int main(int argc, char **argv) {
if (NSS_NoDB_Init(NULL) != SECSuccess) {
printf(" >>> NSS_NoDB_Init() failed.\n");
return 1;
}
PLArenaPool *arena;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) {
printf(">>> OUT OF MEMORY :(\n");
return 1;
}
check(arena, b641, s1, "b641-s1", false);
check(arena, b642, s1, "b642-s1", false);
check(arena, b643, s2, "b643-s2", false);
check(arena, b644, s2, "b644-s2", false);
// not in NSS trunk
//check(arena, b645, s2, "b645-s2", true);
//check(arena, b646, s2, "b646-s2", true);
PORT_FreeArena(arena, 0);
printf("!!! Done.\n");
return 0;
}
static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
{
if(NSS_IsInitialized())
return CURLE_OK;
if(cert_dir) {
SECStatus rv;
const bool use_sql = NSS_VersionCheck("3.12.0");
char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
if(!certpath)
return CURLE_OUT_OF_MEMORY;
infof(data, "Initializing NSS with certpath: %s\n", certpath);
rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
free(certpath);
if(rv == SECSuccess)
return CURLE_OK;
infof(data, "Unable to initialize NSS database\n");
}
infof(data, "Initializing NSS with certpath: none\n");
if(NSS_NoDB_Init(NULL) == SECSuccess)
return CURLE_OK;
infof(data, "Unable to initialize NSS\n");
return CURLE_SSL_CACERT_BADFILE;
}
int crypto_init(cert_policy *policy) {
SECStatus rv;
DBG("Initializing NSS ...");
if (NSS_IsInitialized()) {
app_has_NSS = 1;
/* we should save the app's password function */
PK11_SetPasswordFunc(password_passthrough);
DBG("... NSS is initialized");
return 0;
}
if (policy->nss_dir) {
/* initialize with read only databases */
DBG1("Initializing NSS ... database=%s", policy->nss_dir);
rv = NSS_Init(policy->nss_dir);
} else {
/* not database secified */
DBG("Initializing NSS ... with no db");
rv = NSS_NoDB_Init(NULL);
}
if (rv != SECSuccess) {
DBG1("NSS_Initialize failed: %s", SECU_Strerror(PR_GetError()));
return -1;
}
/* register a callback */
PK11_SetPasswordFunc(password_passthrough);
if (policy->ocsp_policy == OCSP_ON) {
CERT_EnableOCSPChecking(CERT_GetDefaultCertDB());
}
DBG("... NSS Complete");
return 0;
}
/*static*/ void
NSSTest::SetUpTestCase()
{
if (NSS_NoDB_Init(nullptr) != SECSuccess) {
abort();
}
}
gboolean
crypto_init (GError **error)
{
SECStatus ret;
if (initialized)
return TRUE;
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 1);
ret = NSS_NoDB_Init (NULL);
if (ret != SECSuccess) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_FAILED,
_("Failed to initialize the crypto engine: %d."),
PR_GetError ());
PR_Cleanup ();
return FALSE;
}
SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
initialized = TRUE;
return TRUE;
}
static
int runCmd(mainTestFn fnPointer,
int argc,
char **argv,
char *dbPath)
{
int retStat = 0;
/* Initialize NSPR and NSS. */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
/* if using databases, use NSS_Init and not NSS_NoDB_Init */
if (dbPath && PORT_Strlen(dbPath) != 0) {
if (NSS_Init(dbPath) != SECSuccess)
return SECFailure;
} else {
if (NSS_NoDB_Init(NULL) != 0)
return SECFailure;
}
retStat = fnPointer(argc, argv);
if (NSS_Shutdown() != SECSuccess) {
exit(1);
}
PR_Cleanup();
return retStat;
}
static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
{
#ifdef HAVE_NSS_INITCONTEXT
NSSInitParameters initparams;
if(nss_context != NULL)
return CURLE_OK;
memset((void *) &initparams, '\0', sizeof(initparams));
initparams.length = sizeof(initparams);
#else /* HAVE_NSS_INITCONTEXT */
SECStatus rv;
if(NSS_IsInitialized())
return CURLE_OK;
#endif
if(cert_dir) {
const bool use_sql = NSS_VersionCheck("3.12.0");
char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
if(!certpath)
return CURLE_OUT_OF_MEMORY;
