile + * time deprecation warnings when applications use the old CERTDB_VALID_PEER + * define */ +-#if __GNUC__ > 3 ++#if defined __GNUC__ && __GNUC__ > 3 + #if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5) + typedef unsigned int __CERTDB_VALID_PEER __attribute__((deprecated)); + #else +@@ -30,7 +30,7 @@ + #endif + #define CERTDB_VALID_PEER ((__CERTDB_VALID_PEER)CERTDB_TERMINAL_RECORD) + #else +-#ifdef _WIN32 ++#if defined _WIN32 && !defined __clang__ + #pragma deprecated(CERTDB_VALID_PEER) + #endif + #define CERTDB_VALID_PEER CERTDB_TERMINAL_RECORD +--- nss/lib/util/pkcs11n.h ++++ nss/lib/util/pkcs11n.h +@@ -426,7 +426,7 @@ + /* keep the old value for compatibility reasons*/ + #define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS + 4)) + #else +-#ifdef _WIN32 ++#if defined _WIN32 && !defined __clang__ + /* This magic gets the windows compiler to give us a deprecation + * warning */ + #pragma deprecated(CKT_NSS_UNTRUSTED, CKT_NSS_MUST_VERIFY, CKT_NSS_VALID) diff --git a/external/nss/nss-pem.patch b/external/nss/nss-pem.patch deleted file mode 100644 index c3f28bc74a6d..000000000000 --- a/external/nss/nss-pem.patch +++ /dev/null @@ -1,6376 +0,0 @@ -diff --git a/a/nss/lib/ckfw/manifest.mn b/b/nss/lib/ckfw/manifest.mn -index 20bebeb..4f10563 100644 ---- a/a/nss/lib/ckfw/manifest.mn -+++ b/b/nss/lib/ckfw/manifest.mn -@@ -5,7 +5,7 @@ - - CORE_DEPTH = ../.. - --DIRS = builtins -+DIRS = builtins pem - - PRIVATE_EXPORTS = \ - ck.h \ -diff --git a/a/nss/lib/ckfw/pem/Makefile b/b/nss/lib/ckfw/pem/Makefile -new file mode 100644 -index 0000000..aec3bbd ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/Makefile -@@ -0,0 +1,107 @@ -+# -+# ***** BEGIN LICENSE BLOCK ***** -+# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+# -+# The contents of this file are subject to the Mozilla Public License Version -+# 1.1 (the "License"); you may not use this file except in compliance with -+# the License. You may obtain a copy of the License at -+# http://www.mozilla.org/MPL/ -+# -+# Software distributed under the License is distributed on an "AS IS" basis, -+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+# for the specific language governing rights and limitations under the -+# License. -+# -+# The Original Code is the Netscape security libraries. -+# -+# The Initial Developer of the Original Code is -+# Netscape Communications Corporation. -+# Portions created by the Initial Developer are Copyright (C) 1994-2000 -+# the Initial Developer. All Rights Reserved. -+# -+# Contributor(s): -+# -+# Alternatively, the contents of this file may be used under the terms of -+# either the GNU General Public License Version 2 or later (the "GPL"), or -+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+# in which case the provisions of the GPL or the LGPL are applicable instead -+# of those above. If you wish to allow use of your version of this file only -+# under the terms of either the GPL or the LGPL, and not to allow others to -+# use your version of this file under the terms of the MPL, indicate your -+# decision by deleting the provisions above and replace them with the notice -+# and other provisions required by the GPL or the LGPL. If you do not delete -+# the provisions above, a recipient may use your version of this file under -+# the terms of any one of the MPL, the GPL or the LGPL. -+# -+# ***** END LICENSE BLOCK ***** -+MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.5 $ $Date: 2007/05/09 00:09:37 $" -+ -+include manifest.mn -+include $(CORE_DEPTH)/coreconf/config.mk -+include config.mk -+ -+EXTRA_LIBS = \ -+ $(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \ -+ $(NULL) -+ -+# can't do this in manifest.mn because OS_TARGET isn't defined there. -+ifeq (,$(filter-out WIN%,$(OS_TARGET))) -+ -+ifdef NS_USE_GCC -+EXTRA_LIBS += \ -+ -L$(NSPR_LIB_DIR) \ -+ -lplc4 \ -+ -lplds4 \ -+ -lnspr4 \ -+ $(NULL) -+else -+EXTRA_SHARED_LIBS += \ -+ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \ -+ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \ -+ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \ -+ crypt32.lib \ -+ advapi32.lib \ -+ rpcrt4.lib \ -+ $(NULL) -+endif # NS_USE_GCC -+else -+ -+EXTRA_LIBS += \ -+ -L$(NSPR_LIB_DIR) \ -+ -lplc4 \ -+ -lplds4 \ -+ -lnspr4 \ -+ $(NULL) -+endif -+ -+ -+include $(CORE_DEPTH)/coreconf/rules.mk -+ -+# Generate certdata.c. -+generate: -+ $(PERL) certdata.perl < certdata.txt -+ -+# This'll need some help from a build person. -+ -+ -+ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.1) -+DSO_LDOPTS = -bM:SRE -bh:4 -bnoentry -+EXTRA_DSO_LDOPTS = -lc -+MKSHLIB = xlC $(DSO_LDOPTS) -+ -+$(SHARED_LIBRARY): $(OBJS) -+ @$(MAKE_OBJDIR) -+ rm -f $@ -+ $(MKSHLIB) -o $@ $(OBJS) $(EXTRA_LIBS) $(EXTRA_DSO_LDOPTS) -+ chmod +x $@ -+ -+endif -+ -+ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.2) -+LD += -G -+endif -+ -+ -diff --git a/a/nss/lib/ckfw/pem/anchor.c b/b/nss/lib/ckfw/pem/anchor.c -new file mode 100644 -index 0000000..621f919 ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/anchor.c -@@ -0,0 +1,50 @@ -+/* ***** BEGIN LICENSE BLOCK ***** -+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+ * -+ * The contents of this file are subject to the Mozilla Public License Version -+ * 1.1 (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * http://www.mozilla.org/MPL/ -+ * -+ * Software distributed under the License is distributed on an "AS IS" basis, -+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+ * for the specific language governing rights and limitations under the -+ * License. -+ * -+ * The Original Code is the Netscape security libraries. -+ * -+ * The Initial Developer of the Original Code is -+ * Netscape Communications Corporation. -+ * Portions created by the Initial Developer are Copyright (C) 1994-2000 -+ * the Initial Developer. All Rights Reserved. -+ * -+ * Contributor(s): -+ * Rob Crittenden ([email protected]) -+ * -+ * Alternatively, the contents of this file may be used under the terms of -+ * either the GNU General Public License Version 2 or later (the "GPL"), or -+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+ * in which case the provisions of the GPL or the LGPL are applicable instead -+ * of those above. If you wish to allow use of your version of this file only -+ * under the terms of either the GPL or the LGPL, and not to allow others to -+ * use your version of this file under the terms of the MPL, indicate your -+ * decision by deleting the provisions above and replace them with the notice -+ * and other provisions required by the GPL or the LGPL. If you do not delete -+ * the provisions above, a recipient may use your version of this file under -+ * the terms of any one of the MPL, the GPL or the LGPL. -+ * -+ * ***** END LICENSE BLOCK ***** */ -+ -+/* -+ * anchor.c -+ * -+ * This file "anchors" the actual cryptoki entry points in this module's -+ * shared library, which is required for dynamic loading. See the -+ * comments in nssck.api for more information. -+ */ -+ -+#include "ckpem.h" -+ -+#define MODULE_NAME pem -+#define INSTANCE_NAME (NSSCKMDInstance *)&pem_mdInstance -+#include "nssck.api" -diff --git a/a/nss/lib/ckfw/pem/ckpem.h b/b/nss/lib/ckfw/pem/ckpem.h -new file mode 100644 -index 0000000..9712ccd ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/ckpem.h -@@ -0,0 +1,263 @@ -+#ifndef CKPEM_H -+#define CKPEM_H -+ -+#include "nssckmdt.h" -+#include "nssckfw.h" -+#include "ckfwtm.h" -+#include "ckfw.h" -+#include "secder.h" -+#include "secoid.h" -+#include "secasn1.h" -+#include "blapit.h" -+#include "softoken.h" -+ -+/* -+ * I'm including this for access to the arena functions. -+ * Looks like we should publish that API. -+ */ -+#ifndef BASE_H -+#include "base.h" -+#endif /* BASE_H */ -+ -+/* -+ * This is where the Netscape extensions live, at least for now. -+ */ -+#ifndef CKT_H -+#include "ckt.h" -+#endif /* CKT_H */ -+ -+#define NUM_SLOTS 8 -+ -+/* -+ * statically defined raw objects. Allows us to data description objects -+ * to this PKCS #11 module. -+ */ -+struct pemRawObjectStr { -+ CK_ULONG n; -+ const CK_ATTRIBUTE_TYPE *types; -+ const NSSItem *items; -+}; -+typedef struct pemRawObjectStr pemRawObject; -+ -+/* -+ * common values needed for both bare keys and cert referenced keys. -+ */ -+struct pemKeyParamsStr { -+ NSSItem modulus; -+ NSSItem exponent; -+ NSSItem privateExponent; -+ NSSItem prime1; -+ NSSItem prime2; -+ NSSItem exponent1; -+ NSSItem exponent2; -+ NSSItem coefficient; -+ unsigned char publicExponentData[sizeof(CK_ULONG)]; -+ SECItem *privateKey; -+ SECItem *privateKeyOrig; /* deep copy of privateKey until decrypted */ -+ void *pubKey; -+}; -+typedef struct pemKeyParamsStr pemKeyParams; -+/* -+ * Key objects. Handles bare keys which do not yet have certs associated -+ * with them. These are usually short lived, but may exist for several days -+ * while the CA is issuing the certificate. -+ */ -+struct pemKeyObjectStr { -+ char *provName; -+ char *containerName; -+ pemKeyParams key; -+ char *ivstring; -+ int cipher; -+}; -+typedef struct pemKeyObjectStr pemKeyObject; -+ -+/* -+ * Certificate and certificate referenced keys. -+ */ -+struct pemCertObjectStr { -+ const char *certStore; -+ NSSItem label; -+ NSSItem subject; -+ NSSItem issuer; -+ NSSItem serial; -+ NSSItem derCert; -+ unsigned