diff --git a/NSPRerrs.h b/NSPRerrs.h index 706efb8..f72615c 100644 --- a/NSPRerrs.h +++ b/NSPRerrs.h @@ -36,43 +36,43 @@ /* General NSPR 2.0 errors */ /* Caller must #include " */ -ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." ) -ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." ) -ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." ) -ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." ) -ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." ) -ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." ) -ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." ) +ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." ) +ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." ) +ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." ) +ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." ) +ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." ) +ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." ) +ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." ) ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." ) -ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." ) -ER2( PR_IO_ERROR, "I/O function error." ) -ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." ) -ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." ) -ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." ) +ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." ) +ER2( PR_IO_ERROR, "I/O function error." ) +ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." ) +ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." ) +ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." ) ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." ) ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." ) ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." ) -ER2( PR_IS_CONNECTED_ERROR, "Already connected." ) -ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." ) -ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." ) -ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." ) +ER2( PR_IS_CONNECTED_ERROR, "Already connected." ) +ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." ) +ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." ) +ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." ) ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." ) -ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." ) -ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." ) -ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." ) -ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." ) -ER2( PR_FIND_SYMBOL_ERROR, +ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." ) +ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." ) +ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." ) +ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." ) +ER2( PR_FIND_SYMBOL_ERROR, "Symbol not found in any of the loaded dynamic libraries." ) ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." ) -ER2( PR_DIRECTORY_LOOKUP_ERROR, +ER2( PR_DIRECTORY_LOOKUP_ERROR, "A directory lookup on a network address has failed." ) -ER2( PR_TPD_RANGE_ERROR, +ER2( PR_TPD_RANGE_ERROR, "Attempt to access a TPD key that is out of range." ) ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." ) ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." ) -ER2( PR_NOT_SOCKET_ERROR, +ER2( PR_NOT_SOCKET_ERROR, "Network operation attempted on non-network file descriptor." ) -ER2( PR_NOT_TCP_SOCKET_ERROR, +ER2( PR_NOT_TCP_SOCKET_ERROR, "TCP-specific function attempted on a non-TCP file descriptor." ) ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." ) ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." ) @@ -80,24 +80,24 @@ ER2( PR_OPERATION_NOT_SUPPORTED_ERROR, "The requested operation is not supported by the platform." ) ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, "The host operating system does not support the protocol requested." ) -ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." ) -ER2( PR_BUFFER_OVERFLOW_ERROR, +ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." ) +ER2( PR_BUFFER_OVERFLOW_ERROR, "The value requested is too large to be stored in the data buffer provided." ) -ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." ) -ER2( PR_RANGE_ERROR, "Unused." ) -ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." ) -ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." ) -ER2( PR_FILE_TOO_BIG_ERROR, +ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." ) +ER2( PR_RANGE_ERROR, "Unused." ) +ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." ) +ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." ) +ER2( PR_FILE_TOO_BIG_ERROR, "Write would result in file larger than the system allows." ) -ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." ) -ER2( PR_PIPE_ERROR, "Unused." ) -ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." ) -ER2( PR_IS_DIRECTORY_ERROR, +ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." ) +ER2( PR_PIPE_ERROR, "Unused." ) +ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." ) +ER2( PR_IS_DIRECTORY_ERROR, "Cannot perform a normal file operation on a directory." ) -ER2( PR_LOOP_ERROR, "Symbolic link loop." ) -ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." ) -ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." ) -ER2( PR_NOT_DIRECTORY_ERROR, +ER2( PR_LOOP_ERROR, "Symbolic link loop." ) +ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." ) +ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." ) +ER2( PR_NOT_DIRECTORY_ERROR, "Cannot perform directory operation on a normal file." ) ER2( PR_READ_ONLY_FILESYSTEM_ERROR, "Cannot write to a read-only file system." ) @@ -105,49 +105,49 @@ ER2( PR_DIRECTORY_NOT_EMPTY_ERROR, "Cannot delete a directory that is not empty." ) ER2( PR_FILESYSTEM_MOUNTED_ERROR, "Cannot delete or rename a file object while the file system is busy." ) -ER2( PR_NOT_SAME_DEVICE_ERROR, +ER2( PR_NOT_SAME_DEVICE_ERROR, "Cannot rename a file to a file system on another device." ) ER2( PR_DIRECTORY_CORRUPTED_ERROR, "The directory object in the file system is corrupted." ) -ER2( PR_FILE_EXISTS_ERROR, +ER2( PR_FILE_EXISTS_ERROR, "Cannot create or rename a filename that already exists." ) ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, "Directory is full. No additional filenames may be added." ) ER2( PR_INVALID_DEVICE_STATE_ERROR, "The required device was in an invalid state." ) ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." ) -ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." ) -ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." ) -ER2( PR_FILE_SEEK_ERROR, "Seek error." ) -ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." ) +ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." ) +ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." ) +ER2( PR_FILE_SEEK_ERROR, "Seek error." ) +ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." ) ER2( PR_IN_PROGRESS_ERROR, "Operation is still in progress (probably a non-blocking connect)." ) ER2( PR_ALREADY_INITIATED_ERROR, "Operation has already been initiated (probably a non-blocking connect)." ) #ifdef PR_GROUP_EMPTY_ERROR -ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." ) +ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." ) #endif #ifdef PR_INVALID_STATE_ERROR -ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." ) +ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." ) #endif #ifdef PR_NETWORK_DOWN_ERROR -ER2( PR_NETWORK_DOWN_ERROR, "Network is down." ) +ER2( PR_NETWORK_DOWN_ERROR, "Network is down." ) #endif #ifdef PR_SOCKET_SHUTDOWN_ERROR -ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." ) +ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." ) #endif #ifdef PR_CONNECT_ABORTED_ERROR -ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." ) +ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." ) #endif #ifdef PR_HOST_UNREACHABLE_ERROR -ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." ) +ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." ) #endif /* always last */ -ER2( PR_MAX_ERROR, "Placeholder for the end of the list" ) +ER2( PR_MAX_ERROR, "Placeholder for the end of the list" ) diff --git a/SECerrs.h b/SECerrs.h index 562152b..a233531 100755 --- a/SECerrs.h +++ b/SECerrs.h @@ -37,448 +37,448 @@ /* General security error codes */ /* Caller must #include */ -ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0, +ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0, "An I/O error occurred during security authorization.") -ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1, +ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1, "security library failure.") -ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2, +ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2, "security library: received bad data.") -ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3, +ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3, "security library: output length error.") -ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4, +ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4, "security library has experienced an input length error.") -ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5, +ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5, "security library: invalid arguments.") -ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6, +ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6, "security library: invalid algorithm.") -ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7, +ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7, "security library: invalid AVA.") -ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8, +ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8, "Improperly formatted time string.") -ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9, +ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9, "security library: improperly formatted DER-encoded message.") -ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10, +ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10, "Peer's certificate has an invalid signature.") -ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11, +ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11, "Peer's Certificate has expired.") -ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12, +ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12, "Peer's Certificate has been revoked.") -ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13, +ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13, "Peer's Certificate issuer is not recognized.") -ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14, +ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14, "Peer's public key is invalid.") -ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15, +ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15, "The security password entered is incorrect.") -ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16, +ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16, "New password entered incorrectly. Please try again.") -ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17, +ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17, "security library: no nodelock.") -ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18, +ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18, "security library: bad database.") -ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19, +ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19, "security library: memory allocation failure.") -ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20, +ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20, "Peer's certificate issuer has been marked as not trusted by the user.") -ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21, +ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21, "Peer's certificate has been marked as not trusted by the user.") -ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22), +ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22), "Certificate already exists in your database.") -ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23), +ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23), "Downloaded certificate's name duplicates one already in your database.") -ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24), +ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24), "Error adding certificate to database.") -ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25), +ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25), "Error refiling the key for this certificate.") -ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26), +ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26), "The private key for this certificate cannot be found in key database") -ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27), +ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27), "This certificate is valid.") -ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28), +ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28), "This certificate is not valid.") -ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29), +ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29), "Cert Library: No Response") -ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30), +ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30), "The certificate issuer's certificate has expired. Check your system date and time.") -ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31), +ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31), "The CRL for the certificate's issuer has expired. Update it or check your system date and time.") -ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32), +ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32), "The CRL for the certificate's issuer has an invalid signature.") -ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33), +ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33), "New CRL has an invalid format.") -ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34), +ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34), "Certificate extension value is invalid.") -ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35), +ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35), "Certificate extension not found.") -ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36), +ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36), "Issuer certificate is invalid.") -ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37), +ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37), "Certificate path length constraint is invalid.") -ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38), +ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38), "Certificate usages field is invalid.") -ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39), +ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39), "**Internal ONLY module**") -ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40), +ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40), "The key does not support the requested operation.") -ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41), +ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41), "Certificate contains unknown critical extension.") -ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42), +ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42), "New CRL is not later than the current one.") -ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43), +ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43), "Not encrypted or signed: you do not yet have an email certificate.") -ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44), +ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44), "Not encrypted: you do not have certificates for each of the recipients.") -ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45), +ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45), "Cannot decrypt: you are not a recipient, or matching certificate and \ private key not found.") -ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46), +ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46), "Cannot decrypt: key encryption algorithm does not match your certificate.") -ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47), +ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47), "Signature verification failed: no signer found, too many signers found, \ or improper or corrupted data.") -ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48), +ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48), "Unsupported or unknown key