infof(data, "Initializing NSS with certpath: %s\n", certpath);
#ifdef HAVE_NSS_INITCONTEXT
nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
free(certpath);
if(nss_context != NULL)
return CURLE_OK;
#else /* HAVE_NSS_INITCONTEXT */
rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
free(certpath);
if(rv == SECSuccess)
return CURLE_OK;
#endif
infof(data, "Unable to initialize NSS database\n");
}
infof(data, "Initializing NSS with certpath: none\n");
#ifdef HAVE_NSS_INITCONTEXT
nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
| NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
| NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
if(nss_context != NULL)
return CURLE_OK;
#else /* HAVE_NSS_INITCONTEXT */
if(NSS_NoDB_Init(NULL) == SECSuccess)
return CURLE_OK;
#endif
infof(data, "Unable to initialize NSS\n");
return CURLE_SSL_CACERT_BADFILE;
}
static void
ssl_nss_init_nss(void)
{
#if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR >= 14 )
SSLVersionRange supported, enabled;
#endif /* NSS >= 3.14 */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
NSS_NoDB_Init(".");
NSS_SetDomesticPolicy();
SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1);
SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 1);
SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_256_CBC_SHA, 1);
SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_RC4_128_SHA, 1);
SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 1);
SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 1);
SSL_CipherPrefSetDefault(SSL_RSA_WITH_RC4_128_SHA, 1);
SSL_CipherPrefSetDefault(TLS_RSA_WITH_AES_128_CBC_SHA, 1);
SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 1);
SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 1);
SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
#if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR >= 14 )
/* Get the ranges of supported and enabled SSL versions */
if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
(SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
purple_debug_info("nss", "TLS supported versions: "
"0x%04hx through 0x%04hx\n", supported.min, supported.max);
purple_debug_info("nss", "TLS versions allowed by default: "
"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
/* Make sure SSL 3.0 is disabled (it's old and everyone should be
using at least TLS 1.0 by now), and make sure all versions of TLS
supported by the local library are enabled (for some reason NSS
doesn't enable newer versions of TLS by default -- more context in
ticket #15909). */
if (enabled.min != SSL_LIBRARY_VERSION_TLS_1_0 || supported.max > enabled.max) {
enabled.max = supported.max;
if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
purple_debug_info("nss", "Changed allowed TLS versions to "
"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
} else {
purple_debug_error("nss", "Error setting allowed TLS versions to "
"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
}
}
}
#endif /* NSS >= 3.14 */
/** Disable OCSP Checking until we can make that use our HTTP & Proxy stuff */
CERT_EnableOCSPChecking(PR_FALSE);
_identity = PR_GetUniqueIdentity("Purple");
_nss_methods = PR_GetDefaultIOMethods();
}
/*static*/ void
NSSTest::SetUpTestCase()
{
if (NSS_NoDB_Init(nullptr) != SECSuccess) {
PR_Abort();
}
now = PR_Now();
oneDayBeforeNow = now - ONE_DAY;
oneDayAfterNow = now + ONE_DAY;
}
void ssl_init(void)
{
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
// https://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1234224
// This NSS function is not intended for use with SSL, which
// requires that the certificate and key database files be
// opened. Relates to whole non-verification of servers for now.