char sha1_hash[SHA1_LENGTH]; -+ unsigned char md5_hash[MD5_LENGTH]; -+ pemKeyParams key; -+ unsigned char *labelData; -+ /* static data: to do, make this dynamic like labelData */ -+ unsigned char derSerial[128]; -+}; -+typedef struct pemCertObjectStr pemCertObject; -+ -+/* -+ * Trust -+ */ -+struct pemTrustObjectStr { -+ char *nickname; -+}; -+typedef struct pemTrustObjectStr pemTrustObject; -+ -+typedef enum { -+ pemAll = -1, /* matches all types */ -+ pemRaw, -+ pemCert, -+ pemBareKey, -+ pemTrust -+} pemObjectType; -+ -+typedef struct pemInternalObjectStr pemInternalObject; -+typedef struct pemObjectListItemStr pemObjectListItem; -+ -+/* -+ * singly-linked list of internal objects -+ */ -+struct pemObjectListItemStr { -+ pemInternalObject *io; -+ pemObjectListItem *next; -+}; -+ -+/* -+ * all the various types of objects are abstracted away in cobject and -+ * cfind as pemInternalObjects. -+ */ -+struct pemInternalObjectStr { -+ pemObjectType type; -+ union { -+ pemRawObject raw; -+ pemCertObject cert; -+ pemKeyObject key; -+ pemTrustObject trust; -+ } u; -+ CK_OBJECT_CLASS objClass; -+ NSSItem hashKey; -+ NSSItem id; -+ unsigned char hashKeyData[128]; -+ SECItem *derCert; -+ char *nickname; -+ NSSCKMDObject mdObject; -+ CK_SLOT_ID slotID; -+ CK_ULONG gobjIndex; -+ int refCount; -+ -+ /* used by pem_mdFindObjects_Next */ -+ CK_BBOOL extRef; -+ -+ /* If list != NULL, the object contains no useful data except of the list -+ * of slave objects */ -+ pemObjectListItem *list; -+}; -+ -+struct pemTokenStr { -+ PRBool logged_in; -+}; -+typedef struct pemTokenStr pemToken; -+ -+/* our raw object data array */ -+NSS_EXTERN_DATA pemInternalObject nss_pem_data[]; -+NSS_EXTERN_DATA const PRUint32 nss_pem_nObjects; -+ -+/* our raw object data array */ -+NSS_EXTERN_DATA pemInternalObject nss_pem_data[]; -+NSS_EXTERN_DATA const PRUint32 nss_pem_nObjects; -+ -+NSS_EXTERN_DATA pemInternalObject pem_data[]; -+NSS_EXTERN_DATA const PRUint32 pem_nObjects; -+ -+NSS_EXTERN_DATA const CK_VERSION pem_CryptokiVersion; -+NSS_EXTERN_DATA const NSSUTF8 * pem_ManufacturerID; -+NSS_EXTERN_DATA const NSSUTF8 * pem_LibraryDescription; -+NSS_EXTERN_DATA const CK_VERSION pem_LibraryVersion; -+NSS_EXTERN_DATA const NSSUTF8 * pem_SlotDescription; -+NSS_EXTERN_DATA const CK_VERSION pem_HardwareVersion; -+NSS_EXTERN_DATA const CK_VERSION pem_FirmwareVersion; -+NSS_EXTERN_DATA const NSSUTF8 * pem_TokenLabel; -+NSS_EXTERN_DATA const NSSUTF8 * pem_TokenModel; -+NSS_EXTERN_DATA const NSSUTF8 * pem_TokenSerialNumber; -+ -+NSS_EXTERN_DATA const NSSCKMDInstance pem_mdInstance; -+NSS_EXTERN_DATA const NSSCKMDSlot pem_mdSlot; -+NSS_EXTERN_DATA const NSSCKMDToken pem_mdToken; -+NSS_EXTERN_DATA const NSSCKMDMechanism pem_mdMechanismRSA; -+ -+NSS_EXTERN NSSCKMDSession * -+pem_CreateSession -+( -+ NSSCKFWSession *fwSession, -+ CK_RV *pError -+); -+ -+NSS_EXTERN NSSCKMDFindObjects * -+pem_FindObjectsInit -+( -+ NSSCKFWSession *fwSession, -+ CK_ATTRIBUTE_PTR pTemplate, -+ CK_ULONG ulAttributeCount, -+ CK_RV *pError -+); -+ -+NSS_EXTERN NSSCKMDObject * -+pem_CreateMDObject -+( -+ NSSArena *arena, -+ pemInternalObject *io, -+ CK_RV *pError -+); -+ -+#define NSS_PEM_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0]))) -+ -+typedef enum { -+ pemLOWKEYNullKey = 0, -+ pemLOWKEYRSAKey = 1, -+ pemLOWKEYDSAKey = 2, -+ pemLOWKEYDHKey = 4, -+ pemLOWKEYECKey = 5 -+} pemLOWKEYType; -+ -+/* -+** Low Level private key object -+** This is only used by the raw Crypto engines (crypto), keydb (keydb), -+** and PKCS #11. Everyone else uses the high level key structure. -+*/ -+struct pemLOWKEYPrivateKeyStr { -+ PLArenaPool *arena; -+ pemLOWKEYType keyType; -+ union { -+ RSAPrivateKey rsa; -+ DSAPrivateKey dsa; -+ DHPrivateKey dh; -+ ECPrivateKey ec; -+ } u; -+}; -+typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey; -+ -+SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly); -+const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type); -+void pem_PopulateModulusExponent(pemInternalObject *io); -+NSSCKMDObject * pem_CreateObject(NSSCKFWInstance *fwInstance, NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_RV *pError); -+NSSCKMDSlot *pem_NewSlot( NSSCKFWInstance *fwInstance, CK_RV *pError); -+ -+ -+PRBool pem_ParseString(const char* inputstring, const char delimiter, -+ PRInt32* numStrings, char*** returnedstrings); -+PRBool pem_FreeParsedStrings(PRInt32 numStrings, char** instrings); -+ -+pemInternalObject * -+AddObjectIfNeeded(CK_OBJECT_CLASS objClass, pemObjectType type, -+ SECItem *certDER, SECItem *keyDER, char *filename, int objid, -+ CK_SLOT_ID slotID, PRBool *pAdded); -+ -+void pem_DestroyInternalObject (pemInternalObject *io); -+ -+ -+/* prsa.c */ -+unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk); -+ -+/* ptoken.c */ -+NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError); -+ -+/* util.c */ -+void open_log(); -+void plog(const char *fmt, ...); -+ -+#endif /* CKPEM_H */ -diff --git a/a/nss/lib/ckfw/pem/ckpemver.c b/b/nss/lib/ckfw/pem/ckpemver.c -new file mode 100644 -index 0000000..76ab5df ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/ckpemver.c -@@ -0,0 +1,59 @@ -+/* ***** BEGIN LICENSE BLOCK ***** -+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+ * -+ * The contents of this file are subject to the Mozilla Public License Version -+ * 1.1 (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * http://www.mozilla.org/MPL/ -+ * -+ * Software distributed under the License is distributed on an "AS IS" basis, -+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+ * for the specific language governing rights and limitations under the -+ * License. -+ * -+ * The Original Code is the Netscape security libraries. -+ * -+ * The Initial Developer of the Original Code is -+ * Netscape Communications Corporation. -+ * Portions created by the Initial Developer are Copyright (C) 1994-2000 -+ * the Initial Developer. All Rights Reserved. -+ * Portions created by Red Hat, Inc, are Copyright (C) 2005 -+ * -+ * Contributor(s): -+ * Rob Crittenden ([email protected]) -+ * -+ * Alternatively, the contents of this file may be used under the terms of -+ * either the GNU General Public License Version 2 or later (the "GPL"), or -+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+ * in which case the provisions of the GPL or the LGPL are applicable instead -+ * of those above. If you wish to allow use of your version of this file only -+ * under the terms of either the GPL or the LGPL, and not to allow others to -+ * use your version of this file under the terms of the MPL, indicate your -+ * decision by deleting the provisions above and replace them with the notice -+ * and other provisions required by the GPL or the LGPL. If you do not delete -+ * the provisions above, a recipient may use your version of this file under -+ * the terms of any one of the MPL, the GPL or the LGPL. -+ * -+ * ***** END LICENSE BLOCK ***** */ -+/* Library identity and versioning */ -+ -+#include "nsspem.h" -+ -+#if defined(DEBUG) -+#define _DEBUG_STRING " (debug)" -+#else -+#define _DEBUG_STRING "" -+#endif -+ -+/* -+ * Version information for the 'ident' and 'what commands -+ * -+ * NOTE: the first component of the concatenated rcsid string -+ * must not end in a '$' to prevent rcs keyword substitution. -+ */ -+const char __nss_ckpem_rcsid[] = "$Header: NSS Access to Flat Files in PEM format" -+ NSS_CKPEM_LIBRARY_VERSION _DEBUG_STRING -+ " " __DATE__ " " __TIME__ " $"; -+const char __nss_ckcapi_sccsid[] = "@(#)NSS Access to Flag Files in PEM format " -+ NSS_CKPEM_LIBRARY_VERSION _DEBUG_STRING -+ " " __DATE__ " " __TIME__; -diff --git a/a/nss/lib/ckfw/pem/config.mk b/b/nss/lib/ckfw/pem/config.mk -new file mode 100644 -index 0000000..ff6cd9a ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/config.mk -@@ -0,0 +1,71 @@ -+# -+# ***** BEGIN LICENSE BLOCK ***** -+# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+# -+# The contents of this file are subject to the Mozilla Public License Version -+# 1.1 (the "License"); you may not use this file except in compliance with -+# the License. You may obtain a copy of the License at -+# http://www.mozilla.org/MPL/ -+# -+# Software distributed under the License is distributed on an "AS IS" basis, -+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+# for the specific language governing rights and limitations under the -+# License. -+# -+# The Original Code is the Netscape security libraries. -+# -+# The Initial Developer of the Original Code is -+# Netscape Communications Corporation. -+# Portions created by the Initial Developer are Copyright (C) 1994-2000 -+# the Initial Developer. All Rights Reserved. -+# -+# Contributor(s): -+# -+# Alternatively, the contents of this file may be used under the terms of -+# either the GNU General Public License Version 2 or later (the "GPL"), or -+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+# in which case the provisions of the GPL or the LGPL are applicable instead -+# of those above. If you wish to allow use of your version of this file only -+# under the terms of either the GPL or the LGPL, and not to allow others to -+# use your version of this file under the terms of the MPL, indicate your -+# decision by deleting the provisions above and replace them with the notice -+# and