algorithm.") -ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49), +ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49), "Cannot decrypt: encrypted using a disallowed algorithm or key size.") /* Fortezza Alerts */ -ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50), +ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50), "Fortezza card has not been properly initialized. \ Please remove it and return it to your issuer.") -ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51), +ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51), "No Fortezza cards Found") -ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52), +ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52), "No Fortezza card selected") -ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53), +ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53), "Please select a personality to get more info on") -ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54), +ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54), "Personality not found") -ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55), +ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55), "No more information on that Personality") -ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56), +ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56), "Invalid Pin") -ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57), +ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57), "Couldn't initialize Fortezza personalities.") /* end fortezza alerts. */ -ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58), +ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58), "No KRL for this site's certificate has been found.") -ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59), +ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59), "The KRL for this site's certificate has expired.") -ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60), +ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60), "The KRL for this site's certificate has an invalid signature.") -ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61), +ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61), "The key for this site's certificate has been revoked.") -ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62), +ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62), "New KRL has an invalid format.") -ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63), +ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63), "security library: need random data.") -ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64), +ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64), "security library: no security module can perform the requested operation.") -ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65), +ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65), "The security card or token does not exist, needs to be initialized, or has been removed.") -ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66), +ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66), "security library: read-only database.") -ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67), +ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67), "No slot or token was selected.") -ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68), +ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68), "A certificate with the same nickname already exists.") -ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69), +ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69), "A key with the same nickname already exists.") -ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70), +ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70), "error while creating safe object") -ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71), +ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71), "error while creating baggage object") -ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72), +ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72), "Couldn't remove the principal") -ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73), +ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73), "Couldn't delete the privilege") -ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74), +ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74), "This principal doesn't have a certificate") -ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75), +ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75), "Required algorithm is not allowed.") -ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76), +ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76), "Error attempting to export certificates.") -ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77), +ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77), "Error attempting to import certificates.") -ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78), +ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78), "Unable to import. Decoding error. File not valid.") -ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79), +ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79), "Unable to import. Invalid MAC. Incorrect password or corrupt file.") -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80), +ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80), "Unable to import. MAC algorithm not supported.") ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81), "Unable to import. Only password integrity and privacy modes supported.") -ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82), +ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82), "Unable to import. File structure is corrupt.") ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83), "Unable to import. Encryption algorithm not supported.") -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84), +ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84), "Unable to import. File version not supported.") ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85), "Unable to import. Incorrect privacy password.") -ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86), +ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86), "Unable to import. Same nickname already exists in database.") -ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87), +ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87), "The user pressed cancel.") -ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88), +ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88), "Not imported, already in database.") -ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89), +ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89), "Message not sent.") -ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90), +ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90), "Certificate key usage inadequate for attempted operation.") -ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91), +ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91), "Certificate type not approved for application.") -ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92), +ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92), "Address in signing certificate does not match address in message headers.") -ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93), +ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93), "Unable to import. Error attempting to import private key.") -ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94), +ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94), "Unable to import. Error attempting to import certificate chain.") ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95), "Unable to export. Unable to locate certificate or key by nickname.") -ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96), +ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96), "Unable to export. Private Key could not be located and exported.") -ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97), +ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97), "Unable to export. Unable to write the export file.") -ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98), +ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98), "Unable to import. Unable to read the import file.") ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99), "Unable to export. Key database corrupt or deleted.") -ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100), +ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100), "Unable to generate public/private key pair.") -ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101), +ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101), "Password entered is invalid. Please pick a different one.") -ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102), +ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102), "Old password entered incorrectly. Please try again.") -ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103), +ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103), "Certificate nickname already in use.") -ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104), +ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104), "Peer FORTEZZA chain has a non-FORTEZZA Certificate.") -ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105), +ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105), "A sensitive key cannot be moved to the slot where it is needed.") -ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106), +ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106), "Invalid module name.") -ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107), +ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107), "Invalid module path/filename") -ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108), +ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108), "Unable to add module") -ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109), +ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109), "Unable to delete module") -ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110), +ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110), "New KRL is not later than the current one.") -ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111), +ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111), "New CKL has different issuer than current CKL. Delete current CKL.") -ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112), +ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112), "The Certifying Authority for this certificate is not permitted to issue a \ certificate with this name.") -ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113), +ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113), "The key revocation list for this certificate is not yet valid.") -ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114), +ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114), "The certificate revocation list for this certificate is not yet valid.") -ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115), +ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115), "The requested certificate could not be found.") -ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116), +ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116), "The signer's certificate could not be found.") -ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117), +ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117), "The location for the certificate status server has invalid format.") -ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118), +ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118), "The OCSP response cannot be fully decoded; it is of an unknown type.") -ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119), +ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119), "The OCSP server returned unexpected/invalid HTTP data.") -ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120), +ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120), "The OCSP server found the request to be corrupted or improperly formed.") -ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121), +ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121), "The OCSP server experienced an internal error.") -ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122), +ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122), "The OCSP server suggests trying again later.") -ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123), +ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123), "The OCSP server requires a signature on this request.") -ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124), +ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124), "The OCSP server has refused this request as unauthorized.") -ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125), +ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125), "The OCSP server returned an unrecognizable status.") -ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126), +ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126), "The OCSP server has no status for the certificate.") -ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127), +ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127), "You must enable OCSP before performing this operation.") -ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128), +ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128), "You must set the OCSP default responder before performing this operation.") -ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129), +ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129), "The response from the OCSP server was corrupted or improperly formed.") -ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130), +ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130), "The signer of the OCSP response is not authorized to give status for \ this certificate.") -ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131), +ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131), "The OCSP response is not yet valid (contains a date in the future).") -ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132), +ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132), "The OCSP response contains out-of-date information.") -ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133), +ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133), "The CMS or PKCS #7 Digest was not found in signed message.") -ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134), +ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134), "The CMS or PKCS #7 Message type is unsupported.") -ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135), +ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135), "PKCS #11 module could not be removed because it is still in use.") -ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136), +ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136), "Could not decode ASN.1 data. Specified template was invalid.") -ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137), +ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137), "No matching CRL was found.") ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL, (SEC_ERROR_BASE + 138), "You are attempting to import a cert with the same issuer/serial as \ an existing cert, but that is not the same cert.") -ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139), +ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139), "NSS could not shutdown. Objects are still in use.") -ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140), +ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140), "DER-encoded message contained extra unused data.") -ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141), +ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141), "Unsupported elliptic curve.") -ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142), +ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142), "Unsupported elliptic curve point form.") -ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143), +ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143), "Unrecognized Object Identifier.") -ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144), +ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144), "Invalid OCSP signing certificate in OCSP response.") ER3(SEC_ERROR_REVOKED_CERTIFICATE_CRL, (SEC_ERROR_BASE + 145), @@ -496,53 +496,53 @@ ER3(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 148), ER3(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 149), "Issuer's V2 Certificate Revocation List has an unknown critical extension.") -ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE, (SEC_ERROR_BASE + 150), +ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE, (SEC_ERROR_BASE + 150), "Unknown object type specified.") -ER3(SEC_ERROR_INCOMPATIBLE_PKCS11, (SEC_ERROR_BASE + 151), +ER3(SEC_ERROR_INCOMPATIBLE_PKCS11, (SEC_ERROR_BASE + 151), "PKCS #11 driver violates the spec in an incompatible way.") -ER3(SEC_ERROR_NO_EVENT, (SEC_ERROR_BASE + 152), +ER3(SEC_ERROR_NO_EVENT, (SEC_ERROR_BASE + 152), "No new slot event is available at this time.") -ER3(SEC_ERROR_CRL_ALREADY_EXISTS, (SEC_ERROR_BASE + 153), +ER3(SEC_ERROR_CRL_ALREADY_EXISTS, (SEC_ERROR_BASE + 153), "CRL already exists.") -ER3(SEC_ERROR_NOT_INITIALIZED, (SEC_ERROR_BASE + 154), +ER3(SEC_ERROR_NOT_INITIALIZED, (SEC_ERROR_BASE + 154), "NSS is not initialized.") -ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN, (SEC_ERROR_BASE + 155), +ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN, (SEC_ERROR_BASE + 155), "The operation failed because the PKCS#11 token is not logged in.") -ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156), +ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156), "Configured OCSP responder's certificate is invalid.") -ER3(SEC_ERROR_OCSP_BAD_SIGNATURE, (SEC_ERROR_BASE + 157), +ER3(SEC_ERROR_OCSP_BAD_SIGNATURE, (SEC_ERROR_BASE + 157), "OCSP response has an invalid signature.") -ER3(SEC_ERROR_OUT_OF_SEARCH_LIMITS, (SEC_ERROR_BASE + 158), +ER3(SEC_ERROR_OUT_OF_SEARCH_LIMITS, (SEC_ERROR_BASE + 158), "Cert validation search is out of search limits") -ER3(SEC_ERROR_INVALID_POLICY_MAPPING, (SEC_ERROR_BASE + 159), +ER3(SEC_ERROR_INVALID_POLICY_MAPPING, (SEC_ERROR_BASE + 159), "Policy mapping contains anypolicy") -ER3(SEC_ERROR_POLICY_VALIDATION_FAILED, (SEC_ERROR_BASE + 160), +ER3(SEC_ERROR_POLICY_VALIDATION_FAILED, (SEC_ERROR_BASE + 160), "Cert chain fails policy validation") -ER3(SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, (SEC_ERROR_BASE + 161), +ER3(SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, (SEC_ERROR_BASE + 161), "Unknown location type in cert AIA extension") -ER3(SEC_ERROR_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 162), +ER3(SEC_ERROR_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 162), "Server returned bad HTTP response") -ER3(SEC_ERROR_BAD_LDAP_RESPONSE, (SEC_ERROR_BASE + 163), +ER3(SEC_ERROR_BAD_LDAP_RESPONSE, (SEC_ERROR_BASE + 163), "Server returned bad LDAP response") -ER3(SEC_ERROR_FAILED_TO_ENCODE_DATA, (SEC_ERROR_BASE + 164), +ER3(SEC_ERROR_FAILED_TO_ENCODE_DATA, (SEC_ERROR_BASE + 164), "Failed to encode data with ASN1 encoder") -ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165), +ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165), "Bad information access location in cert extension") -ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166), +ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166), "Libpkix internal error occured during cert validation.") diff --git a/certext.c b/certext.c index 766333e..78a1613 100755 --- a/certext.c +++ b/certext.c @@ -104,8 +104,8 @@ CERT_EncodeSubjectKeyID(PRArenaPool *arena, const SECItem* srcString, return SECFailure; } if (SEC_ASN1EncodeItem (arena, encodedValue, srcString, - CERTSubjectKeyIDTemplate) == NULL) { - rv = SECFailure; + CERTSubjectKeyIDTemplate) == NULL) { + rv = SECFailure; } return(rv); @@ -141,82 +141,82 @@ SEC_StringToOID(PLArenaPool *pool, SECItem *to, const char *from, PRUint32 len) static const char OIDstring[] = {"OID."}; if (!from || !to) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (!len) { - len = PL_strlen(from); + len = PL_strlen(from); } if (len >= 4 && !PL_strncasecmp(from, OIDstring, 4)) { - from += 4; /* skip leading "OID." if present */ - len -= 4; + from += 4; /* skip leading "OID." if present */ + len -= 4; } if (!len) { bad_data: - PORT_SetError(SEC_ERROR_BAD_DATA); - return SECFailure; + PORT_SetError(SEC_ERROR_BAD_DATA); + return SECFailure; } - do { - PRUint32 decimal = 0; - while (len > 0 && isdigit(*from)) { - PRUint32 addend = (*from++ - '0'); - --len; - if (decimal > max_decimal) /* overflow */ - goto bad_data; - decimal = (decimal * 10) + addend; - if (decimal < addend) /* overflow */ - goto bad_data; - } - if (len != 0 && *from != '.') { - goto bad_data; - } - if (decimal_numbers == 0) { - if (decimal > 2) - goto bad_data; - result[0] = decimal * 40; - result_bytes = 1; - } else if (decimal_numbers == 1) { - if (decimal > 40) - goto bad_data; - result[0] += decimal; - } else { - /* encode the decimal number, */ - PRUint8 * rp; - PRUint32 num_bytes = 0; - PRUint32 tmp = decimal; - while (tmp) { - num_bytes++; - tmp >>= 7; - } - if (!num_bytes ) - ++num_bytes; /* use one byte for a zero value */ - if (num_bytes + result_bytes > sizeof result) - goto bad_data; - tmp = num_bytes; - rp = result + result_bytes - 1; - rp[tmp] = (PRUint8)(decimal & 0x7f); - decimal >>= 7; - while (--tmp > 0) { - rp[tmp] = (PRUint8)(decimal | 0x80); - decimal >>= 7; - } - result_bytes += num_bytes; - } - ++decimal_numbers; - if (len > 0) { /* skip trailing '.' */ - ++from; - --len; - } - } while (len > 0); + do { + PRUint32 decimal = 0; + while (len > 0 && isdigit(*from)) { + PRUint32 addend = (*from++ - '0'); + --len; + if (decimal > max_decimal) /* overflow */ + goto bad_data; + decimal = (decimal * 10) + addend; + if (decimal < addend) /* overflow */ + goto bad_data; + } + if (len != 0 && *from != '.') { + goto bad_data; + } + if (decimal_numbers == 0) { + if (decimal > 2) + goto bad_data; + result[0] = decimal * 40; + result_bytes = 1; + } else if (decimal_numbers == 1) { + if (decimal > 40) + goto bad_data; + result[0] += decimal; + } else { + /* encode the decimal number, */ + PRUint8 * rp; + PRUint32 num_bytes = 0; + PRUint32 tmp = decimal; + while (tmp) { + num_bytes++; + tmp >>= 7; + } + if (!num_bytes ) + ++num_bytes; /* use one byte for a zero value */ + if (num_bytes + result_bytes > sizeof result) + goto bad_data; + tmp = num_bytes; + rp = result + result_bytes - 1; + rp[tmp] = (PRUint8)(decimal & 0x7f); + decimal >>= 7; + while (--tmp > 0) { + rp[tmp] = (PRUint8)(decimal | 0x80); + decimal >>= 7; + } + result_bytes += num_bytes; + } + ++decimal_numbers; + if (len > 0) { /* skip trailing '.' */ + ++from; + --len; + } + } while (len > 0); /* now result contains result_bytes of data */ if (to->data && to->len >= result_bytes) { - PORT_Memcpy(to->data, result, to->len = result_bytes); - rv = SECSuccess; + PORT_Memcpy(to->data, result, to->len = result_bytes); + rv = SECSuccess; } else { - SECItem result_item = {siBuffer, NULL, 0 }; - result_item.data = result; - result_item.len = result_bytes; - rv = SECITEM_CopyItem(pool, to, &result_item); + SECItem result_item = {siBuffer, NULL, 0 }; + result_item.data = result; + result_item.len = result_bytes; + rv = SECITEM_CopyItem(pool, to, &result_item); } return rv; } @@ -283,15 +283,15 @@ GetGeneralName (PRArenaPool *arena) mark = PORT_ArenaMark (arena); do { if (PrintChoicesAndGetAnswer( - "\nSelect one of the following general name type: \n" - "\t2 - rfc822Name\n" - "\t3 - dnsName\n" - "\t5 - directoryName\n" - "\t7 - uniformResourceidentifier\n" - "\t8 - ipAddress\n" - "\t9 - registerID\n" - "\tAny other number to finish\n" - "\t\tChoice:", buffer, sizeof(buffer)) == SECFailure) { + "\nSelect one of the following general name type: \n" + "\t2 - rfc822Name\n" + "\t3 - dnsName\n" + "\t5 - directoryName\n" + "\t7 - uniformResourceidentifier\n" + "\t8 - ipAddress\n" + "\t9 - registerID\n" + "\tAny other number to finish\n" + "\t\tChoice:", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK (SECFailure); } intValue = PORT_Atoi (buffer); @@ -306,23 +306,23 @@ GetGeneralName (PRArenaPool *arena) case certURI: case certIPAddress: case certRegisterID: - break; + break; default: - intValue = 0; /* force a break for anything else */ + intValue = 0; /* force a break for anything else */ } if (intValue == 0) - break; - - if (namesList == NULL) { - namesList = current = tail = - PORT_ArenaZNew(arena, CERTGeneralName); - } else { - current = PORT_ArenaZNew(arena, CERTGeneralName); - } - if (current == NULL) { - GEN_BREAK (SECFailure); - } + break; + + if (namesList == NULL) { + namesList = current = tail = + PORT_ArenaZNew(arena, CERTGeneralName); + } else { + current = PORT_ArenaZNew(arena, CERTGeneralName); + } + if (current == NULL) { + GEN_BREAK (SECFailure); + } current->type = intValue; puts ("\nEnter data:"); @@ -368,22 +368,22 @@ GetGeneralName (PRArenaPool *arena) } case certDirectoryName: - { - CERTName *directoryName = NULL; - - directoryName = CERT_AsciiToName (buffer); - if (!directoryName) { - fprintf(stderr, "certutil: improperly formatted name: " - "\"%s\"\n", buffer); - break; - } - - rv = CERT_CopyName (arena, ¤t->name.directoryName, - directoryName); - CERT_DestroyName (directoryName); - - break; - } + { + CERTName *directoryName = NULL; + + directoryName = CERT_AsciiToName (buffer); + if (!directoryName) { + fprintf(stderr, "certutil: improperly formatted name: " + "\"%s\"\n", buffer); + break; + } + + rv = CERT_CopyName (arena, ¤t->name.directoryName, + directoryName); + CERT_DestroyName (directoryName); + + break; + } } if (rv != SECSuccess) break; @@ -447,7 +447,7 @@ AddKeyUsage (void *extHandle) PRBool yesNoAns; while (1) { - if (PrintChoicesAndGetAnswer( + if (PrintChoicesAndGetAnswer( "\t\t0 - Digital Signature\n" "\t\t1 - Non-repudiation\n" "\t\t2 - Key encipherment\n" @@ -829,8 +829,8 @@ AddBasicConstraint(void *extHandle) yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(NULL, extHandle, - &basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue); + &basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS, + (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue); } while (0); return (rv); @@ -878,8 +878,8 @@ AddAuthKeyID (void *extHandle) yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, - authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID, - (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID); + authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID, + (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID); if (rv) break; @@ -915,8 +915,8 @@ AddSubjKeyID (void *extHandle) yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, - &keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID, - (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeSubjectKeyID); + &keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID, + (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeSubjectKeyID); if (rv) break; @@ -954,8 +954,8 @@ AddCrlDistPoint(void *extHandle) "\t1 - Full Name\n\t2 - Relative Name\n\tAny other " "number to finish\n\t\tChoice: ", buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK (SECFailure); - } + GEN_BREAK (SECFailure); + } intValue = PORT_Atoi (buffer); switch (intValue) { case generalName: @@ -1043,8 +1043,8 @@ AddCrlDistPoint(void *extHandle) /* Add null to the end to mark end of data */ crlDistPoints->distPoints = PORT_ArenaGrow(arena, crlDistPoints->distPoints, - sizeof (*crlDistPoints->distPoints) * count, - sizeof (*crlDistPoints->distPoints) *(count + 1)); + sizeof (*crlDistPoints->distPoints) * count, + sizeof (*crlDistPoints->distPoints) *(count + 1)); crlDistPoints->distPoints[count] = NULL; break; } @@ -1056,8 +1056,8 @@ AddCrlDistPoint(void *extHandle) PRBool yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, - crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints); + crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS, + (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints); } if (arena) PORT_FreeArena (arena, PR_FALSE); @@ -1098,7 +1098,7 @@ AddPolicyConstraints(void *extHandle) if (PORT_Strlen(buffer)) { value = PORT_Atoi(buffer); - if (value < 0) { + if (value < 0) { goto loser; } item = &policyConstr->explicitPolicySkipCerts; @@ -1111,14 +1111,14 @@ AddPolicyConstraints(void *extHandle) if (PrintChoicesAndGetAnswer("for inihibitPolicyMapping enter " "the number of certs in path\n" - "after which policy mapping is not allowed\n" + "after which policy mapping is not allowed\n" "(press Enter to omit)", buffer, sizeof(buffer)) == SECFailure) { goto loser; } if (PORT_Strlen(buffer)) { value = PORT_Atoi(buffer); - if (value < 0) { + if (value < 0) { goto loser; } item = &policyConstr->inhibitMappingSkipCerts; @@ -1134,12 +1134,12 @@ AddPolicyConstraints(void *extHandle) yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, policyConstr, - yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension); + yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS, + (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension); } else { - fprintf(stdout, "Policy Constraint extensions must contain " + fprintf(stdout, "Policy Constraint extensions must contain " "at least one policy field\n"); - rv = SECFailure; + rv = SECFailure; } loser: @@ -1188,8 +1188,8 @@ AddInhibitAnyPolicy(void *extHandle) yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &certInhibitAny, - yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension); + yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY, + (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension); loser: if (arena) { PORT_FreeArena (arena, PR_FALSE); @@ -1280,8 +1280,8 @@ AddPolicyMappings(void *extHandle) mappings.arena = arena; mappings.policyMaps = policyMapArr; rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &mappings, - yesNoAns, SEC_OID_X509_POLICY_MAPPINGS, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension); + yesNoAns, SEC_OID_X509_POLICY_MAPPINGS, + (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension); } if (arena) PORT_FreeArena (arena, PR_FALSE); @@ -1332,16 +1332,16 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID) oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CPS_POINTER_QUALIFIER); if (PrintChoicesAndGetAnswer("Enter CPS pointer URI: ", - buffer, sizeof(buffer)) == SECFailure) { + buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK (SECFailure); } input.len = PORT_Strlen(buffer); input.data = (void*)PORT_ArenaStrdup(arena, buffer); if (input.data == NULL || - SEC_ASN1EncodeItem(arena, ¤t->qualifierValue, &input, - SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) { + SEC_ASN1EncodeItem(arena, ¤t->qualifierValue, &input, + SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) { GEN_BREAK (SECFailure); - } + } break; } case userNotice: { @@ -1356,7 +1356,7 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID) if (GetYesNo("\t add a User Notice reference? [y/N]")) { if (PrintChoicesAndGetAnswer("Enter user organization string: ", - buffer, sizeof(buffer)) == SECFailure) { + buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK (SECFailure); } @@ -1368,9 +1368,9 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID) noticeNumArr = PORT_ArenaZNewArray(arena, SECItem *, 2); - if (!noticeNumArr) { + if (!noticeNumArr) { GEN_BREAK (SECFailure); - } + } do { SECItem *noticeNum; @@ -1378,34 +1378,34 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID) noticeNum = PORT_ArenaZNew(arena, SECItem); if (PrintChoicesAndGetAnswer( - "Enter User Notice reference number " - "(or -1 to quit): ", + "Enter User Notice reference number " + "(or -1 to quit): ", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK (SECFailure); } intValue = PORT_Atoi(buffer); - if (noticeNum == NULL) { - if (intValue < 0) { - fprintf(stdout, "a noticeReference must have at " + if (noticeNum == NULL) { + if (intValue < 0) { + fprintf(stdout, "a noticeReference must have at " "least one reference number\n"); GEN_BREAK (SECFailure); - } - } else { - if (intValue >= 0) { + } + } else { + if (intValue >= 0) { noticeNumArr = PORT_ArenaGrow(arena, noticeNumArr, - sizeof (current) * inCount, - sizeof (current) *(inCount + 1)); + sizeof (current) * inCount, + sizeof (current) *(inCount + 1)); if (noticeNumArr == NULL) { GEN_BREAK (SECFailure); } - } else { - break; - } + } else { + break; + } } if (!SEC_ASN1EncodeInteger(arena, noticeNum, intValue)) { GEN_BREAK (SECFailure); - } + } noticeNumArr[inCount++] = noticeNum; noticeNumArr[inCount] = NULL; @@ -1429,10 +1429,10 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID) notice->displayText.type = siAsciiString; notice->displayText.len = PORT_Strlen(buffer); notice->displayText.data = - (void*)PORT_ArenaStrdup(arena, buffer); - if (notice->displayText.data == NULL) { - GEN_BREAK(SECFailure); - } + (void*)PORT_ArenaStrdup(arena, buffer); + if (notice->displayText.data == NULL) { + GEN_BREAK(SECFailure); + } } rv = CERT_EncodeUserNotice(arena, notice, ¤t->qualifierValue); @@ -1445,17 +1445,17 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID) } if (rv == SECFailure || oid == NULL || SECITEM_CopyItem(arena, ¤t->qualifierID, &oid->oid) - == SECFailure) { + == SECFailure) { GEN_BREAK (SECFailure); } if (!policyQualifArr) { policyQualifArr = PORT_ArenaZNew(arena, CERTPolicyQualifier *); } else { - policyQualifArr = PORT_ArenaGrow (arena, policyQualifArr, + policyQualifArr = PORT_ArenaGrow (arena, policyQualifArr, sizeof (current) * count, sizeof (current) *(count + 1)); - } + } if (policyQualifArr == NULL) { GEN_BREAK (SECFailure); } @@ -1508,15 +1508,15 @@ AddCertPolicies(void *extHandle) if (PrintChoicesAndGetAnswer("Enter a CertPolicy Object Identifier " "(dotted decimal format)\n" - "or \"any\" for AnyPolicy:", + "or \"any\" for AnyPolicy:", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK (SECFailure); } - - if (strncmp(buffer, "any", 3) == 0) { - /* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */ - strcpy(buffer, "OID.2.5.29.32.0"); - } + + if (strncmp(buffer, "any", 3) == 0) { + /* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */ + strcpy(buffer, "OID.2.5.29.32.0"); + } rv = SEC_StringToOID(arena, ¤t->policyID, buffer, 0); if (rv == SECFailure) { @@ -1529,10 +1529,10 @@ AddCertPolicies(void *extHandle) if (!certPoliciesArr) { certPoliciesArr = PORT_ArenaZNew(arena, CERTPolicyInfo *); } else { - certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr, + certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr, sizeof (current) * count, sizeof (current) *(count + 1)); - } + } if (certPoliciesArr == NULL) { GEN_BREAK (SECFailure); } @@ -1562,11 +1562,11 @@ AddCertPolicies(void *extHandle) policies.policyInfos = certPoliciesArr; rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &policies, - yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension); + yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES, + (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension); } if (arena) - PORT_FreeArena(arena, PR_FALSE); + PORT_FreeArena(arena, PR_FALSE); return (rv); } @@ -1648,7 +1648,7 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert) } if (oid == NULL || SECITEM_CopyItem(arena, ¤t->method, &oid->oid) - == SECFailure) { + == SECFailure) { GEN_BREAK (SECFailure); } @@ -1660,10 +1660,10 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert) if (infoAccArr == NULL) { infoAccArr = PORT_ArenaZNew(arena, CERTAuthInfoAccess *); } else { - infoAccArr = PORT_ArenaGrow(arena, infoAccArr, + infoAccArr = PORT_ArenaGrow(arena, infoAccArr, sizeof (current) * count, sizeof (current) *(count + 1)); - } + } if (infoAccArr == NULL) { GEN_BREAK (SECFailure); } @@ -1698,8 +1698,8 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert) oidIdent = SEC_OID_X509_SUBJECT_INFO_ACCESS; } rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, infoAccArr, - yesNoAns, oidIdent, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension); + yesNoAns, oidIdent, + (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension); } if (arena) PORT_FreeArena(arena, PR_FALSE); @@ -1718,18 +1718,18 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, if (extList[ext_keyUsage]) { rv = AddKeyUsage(extHandle); if (rv) { - errstring = "KeyUsage"; + errstring = "KeyUsage"; break; - } + } } /* Add extended key usage extension */ if (extList[ext_extKeyUsage]) { rv = AddExtKeyUsage(extHandle); if (rv) { - errstring = "ExtendedKeyUsage"; + errstring = "ExtendedKeyUsage"; break; - } + } } /* Add basic constraint extension */ @@ -1738,46 +1738,46 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, if (rv) { errstring = "BasicConstraint"; break; - } + } } if (extList[ext_authorityKeyID]) { rv = AddAuthKeyID(extHandle); if (rv) { - errstring = "AuthorityKeyID"; + errstring = "AuthorityKeyID"; break; - } + } } if (extList[ext_subjectKeyID]) { rv = AddSubjKeyID(extHandle); if (rv) { - errstring = "SubjectKeyID"; + errstring = "SubjectKeyID"; break; - } + } } if (extList[ext_CRLDistPts]) { rv = AddCrlDistPoint(extHandle); if (rv) { - errstring = "CRLDistPoints"; + errstring = "CRLDistPoints"; break; - } + } } if (extList[ext_NSCertType]) { rv = AddNscpCertType(extHandle); if (rv) { - errstring = "NSCertType"; + errstring = "NSCertType"; break; - } + } } if (extList[ext_authInfoAcc] || extList[ext_subjInfoAcc]) { rv = AddInfoAccess(extHandle, extList[ext_subjInfoAcc], - extList[ext_basicConstraint]); + extList[ext_basicConstraint]); if (rv) { - errstring = "InformationAccess"; + errstring = "InformationAccess"; break; } } @@ -1785,7 +1785,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, if (extList[ext_certPolicies]) { rv = AddCertPolicies(extHandle); if (rv) { - errstring = "Policies"; + errstring = "Policies"; break; } } @@ -1793,7 +1793,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, if (extList[ext_policyMappings]) { rv = AddPolicyMappings(extHandle); if (rv) { - errstring = "PolicyMappings"; + errstring = "PolicyMappings"; break; } } @@ -1801,17 +1801,17 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, if (extList[ext_policyConstr]) { rv = AddPolicyConstraints(extHandle); if (rv) { - errstring = "PolicyConstraints"; + errstring = "PolicyConstraints"; break; - } + } } if (extList[ext_inhibitAnyPolicy]) { rv = AddInhibitAnyPolicy(extHandle); if (rv) { - errstring = "InhibitAnyPolicy"; + errstring = "InhibitAnyPolicy"; break; - } + } } if (emailAddrs || dnsNames) { @@ -1830,18 +1830,18 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); if (rv == SECSuccess) { - rv = CERT_EncodeAltNameExtension(arena, namelist, &item); - if (rv == SECSuccess) { + rv = CERT_EncodeAltNameExtension(arena, namelist, &item); + if (rv == SECSuccess) { rv = CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_ALT_NAME, &item, PR_FALSE, PR_TRUE); - } + } } - PORT_FreeArena(arena, PR_FALSE); - if (rv) { + PORT_FreeArena(arena, PR_FALSE); + if (rv) { errstring = "SubjectAltName"; break; - } + } } } while (0); diff --git a/certwatch.c b/certwatch.c index 4dd8e54..1ede6a1 100644 --- a/certwatch.c +++ b/certwatch.c @@ -111,15 +111,15 @@ static char *warn_address = "root"; * Semantics are similar to asctime. */ char * AsciiTime(PRTime time) -{ - PRExplodedTime printable; - char *timebuf; - - PR_ExplodeTime(time, PR_GMTParameters, &printable); - timebuf = PORT_Alloc(TIME_BUF_SIZE); - (void) PR_FormatTime(timebuf, TIME_BUF_SIZE, "%a %b %d %H:%M:%S %Y", &printable); - if (strlen(timebuf) < TIME_BUF_SIZE) timebuf[strlen(timebuf)] = '\0'; - return (timebuf); +{ + PRExplodedTime printable; + char *timebuf; + + PR_ExplodeTime(time, PR_GMTParameters, &printable); + timebuf = PORT_Alloc(TIME_BUF_SIZE); + (void) PR_FormatTime(timebuf, TIME_BUF_SIZE, "%a %b %d %H:%M:%S %Y", &printable); + if (strlen(timebuf) < TIME_BUF_SIZE) timebuf[strlen(timebuf)] = '\0'; + return (timebuf); } /* Uses the password passed in the -f(pwfile) argument of the command line. @@ -173,19 +173,19 @@ static int warning(FILE *out, const char *filename, const char *hostname, /* Note that filename can be the cert nickname. */ int renew = 1; char subj[50]; - PRTime prtimeDiff; - - LL_SUB(prtimeDiff, end, start); + PRTime prtimeDiff; + + LL_SUB(prtimeDiff, end, start); if ( LL_CMP(start, >, now) ) { strcpy(subj, "is not yet valid"); renew = 0; } else if (LL_EQ(now, end)) { - strcpy(subj, "will expire today"); + strcpy(subj, "will expire today"); } else if (LL_EQ(prtimeDiff, 1)) { - sprintf(subj, "will expire tomorrow"); + sprintf(subj, "will expire tomorrow"); } else if (LL_CMP(prtimeDiff, <, warn_period)) { - sprintf(subj, "will expire on %s", AsciiTime(end)); + sprintf(subj, "will expire on %s", AsciiTime(end)); { int days; /* days till expiry */ LL_L2I(days, prtimeDiff); @@ -276,8 +276,8 @@ static int check_cert(const char *name, int byNickname, int quiet) /* parse the cert */ cert = byNickname - ? CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char *)name) - : PEMUTIL_PEM_read_X509(name); + ? CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char *)name) + : PEMUTIL_PEM_read_X509(name); if (cert == NULL) return -1; /* determine the validity period of the cert. */ @@ -304,7 +304,7 @@ cleanup: if (!doWarning) return -1; return warning(stdout, name, cname, validity, - notBefore, notAfter, PR_Now(), quiet); + notBefore, notAfter, PR_Now(), quiet); } int main(int argc, char **argv) @@ -375,16 +375,16 @@ int main(int argc, char **argv) PK11_SetPasswordFunc(GetModulePassword); } } else { - /* cert in a pem file */ + /* cert in a pem file */ char *certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */ if (!certDir) { certDir = "/etc/pki/nssdb"; } - if (NSS_Initialize(certDir, certDBPrefix, keyDBPrefix, + if (NSS_Initialize(certDir, certDBPrefix, keyDBPrefix, SECMOD_DB, NSS_INIT_READONLY) != SECSuccess) { - printf("NSS_Init(\"%s\") failed\n", certDir); + printf("NSS_Init(\"%s\") failed\n", certDir); return EXIT_FAILURE; - } + } } /* When byNickname is 1 argv[optind] is a nickname otherwise a filename. */ diff --git a/keyutil.c b/keyutil.c index 80f5453..d8a89a3 100755 --- a/keyutil.c +++ b/keyutil.c @@ -116,17 +116,17 @@ #include "keyutil.h" #include "secutil.h" -#define MIN_KEY_BITS 512 +#define MIN_KEY_BITS 512 /* MAX_KEY_BITS should agree with MAX_RSA_MODULUS in freebl */ -#define MAX_KEY_BITS 8192 -#define DEFAULT_KEY_BITS 1024 +#define MAX_KEY_BITS 8192 +#define DEFAULT_KEY_BITS 1024 -#define SEC_CT_PRIVATE_KEY "private-key" -#define SEC_CT_PUBLIC_KEY "public-key" -#define SEC_CT_CERTIFICATE "certificate" -#define SEC_CT_CERTIFICATE_REQUEST "certificate-request" -#define SEC_CT_PKCS7 "pkcs7" -#define SEC_CT_CRL "crl" +#define SEC_CT_PRIVATE_KEY "private-key" +#define SEC_CT_PUBLIC_KEY "public-key" +#define SEC_CT_CERTIFICATE "certificate" +#define SEC_CT_CERTIFICATE_REQUEST "certificate-request" +#define SEC_CT_PKCS7 "pkcs7" +#define SEC_CT_CRL "crl" #define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----" #define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----" @@ -153,7 +153,7 @@ #define GEN_BREAK(e) rv=e; break; struct tuple_str { - PRErrorCode errNum; + PRErrorCode errNum; const char * errString; }; @@ -173,19 +173,19 @@ Usage(char *progName) { fprintf(stderr, "Usage: %s [options] arguments\n", progName); fprintf(stderr, "-c command one of [genreq|makecert]"); - fprintf(stderr, "-s subject subject distingusehed name"); - fprintf(stderr, "-g keysize in bits"); - fprintf(stderr, "-v validity in months"); - fprintf(stderr, "-z noise file"); - fprintf(stderr, "-f key encryption password file"); - fprintf(stderr, "-f module access password file"); - fprintf(stderr, "-d digest algorithm"); - fprintf(stderr, "-i input (key to encrypt)"); - fprintf(stderr, "-k key out, when csr or cert generation"); - fprintf(stderr, "-o output (a csr or cert)"); - fprintf(stderr, "-p passout, the pbe password"); - fprintf(stderr, "\n"); - exit(1); + fprintf(stderr, "-s subject subject distingusehed name"); + fprintf(stderr, "-g keysize in bits"); + fprintf(stderr, "-v validity in months"); + fprintf(stderr, "-z noise file"); + fprintf(stderr, "-f key encryption password file"); + fprintf(stderr, "-f module access password file"); + fprintf(stderr, "-d digest algorithm"); + fprintf(stderr, "-i input (key to encrypt)"); + fprintf(stderr, "-k key out, when csr or cert generation"); + fprintf(stderr, "-o output (a csr or cert)"); + fprintf(stderr, "-p passout, the pbe password"); + fprintf(stderr, "\n"); + exit(1); } static CERTCertificateRequest * @@ -199,50 +199,50 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii) reqDER.data = NULL; do { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - GEN_BREAK (SECFailure); - } - - rv = SECU_ReadDERFromFile(&reqDER, inFile, ascii); - if (rv) { - break; - } + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (arena == NULL) { + GEN_BREAK (SECFailure); + } + + rv = SECU_ReadDERFromFile(&reqDER, inFile, ascii); + if (rv) { + break; + } certReq = (CERTCertificateRequest*) PORT_ArenaZAlloc - (arena, sizeof(CERTCertificateRequest)); + (arena, sizeof(CERTCertificateRequest)); if (!certReq) { GEN_BREAK(SECFailure); } - certReq->arena = arena; + certReq->arena = arena; - /* Since cert request is a signed data, must decode to get the inner - data - */ - PORT_Memset(&signedData, 0, sizeof(signedData)); - rv = SEC_ASN1DecodeItem(arena, &signedData, - SEC_ASN1_GET(CERT_SignedDataTemplate), &reqDER); - if (rv) { - break; - } - rv = SEC_ASN1DecodeItem(arena, certReq, - SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data); - if (rv) { - break; - } - rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData, - &certReq->subjectPublicKeyInfo, NULL /* wincx */); + /* Since cert request is a signed data, must decode to get the inner + data + */ + PORT_Memset(&signedData, 0, sizeof(signedData)); + rv = SEC_ASN1DecodeItem(arena, &signedData, + SEC_ASN1_GET(CERT_SignedDataTemplate), &reqDER); + if (rv) { + break; + } + rv = SEC_ASN1DecodeItem(arena, certReq, + SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data); + if (rv) { + break; + } + rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData, + &certReq->subjectPublicKeyInfo, NULL /* wincx */); } while (0); if (reqDER.data) { - SECITEM_FreeItem(&reqDER, PR_FALSE); + SECITEM_FreeItem(&reqDER, PR_FALSE); } if (rv) { - SECU_PrintError(progName, "bad certificate request\n"); - if (arena) { - PORT_FreeArena(arena, PR_FALSE); - } - certReq = NULL; + SECU_PrintError(progName, "bad certificate request\n"); + if (arena) { + PORT_FreeArena(arena, PR_FALSE); + } + certReq = NULL; } return certReq; @@ -251,7 +251,7 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii) static SECStatus CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii, - const char *emailAddrs, const char *dnsNames, + const char *emailAddrs, const char *dnsNames, certutilExtnList extnList, PRFileDesc *outFile) { @@ -268,27 +268,27 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, /* Create info about public key */ spki = SECKEY_CreateSubjectPublicKeyInfo(pubk); if (!spki) { - SECU_PrintError(progName, "unable to create subject public key"); - return SECFailure; + SECU_PrintError(progName, "unable to create subject public key"); + return SECFailure; } /* Generate certificate request */ cr = CERT_CreateCertificateRequest(subject, spki, NULL); if (!cr) { - SECU_PrintError(progName, "unable to make certificate request"); - return SECFailure; + SECU_PrintError(progName, "unable to make certificate request"); + return SECFailure; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - return SECFailure; + SECU_PrintError(progName, "out of memory"); + return SECFailure; } extHandle = CERT_StartCertificateRequestAttributes(cr); if (extHandle == NULL) { PORT_FreeArena (arena, PR_FALSE); - return SECFailure; + return SECFailure; } if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList) != SECSuccess) { @@ -302,83 +302,83 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, encoding = SEC_ASN1EncodeItem(arena, NULL, cr, SEC_ASN1_GET(CERT_CertificateRequestTemplate)); if (encoding == NULL) { - SECU_PrintError(progName, "der encoding of request failed"); - return SECFailure; + SECU_PrintError(progName, "der encoding of request failed"); + return SECFailure; } /* Sign the request */ signAlgTag = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag); if (signAlgTag == SEC_OID_UNKNOWN) { - SECU_PrintError(progName, "unknown Key or Hash type"); - return SECFailure; + SECU_PrintError(progName, "unknown Key or Hash type"); + return SECFailure; } rv = SEC_DerSignData(arena, &result, encoding->data, encoding->len, - privk, signAlgTag); + privk, signAlgTag); if (rv) { - SECU_PrintError(progName, "signing of data failed"); - return SECFailure; + SECU_PrintError(progName, "signing of data failed"); + return SECFailure; } /* Encode request in specified format */ if (ascii) { - char *obuf; - char *name, *email, *org, *state, *country; - SECItem *it; - int total; + char *obuf; + char *name, *email, *org, *state, *country; + SECItem *it; + int total; - it = &result; + it = &result; - obuf = BTOA_ConvertItemToAscii(it); - total = PL_strlen(obuf); + obuf = BTOA_ConvertItemToAscii(it); + total = PL_strlen(obuf); - name = CERT_GetCommonName(subject); - if (!name) { - name = strdup("(not specified)"); - } + name = CERT_GetCommonName(subject); + if (!name) { + name = strdup("(not specified)"); + } - if (!phone) - phone = strdup("(not specified)"); + if (!phone) + phone = strdup("(not specified)"); - email = CERT_GetCertEmailAddress(subject); - if (!email) - email = strdup("(not specified)"); + email = CERT_GetCertEmailAddress(subject); + if (!email) + email = strdup("(not specified)"); - org = CERT_GetOrgName(subject); - if (!org) - org = strdup("(not specified)"); + org = CERT_GetOrgName(subject); + if (!org) + org = strdup("(not specified)"); - state = CERT_GetStateName(subject); - if (!state) - state = strdup("(not specified)"); + state = CERT_GetStateName(subject); + if (!state) + state = strdup("(not specified)"); - country = CERT_GetCountryName(subject); - if (!country) - country = strdup("(not specified)"); + country = CERT_GetCountryName(subject); + if (!country) + country = strdup("(not specified)"); - PR_fprintf(outFile, "%s\n", NS_CERTREQ_HEADER); - numBytes = PR_Write(outFile, obuf, total); - if (numBytes != total) { - SECU_PrintSystemError(progName, "write error"); - return SECFailure; - } - PR_fprintf(outFile, "\n%s\n", NS_CERTREQ_TRAILER); + PR_fprintf(outFile, "%s\n", NS_CERTREQ_HEADER); + numBytes = PR_Write(outFile, obuf, total); + if (numBytes != total) { + SECU_PrintSystemError(progName, "write error"); + return SECFailure; + } + PR_fprintf(outFile, "\n%s\n", NS_CERTREQ_TRAILER); } else { - numBytes = PR_Write(outFile, result.data, result.len); - if (numBytes != (int)result.len) { - SECU_PrintSystemError(progName, "write error"); - return SECFailure; - } + numBytes = PR_Write(outFile, result.data, result.len); + if (numBytes != (int)result.len) { + SECU_PrintSystemError(progName, "write error"); + return SECFailure; + } } return SECSuccess; } static CERTCertificate * -MakeV1Cert(CERTCertDBHandle * handle, - CERTCertificateRequest *req, - char *issuerNickName, - PRBool selfsign, - unsigned int serialNumber, - int warpmonths, +MakeV1Cert(CERTCertDBHandle * handle, + CERTCertificateRequest *req, + char *issuerNickName, + PRBool selfsign, + unsigned int serialNumber, + int warpmonths, int validityMonths) { CERTCertificate *issuerCert = NULL; @@ -388,20 +388,20 @@ MakeV1Cert(CERTCertDBHandle * handle, PRTime now, after; if ( !selfsign ) { - issuerCert = CERT_FindCertByNicknameOrEmailAddr(handle, issuerNickName); - if (!issuerCert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - issuerNickName); - return NULL; - } + issuerCert = CERT_FindCertByNicknameOrEmailAddr(handle, issuerNickName); + if (!issuerCert) { + SECU_PrintError(progName, "could not find certificate named \"%s\"", + issuerNickName); + return NULL; + } } now = PR_Now(); PR_ExplodeTime (now, PR_GMTParameters, &printableTime); if ( warpmonths ) { - printableTime.tm_month += warpmonths; - now = PR_ImplodeTime (&printableTime); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); + printableTime.tm_month += warpmonths; + now = PR_ImplodeTime (&printableTime); + PR_ExplodeTime (now, PR_GMTParameters, &printableTime); } printableTime.tm_month += validityMonths; after = PR_ImplodeTime (&printableTime); @@ -410,14 +410,14 @@ MakeV1Cert(CERTCertDBHandle * handle, validity = CERT_CreateValidity (now, after); if (validity) { cert = CERT_CreateCertificate(serialNumber, - (selfsign ? &req->subject - : &issuerCert->subject), - validity, req); + (selfsign ? &req->subject + : &issuerCert->subject), + validity, req); CERT_DestroyValidity(validity); } if ( issuerCert ) { - CERT_DestroyCertificate (issuerCert); + CERT_DestroyCertificate (issuerCert); } return(cert); @@ -436,34 +436,34 @@ SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, SECOidTag algID; void *dummy; - if ( !selfsign ) { + if ( !selfsign ) { CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, pwarg); if ( (CERTCertificate *)NULL == issuer ) { SECU_PrintError(progName, "unable to find issuer with nickname %s", - issuerNickName); + issuerNickName); return (SECItem *)NULL; } privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg); CERT_DestroyCertificate(issuer); if (caPrivateKey == NULL) { - SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName); - return NULL; + SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName); + return NULL; } } - + arena = cert->arena; algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, hashAlgTag); if (algID == SEC_OID_UNKNOWN) { - fprintf(stderr, "Unknown key or hash type for issuer."); - goto done; + fprintf(stderr, "Unknown key or hash type for issuer."); + goto done; } rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0); if (rv != SECSuccess) { - fprintf(stderr, "Could not set signature algorithm id."); - goto done; + fprintf(stderr, "Could not set signature algorithm id."); + goto done; } /* we only deal with cert v3 here */ @@ -473,95 +473,95 @@ SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, der.len = 0; der.data = NULL; dummy = SEC_ASN1EncodeItem (arena, &der, cert, - SEC_ASN1_GET(CERT_CertificateTemplate)); + SEC_ASN1_GET(CERT_CertificateTemplate)); if (!dummy) { - fprintf (stderr, "Could not encode certificate.\n"); - goto done; + fprintf (stderr, "Could not encode certificate.\n"); + goto done; } result = (SECItem *) PORT_ArenaZAlloc (arena, sizeof (SECItem)); if (result == NULL) { - fprintf (stderr, "Could not allocate item for certificate data.\n"); - goto done; + fprintf (stderr, "Could not allocate item for certificate data.\n"); + goto done; } rv = SEC_DerSignData(arena, result, der.data, der.len, privKey, algID); if (rv != SECSuccess) { - fprintf (stderr, "Could not sign encoded certificate data.\n"); - /* result allocated out of the arena, it will be freed - * when the arena is freed */ - result = NULL; - goto done; + fprintf (stderr, "Could not sign encoded certificate data.\n"); + /* result allocated out of the arena, it will be freed + * when the arena is freed */ + result = NULL; + goto done; } cert->derCert = *result; done: if (caPrivateKey) { - SECKEY_DestroyPrivateKey(caPrivateKey); + SECKEY_DestroyPrivateKey(caPrivateKey); } return result; } static SECStatus CreateCert( - CERTCertDBHandle *handle, - char *issuerNickName, - PRFileDesc *inFile, - PRFileDesc *outFile, - SECKEYPrivateKey *selfsignprivkey, - void *pwarg, - SECOidTag hashAlgTag, - unsigned int serialNumber, - int warpmonths, - int validityMonths, - const char *emailAddrs, - const char *dnsNames, - PRBool ascii, - PRBool selfsign, - certutilExtnList extnList, + CERTCertDBHandle *handle, + char *issuerNickName, + PRFileDesc *inFile, + PRFileDesc *outFile, + SECKEYPrivateKey *selfsignprivkey, + void *pwarg, + SECOidTag hashAlgTag, + unsigned int serialNumber, + int warpmonths, + int validityMonths, + const char *emailAddrs, + const char *dnsNames, + PRBool ascii, + PRBool selfsign, + certutilExtnList extnList, CERTCertificate **outCert) { void *extHandle; SECItem *certDER; - PRArenaPool *arena = NULL; + PRArenaPool *arena = NULL; SECItem reqDER; CERTCertExtension **CRexts; - CERTCertificate *subjectCert = NULL; - CERTCertificateRequest *certReq = NULL; - SECStatus rv = SECSuccess; + CERTCertificate *subjectCert = NULL; + CERTCertificateRequest *certReq = NULL; + SECStatus rv = SECSuccess; reqDER.data = NULL; do { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - GEN_BREAK (SECFailure); - } - - /* Create a certrequest object from the input cert request der */ - certReq = GetCertRequest(inFile, ascii); - if (certReq == NULL) { - GEN_BREAK (SECFailure) - } + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!arena) { + GEN_BREAK (SECFailure); + } + + /* Create a certrequest object from the input cert request der */ + certReq = GetCertRequest(inFile, ascii); + if (certReq == NULL) { + GEN_BREAK (SECFailure) + } - subjectCert = MakeV1Cert (handle, certReq, issuerNickName, selfsign, - serialNumber, warpmonths, validityMonths); - if (subjectCert == NULL) { - GEN_BREAK (SECFailure) - } + subjectCert = MakeV1Cert (handle, certReq, issuerNickName, selfsign, + serialNumber, warpmonths, validityMonths); + if (subjectCert == NULL) { + GEN_BREAK (SECFailure) + } extHandle = CERT_StartCertExtensions (subjectCert); - if (extHandle == NULL) { - GEN_BREAK (SECFailure) - } + if (extHandle == NULL) { + GEN_BREAK (SECFailure) + } rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList); if (rv != SECSuccess) { - GEN_BREAK (SECFailure) - } + GEN_BREAK (SECFailure) + } if (certReq->attributes != NULL && certReq->attributes[0] != NULL && - certReq->attributes[0]->attrType.data != NULL && - certReq->attributes[0]->attrType.len > 0 && + certReq->attributes[0]->attrType.data != NULL && + certReq->attributes[0]->attrType.len > 0 && SECOID_FindOIDTag(&certReq->attributes[0]->attrType) == SEC_OID_PKCS9_EXTENSION_REQUEST) { rv = CERT_GetCertificateRequestExtensions(certReq, &CRexts); @@ -575,13 +575,13 @@ CreateCert( CERT_FinishExtensions(extHandle); certDER = SignCert(handle, subjectCert, selfsign, hashAlgTag, - selfsignprivkey, issuerNickName,pwarg); + selfsignprivkey, issuerNickName,pwarg); if (certDER) { if (ascii) { PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CERT_HEADER, BTOA_DataToAscii(certDER->data, certDER->len), - NS_CERT_TRAILER); + NS_CERT_TRAILER); } else { PR_Write(outFile, certDER->data, certDER->len); } @@ -592,12 +592,12 @@ CreateCert( CERT_DestroyCertificateRequest(certReq); PORT_FreeArena (arena, PR_FALSE); if (rv == SECSuccess) { - PR_fprintf(PR_STDOUT, "%s Copying the cert pointer\n", progName); + PR_fprintf(PR_STDOUT, "%s Copying the cert pointer\n", progName); *outCert = subjectCert; } else { - PRErrorCode perr = PR_GetError(); + PRErrorCode perr = PR_GetError(); fprintf(stderr, "%s: unable to create cert, (%s)\n", - progName, SECU_Strerror(perr)); + progName, SECU_Strerror(perr)); if (subjectCert) CERT_DestroyCertificate (subjectCert); } @@ -605,9 +605,6 @@ CreateCert( return (rv); } -//static certutilExtnList certutil_extns; - -//struct KeyPairStr { SECKEYPrivateKey *refPrivk; SECKEYPublicKey *pubkey; }; typedef struct KeyPairStr KeyPair; @@ -618,7 +615,7 @@ typedef struct _PrivateKeyStr PrivateKey; typedef enum _CommandType { cmd_CertReq, cmd_CreateNewCert, - cmd_ImportKey + cmd_ImportKey } CommandType; @@ -630,11 +627,11 @@ PRBool GetKeyPassword(const char *pwFile, SECItem *pwitem) PRInt32 nb; if (!pwFile) - return PR_FALSE; + return PR_FALSE; fd = PR_Open(pwFile, PR_RDONLY, 0); if (!fd) - return PR_FALSE; + return PR_FALSE; nb = PR_Read(fd, phrase, sizeof(phrase)); PR_Close(fd); @@ -642,15 +639,15 @@ PRBool GetKeyPassword(const char *pwFile, SECItem *pwitem) /* handle the Windows EOL case */ i = 0; while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb) - i++; + i++; phrase[i] = '\0'; if (nb == 0) return PR_FALSE; - pwitem->data = (unsigned char *) PORT_Strdup((char*)phrase); - pwitem->len = (unsigned int) strlen((char*)phrase); - pwitem->type = siBuffer; - + pwitem->data = (unsigned char *) PORT_Strdup((char*)phrase); + pwitem->len = (unsigned int) strlen((char*)phrase); + pwitem->type = siBuffer; + return PR_TRUE; } @@ -661,7 +658,7 @@ UpdateRNG(void) char randbuf[RAND_BUF_SIZE]; int fd, count; int c; - int rv = 0; + int rv = 0; cc_t orig_cc_min; cc_t orig_cc_time; tcflag_t orig_lflag; @@ -699,16 +696,16 @@ UpdateRNG(void) /* Get random noise from keyboard strokes */ count = 0; while (count < sizeof randbuf) { - c = getc(stdin); - if (c == EOF) { - rv = -1; - break; - } - randbuf[count] = c; - if (count == 0 || c != randbuf[count-1]) { - count++; - FPS "*"); - } + c = getc(stdin); + if (c == EOF) { + rv = -1; + break; + } + randbuf[count] = c; + if (count == 0 || c != randbuf[count-1]) { + count++; + FPS "*"); + } } PK11_RandomUpdate(randbuf, sizeof randbuf); memset(randbuf, 0, sizeof randbuf); @@ -717,9 +714,9 @@ UpdateRNG(void) FPS "Finished. Press enter to continue: "); while ((c = getc(stdin)) != '\n' && c != EOF) - ; + ; if (c == EOF) - rv = -1; + rv = -1; FPS "\n"); #undef FPS @@ -743,15 +740,15 @@ CERTUTIL_FileForRNG(const char *noise) fd = PR_Open(noise,PR_RDONLY,0); if (!fd) { - fprintf(stderr, "%s: failed to open noise file %s\n", progName, noise); - return SECFailure; + fprintf(stderr, "%s: failed to open noise file %s\n", progName, noise); + return SECFailure; } do { - count = PR_Read(fd,buf,sizeof(buf)); - if (count > 0) { - PK11_RandomUpdate(buf,count); - } + count = PR_Read(fd,buf,sizeof(buf)); + if (count > 0) { + PK11_RandomUpdate(buf,count); + } } while (count > 0); PR_Close(fd); @@ -760,10 +757,10 @@ CERTUTIL_FileForRNG(const char *noise) SECKEYPrivateKey * GenerateRSAPrivateKey(KeyType keytype, - PK11SlotInfo *slot, + PK11SlotInfo *slot, int rsasize, int publicExponent, - char *noise, + char *noise, SECKEYPublicKey **pubkeyp, secuPWData *accessPassword) { @@ -772,27 +769,27 @@ GenerateRSAPrivateKey(KeyType keytype, SECKEYPrivateKey * privKey = NULL; if (slot == NULL) - return NULL; + return NULL; if (PK11_Authenticate(slot, PR_TRUE, accessPassword) != SECSuccess) - return NULL; + return NULL; /* * Do some random-number initialization. */ if (noise) { - SECStatus rv = CERTUTIL_FileForRNG(noise); - if (rv != SECSuccess) { - PORT_SetError(PR_END_OF_FILE_ERROR); /* XXX */ - return NULL; - } + SECStatus rv = CERTUTIL_FileForRNG(noise); + if (rv != SECSuccess) { + PORT_SetError(PR_END_OF_FILE_ERROR); /* XXX */ + return NULL; + } } else { - int rv = UpdateRNG(); - if (rv) { - PORT_SetError(PR_END_OF_FILE_ERROR); - return NULL; - } + int rv = UpdateRNG(); + if (rv) { + PORT_SetError(PR_END_OF_FILE_ERROR); + return NULL; + } } rsaparams.keySizeInBits = rsasize; @@ -803,7 +800,7 @@ GenerateRSAPrivateKey(KeyType keytype, fprintf(stderr, "Generating key. This may take a few moments...\n\n"); privKey = PK11_GenerateKeyPair(slot, - mechanism, &rsaparams, pubkeyp, + mechanism, &rsaparams, pubkeyp, PR_FALSE /* isPerm */, PR_TRUE /* isSensitive*/, accessPassword /* wincx */ @@ -816,7 +813,7 @@ GenerateRSAPrivateKey(KeyType keytype, static SECStatus ValidateCert(CERTCertDBHandle *handle, CERTCertificate *cert, char *name, char *date, - char *certUsage, PRBool checkSig, PRBool logit, secuPWData *accessPassword) + char *certUsage, PRBool checkSig, PRBool logit, secuPWData *accessPassword) { SECStatus rv; int64 timeBoundary; @@ -825,92 +822,92 @@ ValidateCert(CERTCertDBHandle *handle, CERTCertificate *cert, char *name, char CERTVerifyLog *log = NULL; if (!certUsage) { - PORT_SetError (SEC_ERROR_INVALID_ARGS); - return (SECFailure); + PORT_SetError (SEC_ERROR_INVALID_ARGS); + return (SECFailure); } switch (*certUsage) { - case 'O': - usage = certificateUsageStatusResponder; - break; - case 'C': - usage = certificateUsageSSLClient; - break; - case 'V': - usage = certificateUsageSSLServer; - break; - case 'S': - usage = certificateUsageEmailSigner; - break; - case 'R': - usage = certificateUsageEmailRecipient; - break; - case 'J': - usage = certificateUsageObjectSigner; - break; - default: - PORT_SetError (SEC_ERROR_INVALID_ARGS); - return (SECFailure); + case 'O': + usage = certificateUsageStatusResponder; + break; + case 'C': + usage = certificateUsageSSLClient; + break; + case 'V': + usage = certificateUsageSSLServer; + break; + case 'S': + usage = certificateUsageEmailSigner; + break; + case 'R': + usage = certificateUsageEmailRecipient; + break; + case 'J': + usage = certificateUsageObjectSigner; + break; + default: + PORT_SetError (SEC_ERROR_INVALID_ARGS); + return (SECFailure); } do { - if (date != NULL) { - rv = DER_AsciiToTime(&timeBoundary, date); - if (rv) { - SECU_PrintError(progName, "invalid input date"); - GEN_BREAK (SECFailure) - } - } else { - timeBoundary = PR_Now(); - } + if (date != NULL) { + rv = DER_AsciiToTime(&timeBoundary, date); + if (rv) { + SECU_PrintError(progName, "invalid input date"); + GEN_BREAK (SECFailure) + } + } else { + timeBoundary = PR_Now(); + } - if ( logit ) { - log = &reallog; - - log->count = 0; - log->head = NULL; - log->tail = NULL; - log->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( log->arena == NULL ) { - SECU_PrintError(progName, "out of memory"); - GEN_BREAK (SECFailure) - } - } - fprintf(stdout, "%s: CERT_VerifyCertificate called\n", progName); - rv = CERT_VerifyCertificate(handle, cert, checkSig, usage, - timeBoundary, accessPassword, log, &usage); - fprintf(stdout, "%s: CERT_VerifyCertificate returned %d\n", progName, rv); - - if ( log ) { - if ( log->head == NULL ) { - fprintf(stdout, "%s: certificate is valid\n", progName); - GEN_BREAK (SECSuccess) - } else { - char *name; - CERTVerifyLogNode *node; - - node = log->head; - while ( node ) { - if (node->cert->nickname != NULL) { - name = node->cert->nickname; - } else { - name = node->cert->subjectName; - } - fprintf(stderr, "%s : %ld\n", name, node->error); - CERT_DestroyCertificate(node->cert); - node = node->next; - } - } - } else { - if (rv != SECSuccess) { - PRErrorCode