NSS_NoDB_Init(NULL);
NSS_SetDomesticPolicy();
initialized = TRUE;
}
int main(int argc, char **argv)
{
if (NSS_NoDB_Init(NULL) != SECSuccess) {
printf(" >>> NSS_NoDB_Init() failed.\n");
return 1;
}
if (argc < 3) {
printf(" >>> I need a DER encoded file to read and have to know what to do with it [decode, private]!\n");
return 1;
}
PRFileDesc* file = PR_Open(argv[1], PR_RDONLY, 0);
SECItem data = {0, NULL, 0};
if (SECU_ReadDERFromFile(&data, file, PR_FALSE, PR_FALSE) != SECSuccess) {
printf(" >>> SECU_ReadDERFromFile() failed.\n");
return 1;
}
PR_Close(file);
if (strcmp(argv[2], "decode") == 0) {
CERTCertificate *cert = CERT_DecodeCertFromPackage((char*)data.data, data.len);
if (cert){
printf(" >>> read cert!\n");
printf(" >>> SN: %s\n", cert->subjectName);
printf(" >>> IN: %s\n", cert->issuerName);
CERT_DestroyCertificate(cert);
} else {
printf(" >>> CERT_DecodeCertFromPackage failed.\n");
SECITEM_FreeItem(&data, PR_FALSE);
return 1;
}
}
if (argv[2] == "private") {
PK11SlotInfo* slot = PK11_GetInternalSlot();
if (!slot) {
printf(" >>> PK11_GetInternalSlot() failed.\n");
SECITEM_FreeItem(&data, PR_FALSE);
return 1;
}
SECKEYPrivateKey* privKey;
if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, &data, NULL, NULL, PR_FALSE, PR_FALSE, KU_ALL, &privKey, NULL) != SECSuccess) {
printf(" >>> PK11_ImportDERPrivateKeyInfoAndReturnKey() failed.\n");
SECITEM_FreeItem(&data, PR_FALSE);
return 1;
}
}
printf(" !!! Done.\n");
return 0;
}
int main(int argc, char **argv) {
test_utils = new MtransportTestUtils();
NSS_NoDB_Init(NULL);
NSS_SetDomesticPolicy();
::testing::InitGoogleTest(&argc, argv);
int result = RUN_ALL_TESTS();
delete test_utils;
return result;
}
/** Initialize NSS. NSS is initialized without DB and with
domnestic policy.
@return 1 on success, otherwise 0.
*/
static int init_nss(void) {
if ((NSS_NoDB_Init(NULL)!=SECSuccess) ||
(NSS_SetDomesticPolicy()!=SECSuccess)) {
print_nspr_error();
return 0;
}
SSL_ClearSessionCache();
return 1;
}
static CURLcode init_nss(struct SessionHandle *data)
{
char *cert_dir;
struct_stat st;
if(initialized)
return CURLE_OK;
/* First we check if $SSL_DIR points to a valid dir */
cert_dir = getenv("SSL_DIR");
if(cert_dir) {
if((stat(cert_dir, &st) != 0) ||
(!S_ISDIR(st.st_mode))) {
cert_dir = NULL;
}
}
/* Now we check if the default location is a valid dir */
if(!cert_dir) {
if((stat(SSL_DIR, &st) == 0) &&
(S_ISDIR(st.st_mode))) {
cert_dir = (char *)SSL_DIR;
}
}
if(!NSS_IsInitialized()) {
SECStatus rv;
initialized = 1;
infof(data, "Initializing NSS with certpath: %s\n",
cert_dir ? cert_dir : "none");
if(!cert_dir) {
rv = NSS_NoDB_Init(NULL);
}
else {
char *certpath =
PR_smprintf("%s%s", NSS_VersionCheck("3.12.0") ? "sql:" : "", cert_dir);
rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
PR_smprintf_free(certpath);
}
if(rv != SECSuccess) {
infof(data, "Unable to initialize NSS database\n");
initialized = 0;
return CURLE_SSL_CACERT_BADFILE;
}
}
if(num_enabled_ciphers() == 0)
NSS_SetDomesticPolicy();
return CURLE_OK;
}
int sxi_crypto_check_ver(struct sxi_logger *l)
{
const char *compile_ver = NSS_VERSION;
if (NSS_NoDB_Init("/") != SECSuccess) {
sxi_log_msg(l, "sxi_crypto_check_ver", SX_LOG_CRIT,
"Failed to initialize NSS: %d", PR_GetError());
return -1;
}
if(!NSS_VersionCheck(compile_ver)) {
sxi_log_msg(l, "crypto_check_ver", SX_LOG_CRIT, "NSS library version mismatch: compiled: %s, runtime: %s", compile_ver, NSS_GetVersion());
return -1;
}
return 0;
}
int do_hash(char *src, int src_size, char *dst, int algo)
{
SECStatus err;
NSS_NoDB_Init(NULL);
err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src,
src_size);
if (err == SECFailure) {
syslog(LOG_ERR, "%s: PK11_HashBuf() error; SECFailure = [%d]; "
"PORT_GetError() = [%d]\n", __FUNCTION__, SECFailure,
PORT_GetError());
err = -EINVAL;
goto out;
}
out:
return (int)err;
}
/**
* xmlSecNssAppInit:
* @config: the path to NSS database files.