other provisions required by the GPL or the LGPL. If you do not delete -+# the provisions above, a recipient may use your version of this file under -+# the terms of any one of the MPL, the GPL or the LGPL. -+# -+# ***** END LICENSE BLOCK ***** -+CONFIG_CVS_ID = "@(#) $RCSfile: config.mk,v $ $Revision: 1.11 $ $Date: 2005/01/20 02:25:46 $" -+ -+# -+# Override TARGETS variable so that only shared libraries -+# are specifed as dependencies within rules.mk. -+# -+ -+TARGETS = $(SHARED_LIBRARY) -+LIBRARY = -+IMPORT_LIBRARY = -+PROGRAM = -+ -+ifeq (,$(filter-out WIN%,$(OS_TARGET))) -+ SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) -+ RES = $(OBJDIR)/$(LIBRARY_NAME).res -+ RESNAME = $(LIBRARY_NAME).rc -+endif -+ -+ifdef BUILD_IDG -+ DEFINES += -DNSSDEBUG -+endif -+ -+# -+# To create a loadable module on Darwin, we must use -bundle. -+# -+ifeq ($(OS_TARGET),Darwin) -+DSO_LDOPTS = -bundle -+endif -+ -+ifeq ($(OS_TARGET),SunOS) -+# The -R '$ORIGIN' linker option instructs this library to search for its -+# dependencies in the same directory where it resides. -+MKSHLIB += -R '$$ORIGIN' -+endif -+ -diff --git a/a/nss/lib/ckfw/pem/constants.c b/b/nss/lib/ckfw/pem/constants.c -new file mode 100644 -index 0000000..0ceb443 ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/constants.c -@@ -0,0 +1,77 @@ -+/* ***** BEGIN LICENSE BLOCK ***** -+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+ * -+ * The contents of this file are subject to the Mozilla Public License Version -+ * 1.1 (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * http://www.mozilla.org/MPL/ -+ * -+ * Software distributed under the License is distributed on an "AS IS" basis, -+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+ * for the specific language governing rights and limitations under the -+ * License. -+ * -+ * The Original Code is the Netscape security libraries. -+ * -+ * The Initial Developer of the Original Code is -+ * Netscape Communications Corporation. -+ * Portions created by the Initial Developer are Copyright (C) 1994-2000 -+ * the Initial Developer. All Rights Reserved. -+ * -+ * Contributor(s): -+ * Rob Crittenden ([email protected]) -+ * -+ * Alternatively, the contents of this file may be used under the terms of -+ * either the GNU General Public License Version 2 or later (the "GPL"), or -+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+ * in which case the provisions of the GPL or the LGPL are applicable instead -+ * of those above. If you wish to allow use of your version of this file only -+ * under the terms of either the GPL or the LGPL, and not to allow others to -+ * use your version of this file under the terms of the MPL, indicate your -+ * decision by deleting the provisions above and replace them with the notice -+ * and other provisions required by the GPL or the LGPL. If you do not delete -+ * the provisions above, a recipient may use your version of this file under -+ * the terms of any one of the MPL, the GPL or the LGPL. -+ * -+ * ***** END LICENSE BLOCK ***** */ -+/* -+ * constants.c -+ * -+ * Identification and other constants, all collected here in one place. -+ */ -+ -+#ifndef NSSBASET_H -+#include "nssbaset.h" -+#endif /* NSSBASET_H */ -+ -+#ifndef NSSCKT_H -+#include "nssckt.h" -+#endif /* NSSCKT_H */ -+ -+#ifndef NSSCKBI_H -+#include "../builtins/nssckbi.h" -+#endif /* NSSCKBI_H */ -+ -+NSS_IMPLEMENT_DATA const CK_VERSION -+pem_CryptokiVersion = { 2, 1 }; -+ -+NSS_IMPLEMENT_DATA const NSSUTF8 * -+pem_ManufacturerID = (NSSUTF8 *) "Red Hat, Inc."; -+ -+NSS_IMPLEMENT_DATA const NSSUTF8 * -+pem_LibraryDescription = (NSSUTF8 *) "PEM Reader Cryptoki Module"; -+ -+NSS_IMPLEMENT_DATA const CK_VERSION -+pem_LibraryVersion = { 1, 0 }; -+ -+NSS_IMPLEMENT_DATA const CK_VERSION -+pem_HardwareVersion = { 1, 0 }; -+ -+NSS_IMPLEMENT_DATA const CK_VERSION -+pem_FirmwareVersion = { 1, 0 }; -+ -+NSS_IMPLEMENT_DATA const NSSUTF8 * -+pem_TokenModel = (NSSUTF8 *) "1"; -+ -+NSS_IMPLEMENT_DATA const NSSUTF8 * -+pem_TokenSerialNumber = (NSSUTF8 *) "1"; -diff --git a/a/nss/lib/ckfw/pem/manifest.mn b/b/nss/lib/ckfw/pem/manifest.mn -new file mode 100644 -index 0000000..8de27d1 ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/manifest.mn -@@ -0,0 +1,68 @@ -+# -+# ***** BEGIN LICENSE BLOCK ***** -+# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+# -+# The contents of this file are subject to the Mozilla Public License Version -+# 1.1 (the "License"); you may not use this file except in compliance with -+# the License. You may obtain a copy of the License at -+# http://www.mozilla.org/MPL/ -+# -+# Software distributed under the License is distributed on an "AS IS" basis, -+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+# for the specific language governing rights and limitations under the -+# License. -+# -+# The Original Code is the Netscape security libraries. -+# -+# The Initial Developer of the Original Code is -+# Netscape Communications Corporation. -+# Portions created by the Initial Developer are Copyright (C) 1994-2000 -+# the Initial Developer. All Rights Reserved. -+# -+# Contributor(s): -+# -+# Alternatively, the contents of this file may be used under the terms of -+# either the GNU General Public License Version 2 or later (the "GPL"), or -+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+# in which case the provisions of the GPL or the LGPL are applicable instead -+# of those above. If you wish to allow use of your version of this file only -+# under the terms of either the GPL or the LGPL, and not to allow others to -+# use your version of this file under the terms of the MPL, indicate your -+# decision by deleting the provisions above and replace them with the notice -+# and other provisions required by the GPL or the LGPL. If you do not delete -+# the provisions above, a recipient may use your version of this file under -+# the terms of any one of the MPL, the GPL or the LGPL. -+# -+# ***** END LICENSE BLOCK ***** -+MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.1 $ $Date: 2005/11/04 02:05:04 $" -+ -+CORE_DEPTH = ../../.. -+ -+MODULE = nss -+MAPFILE = $(OBJDIR)/nsspem.def -+ -+EXPORTS = \ -+ nsspem.h \ -+ $(NULL) -+ -+CSRCS = \ -+ anchor.c \ -+ constants.c \ -+ pargs.c \ -+ pfind.c \ -+ pinst.c \ -+ pobject.c \ -+ prsa.c \ -+ psession.c \ -+ pslot.c \ -+ ptoken.c \ -+ ckpemver.c \ -+ rsawrapr.c \ -+ util.c \ -+ $(NULL) -+ -+REQUIRES = nspr -+ -+LIBRARY_NAME = nsspem -+ -+#EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4 -diff --git a/a/nss/lib/ckfw/pem/nsspem.def b/b/nss/lib/ckfw/pem/nsspem.def -new file mode 100644 -index 0000000..4978252 ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/nsspem.def -@@ -0,0 +1,58 @@ -+;+# -+;+# ***** BEGIN LICENSE BLOCK ***** -+;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+;+# -+;+# The contents of this file are subject to the Mozilla Public License Version -+;+# 1.1 (the "License"); you may not use this file except in compliance with -+;+# the License. You may obtain a copy of the License at -+;+# http://www.mozilla.org/MPL/ -+;+# -+;+# Software distributed under the License is distributed on an "AS IS" basis, -+;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+;+# for the specific language governing rights and limitations under the -+;+# License. -+;+# -+;+# The Original Code is the Netscape security libraries. -+;+# -+;+# The Initial Developer of the Original Code is -+;+# Netscape Communications Corporation. -+;+# Portions created by the Initial Developer are Copyright (C) 2003 -+;+# the Initial Developer. All Rights Reserved. -+;+# -+;+# Contributor(s): -+;+# -+;+# Alternatively, the contents of this file may be used under the terms of -+;+# either the GNU General Public License Version 2 or later (the "GPL"), or -+;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+;+# in which case the provisions of the GPL or the LGPL are applicable instead -+;+# of those above. If you wish to allow use of your version of this file only -+;+# under the terms of either the GPL or the LGPL, and not to allow others to -+;+# use your version of this file under the terms of the MPL, indicate your -+;+# decision by deleting the provisions above and replace them with the notice -+;+# and other provisions required by the GPL or the LGPL. If you do not delete -+;+# the provisions above, a recipient may use your version of this file under -+;+# the terms of any one of the MPL, the GPL or the LGPL. -+;+# -+;+# ***** END LICENSE BLOCK ***** -+;+# -+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS -+;+# 1. For all unix platforms, the string ";-" means "remove this line" -+;+# 2. For all unix platforms, the string " DATA " will be removed from any -+;+# line on which it occurs. -+;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX. -+;+# On AIX, lines containing ";+" will be removed. -+;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed. -+;+# 5. For all unix platforms, after the above processing has taken place, -+;+# all characters after the first ";" on the line will be removed. -+;+# And for AIX, the first ";" will also be removed. -+;+# This file is passed directly to windows. Since ';' is a comment, all UNIX -+;+# directives are hidden behind ";", ";+", and ";-" -+;+ -+;+NSS_3.1 { # NSS 3.1 release -+;+ global: -+LIBRARY