perr = PORT_GetError(); - fprintf(stdout, "%s: certificate is invalid: %s\n", - progName, SECU_Strerror(perr)); - GEN_BREAK (SECFailure) - } - fprintf(stdout, "%s: certificate is valid\n", progName); - GEN_BREAK (SECSuccess) - } - + if ( logit ) { + log = &reallog; + + log->count = 0; + log->head = NULL; + log->tail = NULL; + log->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if ( log->arena == NULL ) { + SECU_PrintError(progName, "out of memory"); + GEN_BREAK (SECFailure) + } + } + fprintf(stdout, "%s: CERT_VerifyCertificate called\n", progName); + rv = CERT_VerifyCertificate(handle, cert, checkSig, usage, + timeBoundary, accessPassword, log, &usage); + fprintf(stdout, "%s: CERT_VerifyCertificate returned %d\n", progName, rv); + + if ( log ) { + if ( log->head == NULL ) { + fprintf(stdout, "%s: certificate is valid\n", progName); + GEN_BREAK (SECSuccess) + } else { + char *name; + CERTVerifyLogNode *node; + + node = log->head; + while ( node ) { + if (node->cert->nickname != NULL) { + name = node->cert->nickname; + } else { + name = node->cert->subjectName; + } + fprintf(stderr, "%s : %ld\n", name, node->error); + CERT_DestroyCertificate(node->cert); + node = node->next; + } + } + } else { + if (rv != SECSuccess) { + PRErrorCode perr = PORT_GetError(); + fprintf(stdout, "%s: certificate is invalid: %s\n", + progName, SECU_Strerror(perr)); + GEN_BREAK (SECFailure) + } + fprintf(stdout, "%s: certificate is valid\n", progName); + GEN_BREAK (SECSuccess) + } + } while (0); if (cert) { @@ -925,529 +922,528 @@ ValidateCert(CERTCertDBHandle *handle, CERTCertificate *cert, char *name, char */ static SECStatus ImportKey(CERTCertDBHandle *certHandle, - const char *passwordfile, - const char *keyfile, PRBool ascii) + const char *passwordfile, + const char *keyfile, PRBool ascii) { - SECStatus rv = SECSuccess; - PRFileDesc *inFile = NULL; - SECItem nickname = { siBuffer, (unsigned char *) "nick", 4 }; - SECItem der = { 0, NULL, 0 }; - unsigned char myData[20]; - SECItem dummy; - PK11SlotInfo *slot = NULL; + SECStatus rv = SECSuccess; + PRFileDesc *inFile = NULL; + SECItem nickname = { siBuffer, (unsigned char *) "nick", 4 }; + SECItem der = { 0, NULL, 0 }; + unsigned char myData[20]; + SECItem dummy; + PK11SlotInfo *slot = NULL; - SECKEYEncryptedPrivateKeyInfo epki; - PRArenaPool *arena = NULL; - SECItem pwitem = { 0, NULL, 0 }; - secuPWData accessPassword = { 0, NULL }; - - do { - if (passwordfile) { - if (!GetKeyPassword(passwordfile, &pwitem)) - return 255; - } else { - PR_fprintf(PR_STDERR, - "%s export/import of clear keys not impemented yet\n", - progName); - } - - inFile = PR_Open(keyfile, PR_RDONLY, 0); - if (!inFile) GEN_BREAK(SEC_ERROR_IO); - - rv = SECU_ReadDERFromFile(&der, inFile, ascii); - if (rv != SECSuccess) break; + SECKEYEncryptedPrivateKeyInfo epki; + PRArenaPool *arena = NULL; + SECItem pwitem = { 0, NULL, 0 }; + secuPWData accessPassword = { 0, NULL }; + + do { + if (passwordfile) { + if (!GetKeyPassword(passwordfile, &pwitem)) + return 255; + } else { + PR_fprintf(PR_STDERR, + "%s export/import of clear keys not impemented yet\n", + progName); + } + + inFile = PR_Open(keyfile, PR_RDONLY, 0); + if (!inFile) GEN_BREAK(SEC_ERROR_IO); + + rv = SECU_ReadDERFromFile(&der, inFile, ascii); + if (rv != SECSuccess) break; - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) GEN_BREAK(SEC_ERROR_NO_MEMORY); - epki.arena = arena; + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!arena) GEN_BREAK(SEC_ERROR_NO_MEMORY); + epki.arena = arena; - rv = SEC_QuickDERDecodeItem(arena, &epki, - SECKEY_EncryptedPrivateKeyInfoTemplate, &der); - if (rv) { - SECU_PrintError(progName, - "unable to SEC_QuickDERDecodeItem the private key"); - break; - } - - /* whatever garbage bytes are the stack are okay */ - dummy.data = myData; - dummy.len = sizeof(myData); - - slot = PK11_GetInternalSlot(); - rv = PK11_ImportEncryptedPrivateKeyInfo(slot, - &epki, &pwitem, &nickname, &dummy, - PR_FALSE, PR_TRUE, /* not permanent, private */ - rsaKey, 0, /* signing */ - &accessPassword - ); - if (rv) { - SECU_PrintError(progName, - "Unable to Import Encrypted PrivateKey into database"); - } - - } while (0); + rv = SEC_QuickDERDecodeItem(arena, &epki, + SECKEY_EncryptedPrivateKeyInfoTemplate, &der); + if (rv) { + SECU_PrintError(progName, + "unable to SEC_QuickDERDecodeItem the private key"); + break; + } + + /* whatever garbage bytes are the stack are okay */ + dummy.data = myData; + dummy.len = sizeof(myData); + + slot = PK11_GetInternalSlot(); + rv = PK11_ImportEncryptedPrivateKeyInfo(slot, + &epki, &pwitem, &nickname, &dummy, + PR_FALSE, PR_TRUE, /* not permanent, private */ + rsaKey, 0, /* signing */ + &accessPassword + ); + if (rv) { + SECU_PrintError(progName, + "Unable to Import Encrypted PrivateKey into database"); + } + + } while (0); - printf("Imported encrypted private key into the database\n"); + printf("Imported encrypted private key into the database\n"); - if (arena) - PORT_FreeArena(arena, PR_TRUE); + if (arena) + PORT_FreeArena(arena, PR_TRUE); if (inFile) PR_Close(inFile); - return rv; + return rv; } /* Decrypt the private key */ SECStatus DecryptKey( - SECKEYEncryptedPrivateKeyInfo *epki, + SECKEYEncryptedPrivateKeyInfo *epki, SECOidTag algTag, SECItem *pwitem, secuPWData *accessPassword, SECItem **derPKI ) { - PLArenaPool *arena = NULL; - SECItem *cryptoParam = NULL; - PK11SymKey *symKey = NULL; - PK11Context *ctx = NULL; - SECItem *dest = NULL; - SECStatus rv = SECSuccess; + PLArenaPool *arena = NULL; + SECItem *cryptoParam = NULL; + PK11SymKey *symKey = NULL; + PK11Context *ctx = NULL; + SECItem *dest = NULL; + SECStatus rv = SECSuccess; if (!pwitem) { - return SEC_ERROR_INVALID_ARGS; + return SEC_ERROR_INVALID_ARGS; } - - do { - SECAlgorithmID algid = epki->algorithm; - CK_MECHANISM_TYPE cryptoMechType; - CK_MECHANISM cryptoMech; - CK_ATTRIBUTE_TYPE operation = CKA_DECRYPT; - - /* don't know if this will work */ - symKey = PK11_PBEKeyGen(PK11_GetInternalSlot(), - &algid, pwitem, PR_FALSE, accessPassword); - if (symKey == NULL) { - ERROR_BREAK; - } - - cryptoMechType = PK11_GetPBECryptoMechanism(&algid, &cryptoParam, pwitem); - if (cryptoMechType == CKM_INVALID_MECHANISM) { - ERROR_BREAK; - } - - cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMechType); - cryptoMech.pParameter = cryptoParam ? cryptoParam->data : NULL; - cryptoMech.ulParameterLen = cryptoParam ? cryptoParam->len : 0; + + do { + SECAlgorithmID algid = epki->algorithm; + CK_MECHANISM_TYPE cryptoMechType; + CK_MECHANISM cryptoMech; + CK_ATTRIBUTE_TYPE operation = CKA_DECRYPT; + + /* don't know if this will work */ + symKey = PK11_PBEKeyGen(PK11_GetInternalSlot(), + &algid, pwitem, PR_FALSE, accessPassword); + if (symKey == NULL) { + ERROR_BREAK; + } + + cryptoMechType = PK11_GetPBECryptoMechanism(&algid, &cryptoParam, pwitem); + if (cryptoMechType == CKM_INVALID_MECHANISM) { + ERROR_BREAK; + } + + cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMechType); + cryptoMech.pParameter = cryptoParam ? cryptoParam->data : NULL; + cryptoMech.ulParameterLen = cryptoParam ? cryptoParam->len : 0; - ctx = PK11_CreateContextBySymKey(cryptoMechType, operation, symKey, cryptoParam); - if (ctx == NULL) { - ERROR_BREAK; - } + ctx = PK11_CreateContextBySymKey(cryptoMechType, operation, symKey, cryptoParam); + if (ctx == NULL) { + ERROR_BREAK; + } - arena = PORT_NewArena(2048); - if (!arena) { - GEN_BREAK(PR_OUT_OF_MEMORY_ERROR); - } + arena = PORT_NewArena(2048); + if (!arena) { + GEN_BREAK(PR_OUT_OF_MEMORY_ERROR); + } - dest = malloc(sizeof(SECItem)); - assert(dest); - dest->data = PORT_ArenaAlloc(arena, epki->encryptedData.len); - dest->len = 0; - dest->type = siBuffer; /* siClearDataBuffer? */ - - rv = PK11_CipherOp(ctx, - dest->data, /* out */ - (int *)(&dest->len), /* out len */ - (int)epki->encryptedData.len, /* max out */ - epki->encryptedData.data, /* in */ - (int)epki->encryptedData.len); /* in len */ - - assert(dest->len == epki->encryptedData.len); - assert(rv == SECSuccess); - rv = PK11_Finalize(ctx); - assert(rv == SECSuccess); - + dest = malloc(sizeof(SECItem)); + assert(dest); + dest->data = PORT_ArenaAlloc(arena, epki->encryptedData.len); + dest->len = 0; + dest->type = siBuffer; /* siClearDataBuffer? */ + + rv = PK11_CipherOp(ctx, + dest->data, /* out */ + (int *)(&dest->len), /* out len */ + (int)epki->encryptedData.len, /* max out */ + epki->encryptedData.data, /* in */ + (int)epki->encryptedData.len); /* in len */ + + assert(dest->len == epki->encryptedData.len); + assert(rv == SECSuccess); + rv = PK11_Finalize(ctx); + assert(rv == SECSuccess); + } while (0); - /* cleanup */ - if (symKey) { - PK11_FreeSymKey(symKey); - } - if (cryptoParam) { - SECITEM_ZfreeItem(cryptoParam, PR_TRUE); - cryptoParam = NULL; + /* cleanup */ + if (symKey) { + PK11_FreeSymKey(symKey); + } + if (cryptoParam) { + SECITEM_ZfreeItem(cryptoParam, PR_TRUE); + cryptoParam = NULL; + } + if (ctx) { + PK11_DestroyContext(ctx, PR_TRUE); } - if (ctx) { - PK11_DestroyContext(ctx, PR_TRUE); - } - if (rv != SECSuccess) { - if (dest) { - if (arena) { - PORT_FreeArena(arena, PR_TRUE); - } - } - *derPKI = NULL; - } else { - *derPKI = dest; - } - - return rv; + if (rv != SECSuccess) { + if (dest) { + if (arena) { + PORT_FreeArena(arena, PR_TRUE); + } + } + *derPKI = NULL; + } else { + *derPKI = dest; + } + + return rv; } /* Output the private key to a file */ static SECStatus KeyOut(const char *keyoutfile, - const char *key_pwd_file, + const char *key_pwd_file, SECKEYPrivateKey *privkey, SECKEYPublicKey *pubkey, SECOidTag algTag, secuPWData *accessPassword, PRBool ascii) { - + #define PRAND_PASS_LEN 6 - - PRFileDesc *keyOutFile = NULL; - PRUint32 total = 0; - PRUint32 numBytes = 0; - SECItem *derEPKI = NULL; - SECItem *derPKI = NULL; - char *b64 = NULL; - SECItem pwitem = { 0, NULL, 0 }; - PRArenaPool *arena = NULL; - SECKEYEncryptedPrivateKeyInfo *epki = NULL; - unsigned char randomPassword[PRAND_PASS_LEN]; - - int rv = SECSuccess; + + PRFileDesc *keyOutFile = NULL; + PRUint32 total = 0; + PRUint32 numBytes = 0; + SECItem *derEPKI = NULL; + SECItem *derPKI = NULL; + char *b64 = NULL; + SECItem pwitem = { 0, NULL, 0 }; + PRArenaPool *arena = NULL; + SECKEYEncryptedPrivateKeyInfo *epki = NULL; + unsigned char randomPassword[PRAND_PASS_LEN]; + + int rv = SECSuccess; - do { - /* get the password from the file */ - if (key_pwd_file) { - if (!GetKeyPassword(key_pwd_file, &pwitem)) { - return 255; - } - } else { - /* No password file indicates the caller wants clear keys. - * Make up a dummy password to get NSS to export an encrypted - * key and then decrypt it - */ - rv = PK11_GenerateRandom(randomPassword, PRAND_PASS_LEN); - if (rv != SECSuccess) GEN_BREAK(rv); - pwitem.data = randomPassword; - pwitem.len = PRAND_PASS_LEN; - pwitem.type = siBuffer; - } - - keyOutFile = PR_Open(keyoutfile, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660); - if (!keyOutFile) { - PR_fprintf(PR_STDERR, + do { + /* Caller wants an encrypted key. Get + * the password from the file */ + if (key_pwd_file) { + if (!GetKeyPassword(key_pwd_file, &pwitem)) { + return 255; + } + } else { + /* Caller wants clear keys. Make up a dummy + * password to get NSS to export an encrypted + * key which we will decrypt. + */ + rv = PK11_GenerateRandom(randomPassword, PRAND_PASS_LEN); + if (rv != SECSuccess) GEN_BREAK(rv); + pwitem.data = randomPassword; + pwitem.len = PRAND_PASS_LEN; + pwitem.type = siBuffer; + } + + keyOutFile = PR_Open(keyoutfile, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660); + if (!keyOutFile) { + PR_fprintf(PR_STDERR, "%s -o: unable to open \"%s\" for writing\n", - progName, keyoutfile); - GEN_BREAK(255); - } + progName, keyoutfile); + GEN_BREAK(255); + } - epki = PK11_ExportEncryptedPrivKeyInfo(NULL, - algTag, &pwitem, privkey, 1000, accessPassword); - if (!epki) { - rv = PORT_GetError(); - SECU_PrintError(progName, - "Can't export private key info (%d)\n", rv); - GEN_BREAK(rv); - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - assert(arena); - - if (key_pwd_file) { - /* NULL dest to let it allocate memory for us */ - derEPKI = SEC_ASN1EncodeItem(arena, NULL, epki, - SECKEY_EncryptedPrivateKeyInfoTemplate); - if (rv != SECSuccess) { - PR_fprintf(PR_STDERR, "%s ASN1 Encode failed (%dl)\n", - progName, rv); - GEN_BREAK(rv); - } - - } else { - /* Make a decrypted key the one to write out. */ - rv = DecryptKey(epki, algTag, &pwitem, accessPassword, &derPKI); - if (rv) { - GEN_BREAK(rv); - } - } + epki = PK11_ExportEncryptedPrivKeyInfo(NULL, + algTag, &pwitem, privkey, 1000, accessPassword); + if (!epki) { + rv = PORT_GetError(); + SECU_PrintError(progName, + "Can't export private key info (%d)\n", rv); + GEN_BREAK(rv); + } + + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + assert(arena); + + if (key_pwd_file) { + /* NULL dest to let it allocate memory for us */ + derEPKI = SEC_ASN1EncodeItem(arena, NULL, epki, + SECKEY_EncryptedPrivateKeyInfoTemplate); + if (rv != SECSuccess) { + PR_fprintf(PR_STDERR, "%s ASN1 Encode failed (%dl)\n", + progName, rv); + GEN_BREAK(rv); + } + + } else { + /* Make a decrypted key the one to write out. */ + rv = DecryptKey(epki, algTag, &pwitem, accessPassword, &derPKI); + if (rv) { + GEN_BREAK(rv); + } + } if (ascii) { - /* we could be exporting a clear or encrypted key */ - SECItem *src = key_pwd_file ? derEPKI : derPKI; - char *header = key_pwd_file ? ENCRYPTED_KEY_HEADER : KEY_HEADER; - char *trailer = key_pwd_file ? ENCRYPTED_KEY_TRAILER : KEY_TRAILER; - - b64 = BTOA_ConvertItemToAscii(src); - assert(b64); - total = PL_strlen(b64); - + /* we could be exporting a clear or encrypted key */ + SECItem *src = key_pwd_file ? derEPKI : derPKI; + char *header = key_pwd_file ? ENCRYPTED_KEY_HEADER : KEY_HEADER; + char *trailer = key_pwd_file ? ENCRYPTED_KEY_TRAILER : KEY_TRAILER; + + b64 = BTOA_ConvertItemToAscii(src); + assert(b64); + total = PL_strlen(b64); + PR_fprintf(keyOutFile, "%s\n", header); - numBytes = PR_Write(keyOutFile, b64, total); - + numBytes = PR_Write(keyOutFile, b64, total); + if (numBytes != total) { - printf("Wrote %d bytes, instead of %d\n", numBytes, total); + printf("Wrote %d bytes, instead of %d\n", numBytes, total); } - - PR_fprintf(keyOutFile, "\n%s\n", trailer); - } else { - if (key_pwd_file) { - numBytes = PR_Write(keyOutFile, derEPKI, derEPKI->len); - } else { - numBytes = PR_Write(keyOutFile, derPKI, derPKI->len); - if (numBytes != derEPKI->len) { - printf("Wrote %d bytes, instead of %d\n", numBytes, derPKI->len); - } - - } + PR_fprintf(keyOutFile, "\n%s\n", trailer); + } else { + if (key_pwd_file) { + numBytes = PR_Write(keyOutFile, derEPKI, derEPKI->len); + } else { + numBytes = PR_Write(keyOutFile, derPKI, derPKI->len); + if (numBytes != derEPKI->len) { + printf("Wrote %d bytes, instead of %d\n", numBytes, derPKI->len); + } + } } - - printf("Wrote %d bytes of encoded data to %s \n", numBytes, keyoutfile); - /* can we read it and reverse operations */ - + + printf("Wrote %d bytes of encoded data to %s \n", numBytes, keyoutfile); + /* can we read it and reverse operations */ + } while (0); - + if (keyOutFile) { PR_Close(keyOutFile); } - if (arena) { - PORT_FreeArena(arena, PR_FALSE); + if (arena) { + PORT_FreeArena(arena, PR_FALSE); } - - if (!key_pwd_file) { - /* paranoia, this is stack-based object but we clear it anyway */ - int i; - for (i = 0; i< PRAND_PASS_LEN; i++) { - randomPassword[i]='\0'; - } - } - return rv; + + if (!key_pwd_file) { + /* paranoia, this is stack-based object but we clear it anyway */ + int i; + for (i = 0; i< PRAND_PASS_LEN; i++) { + randomPassword[i]='\0'; + } + } + return rv; } /* Generate a certificate signing request * or a self_signed certificate. */ static int keyutil_main( - CERTCertDBHandle *certHandle, - const char *noisefile, + CERTCertDBHandle *certHandle, + const char *noisefile, const char *access_pwd_file, const char *key_pwd_file, const char *subjectstr, int keysize, - int warpmonths, - int validityMonths, - PRBool ascii, + int warpmonths, + int validityMonths, + PRBool ascii, const char *certreqfile, const char *certfile, const char *keyoutfile) { - static certutilExtnList nullextnlist = {PR_FALSE}; - - CERTCertificate *cert = NULL; - PRFileDesc *outFile = NULL; - PRFileDesc *keyOutFile = NULL; + static certutilExtnList nullextnlist = {PR_FALSE}; + + CERTCertificate *cert = NULL; + PRFileDesc *outFile = NULL; + PRFileDesc *keyOutFile = NULL; CERTName *subject = NULL; - SECKEYPrivateKey *privkey = NULL; - SECKEYPublicKey *pubkey = NULL; + SECKEYPrivateKey *privkey = NULL; + SECKEYPublicKey *pubkey = NULL; /* PK11_GetInternalSlot() ? */ - PK11SlotInfo *slot = PK11_GetInternalKeySlot(); + PK11SlotInfo *slot = PK11_GetInternalKeySlot(); secuPWData accessPassword = { PW_NONE, 0 }; KeyType keytype = rsaKey; SECOidTag hashAlgTag = SEC_OID_UNKNOWN; PRBool doCert = certfile != NULL; - int rv; + int rv; outFile = PR_Open(certreqfile, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660); - if (!outFile) { - PR_fprintf(PR_STDERR, - "%s -o: unable to open \"%s\" for writing (%ld, %ld)\n", - progName, certreqfile, - PR_GetError(), PR_GetOSError()); - return 255; - } + if (!outFile) { + PR_fprintf(PR_STDERR, + "%s -o: unable to open \"%s\" for writing (%ld, %ld)\n", + progName, certreqfile, + PR_GetError(), PR_GetOSError()); + return 255; + } printf("Opened %s for writing\n", certreqfile); - if (access_pwd_file) { - accessPassword.source = PW_FROMFILE; - accessPassword.data = (char *)access_pwd_file; + if (access_pwd_file) { + accessPassword.source = PW_FROMFILE; + accessPassword.data = (char *)access_pwd_file; } - privkey = GenerateRSAPrivateKey(keytype, slot, - keysize, 65537L, (char *)noisefile, &pubkey, &accessPassword); - - if (!privkey) { - PR_fprintf(PR_STDERR, - "%s Keypair generation failed: \"%d\"\n", - progName, PORT_GetError()); - rv = 255; - goto shutdown; - } - PR_fprintf(PR_STDOUT, "%s Got a key\n", progName); + privkey = GenerateRSAPrivateKey(keytype, slot, + keysize, 65537L, (char *)noisefile, &pubkey, &accessPassword); + + if (!privkey) { + PR_fprintf(PR_STDERR, + "%s Keypair generation failed: \"%d\"\n", + progName, PORT_GetError()); + rv = 255; + goto shutdown; + } + PR_fprintf(PR_STDOUT, "%s Got a key\n", progName); /* * Certificate request */ - subject = CERT_AsciiToName((char *)subjectstr); - if (!subject) { - PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n", - progName, subjectstr); - rv = 255; - goto shutdown; - } - - hashAlgTag = SEC_OID_MD5; - - /* Make a cert request */ - rv = CertReq(privkey, pubkey, rsaKey, hashAlgTag, subject, - NULL, /* PhoneNumber */ - ascii, /* ASCIIForIO */ - NULL, /* ExtendedEmailAddrs */ - NULL, /* ExtendedDNSNames */ - nullextnlist, /* certutil_extns */ - outFile); + subject = CERT_AsciiToName((char *)subjectstr); + if (!subject) { + PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n", + progName, subjectstr); + rv = 255; + goto shutdown; + } - PR_Close(outFile); - if (rv) { - PR_fprintf(PR_STDERR, "%s CertReq failed: \"%d\"\n", - progName, PORT_GetError()); - rv = 255; - goto shutdown; - } + hashAlgTag = SEC_OID_MD5; + + /* Make a cert request */ + rv = CertReq(privkey, pubkey, rsaKey, hashAlgTag, subject, + NULL, /* PhoneNumber */ + ascii, /* ASCIIForIO */ + NULL, /* ExtendedEmailAddrs */ + NULL, /* ExtendedDNSNames */ + nullextnlist, /* certutil_extns */ + outFile); + + PR_Close(outFile); + if (rv) { + PR_fprintf(PR_STDERR, "%s CertReq failed: \"%d\"\n", + progName, PORT_GetError()); + rv = 255; + goto shutdown; + } - PR_fprintf(PR_STDOUT, "%s Made a cert request\n", progName); - if (doCert) { - - /* If making a cert, we already have a cert request file. - * without any extensions, load it with any command line extensions - * and output the cert to other file. Delete the request file. - */ - PRFileDesc *inFile = NULL; - unsigned int serialNumber; - - /* Make a default serial number from the current time. */ - PRTime now = PR_Now(); - LL_USHR(now, now, 19); - LL_L2UI(serialNumber, now); - - privkey->wincx = &accessPassword; - PR_Close(outFile); - - inFile = PR_Open(certreqfile, PR_RDONLY, 0); - assert(inFile); - if (!inFile) { - PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld) for reading.\n", - certreqfile, PR_GetError(), PR_GetOSError()); - rv = SECFailure; - goto shutdown; - } - - outFile = PR_Open(certfile, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660); - - if (!outFile) { - PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n", - certfile, PR_GetError(), PR_GetOSError()); - rv = SECFailure; - goto shutdown; - } - - /* Create a certificate (-C or -S). */ - - /* issuerName == subject */ - rv = CreateCert(certHandle, - "tempnickname", inFile, outFile, - privkey, &accessPassword, hashAlgTag, - serialNumber, warpmonths, validityMonths, - NULL, NULL, ascii, PR_TRUE, NULL, - &cert); - /* - ExtendedEmailAddrs,ExtendedDNSNames, - ASCIIForIO,SelfSign,certutil_extns, thecert - */ - if (rv) { - PR_fprintf(PR_STDERR, "Failed to create certificate \"%s\" (%ld).\n", - outFile, PR_GetError()); - rv = SECFailure; - goto shutdown; - } - PR_fprintf(PR_STDOUT, "%s Created a cert\n", progName); - - /* Sanity check: Check cert validity against current time. */ - - /* XXX temporary hack for fips - must log in to get priv key */ - if (slot && PK11_NeedLogin(slot)) { - SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, &accessPassword); - if (newrv != SECSuccess) { - SECU_PrintError(progName, "could not authenticate to token %s.", - PK11_GetTokenName(slot)); - goto shutdown; - } - } - - /* Not sure we can validate yet */ - if (PR_FALSE) { - rv = ValidateCert(certHandle, - cert, - "tempnickname", - NULL, // ValidityTime, --> PR_Now - NULL, // Usage.arg, --> certificateUsageSSLServer - PR_TRUE, // VerifySig, - PR_TRUE, // DetailedInfo, - &accessPassword); - if (rv != SECSuccess && PR_GetError() == SEC_ERROR_INVALID_ARGS) { - SECU_PrintError(progName, "validation failed"); - goto shutdown; - } - } - } + PR_fprintf(PR_STDOUT, "%s Made a cert request\n", progName); + if (doCert) { + + /* If making a cert, we already have a cert request file. + * without any extensions, load it with any command line extensions + * and output the cert to other file. Delete the request file. + */ + PRFileDesc *inFile = NULL; + unsigned int serialNumber; + + /* Make a default serial number from the current time. */ + PRTime now = PR_Now(); + LL_USHR(now, now, 19); + LL_L2UI(serialNumber, now); + + privkey->wincx = &accessPassword; + PR_Close(outFile); + + inFile = PR_Open(certreqfile, PR_RDONLY, 0); + assert(inFile); + if (!inFile) { + PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld) for reading.\n", + certreqfile, PR_GetError(), PR_GetOSError()); + rv = SECFailure; + goto shutdown; + } + + outFile = PR_Open(certfile, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660); + + if (!outFile) { + PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n", + certfile, PR_GetError(), PR_GetOSError()); + rv = SECFailure; + goto shutdown; + } + + /* Create a certificate (-C or -S). */ + + /* issuerName == subject */ + rv = CreateCert(certHandle, + "tempnickname", inFile, outFile, + privkey, &accessPassword, hashAlgTag, + serialNumber, warpmonths, validityMonths, + NULL, NULL, ascii, PR_TRUE, NULL, + &cert); + /* + ExtendedEmailAddrs,ExtendedDNSNames, + ASCIIForIO,SelfSign,certutil_extns, thecert + */ + if (rv) { + PR_fprintf(PR_STDERR, "Failed to create certificate \"%s\" (%ld).\n", + outFile, PR_GetError()); + rv = SECFailure; + goto shutdown; + } + PR_fprintf(PR_STDOUT, "%s Created a cert\n", progName); + + /* Sanity check: Check cert validity against current time. */ + + /* XXX temporary hack for fips - must log in to get priv key */ + if (slot && PK11_NeedLogin(slot)) { + SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, &accessPassword); + if (newrv != SECSuccess) { + SECU_PrintError(progName, "could not authenticate to token %s.", + PK11_GetTokenName(slot)); + goto shutdown; + } + } + + /* Not sure we can validate yet */ + if (PR_FALSE) { + rv = ValidateCert(certHandle, + cert, + "tempnickname", + NULL, // ValidityTime, --> PR_Now + NULL, // Usage.arg, --> certificateUsageSSLServer + PR_TRUE, // VerifySig, + PR_TRUE, // DetailedInfo, + &accessPassword); + if (rv != SECSuccess && PR_GetError() == SEC_ERROR_INVALID_ARGS) { + SECU_PrintError(progName, "validation failed"); + goto shutdown; + } + } + } /* If the caller wants the private key extract it and save it to a file. */ - if (keyoutfile) { - /* Two candidate tags to use: SEC_OID_DES_EDE3_CBC and - * SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC - */ - rv = KeyOut(keyoutfile, key_pwd_file, + if (keyoutfile) { + /* Two candidate tags to use: SEC_OID_DES_EDE3_CBC and + * SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC + */ + rv = KeyOut(keyoutfile, key_pwd_file, privkey, pubkey, SEC_OID_DES_EDE3_CBC, - &accessPassword, ascii); - if (rv != SECSuccess) { - SECU_PrintError(progName, "Failed to write the key"); - } else { - printf("%s Wrote the key to\n%s\n", progName, keyoutfile); - } - } + &accessPassword, ascii); + if (rv != SECSuccess) { + SECU_PrintError(progName, "Failed to write the key"); + } else { + printf("%s Wrote the key to\n%s\n", progName, keyoutfile); + } + } shutdown: if (cert) { - CERT_DestroyCertificate(cert); + CERT_DestroyCertificate(cert); } if (keyOutFile) { PR_Close(keyOutFile); } - if (slot) { - PK11_FreeSlot(slot); - } + if (slot) { + PK11_FreeSlot(slot); + } if (privkey) { - SECKEY_DestroyPrivateKey(privkey); + SECKEY_DestroyPrivateKey(privkey); } if (pubkey) { - SECKEY_DestroyPublicKey(pubkey); + SECKEY_DestroyPublicKey(pubkey); } if (rv == SECSuccess) { - return 0; + return 0; } else { - return 255; + return 255; } } -/* $Id: keyutil.c,v 1.1 2008/05/01 01:06:25 emaldonado Exp $ */ +/* $Id: keyutil.c,v 1.2 2008/05/02 23:42:20 emaldonado Exp $ */ /* Key generation, encryption, and certificate utility code, based on * code from NSS's security utilities and the certutil application. @@ -1459,10 +1455,10 @@ int main(int argc, char **argv) { int optc, rv = 0; static const struct option options[] = { - { "command", required_argument, NULL, 'c'}, - { "subject", required_argument, NULL, 's'}, - { "gkeysize", required_argument, NULL, 'g'}, - { "validity", required_argument, NULL, 'v'}, + { "command", required_argument, NULL, 'c'}, + { "subject", required_argument, NULL, 's'}, + { "gkeysize", required_argument, NULL, 'g'}, + { "validity", required_argument, NULL, 'v'}, { "encpwdfile", required_argument, NULL, 'e' }, { "filepwdnss", required_argument, NULL, 'f' }, { "digest", required_argument, NULL, 'd' }, @@ -1477,8 +1473,8 @@ int main(int argc, char **argv) char *cmdstr = NULL; char *noisefile = NULL; int keysize = 1024; - int warpmonths = 0; - int validity_months = 24; + int warpmonths = 0; + int validity_months = 24; char *keyfile = NULL; char *outfile = NULL; char *subject = NULL; @@ -1497,15 +1493,15 @@ int main(int argc, char **argv) while ((optc = getopt_long(argc, argv, "ac:s:g:v:e:f:d:z:i:p:o:k:", options, NULL)) != -1) { switch (optc) { case 'a': - ascii = PR_TRUE; - break; + ascii = PR_TRUE; + break; case 'c': cmdstr = strdup(optarg); printf("cmdstr: %s\n", cmdstr); - if (strcmp(cmdstr, "importkey") == 0) { + if (strcmp(cmdstr, "importkey") == 0) { cmd = cmd_ImportKey; - printf("\ncmd_ImportKey\n"); - } else if (strcmp(cmdstr, "genreq") == 0) { + printf("\ncmd_ImportKey\n"); + } else if (strcmp(cmdstr, "genreq") == 0) { cmd = cmd_CertReq; printf("\ncmd_CertReq\n"); } else if (strcmp(cmdstr, "makecert") == 0) { @@ -1522,45 +1518,45 @@ int main(int argc, char **argv) printf("subject = %s\n", subject); break; case 'g': - keysize = atoi(optarg); - printf("keysize = %d bits\n", keysize); + keysize = atoi(optarg); + printf("keysize = %d bits\n", keysize); break; case 'v': - validity_months = atoi(optarg); - printf("valid for %d months\n", validity_months); - break; + validity_months = atoi(optarg); + printf("valid for %d months\n", validity_months); + break; case 'e': - key_pwd_file = strdup(optarg); - printf("key encryption password from = %s\n", key_pwd_file); - break; + key_pwd_file = strdup(optarg); + printf("key encryption password from = %s\n", key_pwd_file); + break; case 'f': - access_pwd_file = strdup(optarg); - printf("module access password from = %s\n", access_pwd_file); - break; + access_pwd_file = strdup(optarg); + printf("module access password from = %s\n", access_pwd_file); + break; case 'd': digestAlgorithm = strdup(optarg); printf("message digest %s\n", digestAlgorithm); break; case 'z': - noisefile = strdup(optarg); - printf("random seed from %s\n", noisefile); + noisefile = strdup(optarg); + printf("random seed from %s\n", noisefile); break; case 'i': - keyfile = strdup(optarg); - printf("will process a key from %s\n", keyfile); + keyfile = strdup(optarg); + printf("will process a key from %s\n", keyfile); break; case 'o': - /* could be req or cert */ - outfile = strdup(optarg); - printf("output will be written to %s\n", outfile); + /* could be req or cert */ + outfile = strdup(optarg); + printf("output will be written to %s\n", outfile); break; case 'k': - /* private key out in plaintext - side effect of req and cert */ - keyoutfile = strdup(optarg); - printf("output key written to %s\n", keyoutfile); - break; + /* private key out in plaintext - side effect of req and cert */ + keyoutfile = strdup(optarg); + printf("output key written to %s\n", keyoutfile); + break; default: - printf("Bad arguments\n"); + printf("Bad arguments\n"); Usage(progName); break; } @@ -1571,7 +1567,7 @@ int main(int argc, char **argv) status = NSS_NoDB_Init(NULL); if (status != SECSuccess ) { - printf("NSS initialization failed\n"); + printf("NSS initialization failed\n"); return EXIT_FAILURE; } initialized = PR_TRUE; @@ -1581,8 +1577,6 @@ int main(int argc, char **argv) switch (cmd) { case cmd_CertReq: - /* FIXME Remove when done debugging */ - printf("\ncmd_CertReq\n"); /* certfile NULL signals only the request is needed */ rv = keyutil_main(certHandle, noisefile, access_pwd_file, key_pwd_file, @@ -1590,19 +1584,18 @@ int main(int argc, char **argv) ascii, outfile, NULL, keyoutfile); break; case cmd_CreateNewCert: - printf("\ncmd_CreateNewCert\n"); - rv = keyutil_main(certHandle, + rv = keyutil_main(certHandle, noisefile, access_pwd_file, key_pwd_file, subject, keysize, warpmonths, validity_months, ascii, "tmprequest", outfile, keyoutfile); break; case cmd_ImportKey: - rv = ImportKey(certHandle, key_pwd_file, keyfile, PR_TRUE); - break; + rv = ImportKey(certHandle, key_pwd_file, keyfile, PR_TRUE); + break; default: - printf("\nEntered an inconsistent state, bailing out\n"); - rv = -1; - break; + printf("\nEntered an inconsistent state, bailing out\n"); + rv = -1; + break; } if ((initialized == PR_TRUE) && NSS_Shutdown() != SECSuccess) { diff --git a/keyutil.h b/keyutil.h index 99fbc18..b96717b 100755 --- a/keyutil.h +++ b/keyutil.h @@ -65,7 +65,7 @@ * ***** END LICENSE BLOCK ***** */ #ifndef _KEYUTIL_H -#define _KEYUTIL_H +#define _KEYUTIL_H #include "secutil.h" @@ -94,5 +94,5 @@ extern SECStatus AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, certutilExtnList extList); -#endif /* _KEYUTIL_H */ +#endif /* _KEYUTIL_H */ diff --git a/pemutil.c b/pemutil.c index fa90ab8..2672ab1 100755 --- a/pemutil.c +++ b/pemutil.c @@ -85,7 +85,7 @@ */ extern CERTCertificate * __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, - char *nickname, PRBool isperm, PRBool copyDER); + char *nickname, PRBool isperm, PRBool copyDER); #define CERT_NewTempCertificate __CERT_NewTempCertificate @@ -109,13 +109,13 @@ static SECStatus FileToItem(SECItem *dst, PRFileDesc *src) prStatus = PR_GetOpenFileInfo(src, &info); if (prStatus != PR_SUCCESS) { - return SECFailure; + return SECFailure; } /* XXX workaround for 3.1, not all utils zero dst before sending */ dst->data = 0; if (!SECITEM_AllocItem(NULL, dst, info.size)) - goto loser; + goto loser; numBytes = PR_Read(src, dst->data, info.size); if (numBytes != info.size) @@ -135,52 +135,52 @@ static SECStatus ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii) { SECStatus rv; if (ascii) { - /* First convert ascii to binary */ - SECItem filedata; - char *asc, *body; - - /* Read in ascii data */ - rv = FileToItem(&filedata, inFile); - asc = (char *)filedata.data; - if (!asc) { - return SECFailure; - } - - /* check for headers and trailers and remove them */ - if ((body = strstr(asc, "-----BEGIN")) != NULL) { - char *trailer = NULL; - asc = body; - body = PORT_Strchr(body, '\n'); - if (!body) - body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */ - if (body) - trailer = strstr(++body, "-----END"); - if (trailer != NULL) { - *trailer = '\0'; - } else { - /*printf("input has header but no trailer\n");*/ - PORT_Free(filedata.data); - return SECFailure; - } - } else { - body = asc; - } - - /* Convert to binary */ - rv = ATOB_ConvertAsciiToItem(der, body); - if (rv) { - /* printf("ATOB_ConvertAsciiToItem failed\n");*/ - PORT_Free(filedata.data); - return SECFailure; - } - - PORT_Free(filedata.data); + /* First convert ascii to binary */ + SECItem