*
* General crypto engine initialization. This function is used
* by XMLSec command line utility and called before
* @xmlSecInit function.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecNssAppInit(const char* config) {
SECStatus rv;
if(config) {
rv = NSS_InitReadWrite(config);
if(rv != SECSuccess) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"NSS_InitReadWrite",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"config=%s",
xmlSecErrorsSafeString(config));
return(-1);
}
} else {
rv = NSS_NoDB_Init(NULL);
if(rv != SECSuccess) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"NSS_NoDB_Init",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
/* configure PKCS11 */
PK11_ConfigurePKCS11("manufacturesID", "libraryDescription",
"tokenDescription", "privateTokenDescription",
"slotDescription", "privateSlotDescription",
"fipsSlotDescription", "fipsPrivateSlotDescription",
0, 0);
/* setup for PKCS12 */
PORT_SetUCS2_ASCIIConversionFunction(xmlSecNssAppAscii2UCS2Conv);
SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
return(0);
}
int
main(int argc, char *argv[])
{
qb_list_init (&msg_log_head);
qb_list_init (&config_chg_log_head);
if (NSS_NoDB_Init(".") != SECSuccess) {
qb_log(LOG_ERR, "Couldn't initialize nss");
exit (0);
}
if ((sha1_context = PK11_CreateDigestContext(SEC_OID_SHA1)) == NULL) {
qb_log(LOG_ERR, "Couldn't initialize nss");
exit (0);
}
return test_agent_run ("cpg_test_agent", 9034, do_command, my_pre_exit);
}
void * tls_init(const struct tls_config *conf) {
char *dir;
tls_nss_ref_count++;
if (tls_nss_ref_count > 1)
return (void *) 1;
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
nss_layer_id = PR_GetUniqueIdentity("wpa_supplicant");
PK11_SetPasswordFunc(nss_password_cb);
dir = getenv("SSL_DIR");
if (dir) {
if (NSS_Init(dir) != SECSuccess) {
wpa_printf(MSG_ERROR, "NSS: NSS_Init(cert_dir=%s) "
"failed", dir);
return NULL;
}
} else {
if (NSS_NoDB_Init(NULL) != SECSuccess) {
wpa_printf(MSG_ERROR, "NSS: NSS_NoDB_Init(NULL) "
"failed");
return NULL;
}
}
if (SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, PR_FALSE) !=
SECSuccess ||
SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_FALSE) != SECSuccess ||
SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE) != SECSuccess ||
SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE) != SECSuccess) {
wpa_printf(MSG_ERROR, "NSS: SSL_OptionSetDefault failed");
return NULL;
}
if (NSS_SetDomesticPolicy() != SECSuccess) {
wpa_printf(MSG_ERROR, "NSS: NSS_SetDomesticPolicy() failed");
return NULL;
}
return (void *) 1;
}
void MozillaRenderer::initialize(void)
{
// Initialize NSPR and NSS
PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
if (NSS_InitReadWrite(NULL) == SECFailure)
{
if (NSS_NoDB_Init(NULL) == SECFailure)
{
#ifdef DEBUG
cout << "MozillaRenderer::ctor: couldn't initialize NSS" << endl;
#endif
}
}
NSS_SetDomesticPolicy();
SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_TRUE);
SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE);
SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE);
SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, PR_TRUE);
}