nsspem ;- -+EXPORTS ;- -+C_GetFunctionList; -+;+ local: -+;+*; -+;+}; -diff --git a/a/nss/lib/ckfw/pem/nsspem.h b/b/nss/lib/ckfw/pem/nsspem.h -new file mode 100644 -index 0000000..1547bf4 ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/nsspem.h -@@ -0,0 +1,75 @@ -+/* ***** BEGIN LICENSE BLOCK ***** -+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+ * -+ * The contents of this file are subject to the Mozilla Public License Version -+ * 1.1 (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * http://www.mozilla.org/MPL/ -+ * -+ * Software distributed under the License is distributed on an "AS IS" basis, -+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+ * for the specific language governing rights and limitations under the -+ * License. -+ * -+ * The Original Code is the Netscape security libraries. -+ * -+ * The Initial Developer of the Original Code is -+ * Netscape Communications Corporation. -+ * Portions created by the Initial Developer are Copyright (C) 1994-2000 -+ * the Initial Developer. All Rights Reserved. -+ * Portions created by Red Hat, Inc, are Copyright (C) 2005 -+ * -+ * Contributor(s): -+ * Rob Crittenden ([email protected]) -+ * -+ * Alternatively, the contents of this file may be used under the terms of -+ * either the GNU General Public License Version 2 or later (the "GPL"), or -+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+ * in which case the provisions of the GPL or the LGPL are applicable instead -+ * of those above. If you wish to allow use of your version of this file only -+ * under the terms of either the GPL or the LGPL, and not to allow others to -+ * use your version of this file under the terms of the MPL, indicate your -+ * decision by deleting the provisions above and replace them with the notice -+ * and other provisions required by the GPL or the LGPL. If you do not delete -+ * the provisions above, a recipient may use your version of this file under -+ * the terms of any one of the MPL, the GPL or the LGPL. -+ * -+ * ***** END LICENSE BLOCK ***** */ -+ -+#ifndef NSSPEM_H -+#define NSSPEM_H -+ -+/* -+ * NSS CKPEM Version numbers. -+ * -+ * These are the version numbers for the capi module packaged with -+ * this release on NSS. To determine the version numbers of the builtin -+ * module you are using, use the appropriate PKCS #11 calls. -+ * -+ * These version numbers detail changes to the PKCS #11 interface. They map -+ * to the PKCS #11 spec versions. -+ */ -+#define NSS_CKPEM_CRYPTOKI_VERSION_MAJOR 2 -+#define NSS_CKPEM_CRYPTOKI_VERSION_MINOR 20 -+ -+/* These version numbers detail the changes -+ * to the list of trusted certificates. -+ * -+ * NSS_CKPEM_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear -+ * whether we may use its full range (0-255) or only 0-99 because -+ * of the comment in the CK_VERSION type definition. -+ */ -+#define NSS_CKPEM_LIBRARY_VERSION_MAJOR 1 -+#define NSS_CKPEM_LIBRARY_VERSION_MINOR 1 -+#define NSS_CKPEM_LIBRARY_VERSION "1.1" -+ -+/* These version numbers detail the semantic changes to the ckfw engine. */ -+#define NSS_CKPEM_HARDWARE_VERSION_MAJOR 1 -+#define NSS_CKPEM_HARDWARE_VERSION_MINOR 0 -+ -+/* These version numbers detail the semantic changes to ckbi itself -+ * (new PKCS #11 objects), etc. */ -+#define NSS_CKPEM_FIRMWARE_VERSION_MAJOR 1 -+#define NSS_CKPEM_FIRMWARE_VERSION_MINOR 0 -+ -+#endif /* NSSCKBI_H */ -diff --git a/a/nss/lib/ckfw/pem/nsspem.rc b/b/nss/lib/ckfw/pem/nsspem.rc -new file mode 100644 -index 0000000..eb208d6 ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/nsspem.rc -@@ -0,0 +1,64 @@ -+/* This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+#include "nsspem.h" -+#include <winver.h> -+ -+#define MY_LIBNAME "nsspem" -+#define MY_FILEDESCRIPTION "NSS PEM support" -+ -+#ifdef _DEBUG -+#define MY_DEBUG_STR " (debug)" -+#define MY_FILEFLAGS_1 VS_FF_DEBUG -+#else -+#define MY_DEBUG_STR "" -+#define MY_FILEFLAGS_1 0x0L -+#endif -+#if NSS_BETA -+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE -+#else -+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1 -+#endif -+ -+#ifdef WINNT -+#define MY_FILEOS VOS_NT_WINDOWS32 -+#else -+#define MY_FILEOS VOS__WINDOWS32 -+#endif -+ -+#define MY_INTERNAL_NAME MY_LIBNAME -+ -+///////////////////////////////////////////////////////////////////////////// -+// -+// Version-information resource -+// -+ -+VS_VERSION_INFO VERSIONINFO -+ FILEVERSION NSS_CKPEM_LIBRARY_VERSION_MAJOR,NSS_CKPEM_LIBRARY_VERSION_MINOR,0,0 -+ PRODUCTVERSION NSS_CKPEM_LIBRARY_VERSION_MAJOR,NSS_CKPEM_LIBRARY_VERSION_MINOR,0,0 -+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK -+ FILEFLAGS MY_FILEFLAGS_2 -+ FILEOS MY_FILEOS -+ FILETYPE VFT_DLL -+ FILESUBTYPE 0x0L // not used -+ -+BEGIN -+ BLOCK "StringFileInfo" -+ BEGIN -+ BLOCK "040904B0" // Lang=US English, CharSet=Unicode -+ BEGIN -+ VALUE "CompanyName", "Mozilla Foundation\0" -+ VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0" -+ VALUE "FileVersion", NSS_CKPEM_LIBRARY_VERSION "\0" -+ VALUE "InternalName", MY_INTERNAL_NAME "\0" -+ VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0" -+ VALUE "ProductName", "Network Security Services\0" -+ VALUE "ProductVersion", NSS_CKPEM_LIBRARY_VERSION "\0" -+ END -+ END -+ BLOCK "VarFileInfo" -+ BEGIN -+ VALUE "Translation", 0x409, 1200 -+ END -+END -diff --git a/a/nss/lib/ckfw/pem/pargs.c b/b/nss/lib/ckfw/pem/pargs.c -new file mode 100644 -index 0000000..21291a8 ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/pargs.c -@@ -0,0 +1,164 @@ -+/* ***** BEGIN LICENSE BLOCK ***** -+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+ * -+ * The contents of this file are subject to the Mozilla Public License Version -+ * 1.1 (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * http://www.mozilla.org/MPL/ -+ * -+ * Software distributed under the License is distributed on an "AS IS" basis, -+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+ * for the specific language governing rights and limitations under the -+ * License. -+ * -+ * The Original Code is the Netscape security libraries. -+ * -+ * The Initial Developer of the Original Code is -+ * Netscape Communications Corporation. -+ * Portions created by the Initial Developer are Copyright (C) 1994-2000 -+ * the Initial Developer. All Rights Reserved. -+ * -+ * Contributor(s): -+ * Rob Crittenden ([email protected]) -+ * -+ * Alternatively, the contents of this file may be used under the terms of -+ * either the GNU General Public License Version 2 or later (the "GPL"), or -+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+ * in which case the provisions of the GPL or the LGPL are applicable instead -+ * of those above. If you wish to allow use of your version of this file only -+ * under the terms of either the GPL or the LGPL, and not to allow others to -+ * use your version of this file under the terms of the MPL, indicate your -+ * decision by deleting the provisions above and replace them with the notice -+ * and other provisions required by the GPL or the LGPL. If you do not delete -+ * the provisions above, a recipient may use your version of this file under -+ * the terms of any one of the MPL, the GPL or the LGPL. -+ * -+ * ***** END LICENSE BLOCK ***** */ -+ -+#include <string.h> -+#include <nspr.h> -+ -+void *pem_Malloc(const PRInt32 sz) -+{ -+ return PR_Malloc(sz); -+} -+ -+char *pem_StrNdup(const char *instr, PRInt32 inlen) -+{ -+ size_t len = inlen; -+ char *buffer; -+ if (!instr) { -+ return NULL; -+ } -+ -+ if (!len) { -+ return NULL; -+ } -+ buffer = (char *) pem_Malloc(len + 1); -+ if (!buffer) { -+ return NULL; -+ } -+ memcpy(buffer, instr, len); -+ buffer[len] = 0; /* NULL termination */ -+ return buffer; -+} -+ -+char *pem_Strdup(const char *instr) -+{ -+ size_t len; -+ if (!instr) { -+ return NULL; -+ } -+ -+ len = strlen(instr); -+ return pem_StrNdup(instr, len); -+} -+ -+void pem_Free(char *instr) -+{ -+ if (!instr) { -+ PR_ASSERT(0); -+ } -+ PR_Free(instr); -+} -+ -+void -+addString(char ***returnedstrings, char *newstring, PRInt32 stringcount) -+{ -+ char **stringarray = NULL; -+ if (!returnedstrings || !newstring) { -+ return; -+ } -+ if (!stringcount) { -+ /* first string to be added, allocate buffer */ -+ *returnedstrings = -+ (char **) PR_Malloc(sizeof(char *) * (stringcount + 1)); -+ stringarray = *returnedstrings; -+ } else { -+ stringarray = (char **) PR_Realloc(*returnedstrings, -+ sizeof(char *) * (stringcount + 1)); -+ if (stringarray) { -+ *returnedstrings = stringarray; -+ } -+ } -+ if (stringarray) { -+ stringarray[stringcount] = newstring; -+ } -+} -+ -+PRBool -+pem_ParseString(const char *inputstring, const char delimiter, -+ PRInt32 * numStrings, char ***returnedstrings) -+{ -+ char nextchar; -+ char *instring = (char *) inputstring; -+ if (!inputstring || !delimiter || !numStrings || !returnedstrings) { -+ /* we need a string and a non-zero delimiter, as well as -+ * a valid place to return the strings and count -+ */ -+ return PR_FALSE; -+ } -+ *numStrings = 0; -+ *returnedstrings = NULL; -+ -+ while ((nextchar = *instring)) { -+ unsigned long len = 0; -+ char *next = (char *) strchr(instring, delimiter); -+ if (next) { -+ /* current string string */ -+ len = next - instring; -+ } else { -+ /* last string length */ -+ len = strlen(instring); -+ } -+ -+ if (len > 0) { -+ char *newstring = pem_StrNdup(instring, len); -+ -+ addString(returnedstrings, newstring, (*numStrings)++); -+ -+ instring += len; -+ } -+ -+ if (delimiter == *instring) { -+ instring++; /* skip past next delimiter */ -+ } -+ } -+ return PR_TRUE; -+} -+ -+PRBool pem_FreeParsedStrings(PRInt32 numStrings, char **instrings) -+{ -+ PRInt32 counter; -+ if (!numStrings || !instrings) { -+ return PR_FALSE; -+ } -+ for (counter = 0; counter < numStrings; counter++) { -+ char *astring = instrings[counter]; -+ if (astring) { -+ pem_Free(astring); -+ } -+ } -+ PR_Free((void *) instrings); -+ return PR_TRUE; -+} -diff --git a/a/nss/lib/ckfw/pem/pfind.c b/b/nss/lib/ckfw/pem/pfind.c -new file mode 100644 -index 0000000..30b1174 ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/pfind.c -@@ -0,0 +1,435 @@ -+/* ***** BEGIN LICENSE BLOCK ***** -+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+ * -+ * The contents of this file are subject to the Mozilla Public License Version -+ * 1.1 (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * http://www.mozilla.org/MPL/ -+ * -+ * Software distributed under the License is distributed on an "AS IS" basis, -+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+ * for the specific language governing rights and limitations under the -+ * License. -+ * -+ * The Original Code is the Netscape security libraries. -+ * -+ * The Initial Developer of the Original Code is -+ * Netscape Communications Corporation. -+ * Portions created by the Initial Developer are Copyright (C) 1994-2000 -+ * the Initial Developer. All Rights Reserved. -+ * -+ * Contributor(s): -+ * Rob Crittenden ([email protected]) -+ * -+ * Alternatively, the contents of this file may be used under the terms of -+ * either the GNU General Public License Version 2 or later (the "GPL"), or -+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+ * in which case the provisions of the GPL or the LGPL are applicable instead -+ * of those above. If you wish to allow use of your version of this file only -+ * under the terms of either the GPL or the LGPL, and not to allow others to -+ * use your version of this file under the terms of the MPL, indicate your -+ * decision by deleting the provisions above and replace them with the notice -+ * and other provisions required by the GPL or the LGPL. If you do not delete -+ * the provisions above, a recipient may use your version of this file under -+ * the terms of any one of the MPL, the GPL or the LGPL. -+ * -+ * ***** END LICENSE BLOCK ***** */ -+ -+#include "ckpem.h" -+ -+/* -+ * pfind.c -+ * -+ * This file implements the NSSCKMDFindObjects object for the -+ * "PEM objects" cryptoki module. -+ */ -+ -+NSS_EXTERN_DATA pemInternalObject **gobj; -+NSS_EXTERN_DATA int pem_nobjs; -+ -+struct pemFOStr { -+ NSSArena *arena; -+ CK_ULONG n; -+ CK_ULONG i; -+ pemInternalObject **objs; -+}; -+ -+#define PEM_ITEM_CHUNK 512 -+ -+#define PUT_Object(obj,err) \ -+ { \ -+ if (count >= size) { \ -+ *listp = *listp ? \ -+ nss_ZREALLOCARRAY(*listp, pemInternalObject *, \ -+ (size+PEM_ITEM_CHUNK) ) : \ -+ nss_ZNEWARRAY(NULL, pemInternalObject *, \ -+ (size+PEM_ITEM_CHUNK) ) ; \ -+ if ((pemInternalObject **)NULL == *listp) { \ -+ err = CKR_HOST_MEMORY; \ -+ goto loser; \ -+ } \ -+ size += PEM_ITEM_CHUNK; \ -+ } \ -+ (*listp)[ count ] = (obj); \ -+ count++; \ -+ } -+ -+static void -+pem_mdFindObjects_Final -+( -+ NSSCKMDFindObjects * mdFindObjects, -+ NSSCKFWFindObjects * fwFindObjects, -+ NSSCKMDSession * mdSession, -+ NSSCKFWSession * fwSession, -+ NSSCKMDToken * mdToken, -+ NSSCKFWToken * fwToken, -+ NSSCKMDInstance * mdInstance, -+ NSSCKFWInstance * fwInstance -+) -+{ -+ struct pemFOStr *fo = (struct pemFOStr *) mdFindObjects->etc; -+ NSSArena *arena = fo->arena; -+ -+ nss_ZFreeIf(fo->objs); -+ nss_ZFreeIf(fo); -+ nss_ZFreeIf(mdFindObjects); -+ if ((NSSArena *) NULL != arena) { -+ NSSArena_Destroy(arena); -+ } -+ -+ return; -+} -+ -+static NSSCKMDObject * -+pem_mdFindObjects_Next -+( -+ NSSCKMDFindObjects * mdFindObjects, -+ NSSCKFWFindObjects * fwFindObjects, -+ NSSCKMDSession * mdSession, -+ NSSCKFWSession * fwSession, -+ NSSCKMDToken * mdToken, -+ NSSCKFWToken * fwToken, -+ NSSCKMDInstance * mdInstance, -+ NSSCKFWInstance * fwInstance, -+ NSSArena * arena, -+ CK_RV * pError -+) -+{ -+ struct pemFOStr *fo = (struct pemFOStr *) mdFindObjects->etc; -+ pemInternalObject *io; -+ -+ plog("pem_FindObjects_Next: "); -+ -+ if (fo->i == fo->n) { -+ plog("Done creating objects\n"); -+ *pError = CKR_OK; -+ return (NSSCKMDObject *) NULL; -+ } -+ -+ io = fo->objs[fo->i]; -+ fo->i++; -+ -+ plog("Creating object for type %d\n", io->type); -+ -+ if (!io->extRef) { -+ /* increase reference count only once as ckfw will free the found -+ * object only once */ -+ io->extRef = CK_TRUE; -+ io->refCount ++; -+ } -+ -+ return pem_CreateMDObject(arena, io, pError); -+} -+ -+#if 0 -+static int -+pem_derUnwrapInt(unsigned char *src, int size, unsigned char **dest) -+{ -+ unsigned char *start = src; -+ int len = 0; -+ -+ if (*src++ != 2) { -+ return 0; -+ } -+ len = *src++; -+ if (len & 0x80) { -+ int count = len & 0x7f; -+ len = 0; -+ -+ if (count + 2 > size) { -+ return 0; -+ } -+ while (count-- > 0) { -+ len = (len << 8) | *src++; -+ } -+ } -+ if (len + (src - start) != size) { -+ return 0; -+ } -+ *dest = src; -+ return len; -+} -+#endif -+ -+static char * pem_attr_name(CK_ATTRIBUTE_TYPE type) { -+ switch(type) { -+ case CKA_CLASS: -+ return "CKA_CLASS"; -+ case CKA_TOKEN: -+ return "CKA_TOKEN"; -+ case CKA_PRIVATE: -+ return "CKA_PRIVATE"; -+ case CKA_LABEL: -+ return "CKA_LABEL"; -+ case CKA_APPLICATION: -+ return "CKA_APPLICATION"; -+ case CKA_VALUE: -+ return "CKA_VALUE"; -+ case CKA_OBJECT_ID: -+ return "CKA_OBJECT_ID"; -+ case CKA_CERTIFICATE_TYPE: -+ return "CKA_CERTIFICATE_TYPE"; -+ case CKA_ISSUER: -+ return "CKA_ISSUER"; -+ case CKA_SERIAL_NUMBER: -+ return "CKA_SERIAL_NUMBER"; -+ case CKA_ID: -+ return "CKA_ID"; -+ default: -+ return "unknown"; -+ } -+} -+ -+static CK_BBOOL -+pem_attrmatch(CK_ATTRIBUTE_PTR a, pemInternalObject * o) { -+ PRBool prb; -+ const NSSItem *b; -+ -+ b = pem_FetchAttribute(o, a->type); -+ if (b == NULL) { -+ plog("pem_attrmatch %s %08x: CK_FALSE attr not found\n", pem_attr_name(a->type), a->type); -+ return CK_FALSE; -+ } -+ -+ if (a->ulValueLen != b->size) { -+ plog("pem_attrmatch %s %08x: CK_FALSE size mismatch %d vs %d\n", pem_attr_name(a->type), a->type, a->ulValueLen, b->size); -+ return CK_FALSE; -+ } -+ -+ prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *) NULL); -+ -+ if (PR_TRUE == prb) { -+ plog("pem_attrmatch %s %08x: CK_TRUE\n", pem_attr_name(a->type), a->type); -+ return CK_TRUE; -+ } else { -+ plog("pem_attrmatch %s %08x: CK_FALSE\n", pem_attr_name(a->type), a->type); -+ plog("type: %08x, label: %s a->pValue %08x, b->data %08x\n", o->objClass, o->u.cert.label.data, a->pValue, b->data); -+ return CK_FALSE; -+ } -+} -+ -+static CK_BBOOL -+pem_match -+( -+ CK_ATTRIBUTE_PTR pTemplate, -+ CK_ULONG ulAttributeCount, -+ pemInternalObject * o -+) -+{ -+ CK_ULONG i; -+ -+ for (i = 0; i < ulAttributeCount; i++) { -+ if (CK_FALSE == pem_attrmatch(&pTemplate[i], o)) { -+ plog("pem_match: CK_FALSE\n"); -+ return CK_FALSE; -+ } -+ } -+ -+ /* Every attribute passed */ -+ plog("pem_match: CK_TRUE\n"); -+ return CK_TRUE; -+} -+ -+CK_OBJECT_CLASS -+pem_GetObjectClass(CK_ATTRIBUTE_PTR pTemplate, -+ CK_ULONG ulAttributeCount) -+{ -+ CK_ULONG i; -+ -+ for (i = 0; i < ulAttributeCount; i++) { -+ if (pTemplate[i].type == CKA_CLASS) { -+ return *(CK_OBJECT_CLASS *) pTemplate[i].pValue; -+ } -+ } -+ /* need to return a value that says 'fetch them all' */ -+ return CK_INVALID_HANDLE; -+} -+ -+static PRUint32 -+collect_objects(CK_ATTRIBUTE_PTR pTemplate, -+ CK_ULONG ulAttributeCount, -+ pemInternalObject *** listp, -+ CK_RV * pError, CK_SLOT_ID slotID) -+{ -+ PRUint32 i; -+ PRUint32 count = 0; -+ PRUint32 size = 0; -+ pemObjectType type = pemRaw; -+ CK_OBJECT_CLASS objClass = pem_GetObjectClass(pTemplate, ulAttributeCount); -+ -+ *pError = CKR_OK; -+ -+ plog("collect_objects slot #%ld, ", slotID); -+ plog("%d attributes, ", ulAttributeCount); -+ plog("%d objects to look through.