filedata; + char *asc, *body; + + /* Read in ascii data */ + rv = FileToItem(&filedata, inFile); + asc = (char *)filedata.data; + if (!asc) { + return SECFailure; + } + + /* check for headers and trailers and remove them */ + if ((body = strstr(asc, "-----BEGIN")) != NULL) { + char *trailer = NULL; + asc = body; + body = PORT_Strchr(body, '\n'); + if (!body) + body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */ + if (body) + trailer = strstr(++body, "-----END"); + if (trailer != NULL) { + *trailer = '\0'; + } else { + /*printf("input has header but no trailer\n");*/ + PORT_Free(filedata.data); + return SECFailure; + } + } else { + body = asc; + } + + /* Convert to binary */ + rv = ATOB_ConvertAsciiToItem(der, body); + if (rv) { + /* printf("ATOB_ConvertAsciiToItem failed\n");*/ + PORT_Free(filedata.data); + return SECFailure; + } + + PORT_Free(filedata.data); } else { - /* Read in binary der */ - rv = FileToItem(der, inFile); - if (rv) { - return SECFailure; - } + /* Read in binary der */ + rv = FileToItem(der, inFile); + if (rv) { + return SECFailure; + } } return SECSuccess; } @@ -202,11 +202,11 @@ PEMUTIL_PEM_read_X509(const char *filename) /* Read in a DER from a file, it is ascii */ if (SECSuccess != ReadDERFromFile(&derCert, fd, PR_TRUE)) - goto cleanup; + goto cleanup; /* create a temporary cert in the database */ cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), - &derCert, NULL, PR_FALSE, PR_FALSE); + &derCert, NULL, PR_FALSE, PR_FALSE); /* noNickname, notPerm, noCopy */ cleanup: if (fd) PR_Close(fd); diff --git a/secerror.c b/secerror.c index 0cb8324..71a9687 100755 --- a/secerror.c +++ b/secerror.c @@ -36,7 +36,7 @@ #include struct tuple_str { - PRErrorCode errNum; + PRErrorCode errNum; const char * errString; }; @@ -89,12 +89,12 @@ SECU_Strerror(PRErrorCode errNum) { } lastNum = num; } - initDone = 1; + initDone = 1; } /* Do binary search of table. */ while (low + 1 < high) { - i = (low + high) / 2; + i = (low + high) / 2; num = errStrings[i].errNum; if (errNum == num) return errStrings[i].errString; diff --git a/secutil.c b/secutil.c index 891bf0c..6e0e1e0 100755 --- a/secutil.c +++ b/secutil.c @@ -123,26 +123,26 @@ SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...) fprintf(out, "%s: ", progName); vfprintf(out, msg, args); if (errString != NULL && PORT_Strlen(errString) > 0) - fprintf(out, ": %s\n", errString); + fprintf(out, ": %s\n", errString); else - fprintf(out, ": error %d\n", (int)err); + fprintf(out, ": error %d\n", (int)err); va_end(args); } void SECU_PrintError(char *progName, char *msg, ...) { - SECU_PrintErrMsg(stderr, 0, progName, msg); + SECU_PrintErrMsg(stderr, 0, progName, msg); } -#define INDENT_MULT 4 +#define INDENT_MULT 4 void SECU_Indent(FILE *out, int level) { int i; for (i = 0; i < level; i++) { - fprintf(out, " "); + fprintf(out, " "); } } @@ -162,25 +162,25 @@ SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level) unsigned int limit = 15; if ( m ) { - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - level++; + SECU_Indent(out, level); fprintf(out, "%s:\n", m); + level++; } SECU_Indent(out, level); column = level*INDENT_MULT; if (!data->len) { - fprintf(out, "(empty)\n"); - return; + fprintf(out, "(empty)\n"); + return; } /* take a pass to see if it's all printable. */ for (i = 0; i < data->len; i++) { - unsigned char val = data->data[i]; + unsigned char val = data->data[i]; if (!val || !isprint(val)) { - isString = PR_FALSE; - break; - } - if (isWhiteSpace && !isspace(val)) { - isWhiteSpace = PR_FALSE; - } + isString = PR_FALSE; + break; + } + if (isWhiteSpace && !isspace(val)) { + isWhiteSpace = PR_FALSE; + } } /* Short values, such as bit strings (which are printed with this @@ -191,46 +191,46 @@ SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level) */ if (!isString || data->len <= 4) { for (i = 0; i < data->len; i++) { - if (i != data->len - 1) { - fprintf(out, "%02x:", data->data[i]); - column += 3; - } else { - fprintf(out, "%02x", data->data[i]); - column += 2; - break; - } - if (column > 76 || (i % 16 == limit)) { - secu_Newline(out); - SECU_Indent(out, level); - column = level*INDENT_MULT; - limit = i % 16; - } + if (i != data->len - 1) { + fprintf(out, "%02x:", data->data[i]); + column += 3; + } else { + fprintf(out, "%02x", data->data[i]); + column += 2; + break; + } + if (column > 76 || (i % 16 == limit)) { + secu_Newline(out); + SECU_Indent(out, level); + column = level*INDENT_MULT; + limit = i % 16; + } } printedHex = PR_TRUE; } if (isString && !isWhiteSpace) { - if (printedHex != PR_FALSE) { - secu_Newline(out); - SECU_Indent(out, level); column = level*INDENT_MULT; - } - for (i = 0; i < data->len; i++) { - unsigned char val = data->data[i]; - - if (val) { - fprintf(out,"%c",val); - column++; - } else { - column = 77; - } - if (column > 76) { - secu_Newline(out); - SECU_Indent(out, level); column = level*INDENT_MULT; - } - } + if (printedHex != PR_FALSE) { + secu_Newline(out); + SECU_Indent(out, level); column = level*INDENT_MULT; } - + for (i = 0; i < data->len; i++) { + unsigned char val = data->data[i]; + + if (val) { + fprintf(out,"%c",val); + column++; + } else { + column = 77; + } + if (column > 76) { + secu_Newline(out); + SECU_Indent(out, level); column = level*INDENT_MULT; + } + } + } + if (column != level*INDENT_MULT) { - secu_Newline(out); + secu_Newline(out); } } @@ -243,21 +243,21 @@ SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level) oiddata = SECOID_FindOID(oid); if (oiddata != NULL) { - const char *name = oiddata->desc; - SECU_Indent(out, level); - if (m != NULL) - fprintf(out, "%s: ", m); - fprintf(out, "%s\n", name); - return oiddata->offset; + const char *name = oiddata->desc; + SECU_Indent(out, level); + if (m != NULL) + fprintf(out, "%s: ", m); + fprintf(out, "%s\n", name); + return oiddata->offset; } oidString = CERT_GetOidString(oid); if (oidString) { - SECU_Indent(out, level); - if (m != NULL) - fprintf(out, "%s: ", m); - fprintf(out, "%s\n", oidString); - PR_smprintf_free(oidString); - return SEC_OID_UNKNOWN; + SECU_Indent(out, level); + if (m != NULL) + fprintf(out, "%s: ", m); + fprintf(out, "%s\n", oidString); + PR_smprintf_free(oidString); + return SEC_OID_UNKNOWN; } SECU_PrintAsHex(out, oid, m, level); return SEC_OID_UNKNOWN; @@ -287,29 +287,29 @@ secu_StdinToItem(SECItem *dst) dst->data = NULL; while (notDone) { - numBytes = PR_Read(PR_STDIN, buf, sizeof(buf)); + numBytes = PR_Read(PR_STDIN, buf, sizeof(buf)); - if (numBytes < 0) { - return SECFailure; - } + if (numBytes < 0) { + return SECFailure; + } - if (numBytes == 0) - break; + if (numBytes == 0) + break; - if (dst->data) { - unsigned char * p = dst->data; - dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes); - if (!dst->data) { - PORT_Free(p); - } - } else { - dst->data = (unsigned char*)PORT_Alloc(numBytes); - } - if (!dst->data) { - return SECFailure; - } - PORT_Memcpy(dst->data + dst->len, buf, numBytes); - dst->len += numBytes; + if (dst->data) { + unsigned char * p = dst->data; + dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes); + if (!dst->data) { + PORT_Free(p); + } + } else { + dst->data = (unsigned char*)PORT_Alloc(numBytes); + } + if (!dst->data) { + return SECFailure; + } + PORT_Memcpy(dst->data + dst->len, buf, numBytes); + dst->len += numBytes; } return SECSuccess; @@ -323,24 +323,24 @@ SECU_FileToItem(SECItem *dst, PRFileDesc *src) PRStatus prStatus; if (src == PR_STDIN) - return secu_StdinToItem(dst); + return secu_StdinToItem(dst); prStatus = PR_GetOpenFileInfo(src, &info); if (prStatus != PR_SUCCESS) { - PORT_SetError(SEC_ERROR_IO); - return SECFailure; + PORT_SetError(SEC_ERROR_IO); + return SECFailure; } /* XXX workaround for 3.1, not all utils zero dst before sending */ dst->data = 0; if (!SECITEM_AllocItem(NULL, dst, info.size)) - goto loser; + goto loser; numBytes = PR_Read(src, dst->data, info.size); if (numBytes != info.size) { - PORT_SetError(SEC_ERROR_IO); - goto loser; + PORT_SetError(SEC_ERROR_IO); + goto loser; } return SECSuccess; @@ -355,56 +355,56 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii) { SECStatus rv; if (ascii) { - /* First convert ascii to binary */ - SECItem filedata; - char *asc, *body; + /* First convert ascii to binary */ + SECItem filedata; + char *asc, *body; - /* Read in ascii data */ - rv = SECU_FileToItem(&filedata, inFile); - asc = (char *)filedata.data; - if (!asc) { - fprintf(stderr, "unable to read data from input file\n"); - return SECFailure; - } + /* Read in ascii data */ + rv = SECU_FileToItem(&filedata, inFile); + asc = (char *)filedata.data; + if (!asc) { + fprintf(stderr, "unable to read data from input file\n"); + return SECFailure; + } - /* check for headers and trailers and remove them */ - if ((body = strstr(asc, "-----BEGIN")) != NULL) { - char *trailer = NULL; - asc = body; - body = PORT_Strchr(body, '\n'); - if (!body) - body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */ - if (body) - trailer = strstr(++body, "-----END"); - if (trailer != NULL) { - *trailer = '\0'; - } else { - fprintf(stderr, "input has header but no trailer\n"); - PORT_Free(filedata.data); - return SECFailure; - } - } else { - body = asc; - } - - /* Convert to binary */ - rv = ATOB_ConvertAsciiToItem(der, body); - if (rv) { - fprintf(stderr, "error converting ascii to binary (%d)\n", - PORT_GetError()); - PORT_Free(filedata.data); - return SECFailure; - } - - PORT_Free(filedata.data); + /* check for headers and trailers and remove them */ + if ((body = strstr(asc, "-----BEGIN")) != NULL) { + char *trailer = NULL; + asc = body; + body = PORT_Strchr(body, '\n'); + if (!body) + body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */ + if (body) + trailer = strstr(++body, "-----END"); + if (trailer != NULL) { + *trailer = '\0'; + } else { + fprintf(stderr, "input has header but no trailer\n"); + PORT_Free(filedata.data); + return SECFailure; + } } else { - /* Read in binary der */ - rv = SECU_FileToItem(der, inFile); - if (rv) { - fprintf(stderr, "error converting der (%d)\n", - PORT_GetError()); - return SECFailure; - } + body = asc; + } + + /* Convert to binary */ + rv = ATOB_ConvertAsciiToItem(der, body); + if (rv) { + fprintf(stderr, "error converting ascii to binary (%d)\n", + PORT_GetError()); + PORT_Free(filedata.data); + return SECFailure; + } + + PORT_Free(filedata.data); + } else { + /* Read in binary der */ + rv = SECU_FileToItem(der, inFile); + if (rv) { + fprintf(stderr, "error converting der (%d)\n", + PORT_GetError()); + return SECFailure; + } } return SECSuccess; } @@ -440,12 +440,12 @@ void SECU_SECItemToHex(const SECItem * item, char * dst) { if (dst && item && item->data) { - unsigned char * src = item->data; - unsigned int len = item->len; - for (; len > 0; --len, dst += 2) { - sprintf(dst, "%02x", *src++); - } - *dst = '\0'; + unsigned char * src = item->data; + unsigned int len = item->len; + for (; len > 0; --len, dst += 2) { + sprintf(dst, "%02x", *src++); + } + *dst = '\0'; } } diff --git a/secutil.h b/secutil.h index 4b42207..2ac24d6 100755 --- a/secutil.h +++ b/secutil.h @@ -46,12 +46,12 @@ #include #include -#define SEC_CT_PRIVATE_KEY "private-key" -#define SEC_CT_PUBLIC_KEY "public-key" -#define SEC_CT_CERTIFICATE "certificate" -#define SEC_CT_CERTIFICATE_REQUEST "certificate-request" -#define SEC_CT_PKCS7 "pkcs7" -#define SEC_CT_CRL "crl" +#define SEC_CT_PRIVATE_KEY "private-key" +#define SEC_CT_PUBLIC_KEY "public-key" +#define SEC_CT_CERTIFICATE "certificate" +#define SEC_CT_CERTIFICATE_REQUEST "certificate-request" +#define SEC_CT_PKCS7 "pkcs7" +#define SEC_CT_CRL "crl" #define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----" #define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----" @@ -64,7 +64,7 @@ /* From libsec/pcertdb.c --- it's not declared in sec.h */ extern SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle, - SECItem *derCert, char *nickname, CERTCertTrust *trust); + SECItem *derCert, char *nickname, CERTCertTrust *trust); #ifdef SECUTIL_NEW @@ -76,10 +76,10 @@ typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level); typedef struct { enum { - PW_NONE = 0, - PW_FROMFILE = 1, - PW_PLAINTEXT = 2, - PW_EXTERNAL = 3 + PW_NONE = 0, + PW_FROMFILE = 1, + PW_PLAINTEXT = 2, + PW_EXTERNAL = 3 } source; char *data; } secuPWData; @@ -123,7 +123,7 @@ extern PRBool SEC_BlindCheckPassword(char *password); ** The password is then checked using "chkpw". */ extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg, - PRBool (*chkpw)(char *)); + PRBool (*chkpw)(char *)); char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg); @@ -165,9 +165,9 @@ extern char *SECU_ConfigDirectory(const char* base); */ extern int SECU_GetClientAuthData(void *arg, PRFileDesc *fd, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey); + struct CERTDistNamesStr *caNames, + struct CERTCertificateStr **pRetCert, + struct SECKEYPrivateKeyStr **pRetKey); /* print out an error message */ extern void SECU_PrintError(char *progName, char *msg, ...); @@ -182,15 +182,15 @@ extern const char * SECU_Strerror(PRErrorCode errNum); * failure at time == now */ extern void SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertificateUsage certUsage, void *pinArg, PRBool verbose); + CERTCertificate *cert, PRBool checksig, + SECCertificateUsage certUsage, void *pinArg, PRBool verbose); /* revalidate the cert and print information about cert verification * failure at specified time */ extern void SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage, - void *pinArg, PRBool verbose, PRTime datetime); + CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage, + void *pinArg, PRBool verbose, PRTime datetime); /* print out CERTVerifyLog info. */ extern void @@ -216,7 +216,7 @@ extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level) /* Print AlgorithmIdentifier symbolically */ extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, - int level); + int level); /* Print SECItem as hex */ extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level); @@ -237,7 +237,7 @@ extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level); * afterward; otherwise just print the formatted time string only. */ extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, - int level); + int level); /* * Format and print the UTC or Generalized Time "t". If the tag message @@ -259,7 +259,7 @@ int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname); /* Dump contents of cert req */ extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, - int level); + int level); /* Dump contents of certificate */ extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level); @@ -285,14 +285,14 @@ extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, /* Pretty-print any PKCS7 thing */ extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, - int level); + int level); /* Init PKCS11 stuff */ extern SECStatus SECU_PKCS11Init(PRBool readOnly); /* Dump contents of signed data */ extern int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, int level, - SECU_PPFunc inner); + SECU_PPFunc inner); /* Print cert data and its trust flags */ extern SECStatus SEC_PrintCertificateAndTrust(CERTCertificate *cert, @@ -312,7 +312,7 @@ extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value, char *msg, int level); extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions, - char *msg, int level); + char *msg, int level); extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level); @@ -347,12 +347,12 @@ extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl, ** MD5 hashing algorithm. This routine first computes a digital signature ** using SEC_SignData, then wraps it with an CERTSignedData and then der ** encodes the result. -** "arena" is the memory arena to use to allocate data from +** "arena" is the memory arena to use to allocate data from ** "sd" returned CERTSignedData -** "result" the final der encoded data (memory is allocated) -** "buf" the input data to sign -** "len" the amount of data to sign -** "pk" the private key to encrypt with +** "result" the final der encoded data (memory is allocated) +** "buf" the input data to sign +** "len" the amount of data to sign +** "pk" the private key to encrypt with */ extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd, unsigned char *buf, int len, @@ -436,7 +436,7 @@ typedef struct /* fill the "arg" and "activated" fields for each flag */ SECStatus SECU_ParseCommandLine(int argc, char **argv, char *progName, - const secuCommand *cmd); + const secuCommand *cmd); char * SECU_GetOptionArg(const secuCommand *cmd, int optionNum);