static int init_nss_db(knet_handle_t knet_h)
{
struct nsscrypto_instance *instance = knet_h->crypto_instance->model_instance;
int err = 0;
if ((!cipher_to_nss[instance->crypto_cipher_type]) &&
(!hash_to_nss[instance->crypto_hash_type])) {
return 0;
}
err = pthread_mutex_lock(&nssdbinit_mutex);
if (err) {
log_err(knet_h, KNET_SUB_NSSCRYPTO, "NSS DB unable to get mutex lock (%d)", err);
return -1;
}
if (nssdbinit_done) {
err = 0;
goto out_unlock;
}
PR_Init(PR_USER_THREAD, PR_PRIORITY_URGENT, 0);
if (NSS_NoDB_Init(".") != SECSuccess) {
log_err(knet_h, KNET_SUB_NSSCRYPTO, "NSS DB initialization failed (err %d)",
PR_GetError());
err = -1;
goto out_unlock;
}
if (atexit(&nss_atexit_handler) != 0) {
log_err(knet_h, KNET_SUB_NSSCRYPTO, "NSS DB unable to register atexit handler");
err = -1;
goto out_unlock;
}
nssdbinit_done = 1;
out_unlock:
pthread_mutex_unlock(&nssdbinit_mutex);
return err;
}
int nspr_nss_init(void)
{
SECStatus sret;
/* nothing to do */
if (nspr_nss_init_done == 1) return SECSuccess;
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
sret = NSS_NoDB_Init(NULL);
if (sret != SECSuccess) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Error initializing connection to NSS [%d]\n",
PR_GetError());
return EIO;
}
nspr_nss_init_done = 1;
return EOK;
}
int main(int argc, char **argv)
{
if (argc < 2) exit(1);
NSS_NoDB_Init(NULL);
/*************/
/* AES */
/*************/
if (strcmp(argv[1], "aes") == 0) {
/* argv[2]=kat argv[3]=gcm argv[4]=<test name>.rsp */
if (strcmp(argv[2], "kat") == 0) {
/* Known Answer Test (KAT) */
aes_gcm_kat(argv[4]);
}
}
NSS_Shutdown();
return 0;
}
void sipe_core_init(void)
{
srand(time(NULL));
sip_sec_init();
#ifdef ENABLE_NLS
SIPE_DEBUG_INFO("bindtextdomain = %s",
bindtextdomain(PACKAGE_NAME, LOCALEDIR));
SIPE_DEBUG_INFO("bind_textdomain_codeset = %s",
bind_textdomain_codeset(PACKAGE_NAME, "UTF-8"));
textdomain(PACKAGE_NAME);
#endif
#ifdef HAVE_NSS
if (!NSS_IsInitialized()) {
NSS_NoDB_Init(".");
SIPE_DEBUG_INFO_NOFORMAT("NSS initialised");
}
#endif
#ifdef HAVE_GMIME
g_mime_init(0);
#endif
}
int do_hash(char *src, int src_size, char *dst, int algo)
{
#ifdef ENABLE_NSS
SECStatus err;
#else
gcry_md_hd_t hd;
gcry_error_t err = 0;
unsigned char * hash;
unsigned int mdlen;
#endif /* #ifdef ENABLE_NSS */
#ifdef ENABLE_NSS
NSS_NoDB_Init(NULL);
err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src,
src_size);
if (err == SECFailure) {
syslog(LOG_ERR, "%s: PK11_HashBuf() error; SECFailure = [%d]; "
"PORT_GetError() = [%d]\n", __FUNCTION__, SECFailure,
PORT_GetError());
err = -EINVAL;
goto out;
}
#else
err = gcry_md_open(&hd, algo, 0);
mdlen = gcry_md_get_algo_dlen(algo);
if (err) {
syslog(LOG_ERR, "Failed to open hash algo [%d]: "
"[%d]\n", algo, err);
goto out;
}
gcry_md_write(hd, src, src_size);
hash = gcry_md_read(hd, algo);
memcpy(dst, hash, mdlen);
gcry_md_close(hd);
#endif /* #ifdef ENABLE_NSS */
out:
return (int)err;
}
static
int
__pkcs11h_crypto_nss_initialize (
IN void * const global_data
) {
int ret = FALSE;
if (NSS_IsInitialized ()) {
*(int *)global_data = FALSE;
}
else {
if (NSS_NoDB_Init (NULL) != SECSuccess) {
goto cleanup;
}
*(int *)global_data = TRUE;