\n", pem_nobjs); -+ plog("Looking for: "); -+ /* -+ * now determine type of the object -+ */ -+ switch (objClass) { -+ case CKO_CERTIFICATE: -+ plog("CKO_CERTIFICATE\n"); -+ type = pemCert; -+ break; -+ case CKO_PUBLIC_KEY: -+ plog("CKO_PUBLIC_KEY\n"); -+ type = pemBareKey; -+ break; -+ case CKO_PRIVATE_KEY: -+ type = pemBareKey; -+ plog("CKO_PRIVATE_KEY\n"); -+ break; -+ case CKO_NETSCAPE_TRUST: -+ type = pemTrust; -+ plog("CKO_NETSCAPE_TRUST\n"); -+ break; -+ case CKO_NETSCAPE_CRL: -+ plog("CKO_NETSCAPE_CRL\n"); -+ goto done; -+ case CKO_NETSCAPE_SMIME: -+ plog("CKO_NETSCAPE_SMIME\n"); -+ goto done; -+ case CKO_NETSCAPE_BUILTIN_ROOT_LIST: -+ plog("CKO_NETSCAPE_BUILTIN_ROOT_LIST\n"); -+ goto done; -+ case CK_INVALID_HANDLE: -+ type = pemAll; /* look through all objectclasses - ignore the type field */ -+ plog("CK_INVALID_HANDLE\n"); -+ break; -+ default: -+ plog("no other object types %08x\n", objClass); -+ goto done; /* no other object types we understand in this module */ -+ } -+ -+ /* find objects */ -+ for (i = 0; i < pem_nobjs; i++) { -+ int match = 1; /* matches type if type not specified */ -+ if (NULL == gobj[i]) -+ continue; -+ -+ plog(" %d type = %d\n", i, gobj[i]->type); -+ if (type != pemAll) { -+ /* type specified - must match given type */ -+ match = (type == gobj[i]->type); -+ } -+ if (match) { -+ match = (slotID == gobj[i]->slotID) && -+ (CK_TRUE == pem_match(pTemplate, ulAttributeCount, gobj[i])); -+ } -+ if (match) { -+ pemInternalObject *o = gobj[i]; -+ PUT_Object(o, *pError); -+ } -+ } -+ -+ if (CKR_OK != *pError) { -+ goto loser; -+ } -+ -+ done: -+ plog("collect_objects: Found %d\n", count); -+ return count; -+ loser: -+ nss_ZFreeIf(*listp); -+ return 0; -+ -+} -+ -+NSS_IMPLEMENT NSSCKMDFindObjects * -+pem_FindObjectsInit -+( -+ NSSCKFWSession * fwSession, -+ CK_ATTRIBUTE_PTR pTemplate, -+ CK_ULONG ulAttributeCount, -+ CK_RV * pError -+) -+{ -+ NSSArena *arena = NULL; -+ NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *) NULL; -+ struct pemFOStr *fo = (struct pemFOStr *) NULL; -+ pemInternalObject **temp = (pemInternalObject **) NULL; -+ NSSCKFWSlot *fwSlot; -+ CK_SLOT_ID slotID; -+ -+ plog("pem_FindObjectsInit\n"); -+ fwSlot = nssCKFWSession_GetFWSlot(fwSession); -+ if ((NSSCKFWSlot *) NULL == fwSlot) { -+ goto loser; -+ } -+ slotID = nssCKFWSlot_GetSlotID(fwSlot); -+ -+ arena = NSSArena_Create(); -+ if ((NSSArena *) NULL == arena) { -+ goto loser; -+ } -+ -+ rv = nss_ZNEW(arena, NSSCKMDFindObjects); -+ if ((NSSCKMDFindObjects *) NULL == rv) { -+ *pError = CKR_HOST_MEMORY; -+ goto loser; -+ } -+ -+ fo = nss_ZNEW(arena, struct pemFOStr); -+ if ((struct pemFOStr *) NULL == fo) { -+ *pError = CKR_HOST_MEMORY; -+ goto loser; -+ } -+ -+ fo->arena = arena; -+ /* fo->n and fo->i are already zero */ -+ -+ rv->etc = (void *) fo; -+ rv->Final = pem_mdFindObjects_Final; -+ rv->Next = pem_mdFindObjects_Next; -+ rv->null = (void *) NULL; -+ -+ fo->n = -+ collect_objects(pTemplate, ulAttributeCount, &temp, pError, -+ slotID); -+ if (*pError != CKR_OK) { -+ goto loser; -+ } -+ -+ fo->objs = nss_ZNEWARRAY(arena, pemInternalObject *, fo->n); -+ if ((pemInternalObject **) NULL == fo->objs) { -+ *pError = CKR_HOST_MEMORY; -+ goto loser; -+ } -+ -+ (void) nsslibc_memcpy(fo->objs, temp, -+ sizeof(pemInternalObject *) * fo->n); -+ -+ nss_ZFreeIf(temp); -+ temp = (pemInternalObject **) NULL; -+ -+ return rv; -+ -+ loser: -+ nss_ZFreeIf(temp); -+ nss_ZFreeIf(fo); -+ nss_ZFreeIf(rv); -+ if ((NSSArena *) NULL != arena) { -+ NSSArena_Destroy(arena); -+ } -+ return (NSSCKMDFindObjects *) NULL; -+} -diff --git a/a/nss/lib/ckfw/pem/pinst.c b/b/nss/lib/ckfw/pem/pinst.c -new file mode 100644 -index 0000000..9c98e89 ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/pinst.c -@@ -0,0 +1,768 @@ -+/* ***** BEGIN LICENSE BLOCK ***** -+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+ * -+ * The contents of this file are subject to the Mozilla Public License Version -+ * 1.1 (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * http://www.mozilla.org/MPL/ -+ * -+ * Software distributed under the License is distributed on an "AS IS" basis, -+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+ * for the specific language governing rights and limitations under the -+ * License. -+ * -+ * The Original Code is the Netscape security libraries. -+ * -+ * The Initial Developer of the Original Code is -+ * Netscape Communications Corporation. -+ * Portions created by the Initial Developer are Copyright (C) 1994-2000 -+ * the Initial Developer. All Rights Reserved. -+ * -+ * Contributor(s): -+ * Rob Crittenden ([email protected]) -+ * -+ * Alternatively, the contents of this file may be used under the terms of -+ * either the GNU General Public License Version 2 or later (the "GPL"), or -+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+ * in which case the provisions of the GPL or the LGPL are applicable instead -+ * of those above. If you wish to allow use of your version of this file only -+ * under the terms of either the GPL or the LGPL, and not to allow others to -+ * use your version of this file under the terms of the MPL, indicate your -+ * decision by deleting the provisions above and replace them with the notice -+ * and other provisions required by the GPL or the LGPL. If you do not delete -+ * the provisions above, a recipient may use your version of this file under -+ * the terms of any one of the MPL, the GPL or the LGPL. -+ * -+ * ***** END LICENSE BLOCK ***** */ -+#include <stdlib.h> -+#include "ckpem.h" -+#include "blapi.h" -+#include "prprf.h" -+ -+/* -+ * pinstance.c -+ * -+ * This file implements the NSSCKMDInstance object for the -+ * "PEM objects" cryptoki module. -+ */ -+ -+static PRBool pemInitialized = PR_FALSE; -+ -+pemInternalObject **gobj; -+int pem_nobjs = 0; -+int token_needsLogin[NUM_SLOTS]; -+ -+PRInt32 size = 0; -+PRInt32 count = 0; -+ -+#define PEM_ITEM_CHUNK 512 -+ -+/* -+ * simple cert decoder to avoid the cost of asn1 engine -+ */ -+static unsigned char * -+dataStart(unsigned char *buf, unsigned int length, -+ unsigned int *data_length, -+ PRBool includeTag, unsigned char *rettag) -+{ -+ unsigned char tag; -+ unsigned int used_length = 0; -+ if (!length) -+ return NULL; -+ -+ tag = buf[used_length++]; -+ -+ if (rettag) { -+ *rettag = tag; -+ } -+ -+ /* blow out when we come to the end */ -+ if (tag == 0 || length <= used_length) { -+ return NULL; -+ } -+ -+ *data_length = buf[used_length++]; -+ -+ if (*data_length & 0x80) { -+ int len_count = *data_length & 0x7f; -+ -+ *data_length = 0; -+ -+ while (len_count-- > 0) { -+ if (length <= used_length) -+ return NULL; -+ -+ *data_length = (*data_length << 8) | buf[used_length++]; -+ } -+ } -+ -+ if (*data_length > (length - used_length)) { -+ *data_length = length - used_length; -+ return NULL; -+ } -+ if (includeTag) -+ *data_length += used_length; -+ -+ return (buf + (includeTag ? 0 : used_length)); -+} -+ -+static int -+GetCertFields(unsigned char *cert, int cert_length, -+ SECItem * issuer, SECItem * serial, SECItem * derSN, -+ SECItem * subject, SECItem * valid, SECItem * subjkey) -+{ -+ unsigned char *buf; -+ unsigned int buf_length; -+ unsigned char *dummy; -+ unsigned int dummylen; -+ -+ /* get past the signature wrap */ -+ buf = dataStart(cert, cert_length, &buf_length, PR_FALSE, NULL); -+ if (buf == NULL) -+ return SECFailure; -+ /* get into the raw cert data */ -+ buf = dataStart(buf, buf_length, &buf_length, PR_FALSE, NULL); -+ if (buf == NULL) -+ return SECFailure; -+ /* skip past any optional version number */ -+ if ((buf[0] & 0xa0) == 0xa0) { -+ dummy = dataStart(buf, buf_length, &dummylen, PR_FALSE, NULL); -+ if (dummy == NULL) -+ return SECFailure; -+ buf_length -= (dummy - buf) + dummylen; -+ buf = dummy + dummylen; -+ } -+ /* serial number */ -+ if (derSN) { -+ derSN->data = -+ dataStart(buf, buf_length, &derSN->len, PR_TRUE, NULL); -+ } -+ serial->data = -+ dataStart(buf, buf_length, &serial->len, PR_FALSE, NULL); -+ if (serial->data == NULL) -+ return SECFailure; -+ buf_length -= (serial->data - buf) + serial->len; -+ buf = serial->data + serial->len; -+ /* skip the OID */ -+ dummy = dataStart(buf, buf_length, &dummylen, PR_FALSE, NULL); -+ if (dummy == NULL) -+ return SECFailure; -+ buf_length -= (dummy - buf) + dummylen; -+ buf = dummy + dummylen; -+ /* issuer */ -+ issuer->data = dataStart(buf, buf_length, &issuer->len, PR_TRUE, NULL); -+ if (issuer->data == NULL) -+ return SECFailure; -+ buf_length -= (issuer->data - buf) + issuer->len; -+ buf = issuer->data + issuer->len; -+ -+ /* only wanted issuer/SN */ -+ if (subject == NULL || valid == NULL || subjkey == NULL) { -+ return SECSuccess; -+ } -+ /* validity */ -+ valid->data = dataStart(buf, buf_length, &valid->len, PR_FALSE, NULL); -+ if (valid->data == NULL) -+ return SECFailure; -+ buf_length -= (valid->data - buf) + valid->len; -+ buf = valid->data + valid->len; -+ /*subject */ -+ subject->data = -+ dataStart(buf, buf_length, &subject->len, PR_TRUE, NULL); -+ if (subject->data == NULL) -+ return SECFailure; -+ buf_length -= (subject->data - buf) + subject->len; -+ buf = subject->data + subject->len; -+ /* subject key info */ -+ subjkey->data = -+ dataStart(buf, buf_length, &subjkey->len, PR_TRUE, NULL); -+ if (subjkey->data == NULL) -+ return SECFailure; -+ buf_length -= (subjkey->data - buf) + subjkey->len; -+ buf = subjkey->data + subjkey->len; -+ return SECSuccess; -+} -+ -+static CK_RV -+assignObjectID(pemInternalObject *o, int objid) -+{ -+ char id[16]; -+ int len; -+ -+ sprintf(id, "%d", objid); -+ len = strlen(id) + 1; /* zero terminate */ -+ o->id.size = len; -+ o->id.data = nss_ZAlloc(NULL, len); -+ if (o->id.data == NULL) -+ return CKR_HOST_MEMORY; -+ -+ nsslibc_memcpy(o->id.data, id, len); -+ return CKR_OK; -+} -+ -+static pemInternalObject * -+CreateObject(CK_OBJECT_CLASS objClass, -+ pemObjectType type, SECItem * certDER, -+ SECItem * keyDER, char *filename, -+ int objid, CK_SLOT_ID slotID) -+{ -+ pemInternalObject *o; -+ SECItem subject; -+ SECItem issuer; -+ SECItem serial; -+ SECItem derSN; -+ SECItem valid; -+ SECItem subjkey; -+ char *nickname; -+ -+ o = nss_ZNEW(NULL, pemInternalObject); -+ if ((pemInternalObject *) NULL == o) { -+ return NULL; -+ } -+ -+ nickname = strrchr(filename, '/'); -+ if (nickname) -+ nickname++; -+ else -+ nickname = filename; -+ -+ switch (objClass) { -+ case CKO_CERTIFICATE: -+ plog("Creating cert nick %s id %d in slot %ld\n", nickname, objid, slotID); -+ memset(&o->u.cert, 0, sizeof(o->u.cert)); -+ break; -+ case CKO_PRIVATE_KEY: -+ plog("Creating key id %d in slot %ld\n", objid, slotID); -+ memset(&o->u.key, 0, sizeof(o->u.key)); -+ nickname = filename; -+ break; -+ case CKO_NETSCAPE_TRUST: -+ plog("Creating trust nick %s id %d in slot %ld\n", nickname, objid, slotID); -+ memset(&o->u.trust, 0, sizeof(o->u.trust)); -+ break; -+ } -+ -+ o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1); -+ if (o->nickname == NULL) -+ goto fail; -+ strcpy(o->nickname, nickname); -+ -+ if (CKR_OK != assignObjectID(o, objid)) -+ goto fail; -+ -+ o->objClass = objClass; -+ o->type = type; -+ o->slotID = slotID; -+ -+ o->derCert = nss_ZNEW(NULL, SECItem); -+ if (o->derCert == NULL) -+ goto fail; -+ o->derCert->data = (void *) nss_ZAlloc(NULL, certDER->len); -+ if (o->derCert->data == NULL) -+ goto fail; -+ o->derCert->len = certDER->len; -+ nsslibc_memcpy(o->derCert->data, certDER->data, certDER->len); -+ -+ switch (objClass) { -+ case CKO_CERTIFICATE: -+ case CKO_NETSCAPE_TRUST: -+ if (SECSuccess != GetCertFields(o->derCert->data, o->derCert->len, -+ &issuer, &serial, &derSN, &subject, -+ &valid, &subjkey)) -+ goto fail; -+ -+ o->u.cert.subject.data = (void *) nss_ZAlloc(NULL, subject.len); -+ if (o->u.cert.subject.data == NULL) -+ goto fail; -+ o->u.cert.subject.size = subject.len; -+ nsslibc_memcpy(o->u.cert.subject.data, subject.data, subject.len); -+ -+ o->u.cert.issuer.data = (void *) nss_ZAlloc(NULL, issuer.len); -+ if (o->u.cert.issuer.data == NULL) { -+ nss_ZFreeIf(o->u.cert.subject.data); -+ goto fail; -+ } -+ o->u.cert.issuer.size = issuer.len; -+ nsslibc_memcpy(o->u.cert.issuer.data, issuer.data, issuer.len); -+ -+ o->u.cert.serial.data = (void *) nss_ZAlloc(NULL, serial.len); -+ if (o->u.cert.serial.data == NULL) { -+ nss_ZFreeIf(o->u.cert.issuer.data); -+ nss_ZFreeIf(o->u.cert.subject.data); -+ goto fail; -+ } -+ o->u.cert.serial.size = serial.len; -+ nsslibc_memcpy(o->u.cert.serial.data, serial.data, serial.len); -+ break; -+ case CKO_PRIVATE_KEY: -+ o->u.key.key.privateKey = nss_ZNEW(NULL, SECItem); -+ if (o->u.key.key.privateKey == NULL) -+ goto fail; -+ o->u.key.key.privateKey->data = -+ (void *) nss_ZAlloc(NULL, keyDER->len); -+ if (o->u.key.key.privateKey->data == NULL) { -+ nss_ZFreeIf(o->u.key.key.privateKey); -+ goto fail; -+ } -+ -+ /* store deep copy of original key DER so we can compare it later on */ -+ o->u.key.key.privateKeyOrig = SECITEM_DupItem(keyDER); -+ if (o->u.key.key.privateKeyOrig == NULL) { -+ nss_ZFreeIf(o->u.key.key.privateKey->data); -+ nss_ZFreeIf(o->u.key.key.privateKey); -+ goto fail; -+ } -+ -+ o->u.key.key.privateKey->len = keyDER->len; -+ nsslibc_memcpy(o->u.key.key.privateKey->data, keyDER->data, -+ keyDER->len); -+ } -+ -+ -+ return o; -+ -+fail: -+ if (o) { -+ if (o->derCert) { -+ nss_ZFreeIf(o->derCert->data); -+ nss_ZFreeIf(o->derCert); -+ } -+ nss_ZFreeIf(o->id.data); -+ nss_ZFreeIf(o->nickname); -+ nss_ZFreeIf(o); -+ } -+ return NULL; -+} -+ -+/* Compare the DER encoding of the internal object against those -+ * of the provided certDER or keyDER according to its objClass. -+ */ -+static PRBool -+derEncodingsMatch(CK_OBJECT_CLASS objClass, pemInternalObject * obj, -+ SECItem * certDER, SECItem * keyDER) -+{ -+ SECComparison result; -+ -+ switch (objClass) { -+ case CKO_CERTIFICATE: -+ case CKO_NETSCAPE_TRUST: -+ result = SECITEM_CompareItem(obj->derCert, certDER); -+ break; -+ -+ case CKO_PRIVATE_KEY: -+ result = SECITEM_CompareItem(obj->u.key.key.privateKeyOrig, keyDER); -+ break; -+ -+ default: -+ /* unhandled object class */ -+ return PR_FALSE; -+ } -+ -+ return SECEqual == result; -+} -+ -+static CK_RV -+LinkSharedKeyObject(int oldKeyIdx, int newKeyIdx) -+{ -+ int i; -+ for (i = 0; i < pem_nobjs; i++) { -+ CK_RV rv; -+ pemInternalObject *obj = gobj[i]; -+ if (NULL == obj) -+ continue; -+ -+ if (atoi(obj->id.data) != oldKeyIdx) -+ continue; -+ -+ nss_ZFreeIf(obj->id.data); -+ rv = assignObjectID(obj, newKeyIdx); -+ if (CKR_OK != rv) -+ return rv; -+ } -+ -+ return CKR_OK; -+} -+ -+pemInternalObject * -+AddObjectIfNeeded(CK_OBJECT_CLASS objClass, -+ pemObjectType type, SECItem * certDER, -+ SECItem * keyDER, char *filename, -+ int objid, CK_SLOT_ID slotID, PRBool *pAdded) -+{ -+ int i; -+ pemInternalObject *io; -+ -+ /* FIXME: copy-pasted from CreateObject */ -+ const char *nickname = strrchr(filename, '/'); -+ if (nickname && CKO_PRIVATE_KEY != objClass) -+ nickname++; -+ else -+ nickname = filename; -+ -+ if (pAdded) -+ *pAdded = PR_FALSE; -+ -+ /* first look for the object in gobj, it might be already there */ -+ for (i = 0; i < pem_nobjs; i++) { -+ if (NULL == gobj[i]) -+ continue; -+ -+ /* Comparing DER encodings is dependable and frees the PEM module -+ * from having to require clients to provide unique nicknames. -+ */ -+ if ((gobj[i]->objClass == objClass) -+ && (gobj[i]->type == type) -+ && (gobj[i]->slotID == slotID) -+ && derEncodingsMatch(objClass, gobj[i], certDER, keyDER)) { -+ -+ /* While adding a client certificate we (wrongly?) assumed that the -+ * key object will follow right after the cert object. However, if -+ * the key object is shared by multiple client certificates, such -+ * an assumption does not hold. We have to update the references. -+ */ -+ LinkSharedKeyObject(pem_nobjs, i); -+ -+ plog("AddObjectIfNeeded: re-using internal object #%i\n", i); -+ gobj[i]->refCount ++; -+ return gobj[i]; -+ } -+ } -+ -+ /* object not found, we need to create it */ -+ io = CreateObject(objClass, type, certDER, keyDER, -+ filename, objid, slotID); -+ if (io == NULL) -+ return NULL; -+ -+ /* initialize pointers to functions */ -+ pem_CreateMDObject(NULL, io, NULL); -+ -+ io->gobjIndex = count; -+ -+ /* add object to global array */ -+ if (count >= size) { -+ gobj = gobj ? -+ nss_ZREALLOCARRAY(gobj, pemInternalObject *, -+ (size+PEM_ITEM_CHUNK) ) : -+ nss_ZNEWARRAY(NULL, pemInternalObject *, -+ (size+PEM_ITEM_CHUNK) ) ; -+ -+ if ((pemInternalObject **)NULL == gobj) -+ return NULL; -+ size += PEM_ITEM_CHUNK; -+ } -+ gobj[count] = io; -+ count++; -+ pem_nobjs++; -+ -+ if (pAdded) -+ *pAdded = PR_TRUE; -+ -+ io->refCount ++; -+ return io; -+} -+ -+CK_RV -+AddCertificate(char *certfile, char *keyfile, PRBool cacert, -+ CK_SLOT_ID slotID) -+{ -+ pemInternalObject *o; -+ CK_RV error = 0; -+ int objid, i; -+ int nobjs = 0; -+ SECItem **objs = NULL; -+ char *ivstring = NULL; -+ int cipher; -+ -+ nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); -+ if (nobjs <= 0) { -+ nss_ZFreeIf(objs); -+ return CKR_GENERAL_ERROR; -+ } -+ -+ /* For now load as many certs as are in the file for CAs only */ -+ if (cacert) { -+ for (i = 0; i < nobjs; i++) { -+ char nickname[1024]; -+ objid = pem_nobjs + 1; -+ -+ PR_snprintf(nickname, 1024, "%s - %d", certfile, i); -+ -+ o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL, -+ nickname, 0, slotID, NULL); -+ if (o == NULL) { -+ error = CKR_GENERAL_ERROR; -+ goto loser; -+ } -+ -+ /* Add the CA trust object */ -+ o = AddObjectIfNeeded(CKO_NETSCAPE_TRUST, pemTrust, objs[i], NULL, -+ nickname, 0, slotID, NULL); -+ if (o == NULL) { -+ error = CKR_GENERAL_ERROR; -+ goto loser; -+ } -+ } /* for */ -+ } else { -+ objid = pem_nobjs + 1; -+ o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[0], NULL, certfile, -+ objid, slotID, NULL); -+ if (o == NULL) { -+ error = CKR_GENERAL_ERROR; -+ goto loser; -+ } -+ -+ o = NULL; -+ -+ if (keyfile) { /* add the private key */ -+ SECItem **keyobjs = NULL; -+ int kobjs = 0; -+ kobjs = -+ ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher, -+ &ivstring, PR_FALSE); -+ if (kobjs < 1) { -+ error = CKR_GENERAL_ERROR; -+ goto loser; -+ } -+ o = AddObjectIfNeeded(CKO_PRIVATE_KEY, pemBareKey, objs[0], -+ keyobjs[0], certfile, objid, slotID, NULL); -+ if (o == NULL) { -+ error = CKR_GENERAL_ERROR; -+ goto loser; -+ } -+ } -+ } -+ -+ nss_ZFreeIf(objs); -+ return CKR_OK; -+ -+ loser: -+ nss_ZFreeIf(objs); -+ nss_ZFreeIf(o); -+ return error; -+} -+ -+CK_RV -+pem_Initialize -+( -+ NSSCKMDInstance * mdInstance, -+ NSSCKFWInstance * fwInstance, -+ NSSUTF8 * configurationData -+) -+{ -+ CK_RV rv; -+ /* parse the initialization string */ -+ char **certstrings = NULL; -+ char *modparms = NULL; -+ PRInt32 numcerts = 0; -+ PRBool status, error = PR_FALSE; -+ int i; -+ CK_C_INITIALIZE_ARGS_PTR modArgs = NULL; -+ -+ if (!fwInstance) return CKR_ARGUMENTS_BAD; -+ -+ modArgs = NSSCKFWInstance_GetInitArgs(fwInstance); -+ if (modArgs && -+ ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) { -+ return CKR_CANT_LOCK; -+ } -+ -+ if (pemInitialized) { -+ return CKR_OK; -+ } -+ -+ RNG_RNGInit(); -+ -+ open_log(); -+ -+ plog("pem_Initialize\n"); -+ -+ if (!modArgs || !modArgs->LibraryParameters) { -+ goto done; -+ } -+ modparms = (char *) modArgs->LibraryParameters; -+ plog("Initialized with %s\n", modparms); -+ -+ /* -+ * The initialization string format is a space-delimited file of -+ * pairs of paths which are delimited by a semi-colon. The first -+ * entry of the pair is the path to the certificate file. The -+ * second is the path to the key file. -+ * -+ * CA certificates do not need the semi-colon. -+ * -+ * Example: -+ * /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem -+ * -+ */ -+ status = -+ pem_ParseString(modparms, ' ', &numcerts, -+ &certstrings); -+ if (status == PR_FALSE) { -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ for (i = 0; i < numcerts && error != PR_TRUE; i++) { -+ char *cert = certstrings[i]; -+ PRInt32 attrcount = 0; -+ char **certattrs = NULL; -+ status = pem_ParseString(cert, ';', &attrcount, &certattrs); -+ if (status == PR_FALSE) { -+ error = PR_TRUE; -+ break; -+ } -+ -+ if (error == PR_FALSE) { -+ if (attrcount == 1) /* CA certificate */ -+ rv = AddCertificate(certattrs[0], NULL, PR_TRUE, 0); -+ else -+ rv = AddCertificate(certattrs[0], certattrs[1], PR_FALSE, -+ 0); -+ -+ if (rv != CKR_OK) { -+ error = PR_TRUE; -+ status = PR_FALSE; -+ } -+ } -+ pem_FreeParsedStrings(attrcount, certattrs); -+ } -+ pem_FreeParsedStrings(numcerts, certstrings); -+ -+ if (status == PR_FALSE) { -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ for (i = 0; i < NUM_SLOTS; i++) -+ token_needsLogin[i] = PR_FALSE; -+ -+ done: -+ -+ PR_AtomicSet(&pemInitialized, PR_TRUE); -+ -+ return CKR_OK; -+} -+ -+void -+pem_Finalize -+( -+ NSSCKMDInstance * mdInstance, -+ NSSCKFWInstance * fwInstance -+) -+{ -+ plog("pem_Finalize\n"); -+ if (!pemInitialized) -+ return; -+ -+ nss_ZFreeIf(gobj); -+ gobj = NULL; -+ -+ pem_nobjs = 0; -+ size = 0; -+ count = 0; -+ -+ PR_AtomicSet(&pemInitialized, PR_FALSE); -+ -+ return; -+} -+ -+/* -+ * NSSCKMDInstance methods -+ */ -+ -+static CK_ULONG -+pem_mdInstance_GetNSlots -+( -+ NSSCKMDInstance * mdInstance, -+ NSSCKFWInstance * fwInstance, -+ CK_RV * pError -+) -+{ -+ return (CK_ULONG) NUM_SLOTS; -+} -+ -+static CK_VERSION -+pem_mdInstance_GetCryptokiVersion -+( -+ NSSCKMDInstance * mdInstance, -+ NSSCKFWInstance * fwInstance -+) -+{ -+ return pem_CryptokiVersion; -+} -+ -+static NSSUTF8 * -+pem_mdInstance_GetManufacturerID -+( -+ NSSCKMDInstance * mdInstance, -+ NSSCKFWInstance * fwInstance, -+ CK_RV * pError -+) -+{ -+ return (NSSUTF8 *) pem_ManufacturerID; -+} -+ -+static NSSUTF8 * -+pem_mdInstance_GetLibraryDescription -+( -+ NSSCKMDInstance * mdInstance, -+ NSSCKFWInstance * fwInstance, -+ CK_RV * pError -+) -+{ -+ return (NSSUTF8 *) pem_LibraryDescription; -+} -+ -+static CK_VERSION -+pem_mdInstance_GetLibraryVersion -+( -+ NSSCKMDInstance * mdInstance, -+ NSSCKFWInstance * fwInstance -+) -+{ -+ return pem_LibraryVersion; -+} -+ -+static CK_RV -+pem_mdInstance_GetSlots -+( -+ NSSCKMDInstance * mdInstance, -+ NSSCKFWInstance * fwInstance, -+ NSSCKMDSlot * slots[] -+) -+{ -+ int i; -+ CK_RV pError; -+ -+ for (i = 0; i < NUM_SLOTS; i++) { -+ slots[i] = (NSSCKMDSlot *) pem_NewSlot(fwInstance, &pError); -+ if (pError != CKR_OK) -+ return pError; -+ } -+ return CKR_OK; -+} -+ -+CK_BBOOL -+pem_mdInstance_ModuleHandlesSessionObjects -+( -+ NSSCKMDInstance * mdInstance, -+ NSSCKFWInstance * fwInstance -+) -+{ -+ return CK_TRUE; -+} -+ -+NSS_IMPLEMENT_DATA const NSSCKMDInstance -+pem_mdInstance = { -+ (void *) NULL, /* etc */ -+ pem_Initialize, /* Initialize */ -+ pem_Finalize, /* Finalize */ -+ pem_mdInstance_GetNSlots, -+ pem_mdInstance_GetCryptokiVersion, -+ pem_mdInstance_GetManufacturerID, -+ pem_mdInstance_GetLibraryDescription, -+ pem_mdInstance_GetLibraryVersion, -+ pem_mdInstance_ModuleHandlesSessionObjects, -+ pem_mdInstance_GetSlots, -+ NULL, /* WaitForSlotEvent */ -+ (void *) NULL /* null terminator */ -+}; -diff --git a/a/nss/lib/ckfw/pem/pobject.c b/b/nss/lib/ckfw/pem/pobject.c -new file mode 100644 -index 0000000..a13e531 ---- /dev/null -+++ b/b/nss/lib/ckfw/pem/pobject.c -@@ -0,0 +1,1240 @@ -+/* ***** BEGIN LICENSE BLOCK ***** -+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+ * -+ * The contents of this file are subject to the Mozilla Public License Version -+ * 1.1 (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * http://www.mozilla.org/MPL/ -+ * -+ * Software distributed under the License is distributed on an "AS IS" basis, -+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+ * for the specific language governing rights and limitations under the -+ * License. -+ * -+ * The Original Code is the Netscape security libraries. -+ * -+ * The Initial Developer of the Original Code is -+ * Netscape Communications Corporation. -+ * Portions created by the Initial Developer are Copyright (C) 1994-2000 -+ * the Initial Developer. All Rights Reserved. -+ * -+ * Contributor(s): -+ * Rob Crittenden ([email protected]) -+ * -+ * Alternatively, the contents of this file may be used under the terms of -+ * either the GNU General Public License Version 2 or later (the "GPL"), or -+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+ * in which case the provisions of the GPL or the LGPL are applicable instead -+ * of those above. If you wish to allow use of your version of this file only -+ * under the terms of either the GPL or the LGPL, and not to allow others to -+ * use your version of this file under the terms of the MPL, indicate your -+ * decision by deleting the provisions above and replace them with the notice -+ * and other provisions required by the GPL or the LGPL. If you do not delete -+ * the provisions above, a recipient may use your version of this file under -+ * the terms of any one of the MPL, the GPL or the LGPL. -+ * -+ * ***** END LICENSE BLOCK ***** */ -+ -+#include "ckpem.h" -+#include "secasn1.h" -+#include "certt.h" -+#include "prprf.h" -+#include "pk11pub.h" -+ -+/* -+ * pobject.c -+ * -+ * This file implements the NSSCKMDObject object for the -+ * "PEM objects" cryptoki module. -+ */ -+ -+NSS_EXTERN_DATA pemInternalObject **gobj; -+NSS_EXTERN_DATA int pem_nobjs; -+NSS_EXTERN_DATA int token_needsLogin[NUM_SLOTS]; -+ -+#define APPEND_LIST_ITEM(item) do { \ -+ item->next = nss_ZNEW(NULL, pemObjectListItem); \ -+ if (NULL == item->next) \ -+ goto loser; \ -+ item = item->next; \ -+} while (0) -+ -+const CK_ATTRIBUTE_TYPE certAttrs[] = { -+ CKA_CLASS, -+ CKA_TOKEN, -+ CKA_PRIVATE, -+ CKA_MODIFIABLE, -+ CKA_LABEL, -+ CKA_CERTIFICATE_TYPE, -+ CKA_SUBJECT, -+ CKA_ISSUER, -+ CKA_SERIAL_NUMBER, -+ CKA_VALUE -+}; -+const PRUint32 certAttrsCount = NSS_PEM_ARRAY_SIZE(certAttrs); -+ -+/* private keys, for now only support RSA */ -+const CK_ATTRIBUTE_TYPE privKeyAttrs[] = { -+ CKA_CLASS, -+ CKA_TOKEN, -+ CKA_PRIVATE, -+ CKA_MODIFIABLE, -+ CKA_LABEL, -+ CKA_KEY_TYPE, -+ CKA_DERIVE, -+ CKA_LOCAL, -+ CKA_SUBJECT, -+ CKA_SENSITIVE, -+ CKA_DECRYPT, -+ CKA_SIGN, -+ CKA_SIGN_RECOVER, -+ CKA_UNWRAP, -+ CKA_EXTRACTABLE, -+ CKA_ALWAYS_SENSITIVE, -+ CKA_NEVER_EXTRACTABLE, -+ CKA_MODULUS, -+ CKA_PUBLIC_EXPONENT, -+}; -+const PRUint32 privKeyAttrsCount = NSS_PEM_ARRAY_SIZE(privKeyAttrs); -+ -+/* public keys, for now only support RSA */ -+const CK_ATTRIBUTE_TYPE pubKeyAttrs[] = { -+ CKA_CLASS, -+ CKA_TOKEN, -+ CKA_PRIVATE, -+ CKA_MODIFIABLE, -+ CKA_LABEL, -+ CKA_KEY_TYPE, -+ CKA_DERIVE, -+ CKA_LOCAL, -+ CKA_SUBJECT, -+ CKA_ENCRYPT, -+ CKA_VERIFY, -+ CKA_VERIFY_RECOVER, -+ CKA_WRAP, -+ CKA_MODULUS, -+ CKA_PUBLIC_EXPONENT, -+}; -+const PRUint32 pubKeyAttrsCount = NSS_PEM_ARRAY_SIZE(pubKeyAttrs); -+ -+/* Trust */ -+const CK_ATTRIBUTE_TYPE trustAttrs[] = { -+ CKA_CLASS, -+ CKA_TOKEN, -+ CKA_LABEL, -+ CKA_CERT_SHA1_HASH, -+ CKA_CERT_MD5_HASH, -+ CKA_ISSUER, -+ CKA_SUBJECT, -+ CKA_TRUST_SERVER_AUTH, -+ CKA_TRUST_CLIENT_AUTH, -+ CKA_TRUST_EMAIL_PROTECTION, -+ CKA_TRUST_CODE_SIGNING -+}; -+const PRUint32 trustAttrsCount = NSS_PEM_ARRAY_SIZE(trustAttrs); -+ -+static const CK_BBOOL ck_true = CK_TRUE; -+static const CK_BBOOL ck_false = CK_FALSE; -+static const CK_CERTIFICATE_TYPE ckc_x509 = CKC_X_509; -+static const CK_KEY_TYPE ckk_rsa = CKK_RSA; -+static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE; -+static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY; -+static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY; -+static const CK_OBJECT_CLASS cko_trust = CKO_NETSCAPE_TRUST; -+static const CK_TRUST ckt_netscape_trusted = CKT_NETSCAPE_TRUSTED_DELEGATOR; -+static const NSSItem pem_trueItem = { -+ (void *) &ck_true, (PRUint32) sizeof(CK_BBOOL) -+}; -+static const NSSItem pem_falseItem = { -+ (void *) &ck_false, (PRUint32) sizeof(CK_BBOOL) -+}; -+static const NSSItem pem_x509Item = { -+ (void *) &ckc_x509, (PRUint32) sizeof(CK_ULONG) -+}; -+static const NSSItem pem_rsaItem = { -+ (void *) &ckk_rsa, (PRUint32) sizeof(CK_KEY_TYPE) -+}; -+static const NSSItem pem_certClassItem = { -+ (void *) &cko_certificate, (PRUint32) sizeof(CK_OBJECT_CLASS) -+}; -+static const NSSItem pem_privKeyClassItem = { -+ (void *) &cko_private_key, (PRUint32) sizeof(CK_OBJECT_CLASS) -+}; -+static const NSSItem pem_pubKeyClassItem = { -+ (void *) &cko_public_key, (PRUint32) sizeof(CK_OBJECT_CLASS) -+}; -+static const NSSItem pem_trustClassItem = { -+ (void *) &cko_trust, (PRUint32) sizeof(CK_OBJECT_CLASS) -+}; -+static const NSSItem pem_emptyItem = { -+ (void *) &ck_true, 0 -+}; -+static const NSSItem pem_trusted = { -+ (void *) &ckt_netscape_trusted, (PRUint32) sizeof(CK_TRUST) -+}; -+ -+/* SEC_SkipTemplate is already defined and exported by libnssutil */ -+#ifdef SEC_SKIP_TEMPLATE -+/* -+ * Template for skipping a subitem. -+ * -+ * Note that it only makes sense to use this for decoding (when you want -+ * to decode something where you are only interested in one or two of -+ * the fields); you cannot encode a SKIP! -+ */ -+const SEC_ASN1Template SEC_SkipTemplate[] = { ... etc. - the rest is truncated _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