}
ret = TRUE;
cleanup:
return ret;
}
void*
WebRTCCall::State::WorkFunc(void* ptr)
{
nsRefPtr<State> self = static_cast<State*>(ptr);
NS_InitXPCOM2(nullptr, nullptr, nullptr);
NSS_NoDB_Init(nullptr);
NSS_SetDomesticPolicy();
nsresult rv;
rv = NS_GetCurrentThread(getter_AddRefs(self->mThread));
if (NS_FAILED(rv)) {
LOG("failed to get current thread\n");
return 0;
}
sipcc::IceConfiguration cfg;
self->mPeerConnection = sipcc::PeerConnectionImpl::CreatePeerConnection();
self->mPeerConnectionObserver = new PCObserver(self);
self->mPeerConnection->Initialize(*(self->mPeerConnectionObserver), nullptr, cfg, self->mThread.get());
self->mTimer = do_CreateInstance(NS_TIMER_CONTRACTID, &rv);
if (NS_FAILED(rv)) {
LOG("failed to create timer\n");
return 0;
}
self->mTimer->InitWithCallback(
self->mPeerConnectionObserver,
PR_MillisecondsToInterval(30),
nsITimer::TYPE_REPEATING_PRECISE);
while (self->mRunThread) { NS_ProcessNextEvent(nullptr, true); }
return nullptr;
}
void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
{
struct scd *conn = g_new0( struct scd, 1 );
conn->fd = proxy_connect( host, port, ssl_connected, conn );
conn->func = func;
conn->data = data;
if( conn->fd < 0 )
{
g_free( conn );
return( NULL );
}
if( !initialized )
{
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
NSS_NoDB_Init(NULL);
NSS_SetDomesticPolicy();
}
return( conn );
}
int main(int argc, char **argv)
{
int rv, ascii;
char *progName;
FILE *outFile;
PRFileDesc *inFile;
SECItem der, data;
char *typeTag;
PLOptState *optstate;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
ascii = 0;
inFile = 0;
outFile = 0;
typeTag = 0;
optstate = PL_CreateOptState(argc, argv, "at:i:o:");
while ( PL_GetNextOpt(optstate) == PL_OPT_OK ) {
switch (optstate->option) {
case '?':
Usage(progName);
break;
case 'a':
ascii = 1;
break;
case 'i':
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'o':
outFile = fopen(optstate->value, "w");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
return -1;
}
break;
case 't':
typeTag = strdup(optstate->value);
break;
}
}
PL_DestroyOptState(optstate);
if (!typeTag) Usage(progName);
if (!inFile) inFile = PR_STDIN;
if (!outFile) outFile = stdout;
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_NoDB_Init(NULL);
if (rv != SECSuccess) {
fprintf(stderr, "%s: NSS_NoDB_Init failed (%s)\n",
progName, SECU_Strerror(PORT_GetError()));
exit(1);
}
SECU_RegisterDynamicOids();
rv = SECU_ReadDERFromFile(&der, inFile, ascii, PR_FALSE);
if (rv != SECSuccess) {
fprintf(stderr, "%s: SECU_ReadDERFromFile failed\n", progName);
exit(1);
}
/* Data is untyped, using the specified type */
data.data = der.data;
data.len = der.len;
/* Pretty print it */
if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) {
rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0,
SECU_PrintCertificate);
} else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0) {
PRBool saveWrapeState = SECU_GetWrapEnabled();
SECU_EnableWrap(PR_FALSE);
rv = SECU_PrintSignedContent(outFile, &data, 0, 0,
SECU_PrintDumpDerIssuerAndSerial);
SECU_EnableWrap(saveWrapeState);
} else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) {
rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0,
SECU_PrintCertificateRequest);
} else if (PORT_Strcmp (typeTag, SEC_CT_CRL) == 0) {
rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl);
#ifdef HAVE_EPV_TEMPLATE
} else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) {
rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0);
#endif
} else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) {
rv = SECU_PrintSubjectPublicKeyInfo(outFile, &data, "Public Key", 0);
} else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0) {
rv = SECU_PrintPKCS7ContentInfo(outFile, &data,
"PKCS #7 Content Info", 0);
} else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0) {
rv = SECU_PrintDERName(outFile, &data, "Name", 0);
} else {
fprintf(stderr, "%s: don't know how to print out '%s' files\n",
progName, typeTag);
SECU_PrintAny(outFile, &data, "File contains", 0);
return -1;
}
if (inFile != PR_STDIN)
PR_Close(inFile);
PORT_Free(der.data);
if (rv) {
fprintf(stderr, "%s: problem converting data (%s)\n",
progName, SECU_Strerror(PORT_GetError()));
}
if (NSS_Shutdown() != SECSuccess) {
fprintf(stderr, "%s: NSS_Shutdown failed (%s)\n",
progName, SECU_Strerror(PORT_GetError()));
rv = SECFailure;
}
PR_Cleanup();
return rv;
}
int main(int argc, char **argv)
{
CERTCertDBHandle *certHandle;
PRFileDesc *inFile;
PRFileDesc *inCrlInitFile = NULL;
int generateCRL;
int modifyCRL;
int listCRL;
int importCRL;
int showFileCRL;
int deleteCRL;
int rv;
char *nickName;
char *url;
char *dbPrefix = "";
char *alg = NULL;
char *outFile = NULL;
char *slotName = NULL;
int ascii = 0;
int crlType;
PLOptState *optstate;
PLOptStatus status;
SECStatus secstatus;
PRInt32 decodeOptions = CRL_DECODE_DEFAULT_OPTIONS;
PRInt32 importOptions = CRL_IMPORT_DEFAULT_OPTIONS;
PRBool quiet = PR_FALSE;
PRBool test = PR_FALSE;
PRBool erase = PR_FALSE;
PRInt32 i = 0;
PRInt32 iterations = 1;
PRBool readonly = PR_FALSE;
secuPWData pwdata = { PW_NONE, 0 };
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
rv = 0;
deleteCRL = importCRL = listCRL = generateCRL = modifyCRL = showFileCRL = 0;
inFile = NULL;
nickName = url = NULL;
certHandle = NULL;
crlType = SEC_CRL_TYPE;
/*
* Parse command line arguments
*/
optstate = PL_CreateOptState(argc, argv, "sqBCDGILMSTEP:f:d:i:h:n:p:t:u:r:aZ:o:c:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
Usage(progName);
break;
case 'T':
test = PR_TRUE;
break;
case 'E':
erase = PR_TRUE;
break;
case 'B':
importOptions |= CRL_IMPORT_BYPASS_CHECKS;
break;
case 'G':
generateCRL = 1;
break;
case 'M':
modifyCRL = 1;
break;
case 'D':
deleteCRL = 1;
break;
case 'I':
importCRL = 1;
break;
case 'S':
showFileCRL = 1;
break;
case 'C':
case 'L':
listCRL = 1;
break;
case 'P':
dbPrefix = strdup(optstate->value);
break;
case 'Z':
alg = strdup(optstate->value);
break;
case 'a':
ascii = 1;
break;
case 'c':
inCrlInitFile = PR_Open(optstate->value, PR_RDONLY, 0);
if (!inCrlInitFile) {
PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
PL_DestroyOptState(optstate);
return -1;
}
break;
case 'd':
SECU_ConfigDirectory(optstate->value);
break;
case 'f':
pwdata.source = PW_FROMFILE;
pwdata.data = strdup(optstate->value);
break;
case 'h':
slotName = strdup(optstate->value);
break;
case 'i':
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
if (!inFile) {
PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
PL_DestroyOptState(optstate);
return -1;
}
break;
case 'n':
nickName = strdup(optstate->value);
break;
case 'o':
outFile = strdup(optstate->value);
break;
case 'p':
decodeOptions |= CRL_DECODE_SKIP_ENTRIES;
break;
case 'r': {
const char* str = optstate->value;
if (str && atoi(str)>0)
iterations = atoi(str);
}
break;
case 't': {
crlType = atoi(optstate->value);
if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) {
PR_fprintf(PR_STDERR, "%s: invalid crl type\n", progName);
PL_DestroyOptState(optstate);
return -1;
}
break;
case 'q':
quiet = PR_TRUE;
break;
case 'w':
pwdata.source = PW_PLAINTEXT;
pwdata.data = strdup(optstate->value);
break;
case 'u':
url = strdup(optstate->value);
break;
}
}
}
PL_DestroyOptState(optstate);
if (deleteCRL && !nickName) Usage (progName);
if (importCRL && !inFile) Usage (progName);
if (showFileCRL && !inFile) Usage (progName);
if ((generateCRL && !nickName) ||
(modifyCRL && !inFile && !nickName)) Usage (progName);
if (!(listCRL || deleteCRL || importCRL || showFileCRL || generateCRL ||
modifyCRL || test || erase)) Usage (progName);
if (listCRL || showFileCRL) {
readonly = PR_TRUE;
}
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
PK11_SetPasswordFunc(SECU_GetModulePassword);
if (showFileCRL) {
NSS_NoDB_Init(NULL);
}
else {
secstatus = NSS_Initialize(SECU_ConfigDirectory(NULL), dbPrefix, dbPrefix,
"secmod.db", readonly ? NSS_INIT_READONLY : 0);
if (secstatus != SECSuccess) {
SECU_PrintPRandOSError(progName);
return -1;
}
}
SECU_RegisterDynamicOids();
certHandle = CERT_GetDefaultCertDB();
if (certHandle == NULL) {
SECU_PrintError(progName, "unable to open the cert db");
/*ignoring return value of NSS_Shutdown() as code returns -1*/
(void) NSS_Shutdown();
return (-1);
}
CRLGEN_InitCrlGenParserLock();
for (i=0; i<iterations; i++) {
/* Read in the private key info */
if (deleteCRL)
DeleteCRL (certHandle, nickName, crlType);
else if (listCRL) {
rv = ListCRL (certHandle, nickName, crlType);
}
else if (importCRL) {
rv = ImportCRL (certHandle, url, crlType, inFile, importOptions,
decodeOptions, &pwdata);
}
else if (showFileCRL) {
rv = DumpCRL (inFile);
} else if (generateCRL || modifyCRL) {
if (!inCrlInitFile)
inCrlInitFile = PR_STDIN;
rv = GenerateCRL (certHandle, nickName, inCrlInitFile,
inFile, outFile, ascii, slotName,
importOptions, alg, quiet,
decodeOptions, url, &pwdata,
modifyCRL);
}
else if (erase) {
/* list and delete all CRLs */
ListCRLNames (certHandle, crlType, PR_TRUE);
}
#ifdef DEBUG
else if (test) {
/* list and delete all CRLs */
ListCRLNames (certHandle, crlType, PR_TRUE);
/* list CRLs */
ListCRLNames (certHandle, crlType, PR_FALSE);
/* import CRL as a blob */
rv = ImportCRL (certHandle, url, crlType, inFile, importOptions,
decodeOptions, &pwdata);
/* list CRLs */
ListCRLNames (certHandle, crlType, PR_FALSE);
}
#endif
}
CRLGEN_DestroyCrlGenParserLock();
if (NSS_Shutdown() != SECSuccess) {
rv = SECFailure;
}
return (rv != SECSuccess);
}
